From owner-freebsd-net@FreeBSD.ORG Sun Oct 1 00:45:29 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C2E4616A403 for ; Sun, 1 Oct 2006 00:45:29 +0000 (UTC) (envelope-from sec@42.org) Received: from ice.42.org (ice.42.org [194.77.85.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 39E3443D4C for ; Sun, 1 Oct 2006 00:45:29 +0000 (GMT) (envelope-from sec@42.org) Received: by ice.42.org (Postfix, from userid 1000) id D56F2C490; Sun, 1 Oct 2006 02:45:27 +0200 (CEST) Date: Sun, 1 Oct 2006 02:45:27 +0200 From: Stefan `Sec` Zehl To: freebsd-net@freebsd.org Message-ID: <20061001004527.GA8387@ice.42.org> X-Current-Backlog: 2575 messages Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i I-love-doing-this: really X-Modeline: vim:set ts=8 sw=4 smarttab tw=72 si noic notitle: Accept-Languages: de, en X-URL: http://sec.42.org/ Subject: ipv6 and magically vanishing routes via gif0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Oct 2006 00:45:29 -0000 Hi, I just upgraded from FreeBSD-5 to -6, and now my default route via gif0 vanishes after 7 seconds. | ice:~#ifconfig gif0 | gif0: flags=8051 mtu 1280 | tunnel inet 194.77.85.2 --> 193.149.44.208 | inet6 fe80::20e:a6ff:fe04:ea37%gif0 prefixlen 64 scopeid 0x14 | inet6 2001:608:9::1 prefixlen 128 | | ice:~#route add -inet6 default -interface gif0 | add net default: gateway gif0 | | ice:~#ping6 www.kame.net | PING6(56=40+8+8 bytes) 2001:608:9::1 --> 2001:200:0:8002:203:47ff:fea5:3085 | 16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=0 hlim=42 time=343.451 ms | 16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=1 hlim=45 time=349.477 ms | 16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=2 hlim=45 time=349.689 ms | 16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=3 hlim=42 time=342.212 ms | 16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=5 hlim=42 time=342.123 ms | 16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=6 hlim=45 time=348.703 ms | 16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=7 hlim=45 time=348.479 ms | ping6: sendmsg: No route to host | ping6: wrote www.kame.net 16 chars, ret=-1 In fact, any route '-interface gif0' will vanish 7 seconds after the first packet via that link. After some wild guesses, I found out, that ndp seems to be the culprit here. -- If I disable ndp on gif0 with | ice:~#ndp -i gif0 -- -nud | linkmtu=0, maxmtu=1280, curhlim=64, basereachable=30s0ms, reachable=18s, retrans=1s0ms | Flags: accept_rtadv Then the routing table stays as it should. The question is, am I missing something here? Can anybody reproduce that problem? It seems wrong that the kernel would delete static routes without even a single log message. Furthermore I find it kind of strange that there is neighbour discovery happening at all on an tunnel interface. My v6 relevant config: | ipv6_enable="YES" | ipv6_network_interfaces="vr0 lo0 gif0" | ipv6_ifconfig_vr0="2001:608:9:42:: eui64" | ipv6_ifconfig_vr0_alias0="2001:608:9::42/128" | ipv6_ifconfig_vr0_alias0="fec0::35/128" # Site-local DNS | ipv6_ifconfig_gif0="2001:608:9::1/128" | | ipv6_defaultrouter="-interface gif0" | | ipv6_gateway_enable="YES" | rtadvd_enable="YES" | rtadvd_interfaces="vr0" | | myhostip="194.77.85.2" | gif_interfaces="gif0" | gifconfig_gif0="$myhostip 193.149.44.208" CU, Sec -- The facts, although interesting, are irrelevant. From owner-freebsd-net@FreeBSD.ORG Sun Oct 1 03:34:06 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 06BB216A412 for ; Sun, 1 Oct 2006 03:34:06 +0000 (UTC) (envelope-from motoyuki@mk.bsdclub.org) Received: from mail.mk.bsdclub.org (l209160.ppp.asahi-net.or.jp [218.219.209.160]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7242D43D49 for ; Sun, 1 Oct 2006 03:34:04 +0000 (GMT) (envelope-from motoyuki@mk.bsdclub.org) Received: from mserver.mk.bsdclub.org (nobody@localhost.mk.bsdclub.org [127.0.0.1]) by mail.mk.bsdclub.org (8.13.7+3.5Wbeta/8.13.7) with ESMTP/inet id k913XoCt087276; Sun, 1 Oct 2006 12:33:50 +0900 (JST) (envelope-from motoyuki@mserver.mk.bsdclub.org) Message-Id: <200610010333.k913XoCt087276@mail.mk.bsdclub.org> To: Stefan `Sec` Zehl From: Motoyuki Konno References: <20061001004527.GA8387@ice.42.org> User-Agent: EMH/1.10.0 SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?S?= =?ISO-8859-4?Q?hij=F2?=) APEL/10.6 Emacs/21.3 (i386--freebsd) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Date: Sun, 01 Oct 2006 12:33:50 +0900 Sender: motoyuki@mk.bsdclub.org Cc: freebsd-net@freebsd.org Subject: Re: ipv6 and magically vanishing routes via gif0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Oct 2006 03:34:06 -0000 Hi, I had the same problem on my FreeBSD 6-STABLE box. Fix was already committed to -current (src/sys/netinet6/nd6.c rev 1.69), but not yet to 6-STABLE. Try src/sys/netinet6/nd6.c rev 1.48.2.13 (older version) instead of 1.48.2.14. -- motoyuki Stefan `Sec` Zehl wrote: > Hi, > > I just upgraded from FreeBSD-5 to -6, and now my default route via gif0 > vanishes after 7 seconds. > > | ice:~#ifconfig gif0 > | gif0: flags=8051 mtu 1280 > | tunnel inet 194.77.85.2 --> 193.149.44.208 > | inet6 fe80::20e:a6ff:fe04:ea37%gif0 prefixlen 64 scopeid 0x14 > | inet6 2001:608:9::1 prefixlen 128 > | > | ice:~#route add -inet6 default -interface gif0 > | add net default: gateway gif0 [snip] > In fact, any route '-interface gif0' will vanish 7 seconds after the > first packet via that link. > > After some wild guesses, I found out, that ndp seems to be the culprit > here. -- If I disable ndp on gif0 with > > | ice:~#ndp -i gif0 -- -nud > | linkmtu=0, maxmtu=1280, curhlim=64, basereachable=30s0ms, reachable=18s, re trans=1s0ms > | Flags: accept_rtadv > > Then the routing table stays as it should. > > The question is, am I missing something here? Can anybody reproduce that > problem? > > It seems wrong that the kernel would delete static routes without even a > single log message. Furthermore I find it kind of strange that there is > neighbour discovery happening at all on an tunnel interface. From owner-freebsd-net@FreeBSD.ORG Sun Oct 1 13:05:27 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CEBCE16A412 for ; Sun, 1 Oct 2006 13:05:27 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from mrout1.yahoo.com (mrout1.yahoo.com [216.145.54.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id 88F9D43D49 for ; Sun, 1 Oct 2006 13:05:27 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com [216.145.48.98]) by mrout1.yahoo.com (8.13.6/8.13.6/y.out) with ESMTP id k91D5AmF055248 for ; Sun, 1 Oct 2006 06:05:10 -0700 (PDT) Date: Sun, 01 Oct 2006 22:05:10 +0900 Message-ID: From: gnn@freebsd.org To: net@freebsd.org User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 Emacs/22.0.50 (i386-apple-darwin8.7.1) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: Subject: AsiaBSDCon 2007 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Oct 2006 13:05:27 -0000 Hi Folks, Sorry for the slightly OT email but I'm hoping some of the people dilligently working away on FreeBSD will submit papers and presentations the upcoming AsiaBSDCon 2007 to be held in Tokyo Japan in March 2007. See this link: http://asiabsdcon.org/ Thanks, and now back to our regularly scheduled program :-) Later, George From owner-freebsd-net@FreeBSD.ORG Sun Oct 1 14:56:43 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5FC9316A4EA for ; Sun, 1 Oct 2006 14:56:43 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from mrout3.yahoo.com (mrout3.yahoo.com [216.145.54.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9BE8E43D88 for ; Sun, 1 Oct 2006 14:56:34 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com [216.145.48.98]) by mrout3.yahoo.com (8.13.6/8.13.6/y.out) with ESMTP id k91EuI6p022404 for ; Sun, 1 Oct 2006 07:56:18 -0700 (PDT) Date: Sun, 01 Oct 2006 23:56:17 +0900 Message-ID: From: gnn@freebsd.org To: net@freebsd.org User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 Emacs/22.0.50 (i386-apple-darwin8.7.1) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: Subject: Tentative first patch for FAST_IPSEC with IPv6 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Oct 2006 14:56:43 -0000 Howdy, There is now a patch at http://people.freebsd.org/~gnn/fast_ipv6.patch which should allow you to run FAST_IPSEC with IPv6. It is very new, it has passed most TAHI tests, and does not, so far as I know, panic the kernel. This is a patch against HEAD. Please test and send feedback. There is still more to do but at least this is now starting to work. Later, George From owner-freebsd-net@FreeBSD.ORG Sun Oct 1 18:17:31 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 293D916A412 for ; Sun, 1 Oct 2006 18:17:31 +0000 (UTC) (envelope-from uspoerlein@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id CFE4F43D49 for ; Sun, 1 Oct 2006 18:17:29 +0000 (GMT) (envelope-from uspoerlein@gmail.com) Received: by nf-out-0910.google.com with SMTP id n29so1415632nfc for ; Sun, 01 Oct 2006 11:17:28 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:to:cc:subject:message-id:reply-to:mail-followup-to:mime-version:content-type:content-disposition; b=ktbeudcoovbBQ5JPC+RrjhuOum5EGqutt26eLE7hCy3Ygy/XSXoOyfE0lyn9rMRcWmRfHHW/oGHrPauYupZ9ETjWQBtPWSFblEL+ne2PbK6ZkT4gGYBQQjIBdWHcN/L0izWpBE464/DTO/JAH4F0OLgmbpteXFuvRMjOPIEb+k4= Received: by 10.49.80.12 with SMTP id h12mr8321245nfl; Sun, 01 Oct 2006 11:17:28 -0700 (PDT) Received: from roadrunner.q.local ( [85.180.169.18]) by mx.gmail.com with ESMTP id a23sm13099738nfc.2006.10.01.11.17.27; Sun, 01 Oct 2006 11:17:28 -0700 (PDT) Received: from roadrunner.q.local (localhost [127.0.0.1]) by roadrunner.q.local (8.13.8/8.13.6) with ESMTP id k91IHM2u009202; Sun, 1 Oct 2006 20:17:22 +0200 (CEST) (envelope-from uspoerlein@gmail.com) Received: (from q@localhost) by roadrunner.q.local (8.13.8/8.13.6/Submit) id k91IHLjU009201; Sun, 1 Oct 2006 20:17:21 +0200 (CEST) (envelope-from uspoerlein@gmail.com) Date: Sun, 1 Oct 2006 20:17:21 +0200 From: Ulrich Spoerlein To: stable@freebsd.org Message-ID: <20061001181720.GD1365@roadrunner.q.local> Mail-Followup-To: stable@freebsd.org, net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Cc: net@freebsd.org Subject: altq on tun0: queueing works, prioritization not? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: stable@freebsd.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Oct 2006 18:17:31 -0000 Hello all, I tried to set up TCP ACK prioritization with pf/altq as has been described on various places of the internet. It doesn't work as expected. I have a 16Mb/1Mb DSL link, the modem is connected to a dc(4) device, I'm working with the tun0 device for my firewall rules. Here they are: ext_if="tun0" scrub in all altq on tun0 priq bandwidth 400Kb queue { std, http, ssh, dns, tcp_ack } queue std priority 1 priq(default) queue tcp_ack priority 6 pass out on $ext_if proto tcp from any to any queue(std, tcp_ack) Please note that I tried various bandwidth settings, for testing purposes I set it to a very very low 400kb. When downloading from ftp.de.freebsd.org, I'm able to achieve roughly 950kB/s. If I then start an FTP upload (which will reach some 42kB/s, so the 400kb bandwidth is in effect), the interface throughput drops down to a mere 120kB/s. The 400kb limit should also be low enough, as I'm able to upload to that same ftp with up to 100kB/s if I turn off queueing. This is definitely not what I would expect. Where is my error? Ulrich Spoerlein -- A: Yes. >Q: Are you sure? > >A: Because it reverses the logical flow of conversation. > >>Q: Why is top posting frowned upon? From owner-freebsd-net@FreeBSD.ORG Sun Oct 1 19:14:23 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9FF6016A494 for ; Sun, 1 Oct 2006 19:14:23 +0000 (UTC) (envelope-from uspoerlein@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8316C43D45 for ; Sun, 1 Oct 2006 19:14:22 +0000 (GMT) (envelope-from uspoerlein@gmail.com) Received: by ug-out-1314.google.com with SMTP id m2so406824uge for ; Sun, 01 Oct 2006 12:14:21 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:to:subject:message-id:reply-to:mail-followup-to:references:mime-version:content-type:content-disposition:in-reply-to; b=bxx+OwMr+SU2POa0Jbo5D+Yo7nTxK0JUzdvnoWr66hWUh12c4yPLf87rFRAhWvkeTx027Vnrbo+K/vuZ0Y5uTJuIAyRAtzCdg7eiPCmJ+0BUwggsUy3qPmPso+WCNFcZ4RtRWSbkV2theJVVFmryno2g013LZoPqcpZQ1TlBPF8= Received: by 10.67.117.18 with SMTP id u18mr2156203ugm; Sun, 01 Oct 2006 12:14:21 -0700 (PDT) Received: from roadrunner.q.local ( [85.180.169.18]) by mx.gmail.com with ESMTP id e1sm2235404ugf.2006.10.01.12.14.20; Sun, 01 Oct 2006 12:14:21 -0700 (PDT) Received: from roadrunner.q.local (localhost [127.0.0.1]) by roadrunner.q.local (8.13.8/8.13.6) with ESMTP id k91JEHFk009814; Sun, 1 Oct 2006 21:14:17 +0200 (CEST) (envelope-from uspoerlein@gmail.com) Received: (from q@localhost) by roadrunner.q.local (8.13.8/8.13.6/Submit) id k91JEGaS009813; Sun, 1 Oct 2006 21:14:16 +0200 (CEST) (envelope-from uspoerlein@gmail.com) Date: Sun, 1 Oct 2006 21:14:16 +0200 From: Ulrich Spoerlein To: stable@freebsd.org, net@freebsd.org Message-ID: <20061001191416.GE1365@roadrunner.q.local> Mail-Followup-To: stable@freebsd.org, net@freebsd.org References: <20061001181720.GD1365@roadrunner.q.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20061001181720.GD1365@roadrunner.q.local> Cc: Subject: Re: altq on tun0: queueing works, prioritization not? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: stable@freebsd.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Oct 2006 19:14:23 -0000 Ulrich Spoerlein wrote: > This is definitely not what I would expect. Where is my error? Oh well, I should have tried 'cbq' earlier. With the following settings (renamed the queues) altq on $ext_if cbq bandwidth 800Kb queue { q_pri, q_std } queue q_pri priority 6 cbq(borrow) queue q_std priority 1 cbq(default borrow) I'm actually able to achieve some effect. The upload is capped at 70-80kB/s and the download will fluctuate between 580 and 750 kB/s. Much better than the plain priority queuing. As soon as I cut the upload, the download will jump back to 950-1000kB/s. Is this discrepancy (pri vs. cbq) known? Ulrich Spoerlein -- A: Yes. >Q: Are you sure? > >A: Because it reverses the logical flow of conversation. > >>Q: Why is top posting frowned upon? From owner-freebsd-net@FreeBSD.ORG Sun Oct 1 22:04:18 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 667E016A403 for ; Sun, 1 Oct 2006 22:04:18 +0000 (UTC) (envelope-from mav@mavhome.dp.ua) Received: from cmail.optima.ua (cmail.optima.ua [195.248.191.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC6C243D5C for ; Sun, 1 Oct 2006 22:04:17 +0000 (GMT) (envelope-from mav@mavhome.dp.ua) X-Spam-Level: 64 [XX] (100%) BAYESIAN TRAINING: 100 Received: from [195.248.178.122] (account mav@alkar.net HELO [192.168.3.2]) by cmail.optima.ua (CommuniGate Pro SMTP 5.0.11) with ESMTPA id 16984945; Mon, 02 Oct 2006 01:04:16 +0300 Message-ID: <45203B3B.8000005@mavhome.dp.ua> Date: Mon, 02 Oct 2006 01:03:39 +0300 From: Alexander Motin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: lucky.freebsd.net To: Blue References: <1159449782.00609045.1159437602@10.7.7.3> In-Reply-To: <1159449782.00609045.1159437602@10.7.7.3> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: Does mpd (multi-link PPP daemon) support IPv6? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Oct 2006 22:04:18 -0000 Hi, all. I have just implemented IPV6CP support in CVS version of mpd4. It is not yet fully finished, tested and ready to be released, but if anybody wish to be an alfa tester, you are welcome to sourceforge.net CVS repository: http://sourceforge.net/projects/mpd http://sourceforge.net/cvs/?group_id=14145 For IPv6 not yet supported: TcpMSSFix, NetFlow, Tee and DialOnDemand. Known bugs: DialOnDemand for IPv4 is temporary broken as result of iface handling rework in progress. By default now ipv6cp is disabled and should be enabled by: set bundle enable ipv6cp Blue wrote: > I want to know whether mpd (multi-link PPP daemon) could possibly > support IPv6. When I want to establish a PPTP connection with a PPTP > server running mpd, could I use IPv6CP instead of IPv4CP to set up the > PPP? If it supports, how could I configure the related parameters in the > configuration files? I could only find the ipcp syntax. -- Alexander Motin From owner-freebsd-net@FreeBSD.ORG Mon Oct 2 01:21:00 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D2A7116A403 for ; Mon, 2 Oct 2006 01:21:00 +0000 (UTC) (envelope-from freebsd-net@goldenpath.org) Received: from mail.sbsnet.com (mail.sbsnet.com [63.147.233.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5CCD543D45 for ; Mon, 2 Oct 2006 01:20:58 +0000 (GMT) (envelope-from freebsd-net@goldenpath.org) Received: from [192.168.254.148] [24.199.124.213] by mail.sbsnet.com with ESMTP (SMTPD-8.22) id A8EB0614; Sun, 01 Oct 2006 21:18:35 -0400 Message-ID: <4520695C.9060302@goldenpath.org> Date: Sun, 01 Oct 2006 21:20:28 -0400 From: Tim Allender User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: D-Link DGE-530T X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 01:21:00 -0000 Come's with fbsd 5.3 drivers, but not 6.1. Is there an easy way out? I've always wanted to learn about writing drivers. But, I don't know if I'm up for it, and I need these things to work now. From owner-freebsd-net@FreeBSD.ORG Mon Oct 2 08:19:31 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0946416A412 for ; Mon, 2 Oct 2006 08:19:31 +0000 (UTC) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [202.249.10.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id AAC2643D55 for ; Mon, 2 Oct 2006 08:19:17 +0000 (GMT) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from impact.jinmei.org (unknown [2001:200:1b1:1010:20e:7bff:fedd:fe03]) by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP id 179611521A; Mon, 2 Oct 2006 17:19:15 +0900 (JST) Date: Mon, 02 Oct 2006 17:19:12 +0900 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: John Hay In-Reply-To: <20060908161514.GA42016@zibbi.meraka.csir.co.za> References: <20060907100944.GA68587@zibbi.meraka.csir.co.za> <20060907141019.91998.qmail@web26604.mail.ukl.yahoo.com> <20060908161514.GA42016@zibbi.meraka.csir.co.za> User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI) Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan. MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: freebsd-net@freebsd.org Subject: Re: ipv6 host routes X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 08:19:31 -0000 >>>>> On Fri, 8 Sep 2006 18:15:14 +0200, >>>>> John Hay said: > With this and my FreeBSD/IPv6 port of olsrd I can run multiple wireless > interfaces with the same IPv6 subnet and olsrd can make it all work. I should have looked at it much earlier (sorry about the delay), but I don't this change is correct. This will easily bother statically installed route (especially) on a point-to-point interface. There seem to be some try-and-errors in the CURRENT branch, but even the latest revision (1.69) has a bad side-effect. For example, if you statically install the following *host* route # route add -inet6 2001:db8::abcd -host -interface gif0 the latest revision of kernel will eventually remove it due to unreachability detection, which is unlikely what the administrator wanted to see. The key point here is whether the route is statically created or not. And, if I understand your intent correctly, the host route you want to install is not really "static" in that it can (or should) be removed when it's detected to be unreachable, right? If so, the correct change to the kernel is the patch attached below (it's against RELENG_6 as of today, which is rev. 1.48.2.14). JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp Index: nd6.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/nd6.c,v retrieving revision 1.48.2.14 diff -u -r1.48.2.14 nd6.c --- nd6.c 20 Sep 2006 19:10:18 -0000 1.48.2.14 +++ nd6.c 2 Oct 2006 08:17:30 -0000 @@ -1315,7 +1315,7 @@ callout_init(&ln->ln_timer_ch, 0); /* this is required for "ndp" command. - shin */ - if (req == RTM_ADD) { + if (req == RTM_ADD && (rt->rt_flags & RTF_STATIC)) { /* * gate should have some valid AF_LINK entry, * and ln->ln_expire should have some lifetime @@ -1392,8 +1392,6 @@ ip6_sprintf(&llsol), error)); } } - } else if (req == RTM_ADD && SDL(gate)->sdl_alen == 0) { - ln->ln_state = ND6_LLINFO_INCOMPLETE; } break; From owner-freebsd-net@FreeBSD.ORG Mon Oct 2 10:18:12 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 30EAF16A492 for ; Mon, 2 Oct 2006 10:18:12 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from mrout1-b.corp.dcn.yahoo.com (mrout1-b.corp.dcn.yahoo.com [216.109.112.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id BDBFE43D5E for ; Mon, 2 Oct 2006 10:18:11 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy8.corp.yahoo.com [216.145.48.13]) by mrout1-b.corp.dcn.yahoo.com (8.13.6/8.13.6/y.out) with ESMTP id k92AI3KI023601 for ; Mon, 2 Oct 2006 03:18:03 -0700 (PDT) Date: Mon, 02 Oct 2006 19:18:00 +0900 Message-ID: From: gnn@freebsd.org To: net@freebsd.org User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 Emacs/22.0.50 (i386-apple-darwin8.7.1) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: Subject: HEADS UP, minor change to IPv6 link local address setup X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 10:18:12 -0000 Hi Folks, I just committed to HEAD a minor change to our IPv6 support. Unless a user sets ipv6_enable to YES in rc.conf link local addresses will NOT appear on any interface. This seems to make some sense because you shouldn't have them if you didn't ask for IPv6 to be enabled. IPv6 remains in the kernel by default. Please let me know if there are any issues with this change. I did test this but of course not as extensively as all of you can. I intend to MFC this in 3 days if re@ is willing to let me. Thanks, George From owner-freebsd-net@FreeBSD.ORG Mon Oct 2 11:08:28 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 973FF16A5A6 for ; Mon, 2 Oct 2006 11:08:28 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DA7943D46 for ; Mon, 2 Oct 2006 11:08:28 +0000 (GMT) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k92B8SQJ001557 for ; Mon, 2 Oct 2006 11:08:28 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k92B8RAF001553 for freebsd-net@FreeBSD.org; Mon, 2 Oct 2006 11:08:27 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 2 Oct 2006 11:08:27 GMT Message-Id: <200610021108.k92B8RAF001553@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: linimon set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 11:08:28 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/38554 net changing interface ipaddress doesn't seem to work s kern/39937 net ipstealth issue s kern/52585 net [netinet] [patch] Kernel panic with ipfw2 and syncooki o kern/92552 net A serious bug in most network drivers from 5.X to 6.X f kern/93220 net [inet6] nd6_lookup: failed to add route for a neighbor 5 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- s kern/19875 net A new protocol family, PF_IPOPTION, to handle IP optio o conf/23063 net [PATCH] for static ARP tables in rc.network s bin/41647 net ifconfig(8) doesn't accept lladdr along with inet addr o kern/54383 net [nfs] [patch] NFS root configurations without dynamic s kern/60293 net FreeBSD arp poison patch o kern/95267 net packet drops periodically appear o kern/102035 net [plip] plip networking disables parallel port printing o conf/102502 net [patch] ifconfig name does't rename netgraph node in n o kern/102607 net [if_bridge] don't generate random L2 address 9 problems total. From owner-freebsd-net@FreeBSD.ORG Mon Oct 2 11:11:09 2006 Return-Path: X-Original-To: net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5681516A407 for ; Mon, 2 Oct 2006 11:11:09 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 00CE943D46 for ; Mon, 2 Oct 2006 11:11:08 +0000 (GMT) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k92BB8Y8003074 for ; Mon, 2 Oct 2006 11:11:08 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k92BB7hZ003070 for net@FreeBSD.org; Mon, 2 Oct 2006 11:11:07 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 2 Oct 2006 11:11:07 GMT Message-Id: <200610021111.k92BB7hZ003070@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: linimon set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: net@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 11:11:09 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- s kern/95665 net [if_tun] "ping: sendto: No buffer space available" wit 1 problem total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- f kern/95277 net [netinet] IP Encapsulation mask_match() returns wrong 1 problem total. From owner-freebsd-net@FreeBSD.ORG Mon Oct 2 11:56:13 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF71A16A415 for ; Mon, 2 Oct 2006 11:56:13 +0000 (UTC) (envelope-from jhay@meraka.csir.co.za) Received: from zibbi.meraka.csir.co.za (zibbi.meraka.csir.co.za [146.64.24.58]) by mx1.FreeBSD.org (Postfix) with ESMTP id 15E5A43D46 for ; Mon, 2 Oct 2006 11:56:11 +0000 (GMT) (envelope-from jhay@meraka.csir.co.za) Received: by zibbi.meraka.csir.co.za (Postfix, from userid 3973) id 7B33933C82; Mon, 2 Oct 2006 13:56:06 +0200 (SAST) Date: Mon, 2 Oct 2006 13:56:06 +0200 From: John Hay To: "JINMEI Tatuya / ?