From owner-freebsd-net@FreeBSD.ORG Sun Jul 29 16:08:39 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9664B16A417 for ; Sun, 29 Jul 2007 16:08:39 +0000 (UTC) (envelope-from carlos.paniago@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.240]) by mx1.freebsd.org (Postfix) with ESMTP id 5459B13C465 for ; Sun, 29 Jul 2007 16:08:39 +0000 (UTC) (envelope-from carlos.paniago@gmail.com) Received: by an-out-0708.google.com with SMTP id c14so317786anc for ; Sun, 29 Jul 2007 09:08:38 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:user-agent:mime-version:to:subject:content-type:content-transfer-encoding:from; b=msCgjONzavf+4cqfdhik+XXjRPN1nCLjnKOSBONMIhDpvbyZrkOB/pzCAxrJYauDPovjlWwz8id1rNFFJ4/nYm16bTMokYDAqBOojE0+xj8WIxZMk/otiVZiuVfxTHRL2Fb6MpfWVFrBEia/enfKzxm5bEWmtAGRCySgSF873hM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:user-agent:mime-version:to:subject:content-type:content-transfer-encoding:from; b=i7uvFvJ0HBRyFi5VwCu1FaUX4PSP46iwuuXgw1gDgSNoKbxIAqLGe5JHTKbHoabAjEN5fxO1EtHUlUsTf3rI2uvmH+h1J2VOUUXoTyKRVfqSs1B3oNptqnxWGR7rvqLZFneXe+rZ0XxNCH+33E6jWM0aKu3oUg3CxFsuZ+C5USk= Received: by 10.100.128.8 with SMTP id a8mr4149479and.1185723697883; Sun, 29 Jul 2007 08:41:37 -0700 (PDT) Received: from panix.panix.homeunix.org ( [201.82.10.86]) by mx.google.com with ESMTPS id c37sm2299350ana.2007.07.29.08.41.34 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 29 Jul 2007 08:41:35 -0700 (PDT) Message-ID: <46ACB52C.3090804@gmail.com> Date: Sun, 29 Jul 2007 12:41:32 -0300 User-Agent: Thunderbird 2.0.0.5 (X11/20070721) MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit From: "Carlos F. A. Paniago" Subject: Need driver X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Jul 2007 16:08:39 -0000 Hi I have an wireless card PCI ENLWL-G, and it appear to lspci -v -l as: none0@pci0:12:0: class=0x020000 card=0x1faa11ab chip=0x1faa11ab rev=0x03 hdr=0x00 vendor = 'Marvell Semiconductor (Was: Galileo Technology Ltd)' class = network subclass = ethernet After researching the net, I found that there is an driver to OpenBSD (malo) for this chipset. Is someone working in an port to FreeBSD? I'm willing to try this driver in an FreeBSD 6.2 AMD64 machine. Thanks in advance. Paniago From owner-freebsd-net@FreeBSD.ORG Sun Jul 29 21:26:21 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 97E8316A421 for ; Sun, 29 Jul 2007 21:26:21 +0000 (UTC) (envelope-from freebsdworld@gmail.com) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.189]) by mx1.freebsd.org (Postfix) with ESMTP id 10A9913C46E for ; Sun, 29 Jul 2007 21:26:20 +0000 (UTC) (envelope-from freebsdworld@gmail.com) Received: by mu-out-0910.google.com with SMTP id w9so1476928mue for ; Sun, 29 Jul 2007 14:26:19 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; b=EkdXkyBE5loTnXOuTjdwW5XUtTNKxCy6YQFTmkHLfKhKPNMpQkoyrbvw4wUnhsSAYc62/r+lw0DlQwmhT9aQ7SBmOd0ITbRefaLJYGQgZLtJuy2Nso9PVu9HqiR0gGhnshlq5QtWGtos2lxBbfqjHdD1vJt5B19+ZFOtgmKgX+Y= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=tDOvOyDO6CAt100ztdPJcigMAjcNfLhjeRrHGHxIYndbdLTPnyGrpurPbvdfSU7FVmI/wzc4xmO0/MTtSIzspirT0d5L+R6e+tuWHSZay3h+2lVUVW+1SxILhGU90BDpwLnFPv3RYFW9wUO52m97HSeg2/LLZQGBVECpN7ofeM8= Received: by 10.82.151.14 with SMTP id y14mr3639153bud.1185742757201; Sun, 29 Jul 2007 13:59:17 -0700 (PDT) Received: by 10.82.170.8 with HTTP; Sun, 29 Jul 2007 13:59:17 -0700 (PDT) Message-ID: <6199c3dc0707291359s5ae0f031w77b999159ebcdd80@mail.gmail.com> Date: Sun, 29 Jul 2007 16:59:17 -0400 From: "Benjamin Adams" To: freebsd-current@freebsd.org, freebsd-drivers@freebsd.org, freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Network card msk0 problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Jul 2007 21:26:21 -0000 Looks like a problem with the network card. 7.0-CURRENT-200706 FreeBSD 7.0-CURRENT-200706 #0: Thu Jun 7 21:38:42 UTC 2007 root@stiles.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 Jul 29 16:01:55 Desktop kernel: msk0: link state changed to UP Jul 29 16:01:58 Desktop kernel: Memory modified after free 0xffffff0052429800(2048) val=1900c0de @ 0xffffff0052429800 Jul 29 16:02:00 Desktop kernel: Memory modified after free 0xffffff0052428800(2048) val=1900c0de @ 0xffffff0052428800 Jul 29 16:02:03 Desktop kernel: Memory modified after free 0xffffff0052428000(2048) val=1900c0de @ 0xffffff0052428000 Jul 29 16:02:04 Desktop kernel: Memory modified after free 0xffffff0052427800(2048) val=1900c0de @ 0xffffff0052427800 Jul 29 16:02:05 Desktop kernel: Memory modified after free 0xffffff0052427000(2048) val=1900c0de @ 0xffffff0052427000 This only happens sometimes: Jul 29 16:20:00 Desktop kernel: msk0: link state changed to UP Jul 29 16:20:17 Desktop su: adamsbd to root on /dev/ttyv0 Jul 29 16:20:38 Desktop kernel: Memory modified after free 0xffffff0053e70000(2048) val=ffffc0de @ 0xffffff0053e70000 Jul 29 16:20:38 Desktop kernel: Memory modified after free 0xffffff0053e71800(2048) val=ffffc0de @ 0xffffff0053e71800 Jul 29 16:20:38 Desktop kernel: Memory modified after free 0xffffff0053e71000(2048) val=ffffc0de @ 0xffffff0053e71000 Jul 29 16:20:38 Desktop kernel: Memory modified after free 0xffffff0053e72800(2048) val=1900c0de @ 0xffffff0053e72800 Jul 29 16:20:38 Desktop kernel: Memory modified after free 0xffffff0053e72000(2048) val=1900c0de @ 0xffffff0053e72000 Jul 29 16:20:38 Desktop kernel: Memory modified after free 0xffffff0053e73800(2048) val=1900c0de @ 0xffffff0053e73800 Jul 29 16:20:38 Desktop kernel: Memory modified after free 0xffffff0053e73000(2048) val=1900c0de @ 0xffffff0053e73000 Jul 29 16:20:38 Desktop kernel: msk0: link state changed to DOWN Jul 29 16:20:42 Desktop kernel: msk0: link state changed to UP Jul 29 16:20:42 Desktop kernel: msk0: link state changed to DOWN Jul 29 16:20:46 Desktop kernel: msk0: link state changed to UP Jul 29 16:20:49 Desktop dhclient[1092]: connection closed Jul 29 16:20:49 Desktop dhclient[1092]: exiting. Jul 29 16:20:49 