From owner-freebsd-net@FreeBSD.ORG Sun Jan 16 01:47:08 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A83216A4CE for ; Sun, 16 Jan 2005 01:47:08 +0000 (GMT) Received: from deepblue.titoon.net (deepblue.titoon.net [62.4.22.208]) by mx1.FreeBSD.org (Postfix) with ESMTP id 015C743D45 for ; Sun, 16 Jan 2005 01:47:08 +0000 (GMT) (envelope-from julien@deepblue.titoon.net) Received: by deepblue.titoon.net (Postfix, from userid 1000) id 6089A1B620; Sun, 16 Jan 2005 02:47:06 +0100 (CET) Date: Sun, 16 Jan 2005 02:47:06 +0100 From: Julien Lesaint To: freebsd-net@freebsd.org Message-ID: <20050116014706.GD28728@titoon.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-PGP-Key: http://www2.titoon.net/pubkey.asc User-Agent: Mutt/1.5.6+20040907i Subject: ttl-exceeded sourced by arrival interface ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Jan 2005 01:47:08 -0000 Hi, This is a followup to the original post from James Jun, on Dec, 2003. http://lists.freebsd.org/mailman/htdig/freebsd-net/2003-December/002114.html Quick reminder: in the case the route to the packet's source is not the interface this packet arrived on, do we have a way to source ICMP errors (ttl-exceeded) with the original interface's IP address ? Currently the box is sending ttl-exceeded with the IP address of the interface the route to the sender is pointing at. No need to explain why such a feature would be useful - primarily for traceroute comprehension & routing troubleshooting, rather than for some cosmetic purposes. Regards, -- Julien Lesaint. From owner-freebsd-net@FreeBSD.ORG Sun Jan 16 02:45:06 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C21B16A4CF for ; Sun, 16 Jan 2005 02:45:06 +0000 (GMT) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 090D743D39 for ; Sun, 16 Jan 2005 02:45:06 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from [192.168.1.3] (pool-68-160-208-232.ny325.east.verizon.net [68.160.208.232]) by pi.codefab.com (8.12.11/8.12.11) with ESMTP id j0G2iv5U065962 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 15 Jan 2005 21:44:58 -0500 (EST) Message-ID: <41E9D59E.2040504@mac.com> Date: Sat, 15 Jan 2005 21:46:54 -0500 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041217 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Julien Lesaint References: <20050116014706.GD28728@titoon.net> In-Reply-To: <20050116014706.GD28728@titoon.net> X-Enigmail-Version: 0.90.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=1.9 required=5.5 tests=AWL,RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL autolearn=disabled version=3.0.1 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on pi.codefab.com cc: freebsd-net@freebsd.org Subject: Re: ttl-exceeded sourced by arrival interface ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Jan 2005 02:45:06 -0000 Julien Lesaint wrote: > Quick reminder: in the case the route to the packet's source is not the > interface this packet arrived on, do we have a way to source ICMP errors > (ttl-exceeded) with the original interface's IP address ? Yes. Use IPFW's fwd mechanism, or even set a host route for the source IP address pointing to whichever interface you please. > Currently the box is sending ttl-exceeded with the IP address of the > interface the route to the sender is pointing at. That's what the routing table is supposed to do, yes. -- -Chuck From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 02:17:14 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B18AE16A4CE for ; Mon, 17 Jan 2005 02:17:14 +0000 (GMT) Received: from relay02.pair.com (relay02.pair.com [209.68.5.16]) by mx1.FreeBSD.org (Postfix) with SMTP id 3818C43D1F for ; Mon, 17 Jan 2005 02:17:14 +0000 (GMT) (envelope-from silby@silby.com) Received: (qmail 14205 invoked from network); 17 Jan 2005 01:15:36 -0000 Received: from unknown (HELO localhost) (unknown) by unknown with SMTP; 17 Jan 2005 01:15:36 -0000 X-pair-Authenticated: 209.68.2.70 Date: Sun, 16 Jan 2005 19:15:35 -0600 (CST) From: Mike Silbersack To: Lars Erik Gullerud In-Reply-To: <20050111025252.L88996@electra.nolink.net> Message-ID: <20050116191002.W7264@odysseus.silby.com> References: <6.1.1.1.2.20050110103857.045a9a68@81.255.84.73> <20050111025252.L88996@electra.nolink.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: Len Conrad cc: freebsd-net@freebsd.org Subject: Re: buildup of Windows time_wait talking to fbsd 4.10 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 02:17:14 -0000 On Tue, 11 Jan 2005, Lars Erik Gullerud wrote: > You didn't mention what MTA you are using, so I don't know if this is a > similar (application-level) issue, or if it's FreeBSD 4.10 that causes some > additional delay before initiating a TCP CLOSE, but either way, this might be > the behaviour you are observing, in which case you will need to figure out > how to get the FreeBSD side to tear down the connection, or preferably you > should look at tuning some registry stuff on your Windows server - like > setting the MSL time (default 2 minutes) to a much lower value, and perhaps > upping the no. of max simultaneous connections. > > HTH, > > /leg An additional change which might help is to increase the number of ephemeral ports Windows will use. I think it uses 1024-5000 by default, you could up that to 1024-65535. I haven't tried the instructions listed here (and I don't know if they work on non-Server versions of windows), but they look useful: http://support.microsoft.com/default.aspx?scid=kb;en-us;812873 FWIW, when doing some benchmarking of apache vs thttpd a long while ago, I found results similar to Lars. When I used one program for benchmarking, the TIME_WAIT sockets would build up on the client side. When I used another program, the TIME_WAIT sockets built up on the server-side, and were subsequently recycled. We may have changed something in FreeBSD which changes timing and causes the TIME_WAIT state to shift between 4.7 and 4.10, but as it's probably timing related, I don't know if it's really something that can be "fixed". Anyway, it might still help if Len used tcpdump to capture a server-side TIME_WAIT from 4.7 and a client-side TIME_WAIT from 4.10 so that we can compare the difference. A dump from the server side should be fine for both cases. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 11:02:16 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7AEB716A52D for ; Mon, 17 Jan 2005 11:02:16 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 40F1C43D45 for ; Mon, 17 Jan 2005 11:02:16 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j0HB2GFO071201 for ; Mon, 17 Jan 2005 11:02:16 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j0HB2Fks071195 for freebsd-net@freebsd.org; Mon, 17 Jan 2005 11:02:15 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 17 Jan 2005 11:02:15 GMT Message-Id: <200501171102.j0HB2Fks071195@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 11:02:16 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2002/07/26] kern/41007 net overfull traffic on third and fourth adap 1 problem total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/07/11] kern/54383 net [nfs] [patch] NFS root configurations wit 1 problem total. From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 13:03:47 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 303EC16A4CE for ; Mon, 17 Jan 2005 13:03:47 +0000 (GMT) Received: from mx01.uunet.co.za (mx01.uunet.co.za [196.31.48.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id B1FAD43D1F for ; Mon, 17 Jan 2005 13:03:46 +0000 (GMT) (envelope-from gareth@uunet.co.za) Received: from [196.30.72.11] (helo=pixproxy.so.cpt1.za.uu.net) by mx01.uunet.co.za with esmtp (Exim 4.34; FreeBSD) id 1CqWXl-000AKj-HR for freebsd-net@freebsd.org; Mon, 17 Jan 2005 15:03:45 +0200 Received: from gabba.so.cpt1.za.uu.net (gabba.so.cpt1.za.uu.net [196.30.72.25]) by pixproxy.so.cpt1.za.uu.net (Postfix) with ESMTP id 5A6BF57AC for ; Mon, 17 Jan 2005 15:03:40 +0200 (SAST) Date: Mon, 17 Jan 2005 15:03:40 +0200 (SAST) From: Gareth Hopkins X-X-Sender: gareth@gabba.so.cpt1.za.uu.net To: freebsd-net@freebsd.org Message-ID: <20050117145500.A13742@gabba.so.cpt1.za.uu.net> X-Cell: +27 82 929 6668 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanner: Scanned By ClamAV X-Spam-Score: -4.9 (----) X-Scan-Signature: 5d4946c577e879e27e7f6e2d337d02ac Subject: Broadcom BCM5703 query X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 13:03:47 -0000 Howdie, I have two identical Dell 2650's. One is running 4.11 and the other is running 5.3 For some reason which I have been battling with for the past 4 hours, the 4.11 box will not pass more than 10MB/s of traffic. The 5.3 box passes between 30-40 MB/s. Both machines are connected to a Netapp Filer via a Cisco 2970 Gigabit switch. All duplex settings are correct. Just to make sure it was not the switch I connected the machines directly to the filer and got exactly the same results. I saw a post in the archives from September about something similar where moving data from a 5.3 machine to a 4.x machine was taking longer than usual. Has there been a fix for this or is there anyway to patch the 4.11 bge drivers with the properly working ones from 5.3 ? --- Gareth Hopkins Server Operations UUNET South Africa From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 14:22:48 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E47016A4CE for ; Mon, 17 Jan 2005 14:22:48 +0000 (GMT) Received: from deepblue.titoon.net (deepblue.titoon.net [62.4.22.208]) by mx1.FreeBSD.org (Postfix) with ESMTP id 05EA943D53 for ; Mon, 17 Jan 2005 14:22:48 +0000 (GMT) (envelope-from julien@deepblue.titoon.net) Received: by deepblue.titoon.net (Postfix, from userid 1000) id A16301B620; Mon, 17 Jan 2005 15:22:46 +0100 (CET) Date: Mon, 17 Jan 2005 15:22:46 +0100 From: Julien Lesaint To: Chuck Swiger Message-ID: <20050117142246.GA18374@titoon.net> References: <20050116014706.GD28728@titoon.net> <41E9D59E.2040504@mac.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <41E9D59E.2040504@mac.com> X-PGP-Key: http://www2.titoon.net/pubkey.asc User-Agent: Mutt/1.5.6+20040907i cc: freebsd-net@freebsd.org Subject: Re: ttl-exceeded sourced by arrival interface ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 14:22:48 -0000 On Sat, Jan 15, 2005 at 09:46:54PM -0500, Chuck Swiger wrote: > Julien Lesaint wrote: > >Quick reminder: in the case the route to the packet's source is not the > >interface this packet arrived on, do we have a way to source ICMP errors > >(ttl-exceeded) with the original interface's IP address ? > > Yes. Use IPFW's fwd mechanism, or even set a host route for the source IP > address pointing to whichever interface you please. I don't understand how this forward feature could help... Anyway I'm not using IPFW. Adding a route for each source IP is definitely not feasible. Maybe I wasn't clear enough so I repeat: I just want the FreeBSD box to send ICMP errors with the IP address of the interface the packet which generated this error, arrived on. Just like real routers... The "problem" only occurs in an assymetric routing context, i.e. the router which is generating the ICMP packet will not reply via the interface the original packet arrived on. > That's what the routing table is supposed to do, yes. This is the normal behavior in all situations but this one, yes... -- Julien Lesaint. From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 15:08:41 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E20BD16A4CE; Mon, 17 Jan 2005 15:08:41 +0000 (GMT) Received: from vbook.fbsd.ru (asplinux.ru [195.133.213.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2991E43D31; Mon, 17 Jan 2005 15:08:41 +0000 (GMT) (envelope-from vova@vbook.fbsd.ru) Received: from vova by vbook.fbsd.ru with local (Exim 4.43 (FreeBSD)) id 1CqYUh-0000sf-Hk; Mon, 17 Jan 2005 18:08:39 +0300 From: Vladimir Grebenschikov To: freebsd-net Content-Type: text/plain Content-Transfer-Encoding: 7bit Organization: SWsoft Date: Mon, 17 Jan 2005 18:08:38 +0300 Message-Id: <1105974518.1229.9.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.0.0FreeBSD GNOME Team Port Sender: Vladimir Grebenschikov Subject: Invalid 'route change' functioning X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: vova@fbsd.ru List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 15:08:42 -0000 Hi I am try to do following thing - configure another interface with same address on same broadcast segment (but wired) and then change route entry from one interface to another: # ifconfig iwi0 iwi0: flags=8843 mtu 1500 inet 192.168.1.111 netmask 0xfffffe00 broadcast 192.168.1.255 ether 00:0e:35:03:82:74 media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps) status: associated ... # netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.1.1 UGS 0 511183 iwi0 127.0.0.1 127.0.0.1 UH 1 626 lo0 192.168.0/23 link#3 UC 0 0 iwi0 192.168.1.111 127.0.0.1 UGHS 0 0 lo0 192.168.1.255 ff:ff:ff:ff:ff:ff UHLWb 0 1 iwi0 # All is ok so far, then configure same address on another interface (not wireless): # ifconfig fxp0 192.168.1.111/23 # ifconfig fxp0 fxp0: flags=8843 mtu 1500 options=8 inet 192.168.1.111 netmask 0xfffffe00 broadcast 192.168.1.255 ether 08:00:46:c8:45:b3 media: Ethernet autoselect (100baseTX ) status: active Ok, routing not changed, now I whant to change route entry 192.168.0/23 -> iwi0, to 192.168.0/23 -> fxp0 # route change 192.168.0/23 -iface fxp0 -cloning change net 192.168.0: gateway fxp0 # looks like ok, but: # netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.1.1 UGS 0 511317 iwi0 127.0.0.1 127.0.0.1 UH 1 661 lo0 192.168.0/23 link#3 UC 0 0 iwi0 192.168.1.111 127.0.0.1 UGHS 0 0 lo0 # nothing changed, delete + add works as expected: # route delete 192.168.0/23 && route add 192.168.0/23 -iface fxp0 -cloning delete net 192.168.0 add net 192.168.0: gateway fxp0 # netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.1.1 UGS 0 511336 iwi0 127.0.0.1 127.0.0.1 UH 1 663 lo0 192.168.0/23 link#1 UCS 0 0 fxp0 192.168.1.111 127.0.0.1 UGHS 0 0 lo0 # (default still goes through wireless, as expected) Any ideas what wrong with 'route change' ? -- Vladimir B. Grebenchikov vova@fbsd.ru From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 15:23:01 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 255A016A4CE for ; Mon, 17 Jan 2005 15:23:01 +0000 (GMT) Received: from mx0.metrocast.net (coltrane-mx.metrocast.net [65.175.128.144]) by mx1.FreeBSD.org (Postfix) with SMTP id 43BFD43D39 for ; Mon, 17 Jan 2005 15:23:00 +0000 (GMT) (envelope-from tenpin784@metrocast.net) Received: (qmail 7201 invoked from network); 17 Jan 2005 15:22:50 -0000 Received: from xwing.jbarbieri.net (HELO ?10.10.100.109?) (65.175.136.163) by coltrane-mx.metrocast.net with SMTP; 17 Jan 2005 15:22:50 -0000 Message-ID: <41EBD846.7040808@metrocast.net> Date: Mon, 17 Jan 2005 10:22:46 -0500 From: John Barbieri User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: vova@fbsd.ru References: <1105974518.1229.9.camel@localhost> In-Reply-To: <1105974518.1229.9.camel@localhost> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net Subject: Re: Invalid 'route change' functioning X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 15:23:01 -0000 Vladimir Grebenschikov wrote: >Hi > >I am try to do following thing - configure another interface with same >address on same broadcast segment (but wired) and then change route >entry from one interface to another: > > ># ifconfig iwi0 >iwi0: flags=8843 mtu 1500 > inet 192.168.1.111 netmask 0xfffffe00 broadcast 192.168.1.255 > ether 00:0e:35:03:82:74 > media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps) > status: associated > ... ># netstat -rn >Routing tables > >Internet: >Destination Gateway Flags Refs Use Netif Expire >default 192.168.1.1 UGS 0 511183 iwi0 >127.0.0.1 127.0.0.1 UH 1 626 lo0 >192.168.0/23 link#3 UC 0 0 iwi0 >192.168.1.111 127.0.0.1 UGHS 0 0 lo0 >192.168.1.255 ff:ff:ff:ff:ff:ff UHLWb 0 1 iwi0 ># > >All is ok so far, then configure same address on another interface (not wireless): > ># ifconfig fxp0 192.168.1.111/23 ># ifconfig fxp0 >fxp0: flags=8843 mtu 1500 > options=8 > inet 192.168.1.111 netmask 0xfffffe00 broadcast 192.168.1.255 > ether 08:00:46:c8:45:b3 > media: Ethernet autoselect (100baseTX ) > status: active > >Ok, routing not changed, now I whant to change route entry 192.168.0/23 -> iwi0, to 192.168.0/23 -> fxp0 > ># route change 192.168.0/23 -iface fxp0 -cloning >change net 192.168.0: gateway fxp0 ># > >looks like ok, but: > ># netstat -rn >Routing tables > >Internet: >Destination Gateway Flags Refs Use Netif Expire >default 192.168.1.1 UGS 0 511317 iwi0 >127.0.0.1 127.0.0.1 UH 1 661 lo0 >192.168.0/23 link#3 UC 0 0 iwi0 >192.168.1.111 127.0.0.1 UGHS 0 0 lo0 ># > >nothing changed, delete + add works as expected: > ># route delete 192.168.0/23 && route add 192.168.0/23 -iface fxp0 -cloning >delete net 192.168.0 >add net 192.168.0: gateway fxp0 ># netstat -rn >Routing tables > >Internet: >Destination Gateway Flags Refs Use Netif Expire >default 192.168.1.1 UGS 0 511336 iwi0 >127.0.0.1 127.0.0.1 UH 1 663 lo0 >192.168.0/23 link#1 UCS 0 0 fxp0 >192.168.1.111 127.0.0.1 UGHS 0 0 lo0 ># > >(default still goes through wireless, as expected) > >Any ideas what wrong with 'route change' ? > > > why not do route delete default, down the wireless, then route add default 192.168.1.1 (and maybe even throw in an interface tag at the same time to make sure) ive never really had luck with the change command, if i was on the same lan as the box, i always just delete the default and re-add it. just my 2 cents worth From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 15:40:29 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 78A8616A4CE for ; Mon, 17 Jan 2005 15:40:29 +0000 (GMT) Received: from vbook.fbsd.ru (asplinux.ru [195.133.213.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8A5B043D31 for ; Mon, 17 Jan 2005 15:40:28 +0000 (GMT) (envelope-from vova@vbook.fbsd.ru) Received: from vova by vbook.fbsd.ru with local (Exim 4.43 (FreeBSD)) id 1CqYzL-0000zh-7F; Mon, 17 Jan 2005 18:40:19 +0300 From: Vladimir Grebenschikov To: John Barbieri In-Reply-To: <41EBD846.7040808@metrocast.net> References: <1105974518.1229.9.camel@localhost> <41EBD846.7040808@metrocast.net> Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable Organization: SWsoft Date: Mon, 17 Jan 2005 18:40:18 +0300 Message-Id: <1105976418.1229.14.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.0.0FreeBSD GNOME Team Port Sender: Vladimir Grebenschikov cc: freebsd-net Subject: Re: Invalid 'route change' functioning X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: vova@fbsd.ru List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 15:40:29 -0000 =F7 =D0=CE, 17/01/2005 =D7 10:22 -0500, John Barbieri =D0=C9=DB=C5=D4: > Vladimir Grebenschikov wrote: >=20 > >Hi > > > >I am try to do following thing - configure another interface with same > >address on same broadcast segment (but wired) and then change route > >entry from one interface to another: > > > > > ># ifconfig iwi0 > >iwi0: flags=3D8843 mtu 1500 > > inet 192.168.1.111 netmask 0xfffffe00 broadcast 192.168.1.255 > > ether 00:0e:35:03:82:74 > > media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps) > > status: associated > > ... > ># netstat -rn > >Routing tables > > > >Internet: > >Destination Gateway Flags Refs Use Netif Expi= re > >default 192.168.1.1 UGS 0 511183 iwi0 > >127.0.0.1 127.0.0.1 UH 1 626 lo0 > >192.168.0/23 link#3 UC 0 0 iwi0 > >192.168.1.111 127.0.0.1 UGHS 0 0 lo0 > >192.168.1.255 ff:ff:ff:ff:ff:ff UHLWb 0 1 iwi0 > ># > > > >All is ok so far, then configure same address on another interface (not = wireless): > > > ># ifconfig fxp0 192.168.1.111/23 > ># ifconfig fxp0=20 > >fxp0: flags=3D8843 mtu 1500 > > options=3D8 > > inet 192.168.1.111 netmask 0xfffffe00 broadcast 192.168.1.255 > > ether 08:00:46:c8:45:b3 > > media: Ethernet autoselect (100baseTX ) > > status: active > > > >Ok, routing not changed, now I whant to change route entry 192.168.0/23 = -> iwi0, to 192.168.0/23 -> fxp0 > > > ># route change 192.168.0/23 -iface fxp0 -cloning=20 > >change net 192.168.0: gateway fxp0 > ># > > > >looks like ok, but: > > > ># netstat -rn > >Routing tables > > > >Internet: > >Destination Gateway Flags Refs Use Netif Expi= re > >default 192.168.1.1 UGS 0 511317 iwi0 > >127.0.0.1 127.0.0.1 UH 1 661 lo0 > >192.168.0/23 link#3 UC 0 0 iwi0 > >192.168.1.111 127.0.0.1 UGHS 0 0 lo0 > ># > > > >nothing changed, delete + add works as expected: > > > ># route delete 192.168.0/23 && route add 192.168.0/23 -iface fxp0 -cloni= ng > >delete net 192.168.0 > >add net 192.168.0: gateway fxp0 > ># netstat -rn > >Routing tables > > > >Internet: > >Destination Gateway Flags Refs Use Netif Expi= re > >default 192.168.1.1 UGS 0 511336 iwi0 > >127.0.0.1 127.0.0.1 UH 1 663 lo0 > >192.168.0/23 link#1 UCS 0 0 fxp0 > >192.168.1.111 127.0.0.1 UGHS 0 0 lo0 > ># > > > >(default still goes through wireless, as expected) > > > >Any ideas what wrong with 'route change' ?=20 > > > > =20 > > >=20 > why not do route delete default, down the wireless, then route add=20 > default 192.168.1.1 (and maybe even throw in an interface tag at the=20 > same time to make sure) >=20 > ive never really had luck with the change command, if i was on the same=20 > lan as the box, i always just delete the default and re-add it. Yes, of course, simple case works, but, let's imagine - you have active connection and you do now want to loose it, if there are no route while packet sent (between del and add route) - program gets ENETUNREACH and connection will be closed. > just my 2 cents worth --=20 Vladimir B. Grebenchikov vova@fbsd.ru From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 16:05:57 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E549C16A4CE for ; Mon, 17 Jan 2005 16:05:56 +0000 (GMT) Received: from tigra.ip.net.ua (tigra.ip.net.ua [82.193.96.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 39AFD43D49 for ; Mon, 17 Jan 2005 16:05:55 +0000 (GMT) (envelope-from ru@ip.net.ua) Received: from localhost (rocky.ip.net.ua [82.193.96.2]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id j0HG5j8P084806; Mon, 17 Jan 2005 18:05:46 +0200 (EET) (envelope-from ru@ip.net.ua) Received: from tigra.ip.net.ua ([82.193.96.10]) by localhost (rocky.ipnet [82.193.96.2]) (amavisd-new, port 10024) with LMTP id 54447-09; Mon, 17 Jan 2005 18:05:43 +0200 (EET) Received: from heffalump.ip.net.ua (heffalump.ip.net.ua [82.193.96.213]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id j0HG5h6B084800 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 17 Jan 2005 18:05:43 +0200 (EET) (envelope-from ru@ip.net.ua) Received: (from ru@localhost) by heffalump.ip.net.ua (8.13.1/8.13.1) id j0HG5XXP077626; Mon, 17 Jan 2005 18:05:33 +0200 (EET) (envelope-from ru) Date: Mon, 17 Jan 2005 18:05:23 +0200 From: Ruslan Ermilov To: Vladimir Grebenschikov Message-ID: <20050117160523.GA77421@ip.net.ua> References: <1105974518.1229.9.camel@localhost> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="y0ulUmNC+osPPQO6" Content-Disposition: inline In-Reply-To: <1105974518.1229.9.camel@localhost> User-Agent: Mutt/1.5.6i X-Virus-Scanned: by amavisd-new at ip.net.ua cc: net@FreeBSD.org Subject: Re: Invalid 'route change' functioning X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 16:05:57 -0000 --y0ulUmNC+osPPQO6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 17, 2005 at 06:08:38PM +0300, Vladimir Grebenschikov wrote: > Hi >=20 > I am try to do following thing - configure another interface with same > address on same broadcast segment (but wired) and then change route > entry from one interface to another: >=20 >=20 > # ifconfig iwi0 > iwi0: flags=3D8843 mtu 1500 > inet 192.168.1.111 netmask 0xfffffe00 broadcast 192.168.1.255 > ether 00:0e:35:03:82:74 > media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps) > status: associated > ... > # netstat -rn > Routing tables >=20 > Internet: > Destination Gateway Flags Refs Use Netif Expire > default 192.168.1.1 UGS 0 511183 iwi0 > 127.0.0.1 127.0.0.1 UH 1 626 lo0 > 192.168.0/23 link#3 UC 0 0 iwi0 > 192.168.1.111 127.0.0.1 UGHS 0 0 lo0 > 192.168.1.255 ff:ff:ff:ff:ff:ff UHLWb 0 1 iwi0 > # >=20 > All is ok so far, then configure same address on another interface (not w= ireless): >=20 > # ifconfig fxp0 192.168.1.111/23 > # ifconfig fxp0=20 > fxp0: flags=3D8843 mtu 1500 > options=3D8 > inet 192.168.1.111 netmask 0xfffffe00 broadcast 192.168.1.255 > ether 08:00:46:c8:45:b3 > media: Ethernet autoselect (100baseTX ) > status: active >=20 > Ok, routing not changed, now I whant to change route entry 192.168.0/23 -= > iwi0, to 192.168.0/23 -> fxp0 >=20 > # route change 192.168.0/23 -iface fxp0 -cloning=20 > change net 192.168.0: gateway fxp0 > # >=20 > looks like ok, but: >=20 > # netstat -rn > Routing tables >=20 > Internet: > Destination Gateway Flags Refs Use Netif Expire > default 192.168.1.1 UGS 0 511317 iwi0 > 127.0.0.1 127.0.0.1 UH 1 661 lo0 > 192.168.0/23 link#3 UC 0 0 iwi0 > 192.168.1.111 127.0.0.1 UGHS 0 0 lo0 > # >=20 > nothing changed, delete + add works as expected: >=20 > # route delete 192.168.0/23 && route add 192.168.0/23 -iface fxp0 -cloning > delete net 192.168.0 > add net 192.168.0: gateway fxp0 > # netstat -rn > Routing tables >=20 > Internet: > Destination Gateway Flags Refs Use Netif Expire > default 192.168.1.1 UGS 0 511336 iwi0 > 127.0.0.1 127.0.0.1 UH 1 663 lo0 > 192.168.0/23 link#1 UCS 0 0 fxp0 > 192.168.1.111 127.0.0.1 UGHS 0 0 lo0 > # >=20 > (default still goes through wireless, as expected) >=20 > Any ideas what wrong with 'route change' ?=20 >=20 The route(8) manpage says: : In a change or add command where the destination and gateway are not suf- : ficient to specify the route (as in the ISO case where several interfaces : may have the same address), the -ifp or -ifa modifiers may be used to : determine the interface or interface address. So try this instead: route change 192.168.0/23 -ifp fxp0 Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --y0ulUmNC+osPPQO6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFB6+JCqRfpzJluFF4RAss0AJ9jG/0NDYCxezzLJC/7Xnz4kNCXaQCePa77 z0Fj8dOhc0QaScl5nWdekBc= =JOob -----END PGP SIGNATURE----- --y0ulUmNC+osPPQO6-- From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 16:20:55 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F65F16A4CE; Mon, 17 Jan 2005 16:20:55 +0000 (GMT) Received: from vbook.fbsd.ru (asplinux.ru [195.133.213.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 00A0943D49; Mon, 17 Jan 2005 16:20:54 +0000 (GMT) (envelope-from vova@vbook.fbsd.ru) Received: from vova by vbook.fbsd.ru with local (Exim 4.43 (FreeBSD)) id 1CqZcb-00013D-VH; Mon, 17 Jan 2005 19:20:53 +0300 From: Vladimir Grebenschikov To: Ruslan Ermilov In-Reply-To: <20050117160523.GA77421@ip.net.ua> References: <1105974518.1229.9.camel@localhost> <20050117160523.GA77421@ip.net.ua> Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable Organization: SWsoft Date: Mon, 17 Jan 2005 19:20:53 +0300 Message-Id: <1105978853.1229.18.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.0.0FreeBSD GNOME Team Port Sender: Vladimir Grebenschikov cc: freebsd-net Subject: Re: Invalid 'route change' functioning X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: vova@fbsd.ru List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 16:20:55 -0000 =F7 =D0=CE, 17/01/2005 =D7 18:05 +0200, Ruslan Ermilov =D0=C9=DB=C5=D4: > > Any ideas what wrong with 'route change' ?=20 > >=20 > The route(8) manpage says: >=20 > : In a change or add command where the destination and gateway are not su= f- > : ficient to specify the route (as in the ISO case where several interfac= es > : may have the same address), the -ifp or -ifa modifiers may be used to > : determine the interface or interface address. >=20 > So try this instead: >=20 > route change 192.168.0/23 -ifp fxp0 Thank you, it works. So, as I understand, route add ... -iface fxp0 is invalid if I want specify gateway interface ? (how this works, '-iface' flag and 'fxp0' is what ? gateway ?) > Cheers, --=20 Vladimir B. Grebenchikov vova@fbsd.ru From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 17:20:11 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F221F16A4CE for ; Mon, 17 Jan 2005 17:20:11 +0000 (GMT) Received: from mallaury.noc.nerim.net (smtp-101-monday.noc.nerim.net [62.4.17.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 08FBF43D45 for ; Mon, 17 Jan 2005 17:20:11 +0000 (GMT) (envelope-from e-masson@kisoft-services.com) Received: from srvbsdnanssv.interne.kisoft-services.com (kisoft.net1.nerim.net [62.212.107.51]) by mallaury.noc.nerim.net (Postfix) with ESMTP id 45B7362EE6 for ; Mon, 17 Jan 2005 18:20:07 +0100 (CET) Received: from localhost (localhost [127.0.0.1])B27ACC1EB for ; Mon, 17 Jan 2005 18:20:06 +0100 (CET) Received: from srvbsdnanssv.interne.kisoft-services.com ([127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01130-09 for ; Mon, 17 Jan 2005 18:19:55 +0100 (CET) Received: by srvbsdnanssv.interne.kisoft-services.com (Postfix, from userid 1001) id 63B1CC1BD; Mon, 17 Jan 2005 18:19:55 +0100 (CET) To: Mailing List FreeBSD Network From: Eric Masson X-Operating-System: FreeBSD 5.3-STABLE i386 Date: Mon, 17 Jan 2005 18:19:55 +0100 Message-ID: <86k6qcynus.fsf@srvbsdnanssv.interne.kisoft-services.com> User-Agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Security Through Obscurity, berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 8bit X-Virus-Scanned: amavisd-new at interne.kisoft-services.com Subject: pf & clonable devices X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 17:20:12 -0000 Hi, uname -a : FreeBSD srvbsdnanssv.interne.kisoft-services.com 5.3-STABLE FreeBSD 5.3-STABLE #0: Tue Jan 11 11:44:56 CET 2005 emss@srvbsdnanssv.interne.kisoft-services.com:/vol0/build/usr/src/sys/K6II i386 kldstat : Id Refs Address Size Name 1 19 0xc0400000 2f6a20 kernel 2 1 0xc06f7000 14f08 if_ppp.ko 3 1 0xc070c000 9a88 if_xl.ko 4 2 0xc0716000 18a44 miibus.ko 5 1 0xc072f000 39ac ulpt.ko 6 9 0xc0733000 1357c agp.ko 7 1 0xc13fa000 1e000 nfsserver.ko 8 1 0xc1429000 28000 pf.ko I'm back at the moment to an isdn line for internet connection, and I'm using pppd (kernel ppp) and an isdn TA. I'm using Alain Thivillon's SSLTunnel for connection to the main office (kernel ppp tunnel encapsulated in a SSL session) pppX interfaces are created on demand as pppd is started. So I end with a setup like this one : ppp0: flags=8051 mtu 1524 inet 213.36.152.19 --> 212.129.4.14 netmask 0xffffff00 ppp1: flags=8051 mtu 1500 inet 192.168.0.70 --> 192.168.0.15 netmask 0xffffff00 kernel ppp doesn't seem to reuse existing pppX devices, it creates new ones as needed. PF rules are defined for fixed network devices, so I destroy pppX interfaces on ppp shutdown and let pppd recreate them as needed. In this case, I need to refresh PF by issuing : pfctl -F all -f /etc/pf.conf to get traffic passing thru newly recreated ppp0/1 interfaces. Is this a feature or a bug ? Regards Éric Masson -- Tu as mille fois raison, un abonnement gratuit ce n'est pas un cadeau. D'ailleurs quand on a eu le beurre, l'argent et le cul de la crémière, à part dire des conneries, il ne reste plus grand chose à faire. -+- Biz in GNU : Et là, ça vaut gratuit ou ça fout la chtouille ? -+- From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 17:47:48 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3911D16A4EB for ; Mon, 17 Jan 2005 17:47:48 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5F4DE43D31 for ; Mon, 17 Jan 2005 17:47:46 +0000 (GMT) (envelope-from jsimola@gmail.com) Received: by wproxy.gmail.com with SMTP id 58so105498wri for ; Mon, 17 Jan 2005 09:47:46 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=ZgZtm1R6BfouwT9nHSRzSKZhyq9zNO8CcG3192C3UXc6N3R0RsDBkU9PzNNg0Yk6K2CSu3UhV4N3pCzQRK5XqRnZIIUtGAQwYTZ3oVMaoQVMIk6YdAqJKrqtCG+3KLyEY0suRK0lTcD5I6T/OCOZoa9cnuoJtGUdSVOzV5IxstU= Received: by 10.54.6.43 with SMTP id 43mr262460wrf; Mon, 17 Jan 2005 09:47:45 -0800 (PST) Received: by 10.54.39.34 with HTTP; Mon, 17 Jan 2005 09:47:45 -0800 (PST) Message-ID: <8eea040805011709477418156d@mail.gmail.com> Date: Mon, 17 Jan 2005 09:47:45 -0800 From: Jon Simola To: freebsd-net@freebsd.org In-Reply-To: <8eea040805010512321bf5b953@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <8eea040805010512321bf5b953@mail.gmail.com> Subject: ALTQ patch for if_vlan.c X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jon@abccomm.