$B?@L@C#:H" Message-ID: <20061002115606.GA14698@zibbi.meraka.csir.co.za> References: <20060907100944.GA68587@zibbi.meraka.csir.co.za> <20060907141019.91998.qmail@web26604.mail.ukl.yahoo.com> <20060908161514.GA42016@zibbi.meraka.csir.co.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: ipv6 host routes X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 11:56:13 -0000 On Mon, Oct 02, 2006 at 05:19:12PM +0900, JINMEI Tatuya / ?$B?@L@C#:H wrote: > I should have looked at it much earlier (sorry about the delay), but I > don't this change is correct. This will easily bother statically > installed route (especially) on a point-to-point interface. No problem if I can get your help now. :-) > The key point here is whether the route is statically created or not. > And, if I understand your intent correctly, the host route you want to > install is not really "static" in that it can (or should) be removed > when it's detected to be unreachable, right? Maybe I should state what I want to achieve again. What I'm trying to do is to add a host route to a machine directly connected. It sounds stupid because you normally don't need it, but I'm busy porting net/olsrd to FreeBSD/IPv6. Currently it only have linux ipv6 support. Olsrd is a mesh routing protocol used in adhoc wireless networks. The one reason you want to add these routes is because you might have more than one wireless interface on the same subnet, covering different areas. So you need to add a route to the interface that can talk to the host. So after some struggling and questions on freebsd-net, I came up with code that do the equivalent of: "route add -inet6 -interface -ifp -llinfo -nostatic" in olsrd and this patch. If there is an easier way, I would love to use it. I would have liked if something simple like "route add -inet6 -interface " did work on "normal" interfaces like ethernet and wireless interfaces too. Olsrd will remove the route again when it isn't needed or correct anymore, so there is no need for it to be removed by the OS. It probably shouldn't be marked static either because routing deamons do not normally do that. John -- John Hay -- John.Hay@meraka.csir.co.za / jhay@FreeBSD.org From owner-freebsd-net@FreeBSD.ORG Mon Oct 2 12:53:02 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5FEAB16A580 for ; Mon, 2 Oct 2006 12:53:02 +0000 (UTC) (envelope-from rea@codelabs.ru) Received: from pobox.codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by mx1.FreeBSD.org (Postfix) with ESMTP id C235443D58 for ; Mon, 2 Oct 2006 12:53:01 +0000 (GMT) (envelope-from rea@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Message-ID:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender:X-Spam-Status:Subject; b=PelCu18gfSOZVzAXIG2fnYr1DpXfjhw4EsTKrpXDaD/o5vraJWjLTpCtIVeO9v+EALaoJWFb2dAT0vNoR6WA5uyJGrDti6lXmh/z+MO3BaIVAl/8ceSwlPUZx1vH0VvD9dc0fW07yCaeZA2Dy6+Me3e5sGLI27WnkysYpG8BYdU=; Received: from codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by pobox.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1GUNI2-000N7G-Rb (envelope-from ); Mon, 02 Oct 2006 16:52:59 +0400 Date: Mon, 2 Oct 2006 16:52:54 +0400 From: Eygene Ryabinkin To: Tim Allender Message-ID: <20061002125254.GC25883@codelabs.ru> References: <4520695C.9060302@goldenpath.org> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <4520695C.9060302@goldenpath.org> Sender: rea@codelabs.ru X-Spam-Status: No, score=-1.8 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_50 Cc: freebsd-net@freebsd.org Subject: Re: D-Link DGE-530T X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 12:53:02 -0000 > Come's with fbsd 5.3 drivers, but not 6.1. > Is there an easy way out? Use sk(4) driver. It supports DGE-530T: ----- skc0: port 0xd800-0xd8ff mem 0xdfffc000-0xdfffffff irq 10 at device 7.0 on pci0 skc0: DGE-530T Gigabit Ethernet Adapter rev. (0x1) sk0: on skc0 sk0: Ethernet address: 00:0d:88:64:ad:72 $ uname -r 6.2-PRERELEASE ----- I had no problems with this card with sk(4) driver since 5.3. (Apart from bridge + checksum offloading problem that does not affect non-bridged configurations and can be cured by disabling hardware-assisted checksums). -- Eygene From owner-freebsd-net@FreeBSD.ORG Mon Oct 2 13:56:03 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A19F16A40F for ; Mon, 2 Oct 2006 13:56:03 +0000 (UTC) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [202.249.10.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C9A843D58 for ; Mon, 2 Oct 2006 13:56:02 +0000 (GMT) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from impact.jinmei.org (shuttle.wide.toshiba.co.jp [2001:200:1b1::35]) by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP id 5EBE11521B; Mon, 2 Oct 2006 22:56:01 +0900 (JST) Date: Mon, 02 Oct 2006 22:55:58 +0900 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: John Hay In-Reply-To: <20061002115606.GA14698@zibbi.meraka.csir.co.za> References: <20060907100944.GA68587@zibbi.meraka.csir.co.za> <20060907141019.91998.qmail@web26604.mail.ukl.yahoo.com> <20060908161514.GA42016@zibbi.meraka.csir.co.za> <20061002115606.GA14698@zibbi.meraka.csir.co.za> User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI) Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan. MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: freebsd-net@freebsd.org Subject: Re: ipv6 host routes X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 13:56:03 -0000 >>>>> On Mon, 2 Oct 2006 13:56:06 +0200, >>>>> John Hay said: >> The key point here is whether the route is statically created or not. >> And, if I understand your intent correctly, the host route you want to >> install is not really "static" in that it can (or should) be removed >> when it's detected to be unreachable, right? > Maybe I should state what I want to achieve again. I believe I already knew that. Perhaps I was not really clear about the point, but the important part is: + the code currently committed in the repository is not correct in that it has a bad side-effect (so whether my patch is correct or not it should be removed or fixed anyway) + the proposed change in my previous post should provide what you want to achieve without the side-effect One subtle point is that the host route (a neighbor *cache* entry) will be removed automatically in the kernel when that host is detected to be unreachable via the Neighbor Unreachability Detection process. This should be the case for the current code and for my patch. The process (daemon) that installed the host route will thus be responsible for taking care of the automatic removal event, by re-installing the route, or synchronizing internal data with the kernel, etc. This is what I intended to point out by saying it's not really 'static'. Am I now clear enough? JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp From owner-freebsd-net@FreeBSD.ORG Mon Oct 2 20:10:45 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4CCB216A403; Mon, 2 Oct 2006 20:10:45 +0000 (UTC) (envelope-from marcelo@registro.br) Received: from clone.registro.br (clone.registro.br [200.160.2.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id C735C43D45; Mon, 2 Oct 2006 20:10:44 +0000 (GMT) (envelope-from marcelo@registro.br) Received: by clone.registro.br (Postfix, from userid 1014) id 2E5B22A4FD; Mon, 2 Oct 2006 17:10:43 -0300 (BRT) Date: Mon, 2 Oct 2006 17:10:43 -0300 From: Marcelo Gardini do Amaral To: freebsd-stable@freebsd.org Message-ID: <20061002201043.GH62729@registro.br> References: <2a41acea0608301145j7bbed961j33ce903a27d8963d@mail.gmail.com> <20060904130827.GE12975@registro.br> <20060911195521.GD63300@registro.br> <20060913182019.R50147@fledge.watson.org> <20060913182457.W50147@fledge.watson.org> <20060914175049.GH49126@registro.br> <450A2A6E.3040408@yandex.ru> <20060915145120.GA93074@registro.br> <20060915223211.R65248@odysseus.silby.com> <20060918133038.GG6701@registro.br> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060918133038.GG6701@registro.br> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: DNS query performance X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 20:10:45 -0000 Does anybody have some news about this thread? Nowadays I prefer to use 4.11 until I can solve all the issues but its end-of-life is near and I'm worried. Thanks, Marcelo On Mon, Sep 18, 2006 at 10:30:38AM -0300, Marcelo Gardini do Amaral wrote: > > Hello Mike, > > > Although it sounds silly, could you try recompiling 6.1 and 7.0 with a > > non-SMP kernel and see how they perform? That would at least tell us if > > it's a general performance problem in 6.x and 7.x, or if SMP is somehow > > hurting performance in this case. > > I have this numbers spread over my e-mails. Just putting they together: > > > OS q/s > --- --- > > FreeBSD 6.1 SMP 14953 > > FreeBSD 6.1 UP 15516 > > FreeBSD 7.x SMP 15323 > > FreeBSD 7.x UP 16200 > > > FreeBSD 4.11 SMP 34977 > > FreeBSD 4.11 UP 33926 > > > I think is a general problem in 6.x and 7.x. UP kernel is always a > little bit better, but I can't see big changes tweaking from SMP to > UP. > > On the other hand, with the same hardware, 4.11 is twice better in > performance. > > -- > Att., > > Marcelo Gardini > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Mon Oct 2 23:14:45 2006 Return-Path: X-Original-To: freebsd-net@hub.freebsd.org Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1BC2316A47B; Mon, 2 Oct 2006 23:14:45 +0000 (UTC) (envelope-from jmg@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id CDC4043D49; Mon, 2 Oct 2006 23:14:44 +0000 (GMT) (envelope-from jmg@FreeBSD.org) Received: from freefall.freebsd.org (jmg@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k92NEiqf069658; Mon, 2 Oct 2006 23:14:44 GMT (envelope-from jmg@freefall.freebsd.org) Received: (from jmg@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k92NEii4069654; Mon, 2 Oct 2006 23:14:44 GMT (envelope-from jmg) Date: Mon, 2 Oct 2006 23:14:44 GMT From: John-Mark Gurney Message-Id: <200610022314.k92NEii4069654@freefall.freebsd.org> To: jmg@FreeBSD.org, net@FreeBSD.org, freebsd-net@FreeBSD.org Cc: Subject: Re: kern/95665: [if_tun] "ping: sendto: No buffer space available" with TUN interface (easily reproducable with test program) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 23:14:45 -0000 Synopsis: [if_tun] "ping: sendto: No buffer space available" with TUN interface (easily reproducable with test program) Responsible-Changed-From-To: net->freebsd-net Responsible-Changed-By: jmg Responsible-Changed-When: Mon Oct 2 23:14:29 UTC 2006 Responsible-Changed-Why: move w/ the others... http://www.freebsd.org/cgi/query-pr.cgi?pr=95665 From owner-freebsd-net@FreeBSD.ORG Mon Oct 2 23:14:45 2006 Return-Path: X-Original-To: net@hub.freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1BC2316A47B; Mon, 2 Oct 2006 23:14:45 +0000 (UTC) (envelope-from jmg@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id CDC4043D49; Mon, 2 Oct 2006 23:14:44 +0000 (GMT) (envelope-from jmg@FreeBSD.org) Received: from freefall.freebsd.org (jmg@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k92NEiqf069658; Mon, 2 Oct 2006 23:14:44 GMT (envelope-from jmg@freefall.freebsd.org) Received: (from jmg@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k92NEii4069654; Mon, 2 Oct 2006 23:14:44 GMT (envelope-from jmg) Date: Mon, 2 Oct 2006 23:14:44 GMT From: John-Mark Gurney Message-Id: <200610022314.k92NEii4069654@freefall.freebsd.org> To: jmg@FreeBSD.org, net@FreeBSD.org, freebsd-net@FreeBSD.org Cc: Subject: Re: kern/95665: [if_tun] "ping: sendto: No buffer space available" with TUN interface (easily reproducable with test program) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 23:14:45 -0000 Synopsis: [if_tun] "ping: sendto: No buffer space available" with TUN interface (easily reproducable with test program) Responsible-Changed-From-To: net->freebsd-net Responsible-Changed-By: jmg Responsible-Changed-When: Mon Oct 2 23:14:29 UTC 2006 Responsible-Changed-Why: move w/ the others... http://www.freebsd.org/cgi/query-pr.cgi?pr=95665 From owner-freebsd-net@FreeBSD.ORG Mon Oct 2 23:15:06 2006 Return-Path: X-Original-To: freebsd-net@hub.freebsd.org Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C31B16A412; Mon, 2 Oct 2006 23:15:06 +0000 (UTC) (envelope-from jmg@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B5B0A43D55; Mon, 2 Oct 2006 23:15:05 +0000 (GMT) (envelope-from jmg@FreeBSD.org) Received: from freefall.freebsd.org (jmg@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k92NF5I0069707; Mon, 2 Oct 2006 23:15:05 GMT (envelope-from jmg@freefall.freebsd.org) Received: (from jmg@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k92NF5Nr069703; Mon, 2 Oct 2006 23:15:05 GMT (envelope-from jmg) Date: Mon, 2 Oct 2006 23:15:05 GMT From: John-Mark Gurney Message-Id: <200610022315.k92NF5Nr069703@freefall.freebsd.org> To: jmg@FreeBSD.org, net@FreeBSD.org, freebsd-net@FreeBSD.org Cc: Subject: Re: kern/95277: [netinet] IP Encapsulation mask_match() returns wrong results X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 23:15:06 -0000 Synopsis: [netinet] IP Encapsulation mask_match() returns wrong results Responsible-Changed-From-To: net->freebsd-net Responsible-Changed-By: jmg Responsible-Changed-When: Mon Oct 2 23:14:49 UTC 2006 Responsible-Changed-Why: move w/ the others... http://www.freebsd.org/cgi/query-pr.cgi?pr=95277 From owner-freebsd-net@FreeBSD.ORG Mon Oct 2 23:15:06 2006 Return-Path: X-Original-To: net@hub.freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C31B16A412; Mon, 2 Oct 2006 23:15:06 +0000 (UTC) (envelope-from jmg@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B5B0A43D55; Mon, 2 Oct 2006 23:15:05 +0000 (GMT) (envelope-from jmg@FreeBSD.org) Received: from freefall.freebsd.org (jmg@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k92NF5I0069707; Mon, 2 Oct 2006 23:15:05 GMT (envelope-from jmg@freefall.freebsd.org) Received: (from jmg@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k92NF5Nr069703; Mon, 2 Oct 2006 23:15:05 GMT (envelope-from jmg) Date: Mon, 2 Oct 2006 23:15:05 GMT From: John-Mark Gurney Message-Id: <200610022315.k92NF5Nr069703@freefall.freebsd.org> To: jmg@FreeBSD.org, net@FreeBSD.org, freebsd-net@FreeBSD.org Cc: Subject: Re: kern/95277: [netinet] IP Encapsulation mask_match() returns wrong results X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 23:15:06 -0000 Synopsis: [netinet] IP Encapsulation mask_match() returns wrong results Responsible-Changed-From-To: net->freebsd-net Responsible-Changed-By: jmg Responsible-Changed-When: Mon Oct 2 23:14:49 UTC 2006 Responsible-Changed-Why: move w/ the others... http://www.freebsd.org/cgi/query-pr.cgi?pr=95277 From owner-freebsd-net@FreeBSD.ORG Mon Oct 2 23:36:16 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E40F716A407 for ; Mon, 2 Oct 2006 23:36:16 +0000 (UTC) (envelope-from fwun@bigpond.net.au) Received: from imta04ps.mx.bigpond.com (imta04ps.mx.bigpond.com [144.140.83.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A78E43D53 for ; Mon, 2 Oct 2006 23:36:15 +0000 (GMT) (envelope-from fwun@bigpond.net.au) Received: from web07ps ([144.140.81.184]) by imta04ps.mx.bigpond.com with ESMTP id <20061002233613.IRJX3793.imta04ps.mx.bigpond.com@web07ps> for ; Mon, 2 Oct 2006 23:36:13 +0000 Received: from unknown by webedge.bigpond.com; Mon, 2 Oct 2006 23:36:13 +0000 Message-ID: <15982980.1159832173677.JavaMail.root@web07ps> Date: Tue, 3 Oct 2006 9:36:13 +1000 From: To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) Sensitivity: Normal Subject: IPSEC & PF - Please help X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 23:36:17 -0000 Hi, I am having trouble in setting up IPSEC with a remote office. I desperately need help to sort out the problem. Here is the description of this little network: My Office (with Cable Internet, sis0 is the public interface): sis0: flags=8843 mtu 1500 options=8 inet6 fe80::20d:b9ff:fe03:e22c%sis0 prefixlen 64 scopeid 0x1 inet 60.225.5.1 netmask 0xfffffc00 broadcast 255.255.255.255 ether 00:0d:b9:03:e2:2c media: Ethernet autoselect (100baseTX ) status: active sis1: flags=8843 mtu 1500 options=8 inet6 fe80::20d:b9ff:fe03:e22d%sis1 prefixlen 64 scopeid 0x2 inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255 inet 10.1.10.1 netmask 0xff000000 broadcast 10.255.255.255 ether 00:0d:b9:03:e2:2d media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff000000 inet 10.1.1.1 netmask 0xffffff00 pflog0: flags=41 mtu 33208 pfsync0: flags=41 mtu 2020 gif102: flags=8051 mtu 1280 tunnel inet 60.225.5.1 --> 203.33.16.32 inet 10.1.1.1 --> 10.1.1.100 netmask 0xffffff00 inet6 fe80::20d:b9ff:fe03:e22c%gif102 prefixlen 64 scopeid 0x7 Ric's Office (with ADSL boardband): sis0: flags=8843 mtu 1500 options=8 inet6 fe80::20d:b9ff:fe03:eb40%sis0 prefixlen 64 scopeid 0x1 ether 00:0d:b9:03:eb:40 media: Ethernet autoselect (10baseT/UTP) status: active sis1: flags=8843 mtu 1500 options=8 inet6 fe80::20d:b9ff:fe03:eb41%sis1 prefixlen 64 scopeid 0x2 inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 inet 10.1.100.1 netmask 0xffffff00 broadcast 10.1.100.255 ether 00:0d:b9:03:eb:41 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff000000 inet 10.1.1.100 netmask 0xffffff00 pflog0: flags=41 mtu 33208 pfsync0: flags=41 mtu 2020 tun0: flags=8051 mtu 1492 inet 203.33.16.32 --> 203.17.1.1 netmask 0xffffffff Opened by PID 362 #Script for establish IPSEC at My Office: /sbin/ifconfig lo0 inet 10.1.1.1/24 alias setkey -FP setkey -F # Tunnel to Ric office /sbin/ifconfig gif102 destroy /sbin/ifconfig gif102 create /sbin/ifconfig gif102 tunnel 60.225.5.1 203.33.16.32 /sbin/ifconfig gif102 inet 10.1.1.1 10.1.1.100 netmask 255.255.255.0 /sbin/route delete 10.1.100.1/24 /sbin/route delete 172.17.100.0/24 /sbin/route add 10.1.100.1/24 10.1.1.100 /sbin/route add 172.17.100.0/24 10.1.1.100 setkey -c << EOF Firewall rule at My (SAm)'s office: # pfctl -sr pass in on sis1 inet proto tcp from any to 127.0.0.1 port = 3128 keep state pass out on sis0 inet proto tcp from any to any port = http keep state block drop in log all block drop in log quick on sis0 inet proto udp from any to 255.255.255.255 block drop in log quick on sis1 inet proto udp from any to 255.255.255.255 pass in on lo0 all pass out quick on sis0 all keep state pass out quick on sis1 all keep state pass in on sis1 all keep state pass out on sis0 proto tcp all flags S/SA keep state pass out on sis1 proto tcp all flags S/SA keep state pass in on sis0 proto tcp from any to any port = ssh flags S/SA keep state pass in on sis0 proto tcp from any to any port = http flags S/SA keep state pass in on sis0 proto udp from any to any port = commplex-main keep state pass in quick on ath0 all keep state pass in quick on sis0 inet proto esp from 60.225.5.1 to 203.33.16.32 pass out quick on sis0 inet proto esp from 203.33.16.32 to 60.225.5.1 pass in quick proto ipencap all pass in quick inet from 10.1.100.0/24 to 10.1.1.0/24 pass out quick inet from 10.1.1.0/24 to 10.1.100.0/24 pass in quick inet from 10.1.1.0/24 to any pass in quick on sis0 inet proto udp from 60.225.54.190 to 203.33.163.232 port = isakmp pass out quick on sis0 inet proto udp from 203.33.163.232 to 60.225.54.190 port = isakmp pass quick on gif102 all Nework routing table at My (SAm)'s office: # netstat -rn | less Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 60.225.5.111 UGS 0 55131 sis0 10 link#2 UC 0 1 sis1 10.1.1.1 10.1.1.1 UH 0 0 lo0 10.1.100/24 10.1.1.100 UGS 0 7 gif102 60.225.5/22 link#1 UC 0 0 sis0 60.225.5.111 00:0f:35:45:78:70 UHLW 2 0 sis0 1200 127.0.0.1 127.0.0.1 UH 0 541 lo0 172.17.4/24 link#3 UC 0 0 ath0 172.17.100/24 10.1.1.100 UGS 0 0 gif102 192.168.0 link#2 UC 0 0 sis1 # Tunnel to Ric office spdadd 10.1.1.1 10.1.1.100 any -P out ipsec esp/tunnel/10.1.1.1-10.1.1.100/require ; spdadd 10.1.1.100 10.1.1.1 any -P in ipsec esp/tunnel/10.1.1.100-10.1.1.1/require ; add 10.1.1.1 10.1.1.100 esp 2744 -m tunnel -E blowfish-cbc 0xC0AD6D1F390BBECD431A75A3461C2FD62433DD1D947804CAD75133DABF2F25C4B6F928521AECE611218C007CE917CC986CF36382DB29D11B -A hmac-sha1 0xB4D3FBE932C36E1D09BA4827F78A542D37C936BE ; add 10.1.1.100 10.1.1.1 esp 3944 -m tunnel -E blowfish-cbc 0xB4E4556530711A5831A8289B4A8DB9334F62A878E6FAAF889A243FEA7BDEEE3058A4E8220289C02A09321BEFE0619AA641006F3C02230B3B -A hmac-sha1 0xAFB28AABC10B4B704A730CB070A719ED93254AB6 ; #Script for establish IPSEC at Ric's office: /sbin/ifconfig lo0 inet 10.1.1.100/24 alias setkey -FP setkey -F # Tunnel to Sam Office /sbin/ifconfig gif102 destroy /sbin/ifconfig gif102 create /sbin/ifconfig gif102 tunnel 203.33.16.32 60.225.5.1 /sbin/ifconfig gif102 inet 10.1.1.100 10.1.1.1 netmask 255.255.255.0 /sbin/route delete 10.1.1.1/24 /sbin/route delete 172.17.4.0/24 /sbin/route add 10.1.1.1/24 10.1.1.1 /sbin/route add 172.17.4.0/24 10.1.1.1 setkey -c << EOF # Tunnel to Sam office spdadd 10.1.1.100 10.1.1.1 any -P out ipsec esp/tunnel/10.1.1.100-10.1.1.1/require ; spdadd 10.1.1.1 10.1.1.100 any -P in ipsec esp/tunnel/10.1.1.1-10.1.1.100/require ; add 10.1.1.100 10.1.1.1 esp 2744 -m tunnel -E blowfish-cbc 0xC0AD6D1F390BBECD431A75A3461C2FD62433DD1D947804CAD75133DABF2F25C4B6F928521AECE611218C007CE917CC986CF36382DB29D11B -A hmac-sha1 0xB4D3FBE932C36E1D09BA4827F78A542D37C936BE ; add 10.1.1.1 10.1.1.100 esp 3944 -m tunnel -E blowfish-cbc 0xB4E4556530711A5831A8289B4A8DB9334F62A878E6FAAF889A243FEA7BDEEE3058A4E8220289C02A09321BEFE0619AA641006F3C02230B3B -A hmac-sha1 0xAFB28AABC10B4B704A730CB070A719ED93254AB6 ; EOF Firewall rule at Ric's office: # pfctl -sr pass in on sis1 inet proto tcp from any to 127.0.0.1 port = 3128 keep state pass out on tun0 inet proto tcp from any to any port = http keep state block drop in log all block drop in log quick on tun0 inet proto udp from any to 255.255.255.255 block drop in log quick on sis1 inet proto udp from any to 255.255.255.255 pass in on lo0 all pass out quick on tun0 all keep state pass out quick on sis1 all keep state pass in on sis1 all keep state pass out on tun0 proto tcp all flags S/SA keep state pass out on sis1 proto tcp all flags S/SA keep state pass in on tun0 proto tcp from any to any port = ssh flags S/SA keep state pass in on tun0 proto tcp from any to any port = http flags S/SA keep state pass in on tun0 proto udp from any to any port = commplex-main keep state pass in quick on ath0 all keep state pass in quick on tun0 inet proto esp from 203.33.163.232 to 60.225.54.190 pass out quick on tun0 inet proto esp from 60.225.54.190 to 203.33.163.232 pass in quick proto ipencap all pass in quick inet from 10.1.1.0/24 to 10.1.100.0/24 pass in quick inet from 10.1.1.0/24 to 10.1.1.0/24 pass out quick inet from 10.1.100.0/24 to 10.1.1.0/24 pass