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 17:47:48 -0000 (CC's to jsimola@gmail.com, I'm not subscribed to the -net list) I whipped up this against 5.3-STABLE #1: Wed Dec 22 17:11:02 PST 2004 I've had this patch in operation for a week on my router that serves 500 DSL customers and I've had no problems with it. On the -stable list it was mentioned that the vlan pseudo-device probably isn't the best place to be doing this, however I haven't been able to figure out any other way to perform traffic shaping on vlan interfaces. --- sys/net/if_vlan.c.orig Wed Jan 5 12:25:19 2005 +++ sys/net/if_vlan.c Wed Jan 5 12:53:45 2005 @@ -379,7 +379,10 @@ ifp->if_init = vlan_ifinit; ifp->if_start = vlan_start; ifp->if_ioctl = vlan_ioctl; - ifp->if_snd.ifq_maxlen = ifqmaxlen; + IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); + ifp->if_snd.ifq_drv_maxlen = 0; + IFQ_SET_READY(&ifp->if_snd); + ether_ifattach(ifp, ifv->ifv_ac.ac_enaddr); /* Now undo some of the damage... */ ifp->if_baudrate = 0; @@ -423,11 +426,15 @@ { int unit; struct ifvlan *ifv = ifp->if_softc; + int s; unit = ifp->if_dunit; VLAN_LOCK(); LIST_REMOVE(ifv, ifv_list); + s = splimp(); + IFQ_PURGE(&ifp->if_snd); + splx(s); vlan_unconfig(ifp); VLAN_UNLOCK(); @@ -458,12 +465,22 @@ struct mbuf *m; int error; + if (ALTQ_IS_ENABLED(&ifp->if_snd)) { + IFQ_LOCK(&ifp->if_snd); + IFQ_POLL_NOLOCK(&ifp->if_snd, m); + if (m == NULL ) { + IFQ_UNLOCK(&ifp->if_snd); + return; + } + IFQ_UNLOCK(&ifp->if_snd); + } + ifv = ifp->if_softc; p = ifv->ifv_p; ifp->if_flags |= IFF_OACTIVE; for (;;) { - IF_DEQUEUE(&ifp->if_snd, m); + IFQ_DEQUEUE(&ifp->if_snd, m); if (m == 0) break; BPF_MTAP(ifp, m); -- Jon Simola From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 20:06:14 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D038816A4CE; Mon, 17 Jan 2005 20:06:14 +0000 (GMT) Received: from relay.bestcom.ru (relay.bestcom.ru [217.72.144.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0245743D53; Mon, 17 Jan 2005 20:06:14 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (root@cell.sick.ru [217.72.144.68]) by relay.bestcom.ru (8.13.1/8.12.9) with ESMTP id j0HK6BCO043812 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 17 Jan 2005 23:06:12 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id j0HK6BKi090882 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 17 Jan 2005 23:06:11 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id j0HK6B45090881; Mon, 17 Jan 2005 23:06:11 +0300 (MSK) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Mon, 17 Jan 2005 23:06:10 +0300 From: Gleb Smirnoff To: current@freebsd.org, net@freebsd.org Message-ID: <20050117200610.GA90866@cell.sick.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.5.6i X-Virus-Scanned: clamd / ClamAV version devel-20041013, clamav-milter version 0.75l on 127.0.0.1 X-Virus-Status: Clean Subject: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 20:06:15 -0000 Dear collegues, here is quite a simple node for direct interaction between ipfw(4) and netgraph(4). It is going to be more effective and error-prone than a complicated construction around divert socket and ng_ksocket[1]. The semantics of node operation are quite simple. There is one node per system, which accepts any hooks with numeric names. Packets can be sent to netgraph(4) using ipfw 'netgraph' action, followed by a numeric cookie. Matched packets are sent out from corresponding hook of ng_ipfw node. These packets are tagged with information which helps them later to reenter ipfw processing. Tagged packets received on any node hook reenter IP stack. If net.inet.ip.fw.one_pass sysctl is non zero they are accepted, otherwise they continue with next rule. Non-tagged packets (not originating from ng_ipfw node) are discarded. Here is sample configuration. ng_echo(4) echoes packets back from netgraph to ipfw thru a tee node, which allows to sniff traffic. ngctl + ls There are 4 total nodes: Name: ngctl6138 Type: socket ID: 0000000c Num hooks: 0 Name: ipfw Type: ipfw ID: 00000009 Num hooks: 1 Name: Type: echo ID: 00000006 Num hooks: 1 Name: tee Type: tee ID: 00000005 Num hooks: 2 + show ipfw: Name: ipfw Type: ipfw ID: 00000009 Num hooks: 1 Local hook Peer name Peer type Peer ID Peer hook ---------- --------- --------- ------- --------- 666 tee tee 00000005 left + show tee: Name: tee Type: tee ID: 00000005 Num hooks: 2 Local hook Peer name Peer type Peer ID Peer hook ---------- --------- --------- ------- --------- left ipfw ipfw 00000009 666 right echo 00000006 echi root@jujik:/usr/src:|>ipfw show 00100 292 40304 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 00350 290730 661428793 netgraph 666 ip from any to any 65000 627921 1896034399 allow ip from any to any 65535 0 0 deny ip from any to any The patch [2] is applicable only to HEAD, sorry. The target users are the ones, who are now running ip_accounting/netflow using diverted ng_ksocket, and just netgraph geeks. Any kind of feedback is welcome via email with cc: net@. [1] http://freebsd.rambler.ru/bsdmail/freebsd-net_2004/msg03199.html [2] http://people.freebsd.org/~glebius/totest/ng_ipfw.patch -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 20:11:22 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 066EF16A4CE for ; Mon, 17 Jan 2005 20:11:22 +0000 (GMT) Received: from borgtech.ca (borgtech.ca [216.187.106.216]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6FEA743D2F for ; Mon, 17 Jan 2005 20:11:21 +0000 (GMT) (envelope-from asegu@borgtech.ca) Received: from asegulaptop (unknown [161.53.212.129]) by borgtech.ca (Postfix) with ESMTP id 3388954A5 for ; Mon, 17 Jan 2005 20:15:13 +0000 (GMT) From: "Andrew Seguin" To: Date: Mon, 17 Jan 2005 21:11:13 +0100 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thread-Index: AcT80LFoSUWCz4YPSgGiCtgrIeCPng== Message-Id: <20050117201513.3388954A5@borgtech.ca> Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Network accounting X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 20:11:22 -0000 I=92ve searched Google, I=92ve searched through the FreeBSD-net archives = and have gotten a few leads to what I=92m seeking, but unfortunately, = nothing solid enough for me to go off of (so yes, I=92ve been doing some = homework first! ;) ) =20 But, here=92s my situation. A dedicated FreeBSD transparent = firewall-bridge with 3 NICs (two for the bridge w/o IP, one for console). I=92m using = IPFW for the firewall, and at the moment I=92m doing some very bare-bones = statistics via a couple of count rules. I track abusive users through random usage = of TCPDump (when I feel like it basically). =20 However, I have some heavy downloader=92s on the campus so I want to do = deep statistics gathering. Mainly, how much is (daily/weekly/monthly) the = traffic by IP address and independently the traffic by service (HTTP/SMTP). =20 So my research seems to indicate that the best is to use something to generate netflow data (Maybe IPCad?). However, I sort of feel that=92s a = bit heavy for my needs, I=92d have only one source of data collection. But = it=92s not like I=92m tight in processor power nor hard disk space and I even = have a second server already running web/Mysql under my control. I have a small list of tools, but it all leads up to my question. =20 I therefore ask out to the list, what recommendations for traffic accounting/statistics gathering can you give me? --=20 No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.6.13 - Release Date: 1/16/2005 =20 From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 20:15:18 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF6D916A4CE; Mon, 17 Jan 2005 20:15:18 +0000 (GMT) Received: from relay.bestcom.ru (relay.bestcom.ru [217.72.144.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0B0D143D49; Mon, 17 Jan 2005 20:15:18 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (root@cell.sick.ru [217.72.144.68]) by relay.bestcom.ru (8.13.1/8.12.9) with ESMTP id j0HKFG5Z043942 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 17 Jan 2005 23:15:17 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id j0HKFGjD090959 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 17 Jan 2005 23:15:16 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id j0HKFFir090958; Mon, 17 Jan 2005 23:15:16 +0300 (MSK) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Mon, 17 Jan 2005 23:15:15 +0300 From: Gleb Smirnoff To: hydros Message-ID: <20050117201515.GB90866@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , hydros , freebsd-performance@freebsd.org, freebsd-net@freebsd.org References: <1116933942.20050109134050@mail.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <1116933942.20050109134050@mail.ru> User-Agent: Mutt/1.5.6i X-Virus-Scanned: clamd / ClamAV version devel-20041013, clamav-milter version 0.75l on 127.0.0.1 X-Virus-Status: Clean cc: freebsd-net@freebsd.org cc: freebsd-performance@freebsd.org Subject: Re: pppoe perfomance X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 20:15:18 -0000 On Sun, Jan 09, 2005 at 01:40:50PM +0300, hydros wrote: h> Does anyone tested a perfomance of pppoe+freebsd as server? h> How much cpu\ram does it east with a different vpn load. h> I`m trying to make a server and not sure does the hardware would be able to h> serve my LAN users h> server pII-450 h> ram 256mb h> hdd 10gb h> NIC realtek rl0 10\100mbit(working at 10mbit speed) 256 Mb RAM is more than enough. If you are going to run PPPoE using mpd than you should estimate machine CPU resources as for router of plain Ethernet segments. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 20:54:41 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C4EE116A4CE for ; Mon, 17 Jan 2005 20:54:41 +0000 (GMT) Received: from bigass1.bitblock.com (ns1.bitblock.com [66.199.170.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id EBBA043D49 for ; Mon, 17 Jan 2005 20:54:40 +0000 (GMT) (envelope-from mitch@bitblock.com) Received: from dc1 ([66.199.170.122]) (AUTH: LOGIN mitch@bitblock.com) by bigass1.bitblock.com with esmtp; Mon, 17 Jan 2005 20:54:35 +0000 X-Abuse-Reports: Visit http://www.bitblock.com/abuse.php X-Abuse-Reports: and submit a copy of the message headers X-Abuse-Reports: or review our policies and procedures X-Abuse-Reports: ID= 41EC260B.0000711B.bigass1.bitblock.com,dns; dc1 ([66.199.170.122]),AUTH: LOGIN mitch@bitblock.com From: "Mitch (Bitblock)" To: "'Andrew Seguin'" , freebsd-net@freebsd.org Date: Mon, 17 Jan 2005 12:54:35 -0800 Organization: Bitblock Systems Inc. MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 Thread-Index: AcT80LFoSUWCz4YPSgGiCtgrIeCPngABe3yQ In-Reply-To: <20050117201513.3388954A5@borgtech.ca> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.181 Message-ID: Subject: RE: Network accounting X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 20:54:41 -0000 -----Original Message----- From: owner-freebsd-net@freebsd.org [mailto:owner-freebsd-net@freebsd.org] On Behalf Of Andrew Seguin Sent: January 17, 2005 12:11 PM To: freebsd-net@freebsd.org Subject: Network accounting I've searched Google, I've searched through the FreeBSD-net archives and have gotten a few leads to what I'm seeking, but unfortunately, nothing solid enough for me to go off of (so yes, I've been doing some homework first! ;) ) [Mitch says:] Just a thought: http://rtg.sourceforge.net ? hth m/ From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 21:24:10 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE48416A4CE for ; Mon, 17 Jan 2005 21:24:10 +0000 (GMT) Received: from borgtech.ca (borgtech.ca [216.187.106.216]) by mx1.FreeBSD.org (Postfix) with ESMTP id B777243D31 for ; Mon, 17 Jan 2005 21:24:10 +0000 (GMT) (envelope-from asegu@borgtech.ca) Received: from asegulaptop (unknown [161.53.212.129]) by borgtech.ca (Postfix) with ESMTP id AC19E54A5; Mon, 17 Jan 2005 21:28:03 +0000 (GMT) From: "Andrew Seguin" To: Date: Mon, 17 Jan 2005 22:23:31 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thread-Index: AcT80LFoSUWCz4YPSgGiCtgrIeCPngABe3yQAAAREfA= Message-Id: <20050117212803.AC19E54A5@borgtech.ca> cc: "'Mitch \(Bitblock\)'" Subject: RE: Network accounting X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 21:24:11 -0000 -----Original Message----- From: Mitch (Bitblock) [mailto:mitch@bitblock.com] Subject: RE: Network accounting ... [Mitch says:] Just a thought: http://rtg.sourceforge.net ? hth ---- If I understand this correctly... I'd have to add SNMP to the server and rtg would then poll via SNMP, storing the results in the MySQL server. Seems very good, but I'm a bit hesitant just because I'd like to keep as few software packages as possible running on the firewall. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.6.13 - Release Date: 1/16/2005 From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 21:26:34 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D1C6316A4CE for ; Mon, 17 Jan 2005 21:26:34 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4864043D49 for ; Mon, 17 Jan 2005 21:26:34 +0000 (GMT) (envelope-from jsimola@gmail.com) Received: by wproxy.gmail.com with SMTP id 58so130986wri for ; Mon, 17 Jan 2005 13:26:33 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=fEbUIxk3b/0G8Yw5CtCMBWBF5k0jNalLlFYOsDnnl0vGyz+tkuqQZsXZsnoIXd4n3/knHxneIAX+im8al3k4GzYkdoW+++ifSO2Dv0ffEEyc16LCTGDBqLcZJfoqKD2qC9PSJIo8ojDPvBo22/t6JukAmxI+Xrb4xD7UmT2387M= Received: by 10.54.49.36 with SMTP id w36mr354476wrw; Mon, 17 Jan 2005 13:26:33 -0800 (PST) Received: by 10.54.39.34 with HTTP; Mon, 17 Jan 2005 13:26:33 -0800 (PST) Message-ID: <8eea0408050117132657045645@mail.gmail.com> Date: Mon, 17 Jan 2005 13:26:33 -0800 From: Jon Simola To: Andrew Seguin , freebsd-net@freebsd.org In-Reply-To: <20050117201513.3388954A5@borgtech.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <20050117201513.3388954A5@borgtech.ca> Subject: Re: Network accounting X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jon@abccomm.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 21:26:34 -0000 On Mon, 17 Jan 2005 21:11:13 +0100, Andrew Seguin wrote: > But, here's my situation. A dedicated FreeBSD transparent firewall-bridge > with 3 NICs (two for the bridge w/o IP, one for console). I'm using IPFW for > the firewall, and at the moment I'm doing some very bare-bones statistics > via a couple of count rules. I track abusive users through random usage of > TCPDump (when I feel like it basically). What I was doing with the same setup: $IPFW pipe 1 config mask src-ip 0xffffffff buckets 512 $IPFW pipe 2 config mask dst-ip 0xffffffff buckets 512 $IPFW add 32001 pipe 1 src-ip 192.168.110.0/24 bridged $IPFW add 32002 pipe 2 dst-ip 192.168.110.0/24 bridged Then 'ipfw pipe 1 show' gives you cumulative upload BW usage, and 'ipfw pipe 2 show' gives download usage. Every 15 minutes I had a perl script that ran, computed the difference in the current and last counts, and logged that to a mySQL database. Then I could query the database at will for usage stats or make graphs. I've been running that system and billing a few hundred customers with it for about 3 years now. From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 21:41:56 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 14D8516A4CE for ; Mon, 17 Jan 2005 21:41:56 +0000 (GMT) Received: from borgtech.ca (borgtech.ca [216.187.106.216]) by mx1.FreeBSD.org (Postfix) with ESMTP id C530543D4C for ; Mon, 17 Jan 2005 21:41:55 +0000 (GMT) (envelope-from asegu@borgtech.ca) Received: from asegulaptop (unknown [161.53.212.129]) by borgtech.ca (Postfix) with ESMTP id 4C5DC54A5 for ; Mon, 17 Jan 2005 21:45:49 +0000 (GMT) From: "Andrew Seguin" To: Date: Mon, 17 Jan 2005 22:41:16 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 In-Reply-To: <8eea0408050117132657045645@mail.gmail.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thread-Index: AcT828U32i/48qgjTvewwLmjC94+rAAADjfA Message-Id: <20050117214549.4C5DC54A5@borgtech.ca> Subject: RE: Network accounting X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 21:41:56 -0000 -----Original Message----- From: Jon Simola [mailto:jsimola@gmail.com] Sent: Monday, January 17, 2005 10:27 PM To: Andrew Seguin; freebsd-net@freebsd.org Subject: Re: Network accounting ... >What I was doing with the same setup: >$IPFW pipe 1 config mask src-ip 0xffffffff buckets 512 >$IPFW pipe 2 config mask dst-ip 0xffffffff buckets 512 >$IPFW add 32001 pipe 1 src-ip 192.168.110.0/24 bridged >$IPFW add 32002 pipe 2 dst-ip 192.168.110.0/24 bridged ... I don't understand how this system will allow me to log traffic by-ip without addition of 256 rules? I already have counts of my up & down traffic. Actually, I have a bypass rule for 'normal' traffic (web/email/dns/icmp/etc), and then a pipe to control bandwidth (mainly because of downloaders). With some scripting, the server maintains a csv of in/out/abnormal (in+out). But I criticaly need per-ip and highly need per-protocol (major ones at least). -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.6.13 - Release Date: 1/16/2005 From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 21:44:27 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4E97316A4CE for ; Mon, 17 Jan 2005 21:44:27 +0000 (GMT) Received: from james.phatservers.com (www.phatservers.com [216.17.104.134]) by mx1.FreeBSD.org (Postfix) with ESMTP id E5DCF43D46 for ; Mon, 17 Jan 2005 21:44:26 +0000 (GMT) (envelope-from fbsdnet@mikewesson.com) Received: from sabotage (S0106001217ad2d99.ss.shawcable.net [70.64.126.134]) j0HLiOFT043840 for ; Mon, 17 Jan 2005 13:44:24 -0800 (PST) (envelope-from fbsdnet@mikewesson.com) Message-Id: <200501172144.j0HLiOFT043840@james.phatservers.com> From: "Mike Wesson" To: Date: Mon, 17 Jan 2005 15:44:20 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 Thread-Index: AcT83bNpuIBaNqI9Qw6/i4VV2vPH8Q== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 X-Scanned-By: MIMEDefang 2.48 on 216.17.111.92 Subject: Using aliased IPs for outbound requests X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 21:44:27 -0000 Hi there, I have a client who wants a http proxy set up using multiple ips, and he wants the IP the request is sent to to send the outbound request, rather than the interfaces main IP. I've done the usual google searching and consulted the documentation for both Squid and mod_proxy and have not found a solution. If anyone has any suggestions, they would be very much appreciated (Aside from using jails, which I suspect would work but would be cumbersome). Thanks! Mike From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 21:48:53 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB85F16A4CE for ; Mon, 17 Jan 2005 21:48:52 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4499043D1F for ; Mon, 17 Jan 2005 21:48:52 +0000 (GMT) (envelope-from jsimola@gmail.com) Received: by wproxy.gmail.com with SMTP id 58so133455wri for ; Mon, 17 Jan 2005 13:48:50 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=PbVGPkqrDN4yanm64wkYrSB7yTB6FuXzXjEMgdSk4fuWmbi/bh0F0G9IU+SO9/RDr5fQ4TvFCewlGXL1BEDicFw83Y97r277hxsl0MiTGTn03gWOrCrIpkmx9w5zLnF445t+uIQj69DcUC9bQTIiOv7GNpcCWY6LES1xntBv+R8= Received: by 10.54.8.70 with SMTP id 70mr45299wrh; Mon, 17 Jan 2005 13:48:49 -0800 (PST) Received: by 10.54.39.34 with HTTP; Mon, 17 Jan 2005 13:48:49 -0800 (PST) Message-ID: <8eea0408050117134812c17174@mail.gmail.com> Date: Mon, 17 Jan 2005 13:48:49 -0800 From: Jon Simola To: Andrew Seguin , freebsd-net@freebsd.org In-Reply-To: <20050117214549.4C5DC54A5@borgtech.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <8eea0408050117132657045645@mail.gmail.com> <20050117214549.4C5DC54A5@borgtech.ca> Subject: Re: Network accounting X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jon@abccomm.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 21:48:53 -0000 On Mon, 17 Jan 2005 22:41:16 +0100, Andrew Seguin wrote: > >What I was doing with the same setup: > >$IPFW pipe 1 config mask src-ip 0xffffffff buckets 512 > >$IPFW pipe 2 config mask dst-ip 0xffffffff buckets 512 > >$IPFW add 32001 pipe 1 src-ip 192.168.110.0/24 bridged > >$IPFW add 32002 pipe 2 dst-ip 192.168.110.0/24 bridged > I don't understand how this system will allow me to log traffic by-ip > without addition of 256 rules? from ipfw(8): mask mask-specifier Packets sent to a given pipe or queue by an ipfw rule can be fur- ther classified into multiple flows, each of which is then sent to a different dynamic pipe or queue. A flow identifier is con- structed by masking the IP addresses, ports and protocol types as specified with the mask options in the configuration of the pipe or queue. For each different flow identifier, a new pipe or queue is created with the same parameters as the original object, and match- ing packets are sent to it. # ipfw pipe 1 show | head 00001: unlimited 0 ms 50 sl. 246 queues (512 buckets) droptail mask: 0x00 0xffffffff/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 ip 192.168.110.225/0 0.0.0.0/0 161697 12895342 0 0 0 2 ip 192.168.110.224/0 0.0.0.0/0 1 60 0 0 0 4 ip 192.168.110.227/0 0.0.0.0/0 150062 13695821 0 0 0 6 ip 192.168.110.226/0 0.0.0.0/0 168531 17030284 0 0 0 8 ip 192.168.110.229/0 0.0.0.0/0 4 240 0 0 0 10 ip 192.168.110.228/0 0.0.0.0/0 115875 10482197 0 0 0 12 ip 192.168.110.231/0 0.0.0.0/0 155357 14797338 0 0 0 # ipfw pipe 2 show | head 00002: unlimited 0 ms 50 sl. 256 queues (512 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0xffffffff/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 256 ip 0.0.0.0/0 192.168.110.132/0 505 30828 0 0 0 257 ip 0.0.0.0/0 192.168.110.133/0 507 30962 0 0 0 258 ip 0.0.0.0/0 192.168.110.134/0 475 28994 0 0 0 259 ip 0.0.0.0/0 192.168.110.135/0 499 30426 0 0 0 260 ip 0.0.0.0/0 192.168.110.128/0 39852609 35479316635 0 0 0 261 ip 0.0.0.0/0 192.168.110.129/0 503 30732 0 0 0 262 ip 0.0.0.0/0 192.168.110.130/0 527 32134 0 0 0 > server maintains a csv of in/out/abnormal (in+out). But I criticaly need > per-ip and highly need per-protocol (major ones at least). The above shows per-ip. Per protocol can be done similar. Hope these sample outputs explain a bit better. From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 21:51:21 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC89C16A4CE for ; Mon, 17 Jan 2005 21:51:21 +0000 (GMT) Received: from bigass1.bitblock.com (ns1.bitblock.com [66.199.170.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 26F6043D1D for ; Mon, 17 Jan 2005 21:51:21 +0000 (GMT) (envelope-from mitch@bitblock.com) Received: from dc1 ([66.199.170.122]) (AUTH: LOGIN mitch@bitblock.com) by bigass1.bitblock.com with esmtp; Mon, 17 Jan 2005 21:51:16 +0000 X-Abuse-Reports: Visit http://www.bitblock.com/abuse.php X-Abuse-Reports: and submit a copy of the message headers X-Abuse-Reports: or review our policies and procedures X-Abuse-Reports: ID= 41EC3354.00007D33.bigass1.bitblock.com,dns; dc1 ([66.199.170.122]),AUTH: LOGIN mitch@bitblock.com From: "Mitch (Bitblock)" To: "'Andrew Seguin'" , freebsd-net@freebsd.org Date: Mon, 17 Jan 2005 13:51:16 -0800 Organization: Bitblock Systems Inc. MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 Thread-Index: AcT80LFoSUWCz4YPSgGiCtgrIeCPngABe3yQAAAREfAAAeSOwA== In-Reply-To: <20050117212803.AC19E54A5@borgtech.ca> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.181 Message-ID: Subject: RE: Network accounting X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 21:51:21 -0000 ---- If I understand this correctly... I'd have to add SNMP to the server and rtg would then poll via SNMP, storing the results in the MySQL server. Seems very good, but I'm a bit hesitant just because I'd like to keep as few software packages as possible running on the firewall. [Mitch says:] you could also use a simple PERL program to parse the output from your ipfw counter list.... Call it on a cron - keep in mind how quick the counters can roll over depending on how fast the interfaces are. m/ From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 21:55:25 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 377B116A4CE for ; Mon, 17 Jan 2005 21:55:25 +0000 (GMT) Received: from borgtech.ca (borgtech.ca [216.187.106.216]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6AE1543D31 for ; Mon, 17 Jan 2005 21:55:24 +0000 (GMT) (envelope-from asegu@borgtech.ca) Received: from asegulaptop (unknown [161.53.212.129]) by borgtech.ca (Postfix) with ESMTP id DA10A54A5; Mon, 17 Jan 2005 21:59:17 +0000 (GMT) From: "Andrew Seguin" To: Date: Mon, 17 Jan 2005 22:54:44 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 In-Reply-To: <8eea0408050117134812c17174@mail.gmail.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thread-Index: AcT83uGIJtRkge2GSLC3xGiXPBYojQAAHVag Message-Id: <20050117215917.DA10A54A5@borgtech.ca> cc: jon@abccomm.com Subject: RE: Network accounting X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 21:55:25 -0000 Much clearer! Thank you very much and sorry for my ignorance. Hadn't caught on to the "mask" feature ;) This could be very well what I'm in need of... but any other suggestions from the list are still welcome! -----Original Message----- From: Jon Simola [mailto:jsimola@gmail.com] Sent: Monday, January 17, 2005 10:49 PM To: Andrew Seguin; freebsd-net@freebsd.org Subject: Re: Network accounting On Mon, 17 Jan 2005 22:41:16 +0100, Andrew Seguin wrote: > >What I was doing with the same setup: > >$IPFW pipe 1 config mask src-ip 0xffffffff buckets 512 > >$IPFW pipe 2 config mask dst-ip 0xffffffff buckets 512 > >$IPFW add 32001 pipe 1 src-ip 192.168.110.0/24 bridged > >$IPFW add 32002 pipe 2 dst-ip 192.168.110.0/24 bridged > I don't understand how this system will allow me to log traffic by-ip > without addition of 256 rules? from ipfw(8): mask mask-specifier Packets sent to a given pipe or queue by an ipfw rule can be fur- ther classified into multiple flows, each of which is then sent to a different dynamic pipe or queue. A flow identifier is con- structed by masking the IP addresses, ports and protocol types as specified with the mask options in the configuration of the pipe or queue. For each different flow identifier, a new pipe or queue is created with the same parameters as the original object, and match- ing packets are sent to it. # ipfw pipe 1 show | head 00001: unlimited 0 ms 50 sl. 246 queues (512 buckets) droptail mask: 0x00 0xffffffff/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 ip 192.168.110.225/0 0.0.0.0/0 161697 12895342 0 0 0 2 ip 192.168.110.224/0 0.0.0.0/0 1 60 0 0 0 4 ip 192.168.110.227/0 0.0.0.0/0 150062 13695821 0 0 0 6 ip 192.168.110.226/0 0.0.0.0/0 168531 17030284 0 0 0 8 ip 192.168.110.229/0 0.0.0.0/0 4 240 0 0 0 10 ip 192.168.110.228/0 0.0.0.0/0 115875 10482197 0 0 0 12 ip 192.168.110.231/0 0.0.0.0/0 155357 14797338 0 0 0 # ipfw pipe 2 show | head 00002: unlimited 0 ms 50 sl. 256 queues (512 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0xffffffff/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 256 ip 0.0.0.0/0 192.168.110.132/0 505 30828 0 0 0 257 ip 0.0.0.0/0 192.168.110.133/0 507 30962 0 0 0 258 ip 0.0.0.0/0 192.168.110.134/0 475 28994 0 0 0 259 ip 0.0.0.0/0 192.168.110.135/0 499 30426 0 0 0 260 ip 0.0.0.0/0 192.168.110.128/0 39852609 35479316635 0 0 0 261 ip 0.0.0.0/0 192.168.110.129/0 503 30732 0 0 0 262 ip 0.0.0.0/0 192.168.110.130/0 527 32134 0 0 0 > server maintains a csv of in/out/abnormal (in+out). But I criticaly need > per-ip and highly need per-protocol (major ones at least). The above shows per-ip. Per protocol can be done similar. Hope these sample outputs explain a bit better. -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.6.13 - Release Date: 1/16/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.6.13 - Release Date: 1/16/2005 From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 22:05:25 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 43F0B16A4CF for ; Mon, 17 Jan 2005 22:05:05 +0000 (GMT) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id B417E43D46 for ; Mon, 17 Jan 2005 22:05:04 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from [192.168.1.3] (pool-68-160-236-186.ny325.east.verizon.net [68.160.236.186]) by pi.codefab.com (8.12.11/8.12.11) with ESMTP id j0HM4vOk076610 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 17 Jan 2005 17:05:00 -0500 (EST) Message-ID: <41EC36F6.7030404@mac.com> Date: Mon, 17 Jan 2005 17:06:46 -0500 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041217 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Andrew Seguin References: <20050117214549.4C5DC54A5@borgtech.ca> In-Reply-To: <20050117214549.4C5DC54A5@borgtech.ca> X-Enigmail-Version: 0.90.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=1.9 required=5.5 tests=AWL,RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL autolearn=disabled version=3.0.1 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on pi.codefab.com cc: freebsd-net@freebsd.org Subject: Re: Network accounting X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 22:05:25 -0000 Andrew Seguin wrote: [ ... ] > I don't understand how this system will allow me to log traffic by-ip > without addition of 256 rules? > > I already have counts of my up & down traffic. Actually, I have a bypass > rule for 'normal' traffic (web/email/dns/icmp/etc), and then a pipe to > control bandwidth (mainly because of downloaders). With some scripting, the > server maintains a csv of in/out/abnormal (in+out). But I criticaly need > per-ip and highly need per-protocol (major ones at least). Consider these rules: ipfw pipe 1 config mask src-ip 0xffffffff buckets 512 ipfw pipe 2 config mask src-ip 0xffffffff buckets 512 ipfw pipe 3 config mask src-ip 0xffffffff buckets 512 ipfw add 10 pipe 1 tcp from 192.168.1.0/24 to any ipfw add 20 pipe 2 udp from 192.168.1.0/24 to any ipfw add 30 pipe 3 icmp from 192.168.1.0/24 to any If you do an "ipfw pipe show", you'll see output like: 00001: unlimited 0 ms 50 sl. 3 queues (512 buckets) droptail mask: 0x00 0xffffffff/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 164 ip 192.168.1.6/0 0.0.0.0/0 5 558 0 0 0 172 ip 192.168.1.2/0 0.0.0.0/0 461 30425 0 0 0 174 ip 192.168.1.3/0 0.0.0.0/0 679 38468 0 0 0 00002: unlimited 0 ms 50 sl. 3 queues (512 buckets) droptail mask: 0x00 0xffffffff/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 164 ip 192.168.1.6/0 0.0.0.0/0 7 432 0 0 0 170 ip 192.168.1.1/0 0.0.0.0/0 56 7986 0 0 0 172 ip 192.168.1.2/0 0.0.0.0/0 77 5172 0 0 0 00003: unlimited 0 ms 50 sl. 3 queues (512 buckets) droptail mask: 0x00 0xffffffff/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 164 ip 192.168.1.6/0 0.0.0.0/0 5 420 0 0 0 170 ip 192.168.1.1/0 0.0.0.0/0 2 168 0 0 0 172 ip 192.168.1.2/0 0.0.0.0/0 26 1988 0 0 0 ...after I did a few pings and a non-local traceroute. In other words, you don't need to create rules for each host, but you would for each protocol. If you need to break things up more finely, you can also add port #'s to look for HTTP versus IRC versus whatever, too. -- -Chuck From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 22:08:34 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C1B4116A4CE for ; Mon, 17 Jan 2005 22:08:34 +0000 (GMT) Received: from borgtech.ca (borgtech.ca [216.187.106.216]) by mx1.FreeBSD.org (Postfix) with ESMTP id 85B8743D1F for ; Mon, 17 Jan 2005 22:08:34 +0000 (GMT) (envelope-from asegu@borgtech.ca) Received: from asegulaptop (unknown [161.53.212.129]) by borgtech.ca (Postfix) with ESMTP id E31F154A5; Mon, 17 Jan 2005 22:12:27 +0000 (GMT) From: "Andrew Seguin" To: Date: Mon, 17 Jan 2005 23:07:54 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thread-Index: AcT80LFoSUWCz4YPSgGiCtgrIeCPngABe3yQAAAREfAAAeSOwAAALzNQ Message-Id: <20050117221227.E31F154A5@borgtech.ca> cc: "'Mitch \(Bitblock\)'" Subject: RE: Network accounting X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 22:08:34 -0000 -----Original Message----- From: Mitch (Bitblock) [mailto:mitch@bitblock.com] Sent: Monday, January 17, 2005 10:51 PM To: 'Andrew Seguin'; freebsd-net@freebsd.org Subject: RE: Network accounting [Mitch says:] you could also use a simple PERL program to parse the output from your ipfw counter list.... Call it on a cron - keep in mind how quick the counters can roll over depending on how fast the interfaces are. m/ With the help, in pointing out the mask feature to me from Jon Simola, this quite possibly might be the path I'll take (I'll sleep on it first). I already have a daily cron job set at 11:59PM, dumping (and then zeroing) IPFW's state to a text file, which is then parsed and appended to a CSV file. This will simply require me to expand the parsing, and that's not all that bad, just a bit of work tomorrow. Interfaces are 100Mbps, but our internet is about 50Mbps total I believe (still have yet to get hard facts from people here). With our daily traffic, we see always 80GB total daily... but I'll keep hourly accounting in mind. I'm very thankful to you all, Once again this list has been of great help and a great blessing, Thank you! :) Andrew -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.6.13 - Release Date: 1/16/2005 From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 22:27:18 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 54BF116A4CF for ; Mon, 17 Jan 2005 22:27:18 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F34643D4C for ; Mon, 17 Jan 2005 22:27:17 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CqfLA-0007n7-00; Mon, 17 Jan 2005 23:27:16 +0100 Received: from [217.227.148.204] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CqfL9-0002Hk-00; Mon, 17 Jan 2005 23:27:16 +0100 From: Max Laier To: freebsd-net@freebsd.org Date: Mon, 17 Jan 2005 23:27:03 +0100 User-Agent: KMail/1.7.2 References: <86k6qcynus.fsf@srvbsdnanssv.interne.kisoft-services.com> In-Reply-To: <86k6qcynus.fsf@srvbsdnanssv.interne.kisoft-services.