out quick inet from 10.1.100.0/24 to 10.1.100.0/24 pass in quick on tun0 inet proto udp from 203.33.16.32 to 60.225.5.1 port = isakmp pass out quick on tun0 inet proto udp from 60.225.5.1 to 203.33.16.32 port = isakmp pass quick on gif102 all Network routing table at Ric's office: # netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 203.17.101.81 UGS 0 2005455 tun0 10.1.1/24 10.1.1.1 UGS 0 0 gif102 10.1.1.1 10.1.1.100 UH 972 1015 gif102 10.1.1.100 10.1.1.100 UH 0 16 lo0 10.1.100/24 link#2 UC 0 0 sis1 10.1.100.1 00:0d:b9:03:eb:41 UHLW 1 10 lo0 127.0.0.1 127.0.0.1 UH 0 3335 lo0 172.17.4/24 10.1.1.1 UGS 0 586 gif102 192.168.0 link#2 UC 0 1 sis1 192.168.0.198 00:0d:60:ff:b7:1f UHLW 1 1141717 sis1 818 192.168.0.200 00:14:22:fd:cc:8f UHLW 1 9945 sis1 203.17.10.8 203.33.16.32 UH 1 0 tun0 The problem is My (Sam) office can ping 10.1.100.1 at Ric's office, but I still can't ping his other IP 10.1.1.100 (assigned to his loopback lo interfaice). Ric's office can't ping me (Sam) 10.1.1.1 or 10.1.10.1 at all. Tcpdump shown that the PF firewall blocked the incoming packet from 10.1.1/24, then I make a "pass" rule to let it thru. But Ric still can't ping 10.1.1.1 and 10.1.10.1 And I read the following article from PF mailing, it might be the issue in PF. Can anyone please shed some lights to me? I desperately want to get this working. Thanks S From owner-freebsd-net@FreeBSD.ORG Mon Oct 2 23:40:57 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0D23116A407 for ; Mon, 2 Oct 2006 23:40:57 +0000 (UTC) (envelope-from fwun@bigpond.net.au) Received: from imta02ps.mx.bigpond.com (imta02ps.mx.bigpond.com [144.140.83.139]) by mx1.FreeBSD.org (Postfix) with ESMTP id B866543D49 for ; Mon, 2 Oct 2006 23:40:55 +0000 (GMT) (envelope-from fwun@bigpond.net.au) Received: from web07ps ([144.140.81.184]) by imta02ps.mx.bigpond.com with ESMTP id <20061002234053.MMAD6455.imta02ps.mx.bigpond.com@web07ps> for ; Mon, 2 Oct 2006 23:40:53 +0000 Received: from unknown by webedge.bigpond.com; Mon, 2 Oct 2006 23:40:52 +0000 Message-ID: <128414.1159832453736.JavaMail.root@web07ps> Date: Tue, 3 Oct 2006 9:40:53 +1000 From: Cc: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) Sensitivity: Normal Subject: Re: IPSEC & PF - Please help X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 23:40:57 -0000 Here is the article I read about patch for PF: http://www.mail-archive.com/freebsd-pf@freebsd.org/msg01315.html Where can I find an official release of this patch for freebsd 6.1? the FreeBSD 6.1-stable I m using is dated in early August. Thanks S ---- fwun@bigpond.net.au wrote: > Hi, > > I am having trouble in setting up IPSEC with a remote office. I desperately need help to sort out the problem. > Here is the description of this little network: > > My Office (with Cable Internet, sis0 is the public interface): > sis0: flags=8843 mtu 1500 > options=8 > inet6 fe80::20d:b9ff:fe03:e22c%sis0 prefixlen 64 scopeid 0x1 > inet 60.225.5.1 netmask 0xfffffc00 broadcast 255.255.255.255 > ether 00:0d:b9:03:e2:2c > media: Ethernet autoselect (100baseTX ) > status: active > sis1: flags=8843 mtu 1500 > options=8 > inet6 fe80::20d:b9ff:fe03:e22d%sis1 prefixlen 64 scopeid 0x2 > inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255 > inet 10.1.10.1 netmask 0xff000000 broadcast 10.255.255.255 > ether 00:0d:b9:03:e2:2d > media: Ethernet autoselect (100baseTX ) > status: active > lo0: flags=8049 mtu 16384 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 > inet 127.0.0.1 netmask 0xff000000 > inet 10.1.1.1 netmask 0xffffff00 > pflog0: flags=41 mtu 33208 > pfsync0: flags=41 mtu 2020 > gif102: flags=8051 mtu 1280 > tunnel inet 60.225.5.1 --> 203.33.16.32 > inet 10.1.1.1 --> 10.1.1.100 netmask 0xffffff00 > inet6 fe80::20d:b9ff:fe03:e22c%gif102 prefixlen 64 scopeid 0x7 > > Ric's Office (with ADSL boardband): > sis0: flags=8843 mtu 1500 > options=8 > inet6 fe80::20d:b9ff:fe03:eb40%sis0 prefixlen 64 scopeid 0x1 > ether 00:0d:b9:03:eb:40 > media: Ethernet autoselect (10baseT/UTP) > status: active > sis1: flags=8843 mtu 1500 > options=8 > inet6 fe80::20d:b9ff:fe03:eb41%sis1 prefixlen 64 scopeid 0x2 > inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 > inet 10.1.100.1 netmask 0xffffff00 broadcast 10.1.100.255 > ether 00:0d:b9:03:eb:41 > media: Ethernet autoselect (100baseTX ) > status: active > lo0: flags=8049 mtu 16384 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 > inet 127.0.0.1 netmask 0xff000000 > inet 10.1.1.100 netmask 0xffffff00 > pflog0: flags=41 mtu 33208 > pfsync0: flags=41 mtu 2020 > tun0: flags=8051 mtu 1492 > inet 203.33.16.32 --> 203.17.1.1 netmask 0xffffffff > Opened by PID 362 > > #Script for establish IPSEC at My Office: > /sbin/ifconfig lo0 inet 10.1.1.1/24 alias > setkey -FP > setkey -F > > # Tunnel to Ric office > /sbin/ifconfig gif102 destroy > /sbin/ifconfig gif102 create > /sbin/ifconfig gif102 tunnel 60.225.5.1 203.33.16.32 > /sbin/ifconfig gif102 inet 10.1.1.1 10.1.1.100 netmask 255.255.255.0 > /sbin/route delete 10.1.100.1/24 > /sbin/route delete 172.17.100.0/24 > /sbin/route add 10.1.100.1/24 10.1.1.100 > /sbin/route add 172.17.100.0/24 10.1.1.100 > > setkey -c << EOF > > Firewall rule at My (SAm)'s office: > # pfctl -sr > pass in on sis1 inet proto tcp from any to 127.0.0.1 port = 3128 keep state > pass out on sis0 inet proto tcp from any to any port = http keep state > block drop in log all > block drop in log quick on sis0 inet proto udp from any to 255.255.255.255 > block drop in log quick on sis1 inet proto udp from any to 255.255.255.255 > pass in on lo0 all > pass out quick on sis0 all keep state > pass out quick on sis1 all keep state > pass in on sis1 all keep state > pass out on sis0 proto tcp all flags S/SA keep state > pass out on sis1 proto tcp all flags S/SA keep state > pass in on sis0 proto tcp from any to any port = ssh flags S/SA keep state > pass in on sis0 proto tcp from any to any port = http flags S/SA keep state > pass in on sis0 proto udp from any to any port = commplex-main keep state > pass in quick on ath0 all keep state > pass in quick on sis0 inet proto esp from 60.225.5.1 to 203.33.16.32 > pass out quick on sis0 inet proto esp from 203.33.16.32 to 60.225.5.1 > pass in quick proto ipencap all > pass in quick inet from 10.1.100.0/24 to 10.1.1.0/24 > pass out quick inet from 10.1.1.0/24 to 10.1.100.0/24 > pass in quick inet from 10.1.1.0/24 to any > pass in quick on sis0 inet proto udp from 60.225.5.1 to 203.33.16.32 port = isakmp > pass out quick on sis0 inet proto udp from 203.33.16.32 to 60.225.5.1 port = isakmp > pass quick on gif102 all > > Nework routing table at My (SAm)'s office: > # netstat -rn | less > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif Expire > default 60.225.5.111 UGS 0 55131 sis0 > 10 link#2 UC 0 1 sis1 > 10.1.1.1 10.1.1.1 UH 0 0 lo0 > 10.1.100/24 10.1.1.100 UGS 0 7 gif102 > 60.225.5/22 link#1 UC 0 0 sis0 > 60.225.5.111 00:0f:35:45:78:70 UHLW 2 0 sis0 1200 > 127.0.0.1 127.0.0.1 UH 0 541 lo0 > 172.17.4/24 link#3 UC 0 0 ath0 > 172.17.100/24 10.1.1.100 UGS 0 0 gif102 > 192.168.0 link#2 UC 0 0 sis1 > > # Tunnel to Ric office > spdadd 10.1.1.1 10.1.1.100 any -P out ipsec esp/tunnel/10.1.1.1-10.1.1.100/require ; > spdadd 10.1.1.100 10.1.1.1 any -P in ipsec esp/tunnel/10.1.1.100-10.1.1.1/require ; > add 10.1.1.1 10.1.1.100 esp 2744 -m tunnel -E blowfish-cbc 0xC0AD6D1F390BBECD431A75A3461C2FD62433DD1D947804CAD75133DABF2F25C4B6F928521AECE611218C007CE917CC986CF36382DB29D11B -A hmac-sha1 0xB4D3FBE932C36E1D09BA4827F78A542D37C936BE ; > add 10.1.1.100 10.1.1.1 esp 3944 -m tunnel -E blowfish-cbc 0xB4E4556530711A5831A8289B4A8DB9334F62A878E6FAAF889A243FEA7BDEEE3058A4E8220289C02A09321BEFE0619AA641006F3C02230B3B -A hmac-sha1 0xAFB28AABC10B4B704A730CB070A719ED93254AB6 ; > > #Script for establish IPSEC at Ric's office: > /sbin/ifconfig lo0 inet 10.1.1.100/24 alias > setkey -FP > setkey -F > > # Tunnel to Sam Office > /sbin/ifconfig gif102 destroy > /sbin/ifconfig gif102 create > /sbin/ifconfig gif102 tunnel 203.33.16.32 60.225.5.1 > /sbin/ifconfig gif102 inet 10.1.1.100 10.1.1.1 netmask 255.255.255.0 > /sbin/route delete 10.1.1.1/24 > /sbin/route delete 172.17.4.0/24 > /sbin/route add 10.1.1.1/24 10.1.1.1 > /sbin/route add 172.17.4.0/24 10.1.1.1 > > setkey -c << EOF > > # Tunnel to Sam office > spdadd 10.1.1.100 10.1.1.1 any -P out ipsec esp/tunnel/10.1.1.100-10.1.1.1/require ; > spdadd 10.1.1.1 10.1.1.100 any -P in ipsec esp/tunnel/10.1.1.1-10.1.1.100/require ; > add 10.1.1.100 10.1.1.1 esp 2744 -m tunnel -E blowfish-cbc 0xC0AD6D1F390BBECD431A75A3461C2FD62433DD1D947804CAD75133DABF2F25C4B6F928521AECE611218C007CE917CC986CF36382DB29D11B -A hmac-sha1 0xB4D3FBE932C36E1D09BA4827F78A542D37C936BE ; > add 10.1.1.1 10.1.1.100 esp 3944 -m tunnel -E blowfish-cbc 0xB4E4556530711A5831A8289B4A8DB9334F62A878E6FAAF889A243FEA7BDEEE3058A4E8220289C02A09321BEFE0619AA641006F3C02230B3B -A hmac-sha1 0xAFB28AABC10B4B704A730CB070A719ED93254AB6 ; > > > EOF > > Firewall rule at Ric's office: > # pfctl -sr > pass in on sis1 inet proto tcp from any to 127.0.0.1 port = 3128 keep state > pass out on tun0 inet proto tcp from any to any port = http keep state > block drop in log all > block drop in log quick on tun0 inet proto udp from any to 255.255.255.255 > block drop in log quick on sis1 inet proto udp from any to 255.255.255.255 > pass in on lo0 all > pass out quick on tun0 all keep state > pass out quick on sis1 all keep state > pass in on sis1 all keep state > pass out on tun0 proto tcp all flags S/SA keep state > pass out on sis1 proto tcp all flags S/SA keep state > pass in on tun0 proto tcp from any to any port = ssh flags S/SA keep state > pass in on tun0 proto tcp from any to any port = http flags S/SA keep state > pass in on tun0 proto udp from any to any port = commplex-main keep state > pass in quick on ath0 all keep state > pass in quick on tun0 inet proto esp from 203.33.16.32 to 60.225.5.1 > pass out quick on tun0 inet proto esp from 60.225.5.1 to 203.33.16.32 > pass in quick proto ipencap all > pass in quick inet from 10.1.1.0/24 to 10.1.100.0/24 > pass in quick inet from 10.1.1.0/24 to 10.1.1.0/24 > pass out quick inet from 10.1.100.0/24 to 10.1.1.0/24 > pass out quick inet from 10.1.100.0/24 to 10.1.100.0/24 > pass in quick on tun0 inet proto udp from 203.33.16.32 to 60.225.5.1 port = isakmp > pass out quick on tun0 inet proto udp from 60.225.5.1 to 203.33.16.32 port = isakmp > pass quick on gif102 all > > Network routing table at Ric's office: > # netstat -rn > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif Expire > default 203.17.101.81 UGS 0 2005455 tun0 > 10.1.1/24 10.1.1.1 UGS 0 0 gif102 > 10.1.1.1 10.1.1.100 UH 972 1015 gif102 > 10.1.1.100 10.1.1.100 UH 0 16 lo0 > 10.1.100/24 link#2 UC 0 0 sis1 > 10.1.100.1 00:0d:b9:03:eb:41 UHLW 1 10 lo0 > 127.0.0.1 127.0.0.1 UH 0 3335 lo0 > 172.17.4/24 10.1.1.1 UGS 0 586 gif102 > 192.168.0 link#2 UC 0 1 sis1 > 192.168.0.198 00:0d:60:ff:b7:1f UHLW 1 1141717 sis1 818 > 192.168.0.200 00:14:22:fd:cc:8f UHLW 1 9945 sis1 > 203.17.10.8 203.33.16.32 UH 1 0 tun0 > > The problem is My (Sam) office can ping 10.1.100.1 at Ric's office, but I still can't ping his other IP 10.1.1.100 (assigned to his loopback lo interfaice). > Ric's office can't ping me (Sam) 10.1.1.1 or 10.1.10.1 at all. Tcpdump shown that the PF firewall blocked the incoming packet from 10.1.1/24, then I make a "pass" rule to let it thru. But Ric still can't ping 10.1.1.1 and 10.1.10.1 > > And I read the following article from PF mailing, it might be the issue in PF. > Can anyone please shed some lights to me? I desperately want to get this working. > > Thanks > S From owner-freebsd-net@FreeBSD.ORG Tue Oct 3 01:36:47 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 22B3D16A403 for ; Tue, 3 Oct 2006 01:36:47 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E01743D46 for ; Tue, 3 Oct 2006 01:36:45 +0000 (GMT) (envelope-from max@love2party.net) Received: from [88.64.177.119] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu4) with ESMTP (Nemesis), id 0ML21M-1GUZD53cEP-0002oc; Tue, 03 Oct 2006 03:36:40 +0200 From: Max Laier Organization: FreeBSD To: freebsd-net@freebsd.org Date: Tue, 3 Oct 2006 03:36:33 +0200 User-Agent: KMail/1.9.4 References: <128414.1159832453736.JavaMail.root@web07ps> In-Reply-To: <128414.1159832453736.JavaMail.root@web07ps> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2550349.OYpFy1Ng1N"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200610030336.38754.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: fwun@bigpond.net.au Subject: Re: IPSEC & PF - Please help X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Oct 2006 01:36:47 -0000 --nextPart2550349.OYpFy1Ng1N Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 03 October 2006 01:40, fwun@bigpond.net.au wrote: > Here is the article I read about patch for PF: > http://www.mail-archive.com/freebsd-pf@freebsd.org/msg01315.html > Where can I find an official release of this patch for freebsd 6.1? > the FreeBSD 6.1-stable I m using is dated in early August. enc(4) was MFCed to RELENG_6 "Mon Jul 24 23:20:58 2006 UTC (2 months, 1=20 week ago." If you move to RELENG_6 or the upcoming BETA build you should=20 get it with no patching. If you need it in 6.1 you'd have to backport it=20 yourself, but this should be more or less the same patch as the MFC. > ---- fwun@bigpond.net.au wrote: > > Hi, > > > > I am having trouble in setting up IPSEC with a remote office. I > > desperately need help to sort out the problem. Here is the > > description of this little network: > > > > My Office (with Cable Internet, sis0 is the public interface): > > sis0: flags=3D8843 mtu 1500 > > options=3D8 > > inet6 fe80::20d:b9ff:fe03:e22c%sis0 prefixlen 64 scopeid 0x1 > > inet 60.225.5.1 netmask 0xfffffc00 broadcast 255.255.255.255 > > ether 00:0d:b9:03:e2:2c > > media: Ethernet autoselect (100baseTX ) > > status: active > > sis1: flags=3D8843 mtu 1500 > > options=3D8 > > inet6 fe80::20d:b9ff:fe03:e22d%sis1 prefixlen 64 scopeid 0x2 > > inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255 > > inet 10.1.10.1 netmask 0xff000000 broadcast 10.255.255.255 > > ether 00:0d:b9:03:e2:2d > > media: Ethernet autoselect (100baseTX ) > > status: active > > lo0: flags=3D8049 mtu 16384 > > inet6 ::1 prefixlen 128 > > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 > > inet 127.0.0.1 netmask 0xff000000 > > inet 10.1.1.1 netmask 0xffffff00 > > pflog0: flags=3D41 mtu 33208 > > pfsync0: flags=3D41 mtu 2020 > > gif102: flags=3D8051 mtu 1280 > > tunnel inet 60.225.5.1 --> 203.33.16.32 > > inet 10.1.1.1 --> 10.1.1.100 netmask 0xffffff00 > > inet6 fe80::20d:b9ff:fe03:e22c%gif102 prefixlen 64 scopeid > > 0x7 > > > > Ric's Office (with ADSL boardband): > > sis0: flags=3D8843 mtu 1500 > > options=3D8 > > inet6 fe80::20d:b9ff:fe03:eb40%sis0 prefixlen 64 scopeid 0x1 > > ether 00:0d:b9:03:eb:40 > > media: Ethernet autoselect (10baseT/UTP) > > status: active > > sis1: flags=3D8843 mtu 1500 > > options=3D8 > > inet6 fe80::20d:b9ff:fe03:eb41%sis1 prefixlen 64 scopeid 0x2 > > inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 > > inet 10.1.100.1 netmask 0xffffff00 broadcast 10.1.100.255 > > ether 00:0d:b9:03:eb:41 > > media: Ethernet autoselect (100baseTX ) > > status: active > > lo0: flags=3D8049 mtu 16384 > > inet6 ::1 prefixlen 128 > > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 > > inet 127.0.0.1 netmask 0xff000000 > > inet 10.1.1.100 netmask 0xffffff00 > > pflog0: flags=3D41 mtu 33208 > > pfsync0: flags=3D41 mtu 2020 > > tun0: flags=3D8051 mtu 1492 > > inet 203.33.16.32 --> 203.17.1.1 netmask 0xffffffff > > Opened by PID 362 > > > > #Script for establish IPSEC at My Office: > > /sbin/ifconfig lo0 inet 10.1.1.1/24 alias > > setkey -FP > > setkey -F > > > > # Tunnel to Ric office > > /sbin/ifconfig gif102 destroy > > /sbin/ifconfig gif102 create > > /sbin/ifconfig gif102 tunnel 60.225.5.1 203.33.16.32 > > /sbin/ifconfig gif102 inet 10.1.1.1 10.1.1.100 netmask 255.255.255.0 > > /sbin/route delete 10.1.100.1/24 > > /sbin/route delete 172.17.100.0/24 > > /sbin/route add 10.1.100.1/24 10.1.1.100 > > /sbin/route add 172.17.100.0/24 10.1.1.100 > > > > setkey -c << EOF > > > > Firewall rule at My (SAm)'s office: > > # pfctl -sr > > pass in on sis1 inet proto tcp from any to 127.0.0.1 port =3D 3128 keep > > state pass out on sis0 inet proto tcp from any to any port =3D http > > keep state block drop in log all > > block drop in log quick on sis0 inet proto udp from any to > > 255.255.255.255 block drop in log quick on sis1 inet proto udp from > > any to 255.255.255.255 pass in on lo0 all > > pass out quick on sis0 all keep state > > pass out quick on sis1 all keep state > > pass in on sis1 all keep state > > pass out on sis0 proto tcp all flags S/SA keep state > > pass out on sis1 proto tcp all flags S/SA keep state > > pass in on sis0 proto tcp from any to any port =3D ssh flags S/SA keep > > state pass in on sis0 proto tcp from any to any port =3D http flags > > S/SA keep state pass in on sis0 proto udp from any to any port =3D > > commplex-main keep state pass in quick on ath0 all keep state > > pass in quick on sis0 inet proto esp from 60.225.5.1 to 203.33.16.32 > > pass out quick on sis0 inet proto esp from 203.33.16.32 to 60.225.5.1 > > pass in quick proto ipencap all > > pass in quick inet from 10.1.100.0/24 to 10.1.1.0/24 > > pass out quick inet from 10.1.1.0/24 to 10.1.100.0/24 > > pass in quick inet from 10.1.1.0/24 to any > > pass in quick on sis0 inet proto udp from 60.225.5.1 to 203.33.16.32 > > port =3D isakmp pass out quick on sis0 inet proto udp from 203.33.16.32 > > to 60.225.5.1 port =3D isakmp pass quick on gif102 all > > > > Nework routing table at My (SAm)'s office: > > # netstat -rn | less > > Routing tables > > > > Internet: > > Destination Gateway Flags Refs Use Netif > > Expire default 60.225.5.111 UGS 0 55131=20 > > sis0 10 link#2 UC 0 1 =20 > > sis1 10.1.1.1 10.1.1.1 UH 0 0 =20 > > lo0 10.1.100/24 10.1.1.100 UGS 0 7 > > gif102 60.225.5/22 link#1 UC 0 0 =20 > > sis0 60.225.5.111 00:0f:35:45:78:70 UHLW 2 0 =20 > > sis0 1200 127.0.0.1 127.0.0.1 UH 0 =20 > > 541 lo0 172.17.4/24 link#3 UC 0 =20 > > 0 ath0 172.17.100/24 10.1.1.100 UGS 0 0 > > gif102 192.168.0 link#2 UC 0 0 =20 > > sis1 > > > > # Tunnel to Ric office > > spdadd 10.1.1.1 10.1.1.100 any -P out ipsec > > esp/tunnel/10.1.1.1-10.1.1.100/require ; spdadd 10.1.1.100 10.1.1.1 > > any -P in ipsec esp/tunnel/10.1.1.100-10.1.1.1/require ; add > > 10.1.1.1 10.1.1.100 esp 2744 -m tunnel -E blowfish-cbc > > 0xC0AD6D1F390BBECD431A75A3461C2FD62433DD1D947804CAD75133DABF2F25C4B6F > >928521AECE611218C007CE917CC986CF36382DB29D11B -A hmac-sha1 > > 0xB4D3FBE932C36E1D09BA4827F78A542D37C936BE ; add 10.1.1.100 10.1.1.1 > > esp 3944 -m tunnel -E blowfish-cbc > > 0xB4E4556530711A5831A8289B4A8DB9334F62A878E6FAAF889A243FEA7BDEEE3058A > >4E8220289C02A09321BEFE0619AA641006F3C02230B3B -A hmac-sha1 > > 0xAFB28AABC10B4B704A730CB070A719ED93254AB6 ; > > > > #Script for establish IPSEC at Ric's office: > > /sbin/ifconfig lo0 inet 10.1.1.100/24 alias > > setkey -FP > > setkey -F > > > > # Tunnel to Sam Office > > /sbin/ifconfig gif102 destroy > > /sbin/ifconfig gif102 create > > /sbin/ifconfig gif102 tunnel 203.33.16.32 60.225.5.1 > > /sbin/ifconfig gif102 inet 10.1.1.100 10.1.1.1 netmask 255.255.255.0 > > /sbin/route delete 10.1.1.1/24 > > /sbin/route delete 172.17.4.0/24 > > /sbin/route add 10.1.1.1/24 10.1.1.1 > > /sbin/route add 172.17.4.0/24 10.1.1.1 > > > > setkey -c << EOF > > > > # Tunnel to Sam office > > spdadd 10.1.1.100 10.1.1.1 any -P out ipsec > > esp/tunnel/10.1.1.100-10.1.1.1/require ; spdadd 10.1.1.1 10.1.1.100 > > any -P in ipsec esp/tunnel/10.1.1.1-10.1.1.100/require ; add > > 10.1.1.100 10.1.1.1 esp 2744 -m tunnel -E blowfish-cbc > > 0xC0AD6D1F390BBECD431A75A3461C2FD62433DD1D947804CAD75133DABF2F25C4B6F > >928521AECE611218C007CE917CC986CF36382DB29D11B -A hmac-sha1 > > 0xB4D3FBE932C36E1D09BA4827F78A542D37C936BE ; add 10.1.1.1 10.1.1.100 > > esp 3944 -m tunnel -E blowfish-cbc > > 0xB4E4556530711A5831A8289B4A8DB9334F62A878E6FAAF889A243FEA7BDEEE3058A > >4E8220289C02A09321BEFE0619AA641006F3C02230B3B -A hmac-sha1 > > 0xAFB28AABC10B4B704A730CB070A719ED93254AB6 ; > > > > > > EOF > > > > Firewall rule at Ric's office: > > # pfctl -sr > > pass in on sis1 inet proto tcp from any to 127.0.0.1 port =3D 3128 keep > > state pass out on tun0 inet proto tcp from any to any port =3D http > > keep state block drop in log all > > block drop in log quick on tun0 inet proto udp from any to > > 255.255.255.255 block drop in log quick on sis1 inet proto udp from > > any to 255.255.255.255 pass in on lo0 all > > pass out quick on tun0 all keep state > > pass out quick on sis1 all keep state > > pass in on sis1 all keep state > > pass out on tun0 proto tcp all flags S/SA keep state > > pass out on sis1 proto tcp all flags S/SA keep state > > pass in on tun0 proto tcp from any to any port =3D ssh flags S/SA keep > > state pass in on tun0 proto tcp from any to any port =3D http flags > > S/SA keep state pass in on tun0 proto udp from any to any port =3D > > commplex-main keep state pass in quick on ath0 all keep state > > pass in quick on tun0 inet proto esp from 203.33.16.32 to 60.225.5.1 > > pass out quick on tun0 inet proto esp from 60.225.5.1 to 203.33.16.32 > > pass in quick proto ipencap all > > pass in quick inet from 10.1.1.0/24 to 10.1.100.0/24 > > pass in quick inet from 10.1.1.0/24 to 10.1.1.0/24 > > pass out quick inet from 10.1.100.0/24 to 10.1.1.0/24 > > pass out quick inet from 10.1.100.0/24 to 10.1.100.0/24 > > pass in quick on tun0 inet proto udp from 203.33.16.32 to 60.225.5.1 > > port =3D isakmp pass out quick on tun0 inet proto udp from 60.225.5.1 > > to 203.33.16.32 port =3D isakmp pass quick on gif102 all > > > > Network routing table at Ric's office: > > # netstat -rn > > Routing tables > > > > Internet: > > Destination Gateway Flags Refs Use Netif > > Expire default 203.17.101.81 UGS 0 2005455 =20 > > tun0 10.1.1/24 10.1.1.1 UGS 0 0 > > gif102 10.1.1.1 10.1.1.100 UH 972 1015 > > gif102 10.1.1.100 10.1.1.100 UH 0 16 =20 > > lo0 10.1.100/24 link#2 UC 0 0 =20 > > sis1 10.1.100.1 00:0d:b9:03:eb:41 UHLW 1 10 =20 > > lo0 127.0.0.1 127.0.0.1 UH 0 3335 =20 > > lo0 172.17.4/24 10.1.1.1 UGS 0 586 > > gif102 192.168.0 link#2 UC 0 1 =20 > > sis1 192.168.0.198 00:0d:60:ff:b7:1f UHLW 1 1141717 =20 > > sis1 818 192.168.0.200 00:14:22:fd:cc:8f UHLW 1 =20 > > 9945 sis1 203.17.10.8 203.33.16.32 UH 1 0=20 > > tun0 > > > > The problem is My (Sam) office can ping 10.1.100.1 at Ric's office, > > but I still can't ping his other IP 10.1.1.100 (assigned to his > > loopback lo interfaice). Ric's office can't ping me (Sam) 10.1.1.1 or > > 10.1.10.1 at all. Tcpdump shown that the PF firewall blocked the > > incoming packet from 10.1.1/24, then I make a "pass" rule to let it > > thru. But Ric still can't ping 10.1.1.1 and 10.1.10.1 > > > > And I read the following article from PF mailing, it might be the > > issue in PF. Can anyone please shed some lights to me? I desperately > > want to get this working. > > > > Thanks > > S > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2550349.OYpFy1Ng1N Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQBFIb6mXyyEoT62BG0RAqzGAJ9OVgbwPR0bgp/KzDRaC3VlUpW8XQCfe1G+ Y/NTvgnQq6Bz5Eeq51Rwiso= =yhOM -----END PGP SIGNATURE----- --nextPart2550349.OYpFy1Ng1N-- From owner-freebsd-net@FreeBSD.ORG Tue Oct 3 04:02:09 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 93FEF16A412 for ; Tue, 3 Oct 2006 04:02:09 +0000 (UTC) (envelope-from fwun@bigpond.net.au) Received: from imta04sl.mx.bigpond.com (imta04sl.mx.bigpond.com [144.140.93.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC61943D45 for ; Tue, 3 Oct 2006 04:02:08 +0000 (GMT) (envelope-from fwun@bigpond.net.au) Received: from web02sl ([144.140.91.179]) by imta04sl.mx.bigpond.com with ESMTP id <20061003040206.HIVD12804.imta04sl.mx.bigpond.com@web02sl>; Tue, 3 Oct 2006 04:02:06 +0000 Received: Message-ID: <23891818.1159848126465.JavaMail.root@web02sl> Date: Tue, 3 Oct 2006 14:02:06 +1000 From: To: Max Laier Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) Sensitivity: Normal Cc: freebsd-net@freebsd.org Subject: Re: IPSEC & PF - Please help X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Oct 2006 04:02:09 -0000 ---- Max Laier wrote: > On Tuesday 03 October 2006 01:40, fwun@bigpond.net.au wrote: > > Here is the article I read about patch for PF: > > http://www.mail-archive.com/freebsd-pf@freebsd.org/msg01315.html > > Where can I find an official release of this patch for freebsd 6.1? > > the FreeBSD 6.1-stable I m using is dated in early August. > > enc(4) was MFCed to RELENG_6 "Mon Jul 24 23:20:58 2006 UTC (2 months, 1 > week ago." If you move to RELENG_6 or the upcoming BETA build you should > get it with no patching. If you need it in 6.1 you'd have to backport it > yourself, but this should be more or less the same patch as the MFC. > Hi, I found recent 6.1 stable source has some foot-prints of enc or if_enc . I m not sure if enc paches had actually in recent 6.1-stable srource. If not, where can I get the enc patch from? Thanks S > > ---- fwun@bigpond.net.au wrote: > > > Hi, > > > > > > I am having trouble in setting up IPSEC with a remote office. I > > > desperately need help to sort out the problem. Here is the > > > description of this little network: > > > > > > My Office (with Cable Internet, sis0 is the public interface): > > > sis0: flags=8843 mtu 1500 > > > options=8 > > > inet6 fe80::20d:b9ff:fe03:e22c%sis0 prefixlen 64 scopeid 0x1 > > > inet 60.225.5.1 netmask 0xfffffc00 broadcast 255.255.255.255 > > > ether 00:0d:b9:03:e2:2c > > > media: Ethernet autoselect (100baseTX ) > > > status: active > > > sis1: flags=8843 mtu 1500 > > > options=8 > > > inet6 fe80::20d:b9ff:fe03:e22d%sis1 prefixlen 64 scopeid 0x2 > > > inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255 > > > inet 10.1.10.1 netmask 0xff000000 broadcast 10.255.255.255 > > > ether 00:0d:b9:03:e2:2d > > > media: Ethernet autoselect (100baseTX ) > > > status: active > > > lo0: flags=8049 mtu 16384 > > > inet6 ::1 prefixlen 128 > > > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 > > > inet 127.0.0.1 netmask 0xff000000 > > > inet 10.1.1.1 netmask 0xffffff00 > > > pflog0: flags=41 mtu 33208 > > > pfsync0: flags=41 mtu 2020 > > > gif102: flags=8051 mtu 1280 > > > tunnel inet 60.225.5.1 --> 203.33.16.32 > > > inet 10.1.1.1 --> 10.1.1.100 netmask 0xffffff00 > > > inet6 fe80::20d:b9ff:fe03:e22c%gif102 prefixlen 64 scopeid > > > 0x7 > > > > > > Ric's Office (with ADSL boardband): > > > sis0: flags=8843 mtu 1500 > > > options=8 > > > inet6 fe80::20d:b9ff:fe03:eb40%sis0 prefixlen 64 scopeid 0x1 > > > ether 00:0d:b9:03:eb:40 > > > media: Ethernet autoselect (10baseT/UTP) > > > status: active > > > sis1: flags=8843 mtu 1500 > > > options=8 > > > inet6 fe80::20d:b9ff:fe03:eb41%sis1 prefixlen 64 scopeid 0x2 > > > inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 > > > inet 10.1.100.1 netmask 0xffffff00 broadcast 10.1.100.255 > > > ether 00:0d:b9:03:eb:41 > > > media: Ethernet autoselect (100baseTX ) > > > status: active > > > lo0: flags=8049 mtu 16384 > > > inet6 ::1 prefixlen 128 > > > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 > > > inet 127.0.0.1 netmask 0xff000000 > > > inet 10.1.1.100 netmask 0xffffff00 > > > pflog0: flags=41 mtu 33208 > > > pfsync0: flags=41 mtu 2020 > > > tun0: flags=8051 mtu 1492 > > > inet 203.33.16.32 --> 203.17.1.1 netmask 0xffffffff > > > Opened by PID 362 > > > > > > #Script for establish IPSEC at My Office: > > > /sbin/ifconfig lo0 inet 10.1.1.1/24 alias > > > setkey -FP > > > setkey -F > > > > > > # Tunnel to Ric office > > > /sbin/ifconfig gif102 destroy > > > /sbin/ifconfig gif102 create > > > /sbin/ifconfig gif102 tunnel 60.225.5.1 203.33.16.32 > > > /sbin/ifconfig gif102 inet 10.1.1.1 10.1.1.100 netmask 255.255.255.0 > > > /sbin/route delete 10.1.100.1/24 > > > /sbin/route delete 172.17.100.0/24 > > > /sbin/route add 10.1.100.1/24 10.1.1.100 > > > /sbin/route add 172.17.100.0/24 10.1.1.100 > > > > > > setkey -c << EOF > > > > > > Firewall rule at My (SAm)'s office: > > > # pfctl -sr > > > pass in on sis1 inet proto tcp from any to 127.0.0.1 port = 3128 keep > > > state pass out on sis0 inet proto tcp from any to any port = http > > > keep state block drop in log all > > > block drop in log quick on sis0 inet proto udp from any to > > > 255.255.255.255 block drop in log quick on sis1 inet proto udp from > > > any to 255.255.255.255 pass in on lo0 all > > > pass out quick on sis0 all keep state > > > pass out quick on sis1 all keep state > > > pass in on sis1 all keep state > > > pass out on sis0 proto tcp all flags S/SA keep state > > > pass out on sis1 proto tcp all flags S/SA keep state > > > pass in on sis0 proto tcp from any to any port = ssh flags S/SA keep > > > state pass in on sis0 proto tcp from any to any port = http flags > > > S/SA keep state pass in on sis0 proto udp from any to any port = > > > commplex-main keep state pass in quick on ath0 all keep state > > > pass in quick on sis0 inet proto esp from 60.225.5.1 to 203.33.16.32 > > > pass out quick on sis0 inet proto esp from 203.33.16.32 to 60.225.5.1 > > > pass in quick proto ipencap all > > > pass in quick inet from 10.1.100.0/24 to 10.1.1.0/24 > > > pass out quick inet from 10.1.1.0/24 to 10.1.100.0/24 > > > pass in quick inet from 10.1.1.0/24 to any > > > pass in quick on sis0 inet proto udp from 60.225.5.1 to 203.33.16.32 > > > port = isakmp pass out quick on sis0 inet proto udp from 203.33.16.32 > > > to 60.225.5.1 port = isakmp pass quick on gif102 all > > > > > > Nework routing table at My (SAm)'s office: > > > # netstat -rn | less > > > Routing tables > > > > > > Internet: > > > Destination Gateway Flags Refs Use Netif > > > Expire default 60.225.5.111 UGS 0 55131 > > > sis0 10 link#2 UC 0 1 > > > sis1 10.1.1.1 10.1.1.1 UH 0 0 > > > lo0 10.1.100/24 10.1.1.100 UGS 0 7 > > > gif102 60.225.5/22 link#1 UC 0 0 > > > sis0 60.225.5.111 00:0f:35:45:78:70 UHLW 2 0 > > > sis0 1200 127.0.0.1 127.0.0.1 UH 0 > > > 541 lo0 172.17.4/24 link#3 UC 0 > > > 0 ath0 172.17.100/24 10.1.1.100 UGS 0 0 > > > gif102 192.168.0 link#2 UC 0 0 > > > sis1 > > > > > > # Tunnel to Ric office > > > spdadd 10.1.1.1 10.1.1.100 any -P out ipsec > > > esp/tunnel/10.1.1.1-10.1.1.100/require ; spdadd 10.1.1.100 10.1.1.1 > > > any -P in ipsec esp/tunnel/10.1.1.100-10.1.1.1/require ; add > > > 10.1.1.1 10.1.1.100 esp 2744 -m tunnel -E blowfish-cbc > > > 0xC0AD6D1F390BBECD431A75A3461C2FD62433DD1D947804CAD75133DABF2F25C4B6F > > >928521AECE611218C007CE917CC986CF36382DB29D11B -A hmac-sha1 > > > 0xB4D3FBE932C36E1D09BA4827F78A542D37C936BE ; add 10.1.1.100 10.1.1.1 > > > esp 3944 -m tunnel -E blowfish-cbc > > > 0xB4E4556530711A5831A8289B4A8DB9334F62A878E6FAAF889A243FEA7BDEEE3058A > > >4E8220289C02A09321BEFE0619AA641006F3C02230B3B -A hmac-sha1 > > > 0xAFB28AABC10B4B704A730CB070A719ED93254AB6 ; > > > > > > #Script for establish IPSEC at Ric's office: > > > /sbin/ifconfig lo0 inet 10.1.1.100/24 alias > > > setkey -FP > > > setkey -F > > > > > > # Tunnel to Sam Office > > > /sbin/ifconfig gif102 destroy > > > /sbin/ifconfig gif102 create > > > /sbin/ifconfig gif102 tunnel 203.33.16.32 60.225.5.1 > > > /sbin/ifconfig gif102 inet 10.1.1.100 10.1.1.1 netmask 255.255.255.0 > > > /sbin/route delete 10.1.1.1/24 > > > /sbin/route delete 172.17.4.0/24 > > > /sbin/route add 10.1.1.1/24 10.1.1.1 > > > /sbin/route add 172.17.4.0/24 10.1.1.1 > > > > > > setkey -c << EOF > > > > > > # Tunnel to Sam office > > > spdadd 10.1.1.100 10.1.1.1 any -P out ipsec > > > esp/tunnel/10.1.1.100-10.1.1.1/require ; spdadd 10.1.1.1 10.1.1.100 > > > any -P in ipsec esp/tunnel/10.1.1.1-10.1.1.100/require ; add > > > 10.1.1.100 10.1.1.1 esp 2744 -m tunnel -E blowfish-cbc > > > 0xC0AD6D1F390BBECD431A75A3461C2FD62433DD1D947804CAD75133DABF2F25C4B6F > > >928521AECE611218C007CE917CC986CF36382DB29D11B -A hmac-sha1 > > > 0xB4D3FBE932C36E1D09BA4827F78A542D37C936BE ; add 10.1.1.1 10.1.1.100 > > > esp 3944 -m tunnel -E blowfish-cbc > > > 0xB4E4556530711A5831A8289B4A8DB9334F62A878E6FAAF889A243FEA7BDEEE3058A > > >4E8220289C02A09321BEFE0619AA641006F3C02230B3B -A hmac-sha1 > > > 0xAFB28AABC10B4B704A730CB070A719ED93254AB6 ; > > > > > > > > > EOF > > > > > > Firewall rule at Ric's office: > > > # pfctl -sr > > > pass in on sis1 inet proto tcp from any to 127.0.0.1 port = 3128 keep > > > state pass out on tun0 inet proto tcp from any to any port = http > > > keep state block drop in log all > > > block drop in log quick on tun0 inet proto udp from any to > > > 255.255.255.255 block drop in log quick on sis1 inet proto udp from > > > any to 255.255.255.255 pass in on lo0 all > > > pass out quick on tun0 all keep state > > > pass out quick on sis1 all keep state > > > pass in on sis1 all keep state > > > pass out on tun0 proto tcp all flags S/SA keep state > > > pass out on sis1 proto tcp all flags S/SA keep state > > > pass in on tun0 proto tcp from any to any port = ssh flags S/SA keep > > > state pass in on tun0 proto tcp from any to any port = http flags > > > S/SA keep state pass in on tun0 proto udp from any to any port = > > > commplex-main keep state pass in quick on ath0 all keep state > > > pass in quick on tun0 inet proto esp from 203.33.16.32 to 60.225.5.1 > > > pass out quick on tun0 inet proto esp from 60.225.5.1 to 203.33.16.32 > > > pass in quick proto ipencap all > > > pass in quick inet from 10.1.1.0/24 to 10.1.100.0/24 > > > pass in quick inet from 10.1.1.0/24 to 10.1.1.0/24 > > > pass out quick inet from 10.1.100.0/24 to 10.1.1.0/24 > > > pass out quick inet from 10.1.100.0/24 to 10.1.100.0/24 > > > pass in quick on tun0 inet proto udp from 203.33.16.32 to 60.225.5.1 > > > port = isakmp pass out quick on tun0 inet proto udp from 60.225.5.1 > > > to 203.33.16.32 port = isakmp pass quick on gif102 all > > > > > > Network routing table at Ric's office: > > > # netstat -rn > > > Routing tables > > > > > > Internet: > > > Destination Gateway Flags Refs Use Netif > > > Expire default 203.17.101.81 UGS 0 2005455 > > > tun0 10.1.1/24 10.1.1.1 UGS 0 0 > > > gif102 10.1.1.1 10.1.1.100 UH 972 1015 > > > gif102 10.1.1.100 10.1.1.100 UH 0 16 > > > lo0 10.1.100/24 link#2 UC 0 0 > > > sis1 10.1.100.1 00:0d:b9:03:eb:41 UHLW 1 10 > > > lo0 127.0.0.1 127.0.0.1 UH 0 3335 > > > lo0 172.17.4/24 10.1.1.1 UGS 0 586 > > > gif102 192.168.0 link#2 UC 0 1 > > > sis1 192.168.0.198 00:0d:60:ff:b7:1f UHLW 1 1141717 > > > sis1 818 192.168.0.200 00:14:22:fd:cc:8f UHLW 1 > > > 9945 sis1 203.17.10.8 203.33.16.32 UH 1 0 > > > tun0 > > > > > > The problem is My (Sam) office can ping 10.1.100.1 at Ric's office, > > > but I still can't ping his other IP 10.1.1.100 (assigned to his > > > loopback lo interfaice). Ric's office can't ping me (Sam) 10.1.1.1 or > > > 10.1.10.1 at all. Tcpdump shown that the PF firewall blocked the > > > incoming packet from 10.1.1/24, then I make a "pass" rule to let it > > > thru. But Ric still can't ping 10.1.1.1 and 10.1.10.1 > > > > > > And I read the following article from PF mailing, it might be the > > > issue in PF. Can anyone please shed some lights to me? I desperately > > > want to get this working. > > > > > > Thanks > > > S > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > -- > /"\ Best regards, | mlaier@freebsd.org > \ / Max Laier | ICQ #67774661 > X http://pf4freebsd.love2party.net/ | mlaier@EFnet > / \ ASCII Ribbon Campaign | Against HTML Mail and News From owner-freebsd-net@FreeBSD.ORG Tue Oct 3 04:40:21 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F38BD16A40F for ; Tue, 3 Oct 2006 04:40:20 +0000 (UTC) (envelope-from sullrich@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.168]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5959D43D45 for ; Tue, 3 Oct 2006 04:40:19 +0000 (GMT) (envelope-from sullrich@gmail.com) Received: by ug-out-1314.google.com with SMTP id m2so542360uge for ; Mon, 02 Oct 2006 21:40:19 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=XJUJWgUABnO144aLftJ9ZUKGyXCJfWg4YP+Ajlw4IkjByi3pZMEOL6JOdLcWew5tCAQHp2FdAEc1REEfyPyWCCnYQCAjgnL8ddaEV6nkchgVa5bukRT4BAutiEg7pp1lkgMnZ7GkwT0KJXs/LSD7RHrt/Dpdf32+iS4tnVuMZNE= Received: by 10.67.101.10 with SMTP id d10mr5871577ugm; Mon, 02 Oct 2006 21:40:19 -0700 (PDT) Received: by 10.67.28.14 with HTTP; Mon, 2 Oct 2006 21:40:18 -0700 (PDT) Message-ID: Date: Tue, 3 Oct 2006 00:40:18 -0400 From: "Scott Ullrich" To: "fwun@bigpond.net.au" In-Reply-To: <23891818.1159848126465.JavaMail.root@web02sl> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <23891818.1159848126465.JavaMail.root@web02sl> Cc: Max Laier , freebsd-net@freebsd.org Subject: Re: IPSEC & PF - Please help X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Oct 2006 04:40:21 -0000 On 10/3/06, fwun@bigpond.net.au wrote: > > ---- Max Laier wrote: > > On Tuesday 03 October 2006 01:40, fwun@bigpond.net.au wrote: > > > Here is the article I read about patch for PF: > > > http://www.mail-archive.com/freebsd-pf@freebsd.org/msg01315.html > > > Where can I find an official release of this patch for freebsd 6.1? > > > the FreeBSD 6.1-stable I m using is dated in early August. > > > > enc(4) was MFCed to RELENG_6 "Mon Jul 24 23:20:58 2006 UTC (2 months, 1 > > week ago." If you move to RELENG_6 or the upcoming BETA build you should > > get it with no patching. If you need it in 6.1 you'd have to backport it > > yourself, but this should be more or less the same patch as the MFC. > > > Hi, I found recent 6.1 stable source has some foot-prints of enc or if_enc . I m not sure if enc paches had actually in recent 6.1-stable srource. If not, where can I get the enc patch from? Andrew Thompson has maintained a bridge patch for RELENG_6_1 that we use in pfSense for quite some time. http://cvs.pfsense.com/cgi-bin/cvsweb.cgi/tools/patches/RELENG_6_1/if_enc.diff?rev=1.1;content-type=text%2Fplain Hope this helps. Scott From owner-freebsd-net@FreeBSD.ORG Tue Oct 3 10:41:24 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E54616A403 for ; Tue, 3 Oct 2006 10:41:24 +0000 (UTC) (envelope-from dunc@lemonia.org) Received: from male.aldigital.co.uk (male.thebunker.net [213.129.64.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4088643D46 for ; Tue, 3 Oct 2006 10:41:24 +0000 (GMT) (envelope-from dunc@lemonia.org) Received: from [172.16.3.10] (gateway.ash.thebunker.net [213.129.64.4]) by male.aldigital.co.uk (Postfix) with ESMTP id 6906D978C1 for ; Tue, 3 Oct 2006 11:41:23 +0100 (BST) Message-ID: <45223E43.6060906@lemonia.org> Date: Tue, 03 Oct 2006 11:41:07 +0100 From: Dunc User-Agent: Thunderbird 1.5.0.5 (X11/20060818) MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Layer2 VPN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Oct 2006 10:41:24 -0000 Hi folks, I've been trying to create a layer2 VPN using FreeBSD boxes as the gateways. The 2 methods I thought of are:- a) Create a tunnel between the 2 gateways using gif interfaces, and bridge the gifs onto a real NIC. b) Using openvpn in bridging mode, and bridge the tap device onto a real NIC. Both methods seem to work fine, unless I try and put 802.1Q traffic down the VPN, in which case neither method works. Is there some fundamental reason as to why this would not work, or am I just flailing?? (I'm pretty sure everything is configured right, my tagged traffic is fine without the VPN in the equation, and also the VPN is fine with no tagged traffic) If this is just not going to work, and I should stop now, does anybody have any suggestions as to how I might achieve this in FreeBSD? Regards, Dunc From owner-freebsd-net@FreeBSD.ORG Tue Oct 3 13:28:04 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A3C116A412 for ; Tue, 3 Oct 2006 13:28:04 +0000 (UTC) (envelope-from freebsd-net@goldenpath.org) Received: from mail.sbsnet.com (mail.sbsnet.com [63.147.233.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3290443D5C for ; Tue, 3 Oct 2006 13:28:00 +0000 (GMT) (envelope-from freebsd-net@goldenpath.org) Received: from [10.0.0.59] [68.236.191.215] by mail.sbsnet.com with ESMTP (SMTPD-8.22) id A4E807D8; Tue, 03 Oct 2006 09:26:00 -0400 Message-ID: <4522655B.90507@goldenpath.org> Date: Tue, 03 Oct 2006 09:27:55 -0400 From: Tim Allender User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <4520695C.9060302@goldenpath.org> <20061002125254.GC25883@codelabs.ru> In-Reply-To: <20061002125254.GC25883@codelabs.ru> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: D-Link DGE-530T X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Oct 2006 13:28:04 -0000 Eygene Ryabinkin wrote: >> Come's with fbsd 5.3 drivers, but not 6.1. >> Is there an easy way out? >> > Use sk(4) driver. It supports DGE-530T: > Is that driver not built into the kernel? If not and all I need to do is rebuild the kernel, ok, I can do that. But if it's already in the kernel and the OS isn't using that driver for that model NIC already, how would I make it do so? > ----- > skc0: port 0xd800-0xd8ff mem 0xdfffc000-0xdfffffff irq 10 at device 7.0 on pci0 > skc0: DGE-530T Gigabit Ethernet Adapter rev. (0x1) > sk0: on skc0 > sk0: Ethernet address: 00:0d:88:64:ad:72 > > $ uname -r > 6.2-PRERELEASE > ----- > I had no problems with this card with sk(4) driver since 5.3. (Apart > from bridge + checksum offloading problem that does not affect non-bridged > configurations and can be cured by disabling hardware-assisted checksums). > From owner-freebsd-net@FreeBSD.ORG Tue Oct 3 13:44:32 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E85AB16A4B3 for ; Tue, 3 Oct 2006 13:44:32 +0000 (UTC) (envelope-from rea@codelabs.ru) Received: from pobox.codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9E4F843D76 for ; Tue, 3 Oct 2006 13:44:26 +0000 (GMT) (envelope-from rea@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Message-ID:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender:X-Spam-Status:Subject; b=gQDi5RA68GYYdPrJegZmgsCKLkJ/6g5IZVL5DugXILlOmoSfUI2Qc6BT4YuVg7xSckeD7ooDOuow3nlpF18RFIIJ4quQklO04XEY3vf2rWisfn6e063y8S4e3gDv6c2r3w+wx4jAPTs3JAcAgpv3n+PCJhrNNIK+jdsNCAd2qlw=; Received: from codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by pobox.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1GUkZH-000Kfz-Q0 (envelope-from ); Tue, 03 Oct 2006 17:44:20 +0400 Date: Tue, 3 Oct 2006 17:44:15 +0400 From: Eygene Ryabinkin To: Tim Allender Message-ID: <20061003134415.GP1491@codelabs.ru> References: <4520695C.9060302@goldenpath.org> <20061002125254.GC25883@codelabs.ru> <4522655B.90507@goldenpath.org> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <4522655B.90507@goldenpath.org> Sender: rea@codelabs.ru X-Spam-Status: No, score=-1.8 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_50 Cc: freebsd-net@freebsd.org Subject: Re: D-Link DGE-530T X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Oct 2006 13:44:33 -0000 Tim, good day! > >Use sk(4) driver. It supports DGE-530T: > > > Is that driver not built into the kernel? If not and all I need to do is > rebuild the kernel, ok, I can do that. It depends on what kernel you're using. If you are at GENERIC kernel (the default kernel at the freshly installed system) then it should be there. Check the contents of file /sys/i386/conf/`uname -i` for the string ----- device sk ----- > But if it's already in the kernel and the OS isn't using that driver for that > model NIC already, how would I make it do so? If the above fails (device sk is in the kernel but it does not see the NIC) please, give the output of the following commands: ----- uname -i uname -r pciconf -lv dmesg ----- -- Eygene From owner-freebsd-net@FreeBSD.ORG Tue Oct 3 14:59:52 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E8BB816A415 for ; Tue, 3 Oct 2006 14:59:52 +0000 (UTC) (envelope-from freebsd-net@goldenpath.org) Received: from mail.sbsnet.com (mail.sbsnet.com [63.147.233.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E46343D53 for ; Tue, 3 Oct 2006 14:59:52 +0000 (GMT) (envelope-from freebsd-net@goldenpath.org) Received: from [10.0.0.59] [68.236.191.215] by mail.sbsnet.com with ESMTP (SMTPD-8.22) id AA60031C; Tue, 03 Oct 2006 10:57:36 -0400 Message-ID: <45227AD4.8060506@goldenpath.org> Date: Tue, 03 Oct 2006 10:59:32 -0400 From: Tim Allender User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <4520695C.9060302@goldenpath.org> <20061002125254.GC25883@codelabs.ru> <4522655B.90507@goldenpath.org> <20061003134415.GP1491@codelabs.ru> In-Reply-To: <20061003134415.GP1491@codelabs.ru> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: D-Link DGE-530T X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Oct 2006 14:59:53 -0000 Eygene Ryabinkin wrote: > Tim, good day! > >>> Use sk(4) driver. It supports DGE-530T: >>> >>> >> Is that driver not built into the kernel? If not and all I need to do is >> rebuild the kernel, ok, I can do that. >> > It depends on what kernel you're using. If you are at GENERIC kernel > (the default kernel at the freshly installed system) then it should be > there. Check the contents of file /sys/i386/conf/`uname -i` for the string > ----- > device sk > ----- > > Yes, It's there. >> But if it's already in the kernel and the OS isn't using that driver for that >> model NIC already, how would I make it do so? >> > If the above fails (device sk is in the kernel but it does not see the NIC) > please, give the output of the following commands: > ----- > uname -i > uname -r > pciconf -lv > dmesg > ----- > I'm eyeing these lines from dmesg suspiciously: pci0: at device 8.0 (no driver attached) pci0: at device 9.0 (no driver attached) Also, to clarify. This is a fresh test box. I bought a few of these NICs for various purposes, all of which involve refurbing some old boxes for which I've had problems with ALTQ on their old NICs. Some NICs are just faulty and need to be replaced. The first place I tried to use it was a pfSense box I'd like to do traffic shaping on. NIC didn't pick up. So, I tosse up fbsd on the (same) box. Didn't pick up there either. Maybe I missed some hardware clash? I'll try it on another box today as well. I'm posting the entire results you requested below. # uname -i GENERIC # uname -r 6.1-RELEASE # pciconf -lv agp0@pci0:0:0: class=0x060000 card=0x00000000 chip=0x31281106 rev=0x01 hdr=0x00 vendor = 'VIA Technologies Inc' device = 'VT8753 Apollo P4X266 System Controller' class = bridge subclass = HOST-PCI pcib1@pci0:1:0: class=0x060400 card=0x00000080 chip=0xb0911106 rev=0x00 hdr=0x01 vendor = 'VIA Technologies Inc' device = 'VT8633 Apollo Pro 266 CPU to AGP Controller' class = bridge subclass = PCI-PCI none0@pci0:8:0: class=0x030000 card=0x00000000 chip=0x011010de rev=0xb2 hdr=0x00 vendor = 'NVIDIA Corporation' device = 'NV11 GeForce2 MX / MX 400' class = display subclass = VGA none1@pci0:9:0: class=0x020000 card=0x4b011186 chip=0x4b011186 rev=0x11 hdr=0x00 vendor = 'D-Link System Inc' class = network subclass = ethernet rl0@pci0:11:0: class=0x020000 card=0x434e4554 chip=0x813910ec rev=0x10 hdr=0x00 vendor = 'Realtek Semiconductor' device = 'RT8139 (A/B/C/810x/813x/C+) Fast Ethernet Adapter' class = network subclass = ethernet isab0@pci0:17:0: class=0x060100 card=0x30741106 chip=0x30741106 rev=0x00 hdr=0x00 vendor = 'VIA Technologies Inc' device = 'VT8233 PCI to ISA Bridge' class = bridge subclass = PCI-ISA atapci0@pci0:17:1: class=0x01018a card=0x05711106 chip=0x05711106 rev=0x06 hdr=0x00 vendor = 'VIA Technologies Inc' device = 'VT82xxxx EIDE Controller (All VIA Chipsets)' class = mass storage subclass = ATA uhci0@pci0:17:2: class=0x0c0300 card=0x12340925 chip=0x30381106 rev=0x1b hdr=0x00 vendor = 'VIA Technologies Inc' device = 'VT82xxxxx UHCI USB 1.1 Controller (All VIA Chipsets)' class = serial bus subclass = USB uhci1@pci0:17:3: class=0x0c0300 card=0x12340925 chip=0x30381106 rev=0x1b hdr=0x00 vendor = 'VIA Technologies Inc' device = 'VT82xxxxx UHCI USB 1.1 Controller (All VIA Chipsets)' class = serial bus subclass = USB uhci2@pci0:17:4: class=0x0c0300 card=0x12340925 chip=0x30381106 rev=0x1b hdr=0x00 vendor = 'VIA Technologies Inc' device = 'VT82xxxxx UHCI USB 1.1 Controller (All VIA Chipsets)' class = serial bus subclass = USB none2@pci0:17:5: class=0x040100 card=0x45111106 chip=0x30591106 rev=0x30 hdr=0x00 vendor = 'VIA Technologies Inc' device = 'VT8233/33A/8235/8237 AC97 Enhanced Audio Controller' class = multimedia subclass = audio vr0@pci0:18:0: class=0x020000 card=0x01021106 chip=0x30651106 rev=0x70 hdr=0x00 vendor = 'VIA Technologies Inc' device = 'VT6102 Rhine II PCI Fast Ethernet Controller' class = network subclass = ethernet # dmesg Copyright (c) 1992-2006 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.1-RELEASE #0: Sun May 7 04:32:43 UTC 2006 root@opus.