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2545583.N2s49BBbeG"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200501172327.13677.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Re: pf & clonable devices X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 22:27:18 -0000 --nextPart2545583.N2s49BBbeG Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 17 January 2005 18:19, Eric Masson wrote: > Hi, > > uname -a : > FreeBSD srvbsdnanssv.interne.kisoft-services.com 5.3-STABLE FreeBSD > 5.3-STABLE #0: Tue Jan 11 11:44:56 CET 2005 =20 > emss@srvbsdnanssv.interne.kisoft-services.com:/vol0/build/usr/src/sys/K6I= I=20 > i386 > > kldstat : > Id Refs Address Size Name > 1 19 0xc0400000 2f6a20 kernel > 2 1 0xc06f7000 14f08 if_ppp.ko > 3 1 0xc070c000 9a88 if_xl.ko > 4 2 0xc0716000 18a44 miibus.ko > 5 1 0xc072f000 39ac ulpt.ko > 6 9 0xc0733000 1357c agp.ko > 7 1 0xc13fa000 1e000 nfsserver.ko > 8 1 0xc1429000 28000 pf.ko > > I'm back at the moment to an isdn line for internet connection, and I'm > using pppd (kernel ppp) and an isdn TA. > > I'm using Alain Thivillon's SSLTunnel for connection to the main office > (kernel ppp tunnel encapsulated in a SSL session) > > pppX interfaces are created on demand as pppd is started. > > So I end with a setup like this one : > ppp0: flags=3D8051 mtu 1524 > inet 213.36.152.19 --> 212.129.4.14 netmask 0xffffff00 > ppp1: flags=3D8051 mtu 1500 > inet 192.168.0.70 --> 192.168.0.15 netmask 0xffffff00 > > kernel ppp doesn't seem to reuse existing pppX devices, it creates new > ones as needed. PF rules are defined for fixed network devices, so I > destroy pppX interfaces on ppp shutdown and let pppd recreate them as > needed. > > In this case, I need to refresh PF by issuing : > pfctl -F all -f /etc/pf.conf > to get traffic passing thru newly recreated ppp0/1 interfaces. > > Is this a feature or a bug ? Just guessing, but I assume you forgot to use round brackets around your NA= T=20 and from/to addresses. It should look like the following: nat on ppp0 from $lan -> (ppp0) nat on ppp1 from $lan -> (ppp1) pass out on ppp0 from (ppp0) to any ... pass out on ppp1 from (ppp1) to any ... pass in on ppp0 from any to (ppp0) ... If you have it this way, you should send more details about your ruleset,=20 maybe to the freebsd-pf mailinglist. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2545583.N2s49BBbeG Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBB7DvBXyyEoT62BG0RAr04AJ42Po4sywg0OCqWnBuV0vSuLFPAIQCff8gM ey2BbT6l15R4FYvhbofzIOc= =3vmO -----END PGP SIGNATURE----- --nextPart2545583.N2s49BBbeG-- From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 22:34:43 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2FC2016A4CE for ; Mon, 17 Jan 2005 22:34:43 +0000 (GMT) Received: from bigass1.bitblock.com (ns1.bitblock.com [66.199.170.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7BBB743D46 for ; Mon, 17 Jan 2005 22:34:42 +0000 (GMT) (envelope-from mitch@bitblock.com) Received: from dc1 ([66.199.170.122]) (AUTH: LOGIN mitch@bitblock.com) by bigass1.bitblock.com with esmtp; Mon, 17 Jan 2005 22:34:37 +0000 X-Abuse-Reports: Visit http://www.bitblock.com/abuse.php X-Abuse-Reports: and submit a copy of the message headers X-Abuse-Reports: or review our policies and procedures X-Abuse-Reports: ID= 41EC3D7D.0000863E.bigass1.bitblock.com,dns; dc1 ([66.199.170.122]),AUTH: LOGIN mitch@bitblock.com From: "Mitch (Bitblock)" To: "'Andrew Seguin'" , freebsd-net@freebsd.org Date: Mon, 17 Jan 2005 14:34:37 -0800 Organization: Bitblock Systems Inc. MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 Thread-Index: AcT80LFoSUWCz4YPSgGiCtgrIeCPngABe3yQAAAREfAAAeSOwAAALzNQAAFWlvA= In-Reply-To: <20050117221227.E31F154A5@borgtech.ca> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.181 Message-ID: Subject: RE: Network accounting X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 22:34:43 -0000 Interfaces are 100Mbps, but our internet is about 50Mbps total I believe (still have yet to get hard facts from people here). With our daily traffic, we see always 80GB total daily... but I'll keep hourly accounting in mind. [Mitch says:] With 100Mbps interfaces, you have to be prepared to clear the counters every 5 minutes... the counters can overflow that fast at that speed (assuming 32 bit counters...) if they are 64 bit, then you can let it go MUCH longer... m/ From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 22:36:27 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 27BC016A4CE for ; Mon, 17 Jan 2005 22:36:27 +0000 (GMT) Received: from tigra.ip.net.ua (tigra.ip.net.ua [82.193.96.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2850A43D46 for ; Mon, 17 Jan 2005 22:36:26 +0000 (GMT) (envelope-from ru@ip.net.ua) Received: from localhost (rocky.ip.net.ua [82.193.96.2]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id j0HMaN7t018876; Tue, 18 Jan 2005 00:36:23 +0200 (EET) (envelope-from ru@ip.net.ua) Received: from tigra.ip.net.ua ([82.193.96.10]) by localhost (rocky.ipnet [82.193.96.2]) (amavisd-new, port 10024) with LMTP id 08694-18; Tue, 18 Jan 2005 00:36:22 +0200 (EET) Received: from heffalump.ip.net.ua (heffalump.ip.net.ua [82.193.96.213]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id j0HMaMkt018873 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 18 Jan 2005 00:36:22 +0200 (EET) (envelope-from ru@ip.net.ua) Received: (from ru@localhost) by heffalump.ip.net.ua (8.13.1/8.13.1) id j0HMaCPX027584; Tue, 18 Jan 2005 00:36:12 +0200 (EET) (envelope-from ru) Date: Tue, 18 Jan 2005 00:36:12 +0200 From: Ruslan Ermilov To: Vladimir Grebenschikov Message-ID: <20050117223612.GA64358@ip.net.ua> References: <1105974518.1229.9.camel@localhost> <20050117160523.GA77421@ip.net.ua> <1105978853.1229.18.camel@localhost> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/04w6evG8XlLl3ft" Content-Disposition: inline In-Reply-To: <1105978853.1229.18.camel@localhost> User-Agent: Mutt/1.5.6i X-Virus-Scanned: by amavisd-new at ip.net.ua cc: net@FreeBSD.org Subject: Re: Invalid 'route change' functioning X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 22:36:27 -0000 --/04w6evG8XlLl3ft Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 17, 2005 at 07:20:53PM +0300, Vladimir Grebenschikov wrote: > Ruslan Ermilov wrote: >=20 > > > Any ideas what wrong with 'route change' ?=20 > > >=20 > > The route(8) manpage says: > >=20 > > : In a change or add command where the destination and gateway are not = suf- > > : ficient to specify the route (as in the ISO case where several interf= aces > > : may have the same address), the -ifp or -ifa modifiers may be used to > > : determine the interface or interface address. > >=20 > > So try this instead: > >=20 > > route change 192.168.0/23 -ifp fxp0 >=20 > Thank you, it works. >=20 > So, as I understand, route add ... -iface fxp0 is invalid if I want > specify gateway interface ? >=20 No, it's valid. > (how this works, '-iface' flag and 'fxp0' is what ? gateway ?) >=20 When the -iface keyword is present, the route(8) utility treats the "gateway" argument specially, allowing it to be an interface name, in which case the gateway address is passed as "struct sockaddr_dl" denoting this interface. See the output of the "route -v add" command. Hence, there's no a reason (other than a kernel code bug) to prevent a "route change ... -iface fxp0" command from working. Here's a fix: %%% Index: rtsock.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/net/rtsock.c,v retrieving revision 1.120 diff -u -p -r1.120 rtsock.c --- rtsock.c 7 Jan 2005 01:45:35 -0000 1.120 +++ rtsock.c 17 Jan 2005 22:01:47 -0000 @@ -491,8 +491,7 @@ route_output(struct mbuf *m, struct sock * flags may also be different; ifp may be specified * by ll sockaddr when protocol address is ambiguous */ - if (((rt->rt_flags & RTF_GATEWAY) && - info.rti_info[RTAX_GATEWAY] !=3D NULL) || + if (info.rti_info[RTAX_GATEWAY] !=3D NULL || info.rti_info[RTAX_IFP] !=3D NULL || (info.rti_info[RTAX_IFA] !=3D NULL && !sa_equal(info.rti_info[RTAX_IFA], %%% Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --/04w6evG8XlLl3ft Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFB7D3cqRfpzJluFF4RAqbAAJ9BqpdSNfbMCuckbjRjhuQ1vBEKTgCfTACg Mcsg20VoK7LF+7CTxK2QgUI= =mHze -----END PGP SIGNATURE----- --/04w6evG8XlLl3ft-- From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 22:38:24 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3643416A4CE for ; Mon, 17 Jan 2005 22:38:24 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 34F4143D41 for ; Mon, 17 Jan 2005 22:38:22 +0000 (GMT) (envelope-from jsimola@gmail.com) Received: by wproxy.gmail.com with SMTP id 58so138365wri for ; Mon, 17 Jan 2005 14:38:21 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=qEwYjQPeQwljYrj8WAcFbeZvDWG0n6r1IVJ8nOQnwiicQgilrJDHIEzRWfk4edVMxIu/y4Gm62GLPGcJcqoNQ+LKwbBsR53PUYacB4y/ziI9rb7mwdKadebYe9iLekQZnK64iq7SGPV7463vdj7gmmfUxTBBHYUZ3hgj78QtUNo= Received: by 10.54.11.8 with SMTP id 8mr22749wrk; Mon, 17 Jan 2005 14:38:21 -0800 (PST) Received: by 10.54.39.34 with HTTP; Mon, 17 Jan 2005 14:38:21 -0800 (PST) Message-ID: <8eea040805011714382dfd5aca@mail.gmail.com> Date: Mon, 17 Jan 2005 14:38:21 -0800 From: Jon Simola To: Andrew Seguin , freebsd-net@freebsd.org In-Reply-To: <20050117221227.E31F154A5@borgtech.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <20050117221227.E31F154A5@borgtech.ca> Subject: Re: Network accounting X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jon@abccomm.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 22:38:24 -0000 On Mon, 17 Jan 2005 23:07:54 +0100, Andrew Seguin wrote: > With the help, in pointing out the mask feature to me from Jon Simola, this > quite possibly might be the path I'll take (I'll sleep on it first). > Interfaces are 100Mbps, but our internet is about 50Mbps total I believe > (still have yet to get hard facts from people here). With our daily traffic, > we see always 80GB total daily... but I'll keep hourly accounting in mind. For reference, I'm running a 2.4GHz P4 with 512MB of RAM, and was originally using that pipe/mask setup to monitor 13 /24s (all non-contigous) with a total throughput of 20 to 40Mbps with no problems. (using NICs that FreeBSD supports kern.polling on, such as em helps with the number of interrupts) For hilarity, on a Pentium Pro 180MHz with 64MB of ram, I was monitoring the same bunch of /24s with an indexed quad tree setup of skipto and count rules: 10 skipto 100 ip from any to 192.168.1.0/24 100 skipto 1000 ip from any to 192.168.1.0/26 101 skipto 1010 ip from any to 192.168.1.64/26 102 skipto 1020 ip from any to 192.168.1.128/26 103 skipto 1030 ip from any to 192.168.1.192/26 1000 skipto 10000 ip from any to 192.168.1.0/28 1001 skipto 11000 ip from any to 192.168.1.16/28 1002 skipto 12000 ip from any to 192.168.1.32/28 1003 skipto 13000 ip from any to 192.168.1.48/28 10000 skipto 15000 ip from any to 192.168.1.0/30 10001 skipto 15004 ip from any to 192.168.1.4/30 10002 skipto 15008 ip from any to 192.168.1.8/30 10003 skipto 15012 ip from any to 192.168.1.16/30 15000 count ip from any to 192.168.1.0 15001 count ip from any to 192.168.1.1 15002 count ip from any to 192.168.1.2 15003 count ip from any to 192.168.1.3 Not suprisingly, that failed once the traffic headed over about 8Mbps sustained. And it took almost 5 minutes for the thousands of ipfw rules to load. I was happy when the 'mask' feature came about (or maybe I just hadn't figured it out yet, this is years ago now). At least I knew enough not to try 13*256*2=6656 sequential rules. That indexed thing above averaged 8 to 12 rule evaluations per packet (not counting the way skipto traverses the rules as a linked list). From owner-freebsd-net@FreeBSD.ORG Tue Jan 18 05:02:02 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5832816A4CE for ; Tue, 18 Jan 2005 05:02:02 +0000 (GMT) Received: from pimout3-ext.prodigy.net (pimout3-ext.prodigy.net [207.115.63.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 884B643D53 for ; Tue, 18 Jan 2005 05:02:01 +0000 (GMT) (envelope-from julian@elischer.org) Received: from [192.168.1.102] (adsl-216-100-134-143.dsl.snfc21.pacbell.net [216.100.134.143])j0I51soB390898; Tue, 18 Jan 2005 00:01:57 -0500 Message-ID: <41EC9841.1060409@elischer.org> Date: Mon, 17 Jan 2005 21:01:53 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8a3) Gecko/20041017 X-Accept-Language: en, hu MIME-Version: 1.0 To: Andrew Seguin References: <20050117201513.3388954A5@borgtech.ca> In-Reply-To: <20050117201513.3388954A5@borgtech.ca> Content-Type: text/plain; charset=windows-1250; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Network accounting X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jan 2005 05:02:02 -0000 Andrew Seguin wrote: > > > > I therefore ask out to the list, what recommendations for traffic > accounting/statistics gathering can you give me? > > just for kicks you may look at what glen has in his toolkit (netgraph) for monitorring stuff. e.g. the ng_netflow netgraph module and some other stuff that has been floating around out there. From owner-freebsd-net@FreeBSD.ORG Tue Jan 18 09:29:11 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C5D216A4CE; Tue, 18 Jan 2005 09:29:11 +0000 (GMT) Received: from mallaury.noc.nerim.net (smtp-102-tuesday.noc.nerim.net [62.4.17.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 61F0243D2F; Tue, 18 Jan 2005 09:29:10 +0000 (GMT) (envelope-from e-masson@kisoft-services.com) Received: from srvbsdnanssv.interne.kisoft-services.com (kisoft.net1.nerim.net [62.212.107.51]) by mallaury.noc.nerim.net (Postfix) with ESMTP id B054A62DA3; Tue, 18 Jan 2005 10:29:07 +0100 (CET) Received: from localhost (localhost [127.0.0.1])B216BC1A4; Tue, 18 Jan 2005 10:29:06 +0100 (CET) Received: from srvbsdnanssv.interne.kisoft-services.com ([127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01298-09; Tue, 18 Jan 2005 10:29:01 +0100 (CET) Received: by srvbsdnanssv.interne.kisoft-services.com (Postfix, from userid 1001) id 19957C151; Tue, 18 Jan 2005 10:29:01 +0100 (CET) To: Max Laier In-Reply-To: <200501172327.13677.max@love2party.net> (Max Laier's message of "Mon, 17 Jan 2005 23:27:03 +0100") References: <86k6qcynus.fsf@srvbsdnanssv.interne.kisoft-services.com> <200501172327.13677.max@love2party.net> From: Eric Masson Mail-Followup-To: Mailing List FreeBSD PF X-Operating-System: FreeBSD 5.3-STABLE i386 Date: Tue, 18 Jan 2005 10:29:00 +0100 Message-ID: <86r7kj3x2b.fsf@srvbsdnanssv.interne.kisoft-services.com> User-Agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Security Through Obscurity, berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 8bit X-Virus-Scanned: amavisd-new at interne.kisoft-services.com cc: Mailing List FreeBSD Network cc: Mailing List FreeBSD PF Subject: Re: pf & clonable devices X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jan 2005 09:29:11 -0000 >>>>> "Max" == Max Laier writes: Hi Max, Max> Just guessing, but I assume you forgot to use round brackets Max> around your NAT and from/to addresses. It should look like the Max> following: Don't think so but maybe, I'm wrong : # macros int_if = "xl0" ext_if = "ppp0" tun_if = "ppp1" tcp_services = "{ 22 }" icmp_types = "echoreq" priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }" # options set block-policy return set loginterface $ext_if # scrub scrub in all # nat/rdr nat on $ext_if from $int_if:network to any -> ($ext_if) # filter rules block in log all block out log all pass in quick on lo0 all pass out quick on lo0 all pass in quick on $int_if all pass out quick on $int_if all pass in quick on $tun_if all pass out quick on $tun_if all block drop in quick on $ext_if from $priv_nets to any block drop out quick on $ext_if from any to $priv_nets pass in on $ext_if inet proto tcp from any to ($ext_if) \ port $tcp_services flags S/SA keep state pass in inet proto icmp all icmp-type $icmp_types keep state pass out on $ext_if proto tcp all modulate state flags S/SA pass out on $ext_if proto { udp, icmp } all keep state Max> If you have it this way, you should send more details about your Max> ruleset, maybe to the freebsd-pf mailinglist. I've just subscribed to this list, followup there, so. Éric Masson -- Alors, une bonne fois pour toutes : le 1er janvier 2000 à 00h00h01s, on aura déjà entamé 2001, année qui sera entièrement révolue le 1er janvier 2001 à 00h00m00s. -+- JCM in GNU: toujours un an d'avance sur la concurrence -+- From owner-freebsd-net@FreeBSD.ORG Tue Jan 18 12:09:44 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A52E316A4CE for ; Tue, 18 Jan 2005 12:09:44 +0000 (GMT) Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E99343D45 for ; Tue, 18 Jan 2005 12:09:43 +0000 (GMT) (envelope-from maxim@macomnet.ru) Received-SPF: pass (mp2.macomnet.net: domain of maxim@macomnet.ru designates 127.0.0.1 as permitted sender) receiver=mp2.macomnet.net; client_ip=127.0.0.1; envelope-from=maxim@macomnet.ru; Received: from localhost (localhost [127.0.0.1]) by mp2.macomnet.net (8.12.11/8.12.11) with ESMTP id j0IC9epQ009166; Tue, 18 Jan 2005 15:09:40 +0300 (MSK) (envelope-from maxim@macomnet.ru) Date: Tue, 18 Jan 2005 15:09:40 +0300 (MSK) From: Maxim Konovalov To: Julien Lesaint In-Reply-To: <20050116014706.GD28728@titoon.net> Message-ID: <20050118150905.A9145@mp2.macomnet.net> References: <20050116014706.GD28728@titoon.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-SpamTest-Info: Profile: Formal (195/050109) X-SpamTest-Info: Profile: Detect Hard (4/030526) X-SpamTest-Info: Profile: SysLog X-SpamTest-Info: Profile: Marking - Keywords (2/030321) X-SpamTest-Status: Not detected X-SpamTest-Version: SMTP-Filter Version 2.0.0 [0124], SpamtestISP/Release cc: freebsd-net@freebsd.org Subject: Re: ttl-exceeded sourced by arrival interface ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jan 2005 12:09:44 -0000 On Sun, 16 Jan 2005, 02:47+0100, Julien Lesaint wrote: > Hi, > > This is a followup to the original post from James Jun, on Dec, 2003. > http://lists.freebsd.org/mailman/htdig/freebsd-net/2003-December/002114.html > > Quick reminder: in the case the route to the packet's source is not the > interface this packet arrived on, do we have a way to source ICMP errors > (ttl-exceeded) with the original interface's IP address ? > > Currently the box is sending ttl-exceeded with the IP address of the > interface the route to the sender is pointing at. No need to explain why > such a feature would be useful - primarily for traceroute comprehension > & routing troubleshooting, rather than for some cosmetic purposes. Does net.inet.icmp.reply_src sysctl help? -- Maxim Konovalov From owner-freebsd-net@FreeBSD.ORG Tue Jan 18 15:11:55 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D089616A4CE for ; Tue, 18 Jan 2005 15:11:55 +0000 (GMT) Received: from relay01.pair.com (relay01.pair.com [209.68.5.15]) by mx1.FreeBSD.org (Postfix) with SMTP id 1702243D41 for ; Tue, 18 Jan 2005 15:11:55 +0000 (GMT) (envelope-from silby@silby.com) Received: (qmail 36693 invoked from network); 18 Jan 2005 15:11:54 -0000 Received: from unknown (HELO localhost) (unknown) by unknown with SMTP; 18 Jan 2005 15:11:54 -0000 X-pair-Authenticated: 209.68.2.70 Date: Tue, 18 Jan 2005 09:11:53 -0600 (CST) From: Mike Silbersack To: Don Lewis In-Reply-To: <200501101046.j0AAkilD019867@gw.catspoiler.org> Message-ID: <20050118090835.V2462@odysseus.silby.com> References: <200501101046.j0AAkilD019867@gw.catspoiler.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: net@FreeBSD.org Subject: Re: Slipping in the window update X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jan 2005 15:11:55 -0000 I'd like to apologize to everyone for dropping the ball on this. I came down with a cold on Monday evening, and was pretty out of it until Thursday. By the time I had caught back up on everything I needed to, we had already missed the window for 4.11. I'll get back into this in a few days. Something which has occured to me in the interim is that all three issues outlined in the tcpsecure draft should be easy to fix in pf (or ipfw?) the same way, so we should probably patch those as well. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Tue Jan 18 17:30:33 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 137D016A4CE for ; Tue, 18 Jan 2005 17:30:33 +0000 (GMT) Received: from mail.seekingfire.com (caliban.rospa.ca [24.72.10.209]) by mx1.FreeBSD.org (Postfix) with ESMTP id 79E5D43D45 for ; Tue, 18 Jan 2005 17:30:32 +0000 (GMT) (envelope-from tillman@seekingfire.com) Received: by mail.seekingfire.com (Postfix, from userid 500) id B4FCB10F; Tue, 18 Jan 2005 11:30:31 -0600 (CST) Date: Tue, 18 Jan 2005 11:30:31 -0600 From: Tillman Hodgson To: freebsd-net@freebsd.org Message-ID: <20050118173031.GF80831@seekingfire.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-GPG-Key-ID: 828AFC7B X-GPG-Fingerprint: 5584 14BA C9EB 1524 0E68 F543 0F0A 7FBC 828A FC7B X-GPG-Key: http://www.seekingfire.com/personal/gpg_key.asc X-Urban-Legend: There is lots of hidden information in headers X-Tillman-rules: yes he does User-Agent: Mutt/1.5.6i Subject: ng_netflow and tun interfaces, collecting on the same host X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jan 2005 17:30:33 -0000 Howdy folks, I have a small pile of OpenVPN tunnels terminating on a "tunnel router" (FreeBSD -current on sparc64 with 5 hme ethernet interfaces). Tunnels carry general IP and OSPF traffic. They may carry IPv6 in the future, though that's not a necessity. The number of tunnels will grow over time and will likely start to include ipsec as well as the existing openvpn. I'd like to perform netflow monitoring and collection on the box for the individual tunnels. Unfortunately, I'm not only net to netflow in general, all l I know about netgraph I learned from http://www.daemonnews.org/200003/netgraph.html (a fairly old article, too) :-) Taking a look at (and borrowing freely from) http://taosecurity.blogspot.com/2004/01/freebsd-kernel-module-for-generating.html, I see that I can do something like this (using tun0 as an example): kldload ng_ether kldload ng_tee kldload ng_netflow ngctl -f - << EOF mkpeer tun0: tee lower right connect tun0: tun0:lower upper left mkpeer tun0:lower netflow right2left iface0 name em0:lower.right2left netflow msg netflow: setifindex { iface=0 index=1 } mkpeer netflow: ksocket export inet/dgram/udp msg netflow:export conenct inet/127.0.0.1:4800 EOF I'm not sure if ng_ether covers tun interfaces or if it only covers the underlying ethernet interface. I'm also not sure that sending the netflow data to loopback is the most efficient way to get at it with the collector -- on a Cisco router, sending netflow data to a seperate host ameks sense, but it odesn't in my case. Is there a better way to do this? I'm also not sure what the best method is to collect data for multiple tun interfaces. I'm thinking of replicating the above netgraph config, but forwarding to different ports and running multiple collectors. Are there any good resources out there that someone could point me at? Alternatively, does anyone have some time to walk me through it off-list and I'll post a summary to the list afterwards (as well as write an article on it for http://www.seekingfire.com/documents/, since I'm planning on doing that anyway once I get this running nicely). Thanks, -T -- "To enjoy the flavor of life, take big bites. Moderation is for monks." -- Robert Heinlein From owner-freebsd-net@FreeBSD.ORG Tue Jan 18 18:31:53 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 768BF16A4CE; Tue, 18 Jan 2005 18:31:53 +0000 (GMT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1727043D1D; Tue, 18 Jan 2005 18:31:53 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id j0IIZxHT019848; Tue, 18 Jan 2005 10:35:59 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id j0IIZxuN019847; Tue, 18 Jan 2005 10:35:59 -0800 Date: Tue, 18 Jan 2005 10:35:59 -0800 From: Brooks Davis To: Gleb Smirnoff Message-ID: <20050118183558.GA15150@odin.ac.hmc.edu> References: <20050117200610.GA90866@cell.sick.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050117200610.GA90866@cell.sick.ru> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu cc: current@freebsd.org cc: net@freebsd.org Subject: Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jan 2005 18:31:53 -0000 On Mon, Jan 17, 2005 at 11:06:10PM +0300, Gleb Smirnoff wrote: > Dear collegues, > > here is quite a simple node for direct interaction between ipfw(4) > and netgraph(4). It is going to be more effective and error-prone > than a complicated construction around divert socket and ng_ksocket[1]. > > The semantics of node operation are quite simple. There is one node > per system, which accepts any hooks with numeric names. Packets > can be sent to netgraph(4) using ipfw 'netgraph' action, followed > by a numeric cookie. Matched packets are sent out from corresponding > hook of ng_ipfw node. These packets are tagged with information which > helps them later to reenter ipfw processing. Tagged packets received on > any node hook reenter IP stack. If net.inet.ip.fw.one_pass sysctl is non > zero they are accepted, otherwise they continue with next rule. Non-tagged > packets (not originating from ng_ipfw node) are discarded. > > Here is sample configuration. ng_echo(4) echoes packets back from netgraph > to ipfw thru a tee node, which allows to sniff traffic. > > ngctl > + ls > There are 4 total nodes: > Name: ngctl6138 Type: socket ID: 0000000c Num hooks: 0 > Name: ipfw Type: ipfw ID: 00000009 Num hooks: 1 > Name: Type: echo ID: 00000006 Num hooks: 1 > Name: tee Type: tee ID: 00000005 Num hooks: 2 > + show ipfw: > Name: ipfw Type: ipfw ID: 00000009 Num hooks: 1 > Local hook Peer name Peer type Peer ID Peer hook > ---------- --------- --------- ------- --------- > 666 tee tee 00000005 left > + show tee: > Name: tee Type: tee ID: 00000005 Num hooks: 2 > Local hook Peer name Peer type Peer ID Peer hook > ---------- --------- --------- ------- --------- > left ipfw ipfw 00000009 666 > right echo 00000006 echi > > root@jujik:/usr/src:|>ipfw show > 00100 292 40304 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny ip from 127.0.0.0/8 to any > 00350 290730 661428793 netgraph 666 ip from any to any > 65000 627921 1896034399 allow ip from any to any > 65535 0 0 deny ip from any to any > > The patch [2] is applicable only to HEAD, sorry. The target users are > the ones, who are now running ip_accounting/netflow using diverted > ng_ksocket, and just netgraph geeks. I like the idea and I've glanced at the patch. You should put the new op-code at the end of the list to avoid breaking the IPFW ABI. There should probably be a comment about this in ip_fw.h. -- Brooks From owner-freebsd-net@FreeBSD.ORG Tue Jan 18 22:27:49 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6BD7816A4CE; Tue, 18 Jan 2005 22:27:49 +0000 (GMT) Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7A8D943D39; Tue, 18 Jan 2005 22:27:48 +0000 (GMT) (envelope-from julian@elischer.org) Received: from elischer.org (julian.vicor-nb.com [208.206.78.97]) by mail.vicor-nb.com (Postfix) with ESMTP id DCE507A403; Tue, 18 Jan 2005 14:27:47 -0800 (PST) Message-ID: <41ED8D63.8090205@elischer.org> Date: Tue, 18 Jan 2005 14:27:47 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3.1) Gecko/20030516 X-Accept-Language: en, hu MIME-Version: 1.0 To: Brooks Davis References: <20050117200610.GA90866@cell.sick.ru> <20050118183558.GA15150@odin.ac.hmc.edu> In-Reply-To: <20050118183558.GA15150@odin.ac.hmc.edu> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: current@freebsd.org cc: net@freebsd.org Subject: Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jan 2005 22:27:49 -0000 Brooks Davis wrote: >On Mon, Jan 17, 2005 at 11:06:10PM +0300, Gleb Smirnoff wrote: > > >> Dear collegues, >> >>here is quite a simple node for direct interaction between ipfw(4) >>and netgraph(4). It is going to be more effective and error-prone >>than a complicated construction around divert socket and ng_ksocket[1]. >> >> >> firstly.. I was thinking that there are several good ways to mesh the ipfw/divert/netgraph stuff. Firstly there is the possibility of making the ipfw stuff a netgraph node itself.. (yes I know there is such a node (based on ipfw-1) out there.) then as for getting stuff out of ipfw, maybe divert itself could be changed to be a netgraph method. In this way, you'd open netgtraph sockets instead of divert sockets. Alternatively there could be a possibility where netgraph could open hooks of a particular number and that would be the equivalant of openning a divert hook of that number.. Looks good but I'm not convinced that it needs a whole new keyword of we tap in through the divert mechanism. From owner-freebsd-net@FreeBSD.ORG Tue Jan 18 22:55:33 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA35C16A4CF; Tue, 18 Jan 2005 22:55:33 +0000 (GMT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 938C443D49; Tue, 18 Jan 2005 22:55:33 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id j0IMxeZJ003664; Tue, 18 Jan 2005 14:59:40 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id j0IMxe41003663; Tue, 18 Jan 2005 14:59:40 -0800 Date: Tue, 18 Jan 2005 14:59:40 -0800 From: Brooks Davis To: Julian Elischer Message-ID: <20050118225940.GA31663@odin.ac.hmc.edu> References: <20050117200610.GA90866@cell.sick.ru> <20050118183558.GA15150@odin.ac.hmc.edu> <41ED8D63.8090205@elischer.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ReaqsoxgOBHFXBhH" Content-Disposition: inline In-Reply-To: <41ED8D63.8090205@elischer.org> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu cc: current@freebsd.org cc: net@freebsd.org Subject: Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jan 2005 22:55:34 -0000 --ReaqsoxgOBHFXBhH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 18, 2005 at 02:27:47PM -0800, Julian Elischer wrote: >=20 > Looks good but I'm not convinced that it needs a whole new keyword of > we tap in through the divert mechanism. FWIW, keywords are very cheap and generally quite clean in ipfw2. I'd be more concerned in ipfw1. -- Brooks --ReaqsoxgOBHFXBhH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFB7ZTbXY6L6fI4GtQRAsqNAJ0TRSokXVosZRrdYcpjj5kvf5IO0wCePJMA gOYqFLchzlOuvNrWr8Ro8zM= =5sTQ -----END PGP SIGNATURE----- --ReaqsoxgOBHFXBhH-- From owner-freebsd-net@FreeBSD.ORG Wed Jan 19 01:57:46 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 10AD716A4CE for ; Wed, 19 Jan 2005 01:57:46 +0000 (GMT) Received: from out008.verizon.net (out008pub.verizon.net [206.46.170.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id 872D843D49 for ; Wed, 19 Jan 2005 01:57:45 +0000 (GMT) (envelope-from jetman@mycbc.com) Received: from EAGLE ([70.18.34.185]) by out008.