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Pentium(R) 4 CPU 1700MHz (1700.07-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0xf0a Stepping = 10 Features=0x3febf9ff real memory = 536805376 (511 MB) avail memory = 515932160 (492 MB) kbd1 at kbdmux0 acpi0: on motherboard acpi0: Power Button (fixed) Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0 cpu0: on acpi0 acpi_throttle0: on cpu0 acpi_button0: on acpi0 pcib0: port 0xcf8-0xcff on acpi0 pci0: on pcib0 agp0: mem 0xe0000000-0xe3ffffff at device 0.0 on pci0 pcib1: at device 1.0 on pci0 pci1: on pcib1 pci0: at device 8.0 (no driver attached) pci0: at device 9.0 (no driver attached) rl0: port 0xd800-0xd8ff mem 0xdefebf00-0xdefebfff irq 12 at device 11.0 on pci0 miibus0: on rl0 rlphy0: on miibus0 rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto rl0: Ethernet address: 00:08:a1:1a:a3:f6 isab0: at device 17.0 on pci0 isa0: on isab0 atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xfc00-0xfc0f at device 17.1 on pci0 ata0: on atapci0 ata1: on atapci0 uhci0: port 0xc800-0xc81f irq 12 at device 17.2 on pci0 uhci0: [GIANT-LOCKED] usb0: on uhci0 usb0: USB revision 1.0 uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1: port 0xcc00-0xcc1f irq 12 at device 17.3 on pci0 uhci1: [GIANT-LOCKED] usb1: on uhci1 usb1: USB revision 1.0 uhub1: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2: port 0xd000-0xd01f irq 12 at device 17.4 on pci0 uhci2: [GIANT-LOCKED] usb2: on uhci2 usb2: USB revision 1.0 uhub2: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered pci0: at device 17.5 (no driver attached) vr0: port 0xc400-0xc4ff mem 0xdefebe00-0xdefebeff irq 5 at device 18.0 on pci0 miibus1: on vr0 ukphy0: on miibus1 ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto vr0: Ethernet address: 00:07:95:1d:2b:73 acpi_button1: on acpi0 fdc0: port 0x3f2-0x3f3,0x3f4-0x3f5,0x3f7 irq 6 drq 2 on acpi0 fdc0: [FAST] fd0: <1440-KB 3.5" drive> on fdc0 drive 0 sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 sio0: type 16550A sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0 sio1: type 16550A ppc0: port 0x378-0x37f irq 7 on acpi0 ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode ppbus0: on ppc0 plip0: on ppbus0 lpt0: on ppbus0 lpt0: Interrupt-driven port ppi0: on ppbus0 pmtimer0 on isa0 orm0: at iomem 0xcd000-0xd0fff on isa0 atkbdc0: at port 0x60,0x64 on isa0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 ums0: vendor 0x0461 USB Optical Mouse, rev 2.00/2.00, addr 2, iclass 3/1 ums0: 3 buttons and Z dir. Timecounter "TSC" frequency 1700069540 Hz quality 800 Timecounters tick every 1.000 msec ad0: 19092MB at ata0-master UDMA100 acd0: DVDROM at ata1-master UDMA33 Trying to mount root from ufs:/dev/ad0s1a ukbd0: Dell Dell USB Keyboard, rev 1.10/3.01, addr 3, iclass 3/1 kbd2 at ukbd0 From owner-freebsd-net@FreeBSD.ORG Tue Oct 3 15:20:44 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 971D716A47B for ; Tue, 3 Oct 2006 15:20:44 +0000 (UTC) (envelope-from rea@codelabs.ru) Received: from pobox.codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by mx1.FreeBSD.org (Postfix) with ESMTP id A581043D49 for ; Tue, 3 Oct 2006 15:20:43 +0000 (GMT) (envelope-from rea@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Message-ID:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender:X-Spam-Status:Subject; b=cgNiZX3w9xU9cZNL+g9Xhz1vvJeg/padUOtJxVFYUNsYYsMiJ9LvYLEZaHTKrZDIHTlhAFYBTDGhEAquJnb8WPqm1RjqsQJ+DmbWtJmtSEh2gGsKCPTO57K/CBCKrnRGERei+i3Zj0DgT7d61uKiM/NfhO0fUseMU15tF25lwt0=; Received: from codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by pobox.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1GUm4X-000Lgk-Tc (envelope-from ); Tue, 03 Oct 2006 19:20:42 +0400 Date: Tue, 3 Oct 2006 19:20:35 +0400 From: Eygene Ryabinkin To: Tim Allender Message-ID: <20061003152034.GQ1491@codelabs.ru> References: <4520695C.9060302@goldenpath.org> <20061002125254.GC25883@codelabs.ru> <4522655B.90507@goldenpath.org> <20061003134415.GP1491@codelabs.ru> <45227AD4.8060506@goldenpath.org> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <45227AD4.8060506@goldenpath.org> Sender: rea@codelabs.ru X-Spam-Status: No, score=-2.2 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_20 Cc: freebsd-net@freebsd.org Subject: Re: D-Link DGE-530T X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Oct 2006 15:20:44 -0000 > I'm eyeing these lines from dmesg suspiciously: > pci0: at device 8.0 (no driver attached) > pci0: at device 9.0 (no driver attached) The last one is your NIC. > I'm posting the entire results you requested below. <...cleared all but relevant lines...> > # uname -r > 6.1-RELEASE > > # pciconf -lv > none1@pci0:9:0: class=0x020000 card=0x4b011186 chip=0x4b011186 rev=0x11 > hdr=0x00 > vendor = 'D-Link System Inc' > class = network > subclass = ethernet This is the so-called revision-B1 chip, it is newer than the A1 that is included to the 6.1-RELEASE. So you have two routes: 1) upgrade to the RELENG-6 (currently it is 6.2-PRERELEASE), or 2) apply the patch given in the PR99903, http://www.freebsd.org/cgi/query-pr.cgi?pr=99903 The latter patch is very simple, so probably it is the simplest thing to do: it just adds the new PCI-ID for the chip, chip description and 4 extra lines of code. Do you need directions how to apply the patch or how to upgrade to RELENG-6? -- Eygene From owner-freebsd-net@FreeBSD.ORG Tue Oct 3 16:12:03 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DBF1F16A61D for ; Tue, 3 Oct 2006 16:12:03 +0000 (UTC) (envelope-from freebsd-net@goldenpath.org) Received: from mail.sbsnet.com (mail.sbsnet.com [63.147.233.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1595443D55 for ; Tue, 3 Oct 2006 16:12:01 +0000 (GMT) (envelope-from freebsd-net@goldenpath.org) Received: from [10.0.0.59] [68.236.191.215] by mail.sbsnet.com with ESMTP (SMTPD-8.22) id AB4202BC; Tue, 03 Oct 2006 12:09:38 -0400 Message-ID: <45228BB6.9020406@goldenpath.org> Date: Tue, 03 Oct 2006 12:11:34 -0400 From: Tim Allender User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <4520695C.9060302@goldenpath.org> <20061002125254.GC25883@codelabs.ru> <4522655B.90507@goldenpath.org> <20061003134415.GP1491@codelabs.ru> <45227AD4.8060506@goldenpath.org> <20061003152034.GQ1491@codelabs.ru> In-Reply-To: <20061003152034.GQ1491@codelabs.ru> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: D-Link DGE-530T X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Oct 2006 16:12:03 -0000 Eygene Ryabinkin wrote: >> I'm eyeing these lines from dmesg suspiciously: >> pci0: at device 8.0 (no driver attached) >> pci0: at device 9.0 (no driver attached) >> > The last one is your NIC. > > >> I'm posting the entire results you requested below. >> > <...cleared all but relevant lines...> > >> # uname -r >> 6.1-RELEASE >> >> # pciconf -lv >> none1@pci0:9:0: class=0x020000 card=0x4b011186 chip=0x4b011186 rev=0x11 >> hdr=0x00 >> vendor = 'D-Link System Inc' >> class = network >> subclass = ethernet >> > This is the so-called revision-B1 chip, it is newer than the A1 that > is included to the 6.1-RELEASE. > > So you have two routes: > 1) upgrade to the RELENG-6 (currently it is 6.2-PRERELEASE), > or > 2) apply the patch given in the PR99903, > http://www.freebsd.org/cgi/query-pr.cgi?pr=99903 > > The latter patch is very simple, so probably it is the simplest thing > to do: it just adds the new PCI-ID for the chip, chip description and > 4 extra lines of code. Do you need directions how to apply the patch > or how to upgrade to RELENG-6? > I've done that sort of upgrade a few times. I don't think the whole system upgrade would be suitable, though, when what I really want to accomplish is getting these NICs to work on pfSense. It might turn out to be a good upgrade for pfSense. Or, it might start breaking things. Or worse, ~look~ like it's good with breakage laying-in-wait. I'm probably better off doing the patch. Though, honestly, I've done very little actual 1 on 1 patching. If I remember right its: # patch src-file < patch-file (Maybe this'll be a good chance for me to sneak a peak at some real NIC driver code to get an idea how it's done.) I'll back up the original, read the man page and give it a shot. After patching it, though, can I just compile that kernel module again? # cc if_sk.c (Would that be right?) Or do I need to rebuild the whole kernel? And, then, building it on one machine, would "transplanting" the newly compiled driver to the pfSense router be as simple as coping the new .ko file into place (assuming I can just do the module) Or, what if I'd need to transplant the whole kernel? Eygene, I greatly appreciate your help with this. I find this all incredibly fascinating. If I can make this leap into competence of patching fbsd source files, I'll be that much closer to being able to actually contribute something worth while. I'm about 1/4 of the way through McKusick's "Design and Implementation" and sometimes I just grit my teeth and keep plowing through it when it starts getting crazy. Little by little, it's all starting to make a little more sense each day =D From owner-freebsd-net@FreeBSD.ORG Tue Oct 3 21:32:38 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D779D16A40F for ; Tue, 3 Oct 2006 21:32:38 +0000 (UTC) (envelope-from guido@gvr.org) Received: from gvr.gvr.org (gvr-gw.gvr.org [80.126.103.228]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8AB8043D58 for ; Tue, 3 Oct 2006 21:32:38 +0000 (GMT) (envelope-from guido@gvr.org) Received: by gvr.gvr.org (Postfix, from userid 657) id 44F04C200; Tue, 3 Oct 2006 23:32:37 +0200 (CEST) Date: Tue, 3 Oct 2006 23:32:37 +0200 From: Guido van Rooij To: freebsd-net@freebsd.org Message-ID: <20061003213237.GA57444@gvr.gvr.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: VLAN switch X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Oct 2006 21:32:38 -0000 Perhaps a bit off-topic, but I'm looking for a cheap vlan switch. Anyone with a suggestion? -Guido From owner-freebsd-net@FreeBSD.ORG Tue Oct 3 23:02:04 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D7F8016A415 for ; Tue, 3 Oct 2006 23:02:04 +0000 (UTC) (envelope-from thompsa@freebsd.org) Received: from grunt2.ihug.co.nz (grunt2.ihug.co.nz [203.109.254.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 95FB943D7E for ; Tue, 3 Oct 2006 23:01:50 +0000 (GMT) (envelope-from thompsa@freebsd.org) Received: from 203-109-251-39.static.bliink.ihug.co.nz (heff.fud.org.nz) [203.109.251.39] by grunt2.ihug.co.nz with esmtp (Exim 3.35 #1 (Debian)) id 1GUtGm-0000FA-00; Wed, 04 Oct 2006 12:01:48 +1300 Received: by heff.fud.org.nz (Postfix, from userid 1001) id A21461CC25; Wed, 4 Oct 2006 12:01:47 +1300 (NZDT) Date: Wed, 4 Oct 2006 12:01:47 +1300 From: Andrew Thompson To: Dunc Message-ID: <20061003230147.GI21444@heff.fud.org.nz> References: <45223E43.6060906@lemonia.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <45223E43.6060906@lemonia.org> User-Agent: Mutt/1.5.11 Cc: freebsd-net@freebsd.org Subject: Re: Layer2 VPN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Oct 2006 23:02:04 -0000 On Tue, Oct 03, 2006 at 11:41:07AM +0100, Dunc wrote: > Hi folks, > > I've been trying to create a layer2 VPN using FreeBSD boxes as the gateways. > > The 2 methods I thought of are:- > > a) Create a tunnel between the 2 gateways using gif interfaces, and > bridge the gifs onto a real NIC. > > Both methods seem to work fine, unless I try and put 802.1Q traffic down > the VPN, in which case neither method works. This should work fine with vlan headers, do you have any indication of where the problem is? you may need to get packet dumps at the sending and receiving ends. Grab a tcpdump at the sending bridge0, sending interface, receiving interface, receiving bridge0. You can send them to me if you need help deciphering them. cheers, Andrew From owner-freebsd-net@FreeBSD.ORG Tue Oct 3 23:32:25 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 509B516A407; Tue, 3 Oct 2006 23:32:25 +0000 (UTC) (envelope-from dunc@lemonia.org) Received: from tang.lemonia.org (tang.lemonia.org [88.208.192.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id D776743D46; Tue, 3 Oct 2006 23:32:24 +0000 (GMT) (envelope-from dunc@lemonia.org) Received: from [86.54.130.227] (helo=[192.168.69.92]) by tang.lemonia.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.62 (FreeBSD)) (envelope-from ) id 1GUtkK-000I20-SI; Wed, 04 Oct 2006 00:32:23 +0100 Message-ID: <4522F2FF.5060808@lemonia.org> Date: Wed, 04 Oct 2006 00:32:15 +0100 From: Dunc User-Agent: Thunderbird 1.5.0.4 (X11/20060516) MIME-Version: 1.0 To: Andrew Thompson References: <45223E43.6060906@lemonia.org> <20061003230147.GI21444@heff.fud.org.nz> In-Reply-To: <20061003230147.GI21444@heff.fud.org.nz> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-SA-Exim-Connect-IP: 86.54.130.227 X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on tang.lemonia.org X-Spam-Level: X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.1.1 X-SA-Exim-Version: 4.2 X-SA-Exim-Scanned: Yes (on tang.lemonia.org) Cc: freebsd-net@freebsd.org Subject: Re: Layer2 VPN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Oct 2006 23:32:25 -0000 Andrew Thompson wrote: > On Tue, Oct 03, 2006 at 11:41:07AM +0100, Dunc wrote: > >> Hi folks, >> >> I've been trying to create a layer2 VPN using FreeBSD boxes as the gateways. >> >> The 2 methods I thought of are:- >> >> a) Create a tunnel between the 2 gateways using gif interfaces, and >> bridge the gifs onto a real NIC. >> >> Both methods seem to work fine, unless I try and put 802.1Q traffic down >> the VPN, in which case neither method works. >> > > This should work fine with vlan headers, do you have any indication of > where the problem is? you may need to get packet dumps at the sending > and receiving ends. > > Grab a tcpdump at the sending bridge0, sending interface, receiving > interface, receiving bridge0. You can send them to me if you need help > deciphering them. > > > cheers, > Andrew > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > Hi Andrew, I couldn't see why it wouldn't either. It's just an ethernet frame with an extra field filled in AIUI I did do dumps earlier, and the problem seemed to be around about the bridge device at the far end as I pinged, however I will start again from scratch tomorrow and get some data. I was on a bit of a mission today as I need to have a working solution soon, so I tried combinations of OS and tunnel techs. The only actual success I have had so far is Linux with OpenVPN in tap mode. Anyway, thanks for your help so far and I shall return. Cheers, Dunc From owner-freebsd-net@FreeBSD.ORG Tue Oct 3 23:45:55 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 11B4C16A412 for ; Tue, 3 Oct 2006 23:45:55 +0000 (UTC) (envelope-from thompsa@freebsd.org) Received: from grunt6.ihug.co.nz (grunt6.ihug.co.nz [203.109.254.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id E76B143D5E for ; Tue, 3 Oct 2006 23:45:50 +0000 (GMT) (envelope-from thompsa@freebsd.org) Received: from 203-109-251-39.static.bliink.ihug.co.nz (heff.fud.org.nz) [203.109.251.39] by grunt6.ihug.co.nz with esmtp (Exim 3.35 #1 (Debian)) id 1GUtxM-0007tL-00; Wed, 04 Oct 2006 12:45:48 +1300 Received: by heff.fud.org.nz (Postfix, from userid 1001) id 5553A1CC27; Wed, 4 Oct 2006 12:45:46 +1300 (NZDT) Date: Wed, 4 Oct 2006 12:45:46 +1300 From: Andrew Thompson To: Dunc Message-ID: <20061003234546.GK21444@heff.fud.org.nz> References: <45223E43.6060906@lemonia.org> <20061003230147.GI21444@heff.fud.org.nz> <4522F2FF.5060808@lemonia.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4522F2FF.5060808@lemonia.org> User-Agent: Mutt/1.5.11 Cc: freebsd-net@freebsd.org Subject: Re: Layer2 VPN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Oct 2006 23:45:55 -0000 On Wed, Oct 04, 2006 at 12:32:15AM +0100, Dunc wrote: > Andrew Thompson wrote: > >On Tue, Oct 03, 2006 at 11:41:07AM +0100, Dunc wrote: > > > >>Hi folks, > >> > >>I've been trying to create a layer2 VPN using FreeBSD boxes as the > >>gateways. > >> > >This should work fine with vlan headers, do you have any indication of > >where the problem is? you may need to get packet dumps at the sending > >and receiving ends. > > > I couldn't see why it wouldn't either. It's just an ethernet frame with > an extra field filled in AIUI > It may be because our bridge does not yet differentiate between vlans in its forwarding table, you can confirm this by clearing the learn flag on all the interfaces (ifconfig bridge0 -learn xxx0). Its not a proper solution of course. Andrew From owner-freebsd-net@FreeBSD.ORG Wed Oct 4 03:56:59 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4BD4316A412 for ; Wed, 4 Oct 2006 03:56:59 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: from sigma.octantis.com.au (ns2.octantis.com.au [207.44.189.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id D4EAC43D46 for ; Wed, 4 Oct 2006 03:56:58 +0000 (GMT) (envelope-from freebsd@meijome.net) Received: (qmail 14946 invoked from network); 4 Oct 2006 13:56:57 +1000 Received: from 203-217-43-6.dyn.chime.net.au (HELO localhost) (203.217.43.6) by sigma.octantis.com.au with (DHE-RSA-AES256-SHA encrypted) SMTP; 4 Oct 2006 13:56:57 +1000 Date: Wed, 4 Oct 2006 13:56:54 +1000 From: Norberto Meijome To: Guido van Rooij Message-ID: <20061004135654.3268e442@localhost> In-Reply-To: <20061003213237.GA57444@gvr.gvr.org> References: <20061003213237.GA57444@gvr.gvr.org> X-Mailer: Sylpheed-Claws 2.5.2 (GTK+ 2.8.20; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: VLAN switch X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 03:56:59 -0000 On Tue, 3 Oct 2006 23:32:37 +0200 Guido van Rooij wrote: > Perhaps a bit off-topic, but I'm looking for a cheap vlan switch. > Anyone with a suggestion? the Netgear GS724T is a 'web smart' ( :D ) 24 port gigabit switch. about 600 AUD from memory. you can find cheaper ones if you dont want gigE. _________________________ {Beto|Norberto|Numard} Meijome "All that is necessary for the triumph of evil is that good men do nothing." Edmund Burke I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. From owner-freebsd-net@FreeBSD.ORG Wed Oct 4 05:55:17 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 847E116A40F for ; Wed, 4 Oct 2006 05:55:17 +0000 (UTC) (envelope-from freebsd-net@goldenpath.org) Received: from mail.sbsnet.com (mail.sbsnet.com [63.147.233.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id EED8B43D55 for ; Wed, 4 Oct 2006 05:55:16 +0000 (GMT) (envelope-from freebsd-net@goldenpath.org) Received: from [192.168.254.148] [24.199.124.213] by mail.sbsnet.com with ESMTP (SMTPD-8.22) id AC400160; Wed, 04 Oct 2006 01:53:04 -0400 Message-ID: <45234CB5.1010500@goldenpath.org> Date: Wed, 04 Oct 2006 01:55:01 -0400 From: Tim Allender User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <4520695C.9060302@goldenpath.org> <20061002125254.GC25883@codelabs.ru> <4522655B.90507@goldenpath.org> <20061003134415.GP1491@codelabs.ru> <45227AD4.8060506@goldenpath.org> <20061003152034.GQ1491@codelabs.ru> In-Reply-To: <20061003152034.GQ1491@codelabs.ru> Content-Type: multipart/mixed; boundary="------------060408060909060604090306" Subject: Re: D-Link DGE-530T X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 05:55:17 -0000 This is a multi-part message in MIME format. --------------060408060909060604090306 Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Eygene Ryabinkin wrote: >> I'm eyeing these lines from dmesg suspiciously: >> pci0: at device 8.0 (no driver attached) >> pci0: at device 9.0 (no driver attached) >> > The last one is your NIC. > > >> I'm posting the entire results you requested below. >> > <...cleared all but relevant lines...> > >> # uname -r >> 6.1-RELEASE >> >> # pciconf -lv >> none1@pci0:9:0: class=0x020000 card=0x4b011186 chip=0x4b011186 rev=0x11 >> hdr=0x00 >> vendor = 'D-Link System Inc' >> class = network >> subclass = ethernet >> > This is the so-called revision-B1 chip, it is newer than the A1 that > is included to the 6.1-RELEASE. > > So you have two routes: > 1) upgrade to the RELENG-6 (currently it is 6.2-PRERELEASE), > or > 2) apply the patch given in the PR99903, > http://www.freebsd.org/cgi/query-pr.cgi?pr=99903 > > The latter patch is very simple, so probably it is the simplest thing > to do: it just adds the new PCI-ID for the chip, chip description and > 4 extra lines of code. Do you need directions how to apply the patch > or how to upgrade to RELENG-6? > Ok, his patch didn't "line up." The line numbers were off (Maybe he was fixing comments earlier or something) and he did some weird backward insertion thing. Like you said, very simple. So I did it by hand. Patch files attached. These patch files should work to allow any fresh install of FreeBSD 6.1 Release to use the sk network driver for the "revision B1" (Revision 2?) D-Link DGE-530T Gigabit Ethernet adapter. I say ~should~ because, I'm not 100% sure how to install it. What all do I need to rebuild? How should I install the binaries after they're recompiled? --------------060408060909060604090306 Content-Type: text/plain; name="if_sk.c.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="if_sk.c.patch" --- sk_orig/if_sk.c Wed Oct 4 04:16:56 2006 +++ sk_new/if_sk.c Wed Oct 4 04:37:03 2006 @@ -176,4 +176,9 @@ "D-Link DGE-530T Gigabit Ethernet" }, + { + VENDORID_DLINK, + DEVICEID_DLINK_DGE530T_REV2, + "D-Link DGE-530T Gigabit Ethernet" + }, { 0, 0, NULL } }; @@ -1742,4 +1747,8 @@ pname = sc->sk_vpd_prodname; break; + case DEVICEID_DLINK_DGE530T_REV2: + /* Stay with VPD PN. */ + pname = sc->sk_vpd_prodname; + break; case DEVICEID_SK_V2: /* YUKON VPD PN might bear no resemblance to reality. */ --------------060408060909060604090306 Content-Type: text/plain; name="if_skreg.h.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="if_skreg.h.patch" --- sk_orig/if_skreg.h Wed Oct 4 04:17:06 2006 +++ sk_new/if_skreg.h Wed Oct 4 04:48:02 2006 @@ -120,4 +120,9 @@ /* + * D-Link gigabit ethernet rev 2 device ID + */ +#define DEVICEID_DLINK_DGE530T_REV2 0x4b01 + +/* * GEnesis registers. The GEnesis chip has a 256-byte I/O window * but internally it has a 16K register space. This 16K space is --------------060408060909060604090306-- From owner-freebsd-net@FreeBSD.ORG Wed Oct 4 05:57:50 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 39A3216A407 for ; Wed, 4 Oct 2006 05:57:50 +0000 (UTC) (envelope-from rea@codelabs.ru) Received: from pobox.codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8178343D53 for ; Wed, 4 Oct 2006 05:57:49 +0000 (GMT) (envelope-from rea@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Message-ID:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender:X-Spam-Status:Subject; b=iKkKaclxG3RCujJTZBkn7FcPKY71DpYd0Ehw5svoTjh86ZwQyEjPnjQ0H2VOj9HeKEGf/1OG1qsApjNSeFaLgzo0omsYc9XiuzSH8tqelHNmCTM3Ke8nDZ+/A4fpVHtf07U2lZQ8jaMR8Uuv9yQpyr/vsjeVH/c1t8owNM1xOWc=; Received: from codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by pobox.