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20050119015744.SDOP17379.out008.verizon.net@EAGLE> for ; Tue, 18 Jan 2005 19:57:44 -0600 Message-ID: <001801c4fdca$37bc1270$7300a8c0@EAGLE> From: "The Jetman" To: "FreeBSD Net" Date: Tue, 18 Jan 2005 20:57:07 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Authentication-Info: Submitted using SMTP AUTH at out008.verizon.net from [70.18.34.185] at Tue, 18 Jan 2005 19:57:40 -0600 Subject: Re: Network Accounting X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jan 2005 01:57:46 -0000 I've been following this little thread and was curious about how my own solution compares w/ the others discussed. #### x.y.z.14 ${ipfw} add pipe 7 ip from x.y.z.14 to any ${ipfw} pipe 7 config bw 1024Kbit/s queue 50 ${ipfw} add pipe 8 ip from any to x.y.z.14 ${ipfw} pipe 8 config bw 1024Kbit/s queue 50 #### I setup a series of rules for each of a real IPs, as shown above, to cap bwidth usage and to provide a series of byte counters that could be captured hourly. This box was a bridge box bet the client's internal net and their T1. My CRON job would sit on the working side of a pipe from the 'ipfw -a list' command, then parse each rule for the inbound then outbound byte/packet count. Each inbound and outbount count was then inserted into a SQL UPDATE stmt for each IP. I inquire bet I've seen a nbr of other approaches and was wondering are all of these approaches equally valid, but I'm esp curious if my approach makes sense. TIA. Later....Jet =============== From the desk of Jethro Wright, III ================ + Beer is proof that God loves us and wants us to be happy. - ============================================== Benjamin Franklin === From owner-freebsd-net@FreeBSD.ORG Wed Jan 19 07:59:15 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A56B16A4CE for ; Wed, 19 Jan 2005 07:59:15 +0000 (GMT) Received: from mails.tsinghua.edu.cn (mails.tsinghua.edu.cn [166.111.8.16]) by mx1.FreeBSD.org (Postfix) with SMTP id 8C26F43D2D for ; Wed, 19 Jan 2005 07:59:14 +0000 (GMT) (envelope-from lguohan00@mails.tsinghua.edu.cn) X-scanvirus: By SOPHOS Scan Engine X-scanresult: CLEAN X-Received: unknown,166.111.66.14,20050119155721 Received: from unknown (HELO ?219.224.206.78?) (lguohan00@166.111.66.14) by localhost with SMTP; 19 Jan 2005 07:57:21 -0000 Message-ID: <41EE13F0.9040907@mails.tsinghua.edu.cn> Date: Wed, 19 Jan 2005 16:01:52 +0800 From: Guohan Lu Organization: Tsinghua University User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "freebsd-net@freebsd.org" Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Is ther a tool to show online throughput of a socket X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: lguohan00@mails.tsinghua.edu.cn List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jan 2005 07:59:15 -0000 Hi, netstat only shows the traffic per interface, I need traffic information per socket. Is there a tool to do this? Best regards, Guohan From owner-freebsd-net@FreeBSD.ORG Wed Jan 19 08:45:34 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3846016A4CE for ; Wed, 19 Jan 2005 08:45:34 +0000 (GMT) Received: from relay.bestcom.ru (relay.bestcom.ru [217.72.144.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5386B43D45 for ; Wed, 19 Jan 2005 08:45:33 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (root@cell.sick.ru [217.72.144.68]) by relay.bestcom.ru (8.13.1/8.12.9) with ESMTP id j0J8jRcW027069 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 19 Jan 2005 11:45:27 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id j0J8jQDe005161 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 19 Jan 2005 11:45:27 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id j0J8jQ6e005160; Wed, 19 Jan 2005 11:45:26 +0300 (MSK) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Wed, 19 Jan 2005 11:45:26 +0300 From: Gleb Smirnoff To: Julian Elischer Message-ID: <20050119084526.GA5119@cell.sick.ru> References: <20050117200610.GA90866@cell.sick.ru> <20050118183558.GA15150@odin.ac.hmc.edu> <41ED8D63.8090205@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <41ED8D63.8090205@elischer.org> User-Agent: Mutt/1.5.6i X-Virus-Scanned: ClamAV version devel-20050119, clamav-milter version 0.80ff on relay.bestcom.ru X-Virus-Status: Clean cc: net@freebsd.org Subject: Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jan 2005 08:45:34 -0000 On Tue, Jan 18, 2005 at 02:27:47PM -0800, Julian Elischer wrote: J> firstly.. I was thinking that there are several good ways to mesh the J> ipfw/divert/netgraph J> stuff. J> J> Firstly there is the possibility of making the ipfw stuff a netgraph J> node itself.. Yes, but this is a separate node. I'm working on a node doing opposite thing, it will allow to filter netgraph traffic using an arbitrary ipfw chain. J> (yes I know there is such a node (based on ipfw-1) out there.) If you are speaking about a node from BWMAN, then it is not based on ipfw. It uses its own filter engine, AFAIK. J> then as for getting stuff out of ipfw, maybe divert itself could be J> changed to be J> a netgraph method. In this way, you'd open netgtraph sockets instead of J> divert sockets. J> J> Alternatively there could be a possibility where netgraph could open J> hooks of a particular number J> and that would be the equivalant of openning a divert hook of that number.. J> J> Looks good but I'm not convinced that it needs a whole new keyword of we J> tap in through the divert mechanism. Divert is a socket, and ng_ipfw is not. We tap thru a direct call to netgraph. I think, divert is designed for userland interaction. It is possible to use it for netgraph (via ng_ksocket), but this adds overhead of passing the socket layer, and I believe not all bugs are caught in this setup. That's why I prefer two different keywords, which do completely different things. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Wed Jan 19 09:18:43 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B36DA16A4CE for ; Wed, 19 Jan 2005 09:18:43 +0000 (GMT) Received: from pimout1-ext.prodigy.net (pimout1-ext.prodigy.net [207.115.63.77]) by mx1.FreeBSD.org (Postfix) with ESMTP id 84B2A43D39 for ; Wed, 19 Jan 2005 09:18:42 +0000 (GMT) (envelope-from julian@elischer.org) Received: from [192.168.1.102] (adsl-216-100-134-143.dsl.snfc21.pacbell.net [216.100.134.143])j0J9IX7g103104; Wed, 19 Jan 2005 04:18:37 -0500 Message-ID: <41EE25E8.4030003@elischer.org> Date: Wed, 19 Jan 2005 01:18:32 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8a3) Gecko/20041017 X-Accept-Language: en, hu MIME-Version: 1.0 To: lguohan00@mails.tsinghua.edu.cn References: <41EE13F0.9040907@mails.tsinghua.edu.cn> In-Reply-To: <41EE13F0.9040907@mails.tsinghua.edu.cn> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: "freebsd-net@freebsd.org" Subject: Re: Is ther a tool to show online throughput of a socket X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jan 2005 09:18:43 -0000 Guohan Lu wrote: > Hi, > netstat only shows the traffic per interface, I need traffic > information per socket. Is there a tool to do this? not directly.. though trafshow may get you that information under some situations. (ports/net/trafshow) > > Best regards, > > Guohan > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Wed Jan 19 09:32:44 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 51BAD16A4CE; Wed, 19 Jan 2005 09:32:44 +0000 (GMT) Received: from pimout4-ext.prodigy.net (pimout4-ext.prodigy.net [207.115.63.98]) by mx1.FreeBSD.org (Postfix) with ESMTP id D4EA943D55; Wed, 19 Jan 2005 09:32:43 +0000 (GMT) (envelope-from julian@elischer.org) Received: from [192.168.1.102] (adsl-216-100-134-143.dsl.snfc21.pacbell.net [216.100.134.143])j0J9Waxw090080; Wed, 19 Jan 2005 04:32:37 -0500 Message-ID: <41EE2933.4090404@elischer.org> Date: Wed, 19 Jan 2005 01:32:35 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8a3) Gecko/20041017 X-Accept-Language: en, hu MIME-Version: 1.0 To: Gleb Smirnoff References: <20050117200610.GA90866@cell.sick.ru> <20050118183558.GA15150@odin.ac.hmc.edu> <41ED8D63.8090205@elischer.org> <20050119084526.GA5119@cell.sick.ru> In-Reply-To: <20050119084526.GA5119@cell.sick.ru> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit cc: net@freebsd.org Subject: Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jan 2005 09:32:44 -0000 Gleb Smirnoff wrote: > On Tue, Jan 18, 2005 at 02:27:47PM -0800, Julian Elischer wrote: > J> firstly.. I was thinking that there are several good ways to mesh the > J> ipfw/divert/netgraph > J> stuff. > J> > J> Firstly there is the possibility of making the ipfw stuff a netgraph > J> node itself.. > > Yes, but this is a separate node. I'm working on a node doing opposite > thing, it will allow to filter netgraph traffic using an arbitrary > ipfw chain. > > J> (yes I know there is such a node (based on ipfw-1) out there.) > > If you are speaking about a node from BWMAN, then it is not based on > ipfw. It uses its own filter engine, AFAIK. > > J> then as for getting stuff out of ipfw, maybe divert itself could be > J> changed to be > J> a netgraph method. In this way, you'd open netgtraph sockets instead of > J> divert sockets. > J> > J> Alternatively there could be a possibility where netgraph could open > J> hooks of a particular number > J> and that would be the equivalant of openning a divert hook of that number.. > J> > J> Looks good but I'm not convinced that it needs a whole new keyword of we > J> tap in through the divert mechanism. > > Divert is a socket, and ng_ipfw is not. We tap thru a direct call to netgraph. > > I think, divert is designed for userland interaction. It is possible to use > it for netgraph (via ng_ksocket), but this adds overhead of passing the socket > layer, and I believe not all bugs are caught in this setup. That's why I prefer > two different keywords, which do completely different things. I'm not sure they do two different things.. Each represents a place to send packets. If each active divert socket number had a pointer to the module to which it was attached then you could divert to either in-kernel netgraph targets or to userland socket based targets. Currently of you divert to a divert 'port number' and nothing is attached to it, the packet is dropped. If a divert socket is attached to it, it is sent ot teh socket. I would just suggest that is not a great leap of imagination that attaching to a hook named 3245 would attach a netgrpah hook to the ipfw code in the sam enamespace as the divert portnumber, and that a subsequent attempt to attach a divert socket to that port number woild fail. The packets diverted there would simply go to the netgraph hook instead of going to a socket or being dropped. > From owner-freebsd-net@FreeBSD.ORG Wed Jan 19 09:36:15 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EBE4116A4CE for ; Wed, 19 Jan 2005 09:36:15 +0000 (GMT) Received: from relay.bestcom.ru (relay.bestcom.ru [217.72.144.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2699D43D49 for ; Wed, 19 Jan 2005 09:36:15 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (root@cell.sick.ru [217.72.144.68]) by relay.bestcom.ru (8.13.1/8.12.9) with ESMTP id j0J9a9iD027941 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 19 Jan 2005 12:36:10 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id j0J9a9GN005739 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 19 Jan 2005 12:36:09 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id j0J9a8gX005738; Wed, 19 Jan 2005 12:36:08 +0300 (MSK) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Wed, 19 Jan 2005 12:36:08 +0300 From: Gleb Smirnoff To: Julian Elischer Message-ID: <20050119093608.GA5712@cell.sick.ru> References: <20050117200610.GA90866@cell.sick.ru> <20050118183558.GA15150@odin.ac.hmc.edu> <41ED8D63.8090205@elischer.org> <20050119084526.GA5119@cell.sick.ru> <41EE2933.4090404@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <41EE2933.4090404@elischer.org> User-Agent: Mutt/1.5.6i X-Virus-Scanned: ClamAV version devel-20050119, clamav-milter version 0.80ff on relay.bestcom.ru X-Virus-Status: Clean cc: net@freebsd.org Subject: Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jan 2005 09:36:16 -0000 On Wed, Jan 19, 2005 at 01:32:35AM -0800, Julian Elischer wrote: J> If each active divert socket number had a pointer to the module to which it J> was attached then you could divert to either in-kernel netgraph targets or J> to userland socket based targets. Currently of you divert to a divert J> 'port number' and nothing is attached to it, the packet is dropped. J> If a divert socket is attached to it, it is sent ot teh socket. J> I would just suggest that is not a great leap of imagination that J> attaching to a hook named 3245 would attach a netgrpah hook to the ipfw J> code in the sam enamespace as the divert portnumber, and that a J> subsequent attempt to attach a divert socket to that port number woild J> fail. The packets diverted there would simply go to the netgraph hook J> instead of going to a socket or being dropped. I understand your idea now. I'll work in this direction. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Wed Jan 19 13:01:48 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 667B216A4CE; Wed, 19 Jan 2005 13:01:48 +0000 (GMT) Received: from relay.bestcom.ru (relay.bestcom.ru [217.72.144.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D5B243D2D; Wed, 19 Jan 2005 13:01:47 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (root@cell.sick.ru [217.72.144.68]) by relay.bestcom.ru (8.13.1/8.12.9) with ESMTP id j0JD1SYv032220 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 19 Jan 2005 16:01:29 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id j0JCYRer007838 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 19 Jan 2005 15:34:27 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id j0JCYQEM007837; Wed, 19 Jan 2005 15:34:27 +0300 (MSK) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Wed, 19 Jan 2005 15:34:26 +0300 From: Gleb Smirnoff To: Andre Oppermann , Julian Elischer Message-ID: <20050119123426.GA7825@cell.sick.ru> References: <20050117200610.GA90866@cell.sick.ru> <20050118183558.GA15150@odin.ac.hmc.edu> <41ED8D63.8090205@elischer.org> <20050119084526.GA5119@cell.sick.ru> <41EE2933.4090404@elischer.org> <20050119093608.GA5712@cell.sick.ru> <41EE3361.8D27FF5B@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <41EE3361.8D27FF5B@freebsd.org> User-Agent: Mutt/1.5.6i X-Virus-Scanned: ClamAV version devel-20050119, clamav-milter version 0.80ff on relay.bestcom.ru X-Virus-Status: Clean cc: net@freebsd.org Subject: Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) andnetgraph(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jan 2005 13:01:48 -0000 On Wed, Jan 19, 2005 at 11:16:01AM +0100, Andre Oppermann wrote: A> > On Wed, Jan 19, 2005 at 01:32:35AM -0800, Julian Elischer wrote: A> > J> If each active divert socket number had a pointer to the module to which it A> > J> was attached then you could divert to either in-kernel netgraph targets or A> > J> to userland socket based targets. Currently of you divert to a divert A> > J> 'port number' and nothing is attached to it, the packet is dropped. A> > J> If a divert socket is attached to it, it is sent ot teh socket. A> > J> I would just suggest that is not a great leap of imagination that A> > J> attaching to a hook named 3245 would attach a netgrpah hook to the ipfw A> > J> code in the sam enamespace as the divert portnumber, and that a A> > J> subsequent attempt to attach a divert socket to that port number woild A> > J> fail. The packets diverted there would simply go to the netgraph hook A> > J> instead of going to a socket or being dropped. A> > A> > I understand your idea now. I'll work in this direction. A> A> I like Julian's idea. And if you look at the mtag's the only thing that A> is extracted is the rule number for divert, dummynet and netgraph (your A> patch). Ideally this should be merged into one tag if possible and not A> an architectual hack. When writing node, I was thinking about merging this into one tag. However, I expected negative response to this idea, from other developers. Anyone else agree that these tags should be merged? -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Wed Jan 19 15:50:04 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 327BB16A4CE for ; Wed, 19 Jan 2005 15:50:04 +0000 (GMT) Received: from kazi.fit.vutbr.cz (kazi.fit.vutbr.cz [147.229.8.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 03E6143D31 for ; Wed, 19 Jan 2005 15:50:01 +0000 (GMT) (envelope-from cejkar@fit.vutbr.cz) Received: from kazi.fit.vutbr.cz (localhost [127.0.0.1]) by kazi.fit.vutbr.cz (8.12.11/8.12.11) with ESMTP id j0JFntCg095177 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 19 Jan 2005 16:49:55 +0100 (CET) Received: (from cejkar@localhost) by kazi.fit.vutbr.cz (8.12.11/8.12.5/Submit) id j0JFnsKq095176; Wed, 19 Jan 2005 16:49:54 +0100 (CET) X-Authentication-Warning: kazi.fit.vutbr.cz: cejkar set sender to cejkar@fit.vutbr.cz using -f Date: Wed, 19 Jan 2005 16:49:54 +0100 From: Rudolf Cejka To: Giorgos Keramidas Message-ID: <20050119154954.GA92456@fit.vutbr.cz> References: <200501180952.j0I9qr8k045665@kazi.fit.vutbr.cz> <20050119110654.GB55252@orion.daedalusnetworks.priv> <20050119115913.GA65140@fit.vutbr.cz> <20050119121212.GA38988@orion.daedalusnetworks.priv> <20050119132000.GB73575@fit.vutbr.cz> <20050119143405.GA17656@orion.daedalusnetworks.priv> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050119143405.GA17656@orion.daedalusnetworks.priv> User-Agent: Mutt/1.4.2.1i X-Scanned-By: MIMEDefang 2.16 (www . roaringpenguin . com / mimedefang) cc: freebsd-net@freebsd.org Subject: Re: docs/76399: [PATCH] sendto(2) is missing possible error EISCONN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jan 2005 15:50:04 -0000 Hello to freebsd-net, please, do you have some net-points to our discussion? It groved from docs-only problem ( http://www.freebsd.org/cgi/query-pr.cgi?pr=76399 ) to net-related questions too. Thanks. Giorgos Keramidas wrote (2005/01/19): > On 2005-01-19 14:20, Rudolf Cejka wrote: > >Giorgos Keramidas wrote (2005/01/19): > >> Ah, I see now. We need to expand the description of sendto() a bit. > > > > I think that very good source would be > > http://www.opengroup.org/onlinepubs/009695399/functions/sendto.html > > if we have really permission to use it ;o) > > I think we do have their permission. I will ask around at freebsd-doc > to see if anyone remembers more clearly than me. > > > > SOCK_DGRAM sockets are a bit different. The handling of sendto() for > > > already connected UDP sockets is different than TCP. > > > > Hmm, it really seems that SOCK_DGRAM and SOCK_STREAM are handled in > > the different way and maybe it would not be a bad idea to change the > > behaviour of FreeBSD to just one unified way, like SUSv3 looks like: > > > > - If the socket is connection-mode, dest_addr shall be ignored. > > - [EISCONN] A destination address was specified and the socket is > > already connected. This error may or may not be returned for > > connection mode sockets. > > I'm not sure. You may have to bring this up to freebsd-net and ask if > there is something that will break by the change in behavior. As far > as I can tell, by reading the sys/netinet/udp_usrreq.c source, the > steps taken when udp_send() is called are: > > - If the socket has an attached inpcb it is passed to udp_output(). > > All UDP sockets have an inpcb attached to them, since they have > gone through udp_attach() at socket creation time. > > - In udp_output(), the part that makes sure packets cannot be sent > with a non-NULL destination address, after a socket has gone > through a connect() is: > > 791 if (addr) { > 792 sin = (struct sockaddr_in *)addr; > 793 if (td && jailed(td->td_ucred)) > 794 prison_remote_ip(td->td_ucred, 0, &sin->sin_addr.s_addr); > 795 if (inp->inp_faddr.s_addr != INADDR_ANY) { > 796 error = EISCONN; > 797 goto release; > 798 } > ... > > Lines 795-798 are the ones that enforce this. > > The TCP protocol does a similar check, but a bit earlier, since it > doesn't need to allow sending to multiple addresses for sockets that > are not connected (there aren't such TCP sockets anyway): > > 117 static int > 118 tcp_usr_attach(struct socket *so, int proto, struct thread *td) > 119 { > 120 int error; > 121 struct inpcb *inp; > 122 struct tcpcb *tp = 0; > 123 TCPDEBUG0; > 124 > 125 INP_INFO_WLOCK(&tcbinfo); > 126 TCPDEBUG1(); > 127 inp = sotoinpcb(so); > 128 if (inp) { > 129 error = EISCONN; > 130 goto out; > 131 } > > This is a bit early. I haven't checked the tcp_output.c source to see > what happens later on. I honestly have to admit that tcp_output() > still scares the hell out of me :-) > > >> to any number of addresses. After connect() is used to bind the > >> socket to a particular destination address it's not valid to > >> sendto() packets to any random address any more. > > > > Yes, target address has to be ignored from sendto() and the problem > > is that OS may or may not return an error. > > For connected SOCK_STREAM sockets no error is returned AFAICT. > The packet is just dropped. I tried it and it seems to me that TCP packet is sent to connected address, so TCP is SUSv3 compliant too, but just in the other way from UDP case, which I think is not very systematic. > Unconnected SOCK_STREAM sockets cannot send packets anyway (ENOTCONN). > > SOCK_DGRAM sockets need special documentation of their behavior :-) -- Rudolf Cejka http://www.fit.vutbr.cz/~cejkar Brno University of Technology, Faculty of Information Technology Bozetechova 2, 612 66 Brno, Czech Republic From owner-freebsd-net@FreeBSD.ORG Wed Jan 19 16:53:35 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A5ACC16A4CE; Wed, 19 Jan 2005 16:53:35 +0000 (GMT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 71D0D43D1D; Wed, 19 Jan 2005 16:53:35 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id j0JGvpil012586; Wed, 19 Jan 2005 08:57:51 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id j0JGvp3m012585; Wed, 19 Jan 2005 08:57:51 -0800 Date: Wed, 19 Jan 2005 08:57:51 -0800 From: Brooks Davis To: Gleb Smirnoff Message-ID: <20050119165751.GA19365@odin.ac.hmc.edu> References: <20050117200610.GA90866@cell.sick.ru> <20050118183558.GA15150@odin.ac.hmc.edu> <41ED8D63.8090205@elischer.org> <20050119084526.GA5119@cell.sick.ru> <41EE2933.4090404@elischer.org> <20050119093608.GA5712@cell.sick.ru> <41EE3361.8D27FF5B@freebsd.org> <20050119123426.GA7825@cell.sick.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jRHKVT23PllUwdXP" Content-Disposition: inline In-Reply-To: <20050119123426.GA7825@cell.sick.ru> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu cc: Andre Oppermann cc: Julian Elischer cc: net@freebsd.org Subject: Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) andnetgraph(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jan 2005 16:53:35 -0000 --jRHKVT23PllUwdXP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jan 19, 2005 at 03:34:26PM +0300, Gleb Smirnoff wrote: > On Wed, Jan 19, 2005 at 11:16:01AM +0100, Andre Oppermann wrote: > A> > On Wed, Jan 19, 2005 at 01:32:35AM -0800, Julian Elischer wrote: > A> > J> If each active divert socket number had a pointer to the module t= o which it > A> > J> was attached then you could divert to either in-kernel netgraph = targets or > A> > J> to userland socket based targets. Currently of you divert to a d= ivert > A> > J> 'port number' and nothing is attached to it, the packet is droppe= d. > A> > J> If a divert socket is attached to it, it is sent ot teh socket. > A> > J> I would just suggest that is not a great leap of imagination that > A> > J> attaching to a hook named 3245 would attach a netgrpah hook to th= e ipfw > A> > J> code in the sam enamespace as the divert portnumber, and that a > A> > J> subsequent attempt to attach a divert socket to that port number = woild > A> > J> fail. The packets diverted there would simply go to the netgraph = hook > A> > J> instead of going to a socket or being dropped. > A> >=20 > A> > I understand your idea now. I'll work in this direction. > A>=20 > A> I like Julian's idea. And if you look at the mtag's the only thing th= at > A> is extracted is the rule number for divert, dummynet and netgraph (your > A> patch). Ideally this should be merged into one tag if possible and not > A> an architectual hack. >=20 > When writing node, I was thinking about merging this into one tag. Howeve= r, I > expected negative response to this idea, from other developers. >=20 > Anyone else agree that these tags should be merged? Off the top of my head, I don't like the idea. What are the savings in doing so? Is there a guarantee that you won't need more then one at once? -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --jRHKVT23PllUwdXP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFB7pGPXY6L6fI4GtQRAv9qAKCgW946odXT0iE2uvbwnU6F3TPjhACeLnJA b0OqmI8OV+7AKpUAz2D3U/U= =W24P -----END PGP SIGNATURE----- --jRHKVT23PllUwdXP-- From owner-freebsd-net@FreeBSD.ORG Wed Jan 19 17:42:11 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8194E16A4CE; Wed, 19 Jan 2005 17:42:11 +0000 (GMT) Received: from relay.bestcom.ru (relay.bestcom.ru [217.72.144.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id B951243D31; Wed, 19 Jan 2005 17:42:10 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (root@cell.sick.ru [217.72.144.68]) by relay.bestcom.ru (8.13.1/8.12.9) with ESMTP id j0JHfwQB035987 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 19 Jan 2005 20:42:03 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id j0JHfvqo010603 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 19 Jan 2005 20:41:58 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id j0JHfuhO010602; Wed, 19 Jan 2005 20:41:56 +0300 (MSK) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Wed, 19 Jan 2005 20:41:56 +0300 From: Gleb Smirnoff To: Brooks Davis Message-ID: <20050119174156.GA10573@cell.sick.ru> References: <20050117200610.GA90866@cell.sick.ru> <20050118183558.GA15150@odin.ac.hmc.edu> <41ED8D63.8090205@elischer.org> <20050119084526.GA5119@cell.sick.ru> <41EE2933.4090404@elischer.org> <20050119093608.GA5712@cell.sick.ru> <41EE3361.8D27FF5B@freebsd.org> <20050119123426.GA7825@cell.sick.ru> <20050119165751.GA19365@odin.ac.hmc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20050119165751.GA19365@odin.ac.hmc.edu> User-Agent: Mutt/1.5.6i X-Virus-Scanned: ClamAV version devel-20050119, clamav-milter version 0.80ff on relay.bestcom.ru X-Virus-Status: Clean cc: Andre Oppermann cc: Julian Elischer cc: net@freebsd.org Subject: Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) andnetgraph(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jan 2005 17:42:11 -0000 On Wed, Jan 19, 2005 at 08:57:51AM -0800, Brooks Davis wrote: B> Off the top of my head, I don't like the idea. What are the savings in B> doing so? Is there a guarantee that you won't need more then one at B> once? Well, I've spent enough braincycles arguing with myself, so I ask you to decide "to merge or not to merge" between yourself, and them I'll accept any decision. P.S. Pls note, that I've added 'if (DIVERT_LOADED)', and were asked for a backout. This was done to avoid tag lookup in a case, when tag can not be present. I've intentionally didn't add 'if (NG_IPFW_LOADED)' here. However, I don't agree with this... -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Wed Jan 19 18:49:05 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E5E316A4CF for ; Wed, 19 Jan 2005 18:49:05 +0000 (GMT) Received: from web41012.mail.yahoo.com (web41012.mail.yahoo.com [66.218.93.11]) by mx1.FreeBSD.org (Postfix) with SMTP id 101D443D48 for ; Wed, 19 Jan 2005 18:49:05 +0000 (GMT) (envelope-from angelo_2871@yahoo.com) Received: (qmail 27564 invoked by uid 60001); 19 Jan 2005 18:49:02 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=P5D384SumG/0m9RB6e2HbDwbuc8iJV91Rko61kJmA8aGbSrrDZmarN2nMJCSoN6B/GFK2KTsAetfWQ861kRxlep+D3vSCalu/uoWY3lqo9yanrAhzkVCKOqubeQE53VgJHOGbirl26zw2cLkZ/wsHZ/iYRZa/2faEwYCniHxxhI= ; Message-ID: <20050119184902.27562.qmail@web41012.mail.yahoo.com> Received: from [62.215.3.61] by web41012.mail.yahoo.com via HTTP; Wed, 19 Jan 2005 10:49:02 PST Date: Wed, 19 Jan 2005 10:49:02 -0800 (PST) From: angelito munez To: freebsd-questions@freebsd.org, freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: need help X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jan 2005 18:49:05 -0000 Hi,.. I just formatted freeBSD4.9. i want it run as a router and a firewall. does anybody out here can help me out.. and commands do i want.. from complete to become a sevver.. thanks.. --------------------------------- Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term' From owner-freebsd-net@FreeBSD.ORG Wed Jan 19 19:57:55 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4D2BF16A4CE; Wed, 19 Jan 2005 19:57:55 +0000 (GMT) Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id E34E343D1F; Wed, 19 Jan 2005 19:57:53 +0000 (GMT) (envelope-from julian@elischer.org) Received: from elischer.org (julian.vicor-nb.com [208.206.78.97]) by mail.vicor-nb.com (Postfix) with ESMTP id 6237B7A403; Wed, 19 Jan 2005 11:57:53 -0800 (PST) Message-ID: <41EEBBC0.3040908@elischer.org> Date: Wed, 19 Jan 2005 11:57:53 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3.1) Gecko/20030516 X-Accept-Language: en, hu MIME-Version: 1.0 To: Gleb Smirnoff References: <20050117200610.GA90866@cell.sick.ru> <20050118183558.GA15150@odin.ac.hmc.edu> <41ED8D63.8090205@elischer.org> <20050119084526.GA5119@cell.sick.ru> <41EE2933.4090404@elischer.org> <20050119093608.GA5712@cell.sick.ru> <41EE3361.8D27FF5B@freebsd.org> <20050119123426.GA7825@cell.sick.ru> In-Reply-To: <20050119123426.GA7825@cell.sick.ru> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: Andre Oppermann cc: net@freebsd.org Subject: Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) andnetgraph(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jan 2005 19:57:55 -0000 Gleb Smirnoff wrote: >On Wed, Jan 19, 2005 at 11:16:01AM +0100, Andre Oppermann wrote: >A> > On Wed, Jan 19, 2005 at 01:32:35AM -0800, Julian Elischer wrote: >A> > J> If each active divert socket number had a pointer to the module to which it >A> > J> was attached then you could divert to either in-kernel netgraph targets or >A> > J> to userland socket based targets. Currently of you divert to a divert >A> > J> 'port number' and nothing is attached to it, the packet is dropped. >A> > J> If a divert socket is attached to it, it is sent ot teh socket. >A> > J> I would just suggest that is not a great leap of imagination that >A> > J> attaching to a hook named 3245 would attach a netgrpah hook to the ipfw >A> > J> code in the sam enamespace as the divert portnumber, and that a >A> > J> subsequent attempt to attach a divert socket to that port number woild >A> > J> fail. The packets diverted there would simply go to the netgraph hook >A> > J> instead of going to a socket or being dropped. >A> > >A> > I understand your idea now. I'll work in this direction. >A> >A> I like Julian's idea. And if you look at the mtag's the only thing that >A> is extracted is the rule number for divert, dummynet and netgraph (your >A> patch). Ideally this should be merged into one tag if possible and not >A> an architectual hack. > >When writing node, I was thinking about merging this into one tag. However, I >expected negative response to this idea, from other developers. > >Anyone else agree that these tags should be merged? > which tags exactly? > > > From owner-freebsd-net@FreeBSD.ORG Wed Jan 19 21:02:06 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA65C16A4CE for ; Wed, 19 Jan 2005 21:02:06 +0000 (GMT) Received: from mailhost.schluting.com (schluting.com [131.252.214.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id A2D3843D2F for ; Wed, 19 Jan 2005 21:02:06 +0000 (GMT) (envelope-from charlie@schluting.com) Received: from localhost (localhost [127.0.0.1]) by mailhost.schluting.com (Postfix) with ESMTP id 46BA62581 for ; Wed, 19 Jan 2005 13:02:06 -0800 (PST) Received: from mailhost.schluting.com ([127.0.0.1]) by localhost (schluting.