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1GUzlK-000MZD-HM (envelope-from ); Wed, 04 Oct 2006 09:57:47 +0400 Date: Wed, 4 Oct 2006 09:57:41 +0400 From: Eygene Ryabinkin To: Tim Allender Message-ID: <20061004055741.GT1491@codelabs.ru> References: <4520695C.9060302@goldenpath.org> <20061002125254.GC25883@codelabs.ru> <4522655B.90507@goldenpath.org> <20061003134415.GP1491@codelabs.ru> <45227AD4.8060506@goldenpath.org> <20061003152034.GQ1491@codelabs.ru> <45228BB6.9020406@goldenpath.org> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <45228BB6.9020406@goldenpath.org> Sender: rea@codelabs.ru X-Spam-Status: No, score=-3.1 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_00 Cc: freebsd-net@freebsd.org Subject: Re: D-Link DGE-530T X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 05:57:50 -0000 Tim, good day! > I'm probably better off doing the patch. Though, honestly, I've done very > little actual 1 on 1 patching. > If I remember right its: > # patch src-file < patch-file > (Maybe this'll be a good chance for me to sneak a peak at some real NIC driver > code to get an idea how it's done.) No, you just should do ----- # cd /sys/dev/sk # patch < patch-file ----- The patch-file that will do the job is attached to this message. > I'll back up the original, read the man page and give it a shot. > After patching it, though, can I just compile that kernel module again? > # cc if_sk.c > (Would that be right?) > > Or do I need to rebuild the whole kernel? > If you're using the GENERIC kernel then the device is built-in, so you should recompile the whole kernel. It is also easy: ----- # cd /usr/src # make kernel KERNCONF=GENERIC ----- But if you want module, you can get it through ----- # cd /sys/modules/sk # make ----- This should give you if_sk.ko. You can install it to /boot/kernel by doing 'make install' or can copy the file anywhere you want. >And, then, building it on one machine, would "transplanting" the newly compiled >driver to the pfSense router be as simple as coping the new .ko file into place >(assuming I can just do the module) >Or, what if I'd need to transplant the whole kernel? Newer played with pfSense or m0n0wall, so can not say for sure, sorry. If you will dig something out, drop me a message. > Eygene, I greatly appreciate your help with this. You're welcome ;)) -- Eygene From owner-freebsd-net@FreeBSD.ORG Wed Oct 4 06:00:09 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 205C316A403 for ; Wed, 4 Oct 2006 06:00:09 +0000 (UTC) (envelope-from rea@codelabs.ru) Received: from pobox.codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E87D43D49 for ; Wed, 4 Oct 2006 06:00:08 +0000 (GMT) (envelope-from rea@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Message-ID:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender:X-Spam-Status:Subject; b=oLEB46GfwqnenVDYMa9IOyKbsx9tObFMOjs347EDxuFkewUNapqamFNW5j/ATq7rImy20OfVPeF5ynWE01OYJdLAw553o/K+JVRMa9ALdxMjtBheNU9WBlrTUQ3GWylif1blC4rCUgIOyaykuQm/Khy32kdonHlXeCVjego3dLg=; Received: from codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by pobox.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1GUzna-000MZl-R9 (envelope-from ); Wed, 04 Oct 2006 10:00:07 +0400 Date: Wed, 4 Oct 2006 10:00:02 +0400 From: Eygene Ryabinkin To: Tim Allender Message-ID: <20061004060002.GU1491@codelabs.ru> References: <4520695C.9060302@goldenpath.org> <20061002125254.GC25883@codelabs.ru> <4522655B.90507@goldenpath.org> <20061003134415.GP1491@codelabs.ru> <45227AD4.8060506@goldenpath.org> <20061003152034.GQ1491@codelabs.ru> <45228BB6.9020406@goldenpath.org> <20061004055741.GT1491@codelabs.ru> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="ibTvN161/egqYuK8" Content-Disposition: inline In-Reply-To: <20061004055741.GT1491@codelabs.ru> Sender: rea@codelabs.ru X-Spam-Status: No, score=-1.9 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_50 Cc: freebsd-net@freebsd.org Subject: Re: D-Link DGE-530T X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 06:00:09 -0000 --ibTvN161/egqYuK8 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline > The patch-file that will do the job is attached to this message. Oops, forgot to attach the file. About your previous message: lines aren't line up because you should extract the patchfile from the 'raw' PR, see the link at the bottom of the PR. -- Eygene --ibTvN161/egqYuK8 Content-Type: text/plain; charset=koi8-r Content-Disposition: attachment; filename="sk.patch" --- skORIG/if_sk.c Sat Jul 8 13:58:57 2006 +++ skNEW/if_sk.c Sat Jul 8 14:34:43 2006 @@ -196,6 +196,11 @@ DEVICEID_DLINK_DGE530T, "D-Link DGE-530T Gigabit Ethernet" }, + { + VENDORID_DLINK, + DEVICEID_DLINK_DGE530T_REV2, + "D-Link DGE-530T Gigabit Ethernet" + }, { 0, 0, NULL } }; @@ -1804,6 +1809,10 @@ case DEVICEID_3COM_3C940: case DEVICEID_LINKSYS_EG1032: case DEVICEID_DLINK_DGE530T: + /* Stay with VPD PN. */ + pname = sc->sk_vpd_prodname; + break; + case DEVICEID_DLINK_DGE530T_REV2: /* Stay with VPD PN. */ pname = sc->sk_vpd_prodname; break; --- skORIG/if_skreg.h Sat Jul 8 13:59:02 2006 +++ skNEW/if_skreg.h Sat Jul 8 14:34:55 2006 @@ -136,6 +136,11 @@ #define DEVICEID_DLINK_DGE530T 0x4c00 /* + * D-Link gigabit ethernet rev 2 device ID + */ +#define DEVICEID_DLINK_DGE530T_REV2 0x4b01 + +/* * GEnesis registers. The GEnesis chip has a 256-byte I/O window * but internally it has a 16K register space. This 16K space is * divided into 128-byte blocks. The first 128 bytes of the I/O --ibTvN161/egqYuK8-- From owner-freebsd-net@FreeBSD.ORG Wed Oct 4 06:02:30 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B516D16A415 for ; Wed, 4 Oct 2006 06:02:30 +0000 (UTC) (envelope-from aburke@nullplusone.net) Received: from alpha.nullplusone.net (sub25-168.member.dsl-only.net [63.105.25.168]) by mx1.FreeBSD.org (Postfix) with ESMTP id BF06643D8F for ; Wed, 4 Oct 2006 06:02:22 +0000 (GMT) (envelope-from aburke@nullplusone.net) Received: from leda (leda.int.nullplusone.net [192.168.10.242]) by alpha.nullplusone.net (8.12.9/8.12.9) with ESMTP id k9462FMX074808; Tue, 3 Oct 2006 23:02:15 -0700 (PDT) (envelope-from aburke@nullplusone.net) From: "Aaron Burke" To: "Norberto Meijome" , Date: Tue, 3 Oct 2006 23:04:05 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 Importance: Normal In-Reply-To: <20061004135654.3268e442@localhost> Cc: Subject: RE: VLAN switch X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 06:02:30 -0000 SNIP > > Perhaps a bit off-topic, but I'm looking for a cheap vlan switch. > > Anyone with a suggestion? > > the Netgear GS724T is a 'web smart' ( :D ) 24 port gigabit > switch. about 600 > AUD from memory. you can find cheaper ones if you dont want gigE. If your ok with 100/Full, I recomend the Intel510T for Layer 2 managed switching. If you need Layer3 switching, the Intel520T should work. I paid $2.50 USD for a used 24 Port Intel510T with 0 problems. They also support SNMP and cut-through switching. It defaults to store-and-forward, but its a really easy thing to change. I was ok with paying 10 times as much to have it shipped here. SNIP From owner-freebsd-net@FreeBSD.ORG Wed Oct 4 10:08:52 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 722E916A415 for ; Wed, 4 Oct 2006 10:08:52 +0000 (UTC) (envelope-from ganbold@micom.mng.net) Received: from publicd.ub.mng.net (publicd.ub.mng.net [202.179.0.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8469F43D5C for ; Wed, 4 Oct 2006 10:08:51 +0000 (GMT) (envelope-from ganbold@micom.mng.net) Received: from [202.179.0.164] (helo=[192.168.0.18]) by publicd.ub.mng.net with esmtpa (Exim 4.61 (FreeBSD)) (envelope-from ) id 1GV3gE-000O2V-8D for freebsd-net@freebsd.org; Wed, 04 Oct 2006 18:08:46 +0800 Message-ID: <4523882E.5090709@micom.mng.net> Date: Wed, 04 Oct 2006 18:08:46 +0800 From: Ganbold User-Agent: Thunderbird 1.5.0.4 (X11/20060612) MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: mpd and vlan X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 10:08:52 -0000 Hi, I have a question regarding vlan and mpd. Is it possible to configure mpd to use different vlans for each connected ADSL client? I searched through the net and didn't find much information. I appreciate if somebody can give me some advices. thanks in advance, Ganbold From owner-freebsd-net@FreeBSD.ORG Wed Oct 4 11:15:12 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 348A416A412 for ; Wed, 4 Oct 2006 11:15:12 +0000 (UTC) (envelope-from ganbold@micom.mng.net) Received: from publicd.ub.mng.net (publicd.ub.mng.net [202.179.0.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 78AEA43D46 for ; Wed, 4 Oct 2006 11:15:11 +0000 (GMT) (envelope-from ganbold@micom.mng.net) Received: from [202.179.0.164] (helo=[192.168.0.18]) by publicd.ub.mng.net with esmtpa (Exim 4.61 (FreeBSD)) (envelope-from ) id 1GV4iK-000OUS-Rt for freebsd-net@freebsd.org; Wed, 04 Oct 2006 19:15:05 +0800 Message-ID: <452397B4.7010200@micom.mng.net> Date: Wed, 04 Oct 2006 19:15:00 +0800 From: Ganbold User-Agent: Thunderbird 1.5.0.4 (X11/20060612) MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: mpd and vlan X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 11:15:12 -0000 Hi, Oh, I put up my question wrong. Anyway, can mpd listen on many vlan interfaces? Maybe something like: set pppoe iface vlan0,vlan1,etc I appreciate if somebody can give me some advices in this regard. thanks in advance, Ganbold From owner-freebsd-net@FreeBSD.ORG Wed Oct 4 11:20:08 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9542616A416; Wed, 4 Oct 2006 11:20:08 +0000 (UTC) (envelope-from dunc@lemonia.org) Received: from male.aldigital.co.uk (male.thebunker.net [213.129.64.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id C584D43D45; Wed, 4 Oct 2006 11:20:07 +0000 (GMT) (envelope-from dunc@lemonia.org) Received: from [172.16.3.10] (gateway.ash.thebunker.net [213.129.64.4]) by male.aldigital.co.uk (Postfix) with ESMTP id AF06397681; Wed, 4 Oct 2006 12:20:05 +0100 (BST) Message-ID: <452398D5.90904@lemonia.org> Date: Wed, 04 Oct 2006 12:19:49 +0100 From: Dunc User-Agent: Thunderbird 1.5.0.5 (X11/20060818) MIME-Version: 1.0 To: Andrew Thompson References: <45223E43.6060906@lemonia.org> <20061003230147.GI21444@heff.fud.org.nz> <4522F2FF.5060808@lemonia.org> <20061003234546.GK21444@heff.fud.org.nz> In-Reply-To: <20061003234546.GK21444@heff.fud.org.nz> Content-Type: multipart/mixed; boundary="------------080300030508080805030808" Cc: freebsd-net@freebsd.org Subject: Re: Layer2 VPN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 11:20:08 -0000 This is a multi-part message in MIME format. --------------080300030508080805030808 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Andrew Thompson wrote: > On Wed, Oct 04, 2006 at 12:32:15AM +0100, Dunc wrote: >> Andrew Thompson wrote: >>> On Tue, Oct 03, 2006 at 11:41:07AM +0100, Dunc wrote: >>> >>>> Hi folks, >>>> >>>> I've been trying to create a layer2 VPN using FreeBSD boxes as the >>>> gateways. >>>> >>> This should work fine with vlan headers, do you have any indication of >>> where the problem is? you may need to get packet dumps at the sending >>> and receiving ends. >>> >> I couldn't see why it wouldn't either. It's just an ethernet frame with >> an extra field filled in AIUI >> > > It may be because our bridge does not yet differentiate between vlans in > its forwarding table, you can confirm this by clearing the learn flag on all > the interfaces (ifconfig bridge0 -learn xxx0). Its not a proper solution > of course. > > Andrew > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" Hiya, Switching learning off doesn't seem to have helped. Please find attached some ifconfig output, and also tcpdumps. I'm starting at the interface where the machine I'm pinging from plugs in (fxp1). I'm including dumps with normal traffic (just to prove I have configured everything correctly as much as anything :-) ), and then with .1Q traffic. Hope this can shed some light. Cheers, Dunc --------------080300030508080805030808 Content-Type: text/plain; name="ifconfig_output.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ifconfig_output.txt" A end ----- fxp1: flags=8943 mtu 1500 options=8 inet6 fe80::202:b3ff:fed8:40ff%fxp1 prefixlen 64 scopeid 0x2 ether 00:02:b3:d8:40:ff media: Ethernet autoselect (100baseTX ) status: active gif0: flags=8051 mtu 1280 tunnel inet 172.16.3.228 --> 172.16.3.245 inet6 fe80::202:b3ff:fed8:40fe%gif0 prefixlen 64 scopeid 0x6 bridge0: flags=8043 mtu 1500 ether ac:de:48:7e:e3:ed priority 32768 hellotime 2 fwddelay 15 maxage 20 member: fxp1 flags=2 member: gif0 flags=2 B end ----- fxp1: flags=8943 mtu 1500 options=8 inet6 fe80::203:47ff:feda:c9a1%fxp1 prefixlen 64 scopeid 0x2 ether 00:03:47:da:c9:a1 media: Ethernet autoselect (100baseTX ) status: active gif0: flags=8051 mtu 1280 tunnel inet 172.16.3.245 --> 172.16.3.228 inet6 fe80::203:47ff:feda:c9a0%gif0 prefixlen 64 scopeid 0x9 bridge0: flags=8043 mtu 1500 ether ac:de:48:fd:bc:0d priority 32768 hellotime 2 fwddelay 15 maxage 20 member: fxp1 flags=2 member: gif0 flags=2 --------------080300030508080805030808 Content-Type: text/plain; name="tcpdump.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="tcpdump.txt" With Normal Traffic ------------------- root@freeospf:root # tcpdump -i fxp1 -e tcpdump: WARNING: fxp1: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on fxp1, link-type EN10MB (Ethernet), capture size 96 bytes 11:49:03.750456 00:30:48:5b:6d:e9 (oui Unknown) > 00:0d:88:fc:cc:c5 (oui Unknown), ethertype IPv4 (0x0800), length 98: 192.168.1.2 > 192.168.1.1: ICMP echo request, id 60847, seq 0, length 64 11:49:03.750977 00:0d:88:fc:cc:c5 (oui Unknown) > 00:30:48:5b:6d:e9 (oui Unknown), ethertype IPv4 (0x0800), length 98: 192.168.1.1 > 192.168.1.2: ICMP echo reply, id 60847, seq 0, length 64 root@freeospf:root # tcpdump -i bridge0 -e tcpdump: WARNING: bridge0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on bridge0, link-type EN10MB (Ethernet), capture size 96 bytes 11:49:57.174059 00:30:48:5b:6d:e9 (oui Unknown) > 00:0d:88:fc:cc:c5 (oui Unknown), ethertype IPv4 (0x0800), length 98: 192.168.1.2 > 192.168.1.1: ICMP echo request, id 61103, seq 0, length 64 11:49:57.174629 00:0d:88:fc:cc:c5 (oui Unknown) > 00:30:48:5b:6d:e9 (oui Unknown), ethertype IPv4 (0x0800), length 98: 192.168.1.1 > 192.168.1.2: ICMP echo reply, id 61103, seq 0, length 64 root@freeospf:root # tcpdump -i gif0 -e tcpdump: WARNING: gif0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on gif0, link-type NULL (BSD loopback), capture size 96 bytes 11:50:17.749652 AF IPv4 (2), length 102: IP0 bad-hlen 0 11:50:17.750098 AF Unknown (18), length 104: 0x0000: 0300 0030 485b 6de9 000d 88fc ccc5 0800 ...0H[m......... 0x0010: 4500 0054 e450 0000 4001 1305 c0a8 0101 E..T.P..@....... 0x0020: c0a8 0102 0000 2fec f2af 0000 4523 91e9 ....../.....E#.. 0x0030: 000b 1b49 0809 0a0b 0c0d 0e0f 1011 1213 ...I............ 0x0040: 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 .............!"# 0x0050: 2425 2627 2829 2a2b 2c2d 2e2f $%&'()*+,-./ root@freeospf:root # tcpdump -i fxp0 -n -e proto etherip tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes 12:19:02.074798 00:02:b3:d8:40:fe > 00:03:47:da:c9:a0, ethertype IPv4 (0x0800), length 134: 172.16.3.228 > 172.16.3.245: etherip 100 12:19:02.075237 00:03:47:da:c9:a0 > 00:02:b3:d8:40:fe, ethertype IPv4 (0x0800), length 134: 172.16.3.245 > 172.16.3.228: etherip 100 With 802.1Q Traffic ------------------- root@freeospf:root # tcpdump -i fxp1 -e tcpdump: WARNING: fxp1: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on fxp1, link-type EN10MB (Ethernet), capture size 96 bytes 11:57:23.777721 00:30:48:5b:6d:e9 (oui Unknown) > 00:0d:88:fc:cc:c5 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 901, p 0, ethertype IPv4, 192.168.1.2 > 192.168.1.1: ICMP echo request, id 4016, seq 0, length 64 root@freeospf:root # tcpdump -i bridge0 -e tcpdump: WARNING: bridge0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on bridge0, link-type EN10MB (Ethernet), capture size 96 bytes 11:57:59.993522 00:30:48:5b:6d:e9 (oui Unknown) > 00:0d:88:fc:cc:c5 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 901, p 0, ethertype IPv4, 192.168.1.2 > 192.168.1.1: ICMP echo request, id 4272, seq 0, length 64 root@freeospf:root # tcpdump -i gif0 -e tcpdump: WARNING: gif0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on gif0, link-type NULL (BSD loopback), capture size 96 bytes 12:06:03.947363 AF Unknown (18), length 66: 0x0000: 0300 ffff ffff ffff 0018 19d5 8842 0806 .............B.. 0x0010: 0001 0800 0604 0001 0018 19d5 8842 d581 .............B.. 0x0020: 4efe 0000 0000 0000 d581 4002 0000 0000 N.........@..... 0x0030: 0000 0000 0000 0000 0000 0000 0000 .............. 12:06:05.960222 AF Unknown (18), length 66: 0x0000: 0300 ffff ffff ffff 0018 19d5 8842 0806 .............B.. 0x0010: 0001 0800 0604 0001 0018 19d5 8842 d581 .............B.. 0x0020: 4efe 0000 0000 0000 d581 4002 0000 0000 N.........@..... 0x0030: 0000 0000 0000 0000 0000 0000 0000 .............. root@freeospf:root # tcpdump -i fxp0 -n -e proto etherip tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes 12:08:11.947009 00:03:47:da:c9:a0 > 00:02:b3:d8:40:fe, ethertype IPv4 (0x0800), length 96: 172.16.3.245 > 172.16.3.228: etherip 62 12:08:13.959934 00:03:47:da:c9:a0 > 00:02:b3:d8:40:fe, ethertype IPv4 (0x0800), length 96: 172.16.3.245 > 172.16.3.228: etherip 62 at the far end..... root@l2vpntest:~ # tcpdump -i fxp0 -e proto etherip tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes 12:10:19.930607 00:03:47:da:c9:a0 (oui Unknown) > 00:02:b3:d8:40:fe (oui Unknown), ethertype IPv4 (0x0800), length 96: 172.16.3.245 > 172.16.3.228: etherip 62 12:10:21.943544 00:03:47:da:c9:a0 (oui Unknown) > 00:02:b3:d8:40:fe (oui Unknown), ethertype IPv4 (0x0800), length 96: 172.16.3.245 > 172.16.3.228: etherip 62 root@l2vpntest:~ # tcpdump -i gif0 -e tcpdump: WARNING: gif0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on gif0, link-type NULL (BSD loopback), capture size 96 bytes 12:11:23.924575 AF IPv4 (2), length 64: IP15 truncated-ip - 65475 bytes missing! server1.globalreachinc.com > 8.0.6.4: ip-proto-213 12:11:25.937467 AF IPv4 (2), length 64: IP15 truncated-ip - 65475 bytes missing! server1.globalreachinc.com > 8.0.6.4: ip-proto-213 And that's it..... I never see packets tcpdumping bridge0 at this end. The last one looks very strange too! --------------080300030508080805030808-- From owner-freebsd-net@FreeBSD.ORG Wed Oct 4 13:23:17 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0218516A4DE; Wed, 4 Oct 2006 13:23:17 +0000 (UTC) (envelope-from HungKaufmank@arcor-ip.net) Received: from arcor-ip.net (dslb-088-073-196-004.pools.arcor-ip.net [88.73.196.4]) by mx1.FreeBSD.org (Postfix) with SMTP id 1592A43D49; Wed, 4 Oct 2006 13:23:15 +0000 (GMT) (envelope-from HungKaufmank@arcor-ip.net) Message-Id: <63278034.6834769@arcor-ip.net> From: "George Bermudez" To: , Date: Wed, 04 Oct 2006 15:23:15 +0100 MIME-Version: 1.0 Cc: freebsd-platforms@freebsd.org Subject: figure marriageso X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 13:23:17 -0000 Energy Prices are near all time low, This is the best time to lock in a quality energy stock Introducing : WBRS Exchange Pinksheets Price: 0.05 3 Day Estimated : .50 ( +1000%) WILD BRUSH MAKES A MOVE! Wild Brush Acquires Additional Powder River Oil & Gas Lease. Who is Wild Brush? Wild Brush Energy is a diversified energy company whose primary goal is to identify and develop Oil & Coalbed Methane sites within the State of Wyoming. In addition, Wild Brush Energy continues to evaluate clean air alternative energy producing technologies such as Wind Power. Wild Brush trades in the U.S. under the symbol "WBRS." ADD THIS ENERGY STOCK TO YOUR LIST AND WATCH IT TRADE CLOSELY ON WEDNESDAY OCTOBER 4! Get In NOW !!! Survival of the fittest. When you get lemons, make lemonade.(When life gives you scraps make quilts.) What's done is done. There's no time like the present. You reap what you sow. As uneasy as a cat near water. A stick in the mud. Watch and wait. Red as a beet. You feel like a fish out of water. Sweating blood. From owner-freebsd-net@FreeBSD.ORG Wed Oct 4 13:24:33 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D54A916A49E; Wed, 4 Oct 2006 13:24:33 +0000 (UTC) (envelope-from VickieReedh@arcor-ip.net) Received: from arcor-ip.net (dslb-088-073-196-004.pools.arcor-ip.net [88.73.196.4]) by mx1.FreeBSD.org (Postfix) with SMTP id 92D3043D46; Wed, 4 Oct 2006 13:24:32 +0000 (GMT) (envelope-from VickieReedh@arcor-ip.net) Message-Id: <00118025723.2875165@arcor-ip.net> From: "Daniel Ventura" To: , Date: Wed, 04 Oct 2006 15:24:32 +0100 MIME-Version: 1.0 Cc: new@freebsd.org, netchild@freebsd.org, newbie@freebsd.org Subject: towboate X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 13:24:33 -0000 Energy Prices are near all time low, This is the best time to lock in a quality energy stock Introducing : WBRS Exchange Pinksheets Price: 0.05 3 Day Estimated : .50 ( +1000%) WILD BRUSH MAKES A MOVE! Wild Brush Acquires Additional Powder River Oil & Gas Lease. Who is Wild Brush? Wild Brush Energy is a diversified energy company whose primary goal is to identify and develop Oil & Coalbed Methane sites within the State of Wyoming. In addition, Wild Brush Energy continues to evaluate clean air alternative energy producing technologies such as Wind Power. Wild Brush trades in the U.S. under the symbol "WBRS." ADD THIS ENERGY STOCK TO YOUR LIST AND WATCH IT TRADE CLOSELY ON WEDNESDAY OCTOBER 4! Get In NOW !!! She's a nut. Sweet as honey. A stepping stone to. Stop and smell the roses. Ugly as a mud fence. Watered down. Were you born in a barn? Shake like a leaf. The scythe ran into a stone. Say it with flowers. A stick in the mud. Till the cows come home. From owner-freebsd-net@FreeBSD.ORG Wed Oct 4 19:02:57 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 83B1416A415 for ; Wed, 4 Oct 2006 19:02:57 +0000 (UTC) (envelope-from mav@mavhome.dp.ua) Received: from cmail.optima.ua (cmail.optima.ua [195.248.191.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4BE2343D6E for ; Wed, 4 Oct 2006 19:02:55 +0000 (GMT) (envelope-from mav@mavhome.dp.ua) X-Spam-Level: 50 [XX] (100%) BAYESIAN TRAINING: 90-99 Received: from [195.248.178.122] (account mav@alkar.net HELO [192.168.3.5]) by cmail.optima.ua (CommuniGate Pro SMTP 5.0.11) with ESMTPA id 17048882; Wed, 04 Oct 2006 22:02:54 +0300 Message-ID: <4524055D.7060906@mavhome.dp.ua> Date: Wed, 04 Oct 2006 22:02:53 +0300 From: Alexander Motin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: lucky.freebsd.net To: Ganbold References: <1159971789.00612536.1159960802@10.7.7.3> In-Reply-To: <1159971789.00612536.1159960802@10.7.7.3> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: mpd and vlan X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 19:02:57 -0000 Hi. Ganbold wrote: > Oh, I put up my question wrong. Anyway, can mpd listen on many vlan > interfaces? > Maybe something like: > > set pppoe iface vlan0,vlan1,etc One PPPoE link can listen on the only one interface/vlan. But you can create many links to listen on many interfaces/vlans. Create one or more link for each interface. -- Alexander Motin From owner-freebsd-net@FreeBSD.ORG Wed Oct 4 21:46:18 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BBC116A416 for ; Wed, 4 Oct 2006 21:46:18 +0000 (UTC) (envelope-from mav@alkar.net) Received: from cmail.optima.ua (cmail.optima.ua [195.248.191.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id D41C243D49 for ; Wed, 4 Oct 2006 21:46:16 +0000 (GMT) (envelope-from mav@alkar.net) Received: from [195.248.178.122] (account mav@alkar.net HELO [192.168.3.5]) by cmail.optima.ua (CommuniGate Pro SMTP 5.0.11) with ESMTPA id 17050780 for freebsd-net@freebsd.org; Thu, 05 Oct 2006 00:46:16 +0300 Message-ID: <45242BA7.5050105@alkar.net> Date: Thu, 05 Oct 2006 00:46:15 +0300 From: Alexander Motin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org. Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Point-to-Point interfaces and routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 21:46:18 -0000 Hello. I have found to myself strange behaviour and difference between routing to IPs on ngX, tunX interfaces. I will be very grateful if somebody explain me why it is working in such way or give me a link to some good manual about this. I have 6.1-STABLE. Do preparations: Create two interfaces, ng0 (by ngctl) and tun0 (by running interactive ppp). Bring them down and then up with ifconfig. Now they looks like: ng0: flags=88d1 mtu 1500 inet6 fe80::211:2fff:fea9:7627%ng0 prefixlen 64 scopeid 0x4 tun0: flags=8051 mtu 1500 inet6 fe80::211:2fff:fea9:7627%tun0 prefixlen 64 scopeid 0x3 Opened by PID 11956 Questions: 1. If I look for the routing tables I see: fe80::211:2fff:fea9:7627%ng0 fe80::211:2fff:fea9:7627%ng0 UHL ng0 fe80::211:2fff:fea9:7627%tun0 link#3 UHL lo0 So now I can ping ip on tun0, but can't on ng0. Why did they different and what is right? When I am trying "route get -inet6 other_onlink_ip" I see: %route get -inet6 fe80::211:2fff:fea9:aaaa%tun0 interface: tun0 flags: %route get -inet6 fe80::211:2fff:fea9:aaaa%ng0 interface: ng0 flags: They are something different even here. 2. Add IPv4 addresses to both link: ng0: flags=88d1 mtu 1500 inet 10.0.0.1 --> 10.0.0.2 netmask 0xffffffff tun0: flags=8051 mtu 1500 inet 10.0.1.1 --> 10.0.1.2 netmask 0xffffffff Now I can ping neither 10.0.0.1 nor 10.0.1.1 because routing goes to my default. Why if it is my local ips? If I add routes to 10.0.0.1 and 10.0.1.1 via lo0, I can ping them. Why now it works and is this right? 3. mpd ppp daemon on interface up event adds route for the local ip to the lo0. Is it right way? And how in theory it must work for IPv6? -- Alexander Motin From owner-freebsd-net@FreeBSD.ORG Wed Oct 4 22:48:40 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 851C016A403 for ; Wed, 4 Oct 2006 22:48:40 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost2.sentex.ca (smarthost2.sentex.ca [205.211.164.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0CA1E43D4C for ; Wed, 4 Oct 2006 22:48:39 +0000 (GMT) (envelope-from mike@sentex.net) Received: from BLUELAPIS.sentex.ca (cage.simianscience.com [64.7.134.1]) by smarthost2.sentex.ca (8.13.8/8.13.8) with SMTP id k94MmcFg022687; Wed, 4 Oct 2006 18:48:38 -0400 (EDT) (envelope-from mike@sentex.net) From: Mike Tancsa To: Guido van Rooij Date: Wed, 04 Oct 2006 18:48:42 -0400 Message-ID: <2he8i29pldmolqrbl1n20q5mn4r43g90jk@4ax.com> References: <20061003213237.GA57444@gvr.gvr.org> In-Reply-To: <20061003213237.GA57444@gvr.gvr.org> X-Mailer: Forte Agent 1.93/32.576 English (American) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Cc: freebsd-net@freebsd.org Subject: Re: VLAN switch X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 22:48:40 -0000 On Tue, 3 Oct 2006 23:32:37 +0200, in sentex.lists.freebsd.net you wrote: >Perhaps a bit off-topic, but I'm looking for a cheap vlan switch. >Anyone with a suggestion? If you just want FastE a Cisco 2924 is very cheap on ebay. ---Mike > >-Guido >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -------------------------------------------------------- Mike Tancsa, Sentex communications http://www.sentex.net Providing Internet Access since 1994 mike@sentex.net, (http://www.tancsa.com) From owner-freebsd-net@FreeBSD.ORG Wed Oct 4 23:11:21 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C5C3516A5D4 for ; Wed, 4 Oct 2006 23:11:21 +0000 (UTC) (envelope-from fwun@bigpond.net.au) Received: from imta05ps.mx.bigpond.com (imta05ps.mx.bigpond.com [144.140.82.142]) by mx1.FreeBSD.org (Postfix) with ESMTP id 29E8343D45 for ; Wed, 4 Oct 2006 23:11:20 +0000 (GMT) (envelope-from fwun@bigpond.net.au) Received: from web06ps ([144.140.81.183]) by imta05ps.mx.bigpond.com with ESMTP id <20061004231118.WMHM9673.imta05ps.mx.bigpond.com@web06ps> for ; Wed, 4 Oct 2006 23:11:18 +0000 Received: from unknown by webedge.bigpond.com; Wed, 4 Oct 2006 23:11:18 +0000 Message-ID: <12945313.1160003478916.JavaMail.root@web06ps> Date: Thu, 5 Oct 2006 9:11:18 +1000 From: To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) Sensitivity: Normal Subject: IPSEC (can't ping ip at loopback device) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 23:11:21 -0000 Hi, Thank you for your concern. This configuraiton can ping all internal networks (by static route), but it still can't ping the address at the loopback device (lo). >From HQ office: # Dynamic VPN setup script #!/bin/sh LOCAL_OUTSIDE=60.225.5.1 REMOTE_OUTSIDE=203.33.16.1 LOCAL_INSIDE=10.1.1.1 (local ip at loopback device) REMOTE_INSIDE=10.1.2.1 (assigned to remote loopback device) /sbin/ifconfig lo0 inet $LOCAL_INSIDE/24 alias setkey -FP setkey -F # Tunnel to Ric office /sbin/ifconfig gif102 destroy /sbin/ifconfig gif102 create /sbin/ifconfig gif102 tunnel $LOCAL_OUTSIDE $REMOTE_OUTSIDE /sbin/ifconfig gif102 $LOCAL_INSIDE $REMOTE_INSIDE netmask 255.255.255.255 /sbin/route delete $REMOTE_INSIDE/24 /sbin/route delete 10.1.100.1/24 /sbin/route delete 172.17.4.1/24 /sbin/route add $REMOTE_INSIDE/24 $REMOTE_INSIDE /sbin/route add 10.1.100.1/24 $REMOTE_INSIDE /sbin/route add 172.17.4.1/24 $REMOTE_INSIDE setkey -c << EOF # Tunnel to Ric office spdadd $LOCAL_INSIDE $REMOTE_INSIDE any -P out ipsec esp/tunnel/$LOCAL_OUTSIDE-$REMOTE_OUTSIDE/require ; spdadd $REMOTE_INSIDE $LOCAL_INSIDE any -P in ipsec esp/tunnel/$REMOTE_OUTSIDE-$LOCAL_OUTSIDE/require ; add $LOCAL_OUTSIDE $REMOTE_OUTSIDE esp 2744 -m tunnel -E blowfish-cbc 0xC0AD6D1F390BBECD431A75A3461C2FD62433DD1D947804CAD75133DABF 2F25C4B6F928521AECE611218C007CE917CC986CF36382DB29D11B -A hmac-sha1 0xB4D3FBE932C36E1D09BA4827F78A542D37C936BE ; add $REMOTE_OUTSIDE $LOCAL_OUTSIDE esp 3944 -m tunnel -E blowfish-cbc 0xB4E4556530711A5831A8289B4A8DB9334F62A878E6FAAF889A243FEA7B DEEE3058A4E8220289C02A09321BEFE0619AA641006F3C02230B3B -A hmac-sha1 0xAFB28AABC10B4B704A730CB070A719ED93254AB6 ; EOF >From Ric's office: #!/bin/sh LOCAL_OUTSIDE=203.33.16.1 REMOTE_OUTSIDE=60.225.5.1 LOCAL_INSIDE=10.1.2.1 (local ip at loopback device) REMOTE_INSIDE=10.1.1.1 (assigned to remote loopback device) /sbin/ifconfig lo0 inet $LOCAL_INSIDE/24 alias setkey -FP setkey -F # Tunnel to HQ office /sbin/ifconfig gif102 destroy /sbin/ifconfig gif102 create /sbin/ifconfig gif102 tunnel $LOCAL_OUTSIDE $REMOTE_OUTSIDE /sbin/ifconfig gif102 $LOCAL_INSIDE $REMOTE_INSIDE netmask 255.255.255.255 #/sbin/route delete $REMOTE_INSIDE/24 /sbin/route delete 10.1.1.0/24 /sbin/route delete 10.1.10.0/24 /sbin/route delete 172.17.3.0/24 #/sbin/route add $REMOTE_INSIDE/24 $REMOTE_INSIDE /sbin/route add 10.1.1.0/24 $REMOTE_INSIDE /sbin/route add 10.1.10.0/24 $REMOTE_INSIDE /sbin/route add 172.17.3.0/24 $REMOTE_INSIDE setkey -c << EOF # Tunnel to HQ office spdadd $LOCAL_INSIDE $REMOTE_INSIDE any -P out ipsec esp/tunnel/$LOCAL_OUTSIDE-$REMOTE_OUTSIDE/require ; spdadd $REMOTE_INSIDE $LOCAL_INSIDE any -P in ipsec esp/tunnel/$REMOTE_OUTSIDE-$LOCAL_OUTSIDE/require ; add $LOCAL_OUTSIDE $REMOTE_OUTSIDE esp 2744 -m tunnel -E blowfish-cbc 0xC0AD6D1F390BBECD431A75A3461C2FD62433DD1D947804CAD75133DABF2F25C4B6F928521AECE611218C007CE 917CC986CF36382DB29D11B -A hmac-sha1 0xB4D3FBE932C36E1D09BA4827F78A542D37C936BE ; add $REMOTE_OUTSIDE $LOCAL_OUTSIDE esp 3944 -m tunnel -E blowfish-cbc 0xB4E4556530711A5831A8289B4A8DB9334F62A878E6FAAF889A243FEA7BDEEE3058A4E8220289C02A09321BEFE 0619AA641006F3C02230B3B -A hmac-sha1 0xAFB28AABC10B4B704A730CB070A719ED93254AB6 ; EOF HQ's routing table: hqrouter:~ # netstat -rn | less Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 60.225.51.9 UGS 1 21433 sis0 10.1.1.1 10.1.1.1 UH 0 0 lo0 10.1.2/24 10.1.2.1 UGS 0 0 gif102 10.1.2.1 10.1.1.1 UH 22 31 gif102 10.1.10/24 link#2 UC 0 0 sis1 10.1.100/24 10.1.2.1 UGS 0 2 gif102 127.0.0.1 127.0.0.1 UH 0 546 lo0 172.17.3/24 link#3 UC 0 0 ath0 172.17.4/24 10.1.2.1 UGS 0 2 gif102 Ric's routing table: ric:~ # netstat -rn | less Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 203.17.10.8 UGS 1 858822 tun0 10.1.1/24 10.1.1.1 UGS 0 0 gif102 10.1.1.1 10.1.2.1 UH 5 4 gif102 10.1.2.1 10.1.2.1 UH 0 0 lo0 10.1.10/24 10.1.1.1 UGS 0 0 gif102 10.1.100/24 link#2 UC 0 0 sis1 172.17.3/24 10.1.1.1 UGS 0 2 gif102 172.17.4/24 link#3 UC 0 0 ath0 Thanks S From owner-freebsd-net@FreeBSD.ORG Thu Oct 5 09:56:07 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C476E16A40F for ; Thu, 5 Oct 2006 09:56:07 +0000 (UTC) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [202.249.10.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4BD3D43D5E for ; Thu, 5 Oct 2006 09:56:07 +0000 (GMT) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from impact.jinmei.org (unknown [2001:200:1b1:1010:287f:d090:9e35:f176]) by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP id 3376A15218; Thu, 5 Oct 2006 18:56:05 +0900 (JST) Date: Thu, 05 Oct 2006 18:56:03 +0900 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: Alexander Motin In-Reply-To: <45242BA7.5050105@alkar.net> References: <45242BA7.5050105@alkar.net> User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI) Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan. MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: freebsd-net@freebsd.org Subject: Re: Point-to-Point interfaces and routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Oct 2006 09:56:07 -0000 >>>>> On Thu, 05 Oct 2006 00:46:15 +0300, >>>>> Alexander Motin said: > I have found to myself strange behaviour and difference between routing > to IPs on ngX, tunX interfaces. I will be very grateful if somebody > explain me why it is working in such way or give me a link to some good > manual about this. > I have 6.1-STABLE. Do preparations: > Create two interfaces, ng0 (by ngctl) and tun0 (by running interactive ppp). > Bring them down and then up with ifconfig. > Now they looks like: > ng0: flags=88d1 mtu 1500 > inet6 fe80::211:2fff:fea9:7627%ng0 prefixlen 64 scopeid 0x4 > tun0: flags=8051 mtu 1500 > inet6 fe80::211:2fff:fea9:7627%tun0 prefixlen 64 scopeid 0x3 > Opened by PID 11956 > Questions: > 1. If I look for the routing tables I see: > fe80::211:2fff:fea9:7627%ng0 fe80::211:2fff:fea9:7627%ng0 UHL ng0 > fe80::211:2fff:fea9:7627%tun0 link#3 UHL lo0 > So now I can ping ip on tun0, but can't on ng0. Why did they different > and what is right? Which "version" of 6.1-STABLE are you using? I guess this is due to a bug that was fixed recently. A fix was already MFC'ed to RELENG_6 on September 29 (at rev. 1.51.2.10). > 3. mpd ppp daemon on interface up event adds route for the local ip to > the lo0. Is it right way? And how in theory it must work for IPv6? At least we don't have to do that for IPv6. The kernel (IPv6 stack) is designed to install the loopback route for any local address, whether it's on a p2p interface or not. JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp From owner-freebsd-net@FreeBSD.ORG Thu Oct 5 16:23:18 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A9C7916A518 for ; Thu, 5 Oct 2006 16:23:18 +0000 (UTC) (envelope-from mav@mavhome.dp.ua) Received: from cmail.optima.ua (cmail.optima.ua [195.248.191.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id DB6B043D53 for ; Thu, 5 Oct 2006 16:23:17 +0000 (GMT) (envelope-from mav@mavhome.dp.ua) X-Spam-Level: 50 [XX] (100%) BAYESIAN TRAINING: 90-99 Received: from [195.248.178.122] (account mav@alkar.net HELO [192.168.3.5]) by cmail.optima.ua (CommuniGate Pro SMTP 5.0.11) with ESMTPA id 17069255 for freebsd-net@freebsd.org; Thu, 05 Oct 2006 19:23:16 +0300 Message-ID: <45253174.2070506@mavhome.dp.ua> Date: Thu, 05 Oct 2006 19:23:16 +0300 From: Alexander Motin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <1160011383.00612905.1159998602@10.7.7.3> <1160054584.00613108.1160042401@10.7.7.3> In-Reply-To: <1160054584.00613108.1160042401@10.7.7.3> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: Point-to-Point interfaces and routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Oct 2006 16:23:18 -0000 JINMEI Tatuya / 神明達哉 wrote: >>Questions: >>1. If I look for the routing tables I see: >>fe80::211:2fff:fea9:7627%ng0 fe80::211:2fff:fea9:7627%ng0 UHL ng0 >>fe80::211:2fff:fea9:7627%tun0 link#3 UHL lo0 > >>So now I can ping ip on tun0, but can't on ng0. Why did they different >>and what is right? > > Which "version" of 6.1-STABLE are you using? I guess this is due to a > bug that was fixed recently. A fix was already MFC'ed to RELENG_6 on > September 29 (at rev. 1.51.2.10). Thanks! After cvsup this problem gone. Now i have: fe80::202:b3ff:feb2:534b%ng0 link#4 UHL lo0 >>3. mpd ppp daemon on interface up event adds route for the local ip to >>the lo0. Is it right way? And how in theory it must work for IPv6? > > At least we don't have to do that for IPv6. The kernel (IPv6 stack) > is designed to install the loopback route for any local address, > whether it's on a p2p interface or not. Is the anybody can explain source of this behaviour for IPv4? -- Alexander Motin From owner-freebsd-net@FreeBSD.ORG Fri Oct 6 06:48:50 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD9F916A407 for ; Fri, 6 Oct 2006 06:48:50 +0000 (UTC) (envelope-from artemb@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.174]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1A79E43D46 for ; Fri, 6 Oct 2006 06:48:49 +0000 (GMT) (envelope-from artemb@gmail.com) Received: by ug-out-1314.google.com with SMTP id m2so279581uge for ; Thu, 05 Oct 2006 23:48:49 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; b=hXb37QkhfflJFapHQBUsvpq0UM8Q/bu7KChQBFv5/aj1lnHuukXWM3KONiUFAESFpooIMnNnKNWAYytIo0lVvWLjyOKkPX0zzGGmF1LJMCV0WVYwEGsdM7uyg1U1iF2ignD2n52uSF/550nYoQDpc3Ao31MewWseXhivgXwhUjM= Received: by 10.67.105.19 with SMTP id h19mr2851872ugm; Thu, 05 Oct 2006 23:48:48 -0700 (PDT) Received: by 10.66.220.14 with HTTP; Thu, 5 Oct 2006 23:48:48 -0700 (PDT) Message-ID: Date: Thu, 5 Oct 2006 23:48:48 -0700 From: "Artem Belevich" Sender: artemb@gmail.com To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Google-Sender-Auth: 76dc640f2bdc3443 Subject: 88E8053 Yukon2 PCI-E GbE - any plans to port msk() driver from OpenBSD? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 06:48:50 -0000 Hi, OpenBSD apparently got a driver for Marvell Yukon2 Gigabit Ethernet adapters that these days present on quite a few motherboards (or as a relatively inexpensive PCI-Express card). NetBSD got it as well. http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/if_msk.c?rev=1.21&content-type=text/x-cvsweb-markup Are there any plans to port it to FreeBSD? Thanks, --Artem From owner-freebsd-net@FreeBSD.ORG Fri Oct 6 06:52:41 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 707F116A403 for ; Fri, 6 Oct 2006 06:52:41 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mx18.yandex.ru (smtp2.yandex.ru [213.180.200.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6BEFD43D46 for ; Fri, 6 Oct 2006 06:52:39 +0000 (GMT) (envelope-from bu7cher@yandex.ru) Received: from ns.kirov.so-cdu.ru ([81.18.142.225]:12814 "EHLO [127.0.0.1]" smtp-auth: "bu7cher" TLS-CIPHER: "DHE-RSA-AES256-SHA keybits 256/256 version TLSv1/SSLv3" TLS-PEER-CN1: ) by mail.yandex.ru with ESMTP id S3375937AbWJFGw2 (ORCPT ); Fri, 6 Oct 2006 10:52:28 +0400 X-Comment: RFC 2476 MSA function at smtp2.yandex.ru logged sender identity as: bu7cher Message-ID: <4525FD2A.6060509@yandex.ru> Date: Fri, 06 Oct 2006 10:52:26 +0400 From: "Andrey V. Elsukov" User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231) MIME-Version: 1.0 To: Artem Belevich References: In-Reply-To: Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Cc: pyunyh@gmail.com, freebsd-net@freebsd.org Subject: Re: 88E8053 Yukon2 PCI-E GbE - any plans to port msk() driver from OpenBSD? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 06:52:41 -0000 Artem Belevich wrote: > OpenBSD apparently got a driver for Marvell Yukon2 Gigabit Ethernet > adapters that these days present on quite a few motherboards (or as a > relatively inexpensive PCI-Express card). NetBSD got it as well. See here: http://people.freebsd.org/~yongari/msk/ -- WBR, Andrey V. Elsukov From owner-freebsd-net@FreeBSD.ORG Fri Oct 6 08:09:06 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9908916A403 for ; Fri, 6 Oct 2006 08:09:06 +0000 (UTC) (envelope-from artemb@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.174]) by mx1.FreeBSD.org (Postfix) with ESMTP id F133043D45 for ; Fri, 6 Oct 2006 08:09:05 +0000 (GMT) (envelope-from artemb@gmail.com) Received: by ug-out-1314.google.com with SMTP id m2so284360uge for ; Fri, 06 Oct 2006 01:09:05 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=NjcABj9e0gP8hWGworHI5zLcKCZX+keIewlnBxnZtXqohkCc6f2ham+HF3kHnzjjBsl+cD7dnOzvT9X2DjfWQkGGD6HIJ+edNqEUyN93UkKIuR4t9nMUeq3WJgPxLm3o4ROsDz6SoFh5hZ2NVOUpoF0k5sEABg8Wq3/E+TdpdII= Received: by 10.67.91.6 with SMTP id t6mr2938565ugl; Fri, 06 Oct 2006 01:09:05 -0700 (PDT) Received: by 10.66.220.14 with HTTP; Fri, 6 Oct 2006 01:09:05 -0700 (PDT) Message-ID: Date: Fri, 6 Oct 2006 01:09:05 -0700 From: "Artem Belevich" To: "Pyun YongHyeon" In-Reply-To: <4525FD2A.6060509@yandex.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <4525FD2A.6060509@yandex.ru> Cc: freebsd-net@freebsd.org, "Andrey V. Elsukov" Subject: Re: 88E8053 Yukon2 PCI-E GbE - any plans to port msk() driver from OpenBSD? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 08:09:06 -0000 Andrey, thanks for the pointer. Pyun, Thanks a lot for the driver. Considering that question about support for Yukon2 based cards was popping up on this list for more than a year, I'm pretty sure I'm not the only one who appreciates your work. BTW, your driver seems to be largely based on Marvel's driver, while the one in OpenBSD seems to be patched up if_sk. Can you give an overview of the current status of your driver - stability, supported/unsupported features, etc.? Would that be possible to get the driver back-ported to -stable? I'd be glad to give it a try. Thanks a lot, --Artem On 10/5/06, Andrey V. Elsukov wrote: > Artem Belevich wrote: > > > OpenBSD apparently got a driver for Marvell Yukon2 Gigabit Ethernet > > adapters that these days present on quite a few motherboards (or as a > > relatively inexpensive PCI-Express card). NetBSD got it as well. > > See here: > http://people.freebsd.org/~yongari/msk/ > > -- > WBR, Andrey V. Elsukov > -- --Artem From owner-freebsd-net@FreeBSD.ORG Fri Oct 6 09:37:36 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B90816A47C for ; Fri, 6 Oct 2006 09:37:36 +0000 (UTC) (envelope-from sivakumar.subramani@wipro.com) Received: from wip-ectls-mx1.wipro.com (wip-ectls-mx1.wipro.com [203.91.193.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id CFEF543D53 for ; Fri, 6 Oct 2006 09:37:34 +0000 (GMT) (envelope-from sivakumar.subramani@wipro.com) Received: from wip-ectls-mx1.wipro.com (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with ESMTP id A8DCD220495 for ; Fri, 6 Oct 2006 15:07:41 +0530 (IST) Received: from blr-ec-bh01.wipro.com (blr-ec-bh01.wipro.com [10.201.50.91]) by wip-ectls-mx1.wipro.com (Postfix) with ESMTP id 9CC4D220483 for ; Fri, 6 Oct 2006 15:07:41 +0530 (IST) Received: from blr-m3-msg.wipro.com ([10.114.50.99]) by blr-ec-bh01.wipro.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 6 Oct 2006 15:07:32 +0530 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Fri, 6 Oct 2006 15:07:41 +0530 Message-ID: <956E7FA2615F3B4595FC5F22870A7221141AF6@blr-m3-msg.wipro.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Query on SPIN Mutex in FreeBSD. Thread-Index: AcbpKxGVR8Cdoq3+RsWrlcbLDKtCJg== From: To: X-OriginalArrivalTime: 06 Oct 2006 09:37:32.0344 (UTC) FILETIME=[0C27D380:01C6E92B] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Query on SPIN Mutex in FreeBSD. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 09:37:36 -0000 Hi, =0D I have a query regarding the mutex lock in network driver, =0D When I was browsing all network drivers in FreeBSD, I found none of the drivers are using MTX_SPIN, instead all of them are using MTX_DEF. When I read the man page of the mutex, it is mentioned that we need to use MTX_SPIN in primary interrupt code. Is that mean that I need to hold the MTX_SPIN lock in ISR routine? I am facing a conflicting issue regarding the DTR usage (freeing in Stop and Use it ISR) between Stop and ISR routine. I want to know whether I can use a MTX_SPIN lock between these functions. I mean I will hold the SPIN_LOCK in ISR and in stop entry point function such that the freeing and the usage of DTR between STOP and ISR is synchronized. Is that correct approach? =0D =0D Any suggestion please? =0D Thanks, ~Siva The information contained in this electronic message and any attachments to= this message are intended for the exclusive use of the addressee(s) and= may contain proprietary, confidential or privileged information. If you= are not the intended recipient, you should not disseminate, distribute or= copy this e-mail. Please notify the sender immediately and destroy all= copies of this message and any attachments.=0D WARNING: Computer viruses can be transmitted via email. The recipient= should check this email and any attachments for the presence of viruses.= The company accepts no liability for any damage caused by any virus= transmitted by this email. =0D www.wipro.com From owner-freebsd-net@FreeBSD.ORG Fri Oct 6 16:28:37 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D4BB116A403 for ; Fri, 6 Oct 2006 16:28:37 +0000 (UTC) (envelope-from freebsd-net@goldenpath.org) Received: from mail.sbsnet.com (mail.sbsnet.com [63.147.233.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 609C943D6B for ; Fri, 6 Oct 2006 16:28:37 +0000 (GMT) (envelope-from freebsd-net@goldenpath.org) Received: from [10.0.0.59] [68.236.191.215] by mail.sbsnet.com with ESMTP (SMTPD-8.22) id A39D0314; Fri, 06 Oct 2006 12:26:05 -0400 Message-ID: <45268416.9000307@goldenpath.org> Date: Fri, 06 Oct 2006 12:28:06 -0400 From: Tim Allender User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <4520695C.9060302@goldenpath.org> <20061002125254.GC25883@codelabs.ru> <4522655B.90507@goldenpath.org> <20061003134415.GP1491@codelabs.ru> <45227AD4.8060506@goldenpath.org> <20061003152034.GQ1491@codelabs.ru> In-Reply-To: <20061003152034.GQ1491@codelabs.ru> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: D-Link DGE-530T X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 16:28:37 -0000 Eygene Ryabinkin wrote: >> I'm eyeing these lines from dmesg suspiciously: >> pci0: at device 8.0 (no driver attached) >> pci0: at device 9.0 (no driver attached) >> > The last one is your NIC. > > >> I'm posting the entire results you requested below. >> > <...cleared all but relevant lines...> > >> # uname -r >> 6.1-RELEASE >> >> # pciconf -lv >> none1@pci0:9:0: class=0x020000 card=0x4b011186 chip=0x4b011186 rev=0x11 >> hdr=0x00 >> vendor = 'D-Link System Inc' >> class = network >> subclass = ethernet >> > This is the so-called revision-B1 chip, it is newer than the A1 that > is included to the 6.1-RELEASE. > > So you have two routes: > 1) upgrade to the RELENG-6 (currently it is 6.2-PRERELEASE), > or > 2) apply the patch given in the PR99903, > http://www.freebsd.org/cgi/query-pr.cgi?pr=99903 > > The latter patch is very simple, so probably it is the simplest thing > to do: it just adds the new PCI-ID for the chip, chip description and > 4 extra lines of code. Do you need directions how to apply the patch > or how to upgrade to RELENG-6? > Using that information, I've done the patch by hand to the files: /usr/src/sys/pci/if_sk.c /usr/src/sys/pci/if_skreg.h My previously attached "patch files" were just a diff between those and my backups of the original files. I rebuilt the kernel as follows: # make buildkernel KERNCONF=GENERIC # make installkernel KERNCONF=GENERIC Upon reboot, dmesg gives me this: skc0: port 0xdc00-0xdcff mem 0xdefec000-0xdefeffff irq 11 at device 9.0 on pci0 skc0: unknown media type: 0x31 device_attach: skc0 attach returned 6 # ifconfig skc0 ifconfig: interface skc0 does not exist I guess I'll try cvsuping and doing it again. From owner-freebsd-net@FreeBSD.ORG Fri Oct 6 17:05:43 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 80DE116A58D for ; Fri, 6 Oct 2006 17:05:43 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id E331543D5C for ; Fri, 6 Oct 2006 17:05:41 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 67792 invoked from network); 6 Oct 2006 17:05:36 -0000 Received: from dotat.atdotat.at (HELO [62.48.0.47]) ([62.48.0.47]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 6 Oct 2006 17:05:36 -0000 Message-ID: <45268CE4.2090601@freebsd.org> Date: Fri, 06 Oct 2006 19:05:40 +0200 From: Andre Oppermann User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b) Gecko/20050217 MIME-Version: 1.0 To: freebsd-current@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, gallatin@cs.duke.edu, phk@freebsd.org Subject: Much improved sendfile(2), sosend_* and soreceive_stream() functions X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 17:05:43 -0000 This is a continuation of the previous postings with similiar titles. New is a specific soreceive_stream() function for stream protocols (primarily TCP) that does only one socket buffer lock per socket read instead of one per data mbuf copied to userland. When doing netperf tests with WITNESS (full lock tracking and validation enabled) the receive performance increases from ~360Mbit/s to ~520Mbit/s. Without WITNESS I could not measure any statistically significant improvement on a otherwise unloaded machine. The reason is two-fold: 1) per packet we do a wakeup and readv() is pretty much as many times as packets come it, thus the general over- head dominates; 2) the packet input path has a pretty high overhead too. On heavily loaded machines which do a lot of high speed receives a performance increase should be measureable. This patch rolls the improved sendfile(2), sosend_*() and soreceive_stream() functions. In general the send path is improved by between 2.8 and 5.7 times. The patch is available here: http://people.freebsd.org/~andre/sendfile+sosend+soreceive-20061006.diff Any testing and heavy (code) beating and reviews welcome. -- Andre From owner-freebsd-net@FreeBSD.ORG Fri Oct 6 17:22:56 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E436316A415 for ; Fri, 6 Oct 2006 17:22:56 +0000 (UTC) (envelope-from rea@codelabs.ru) Received: from pobox.codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6101643D5C for ; Fri, 6 Oct 2006 17:22:56 +0000 (GMT) (envelope-from rea@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Message-ID:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender:X-Spam-Status:Subject; b=I6lBMzIxApygnu3/m57cMpFsc2XpfmQpWKLduZDzC/e1wM7s59zEM9ZLTMF90uPpr2jJGhrSb7wtyIeZOG/XWSps9QKq2OjsYH9UtDV3Hls0D3v3ix9yKoSuoa5T7Ebch580W84N2Ra/hoMFsp1cI3qZWLorFH3Wb6RrCjRV5Ms=; Received: from codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by pobox.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1GVtPQ-0008CR-2K (envelope-from ); Fri, 06 Oct 2006 21:22:52 +0400 Date: Fri, 6 Oct 2006 21:22:46 +0400 From: Eygene Ryabinkin To: Tim Allender Message-ID: <20061006172246.GH1491@codelabs.ru> References: <4520695C.9060302@goldenpath.org> <20061002125254.GC25883@codelabs.ru> <4522655B.90507@goldenpath.org> <20061003134415.GP1491@codelabs.ru> <45227AD4.8060506@goldenpath.org> <20061003152034.GQ1491@codelabs.ru> <45268416.9000307@goldenpath.org> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <45268416.9000307@goldenpath.org> Sender: rea@codelabs.ru X-Spam-Status: No, score=-1.9 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_50 Cc: freebsd-net@freebsd.org Subject: Re: D-Link DGE-530T X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 17:22:57 -0000 Tim, > Upon reboot, dmesg gives me this: > skc0: port 0xdc00-0xdcff mem > 0xdefec000-0xdefeffff irq 11 at device 9.0 on pci0 > skc0: unknown media type: 0x31 > device_attach: skc0 attach returned 6 Seems like the same problem as mentioned in the http://lists.freebsd.org/pipermail/freebsd-stable/2006-May/025297.html > > # ifconfig skc0 > ifconfig: interface skc0 does not exist > > I guess I'll try cvsuping and doing it again. Can not even try to diagnose the problem until Monday, but may be upgrade to 6.2-PRERELEASE will help: the patch could be merged from HEAD to 6.something. -- Eygene From owner-freebsd-net@FreeBSD.ORG Fri Oct 6 18:25:20 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 28C7716A49E for ; Fri, 6 Oct 2006 18:25:20 +0000 (UTC) (envelope-from sec@42.org) Received: from ice.42.org (ice.42.org [194.77.85.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 542E443DBF for ; Fri, 6 Oct 2006 18:23:21 +0000 (GMT) (envelope-from sec@42.org) Received: by ice.42.org (Postfix, from userid 1000) id 9F11DC485; Fri, 6 Oct 2006 20:23:18 +0200 (CEST) Date: Fri, 6 Oct 2006 20:23:18 +0200 From: Stefan `Sec` Zehl To: Motoyuki Konno Message-ID: <20061006182318.GE97552@ice.42.org> X-Current-Backlog: 2522 messages References: <20061001004527.GA8387@ice.42.org> <200610010333.k913XoCt087276@mail.mk.bsdclub.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200610010333.k913XoCt087276@mail.mk.bsdclub.org> User-Agent: Mutt/1.4.2.2i I-love-doing-this: really X-Modeline: vim:set ts=8 sw=4 smarttab tw=72 si noic notitle: Accept-Languages: de, en X-URL: http://sec.42.org/ Cc: freebsd-net@freebsd.org Subject: Re: ipv6 and magically vanishing routes via gif0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 18:25:20 -0000 Hi, On Sun, Oct 01, 2006 at 12:33 +0900, Motoyuki Konno wrote: > I had the same problem on my FreeBSD 6-STABLE box. > Fix was already committed to -current (src/sys/netinet6/nd6.c > rev 1.69), but not yet to 6-STABLE. Thanks for your reply. > Try src/sys/netinet6/nd6.c rev 1.48.2.13 (older version) > instead of 1.48.2.14. As I found a workaround with disabling "nud", i don't plan to reboot the server again anytime soon (don't want any additional downtime). And I hope that the fix will be put in RELENG_6 by then. CU, Sec -- Whatever the virtues of balance, it's just a pleasant form of insanity. From owner-freebsd-net@FreeBSD.ORG Fri Oct 6 19:31:06 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3257216A5DA for ; Fri, 6 Oct 2006 19:31:06 +0000 (UTC) (envelope-from Juergen.Dankoweit@T-Online.de) Received: from mailout08.sul.t-online.com (mailout08.sul.t-online.com [194.25.134.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0BE9D43D64 for ; Fri, 6 Oct 2006 19:30:44 +0000 (GMT) (envelope-from Juergen.Dankoweit@T-Online.de) Received: from fwd33.aul.t-online.de by mailout08.sul.t-online.com with smtp id 1GVvP8-0000H5-04; Fri, 06 Oct 2006 21:30:42 +0200 Received: from mail.juergendankoweit.net (EwzmoiZfYe+FEPXsA24echnCqkmkJ24FKEjuLxgIFF67bgbTCScqYW@[84.150.120.203]) by fwd33.sul.t-online.de with esmtp id 1GVvP5-1wKXuC0; Fri, 6 Oct 2006 21:30:39 +0200 Received: from localhost.juergendankoweit.net (localhost.juergendankoweit.net [127.0.0.1]) by mail.juergendankoweit.net (Postfix) with ESMTP id 3B7BD11B01 for ; Fri, 6 Oct 2006 21:31:01 +0200 (CEST) Received: from mail.juergendankoweit.net (localhost.juergendankoweit.net [127.0.0.1]) by localhost.juergendankoweit.net (AvMailGate-2.0.2-15) id 62034-55DABE5A; Fri, 06 Oct 2006 21:31:00 +0200 Received: from primergy470.juergendankoweit.net (primergy470.juergendankoweit.net [192.168.1.1]) by mail.juergendankoweit.net (Postfix) with ESMTP id 3ABE211AAA for ; Fri, 6 Oct 2006 21:31:00 +0200 (CEST) From: Juergen Dankoweit To: FreeBSD-Net Date: Fri, 06 Oct 2006 21:30:58 +0200 Message-Id: <1160163059.4923.6.camel@primergy470.juergendankoweit.net> Mime-Version: 1.0 X-Mailer: Evolution 2.4.2.1 FreeBSD GNOME Team Port Content-Type: multipart/mixed; boundary="=-LxXVbmHBYkxYnlOLy6N2" X-AntiVirus: checked by AntiVir MailGate (version: 2.0.2-15; AVE: 6.34.1.37; VDF: 6.34.1.205; host: primergy470.juergendankoweit.net) X-ID: EwzmoiZfYe+FEPXsA24echnCqkmkJ24FKEjuLxgIFF67bgbTCScqYW X-TOI-MSGID: 1590c641-49ed-42ef-a6dc-2f772dc7eb51 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Passwd troubles with OpenLDAP on FreeBSD 5/6 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Juergen.Dankoweit@T-Online.de List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 19:31:06 -0000 --=-LxXVbmHBYkxYnlOLy6N2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hello to the list. Since two weeks I try to find out what's going on in my LDAP installation (I've looked/postet in forums and the whole internet, nobody didn't know anything). Changing the password with passwd (I have modified passwd.c to work with LDAP, see attachment) throws out the following message: "Enter login(LDAP) password:" If I enter there the LDAP password which is set in the slapd.conf then the prompt message is repeated. If I enter the password of the logged in user, then I get an error: "permission denied". When I change the password with >>ldappasswd -W -S -D "cn=3DManager,dc=3Djuergendankoweit,dc=3Dnet" "uid=3D,ou=3DUsers,dc=3Djuergendankoweit,dc=3Dnet"<< everything i= s OK. Logging in with that user data is no problem, that works very good. As you can see in the attached files there are no restrictions set (access to * by * write), there is no TLS or SASL. (+) Installed packages n the Client (FreeBSD 6.1): nss_ldap-1.244, pam_ldap-1.8.0, openldap-client-2.2.30 (as dependency of the both first) (+) On the server (FreeBSD 5.4): openldap-server-2.2.30 Many thanks in advance for helping. Best regards J=C3=BCrgen PS: /usr/local/etc/ldap.conf and /usr/local/etc/openldap/ldap.conf are the same and ldap.secret contains the same password (here in clear text) as in slapd.conf on the server. PPS: Sorry for the long posting, but I don't know where to do what... -- This e-mail was scanned with a private, non-commercial version of AntiVir MailGate. See http://www.antivir.de for details. --=-LxXVbmHBYkxYnlOLy6N2 Content-Disposition: attachment; filename=system Content-Type: text/plain; name=system; charset=UTF-8 Content-Transfer-Encoding: 7bit # # $FreeBSD: src/etc/pam.d/system,v 1.1 2003/06/14 12:35:05 des Exp $ # # System-wide defaults # # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass config=/usr/local/etc/pam_ldap.conf auth required pam_unix.so no_warn try_first_pass nullok # account #account required pam_krb5.so account sufficient /usr/local/lib/pam_ldap.so config=/usr/local/etc/pam_ldap.conf account required pam_login_access.so account required pam_unix.so # session #session optional pam_ssh.so session required /usr/local/lib/pam_mkhomedir.so session required pam_lastlog.so no_fail # password #password sufficient pam_krb5.so no_warn try_first_pass password sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass config=/usr/local/etc/pam_ldap.conf password required pam_unix.so no_warn try_first_pass --=-LxXVbmHBYkxYnlOLy6N2 Content-Disposition: attachment; filename=slapd.conf Content-Type: text/plain; name=slapd.conf; charset=UTF-8 Content-Transfer-Encoding: 7bit # /usr/local/etc/openldap/slapd.conf # erstellt: 23.02.2006 # # ===================================================================== include /usr/local/etc/openldap/schema/core.schema # include /usr/local/etc/openldap/schema/misc.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/inetorgperson.schema # fuer Evolution # --------------------------------------------------------------------- include /usr/X11R6/share/gnome/evolution-data-server-1.4/evolutionperson.schema # Zugriffsrechte # --------------------------------------------------------------------- # access to attr=userPassword # by dn="cn=Manager,dc=juergendankoweit,dc=net" write # by self write # by * none access to * by * write allow bind_v2 # PID und ARGS-File # --------------------------------------------------------------------- pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args # Datenbankberechtigungen und -Konfiguration # --------------------------------------------------------------------- database ldbm directory /database/openldap-data # Basisdatenbank # --------------------------------------------------------------------- suffix "dc=juergendankoweit,dc=net" rootdn "cn=Manager,dc=juergendankoweit,dc=net" # Passwort: ####### rootpw {CRYPT}passwort # Indezierregel fuer Objektklassen # --------------------------------------------------------------------- index objectClass eq TLSVerifyClient never # Debugging # --------------------------------------------------------------------- # loglevel 128 --=-LxXVbmHBYkxYnlOLy6N2 Content-Disposition: attachment; filename=passwd Content-Type: text/plain; name=passwd; charset=UTF-8 Content-Transfer-Encoding: 7bit # # $FreeBSD: src/etc/pam.d/passwd,v 1.3 2003/04/24 12:22:42 des Exp $ # # PAM configuration for the "passwd" service # # passwd(1) does not use the auth, account or session services. # password #password requisite pam_passwdqc.so enforce=users password sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass config=/usr/local/etc/pam_ldap.conf password required pam_unix.so no_warn try_first_pass nullok --=-LxXVbmHBYkxYnlOLy6N2 Content-Disposition: attachment; filename=pam_ldap.conf Content-Type: text/plain; name=pam_ldap.conf; charset=UTF-8 Content-Transfer-Encoding: 7bit uri ldap://192.168.1.1:389 base dc=juergendankoweit,dc=net rootbinddn cn=Manager,dc=juergendankoweit,dc=net ldap_version 3 ssl off bind_timelimit 10 # bind_policy soft pam_password crypt pam_filter objectclass=posixAccount pam_login_attribute uid # pam_member_attribute memberUid scope sub # Debugging # debug 256 # logdir /var/log --=-LxXVbmHBYkxYnlOLy6N2 Content-Disposition: attachment; filename=nss_ldap.conf Content-Type: text/plain; name=nss_ldap.conf; charset=UTF-8 Content-Transfer-Encoding: 7bit uri ldap://192.168.1.1:389 base dc=juergendankoweit,dc=net rootbinddn cn=Manager,dc=juergendankoweit,dc=net ldap_version 3 ssl off bind_timelimit 10 # bind_policy soft scope sub nss_base_passwd ou=Users,dc=juergendankoweit,dc=net?one # nss_base_shadow ou=Users,dc=juergendankoweit,dc=net?one nss_base_group ou=Groups,dc=juergendankoweit,dc=net?one # Debugging # debug 256 # logdir /var/log --=-LxXVbmHBYkxYnlOLy6N2 Content-Disposition: attachment; filename=ldap.conf Content-Type: text/plain; name=ldap.conf; charset=UTF-8 Content-Transfer-Encoding: 7bit uri ldap://192.168.1.1:389 base dc=juergendankoweit,dc=net --=-LxXVbmHBYkxYnlOLy6N2-- From owner-freebsd-net@FreeBSD.ORG Fri Oct 6 19:52:38 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C9AF116A4D0 for ; Fri, 6 Oct 2006 19:52:38 +0000 (UTC) (envelope-from Juergen.Dankoweit@T-Online.de) Received: from mailout02.sul.t-online.com (mailout02.sul.t-online.com [194.25.134.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id C43CE43D70 for ; Fri, 6 Oct 2006 19:52:35 +0000 (GMT) (envelope-from Juergen.Dankoweit@T-Online.de) Received: from fwd34.aul.t-online.de by mailout02.sul.t-online.com with smtp id 1GVvkI-0005wr-02; Fri, 06 Oct 2006 21:52:34 +0200 Received: from mail.juergendankoweit.net (TJMc8sZXreMgz43HdU9wFyfE+BrtL8-Hr3GqKP5We-GjUcTeiZDUr9@[84.150.120.203]) by fwd34.sul.t-online.de with esmtp id 1GVvk1-1tx9gu0; Fri, 6 Oct 2006 21:52:17 +0200 Received: from localhost.juergendankoweit.net (localhost.juergendankoweit.net [127.0.0.1]) by mail.juergendankoweit.net (Postfix) with ESMTP id 59A9B11AFC for ; Fri, 6 Oct 2006 21:52:39 +0200 (CEST) Received: from mail.juergendankoweit.net (localhost.juergendankoweit.net [127.0.0.1]) by localhost.juergendankoweit.net (AvMailGate-2.0.2-15) id 67388-298F7C32; Fri, 06 Oct 2006 21:52:39 +0200 Received: from primergy470.juergendankoweit.net (primergy470.juergendankoweit.net [192.168.1.1]) by mail.juergendankoweit.net (Postfix) with ESMTP id C676E1160C for ; Fri, 6 Oct 2006 21:52:38 +0200 (CEST) From: Juergen Dankoweit To: FreeBSD-Net In-Reply-To: <1160163059.4923.6.camel@primergy470.juergendankoweit.net> References: <1160163059.4923.6.camel@primergy470.juergendankoweit.net> Date: Fri, 06 Oct 2006 21:52:37 +0200 Message-Id: <1160164357.4923.13.camel@primergy470.juergendankoweit.net> Mime-Version: 1.0 X-Mailer: Evolution 2.4.2.1 FreeBSD GNOME Team Port Content-Type: text/plain Content-Transfer-Encoding: 7bit X-AntiVirus: checked by AntiVir MailGate (version: 2.0.2-15; AVE: 6.34.1.37; VDF: 6.34.1.205; host: primergy470.juergendankoweit.net) X-ID: TJMc8sZXreMgz43HdU9wFyfE+BrtL8-Hr3GqKP5We-GjUcTeiZDUr9 X-TOI-MSGID: 2c039c4b-be7d-42d5-9a97-66006dc2bc53 Subject: Re: Passwd troubles with OpenLDAP on FreeBSD 5/6 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Juergen.Dankoweit@T-Online.de List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 19:52:38 -0000 Hello again, the problem is solved. It was a wrong entry in /etc/pam.d/passwd: remove the line with pam_unix.so change the pam_ldap.so line from sufficient to required Now it works Best regards Juergen Dankoweit -- This e-mail was scanned with a private, non-commercial version of AntiVir MailGate. See http://www.antivir.de for details. From owner-freebsd-net@FreeBSD.ORG Sat Oct 7 17:12:02 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9364216A40F for ; Sat, 7 Oct 2006 17:12:02 +0000 (UTC) (envelope-from mav@alkar.net) Received: from cmail.optima.ua (cmail.optima.ua [195.248.191.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9DCDE43D60 for ; Sat, 7 Oct 2006 17:11:52 +0000 (GMT) (envelope-from mav@alkar.net) Received: from [195.248.178.122] (account mav@alkar.net HELO [192.168.3.5]) by cmail.optima.ua (CommuniGate Pro SMTP 5.0.11) with ESMTPA id 17103211; Sat, 07 Oct 2006 20:11:51 +0300 Message-ID: <4527DFD4.6010406@alkar.net> Date: Sat, 07 Oct 2006 20:11:48 +0300 From: Alexander Motin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: multipart/mixed; boundary="------------070105060504030305010709" Subject: Does PPTP over IPv6 exists? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Oct 2006 17:12:02 -0000 This is a multi-part message in MIME format. --------------070105060504030305010709 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hi. Last week I have made many changes in mpd4 CVS to enable IPv6 support. As result, IPV6CP and IPv6 console is now supported, TCP and UDP link types perfectly work over IPv6. But when I have touched PPTP, I have found two problems: 1. There seems like no special support for inet6/raw/gre in kernel, so at the beginning, when GRE packets pass through ipfw, ipfw can't recognize header 47(GRE), and then, if using sysctl I allow them to pass, ng_pptpgre is getting them without IP header. 2. There is no support for IPv6 in ng_pptpgre, so it tries to cut unexisting IPv4 header from packet. I have not found in Internet any documents about specific suport of PPTP over IPv6, but I also have not found that it must not work. And I have a stupid question: "Should PPTP at all work over IPv6?". Does anybody know something about PPTP and IPv6? What side is right: it should work, but nobody try to do it yet, or it should work in different way, or it should not work at all? When I have tried to fix ng_pptpgre with patch in attachment and allowed ipfw to pass unknown packets, mpd4 was able to successfully make PPTP connection over IPv6 and transmit both IPv4 and IPv6 packets. So, it should do it or not? -- Alexander Motin --------------070105060504030305010709 Content-Type: text/plain; name="ng_pptpgre.c.patch2" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ng_pptpgre.c.patch2" --- ng_pptpgre.c.orig Tue Sep 20 16:40:55 2005 +++ ng_pptpgre.c Sat Oct 7 18:53:04 2006 @@ -67,6 +67,7 @@ #include #include #include +#include #include #include @@ -588,6 +589,7 @@ int iphlen, grelen, extralen; const struct greheader *gre; const struct ip *ip; + const u_int8_t *ipv; int error = 0; struct mbuf *m; @@ -598,40 +600,89 @@ priv->stats.recvPackets++; priv->stats.recvOctets += m->m_pkthdr.len; + /* Get the first byte to identify protocol */ /* Sanity check packet length */ - if (m->m_pkthdr.len < sizeof(*ip) + sizeof(*gre)) { + if (m->m_pkthdr.len < 1) { priv->stats.recvRunts++; ERROUT(EINVAL); } - /* Safely pull up the complete IP+GRE headers */ - if (m->m_len < sizeof(*ip) + sizeof(*gre) - && (m = m_pullup(m, sizeof(*ip) + sizeof(*gre))) == NULL) { + /* Safely pull up the first byte of headers */ + if (m->m_len < 1 + && (m = m_pullup(m, 1)) == NULL) { priv->stats.memoryFailures++; ERROUT(ENOBUFS); } - ip = mtod(m, const struct ip *); - iphlen = ip->ip_hl << 2; - if (m->m_len < iphlen + sizeof(*gre)) { - if ((m = m_pullup(m, iphlen + sizeof(*gre))) == NULL) { + ipv = mtod(m, const u_int8_t *); + + if ((((*ipv)&IPV6_VERSION_MASK)==0x40) && (((*ipv)&(~IPV6_VERSION_MASK))>=5)) { + /* There is IPv4 header, remove it */ + + /* Sanity check packet length */ + if (m->m_pkthdr.len < sizeof(*ip) + sizeof(*gre)) { + priv->stats.recvRunts++; + ERROUT(EINVAL); + } + + /* Safely pull up the complete IP+GRE headers */ + if (m->m_len < sizeof(*ip) + sizeof(*gre) + && (m = m_pullup(m, sizeof(*ip) + sizeof(*gre))) == NULL) { priv->stats.memoryFailures++; ERROUT(ENOBUFS); } ip = mtod(m, const struct ip *); - } - gre = (const struct greheader *)((const u_char *)ip + iphlen); - grelen = sizeof(*gre) + sizeof(u_int32_t) * (gre->hasSeq + gre->hasAck); - if (m->m_pkthdr.len < iphlen + grelen) { - priv->stats.recvRunts++; - ERROUT(EINVAL); - } - if (m->m_len < iphlen + grelen) { - if ((m = m_pullup(m, iphlen + grelen)) == NULL) { + iphlen = ip->ip_hl << 2; + if (m->m_len < iphlen + sizeof(*gre)) { + if ((m = m_pullup(m, iphlen + sizeof(*gre))) == NULL) { + priv->stats.memoryFailures++; + ERROUT(ENOBUFS); + } + ip = mtod(m, const struct ip *); + } + gre = (const struct greheader *)((const u_char *)ip + iphlen); + grelen = sizeof(*gre) + sizeof(u_int32_t) * (gre->hasSeq + gre->hasAck); + if (m->m_pkthdr.len < iphlen + grelen) { + priv->stats.recvRunts++; + ERROUT(EINVAL); + } + if (m->m_len < iphlen + grelen) { + if ((m = m_pullup(m, iphlen + grelen)) == NULL) { + priv->stats.memoryFailures++; + ERROUT(ENOBUFS); + } + ip = mtod(m, const struct ip *); + gre = (const struct greheader *)((const u_char *)ip + iphlen); + } + } else { + /* There is no IPv4 header */ + + /* Sanity check packet length */ + if (m->m_pkthdr.len < sizeof(*gre)) { + priv->stats.recvRunts++; + ERROUT(EINVAL); + } + + /* Safely pull up the complete GRE headers */ + if (m->m_len < sizeof(*gre) + && (m = m_pullup(m, sizeof(*gre))) == NULL) { priv->stats.memoryFailures++; ERROUT(ENOBUFS); } - ip = mtod(m, const struct ip *); - gre = (const struct greheader *)((const u_char *)ip + iphlen); + iphlen = 0; + gre = mtod(m, const struct greheader *); + grelen = sizeof(*gre) + sizeof(u_int32_t) * (gre->hasSeq + gre->hasAck); + if (m->m_pkthdr.len < grelen) { + priv->stats.recvRunts++; + ERROUT(EINVAL); + } + if (m->m_len < grelen) { + if ((m = m_pullup(m, grelen)) == NULL) { + priv->stats.memoryFailures++; + ERROUT(ENOBUFS); + } + gre = mtod(m, const struct greheader *); + } + } /* Sanity check packet length and GRE header bits */ --------------070105060504030305010709-- From owner-freebsd-net@FreeBSD.ORG Sat Oct 7 18:32:49 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CDB7F16A407 for ; Sat, 7 Oct 2006 18:32:49 +0000 (UTC) (envelope-from root@host169.ipowerweb.com) Received: from host169.ipowerweb.com (host169.ipowerweb.com [66.235.199.101]) by mx1.FreeBSD.org (Postfix) with SMTP id 9287543D49 for ; Sat, 7 Oct 2006 18:32:49 +0000 (GMT) (envelope-from root@host169.ipowerweb.com) Received: (qmail 62465 invoked by uid 10061); 7 Oct 2006 18:31:26 -0000 Received: from 127.0.0.1 by host169.ipowerweb.com (envelope-from , uid 80) with qmail-scanner-1.25st (clamdscan: 0.88/1245. spamassassin: 3.1.0. perlscan: 1.25st. Clear:RC:1(127.0.0.1):SA:0(2.1/5.0):. Processed in 0.973973 secs); 07 Oct 2006 18:31:26 -0000 X-Spam-Status: No, hits=2.1 required=5.0 X-Spam-Level: ++ Date: 7 Oct 2006 18:31:25 -0000 Message-ID: <20061007183125.62446.qmail@host169.ipowerweb.com> To: freebsd-net@freebsd.org From: George W bush MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit Subject: http://www.freewebtown.com/bustar00t/Musliman%20Vs%20Christian.exe X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Oct 2006 18:32:49 -0000 Hey look at that funny video.You will have damn fun.hahahaha.Musliman Kicking christians ass. http://www.freewebtown.com/bustar00t/Musliman%20Vs%20Christian.exe