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 94221-03 for ; Wed, 19 Jan 2005 13:01:53 -0800 (PST) Received: from [131.252.209.122] (smelly.cat.pdx.edu [131.252.209.122]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailhost.schluting.com (Postfix) with ESMTP id E7B8B22AC for ; Wed, 19 Jan 2005 13:01:52 -0800 (PST) Message-ID: <41EECAC0.3000801@schluting.com> Date: Wed, 19 Jan 2005 13:01:52 -0800 From: Charlie Schluting User-Agent: Mozilla Thunderbird 1.0 (X11/20041215) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "freebsd-net@freebsd.org" Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by your mom at schluting.com Subject: vlans changed? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jan 2005 21:02:06 -0000 Did something change from 5.2.1 to 5.3? In 5.2.1 I used to have a config where the parent device, em(4), didn't have an IP, and the vlan dev had the IP address. (yes, the parent device was "UP") I then configured the trunk (on the switch) to have a native vlan of something other than the vlan interface's vlan. This worked. Now, in 5.3, the only thing I can get working is to configure the em0 int with the IP, and set the trunk to have the native vlan corresponding to that IP. Weird. Also, is there a way to stop em(4) from stripping dot1q tags in hardware? I'd like to see them with tcpdump. What kind of a performance hit does this involve? Thanks :) -Charlie From owner-freebsd-net@FreeBSD.ORG Wed Jan 19 21:22:52 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 135AA16A4E6 for ; Wed, 19 Jan 2005 21:22:52 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E84743D45 for ; Wed, 19 Jan 2005 21:22:51 +0000 (GMT) (envelope-from jsimola@gmail.com) Received: by wproxy.gmail.com with SMTP id 58so8561wri for ; Wed, 19 Jan 2005 13:22:49 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=LCv7rcmBpd/sMup5l4SS0djasyac/FxM4FDF9y3sz4MX+nFitixHX8vTtsg0ADvqT2WhXq622vN5us74MTgbUA/4DgceKARCpBuXQAl1aqNC/4zZIqcZU+wPZAyz5bFmuZWY1h41Ufr7SF1UMi9iN9HTDijXebcDFEDLiptgs8A= Received: by 10.54.6.31 with SMTP id 31mr155555wrf; Wed, 19 Jan 2005 13:22:48 -0800 (PST) Received: by 10.54.39.34 with HTTP; Wed, 19 Jan 2005 13:22:48 -0800 (PST) Message-ID: <8eea0408050119132242cd8464@mail.gmail.com> Date: Wed, 19 Jan 2005 13:22:48 -0800 From: Jon Simola To: Charlie Schluting , "freebsd-net@freebsd.org" In-Reply-To: <41EECAC0.3000801@schluting.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <41EECAC0.3000801@schluting.com> Subject: Re: vlans changed? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jon@abccomm.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jan 2005 21:22:52 -0000 On Wed, 19 Jan 2005 13:01:52 -0800, Charlie Schluting wrote: > Now, in 5.3, the only thing I can get working is to configure the em0 int with > the IP, and set the trunk to have the native vlan corresponding to that IP. Weird. Sounds like you're not getting the module loaded. By your description above, you're no longer sending tagged frames over the trunk. My rc.conf bits: ifconfig_em1="up media auto" cloned_interfaces="vlan100" ifconfig_vlan100="inet xx.xx.xx.254 netmask 0xffffff00 vlan 100 vlandev em1" > Also, is there a way to stop em(4) from stripping dot1q tags in hardware? I'd > like to see them with tcpdump. What kind of a performance hit does this involve? # tcpdump -c4 -nvvvei em1 14:24:52.445480 00:30:48:72:f3:0b > 00:09:5b:fc:e4:5f, ethertype 802.1Q (0x8100), length 1532: vlan 100, p 0, ethertype IPv4, IP0 bad-hlen 0 14:24:52.445500 00:30:48:72:f3:0b > 00:09:5b:fc:e4:5f, ethertype 802.1Q (0x8100), length 279: vlan 100, p 0, ethertype IPv4, IP0 bad-hlen 0 14:24:52.445518 00:30:48:72:f3:0b > 00:c0:05:04:00:f0, ethertype 802.1Q (0x8100), length 144: vlan 100, p 0, ethertype IPv4, IP0 bad-hlen 0 14:24:52.445539 00:30:48:72:f3:0b > 00:0f:3d:64:f4:23, ethertype 802.1Q (0x8100), length 72: vlan 100, p 0, ethertype IPv4, IP0 bad-hlen 0 Seems to work fine (it's the -e switch that does it). Hope that helps. From owner-freebsd-net@FreeBSD.ORG Wed Jan 19 21:23:20 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 30DE616A4D0 for ; Wed, 19 Jan 2005 21:23:20 +0000 (GMT) Received: from smtp.astra.net.uk (smtp.astra.net.uk [212.47.64.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id D01A443D2D for ; Wed, 19 Jan 2005 21:23:19 +0000 (GMT) (envelope-from mike@nux.co.uk) Received: from imap.nux.co.uk (unknown [194.165.198.17]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (Client did not present a certificate) by smtp.astra.net.uk (Postfix) with ESMTP id A6A033BE5A for ; Wed, 19 Jan 2005 21:23:12 +0000 (GMT) Received: (qmail 34355 invoked from network); 19 Jan 2005 21:25:33 -0000 Received: from unknown (HELO black.eros.office) (192.168.5.130) by imap.nux.co.uk with AES256-SHA encrypted SMTP; 19 Jan 2005 21:25:33 -0000 Received: (qmail 91546 invoked by uid 2223); 19 Jan 2005 21:28:35 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 19 Jan 2005 21:28:35 -0000 Date: Wed, 19 Jan 2005 21:28:35 +0000 (GMT) From: Mike Wolman X-X-Sender: mike@black.eros.office To: Charlie Schluting In-Reply-To: <41EECAC0.3000801@schluting.com> Message-ID: <20050119212500.Y91508@black.eros.office> References: <41EECAC0.3000801@schluting.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-net@freebsd.org Subject: Re: vlans changed? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jan 2005 21:23:20 -0000 I had major grief with the em driver and vlans, i have found by tcpdumping on the em0 interface actually causes more problems. there are some more posts about this a couple of months ago, my resolution was to swap the em card for an fxp instead as the box was in production and i didnt have other options. Mike. On Wed, 19 Jan 2005, Charlie Schluting wrote: > Did something change from 5.2.1 to 5.3? > > In 5.2.1 I used to have a config where the parent device, em(4), didn't have > an IP, and the vlan dev had the IP address. (yes, the parent device was "UP") > I then configured the trunk (on the switch) to have a native vlan of > something other than the vlan interface's vlan. > > This worked. > > Now, in 5.3, the only thing I can get working is to configure the em0 int > with the IP, and set the trunk to have the native vlan corresponding to that > IP. Weird. > > Also, is there a way to stop em(4) from stripping dot1q tags in hardware? I'd > like to see them with tcpdump. What kind of a performance hit does this > involve? > > Thanks :) > > -Charlie > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > From owner-freebsd-net@FreeBSD.ORG Wed Jan 19 21:47:24 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D0A4116A4CE for ; Wed, 19 Jan 2005 21:47:24 +0000 (GMT) Received: from mailhost.schluting.com (schluting.com [131.252.214.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id AC8B843D5E for ; Wed, 19 Jan 2005 21:47:24 +0000 (GMT) (envelope-from charlie@schluting.com) Received: from localhost (localhost [127.0.0.1]) by mailhost.schluting.com (Postfix) with ESMTP id 5F42823F4 for ; Wed, 19 Jan 2005 13:47:24 -0800 (PST) Received: from mailhost.schluting.com ([127.0.0.1]) by localhost (schluting.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 97842-08 for ; Wed, 19 Jan 2005 13:47:17 -0800 (PST) Received: from [131.252.209.122] (smelly.cat.pdx.edu [131.252.209.122]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailhost.schluting.com (Postfix) with ESMTP id 597DB2280 for ; Wed, 19 Jan 2005 13:47:17 -0800 (PST) Message-ID: <41EED564.6010104@schluting.com> Date: Wed, 19 Jan 2005 13:47:16 -0800 From: Charlie Schluting User-Agent: Mozilla Thunderbird 1.0 (X11/20041215) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "freebsd-net@freebsd.org" References: <41EECAC0.3000801@schluting.com> <8eea0408050119132242cd8464@mail.gmail.com> In-Reply-To: <8eea0408050119132242cd8464@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by your mom at schluting.com Subject: Re: vlans changed? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jan 2005 21:47:24 -0000 Jon Simola wrote: > On Wed, 19 Jan 2005 13:01:52 -0800, Charlie Schluting > wrote: > > >>Now, in 5.3, the only thing I can get working is to configure the em0 int with >>the IP, and set the trunk to have the native vlan corresponding to that IP. Weird. > > > Sounds like you're not getting the module loaded. By your description > above, you're no longer sending tagged frames over the trunk. Except that I've compiled device vlan into the kernel.. > My rc.conf bits: > > ifconfig_em1="up media auto" > cloned_interfaces="vlan100" > ifconfig_vlan100="inet xx.xx.xx.254 netmask 0xffffff00 vlan 100 vlandev em1" > Yep, that should work, I know :) >>Also, is there a way to stop em(4) from stripping dot1q tags in hardware? I'd >>like to see them with tcpdump. What kind of a performance hit does this involve? > > > # tcpdump -c4 -nvvvei em1 > > Seems to work fine (it's the -e switch that does it). Ah, thanks :) -Charlie From owner-freebsd-net@FreeBSD.ORG Wed Jan 19 21:50:30 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF5F016A4EA for ; Wed, 19 Jan 2005 21:50:19 +0000 (GMT) Received: from mailhost.schluting.com (schluting.com [131.252.214.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1768843D2D for ; Wed, 19 Jan 2005 21:50:19 +0000 (GMT) (envelope-from charlie@schluting.com) Received: from localhost (localhost [127.0.0.1]) by mailhost.schluting.com (Postfix) with ESMTP id C761523F4 for ; Wed, 19 Jan 2005 13:50:18 -0800 (PST) Received: from mailhost.schluting.com ([127.0.0.1]) by localhost (schluting.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02805-01 for ; Wed, 19 Jan 2005 13:50:13 -0800 (PST) Received: from [131.252.209.122] (smelly.cat.pdx.edu [131.252.209.122]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailhost.schluting.com (Postfix) with ESMTP id F04FC2280 for ; Wed, 19 Jan 2005 13:50:12 -0800 (PST) Message-ID: <41EED614.4010505@schluting.com> Date: Wed, 19 Jan 2005 13:50:12 -0800 From: Charlie Schluting User-Agent: Mozilla Thunderbird 1.0 (X11/20041215) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <41EECAC0.3000801@schluting.com> <20050119212500.Y91508@black.eros.office> In-Reply-To: <20050119212500.Y91508@black.eros.office> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by your mom at schluting.com Subject: Re: vlans changed? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jan 2005 21:50:30 -0000 Mike Wolman wrote: > > I had major grief with the em driver and vlans, > i have found by tcpdumping on the em0 interface > actually causes more problems. > > there are some more posts about this a couple of months ago, > > my resolution was to swap the em card for an fxp instead as > the box was in production and i didnt have other options. > > Mike. Yea.. I had that problem to. But this is a different box, and it was just "not working" rather than crashing. It does use a bpf constantly though.. hmm. I've got about 50,000 pps coming into this box from a cisco SPAN session, and using a 100bT card isn't really an option. -Charlie From owner-freebsd-net@FreeBSD.ORG Thu Jan 20 03:54:24 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE66716A4CE for ; Thu, 20 Jan 2005 03:54:23 +0000 (GMT) Received: from mail.ntmk.ru (mail.ntmk.ru [217.114.241.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 421B043D2F for ; Thu, 20 Jan 2005 03:54:22 +0000 (GMT) (envelope-from boris@ntmk.ru) Received: from boris.nikom.ru ([10.1.16.195]) by mail.ntmk.ru with esmtp (Exim 4.34) id 1CrTOm-00068S-P5 for freebsd-net@freebsd.org; Thu, 20 Jan 2005 08:54:20 +0500 Message-ID: <41EF2B6C.2090609@ntmk.ru> Date: Thu, 20 Jan 2005 08:54:20 +0500 From: Boris Kovalenko User-Agent: Mozilla Thunderbird 1.0 (X11/20041228) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: multipart/mixed; boundary="------------030805060304020206090101" Subject: [PATCH] 802.1p priority X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2005 03:54:24 -0000 This is a multi-part message in MIME format. --------------030805060304020206090101 Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Hello! I want to implement 802.1p priority tagging for VLAN. I made this dirty patch and wonder - it works for me. May somebody look at it and tell me is this enough for BSD community or should I look and patch something more? -- With respect, Boris --------------030805060304020206090101 Content-Type: text/plain; name="patch-8021p.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="patch-8021p.diff" --- sbin/ifconfig/ifconfig.h.orig Wed Jan 19 10:44:20 2005 +++ sbin/ifconfig/ifconfig.h Wed Jan 19 10:09:57 2005 @@ -49,6 +49,7 @@ extern void setvlantag(const char *, int, int, const struct afswtch *rafp); extern void setvlandev(const char *, int, int, const struct afswtch *rafp); +extern void setvlanpri(const char *, int, int, const struct afswtch *rafp); extern void unsetvlandev(const char *, int, int, const struct afswtch *rafp); extern void vlan_status(int s, struct rt_addrinfo *); --- sbin/ifconfig/ifvlan.c.orig Thu Apr 18 23:14:09 2002 +++ sbin/ifconfig/ifvlan.c Wed Jan 19 10:46:52 2005 @@ -59,6 +59,7 @@ "$FreeBSD: src/sbin/ifconfig/ifvlan.c,v 1.5 2002/04/18 17:14:09 imp Exp $"; #endif static int __tag = 0; +static int __pri = 0; static int __have_tag = 0; void @@ -72,9 +73,9 @@ if (ioctl(s, SIOCGETVLAN, (caddr_t)&ifr) == -1) return; - printf("\tvlan: %d parent interface: %s\n", - vreq.vlr_tag, vreq.vlr_parent[0] == '\0' ? - "" : vreq.vlr_parent); + printf("\tvlan: %d parent interface: %s 802.1p: %d\n", + EVL_VLANOFTAG(vreq.vlr_tag), vreq.vlr_parent[0] == '\0' ? + "" : vreq.vlr_parent, EVL_PRIOFTAG(vreq.vlr_tag)); return; } @@ -94,7 +95,29 @@ if (ioctl(s, SIOCGETVLAN, (caddr_t)&ifr) == -1) err(1, "SIOCGETVLAN"); - vreq.vlr_tag = tag; + vreq.vlr_tag = EVL_MAKETAG(tag, __pri); + + if (ioctl(s, SIOCSETVLAN, (caddr_t)&ifr) == -1) + err(1, "SIOCSETVLAN"); + + return; +} + +void +setvlanpri(const char *val, int d, int s, const struct afswtch *afp) +{ + u_int16_t pri; + struct vlanreq vreq; + + __pri = pri = atoi(val); + + bzero((char *)&vreq, sizeof(struct vlanreq)); + ifr.ifr_data = (caddr_t)&vreq; + + if (ioctl(s, SIOCGETVLAN, (caddr_t)&ifr) == -1) + err(1, "SIOCGETVLAN"); + + vreq.vlr_tag = EVL_MAKETAG(EVL_VLANOFTAG(vreq.vlr_tag), pri); if (ioctl(s, SIOCSETVLAN, (caddr_t)&ifr) == -1) err(1, "SIOCSETVLAN"); @@ -117,7 +140,7 @@ err(1, "SIOCGETVLAN"); strncpy(vreq.vlr_parent, val, sizeof(vreq.vlr_parent)); - vreq.vlr_tag = __tag; + vreq.vlr_tag = EVL_MAKETAG(__tag, __pri); if (ioctl(s, SIOCSETVLAN, (caddr_t)&ifr) == -1) err(1, "SIOCSETVLAN"); --- sys/net/if_vlan_var.h.orig Mon Jan 19 00:29:04 2004 +++ sys/net/if_vlan_var.h Wed Jan 19 10:42:04 2005 @@ -43,6 +43,7 @@ #define EVL_VLID_MASK 0x0FFF #define EVL_VLANOFTAG(tag) ((tag) & EVL_VLID_MASK) #define EVL_PRIOFTAG(tag) (((tag) >> 13) & 7) +#define EVL_MAKETAG(tag,pri) ((((pri) & 7) << 13) | ((tag) & EVL_VLID_MASK)) /* sysctl(3) tags, for compatibility purposes */ #define VLANCTL_PROTO 1 @@ -52,8 +53,8 @@ * Configuration structure for SIOCSETVLAN and SIOCGETVLAN ioctls. */ struct vlanreq { - char vlr_parent[IFNAMSIZ]; - u_short vlr_tag; + char vlr_parent[IFNAMSIZ]; + u_int16_t vlr_tag; }; #define SIOCSETVLAN SIOCSIFGENERIC #define SIOCGETVLAN SIOCGIFGENERIC --- sys/net/if_vlan.c.orig Wed Jan 19 10:40:32 2005 +++ sys/net/if_vlan.c Wed Jan 19 10:42:22 2005 @@ -930,15 +930,6 @@ error = ENOENT; break; } - /* - * Don't let the caller set up a VLAN tag with - * anything except VLID bits. - */ - - if (vlr.vlr_tag & ~EVL_VLID_MASK) { - error = EINVAL; - break; - } VLAN_LOCK(); error = vlan_config(ifv, p); --- sbin/ifconfig/ifconfig.c.orig Wed Jan 19 10:56:44 2005 +++ sbin/ifconfig/ifconfig.c Wed Jan 19 10:56:24 2005 @@ -248,6 +248,7 @@ #ifdef USE_VLANS { "vlan", NEXTARG, setvlantag }, { "vlandev", NEXTARG, setvlandev }, + { "vlanpri", NEXTARG, setvlandev }, { "-vlandev", NEXTARG, unsetvlandev }, #endif #if 0 --------------030805060304020206090101-- From owner-freebsd-net@FreeBSD.ORG Thu Jan 20 10:26:54 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 63E4116A4D0 for ; Thu, 20 Jan 2005 10:26:54 +0000 (GMT) Received: from vbook.fbsd.ru (asplinux.ru [195.133.213.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C1F143D31 for ; Thu, 20 Jan 2005 10:26:53 +0000 (GMT) (envelope-from vova@vbook.fbsd.ru) Received: from vova by vbook.fbsd.ru with local (Exim 4.43 (FreeBSD)) id 1CrZWX-000G0W-Q3; Thu, 20 Jan 2005 13:26:46 +0300 From: Vladimir Grebenschikov To: Boris Kovalenko In-Reply-To: <41EF2B6C.2090609@ntmk.ru> References: <41EF2B6C.2090609@ntmk.ru> Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable Organization: SWsoft Date: Thu, 20 Jan 2005 13:26:44 +0300 Message-Id: <1106216804.35369.1.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.0.3 FreeBSD GNOME Team Port Sender: Vladimir Grebenschikov cc: freebsd-net@freebsd.org Subject: Re: [PATCH] 802.1p priority X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: vova@fbsd.ru List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2005 10:26:54 -0000 =F7 =DE=D4, 20/01/2005 =D7 08:54 +0500, Boris Kovalenko =D0=C9=DB=C5=D4: > Hello! >=20 > I want to implement 802.1p priority tagging for VLAN. I made this dirty > patch and wonder - it works for me. May somebody look at it and tell me > is this enough for BSD community or should I look and patch something mor= e? >=20 > =D7=CC=CF=D6=C5=CE=C9=C5 plain text document (patch-8021p.diff) > --- sbin/ifconfig/ifconfig.h.orig Wed Jan 19 10:44:20 2005 > +++ sbin/ifconfig/ifconfig.h Wed Jan 19 10:09:57 2005 > @@ -49,6 +49,7 @@ > =20 > extern void setvlantag(const char *, int, int, const struct afswtch *raf= p); > extern void setvlandev(const char *, int, int, const struct afswtch *raf= p); > +extern void setvlanpri(const char *, int, int, const struct afswtch *raf= p); > extern void unsetvlandev(const char *, int, int, const struct afswtch *r= afp); > extern void vlan_status(int s, struct rt_addrinfo *); ... > --- sbin/ifconfig/ifconfig.c.orig Wed Jan 19 10:56:44 2005 > +++ sbin/ifconfig/ifconfig.c Wed Jan 19 10:56:24 2005 > @@ -248,6 +248,7 @@ > #ifdef USE_VLANS > { "vlan", NEXTARG, setvlantag }, > { "vlandev", NEXTARG, setvlandev }, > + { "vlanpri", NEXTARG, setvlandev }, { "vlanpri", NEXTARG, setvlanpri }, Should be setvlanpri instead of setvlandev ? > { "-vlandev", NEXTARG, unsetvlandev }, > #endif > #if 0 --=20 Vladimir B. Grebenchikov vova@fbsd.ru From owner-freebsd-net@FreeBSD.ORG Thu Jan 20 10:33:45 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E6DD816A4CE for ; Thu, 20 Jan 2005 10:33:45 +0000 (GMT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8D64043D3F for ; Thu, 20 Jan 2005 10:33:45 +0000 (GMT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.13.1/8.13.1) with ESMTP id j0KAXYTp084238; Thu, 20 Jan 2005 05:33:35 -0500 (EST) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)j0KAXYGS084235; Thu, 20 Jan 2005 10:33:34 GMT (envelope-from robert@fledge.watson.org) Date: Thu, 20 Jan 2005 10:33:33 +0000 (GMT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Charlie Schluting In-Reply-To: <41EECAC0.3000801@schluting.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: "freebsd-net@freebsd.org" Subject: Re: vlans changed? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2005 10:33:46 -0000 On Wed, 19 Jan 2005, Charlie Schluting wrote: > Now, in 5.3, the only thing I can get working is to configure the em0 > int with the IP, and set the trunk to have the native vlan corresponding > to that IP. Weird. > > Also, is there a way to stop em(4) from stripping dot1q tags in > hardware? I'd like to see them with tcpdump. What kind of a performance > hit does this involve? Try "ifconfig em0 -vlanhwtag" and see if that helps. If not, take a look in if_em.c:em_setup_interface(), and you'll see two lines like this: #if __FreeBSD_version >= 500000 ifp->if_capabilities |= IFCAP_VLAN_HWTAGGING | IFCAP_VLAN_MTU; ifp->if_capenable |= IFCAP_VLAN_HWTAGGING | IFCAP_VLAN_MTU; #endif Delete the contents "|FCAP_VLAN_HWTAGGING |" from each line, and that should disable support for hardware vlan tagging and stripping in the driver. There are several bugs relating to the handling of hardware vlan tagging and promiscuous mode in both if_re and if_em. I had hoped to have a chance to resolve them over the past couple of months but have not as yet been able to do so. I measured a small performance hit last time I tried disabling the hardware tagging, perhaps a couple of percent, but mileage may vary -- for in-bound packets, there's a small amount additional work, but for outgoing packets you may see an extra memory allocation for each encapsulated packet (it depends a bit on what you send). If this appears to work properly for you, we should probably commit the change so that what's in the tree works properly, even if it's slightly slower. Robert N M Watson From owner-freebsd-net@FreeBSD.ORG Thu Jan 20 11:23:05 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B94D716A4CF for ; Thu, 20 Jan 2005 11:23:05 +0000 (GMT) Received: from mail.ntmk.ru (mail.ntmk.ru [217.114.241.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id E1A5743D3F for ; Thu, 20 Jan 2005 11:23:03 +0000 (GMT) (envelope-from boris@ntmk.ru) Received: from boris.nikom.ru ([10.1.16.195]) by mail.ntmk.ru with esmtp (Exim 4.34) id 1CraOz-0007BW-8j for freebsd-net@freebsd.org; Thu, 20 Jan 2005 16:23:01 +0500 Message-ID: <41EF9495.5080601@ntmk.ru> Date: Thu, 20 Jan 2005 16:23:01 +0500 From: Boris Kovalenko User-Agent: Mozilla Thunderbird 1.0 (X11/20041228) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: multipart/mixed; boundary="------------060707050905020703070400" Subject: [PATCH] 802.1p priority (fixed) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2005 11:23:06 -0000 This is a multi-part message in MIME format. --------------060707050905020703070400 Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Hello! Sorry, when compiling all in one, have used one older wrong diff. Of course, this one should be used. If BSD community will approve my patch, I also will make updates to vlan(4) and ifconfig(8) man pages. Because of my little BSD network infrastructure knowledge I hope that guru will look at it and point me to the right way :) -- With respect, Boris --------------060707050905020703070400 Content-Type: text/plain; name="patch-8021p.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="patch-8021p.diff" --- sbin/ifconfig/ifconfig.h.orig Wed Jan 19 10:44:20 2005 +++ sbin/ifconfig/ifconfig.h Wed Jan 19 10:09:57 2005 @@ -49,6 +49,7 @@ extern void setvlantag(const char *, int, int, const struct afswtch *rafp); extern void setvlandev(const char *, int, int, const struct afswtch *rafp); +extern void setvlanpri(const char *, int, int, const struct afswtch *rafp); extern void unsetvlandev(const char *, int, int, const struct afswtch *rafp); extern void vlan_status(int s, struct rt_addrinfo *); --- sbin/ifconfig/ifvlan.c.orig Thu Apr 18 23:14:09 2002 +++ sbin/ifconfig/ifvlan.c Wed Jan 19 10:46:52 2005 @@ -59,6 +59,7 @@ "$FreeBSD: src/sbin/ifconfig/ifvlan.c,v 1.5 2002/04/18 17:14:09 imp Exp $"; #endif static int __tag = 0; +static int __pri = 0; static int __have_tag = 0; void @@ -72,9 +73,9 @@ if (ioctl(s, SIOCGETVLAN, (caddr_t)&ifr) == -1) return; - printf("\tvlan: %d parent interface: %s\n", - vreq.vlr_tag, vreq.vlr_parent[0] == '\0' ? - "" : vreq.vlr_parent); + printf("\tvlan: %d parent interface: %s 802.1p: %d\n", + EVL_VLANOFTAG(vreq.vlr_tag), vreq.vlr_parent[0] == '\0' ? + "" : vreq.vlr_parent, EVL_PRIOFTAG(vreq.vlr_tag)); return; } @@ -94,7 +95,29 @@ if (ioctl(s, SIOCGETVLAN, (caddr_t)&ifr) == -1) err(1, "SIOCGETVLAN"); - vreq.vlr_tag = tag; + vreq.vlr_tag = EVL_MAKETAG(tag, __pri); + + if (ioctl(s, SIOCSETVLAN, (caddr_t)&ifr) == -1) + err(1, "SIOCSETVLAN"); + + return; +} + +void +setvlanpri(const char *val, int d, int s, const struct afswtch *afp) +{ + u_int16_t pri; + struct vlanreq vreq; + + __pri = pri = atoi(val); + + bzero((char *)&vreq, sizeof(struct vlanreq)); + ifr.ifr_data = (caddr_t)&vreq; + + if (ioctl(s, SIOCGETVLAN, (caddr_t)&ifr) == -1) + err(1, "SIOCGETVLAN"); + + vreq.vlr_tag = EVL_MAKETAG(EVL_VLANOFTAG(vreq.vlr_tag), pri); if (ioctl(s, SIOCSETVLAN, (caddr_t)&ifr) == -1) err(1, "SIOCSETVLAN"); @@ -117,7 +140,7 @@ err(1, "SIOCGETVLAN"); strncpy(vreq.vlr_parent, val, sizeof(vreq.vlr_parent)); - vreq.vlr_tag = __tag; + vreq.vlr_tag = EVL_MAKETAG(__tag, __pri); if (ioctl(s, SIOCSETVLAN, (caddr_t)&ifr) == -1) err(1, "SIOCSETVLAN"); --- sys/net/if_vlan_var.h.orig Mon Jan 19 00:29:04 2004 +++ sys/net/if_vlan_var.h Wed Jan 19 10:42:04 2005 @@ -43,6 +43,7 @@ #define EVL_VLID_MASK 0x0FFF #define EVL_VLANOFTAG(tag) ((tag) & EVL_VLID_MASK) #define EVL_PRIOFTAG(tag) (((tag) >> 13) & 7) +#define EVL_MAKETAG(tag,pri) ((((pri) & 7) << 13) | ((tag) & EVL_VLID_MASK)) /* sysctl(3) tags, for compatibility purposes */ #define VLANCTL_PROTO 1 @@ -52,8 +53,8 @@ * Configuration structure for SIOCSETVLAN and SIOCGETVLAN ioctls. */ struct vlanreq { - char vlr_parent[IFNAMSIZ]; - u_short vlr_tag; + char vlr_parent[IFNAMSIZ]; + u_int16_t vlr_tag; }; #define SIOCSETVLAN SIOCSIFGENERIC #define SIOCGETVLAN SIOCGIFGENERIC --- sys/net/if_vlan.c.orig Wed Jan 19 10:40:32 2005 +++ sys/net/if_vlan.c Wed Jan 19 10:42:22 2005 @@ -930,15 +930,6 @@ error = ENOENT; break; } - /* - * Don't let the caller set up a VLAN tag with - * anything except VLID bits. - */ - - if (vlr.vlr_tag & ~EVL_VLID_MASK) { - error = EINVAL; - break; - } VLAN_LOCK(); error = vlan_config(ifv, p); --- sbin/ifconfig/ifconfig.c.orig Wed Jan 19 10:56:44 2005 +++ sbin/ifconfig/ifconfig.c Wed Jan 19 10:56:24 2005 @@ -248,6 +248,7 @@ #ifdef USE_VLANS { "vlan", NEXTARG, setvlantag }, { "vlandev", NEXTARG, setvlandev }, + { "vlanpri", NEXTARG, setvlanpri }, { "-vlandev", NEXTARG, unsetvlandev }, #endif #if 0 --------------060707050905020703070400-- From owner-freebsd-net@FreeBSD.ORG Thu Jan 20 13:36:59 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 94C4216A4CE; Thu, 20 Jan 2005 13:36:59 +0000 (GMT) Received: from relay.bestcom.ru (relay.bestcom.ru [217.72.144.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id CB9D543D48; Thu, 20 Jan 2005 13:36:58 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (root@cell.sick.ru [217.72.144.68]) by relay.bestcom.ru (8.13.1/8.12.9) with ESMTP id j0KDar0D051723 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 20 Jan 2005 16:36:54 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id j0KDaq9B018684 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 20 Jan 2005 16:36:53 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id j0KDaqi3018683; Thu, 20 Jan 2005 16:36:52 +0300 (MSK) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Thu, 20 Jan 2005 16:36:52 +0300 From: Gleb Smirnoff To: Julian Elischer Message-ID: <20050120133652.GA18668@cell.sick.ru> References: <20050117200610.GA90866@cell.sick.ru> <20050118183558.GA15150@odin.ac.hmc.edu> <41ED8D63.8090205@elischer.org> <20050119084526.GA5119@cell.sick.ru> <41EE2933.4090404@elischer.org> <20050119093608.GA5712@cell.sick.ru> <41EE3361.8D27FF5B@freebsd.org> <20050119123426.GA7825@cell.sick.ru> <41EEBBC0.3040908@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <41EEBBC0.3040908@elischer.org> User-Agent: Mutt/1.5.6i X-Virus-Scanned: ClamAV version devel-20050119, clamav-milter version 0.80ff on relay.bestcom.ru X-Virus-Status: Clean cc: Andre Oppermann cc: net@freebsd.org Subject: Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) andnetgraph(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2005 13:36:59 -0000 On Wed, Jan 19, 2005 at 11:57:53AM -0800, Julian Elischer wrote: J> >A> I like Julian's idea. And if you look at the mtag's the only thing that J> >A> is extracted is the rule number for divert, dummynet and netgraph (your J> >A> patch). Ideally this should be merged into one tag if possible and not J> >A> an architectual hack. J> > J> >When writing node, I was thinking about merging this into one tag. J> >However, I J> >expected negative response to this idea, from other developers. J> > J> >Anyone else agree that these tags should be merged? J> > J> J> which tags exactly? ng_ipfw_tag and dn_pkt_tag -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Thu Jan 20 13:46:05 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DAD1216A4CE for ; Thu, 20 Jan 2005 13:46:05 +0000 (GMT) Received: from relay.bestcom.ru (relay.bestcom.ru [217.72.144.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1798B43D45 for ; Thu, 20 Jan 2005 13:46:05 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (root@cell.sick.ru [217.72.144.68]) by relay.bestcom.ru (8.13.1/8.12.9) with ESMTP id j0KDjxeV051828 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 20 Jan 2005 16:45:59 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id j0KDjwVh018721 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 20 Jan 2005 16:45:59 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id j0KDjr1s018720; Thu, 20 Jan 2005 16:45:53 +0300 (MSK) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Thu, 20 Jan 2005 16:45:53 +0300 From: Gleb Smirnoff To: Julian Elischer Message-ID: <20050120134553.GB18668@cell.sick.ru> References: <20050117200610.GA90866@cell.sick.ru> <20050118183558.GA15150@odin.ac.hmc.edu> <41ED8D63.8090205@elischer.org> <20050119084526.GA5119@cell.sick.ru> <41EE2933.4090404@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <41EE2933.4090404@elischer.org> User-Agent: Mutt/1.5.6i X-Virus-Scanned: ClamAV version devel-20050119, clamav-milter version 0.80ff on relay.bestcom.ru X-Virus-Status: Clean cc: net@freebsd.org Subject: Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2005 13:46:06 -0000 Julian, On Wed, Jan 19, 2005 at 01:32:35AM -0800, Julian Elischer wrote: J> I'm not sure they do two different things.. Each represents a place to J> send packets. J> If each active divert socket number had a pointer to the module to which it J> was attached then you could divert to either in-kernel netgraph targets or J> to userland socket based targets. Currently of you divert to a divert J> 'port number' and nothing is attached to it, the packet is dropped. J> If a divert socket is attached to it, it is sent ot teh socket. J> I would just suggest that is not a great leap of imagination that J> attaching to a hook named 3245 would attach a netgrpah hook to the ipfw J> code in the sam enamespace as the divert portnumber, and that a J> subsequent attempt to attach a divert socket to that port number woild J> fail. The packets diverted there would simply go to the netgraph hook J> instead of going to a socket or being dropped. Well, I've considered this. We are going to have these negatives with this change: 1) require divert loaded/compiled, when we are going to work with a completely different thing. 2) Acquire & drop lock on divert pcb info for each packet going into netgraph. 3) Extensively hack divert_packet()... Let me explain. The place where we can tell whether we have a socket diversion or a netgraph diversion, is at the very end of divert_packet(). Before this place many things are done, which does not apply to a netgraph diversion. This hacking may bring bugs into divert infrastructure, and add extra CPU cycles for case of netgraph forwarding. I think saving one keyword for ipfw2 doesn't worth this hacks. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Thu Jan 20 14:33:29 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F6AE16A4CE for ; Thu, 20 Jan 2005 14:33:29 +0000 (GMT) Received: from gvr.gvr.org (gvr-gw.gvr.org [80.126.103.228]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0D9D743D54 for ; Thu, 20 Jan 2005 14:33:29 +0000 (GMT) (envelope-from guido@gvr.org) Received: by gvr.gvr.org (Postfix, from userid 657) id 6EAD5C14D; Thu, 20 Jan 2005 15:33:28 +0100 (CET) Date: Thu, 20 Jan 2005 15:33:28 +0100 From: Guido van Rooij To: freebsd-net@freebsd.org Message-ID: <20050120143328.GA6732@gvr.gvr.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: loopback device types and netmask X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2005 14:33:29 -0000 It seems that the netmask is ignored on loopback type devices. Especially with the discard device this is annoying. If one has a discard interface with the following settings: disc0: flags=8009 mtu 65532 inet 10.100.100.1 netmask 0xffffff00 only 10.100.100.1 is sent to the discard device. All the others need to be explcitly routed towards it. This seems non-intuitive. A quick glance through the code didn't reveil where/how to fix this. Anyone? -Guido From owner-freebsd-net@FreeBSD.ORG Thu Jan 20 14:39:52 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 500DE16A4CE; Thu, 20 Jan 2005 14:39:52 +0000 (GMT) Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1BE6A43D3F; Thu, 20 Jan 2005 14:39:51 +0000 (GMT) (envelope-from maxim@macomnet.ru) Received-SPF: pass (mp2.macomnet.net: domain of maxim@macomnet.ru designates 127.0.0.1 as permitted sender) receiver=mp2.macomnet.net; client_ip=127.0.0.1; envelope-from=maxim@macomnet.ru; Received: from localhost (localhost [127.0.0.1]) by mp2.macomnet.net (8.12.11/8.12.11) with ESMTP id j0KEdm2r062733; Thu, 20 Jan 2005 17:39:48 +0300 (MSK) (envelope-from maxim@macomnet.ru) Date: Thu, 20 Jan 2005 17:39:48 +0300 (MSK) From: Maxim Konovalov To: Robert Watson In-Reply-To: Message-ID: <20050120173819.Q62580@mp2.macomnet.net> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-SpamTest-Info: Profile: Formal (197/050118) X-SpamTest-Info: Profile: Detect Hard (4/030526) X-SpamTest-Info: Profile: SysLog X-SpamTest-Info: Profile: Marking - Keywords (2/030321) X-SpamTest-Status: Not detected X-SpamTest-Version: SMTP-Filter Version 2.0.0 [0124], SpamtestISP/Release cc: "freebsd-net@freebsd.org" cc: alx@sm.ukrtel.net cc: Charlie Schluting Subject: Re: vlans changed? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2005 14:39:52 -0000 On Thu, 20 Jan 2005, 10:33-0000, Robert Watson wrote: > > On Wed, 19 Jan 2005, Charlie Schluting wrote: > > > Now, in 5.3, the only thing I can get working is to configure the em0 > > int with the IP, and set the trunk to have the native vlan corresponding > > to that IP. Weird. > > > > Also, is there a way to stop em(4) from stripping dot1q tags in > > hardware? I'd like to see them with tcpdump. What kind of a performance > > hit does this involve? > > Try "ifconfig em0 -vlanhwtag" and see if that helps. If not, take a look Yep, it works for Alex (CC'ed), thanks for the tip. > in if_em.c:em_setup_interface(), and you'll see two lines like this: > > #if __FreeBSD_version >= 500000 > ifp->if_capabilities |= IFCAP_VLAN_HWTAGGING | IFCAP_VLAN_MTU; > ifp->if_capenable |= IFCAP_VLAN_HWTAGGING | IFCAP_VLAN_MTU; > #endif > > Delete the contents "|FCAP_VLAN_HWTAGGING |" from each line, and that > should disable support for hardware vlan tagging and stripping in the > driver. There are several bugs relating to the handling of hardware vlan > tagging and promiscuous mode in both if_re and if_em. I had hoped to have > a chance to resolve them over the past couple of months but have not as > yet been able to do so. I measured a small performance hit last time I > tried disabling the hardware tagging, perhaps a couple of percent, but > mileage may vary -- for in-bound packets, there's a small amount > additional work, but for outgoing packets you may see an extra memory > allocation for each encapsulated packet (it depends a bit on what you > send). If this appears to work properly for you, we should probably > commit the change so that what's in the tree works properly, even if it's > slightly slower. IMO this is a good idea. -- Maxim Konovalov From owner-freebsd-net@FreeBSD.ORG Thu Jan 20 17:04:16 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 451DF16A4CE; Thu, 20 Jan 2005 17:04:16 +0000 (GMT) Received: from citadel.icyb.net.ua (citadel.icyb.net.ua [212.40.38.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E42143D31; Thu, 20 Jan 2005 17:04:14 +0000 (GMT) (envelope-from avg@icyb.net.ua) Received: from [212.40.38.87] (oddity.topspin.kiev.ua [212.40.38.87]) by citadel.icyb.net.ua (8.8.8p3/ICyb-2.3exp) with ESMTP id TAA04975; Thu, 20 Jan 2005 19:04:12 +0200 (EET) (envelope-from avg@icyb.net.ua) Message-ID: <41EFE48C.5040206@icyb.net.ua> Date: Thu, 20 Jan 2005 19:04:12 +0200 From: Andriy Gapon User-Agent: Mozilla Thunderbird 1.0 (X11/20041230) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org, freebsd-security@freebsd.org Content-Type: text/plain; charset=KOI8-U Content-Transfer-Encoding: 7bit Subject: ipsec vs. broadcast X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2005 17:04:16 -0000 Maybe this is already fixed in the newer code, I am still on 5.2.1 and have a problem with traffic that originally goes to a broadcast ip address but then gets encrypted by ipsec and should go into a tunnel but when it is sent it has ethernet broadcast flag. Just to be clear: traffic originates on the same host which is a tunnel endpoint. It looks to me that a fix could be as simple as clearing M_BCAST in ipsec code (ipsec4_output), but I am not sure. -- Andriy Gapon From owner-freebsd-net@FreeBSD.ORG Thu Jan 20 18:03:00 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 66FC116A4CE; Thu, 20 Jan 2005 18:03:00 +0000 (GMT) Received: from mx0.nttmcl.com (MX0.nttmcl.com [216.69.68.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 151D743D5A; Thu, 20 Jan 2005 18:03:00 +0000 (GMT) (envelope-from henrysu@nttmcl.com) Received: from nttmcljlsjk7s3 (dhcp227.nttmcl.com [216.69.69.227]) j0KI2xwa007013; Thu, 20 Jan 2005 10:02:59 -0800 From: "Henry Su" To: "angelito munez" , , Date: Thu, 20 Jan 2005 10:02:59 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <20050119184902.27562.qmail@web41012.mail.yahoo.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Subject: RE: need help X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: henrysu@nttmcl.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2005 18:03:00 -0000 You can google it, there're many articles. Breifly answer your question: 1. Compile kernel to support ipfw (firewall). 2. Edit /etc/sysctl.conf add "net.inet.ip.forwarding=1" for routing. Good luck. -----Original Message----- From: owner-freebsd-net@freebsd.org [mailto:owner-freebsd-net@freebsd.org]On Behalf Of angelito munez Sent: Wednesday, January 19, 2005 10:49 AM To: freebsd-questions@freebsd.org; freebsd-net@freebsd.org Subject: need help Hi,.. I just formatted freeBSD4.9. i want it run as a router and a firewall. does anybody out here can help me out.. and commands do i want.. from complete to become a sevver.. thanks.. --------------------------------- Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term' _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Thu Jan 20 19:00:50 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 02FF316A54D for ; Thu, 20 Jan 2005 19:00:50 +0000 (GMT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id B13EE43D58 for ; Thu, 20 Jan 2005 19:00:49 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id j0KJ5JFF023838; Thu, 20 Jan 2005 11:05:19 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id j0KJ5GTb023832; Thu, 20 Jan 2005 11:05:16 -0800 Date: Thu, 20 Jan 2005 11:05:16 -0800 From: Brooks Davis To: Boris Kovalenko Message-ID: <20050120190516.GA12156@odin.ac.hmc.edu> References: <41EF9495.5080601@ntmk.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="X1bOJ3K7DJ5YkBrT" Content-Disposition: inline In-Reply-To: <41EF9495.5080601@ntmk.ru> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu cc: freebsd-net@freebsd.org Subject: Re: [PATCH] 802.1p priority (fixed) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2005 19:00:50 -0000 --X1bOJ3K7DJ5YkBrT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 20, 2005 at 04:23:01PM +0500, Boris Kovalenko wrote: > Hello! >=20 > Sorry, when compiling all in one, have used one older wrong diff. Of=20 > course, this one should be used. If BSD community will approve my patch,= =20 > I also will make updates to vlan(4) and ifconfig(8) man pages. > Because of my little BSD network infrastructure knowledge I hope that=20 > guru will look at it and point me to the right way :) This lets you create vlans, but I'm not sure what the point is if nothing is done with the priority. Is it simply that it lets you handle traffic that is tagged this way and that your output packets have priority one on the network? I'm not sure what the intent of 802.1p priority is. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --X1bOJ3K7DJ5YkBrT Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFB8ADrXY6L6fI4GtQRArUlAJ4vcencNIlIcJ9nwJnYCwo3yPoVXQCfW/bu 4nXCVZO1c3AOco+kE9O0MFw= =+lv/ -----END PGP SIGNATURE----- --X1bOJ3K7DJ5YkBrT-- From owner-freebsd-net@FreeBSD.ORG Thu Jan 20 19:30:06 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4260A16A4CE; Thu, 20 Jan 2005 19:30:06 +0000 (GMT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 06C4E43D2F; Thu, 20 Jan 2005 19:30:06 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id j0KJYYJ4030560; Thu, 20 Jan 2005 11:34:34 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id j0KJYWNQ030558; Thu, 20 Jan 2005 11:34:32 -0800 Date: Thu, 20 Jan 2005 11:34:32 -0800 From: Brooks Davis To: Gleb Smirnoff Message-ID: <20050120193432.GB12156@odin.ac.hmc.edu> References: <20050117200610.GA90866@cell.sick.ru> <20050118183558.GA15150@odin.ac.hmc.edu> <41ED8D63.8090205@elischer.org> <20050119084526.GA5119@cell.sick.ru> <41EE2933.4090404@elischer.org> <20050120134553.GB18668@cell.sick.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="s2ZSL+KKDSLx8OML" Content-Disposition: inline In-Reply-To: <20050120134553.GB18668@cell.sick.ru> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu cc: Julian Elischer cc: net@freebsd.org Subject: Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2005 19:30:06 -0000 --s2ZSL+KKDSLx8OML Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 20, 2005 at 04:45:53PM +0300, Gleb Smirnoff wrote: > Julian, >=20 > On Wed, Jan 19, 2005 at 01:32:35AM -0800, Julian Elischer wrote: > J> I'm not sure they do two different things.. Each represents a place t= o=20 > J> send packets. > J> If each active divert socket number had a pointer to the module to whi= ch it > J> was attached then you could divert to either in-kernel netgraph targe= ts or > J> to userland socket based targets. Currently of you divert to a divert > J> 'port number' and nothing is attached to it, the packet is dropped. > J> If a divert socket is attached to it, it is sent ot teh socket. > J> I would just suggest that is not a great leap of imagination that > J> attaching to a hook named 3245 would attach a netgrpah hook to the ipfw > J> code in the sam enamespace as the divert portnumber, and that a > J> subsequent attempt to attach a divert socket to that port number woild > J> fail. The packets diverted there would simply go to the netgraph hook > J> instead of going to a socket or being dropped. >=20 > Well, I've considered this. We are going to have these negatives with thi= s change: >=20 > 1) require divert loaded/compiled, when we are going to work with a compl= etely > different thing. > 2) Acquire & drop lock on divert pcb info for each packet going into netg= raph. > 3) Extensively hack divert_packet()... Let me explain. The place where we= can tell > whether we have a socket diversion or a netgraph diversion, is at the ver= y end > of divert_packet(). Before this place many things are done, which does no= t apply > to a netgraph diversion. > This hacking may bring bugs into divert infrastructure, and add extra CPU= cycles > for case of netgraph forwarding. I think saving one keyword for ipfw2 doe= sn't > worth this hacks. I think the code should be committed more or less as is. I think the netgraph and divert features are relatively orthogonal. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --s2ZSL+KKDSLx8OML Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFB8AfHXY6L6fI4GtQRApD4AJ9sfHgburFQ/DsZ4a11f+7l4utffwCfRjBJ wvjSP1I/yZk3RlduFqzE+9g= =c/vg -----END PGP SIGNATURE----- --s2ZSL+KKDSLx8OML-- From owner-freebsd-net@FreeBSD.ORG Thu Jan 20 20:23:27 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 43D4316A4CE for ; Thu, 20 Jan 2005 20:23:27 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 26C5D43D49 for ; Thu, 20 Jan 2005 20:23:26 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 46345 invoked from network); 20 Jan 2005 20:05:32 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 20 Jan 2005 20:05:32 -0000 Message-ID: <41F0133B.D39006B3@freebsd.org> Date: Thu, 20 Jan 2005 21:23:23 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Brooks Davis References: <20050117200610.GA90866@cell.sick.ru> <41ED8D63.8090205@elischer.org> <20050119084526.GA5119@cell.sick.ru> <41EE2933.4090404@elischer.org> <20050120193432.GB12156@odin.ac.hmc.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: Julian Elischer cc: net@freebsd.org Subject: Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) andnetgraph(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2005 20:23:27 -0000 Brooks Davis wrote: > > On Thu, Jan 20, 2005 at 04:45:53PM +0300, Gleb Smirnoff wrote: > > Julian, > > > > On Wed, Jan 19, 2005 at 01:32:35AM -0800, Julian Elischer wrote: > > J> I'm not sure they do two different things.. Each represents a place to > > J> send packets. > > J> If each active divert socket number had a pointer to the module to which it > > J> was attached then you could divert to either in-kernel netgraph targets or > > J> to userland socket based targets. Currently of you divert to a divert > > J> 'port number' and nothing is attached to it, the packet is dropped. > > J> If a divert socket is attached to it, it is sent ot teh socket. > > J> I would just suggest that is not a great leap of imagination that > > J> attaching to a hook named 3245 would attach a netgrpah hook to the ipfw > > J> code in the sam enamespace as the divert portnumber, and that a > > J> subsequent attempt to attach a divert socket to that port number woild > > J> fail. The packets diverted there would simply go to the netgraph hook > > J> instead of going to a socket or being dropped. > > > > Well, I've considered this. We are going to have these negatives with this change: > > > > 1) require divert loaded/compiled, when we are going to work with a completely > > different thing. > > 2) Acquire & drop lock on divert pcb info for each packet going into netgraph. > > 3) Extensively hack divert_packet()... Let me explain. The place where we can tell > > whether we have a socket diversion or a netgraph diversion, is at the very end > > of divert_packet(). Before this place many things are done, which does not apply > > to a netgraph diversion. > > This hacking may bring bugs into divert infrastructure, and add extra CPU cycles > > for case of netgraph forwarding. I think saving one keyword for ipfw2 doesn't > > worth this hacks. > > I think the code should be committed more or less as is. I think the > netgraph and divert features are relatively orthogonal. Ok, I agree after looking more into it and reviewing Gebius code. However there are some potentially serious problems that may emerge with netgraph in the ipfw picture. So far nothing in ipfw is causing a stall or overly deep stack in or out of ipfw. Divert queues to a socket and dummynet queues to a queue. There is a break and some other mechanism takes it from there. With ipfw_netgraph this changes and potentially any number of netgraph nodes can run behind this ipfw_netgraph divert while we are in ip_input() and ipfw_check_in() plus we hold the SX lock on the pfil hook. A processing through of the packet causes it to enter ip_input() and ipfw_check_in() again while we are still in the first one potentially holding locks. This can repeat a number of time with multiple ipfw netgraph diversion rules. There are two ways of solving this. One is to decouple the netgraph from ipfw and to go through a netisr queue in the ipfw_netgraph node. The other is to process the netgraph hooks while holding the stack and to wait for the packet to come back and reintroduce it to ipfw with the "again:" goto as it is done with 'tee'. I don't know if this is possible at all with netgraph. I have sent my direct code comments to the patch in private email. When the highlighted problems are solved I'm fine with it. -- Andre From owner-freebsd-net@FreeBSD.ORG Thu Jan 20 20:32:10 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F58116A4CE for ; Thu, 20 Jan 2005 20:32:10 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2BEC643D41 for ; Thu, 20 Jan 2005 20:32:09 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 46410 invoked from network); 20 Jan 2005 20:14:15 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 20 Jan 2005 20:14:15 -0000 Message-ID: <41F01547.35D1B582@freebsd.org> Date: Thu, 20 Jan 2005 21:32:07 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Boris Kovalenko References: <41EF2B6C.2090609@ntmk.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: [PATCH] 802.1p priority X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2005 20:32:10 -0000 Boris Kovalenko wrote: > > Hello! > > I want to implement 802.1p priority tagging for VLAN. I made this dirty > patch and wonder - it works for me. May somebody look at it and tell me > is this enough for BSD community or should I look and patch something more? Not a bad idea. :-) To make it perfect the packet priority should be settable from anywhere in the system (ipfw, dummynet, pf, etc.) through a mtag and then inserted into the ethernet frame header. And it should for for "untagged" frames too. You don't have to code that though. ;-) Please file this patch as PR and post the PR number so we don't forget about it. -- Andre > -- > With respect, > Boris > > -------------------------------------------------------------------------------- > --- sbin/ifconfig/ifconfig.h.orig Wed Jan 19 10:44:20 2005 > +++ sbin/ifconfig/ifconfig.h Wed Jan 19 10:09:57 2005 > @@ -49,6 +49,7 @@ > > extern void setvlantag(const char *, int, int, const struct afswtch *rafp); > extern void setvlandev(const char *, int, int, const struct afswtch *rafp); > +extern void setvlanpri(const char *, int, int, const struct afswtch *rafp); > extern void unsetvlandev(const char *, int, int, const struct afswtch *rafp); > extern void vlan_status(int s, struct rt_addrinfo *); > > --- sbin/ifconfig/ifvlan.c.orig Thu Apr 18 23:14:09 2002 > +++ sbin/ifconfig/ifvlan.c Wed Jan 19 10:46:52 2005 > @@ -59,6 +59,7 @@ > "$FreeBSD: src/sbin/ifconfig/ifvlan.c,v 1.5 2002/04/18 17:14:09 imp Exp $"; > #endif > static int __tag = 0; > +static int __pri = 0; > static int __have_tag = 0; > > void > @@ -72,9 +73,9 @@ > if (ioctl(s, SIOCGETVLAN, (caddr_t)&ifr) == -1) > return; > > - printf("\tvlan: %d parent interface: %s\n", > - vreq.vlr_tag, vreq.vlr_parent[0] == '\0' ? > - "" : vreq.vlr_parent); > + printf("\tvlan: %d parent interface: %s 802.1p: %d\n", > + EVL_VLANOFTAG(vreq.vlr_tag), vreq.vlr_parent[0] == '\0' ? > + "" : vreq.vlr_parent, EVL_PRIOFTAG(vreq.vlr_tag)); > > return; > } > @@ -94,7 +95,29 @@ > if (ioctl(s, SIOCGETVLAN, (caddr_t)&ifr) == -1) > err(1, "SIOCGETVLAN"); > > - vreq.vlr_tag = tag; > + vreq.vlr_tag = EVL_MAKETAG(tag, __pri); > + > + if (ioctl(s, SIOCSETVLAN, (caddr_t)&ifr) == -1) > + err(1, "SIOCSETVLAN"); > + > + return; > +} > + > +void > +setvlanpri(const char *val, int d, int s, const struct afswtch *afp) > +{ > + u_int16_t pri; > + struct vlanreq vreq; > + > + __pri = pri = atoi(val); > + > + bzero((char *)&vreq, sizeof(struct vlanreq)); > + ifr.ifr_data = (caddr_t)&vreq; > + > + if (ioctl(s, SIOCGETVLAN, (caddr_t)&ifr) == -1) > + err(1, "SIOCGETVLAN"); > + > + vreq.vlr_tag = EVL_MAKETAG(EVL_VLANOFTAG(vreq.vlr_tag), pri); > > if (ioctl(s, SIOCSETVLAN, (caddr_t)&ifr) == -1) > err(1, "SIOCSETVLAN"); > @@ -117,7 +140,7 @@ > err(1, "SIOCGETVLAN"); > > strncpy(vreq.vlr_parent, val, sizeof(vreq.vlr_parent)); > - vreq.vlr_tag = __tag; > + vreq.vlr_tag = EVL_MAKETAG(__tag, __pri); > > if (ioctl(s, SIOCSETVLAN, (caddr_t)&ifr) == -1) > err(1, "SIOCSETVLAN"); > --- sys/net/if_vlan_var.h.orig Mon Jan 19 00:29:04 2004 > +++ sys/net/if_vlan_var.h Wed Jan 19 10:42:04 2005 > @@ -43,6 +43,7 @@ > #define EVL_VLID_MASK 0x0FFF > #define EVL_VLANOFTAG(tag) ((tag) & EVL_VLID_MASK) > #define EVL_PRIOFTAG(tag) (((tag) >> 13) & 7) > +#define EVL_MAKETAG(tag,pri) ((((pri) & 7) << 13) | ((tag) & EVL_VLID_MASK)) > > /* sysctl(3) tags, for compatibility purposes */ > #define VLANCTL_PROTO 1 > @@ -52,8 +53,8 @@ > * Configuration structure for SIOCSETVLAN and SIOCGETVLAN ioctls. > */ > struct vlanreq { > - char vlr_parent[IFNAMSIZ]; > - u_short vlr_tag; > + char vlr_parent[IFNAMSIZ]; > + u_int16_t vlr_tag; > }; > #define SIOCSETVLAN SIOCSIFGENERIC > #define SIOCGETVLAN SIOCGIFGENERIC > --- sys/net/if_vlan.c.orig Wed Jan 19 10:40:32 2005 > +++ sys/net/if_vlan.c Wed Jan 19 10:42:22 2005 > @@ -930,15 +930,6 @@ > error = ENOENT; > break; > } > - /* > - * Don't let the caller set up a VLAN tag with > - * anything except VLID bits. > - */ > - > - if (vlr.vlr_tag & ~EVL_VLID_MASK) { > - error = EINVAL; > - break; > - } > > VLAN_LOCK(); > error = vlan_config(ifv, p); > --- sbin/ifconfig/ifconfig.c.orig Wed Jan 19 10:56:44 2005 > +++ sbin/ifconfig/ifconfig.c Wed Jan 19 10:56:24 2005 > @@ -248,6 +248,7 @@ > #ifdef USE_VLANS > { "vlan", NEXTARG, setvlantag }, > { "vlandev", NEXTARG, setvlandev }, > + { "vlanpri", NEXTARG, setvlandev }, > { "-vlandev", NEXTARG, unsetvlandev }, > #endif > #if 0 > > -------------------------------------------------------------------------------- > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Thu Jan 20 21:11:13 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6376216A4CE for ; Thu, 20 Jan 2005 21:11:13 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id C766143D45 for ; Thu, 20 Jan 2005 21:11:12 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 46640 invoked from network); 20 Jan 2005 20:53:19 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 20 Jan 2005 20:53:19 -0000 Message-ID: <41F01E6E.ACF548A@freebsd.org> Date: Thu, 20 Jan 2005 22:11:10 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Mike Silbersack References: <6.1.1.1.2.20050110103857.045a9a68@81.255.84.73> <20050116191002.W7264@odysseus.silby.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: Len Conrad cc: freebsd-net@freebsd.org cc: Lars Erik Gullerud Subject: Re: buildup of Windows time_wait talking to fbsd 4.10 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2005 21:11:13 -0000 Mike Silbersack wrote: > > FWIW, when doing some benchmarking of apache vs thttpd a long while ago, I > found results similar to Lars. When I used one program for benchmarking, > the TIME_WAIT sockets would build up on the client side. When I used > another program, the TIME_WAIT sockets built up on the server-side, and > were subsequently recycled. This depends on the side that closes the TCP connection first. It goes either way. -- Andre From owner-freebsd-net@FreeBSD.ORG Thu Jan 20 21:38:16 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A2A2616A4CE; Thu, 20 Jan 2005 21:38:16 +0000 (GMT) Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 399CF43D1D; Thu, 20 Jan 2005 21:38:16 +0000 (GMT) (envelope-from julian@elischer.org) Received: from elischer.org (julian.vicor-nb.com [208.206.78.97]) by mail.vicor-nb.com (Postfix) with ESMTP id D12607A403; Thu, 20 Jan 2005 13:38:15 -0800 (PST) Message-ID: <41F024C7.30203@elischer.org> Date: Thu, 20 Jan 2005 13:38:15 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3.1) Gecko/20030516 X-Accept-Language: en, hu MIME-Version: 1.0 To: Brooks Davis References: <20050117200610.GA90866@cell.sick.ru> <20050118183558.GA15150@odin.ac.hmc.edu> <41ED8D63.8090205@elischer.org> <20050119084526.GA5119@cell.sick.ru> <41EE2933.4090404@elischer.org> <20050120134553.GB18668@cell.sick.ru> <20050120193432.GB12156@odin.ac.hmc.edu> In-Reply-To: <20050120193432.GB12156@odin.ac.hmc.edu> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: net@freebsd.org Subject: Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2005 21:38:16 -0000 Gleb, as long as you have done enuogh work to evaluate other options (as you have,) I have no objection to you committing your original idea. Brooks Davis wrote: >On Thu, Jan 20, 2005 at 04:45:53PM +0300, Gleb Smirnoff wrote: > > >> Julian, >> >>On Wed, Jan 19, 2005 at 01:32:35AM -0800, Julian Elischer wrote: >>J> I'm not sure they do two different things.. Each represents a place to >>J> send packets. >>J> If each active divert socket number had a pointer to the module to which it >>J> was attached then you could divert to either in-kernel netgraph targets or >>J> to userland socket based targets. Currently of you divert to a divert >>J> 'port number' and nothing is attached to it, the packet is dropped. >>J> If a divert socket is attached to it, it is sent ot teh socket. >>J> I would just suggest that is not a great leap of imagination that >>J> attaching to a hook named 3245 would attach a netgrpah hook to the ipfw >>J> code in the sam enamespace as the divert portnumber, and that a >>J> subsequent attempt to attach a divert socket to that port number woild >>J> fail. The packets diverted there would simply go to the netgraph hook >>J> instead of going to a socket or being dropped. >> >>Well, I've considered this. We are going to have these negatives with this change: >> >>1) require divert loaded/compiled, when we are going to work with a completely >> different thing. >>2) Acquire & drop lock on divert pcb info for each packet going into netgraph. >>3) Extensively hack divert_packet()... Let me explain. The place where we can tell >>whether we have a socket diversion or a netgraph diversion, is at the very end >>of divert_packet(). Before this place many things are done, which does not apply >>to a netgraph diversion. >>This hacking may bring bugs into divert infrastructure, and add extra CPU cycles >>for case of netgraph forwarding. I think saving one keyword for ipfw2 doesn't >>worth this hacks. >> >> > >I think the code should be committed more or less as is. I think the >netgraph and divert features are relatively orthogonal. > >-- Brooks > > > From owner-freebsd-net@FreeBSD.ORG Fri Jan 21 00:46:00 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F9AC16A4CE for ; Fri, 21 Jan 2005 00:46:00 +0000 (GMT) Received: from digger1.defence.gov.au (digger1.defence.gov.au [203.5.217.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1804443D39 for ; Fri, 21 Jan 2005 00:45:54 +0000 (GMT) (envelope-from wilkinsa@squash.dsto.defence.gov.au) Received: from ednmsw503.dsto.defence.gov.au (ednmsw503.dsto.defence.gov.au [131.185.2.150]) by digger1.defence.gov.au with ESMTP id j0L0ige9012547 for ; Fri, 21 Jan 2005 11:14:42 +1030 (CST) Received: from muttley.dsto.defence.gov.au (unverified) by ednmsw503.dsto.defence.gov.au (Content Technologies SMTPRS 4.3.10) with ESMTP id for ; Fri, 21 Jan 2005 11:15:47 +1030 Received: from ednex501.dsto.defence.gov.au (ednex501.dsto.defence.gov.au [131.185.2.81]) by muttley.dsto.defence.gov.au (8.11.3/8.11.3) with ESMTP id j0L0hiQ32243 for ; Fri, 21 Jan 2005 11:13:44 +1030 (CST) Received: from squash.dsto.defence.gov.au ([131.185.40.212]) by ednex501.dsto.defence.gov.au with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id YK38NZKS; Fri, 21 Jan 2005 11:13:15 +1030 Received: from squash.dsto.defence.gov.au (localhost [127.0.0.1]) by squash.dsto.defence.gov.au (8.12.11/8.12.11) with ESMTP id j0L0im6d081603 for ; Fri, 21 Jan 2005 11:14:48 +1030 (CST) (envelope-from wilkinsa@squash.dsto.defence.gov.au) Received: (from wilkinsa@localhost) by squash.dsto.defence.gov.au (8.12.11/8.12.11/Submit) id j0L0imZB081602 for net@freebsd.org; Fri, 21 Jan 2005 11:14:48 +1030 (CST) (envelope-from wilkinsa) Date: Fri, 21 Jan 2005 11:14:48 +1030 From: "Wilkinson, Alex" To: net@freebsd.org Message-ID: <20050121004448.GE81070@squash.dsto.defence.gov.au> Mail-Followup-To: net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline User-Agent: Mutt/1.5.6i Subject: Network Emulation Software [recomendations please ?] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2005 00:46:00 -0000 Hi all, I would like to find some network simulation software that is similar but better than NIST Net [http://www-x.antd.nist.gov/nistnet/]. Can anyone recommend any network simulation software that "is a general-purpose tool for emulating performance dynamics in IP networks". Cheers - aW From owner-freebsd-net@FreeBSD.ORG Fri Jan 21 00:53:30 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5257F16A4CE for ; Fri, 21 Jan 2005 00:53:30 +0000 (GMT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1258743D4C for ; Fri, 21 Jan 2005 00:53:30 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id j0L0rTVK015303 for ; Thu, 20 Jan 2005 16:53:29 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id j0L0rT0k015302 for net@freebsd.org; Thu, 20 Jan 2005 16:53:29 -0800 Date: Thu, 20 Jan 2005 16:53:29 -0800 From: Brooks Davis To: net@freebsd.org Message-ID: <20050121005329.GA14469@odin.ac.hmc.edu> References: <20050121004448.GE81070@squash.dsto.defence.gov.au> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="6TrnltStXW4iwmi0" Content-Disposition: inline In-Reply-To: <20050121004448.GE81070@squash.dsto.defence.gov.au> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu Subject: Re: Network Emulation Software [recomendations please ?] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2005 00:53:30 -0000 --6TrnltStXW4iwmi0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 21, 2005 at 11:14:48AM +1030, Wilkinson, Alex wrote: > Hi all, >=20 > I would like to find some network simulation software that is similar but > better than NIST Net [http://www-x.antd.nist.gov/nistnet/]. >=20 > Can anyone recommend any network simulation software that "is a > general-purpose tool for emulating performance dynamics in IP > networks". You can do many of the things NIST Net does with dummynet. You don't get a GUI, but that could be either a plus or a minus. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --6TrnltStXW4iwmi0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFB8FKJXY6L6fI4GtQRAkmKAKDO2PKOYhLhws0dQkHzOJbgvJatyACeILHb bkM2L/mmFkZ5hYkWI8MBLvo= =6mM4 -----END PGP SIGNATURE----- --6TrnltStXW4iwmi0-- From owner-freebsd-net@FreeBSD.ORG Fri Jan 21 01:05:55 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 95C6A16A4CE for ; Fri, 21 Jan 2005 01:05:55 +0000 (GMT) Received: from digger1.defence.gov.au (digger1.defence.gov.au [203.5.217.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id DEFD143D49 for ; Fri, 21 Jan 2005 01:05:54 +0000 (GMT) (envelope-from wilkinsa@squash.dsto.defence.gov.au) Received: from ednmsw503.dsto.defence.gov.au (ednmsw503.dsto.defence.gov.au [131.185.2.150]) by digger1.defence.gov.au with ESMTP id j0L14gM6014599 for ; Fri, 21 Jan 2005 11:34:42 +1030 (CST) Received: from muttley.dsto.defence.gov.au (unverified) by ednmsw503.dsto.defence.gov.au (Content Technologies SMTPRS 4.3.10) with ESMTP id for ; Fri, 21 Jan 2005 11:35:48 +1030 Received: from ednex501.dsto.defence.gov.au (ednex501.dsto.defence.gov.au [131.185.2.81]) by muttley.dsto.defence.gov.au (8.11.3/8.11.3) with ESMTP id j0L13eQ03629 for ; Fri, 21 Jan 2005 11:33:41 +1030 (CST) Received: from squash.dsto.defence.gov.au ([131.185.40.212]) by ednex501.dsto.defence.gov.au with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id YK38N5KJ; Fri, 21 Jan 2005 11:33:12 +1030 Received: from squash.dsto.defence.gov.au (localhost [127.0.0.1]) by squash.dsto.defence.gov.au (8.12.11/8.12.11) with ESMTP id j0L14jsd081722 for ; Fri, 21 Jan 2005 11:34:45 +1030 (CST) (envelope-from wilkinsa@squash.dsto.defence.gov.au) Received: (from wilkinsa@localhost) by squash.dsto.defence.gov.au (8.12.11/8.12.11/Submit) id j0L14j1A081721 for net@freebsd.org; Fri, 21 Jan 2005 11:34:45 +1030 (CST) (envelope-from wilkinsa) Date: Fri, 21 Jan 2005 11:34:45 +1030 From: "Wilkinson, Alex" To: net@freebsd.org Message-ID: <20050121010445.GG81070@squash.dsto.defence.gov.au> Mail-Followup-To: net@freebsd.org References: <20050121005329.GA14469@odin.ac.hmc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <20050121005329.GA14469@odin.ac.hmc.edu> User-Agent: Mutt/1.5.6i Subject: Re: Re: Network Emulation Software [recomendations pl ease ?] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2005 01:05:55 -0000 0n Fri, Jan 21, 2005 at 11:23:29AM +1030, Brooks Davis wrote: >On Fri, Jan 21, 2005 at 11:14:48AM +1030, Wilkinson, Alex wrote: >> Hi all, >> >> I would like to find some network simulation software that is similar >but >> better than NIST Net [http://www-x.antd.nist.gov/nistnet/]. >> >> Can anyone recommend any network simulation software that "is a >> general-purpose tool for emulating performance dynamics in IP >> networks". > >You can do many of the things NIST Net does with dummynet. You don't >get a GUI, but that could be either a plus or a minus. No port ? # grep -i dummy /usr/ports/INDEX-5 | /usr/bin/awk -F\| '{print $2}' # - aW From owner-freebsd-net@FreeBSD.ORG Fri Jan 21 01:07:06 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 357D116A4CE for ; Fri, 21 Jan 2005 01:07:06 +0000 (GMT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C59D43D31 for ; Fri, 21 Jan 2005 01:07:06 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id j0L176hw020477 for ; Thu, 20 Jan 2005 17:07:06 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id j0L176Kt020476 for net@freebsd.org; Thu, 20 Jan 2005 17:07:06 -0800 Date: Thu, 20 Jan 2005 17:07:06 -0800 From: Brooks Davis To: net@freebsd.org Message-ID: <20050121010706.GA19651@odin.ac.hmc.edu> References: <20050121005329.GA14469@odin.ac.hmc.edu> <20050121010445.GG81070@squash.dsto.defence.gov.au> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="n8g4imXOkfNTN/H1" Content-Disposition: inline In-Reply-To: <20050121010445.GG81070@squash.dsto.defence.gov.au> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu Subject: Re: Re: Network Emulation Software [recomendations pl ease ?] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2005 01:07:06 -0000 --n8g4imXOkfNTN/H1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 21, 2005 at 11:34:45AM +1030, Wilkinson, Alex wrote: > 0n Fri, Jan 21, 2005 at 11:23:29AM +1030, Brooks Davis wrote:=20 >=20 > >On Fri, Jan 21, 2005 at 11:14:48AM +1030, Wilkinson, Alex wrote: > >> Hi all, > >>=20 > >> I would like to find some network simulation software that is simi= lar > >but > >> better than NIST Net [http://www-x.antd.nist.gov/nistnet/]. > >>=20 > >> Can anyone recommend any network simulation software that "is a > >> general-purpose tool for emulating performance dynamics in IP > >> networks". > > > >You can do many of the things NIST Net does with dummynet. You don't > >get a GUI, but that could be either a plus or a minus. >=20 > No port ?=20 >=20 > # grep -i dummy /usr/ports/INDEX-5 | /usr/bin/awk -F\| '{print $2}' > # man dummynet man ipfw -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --n8g4imXOkfNTN/H1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFB8FW5XY6L6fI4GtQRAkM7AKCoKP2ZNC93XJgqSXqxSBi5CnDDigCghXRf 6P71VH2FqYHRgeRjSR0L9is= =xnv7 -----END PGP SIGNATURE----- --n8g4imXOkfNTN/H1-- From owner-freebsd-net@FreeBSD.ORG Fri Jan 21 03:25:27 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D6BFD16A4CE for ; Fri, 21 Jan 2005 03:25:27 +0000 (GMT) Received: from mail.ntmk.ru (mail.ntmk.ru [217.114.241.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id AC63143D3F for ; Fri, 21 Jan 2005 03:25:26 +0000 (GMT) (envelope-from boris@ntmk.ru) Received: from boris.nikom.ru ([10.1.16.195]) by mail.ntmk.ru with esmtp (Exim 4.34) id 1CrpQI-0005Fe-F0; Fri, 21 Jan 2005 08:25:22 +0500 Message-ID: <41F07622.5040102@ntmk.ru> Date: Fri, 21 Jan 2005 08:25:22 +0500 From: Boris Kovalenko User-Agent: Mozilla Thunderbird 1.0 (X11/20041228) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Brooks Davis , freebsd-net@freebsd.org References: <41EF9495.5080601@ntmk.ru> <20050120190516.GA12156@odin.ac.hmc.edu> In-Reply-To: <20050120190516.GA12156@odin.ac.hmc.edu> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: [PATCH] 802.1p priority (fixed) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2005 03:25:27 -0000 Brooks Davis wrote: >>Because of my little BSD network infrastructure knowledge I hope that >>guru will look at it and point me to the right way :) > > This lets you create vlans, but I'm not sure what the point is if > nothing is done with the priority. Is it simply that it lets you handle > traffic that is tagged this way and that your output packets have > priority one on the network? I'm not sure what the intent of 802.1p > priority is. Yes, the outgoing packets are tagged with specified priority. Then next device (Cisco Catalyst for example) will assign traffic to different queues according to 802.1p header information. The only thing (IMHO) that may be coded for FreeBSD is to allow PF & IPFW assign packets to ALTQ or DUMMYNET according 802.1p information. > > -- Brooks > -- ó Õ×ÁÖÅÎÉÅÍ, âÏÒÉÓ ëÏ×ÁÌÅÎËÏ ïáï "îôíë" +7 (3435) 497623 From owner-freebsd-net@FreeBSD.ORG Fri Jan 21 03:34:38 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 02EEA16A4CE; Fri, 21 Jan 2005 03:34:38 +0000 (GMT) Received: from mail.ntmk.ru (mail.ntmk.ru [217.114.241.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B00743D46; Fri, 21 Jan 2005 03:34:37 +0000 (GMT) (envelope-from boris@ntmk.ru) Received: from boris.nikom.ru ([10.1.16.195]) by mail.ntmk.ru with esmtp (Exim 4.34) id 1CrpZE-0005v6-36; Fri, 21 Jan 2005 08:34:36 +0500 Message-ID: <41F0784B.4040109@ntmk.ru> Date: Fri, 21 Jan 2005 08:34:35 +0500 From: Boris Kovalenko User-Agent: Mozilla Thunderbird 1.0 (X11/20041228) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Andre Oppermann , freebsd-net@freebsd.org References: <41EF2B6C.2090609@ntmk.ru> <41F01547.35D1B582@freebsd.org> In-Reply-To: <41F01547.35D1B582@freebsd.org> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PATCH] 802.1p priority X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2005 03:34:38 -0000 Andre Oppermann wrote: >>is this enough for BSD community or should I look and patch something more? > Not a bad idea. :-) Thanks :) > > To make it perfect the packet priority should be settable from anywhere > in the system (ipfw, dummynet, pf, etc.) through a mtag and then inserted > into the ethernet frame header. And it should for for "untagged" frames > too. You don't have to code that though. ;-) Hmmm... I have no knowledge how to do so. If You point me to docs I'll read. > > Please file this patch as PR and post the PR number so we don't forget > about it. Ok, I'll do it more complex. Now, the vlan driver honor the 802.1Q specification and forgot about CFI field too. Yes, it mostly is 0, but someone (especially in FDDI enviroment) may want to set it to 1. So my next patch will allow to set CFI & 802.1p fields. > -- With respect, Boris From owner-freebsd-net@FreeBSD.ORG Fri Jan 21 04:01:36 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1811216A4CE for ; Fri, 21 Jan 2005 04:01:36 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id AEAC043D31 for ; Fri, 21 Jan 2005 04:01:35 +0000 (GMT) (envelope-from fehwalker@gmail.com) Received: by wproxy.gmail.com with SMTP id 63so138883wri for ; Thu, 20 Jan 2005 20:01:35 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=gkR5wW6DaV+zGgoCyh/f7R4Q/+EMqIIp9Tbaq7CgoSeOD4PVSVFy6hE1uBM++1rNt2NfVYiDtrC16x13cSzZFNZkmxbJGnn+Okp82ziXukuH69paN8ujY3CYDgQetbxRDMKv8aMDRGMbr3gbovv0N8QDlvG7cAxP/+QIcc33cQY= Received: by 10.54.19.17 with SMTP id 17mr31245wrs; Thu, 20 Jan 2005 20:01:35 -0800 (PST) Received: by 10.54.19.59 with HTTP; Thu, 20 Jan 2005 20:01:35 -0800 (PST) Message-ID: <35de0c30050120200116ab87d8@mail.gmail.com> Date: Thu, 20 Jan 2005 23:01:35 -0500 From: Bryan Fullerton To: freebsd-net@freebsd.org In-Reply-To: <35de0c3005011305585b2a83f8@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <35de0c3005011305585b2a83f8@mail.gmail.com> Subject: Re: em0 and pci interrupt routing? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Bryan Fullerton List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2005 04:01:36 -0000 FWIW, I updated from 5.3-RELEASE-p5 to 5.3-STABLE of 20050119 and am no longer seeing the "could not get PCI interrupt routing table" error noted below in dmesg. I'm unsure if this means the issue is gone or if it's just no longer logged. :/ The other issue I'm seeing (occasional sig11's with postfix's smtp client when there's moderate network and disk IO) still occurs. Thanks, Bryan On Thu, 13 Jan 2005 08:58:00 -0500, Bryan Fullerton wrote: > Howdy, > > I'm having some issues with a new server, and was wondering if the > interrupt routing message below could be indicating a problem that > needs investigation. > > pci0: on pcib0 > pcib1: at device 3.0 on pci0 > pcib1: could not get PCI interrupt routing table for \\_SB_.PCI0.P0P2 > - AE_NOT_FOUND > pci1: on pcib1 > em0: port > 0xcc00-0xcc1f mem 0xfb4e0000-0xfb4fffff irq 18 at device 1.0 on pci1 > em0: Ethernet address: 00:02:b3:ea:28:20 > em0: Speed:N/A Duplex:N/A > > The machine is using an Intel SE7210TP1-E motherboard, and the em0 > interface is onboard. I don't see any other PCI interrupt routing > messages in dmesg. > > Thanks, > Bryan > From owner-freebsd-net@FreeBSD.ORG Fri Jan 21 05:47:31 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ADE5216A4CE for ; Fri, 21 Jan 2005 05:47:31 +0000 (GMT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7EE6743D49 for ; Fri, 21 Jan 2005 05:47:31 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id j0L5lXuo032345; Thu, 20 Jan 2005 21:47:33 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id j0L5lWQw032342; Thu, 20 Jan 2005 21:47:32 -0800 Date: Thu, 20 Jan 2005 21:47:32 -0800 From: Brooks Davis To: Boris Kovalenko Message-ID: <20050121054732.GA30766@odin.ac.hmc.edu> References: <41EF9495.5080601@ntmk.ru> <20050120190516.GA12156@odin.ac.hmc.edu> <41F07622.5040102@ntmk.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="GvXjxJ+pjyke8COw" Content-Disposition: inline In-Reply-To: <41F07622.5040102@ntmk.ru> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu cc: freebsd-net@freebsd.org Subject: Re: [PATCH] 802.1p priority (fixed) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2005 05:47:31 -0000 --GvXjxJ+pjyke8COw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 21, 2005 at 08:25:22AM +0500, Boris Kovalenko wrote: > Brooks Davis wrote: > >>Because of my little BSD network infrastructure knowledge I hope that= =20 > >>guru will look at it and point me to the right way :) > > > >This lets you create vlans, but I'm not sure what the point is if > >nothing is done with the priority. Is it simply that it lets you handle > >traffic that is tagged this way and that your output packets have > >priority one on the network? I'm not sure what the intent of 802.1p > >priority is. > Yes, the outgoing packets are tagged with specified priority. Then next= =20 > device (Cisco Catalyst for example) will assign traffic to different=20 > queues according to 802.1p header information. The only thing (IMHO)=20 > that may be coded for FreeBSD is to allow PF & IPFW assign packets to=20 > ALTQ or DUMMYNET according 802.1p information. OK, that makes sense. Hmm, do we actually want to be using seperate interfaces for this? I'm sure it's very useful in some applications, but if the real point is to get packets on the wire with the priority tags, won't IPFW, PF, or maybe even the application be the best place for this tagging rather then effectivly using the source address to set it? Again, I'm not familiar with the way 802.1p is intended to work, so this may be a dumb question. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --GvXjxJ+pjyke8COw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFB8Jd0XY6L6fI4GtQRAuDuAJ9qWoMgvsCxhZPWvsl8I3WCPf4AmgCcCPpU 7+xCjUk/Hm5L1ugRLfnGSmQ= =N9Ci -----END PGP SIGNATURE----- --GvXjxJ+pjyke8COw-- From owner-freebsd-net@FreeBSD.ORG Fri Jan 21 06:42:37 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 94D2316A4CE for ; Fri, 21 Jan 2005 06:42:37 +0000 (GMT) Received: from mail.ntmk.ru (mail.ntmk.ru [217.114.241.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id B213F43D53 for ; Fri, 21 Jan 2005 06:42:34 +0000 (GMT) (envelope-from boris@ntmk.ru) Received: from boris.nikom.ru ([10.1.16.195]) by mail.ntmk.ru with esmtp (Exim 4.34) id 1CrsV6-0006NU-2V; Fri, 21 Jan 2005 11:42:32 +0500 Message-ID: <41F0A457.5010304@ntmk.ru> Date: Fri, 21 Jan 2005 11:42:31 +0500 From: Boris Kovalenko User-Agent: Mozilla Thunderbird 1.0 (X11/20041228) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Brooks Davis , freebsd-net@freebsd.org References: <41EF9495.5080601@ntmk.ru> <20050120190516.GA12156@odin.ac.hmc.edu> <41F07622.5040102@ntmk.ru> <20050121054732.GA30766@odin.ac.hmc.edu> In-Reply-To: <20050121054732.GA30766@odin.ac.hmc.edu> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PATCH] 802.1p priority (fixed) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2005 06:42:37 -0000 Brooks Davis wrote: Hello! >>Yes, the outgoing packets are tagged with specified priority. Then next >>device (Cisco Catalyst for example) will assign traffic to different >>queues according to 802.1p header information. The only thing (IMHO) >>that may be coded for FreeBSD is to allow PF & IPFW assign packets to >>ALTQ or DUMMYNET according 802.1p information. > > OK, that makes sense. Hmm, do we actually want to be using seperate > interfaces for this? I'm sure it's very useful in some applications, > but if the real point is to get packets on the wire with the priority > tags, won't IPFW, PF, or maybe even the application be the best place > for this tagging rather then effectivly using the source address to set > it? Again, I'm not familiar with the way 802.1p is intended to work, so > this may be a dumb question. By the usual way, application does not have access to Layer 2 headers, so it can not set 802.1p priority itself. It may only set ToS value, but Layer 2 switches can not access Layer 3 information :) Indeed I'm not familar with BSD network structure interoperability. Andre Oppermann said that there is a way to mark this packets with m_tag from PF/IPFW. So, if this is really possible, the best way (IMHO) should be: if packet, that going out the vlan iterface has m_tag with 802.1p, we use this value, or value provided for vlan instead. This is just the way Cisco Catalyst does: trust the received 802.1p inforamtion, or override it. > > -- Brooks > -- With respect, Boris From owner-freebsd-net@FreeBSD.ORG Fri Jan 21 09:30:09 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C54916A4CE; Fri, 21 Jan 2005 09:30:09 +0000 (GMT) Received: from mccinet.ru (relay.cell.ru [212.119.96.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6898A43D49; Fri, 21 Jan 2005 09:30:08 +0000 (GMT) (envelope-from dolgop@mccinet.ru) Received: from [212.1.235.150] (HELO server.dep624) by mccinet.ru (CommuniGate Pro SMTP 4.2.8) with ESMTP-TLS id 15549073; Fri, 21 Jan 2005 12:30:06 +0300 From: Evgeny Dolgopiat To: freebsd-cluster@freebsd.org Date: Fri, 21 Jan 2005 12:30:56 +0300 User-Agent: KMail/1.5.4 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200501211230.56044.dolgop@mccinet.ru> cc: freebsd-net@freebsd.org Subject: Re: New failure detection algorithm for ng_one2many. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: evg_dolgop@mail.ru List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2005 09:30:09 -0000 >>Evgeny Dolgopiat: >> >>I wrote new failure detection algorithm based on heartbeat signal for >>ng_one2many node. Features: >> >>- automatic detection of failures; >>- automatic detection of recoveries; >>- detection of point of failure (see diagnostics in man page); >>- configurable timing parameters of failure and recovery detection; >>- you can create your own heartbeat packet or use default; >>- you can set your rules for detecting that incoming packet is hearbeat >>packet; >>- heartbeat algorithm can be used for different network layers (not only >>ethernet layer). > >Is it possible to turn it off so that it wouldn't work at all? > >rik Failure detection could be turned off by control messages of ng_one2many. It didn't break default behaviour. It is turned off by default. See man page for details. From owner-freebsd-net@FreeBSD.ORG Fri Jan 21 11:00:53 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1843E16A4CE for ; Fri, 21 Jan 2005 11:00:53 +0000 (GMT) Received: from sv4.per.eftel.com (sv4.per.eftel.com [203.24.100.149]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9461943D48 for ; Fri, 21 Jan 2005 11:00:52 +0000 (GMT) (envelope-from dspezialie@gmail.com) Received: from dmz-mailhub (unknown [202.76.163.13]) by sv4.per.eftel.com (Postfix) with ESMTP id 87F3BBE1FB for ; Fri, 21 Jan 2005 19:00:48 +0800 (WST) Message-ID: <41F0E0B2.3030704@gmail.com> Date: Fri, 21 Jan 2005 22:00:02 +1100 From: David MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <6.1.1.1.2.20050110103857.045a9a68@81.255.84.73> <20050110101200.W13168@mail.foolishgames.com> <6.1.1.1.2.20050111154955.03efd268@81.255.84.73> In-Reply-To: <6.1.1.1.2.20050111154955.03efd268@81.255.84.73> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: buildup of Windows time_wait talking to fbsd 4.10 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: dspezialie@gmail.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2005 11:00:53 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Len Conrad mentioned the following, | [ snip ] |>> Suggestions with how to proceed debugging, please. |>> |>> I'm trying to get the dmesg.boot for the 4.7 and 4.10 boxes now, sorry. Do you have a problem with the resolver libraries on your new install? Is your DNS working ok from the new FW?. This could be holding up connections from the connecting MTA if it cannot resolve the connecting host. - -- david -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFB8OCygIX1LG8aIm4RAnAGAJ9ieFA8JZP4resyWmZKoze0K2p0AgCgigIo 2rs1k/JGQ9Zf+R8biE2pw0E= =0sYj -----END PGP SIGNATURE----- From owner-freebsd-net@FreeBSD.ORG Fri Jan 21 15:01:18 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B9F4816A4CE for ; Fri, 21 Jan 2005 15:01:18 +0000 (GMT) Received: from stephanie.unixdaemons.com (stephanie.unixdaemons.com [67.18.111.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F99A43D3F for ; Fri, 21 Jan 2005 15:01:18 +0000 (GMT) (envelope-from bmilekic@technokratis.com) Received: from stephanie.unixdaemons.com (bmilekic@localhost.unixdaemons.com [127.0.0.1])j0LF1GWK079987 for ; Fri, 21 Jan 2005 10:01:16 -0500 (EST) Received: (from bmilekic@localhost) by stephanie.unixdaemons.com (8.13.2/8.12.1/Submit) id j0LF1GCv079986 for net@freebsd.org; Fri, 21 Jan 2005 10:01:16 -0500 (EST) (envelope-from bmilekic@technokratis.com) X-Authentication-Warning: stephanie.unixdaemons.com: bmilekic set sender to bmilekic@technokratis.com using -f Date: Fri, 21 Jan 2005 10:01:16 -0500 From: Bosko Milekic To: net@freebsd.org Message-ID: <20050121150116.GA79620@technokratis.com> References: <20050121004448.GE81070@squash.dsto.defence.gov.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050121004448.GE81070@squash.dsto.defence.gov.au> User-Agent: Mutt/1.4.2.1i Subject: Re: Network Emulation Software [recomendations please ?] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2005 15:01:18 -0000 On Fri, Jan 21, 2005 at 11:14:48AM +1030, Wilkinson, Alex wrote: > Hi all, > > I would like to find some network simulation software that is similar but > better than NIST Net [http://www-x.antd.nist.gov/nistnet/]. > > Can anyone recommend any network simulation software that "is a > general-purpose tool for emulating performance dynamics in IP > networks". > > Cheers > > - aW If you are open to commercial [non-free] solutions, take a look at OPNet Modeler (http://www.opnet.com/products/modeler/home.html). -- Bosko Milekic bmilekic@technokratis.com bmilekic@FreeBSD.org From owner-freebsd-net@FreeBSD.ORG Fri Jan 21 19:50:42 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7177D16A4CE for ; Fri, 21 Jan 2005 19:50:42 +0000 (GMT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 15AE643D46 for ; Fri, 21 Jan 2005 19:50:42 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id j0LJopeH013988; Fri, 21 Jan 2005 11:50:51 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id j0LJoooI013987; Fri, 21 Jan 2005 11:50:50 -0800 Date: Fri, 21 Jan 2005 11:50:50 -0800 From: Brooks Davis To: Boris Kovalenko Message-ID: <20050121195050.GA2866@odin.ac.hmc.edu> References: <41EF9495.5080601@ntmk.ru> <20050120190516.GA12156@odin.ac.hmc.edu> <41F07622.5040102@ntmk.ru> <20050121054732.GA30766@odin.ac.hmc.edu> <41F0A457.5010304@ntmk.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="J/dobhs11T7y2rNN" Content-Disposition: inline In-Reply-To: <41F0A457.5010304@ntmk.ru> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu cc: freebsd-net@freebsd.org Subject: Re: [PATCH] 802.1p priority (fixed) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2005 19:50:42 -0000 --J/dobhs11T7y2rNN Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 21, 2005 at 11:42:31AM +0500, Boris Kovalenko wrote: > Brooks Davis wrote: > Hello! >=20 > >>Yes, the outgoing packets are tagged with specified priority. Then next= =20 > >>device (Cisco Catalyst for example) will assign traffic to different=20 > >>queues according to 802.1p header information. The only thing (IMHO)=20 > >>that may be coded for FreeBSD is to allow PF & IPFW assign packets to= =20 > >>ALTQ or DUMMYNET according 802.1p information. >=20 > > > >OK, that makes sense. Hmm, do we actually want to be using seperate > >interfaces for this? I'm sure it's very useful in some applications, > >but if the real point is to get packets on the wire with the priority > >tags, won't IPFW, PF, or maybe even the application be the best place > >for this tagging rather then effectivly using the source address to set > >it? Again, I'm not familiar with the way 802.1p is intended to work, so > >this may be a dumb question. > By the usual way, application does not have access to Layer 2 headers,=20 > so it can not set 802.1p priority itself. It may only set ToS value, but= =20 > Layer 2 switches can not access Layer 3 information :) Indeed I'm not=20 > familar with BSD network structure interoperability. Andre Oppermann=20 > said that there is a way to mark this packets with m_tag from PF/IPFW.=20 > So, if this is really possible, the best way (IMHO) should be: if=20 > packet, that going out the vlan iterface has m_tag with 802.1p, we use=20 > this value, or value provided for vlan instead. This is just the way=20 > Cisco Catalyst does: trust the received 802.1p inforamtion, or override i= t. My letting the application handle it, I was thinking of adding a socket option (possibly requiring privilege) to set the priority. As to having PF/IPFW deal with it, I was thinking about two modifications to IPFW. First, the ability to filter based on .1p tags. You might want to peal that information off in the Ethernet code and tag the packets so you could still inspect it at a higher level, but maybe not. The second modification would be to give ipfw/pf the ability to set .1p priorities on packets, ie: ipfw add 802.1p 6 on any to any ssh My concern is that 802.1p is like the TOS bits in that it differentiates packets within a network rather then segregating them in to networks like 802.1Q. In a switch it makes sense to handle priorities as separate networks, but I'm not sure it makes sense in a host. If nothing else, it seems to make sense to be able to set priorities on vlan encapsulated frames. I've done a little googling on 802.1p and that hardened my believe that the application and packet filter are the places to deal with this. I'm downloading the standard now to take a look at it. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --J/dobhs11T7y2rNN Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFB8V0ZXY6L6fI4GtQRAl3FAJ9+vzn1FbfuEW6FdSxxNKsTNI62VACgm5+a OuFFgVXwOr8YfWtWQdkuPoA= =lz7Y -----END PGP SIGNATURE----- --J/dobhs11T7y2rNN-- From owner-freebsd-net@FreeBSD.ORG Fri Jan 21 22:49:19 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A041416A4E1 for ; Fri, 21 Jan 2005 22:49:19 +0000 (GMT) Received: from mail.ambrisko.com (mail.ambrisko.com [64.174.51.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5591E43D1D for ; Fri, 21 Jan 2005 22:49:19 +0000 (GMT) (envelope-from ambrisko@ambrisko.com) Received: from server2.ambrisko.com (HELO www.ambrisko.com) (192.168.1.2) by mail.ambrisko.com with ESMTP; 21 Jan 2005 14:49:20 -0800 Received: from ambrisko.com (localhost [127.0.0.1]) by www.ambrisko.com (8.12.11/8.12.9) with ESMTP id j0LMnIjL020455 for ; Fri, 21 Jan 2005 14:49:18 -0800 (PST) (envelope-from ambrisko@ambrisko.com) Received: (from ambrisko@localhost) by ambrisko.com (8.12.11/8.12.11/Submit) id j0LMnIVn020454 for freebsd-net@freebsd.org; Fri, 21 Jan 2005 14:49:18 -0800 (PST) (envelope-from ambrisko) From: Doug Ambrisko Message-Id: <200501212249.j0LMnIVn020454@ambrisko.com> To: freebsd-net@freebsd.org Date: Fri, 21 Jan 2005 14:49:18 -0800 (PST) X-Mailer: ELM [version 2.4ME+ PL94b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Subject: vlan & bridging broken since if_vlan directly calls the driver X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2005 22:49:19 -0000 I found a bug with vlan, netgraph, ipfw and ipfw bridging. The vlan driver directly calls the HW driver it is associated with on out packets. If you have a bridge setup it will only send out on the NIC that the vlan is attached to. It should go out to the bridge and each NIC. Input works okay. What I'd like to do is move the netgraph out shim from if_ethersubr.c:ether_output /* Handle ng_ether(4) processing, if any */ if (ng_ether_output_p != NULL) { if ((error = (*ng_ether_output_p)(ifp, &m)) != 0) { bad: if (m != NULL) m_freem(m); return (error); } if (m == NULL) return (0); } to ether_output_frame then in if_vlan.c:vlan_start change IFQ_HANDOFF(p, m, error); to ether_output_frame(p, m); This should make it work correctly and unify the ipfw/netgraph hooks. Let me know what you think and then I'll do it. Thanks, Doug A. From owner-freebsd-net@FreeBSD.ORG Fri Jan 21 23:01:13 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C73AF16A4CE for ; Fri, 21 Jan 2005 23:01:13 +0000 (GMT) Received: from drumandbass.at (drumandbass.at [62.116.16.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 700BC43D31 for ; Fri, 21 Jan 2005 23:01:12 +0000 (GMT) (envelope-from chaoztc@confusion.at) Received: (qmail 99101 invoked from network); 21 Jan 2005 23:01:10 -0000 Received: from unknown (HELO drumandbass.at) (62.116.16.204) by drumandbass.at with SMTP; 21 Jan 2005 23:01:10 -0000 Date: Sat, 22 Jan 2005 00:01:10 +0100 (CET) From: Ingo X-X-Sender: To: In-Reply-To: <20050121195050.GA2866@odin.ac.hmc.edu> Message-ID: <20050121235344.E93890-100000@ix.reflection.at> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: [PATCH] 802.1p priority (fixed) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2005 23:01:13 -0000 Hi, > My concern is that 802.1p is like the TOS bits in that it differentiates > packets within a network rather then segregating them in to networks > like 802.1Q. In a switch it makes sense to handle priorities as separate > networks, but I'm not sure it makes sense in a host. If nothing else, > it seems to make sense to be able to set priorities on vlan encapsulated > frames. In an Isp backbone I trust 802.1Q packets because no customer has access to tagged vlan connections. Trusting in TOS bit is in such a network no good idea because every customer could send IP traffic. And overwriting the TOS bit at all network edges could be a pain to not miss some edges. 802.1Q is some kind of "out of band" QOS for IP. L2 Ethernet switches could also handle 802.1Q but not the TOS bits in the IP header. bye, Ingo From owner-freebsd-net@FreeBSD.ORG Fri Jan 21 23:07:26 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D492416A4CE for ; Fri, 21 Jan 2005 23:07:26 +0000 (GMT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 98D0C43D49 for ; Fri, 21 Jan 2005 23:07:26 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id j0LN7QoI009641; Fri, 21 Jan 2005 15:07:26 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id j0LN7Q6f009640; Fri, 21 Jan 2005 15:07:26 -0800 Date: Fri, 21 Jan 2005 15:07:26 -0800 From: Brooks Davis To: Ingo Message-ID: <20050121230726.GB18608@odin.ac.hmc.edu> References: <20050121195050.GA2866@odin.ac.hmc.edu> <20050121235344.E93890-100000@ix.reflection.at> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="E39vaYmALEf/7YXx" Content-Disposition: inline In-Reply-To: <20050121235344.E93890-100000@ix.reflection.at> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu cc: freebsd-net@freebsd.org Subject: Re: [PATCH] 802.1p priority (fixed) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2005 23:07:26 -0000 --E39vaYmALEf/7YXx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 22, 2005 at 12:01:10AM +0100, Ingo wrote: > Hi, >=20 > > My concern is that 802.1p is like the TOS bits in that it differentiates > > packets within a network rather then segregating them in to networks > > like 802.1Q. In a switch it makes sense to handle priorities as separa= te > > networks, but I'm not sure it makes sense in a host. If nothing else, > > it seems to make sense to be able to set priorities on vlan encapsulated > > frames. >=20 > In an Isp backbone I trust 802.1Q packets because no customer has access > to tagged vlan connections. > Trusting in TOS bit is in such a network no good idea because every > customer could send IP traffic. And overwriting the TOS bit at all network > edges could be a pain to not miss some edges. > 802.1Q is some kind of "out of band" QOS for IP. >=20 > L2 Ethernet switches could also handle 802.1Q but not the TOS bits in the > IP header. I'm not sure what your point is. It's certaintly the case that they are only useful if you trust all hosts on the ethernet. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --E39vaYmALEf/7YXx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFB8YstXY6L6fI4GtQRAjTcAJ9cr2mTIrH/0dU2nUSTO+5L1f99ugCfZEbw AS1NKMg8iFrgb5NFP6O7phU= =84FZ -----END PGP SIGNATURE----- --E39vaYmALEf/7YXx-- From owner-freebsd-net@FreeBSD.ORG Sat Jan 22 01:07:36 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE18416A4CE for ; Sat, 22 Jan 2005 01:07:36 +0000 (GMT) Received: from drumandbass.at (drumandbass.at [62.116.16.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id C074343D46 for ; Sat, 22 Jan 2005 01:07:35 +0000 (GMT) (envelope-from chaoztc@confusion.at) Received: (qmail 5548 invoked by uid 1027); 22 Jan 2005 01:07:34 -0000 Received: from 62.116.16.204 by drumandbass.at (envelope-from , uid 82) with qmail-scanner-1.23st (spamassassin: 2.63. perlscan: 1.23st. Clear:RC:1(62.116.16.204):. Processed in 3.342001 secs); 22 Jan 2005 01:07:34 -0000 X-Qmail-Scanner-Mail-From: chaoztc@confusion.at via drumandbass.at X-Qmail-Scanner: 1.23st (Clear:RC:1(62.116.16.204):. Processed in 3.342001 secs Process 5539) Received: from unknown (HELO drumandbass.at) (62.116.16.204) by drumandbass.at with SMTP; 22 Jan 2005 01:07:30 -0000 Date: Sat, 22 Jan 2005 02:07:29 +0100 (CET) From: Ingo X-X-Sender: To: Brooks Davis In-Reply-To: <20050121230726.GB18608@odin.ac.hmc.edu> Message-ID: <20050122020040.J93890-100000@ix.reflection.at> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: "freebsd-net@freebsd.org" Subject: Re: [PATCH] 802.1p priority (fixed) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Jan 2005 01:07:37 -0000 Hi > > In an Isp backbone I trust 802.1Q packets because no customer has access > > to tagged vlan connections. > > Trusting in TOS bit is in such a network no good idea because every > > customer could send IP traffic. And overwriting the TOS bit at all network > > edges could be a pain to not miss some edges. > > 802.1Q is some kind of "out of band" QOS for IP. > > > > L2 Ethernet switches could also handle 802.1Q but not the TOS bits in the > > IP header. > > I'm not sure what your point is. It's certaintly the case that they are > only useful if you trust all hosts on the ethernet. Untagged ethernet could be untrusted because 802.1Q is only possible on tagged ethernet. The priority tag is an extension to the 802.1P vlan header. In an ISP environment there are in most time routing hops between which effecively kill the 802.1Q field. Only easy to select ip-interfaces on more intelligent hardware (L3 switches, ...) could pass the data over routing hops, which are much easier to control than ip routing modems which could easily be hijacked by customers. Also not much modem support the changing of the TOS field. In short wortds: 802.1Q is easy to control and easy to secure. TOS, DSCP, ... is easy to control but hard to secure. bye, Ingo From owner-freebsd-net@FreeBSD.ORG Sat Jan 22 01:42:15 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 83AAB16A4CE for ; Sat, 22 Jan 2005 01:42:15 +0000 (GMT) Received: from mta1.srv.hcvlny.cv.net (mta1.srv.hcvlny.cv.net [167.206.5.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C15543D31 for ; Sat, 22 Jan 2005 01:42:15 +0000 (GMT) (envelope-from gracelin@optonline.net) Received: from hyas1 (ool-18bbfc19.dyn.optonline.net [24.187.252.25]) by mta1.srv.hcvlny.cv.net (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) net@freebsd.org; Fri, 21 Jan 2005 20:42:10 -0500 (EST) Date: Fri, 21 Jan 2005 17:41:57 -0800 From: Grace Lin To: net@freebsd.org Message-id: <002b01c50023$8f4d7280$6401a8c0@hyas1> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-Priority: 3 X-MSMail-priority: Normal Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: enable multicast router X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Jan 2005 01:42:15 -0000 Hi, I am running FBSD4.5 and try to enable multicast router but couldn't make it. Can any body help? Thanks, Grace Lin =========================================================== what I did: 1) went into /usr/src/sys/modules/ip_mroute_mod compiled and make ip_mroute module. I added ip_id.c on SRC and change "CFLAGS += -DMROUTE_LKM -DMOUTE" to "CFLAGS += DMROUTE_KLD" from Makefile due to "-DMROUTE_LKM" need lkm.h file but coudn't find it in sys directory. 2) after sucessful created, installed and loaded ip_mroute into kernel I ran mrouted as: #mrouted mrouted: 22:21:38.072 can't enable Multicast routing in kernel: Operation not supported 3) ran netstsat # netstat -g Virtual Interface Table is empty Multicast Routing Table is empty IPv6 Multicast Interface Table is empty IPv6 Multicast Routing Table is empty From owner-freebsd-net@FreeBSD.ORG Sat Jan 22 01:51:25 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F9CB16A4CE for ; Sat, 22 Jan 2005 01:51:25 +0000 (GMT) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3A0DB43D46 for ; Sat, 22 Jan 2005 01:51:22 +0000 (GMT) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 613B1651F7; Sat, 22 Jan 2005 01:51:18 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 55717-06-2; Sat, 22 Jan 2005 01:51:18 +0000 (GMT) Received: from empiric.dek.spc.org (unknown [213.210.24.3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 79FDB651F4; Sat, 22 Jan 2005 01:51:17 +0000 (GMT) Received: by empiric.dek.spc.org (Postfix, from userid 1001) id DF57C6466; Sat, 22 Jan 2005 01:51:55 +0000 (GMT) Date: Sat, 22 Jan 2005 01:51:55 +0000 From: Bruce M Simpson To: Grace Lin Message-ID: <20050122015155.GI64596@dhcp120.icir.org> References: <002b01c50023$8f4d7280$6401a8c0@hyas1> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <002b01c50023$8f4d7280$6401a8c0@hyas1> cc: net@freebsd.org Subject: Re: enable multicast router X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Jan 2005 01:51:25 -0000 On Fri, Jan 21, 2005 at 05:41:57PM -0800, Grace Lin wrote: > I am running FBSD4.5 and try to enable multicast router but couldn't make it. Can any body help? Try updating your sources to at least 4.10 as older versions are no longer supported. The ip_mroute module should build and load cleanly into the kernel without any changes to environment variables. BMS From owner-freebsd-net@FreeBSD.ORG Sat Jan 22 05:50:27 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 93A9416A4D3 for ; Sat, 22 Jan 2005 05:50:27 +0000 (GMT) Received: from ns.tagnet.ru (ns.tagnet.ru [80.64.16.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C35943D5C for ; Sat, 22 Jan 2005 05:50:26 +0000 (GMT) (envelope-from boris@ntmk.ru) Received: from p-242.secure.tagnet.ru ([80.64.16.242]) by ns.tagnet.ru with esmtp (Exim 4.43 #0) id 1CsEAB-00064C-BS for ; Sat, 22 Jan 2005 10:50:24 +0500 Message-ID: <41F1E99A.5070001@ntmk.ru> Date: Sat, 22 Jan 2005 10:50:18 +0500 From: Boris Kovalenko User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616 X-Accept-Language: ru, en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: [PATCH] 802.1p priority (fixed) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Jan 2005 05:50:27 -0000 Hello! 802.1p is just a 3 bits of 802.1Q header. Based on it Layer 2 devices may assign packets to different output queues (more simple, 802.1p is QoS at Layer 2). So, You have right, this value differentiates packets within a vlan and Layer 2 device may make a decision what packets should be processed first. Of course, we may give the application the ability to set this value itself, but what to do with old applications that have no knowledge about this ability? Ok, You suppose to mark packets within PF/IPFW. Yes, the idea is good too, but what to do on routers not running any firewall software? So, may be right way will be: 1. Mark 802.1p at application level 2. Mark 802.1p at PF/IPFW level. But we shold foresee a keyword to trust application level information or override it. For example ipfw add 802.1p trust 6 on any to any ssh <-- this trust application level information and set 802.1p to 6 if it is omitted ipfw add 802.1p override 6 on any to any ssh <-- this silently set 802.1p == 6, regardless of application 3. Mark 802.1p at vlan drivers like 2 ifconfig vlan0 vlan: 100 802.1p: 6 CFI: 0 mode: trust vlandev: bge0 Here we are trusting received from low level information and set 6 if it is omitted ifconfig vlan0 vlan: 100 802.1p: 6 CFI: 0 mode: override vlandev: bge0 Here we silently set 6. How this idea is? >My letting the application handle it, I was thinking of adding a socket >option (possibly requiring privilege) to set the priority. >As to having PF/IPFW deal with it, I was thinking about two >modifications to IPFW. First, the ability to filter based on .1p tags. >You might want to peal that information off in the Ethernet >code and tag the packets so you could still inspect it at a higher >level, but maybe not. The second modification would be to give ipfw/pf >the ability to set .1p priorities on packets, ie: > >ipfw add 802.1p 6 on any to any ssh > >My concern is that 802.1p is like the TOS bits in that it >differentiates >packets within a network rather then segregating them in to networks >like 802.1Q. In a switch it makes sense to handle priorities as >separate >networks, but I'm not sure it makes sense in a host. If nothing else, >it seems to make sense to be able to set priorities on vlan >encapsulated >frames. > >I've done a little googling on 802.1p and that hardened my believe that >the application and packet filter are the places to deal with this. >I'm >downloading the standard now to take a look at it. > >-- Brooks From owner-freebsd-net@FreeBSD.ORG Sat Jan 22 07:17:24 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F045216A4CE; Sat, 22 Jan 2005 07:17:24 +0000 (GMT) Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1935943D41; Sat, 22 Jan 2005 07:17:24 +0000 (GMT) (envelope-from maxim@FreeBSD.org) Received-SPF: pass (mp2.macomnet.net: domain of maxim@FreeBSD.org designates 127.0.0.1 as permitted sender) receiver=mp2.macomnet.net; client_ip=127.0.0.1; envelope-from=maxim@FreeBSD.org; Received: from localhost (localhost [127.0.0.1]) by mp2.macomnet.net (8.12.11/8.12.11) with ESMTP id j0M7HF9I018243; Sat, 22 Jan 2005 10:17:16 +0300 (MSK) (envelope-from maxim@FreeBSD.org) Date: Sat, 22 Jan 2005 10:17:15 +0300 (MSK) From: Maxim Konovalov To: Andre Oppermann In-Reply-To: <20050112132627.A309@mp2.macomnet.net> Message-ID: <20050122101426.U18038@mp2.macomnet.net> References: <200412021322.iB2DMxLj066304@freefall.freebsd.org> <20041202134041.GB32699@cell.sick.ru> <41B2200F.FB46E28A@freebsd.org> <20041204221449.GC49503@cell.sick.ru> <20041211101622.GA1430@k7.mavetju> <41BAD2BA.C030B6DD@freebsd.org> <20050112132627.A309@mp2.macomnet.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-SpamTest-Info: Profile: Formal (197/050118) X-SpamTest-Info: Profile: Detect Hard (4/030526) X-SpamTest-Info: Profile: SysLog X-SpamTest-Info: Profile: Marking - Keywords (2/030321) X-SpamTest-Status: Not detected X-SpamTest-Version: SMTP-Filter Version 2.0.0 [0124], SpamtestISP/Release cc: Edwin Groothuis cc: net@FreeBSD.org Subject: Re: kern/73129: [patch] IPFW misbehaviour in RELENG_5 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Jan 2005 07:17:25 -0000 Andre, Is your silence is an approval to commit a diff in kern/73129? On Wed, 12 Jan 2005, 13:26+0300, Maxim Konovalov wrote: > On Sat, 11 Dec 2004, 11:58+0100, Andre Oppermann wrote: > > > Edwin Groothuis wrote: > > > > > > On Sun, Dec 05, 2004 at 01:14:49AM +0300, Gleb Smirnoff wrote: > > > > On Sun, Dec 05, 2004 at 12:53:52AM +0300, Maxim Konovalov wrote: > > > > M> IMHO restoring the historic behaviour (even broken in some respects) > > > > M> is the best thing we can do at the moment. > > > > > > > > + my vote. > > > > > > Mine too. > > > > I'll change it shortly. > > Knock-knock, b/b home? :-) > > -- Maxim Konovalov From owner-freebsd-net@FreeBSD.ORG Sat Jan 22 09:45:11 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C7C916A4CE; Sat, 22 Jan 2005 09:45:11 +0000 (GMT) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id E0B0443D1D; Sat, 22 Jan 2005 09:45:09 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id A76AD1FFDD8; Sat, 22 Jan 2005 10:45:07 +0100 (CET) Received: by transport.cksoft.de (Postfix, from userid 66) id CAABC1FFDD4; Sat, 22 Jan 2005 10:45:05 +0100 (CET) Received: by mail.int.zabbadoz.net (Postfix, from userid 1060) id B0F601538F; Sat, 22 Jan 2005 09:41:25 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.int.zabbadoz.net (Postfix) with ESMTP id AD9D315380; Sat, 22 Jan 2005 09:41:25 +0000 (UTC) Date: Sat, 22 Jan 2005 09:41:25 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net To: FreeBSD current mailing list Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de cc: FreeBSD net mailing list Subject: Re: mem leak in mii ? (fwd) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Jan 2005 09:45:11 -0000 Hi, third and last call for review and comments. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT ---------- Forwarded message ---------- Date: Mon, 20 Dec 2004 12:23:39 +0000 (UTC) From: Bjoern A. Zeeb To: FreeBSD current mailing list Cc: FreeBSD net mailing list Subject: Re: mem leak in mii ? (fwd) Hi, haven't had any feedback on this.... Can someone please review? Also answers to the questions would be welcome. Thanks. ---------- Forwarded message ---------- Date: Tue, 23 Nov 2004 19:31:10 +0000 (UTC) From: Bjoern A. Zeeb To: John Baldwin Cc: Bjoern A. Zeeb , freebsd-current@FreeBSD.org Subject: Re: mem leak in mii ? On Mon, 22 Nov 2004, John Baldwin wrote: Hi, hope you won't get it twice; the first one didn't seem to go out... > On Friday 19 November 2004 06:49 pm, Bjoern A. Zeeb wrote: > > Hi, > > > > in sys/dev/mii/mii.c there are two calls to malloc for ivars; > > see for example mii_phy_probe: .. > > Where is the free for this malloc ? I cannot find it. > > > > analogous: miibus_probe ? > > It's a leak. It should be free'd when the miibus device is destroyed. Here's > a possible fix: could you please review this one ? Should plug both of the memleaks; also for more error cases. notes: * mii doesn't ssem to be very error corrective and reporting; as others currently also seem to be debugging problems with undetectable PHYs I added some error handling in those places that I touched anyway. * in miibus_probe in the loop there is the possibility - and the comment above the functions also talks about this - that we find more than one PHY ? I currrently doubt that but I don't know for sure. As device_add_child may return NULL we cannot check for that; I had seen some inconsistency while debugging the BMSR_MEDIAMASK check so I added the count variable for this to have a reliable state. * all PHY drivers currently seem to use mii_phy_detach for device_detach. If any implements his own function it will be responsible for freeing the ivars allocated in miibus_probe. This should perhaps be documented somewhere ? patch can also be found at http://sources.zabbadoz.net/freebsd/patchset/mii-memleaks.diff Index: mii.c =================================================================== RCS file: /local/mirror/FreeBSD/r/ncvs/src/sys/dev/mii/mii.c,v retrieving revision 1.20 diff -u -p -r1.20 mii.c --- mii.c 15 Aug 2004 06:24:40 -0000 1.20 +++ mii.c 23 Nov 2004 17:08:58 -0000 @@ -111,7 +111,7 @@ miibus_probe(dev) struct mii_attach_args ma, *args; struct mii_data *mii; device_t child = NULL, parent; - int bmsr, capmask = 0xFFFFFFFF; + int count = 0, bmsr, capmask = 0xFFFFFFFF; mii = device_get_softc(dev); parent = device_get_parent(dev); @@ -145,12 +145,26 @@ miibus_probe(dev) args = malloc(sizeof(struct mii_attach_args), M_DEVBUF, M_NOWAIT); + if (args == NULL) { + device_printf(dev, "%s: memory allocation failure, " + "phyno %d", __func__, ma.mii_phyno); + continue; + } bcopy((char *)&ma, (char *)args, sizeof(ma)); child = device_add_child(dev, NULL, -1); + if (child == NULL) { + free(args, M_DEVBUF); + device_printf(dev, "%s: device_add_child failed", + __func__); + continue; + } device_set_ivars(child, args); + count++; + /* XXX should we break here or is it really possible + * to find more then one PHY ? */ } - if (child == NULL) + if (count == 0) return(ENXIO); device_set_desc(dev, "MII bus"); @@ -173,12 +187,15 @@ miibus_attach(dev) */ mii->mii_ifp = device_get_softc(device_get_parent(dev)); v = device_get_ivars(dev); + if (v == NULL) + return (ENXIO); ifmedia_upd = v[0]; ifmedia_sts = v[1]; + device_set_ivars(dev, NULL); + free(v, M_DEVBUF); ifmedia_init(&mii->mii_media, IFM_IMASK, ifmedia_upd, ifmedia_sts); - bus_generic_attach(dev); - return(0); + return (bus_generic_attach(dev)); } int @@ -186,8 +203,14 @@ miibus_detach(dev) device_t dev; { struct mii_data *mii; + void *v; bus_generic_detach(dev); + v = device_get_ivars(dev); + if (v != NULL) { + device_set_ivars(dev, NULL); + free(v, M_DEVBUF); + } mii = device_get_softc(dev); ifmedia_removeall(&mii->mii_media); mii->mii_ifp = NULL; @@ -305,12 +328,15 @@ mii_phy_probe(dev, child, ifmedia_upd, i int bmsr, i; v = malloc(sizeof(vm_offset_t) * 2, M_DEVBUF, M_NOWAIT); - if (v == 0) { + if (v == NULL) return (ENOMEM); - } v[0] = ifmedia_upd; v[1] = ifmedia_sts; *child = device_add_child(dev, "miibus", -1); + if (*child == NULL) { + free(v, M_DEVBUF); + return (ENXIO); + } device_set_ivars(*child, v); for (i = 0; i < MII_NPHY; i++) { @@ -324,14 +350,22 @@ mii_phy_probe(dev, child, ifmedia_upd, i } if (i == MII_NPHY) { + device_set_ivars(dev, NULL); + free(v, M_DEVBUF); device_delete_child(dev, *child); *child = NULL; return(ENXIO); } - bus_generic_attach(dev); + i = bus_generic_attach(dev); - return(0); + v = device_get_ivars(*child); + if (v != NULL) { + device_set_ivars(*child, NULL); + free(v, M_DEVBUF); + } + + return (i); } /* Index: mii_physubr.c =================================================================== RCS file: /local/mirror/FreeBSD/r/ncvs/src/sys/dev/mii/mii_physubr.c,v retrieving revision 1.21 diff -u -p -r1.21 mii_physubr.c --- mii_physubr.c 29 May 2004 18:09:10 -0000 1.21 +++ mii_physubr.c 23 Nov 2004 17:07:30 -0000 @@ -522,7 +522,13 @@ int mii_phy_detach(device_t dev) { struct mii_softc *sc; + void *args; + args = device_get_ivars(dev); + if (args != NULL) { + device_set_ivars(dev, NULL); + free(args, M_DEVBUF); + } sc = device_get_softc(dev); mii_phy_down(sc); sc->mii_dev = NULL; From owner-freebsd-net@FreeBSD.ORG Sat Jan 22 15:25:59 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDA6D16A4CE for ; Sat, 22 Jan 2005 15:25:59 +0000 (GMT) Received: from postfix3-1.free.fr (postfix3-1.free.fr [213.228.0.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E08C43D46 for ; Sat, 22 Jan 2005 15:25:59 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix3-1.free.fr (Postfix) with ESMTP id 5C99B1734E8; Sat, 22 Jan 2005 16:25:57 +0100 (CET) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id A245F407C; Sat, 22 Jan 2005 16:25:47 +0100 (CET) Date: Sat, 22 Jan 2005 16:25:46 +0100 From: Jeremie Le Hen To: Boris Kovalenko Message-ID: <20050122152546.GG36660@obiwan.tataz.chchile.org> References: <41F1E99A.5070001@ntmk.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <41F1E99A.5070001@ntmk.ru> User-Agent: Mutt/1.5.6i cc: freebsd-net@freebsd.org Subject: Re: [PATCH] 802.1p priority (fixed) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Jan 2005 15:26:00 -0000 > 2. Mark 802.1p at PF/IPFW level. But we shold foresee a keyword to trust > application level information or override it. For example > ipfw add 802.1p trust 6 on any to any ssh <-- this trust application > level information and set 802.1p to 6 if it is omitted > ipfw add 802.1p override 6 on any to any ssh <-- this silently set > 802.1p == 6, regardless of application I'm not a 802.1q guru, but I think it would be relevant to be able to match against the 802.1p, at least when firewalling on layer 2 (bridging). Furthermore I would like to point out that we are going to introduce an extremely new feature into ipfw which will allow us to *modify* a packet. AFAIK, this is not possible for the moment, except when diverting to a socket. What I mean is that if I can set the 802.1p header then why wouldn't I be able to set the TOS value ? I think we should carefully choose a flexible way to extend ipfw syntax if we choose to go this way. Having the possibility to test and set the 802.1p or TOS values separately would avoid making a "trust"/"override" subtlety and will obviously make it more flexible. > 3. Mark 802.1p at vlan drivers like 2 > ifconfig vlan0 > vlan: 100 802.1p: 6 CFI: 0 mode: trust vlandev: bge0 > Here we are trusting received from low level information and set 6 if it > is omitted > ifconfig vlan0 > vlan: 100 802.1p: 6 CFI: 0 mode: override vlandev: bge0 > Here we silently set 6. I would really like this feature. Thanks for you work ! Best regards, -- Jeremie Le Hen jeremie@le-hen.org From owner-freebsd-net@FreeBSD.ORG Sat Jan 22 16:46:17 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 15F3116A4CE for ; Sat, 22 Jan 2005 16:46:17 +0000 (GMT) Received: from mail102.csoft.net (lilly.csoft.net [63.111.22.101]) by mx1.FreeBSD.org (Postfix) with SMTP id 3549843D1F for ; Sat, 22 Jan 2005 16:46:16 +0000 (GMT) (envelope-from mcc@fid4.com) Received: (qmail 468 invoked from network); 22 Jan 2005 16:46:15 -0000 Received: from unknown (HELO ?127.0.0.1?) (63.111.26.110) by mail102.csoft.net with SMTP; 22 Jan 2005 16:46:15 -0000 Message-ID: <41F283CD.1030709@fid4.com> Date: Sat, 22 Jan 2005 11:48:13 -0500 From: "Michael C. Cambria" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: starting rtadvd with multiple interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Jan 2005 16:46:17 -0000 Hi, Is one meant to start rtadvd on more than one interface via rc.conf? On 4.10-Stable & 5.3-Stable, I'm able to forward IPv6 traffic just fine when I manually start rtadvd. However, each reboot, only one interface supplied to rtadvd_interfaces actually gets enabled. ps ax shows just one interface supplied and hosts just never see the router advertisements. Only when I kill the process, and restart manually do all interfaces get enabled. Is anyone else seeing this? Thanks, MikeC -- Michael C. Cambria email : mcc@fid4.com VoIP : sip:mcc@mcambria.fid4.com FWD : sip:63730@fwd.pulver.com From owner-freebsd-net@FreeBSD.ORG Sat Jan 22 18:00:05 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC32B16A4CE; Sat, 22 Jan 2005 18:00:05 +0000 (GMT) Received: from harmony.village.org (rover.village.org [168.103.84.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2FAC843D46; Sat, 22 Jan 2005 17:57:44 +0000 (GMT) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.13.1/8.13.1) with ESMTP id j0MHu5IG060908; Sat, 22 Jan 2005 10:56:05 -0700 (MST) (envelope-from imp@bsdimp.com) Date: Sat, 22 Jan 2005 10:57:19 -0700 (MST) Message-Id: <20050122.105719.62254847.imp@bsdimp.com> To: bzeeb-lists@lists.zabbadoz.net From: "M. Warner Losh" In-Reply-To: References: X-Mailer: Mew version 3.3 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: current@freebsd.org cc: net@freebsd.org Subject: Re: mem leak in mii ? (fwd) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Jan 2005 18:00:06 -0000 In message: "Bjoern A. Zeeb" writes: : * all PHY drivers currently seem to use mii_phy_detach for : device_detach. If any implements his own function it will be : responsible for freeing the ivars allocated in miibus_probe. This : should perhaps be documented somewhere ? I think that the current patches are incorrect from a newbus point of view. They may solve the problem, but just smell wrong... : : patch can also be found at : http://sources.zabbadoz.net/freebsd/patchset/mii-memleaks.diff : : : Index: mii.c : =================================================================== : RCS file: /local/mirror/FreeBSD/r/ncvs/src/sys/dev/mii/mii.c,v : retrieving revision 1.20 : diff -u -p -r1.20 mii.c : --- mii.c 15 Aug 2004 06:24:40 -0000 1.20 : +++ mii.c 23 Nov 2004 17:08:58 -0000 : @@ -111,7 +111,7 @@ miibus_probe(dev) : struct mii_attach_args ma, *args; : struct mii_data *mii; : device_t child = NULL, parent; : - int bmsr, capmask = 0xFFFFFFFF; : + int count = 0, bmsr, capmask = 0xFFFFFFFF; : : mii = device_get_softc(dev); : parent = device_get_parent(dev); : @@ -145,12 +145,26 @@ miibus_probe(dev) : : args = malloc(sizeof(struct mii_attach_args), : M_DEVBUF, M_NOWAIT); : + if (args == NULL) { : + device_printf(dev, "%s: memory allocation failure, " : + "phyno %d", __func__, ma.mii_phyno); : + continue; : + } : bcopy((char *)&ma, (char *)args, sizeof(ma)); : child = device_add_child(dev, NULL, -1); : + if (child == NULL) { : + free(args, M_DEVBUF); : + device_printf(dev, "%s: device_add_child failed", : + __func__); : + continue; : + } : device_set_ivars(child, args); : + count++; : + /* XXX should we break here or is it really possible : + * to find more then one PHY ? */ : } : : - if (child == NULL) : + if (count == 0) : return(ENXIO); : : device_set_desc(dev, "MII bus"); : @@ -173,12 +187,15 @@ miibus_attach(dev) : */ : mii->mii_ifp = device_get_softc(device_get_parent(dev)); : v = device_get_ivars(dev); : + if (v == NULL) : + return (ENXIO); : ifmedia_upd = v[0]; : ifmedia_sts = v[1]; : + device_set_ivars(dev, NULL); : + free(v, M_DEVBUF); : ifmedia_init(&mii->mii_media, IFM_IMASK, ifmedia_upd, ifmedia_sts); : - bus_generic_attach(dev); : : - return(0); : + return (bus_generic_attach(dev)); : } newbusly, this is bogus. device foo should never set its own ivars. Nor should it ever get its own ivars to do anything with. parent accessor functions are needed here. : int : @@ -186,8 +203,14 @@ miibus_detach(dev) : device_t dev; : { : struct mii_data *mii; : + void *v; : : bus_generic_detach(dev); : + v = device_get_ivars(dev); : + if (v != NULL) { : + device_set_ivars(dev, NULL); : + free(v, M_DEVBUF); : + } : mii = device_get_softc(dev); : ifmedia_removeall(&mii->mii_media); : mii->mii_ifp = NULL; Newbusly, this is incorrect. The parent bus should be freeing the ivars, since it is the one that should have put the ivars there in the first place. : @@ -305,12 +328,15 @@ mii_phy_probe(dev, child, ifmedia_upd, i : int bmsr, i; : : v = malloc(sizeof(vm_offset_t) * 2, M_DEVBUF, M_NOWAIT); : - if (v == 0) { : + if (v == NULL) : return (ENOMEM); : - } : v[0] = ifmedia_upd; : v[1] = ifmedia_sts; : *child = device_add_child(dev, "miibus", -1); : + if (*child == NULL) { : + free(v, M_DEVBUF); : + return (ENXIO); : + } : device_set_ivars(*child, v); : : for (i = 0; i < MII_NPHY; i++) { This appears to be correct, because the ivars are set on the child that's added. : @@ -324,14 +350,22 @@ mii_phy_probe(dev, child, ifmedia_upd, i : } : : if (i == MII_NPHY) { : + device_set_ivars(dev, NULL); : + free(v, M_DEVBUF); : device_delete_child(dev, *child); : *child = NULL; : return(ENXIO); : } : : - bus_generic_attach(dev); : + i = bus_generic_attach(dev); : : - return(0); : + v = device_get_ivars(*child); : + if (v != NULL) { : + device_set_ivars(*child, NULL); : + free(v, M_DEVBUF); : + } : + : + return (i); : } This appears to be correct, since it is the bus managing the child's ivars. : /* : Index: mii_physubr.c : =================================================================== : RCS file: /local/mirror/FreeBSD/r/ncvs/src/sys/dev/mii/mii_physubr.c,v : retrieving revision 1.21 : diff -u -p -r1.21 mii_physubr.c : --- mii_physubr.c 29 May 2004 18:09:10 -0000 1.21 : +++ mii_physubr.c 23 Nov 2004 17:07:30 -0000 : @@ -522,7 +522,13 @@ int : mii_phy_detach(device_t dev) : { : struct mii_softc *sc; : + void *args; : : + args = device_get_ivars(dev); : + if (args != NULL) { : + device_set_ivars(dev, NULL); : + free(args, M_DEVBUF); : + } : sc = device_get_softc(dev); : mii_phy_down(sc); : sc->mii_dev = NULL; This looks bogus from a newbus perspective. Warner From owner-freebsd-net@FreeBSD.ORG Sat Jan 22 20:24:21 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 81AA116A4CE for ; Sat, 22 Jan 2005 20:24:21 +0000 (GMT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4204343D46 for ; Sat, 22 Jan 2005 20:24:21 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id j0MKOgeY009129; Sat, 22 Jan 2005 12:24:42 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id j0MKOdEd009126; Sat, 22 Jan 2005 12:24:39 -0800 Date: Sat, 22 Jan 2005 12:24:39 -0800 From: Brooks Davis To: Boris Kovalenko Message-ID: <20050122202439.GA4466@odin.ac.hmc.edu> References: <41F1E99A.5070001@ntmk.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="IJpNTDwzlM2Ie8A6" Content-Disposition: inline In-Reply-To: <41F1E99A.5070001@ntmk.ru> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu cc: freebsd-net@freebsd.org Subject: Re: [PATCH] 802.1p priority (fixed) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Jan 2005 20:24:21 -0000 --IJpNTDwzlM2Ie8A6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 22, 2005 at 10:50:18AM +0500, Boris Kovalenko wrote: > Hello! >=20 > 802.1p is just a 3 bits of 802.1Q header. Based on it Layer 2=20 > devices may assign packets to different output queues (more simple, 802.= 1p=20 > is QoS at Layer 2). So, You have right, this value differentiates packets= =20 > within a vlan and Layer 2 device may make a decision what packets should= =20 > be processed first. Of course, we may give the application the ability=20 > to set this value itself, but what to do with old applications that have= =20 > no knowledge about this ability? Ok, You suppose to mark packets within= =20 > PF/IPFW. Yes, the idea is good too, but what to do on routers not=20 > running any firewall software? So, may be right way will be: I'm slightly concerned about the old application issue, but more about binary-only code then applications with source. I don't think the issue of forcing people to run a firewall is significant. These days you can just load one since PFIL_HOOK are non-optional. There's also the fact that this is a feature that is not useful unless you understand the implications (including the fact that you can't trust the values unless you trust the wire and those on it.) Priorities have the potential to be a powerful tool, but I think there are a lot of subtleties when you start using them on end-hosts. > 1. Mark 802.1p at application level > 2. Mark 802.1p at PF/IPFW level. But we shold foresee a keyword to trust= =20 > application level information or override it. For example > ipfw add 802.1p trust 6 on any to any ssh <-- this trust application=20 > level information and set 802.1p to 6 if it is omitted > ipfw add 802.1p override 6 on any to any ssh <-- this silently set=20 > 802.1p =3D=3D 6, regardless of application I'm not sure why you need trust and override. It seems like you only need the ability to set or remove values as well as acting on already attached tags (which we're going to need to carry around as m_tags so we can filter on and modify them in conjunction with layer 3 information). > 3. Mark 802.1p at vlan drivers like 2 > ifconfig vlan0 > vlan: 100 802.1p: 6 CFI: 0 mode: trust vlandev: bge0 > Here we are trusting received from low level information and set 6 if it= =20 > is omitted > ifconfig vlan0 > vlan: 100 802.1p: 6 CFI: 0 mode: override vlandev: bge0 > Here we silently set 6. If you're not going to do separate interfaces per priority (or perhaps set of priorities[0]) I'm not sure what the point of having the interface do anything is. Filtering is the job of the firewall so I'm not convinced we should be doing it in the vlan device. There's also the complication that we need to handle the vlan=3D0 case which shouldn't be treated as a vlan at all and should be decapsulated in the actual device without a trip through the vlan code. My suspicion is that we need to rethink the current separation of ether and vlan code. Making vlans less optional and doing more of the handling in ether_input and ether_output might be a good thing. -- Brooks [0] What I've read says that many switches group sets of priority values together reducing the set of valid values. --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --IJpNTDwzlM2Ie8A6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFB8raGXY6L6fI4GtQRAlHbAKCz3v6ZrwDPi7I77zZZZctf+fDCogCg51Qv QnUXmKVtm0J4N2diRJvp3ow= =8/hY -----END PGP SIGNATURE----- --IJpNTDwzlM2Ie8A6-- From owner-freebsd-net@FreeBSD.ORG Sat Jan 22 20:33:28 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C899016A4CE for ; Sat, 22 Jan 2005 20:33:28 +0000 (GMT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9256243D39 for ; Sat, 22 Jan 2005 20:33:28 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id j0MKXnDc010430; Sat, 22 Jan 2005 12:33:49 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id j0MKXlZp010427; Sat, 22 Jan 2005 12:33:47 -0800 Date: Sat, 22 Jan 2005 12:33:47 -0800 From: Brooks Davis To: Jeremie Le Hen Message-ID: <20050122203347.GB4466@odin.ac.hmc.edu> References: <41F1E99A.5070001@ntmk.ru> <20050122152546.GG36660@obiwan.tataz.chchile.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="+pHx0qQiF2pBVqBT" Content-Disposition: inline In-Reply-To: <20050122152546.GG36660@obiwan.tataz.chchile.org> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu cc: freebsd-net@freebsd.org cc: Boris Kovalenko Subject: Re: [PATCH] 802.1p priority (fixed) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Jan 2005 20:33:28 -0000 --+pHx0qQiF2pBVqBT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 22, 2005 at 04:25:46PM +0100, Jeremie Le Hen wrote: > > 2. Mark 802.1p at PF/IPFW level. But we shold foresee a keyword to trus= t=20 > > application level information or override it. For example > > ipfw add 802.1p trust 6 on any to any ssh <-- this trust application=20 > > level information and set 802.1p to 6 if it is omitted > > ipfw add 802.1p override 6 on any to any ssh <-- this silently set=20 > > 802.1p =3D=3D 6, regardless of application >=20 > I'm not a 802.1q guru, but I think it would be relevant to be able to > match against the 802.1p, at least when firewalling on layer 2 (bridging). >=20 > Furthermore I would like to point out that we are going to introduce an > extremely new feature into ipfw which will allow us to *modify* a packet. > AFAIK, this is not possible for the moment, except when diverting to a > socket. What I mean is that if I can set the 802.1p header then why > wouldn't I be able to set the TOS value ? I think we should carefully > choose a flexible way to extend ipfw syntax if we choose to go this way. The nice thing about ipfw2 is that extension is easy. I envision that we won't actually touch the packet at all in the 801.1p case and will just add, modify, or delete a tag that the ethernet layer uses when sending. Setting TOS values could be done in place since we have the header at that point. > Having the possibility to test and set the 802.1p or TOS values > separately would avoid making a "trust"/"override" subtlety and will > obviously make it more flexible. I agree on this point. The one thing to be careful of is that 802.1p priorities and TOS values work rather differently in that TOS values fit in to an existing field of the packet and 802.1p values require modifications to the header and adding data between the header and the real body, possiably with a resuling reduction in MTU (though what you're doing trying to use 802.1p priority with crappy nic I don't know :-). -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --+pHx0qQiF2pBVqBT Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFB8riqXY6L6fI4GtQRAkg2AKDJLm9MDBmtAzAJ2aoU1nPeGwg7ewCg5bLj X/QxoY0MYppQ9c1bbrm4peM= =RqFR -----END PGP SIGNATURE----- --+pHx0qQiF2pBVqBT--