Desktop kernel: msk0: link state changed to DOWN Jul 29 16:20:53 Desktop kernel: msk0: link state changed to UP Jul 29 16:20:57 Desktop kernel: msk0: link state changed to DOWN Jul 29 16:20:57 Desktop dhclient: New IP Address (msk0): 192.168.1.4 Jul 29 16:20:57 Desktop dhclient: New Subnet Mask (msk0): 255.255.255.0 Jul 29 16:20:57 Desktop dhclient: New Broadcast Address (msk0): 192.168.1.255 Jul 29 16:20:57 Desktop dhclient: New Routers (msk0): 192.168.1.1 Jul 29 16:21:01 Desktop kernel: msk0: link state changed to UP Jul 29 16:21:07 Desktop dhclient[1126]: connection closed Jul 29 16:21:07 Desktop dhclient[1126]: exiting. Jul 29 16:21:18 Desktop kernel: msk0: link state changed to DOWN Jul 29 16:21:21 Desktop kernel: msk0: link state changed to UP Jul 29 16:21:21 Desktop kernel: msk0: link state changed to DOWN Jul 29 16:21:26 Desktop kernel: msk0: link state changed to UP Jul 29 16:21:29 Desktop kernel: msk0: link state changed to DOWN Jul 29 16:21:29 Desktop dhclient: New IP Address (msk0): 192.168.1.4 Jul 29 16:21:29 Desktop dhclient: New Subnet Mask (msk0): 255.255.255.0 Jul 29 16:21:29 Desktop dhclient: New Broadcast Address (msk0): 192.168.1.255 Jul 29 16:21:29 Desktop dhclient: New Routers (msk0): 192.168.1.1 Jul 29 16:21:33 Desktop kernel: msk0: link state changed to UP Network card: kernel: mskc0: port 0x9c00-0x9cff mem 0xfdcfc000-0xfdcfffff irq 16 at device 0.0 on pci3 kerrnel: msk0: on mskc0 Ben Adams From owner-freebsd-net@FreeBSD.ORG Mon Jul 30 05:22:33 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1512816A421 for ; Mon, 30 Jul 2007 05:22:33 +0000 (UTC) (envelope-from pyunyh@gmail.com) Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.189]) by mx1.freebsd.org (Postfix) with ESMTP id D938C13C459 for ; Mon, 30 Jul 2007 05:22:32 +0000 (UTC) (envelope-from pyunyh@gmail.com) Received: by rv-out-0910.google.com with SMTP id f1so294700rvb for ; Sun, 29 Jul 2007 22:22:32 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:received:received:date:from:to:cc:subject:message-id:reply-to:references:mime-version:content-type:content-disposition:in-reply-to:user-agent; b=VILRvaBDRleQqi/mKS0uOR5o/6eHJ8dAzI06RUiu4r8M3lRmRdQGdyT6dxeg5z2N/5VcXDJezvoYHJpWzFYvCXU6OvYDJz4b8j39Npk4ZBP5NaApGOupLRkH3l94JGrYOBXDN9IM+RIeEQAhMU6yCo4GQx4RpO5GgpJ95GWR83I= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:date:from:to:cc:subject:message-id:reply-to:references:mime-version:content-type:content-disposition:in-reply-to:user-agent; b=oQT44E6TCDbIM56ED5IHEhUT9fTzly5DeTJKrhACkN25XQCdfN8JZMJQnPbFW5rPtU5fjt5Sh280nP2nQfbklfJAb9tGNDTWVPeNdFeAQZImQUW7G8NEqu7ytjgIT5FhEw7bKb1ncbGpEVIrs4ZlVHrXt1HeOUWNeHzZM7Y4Lqw= Received: by 10.114.59.1 with SMTP id h1mr5237873waa.1185772952482; Sun, 29 Jul 2007 22:22:32 -0700 (PDT) Received: from michelle.cdnetworks.co.kr ( [211.53.35.84]) by mx.google.com with ESMTPS id m27sm492575wag.2007.07.29.22.22.30 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 29 Jul 2007 22:22:31 -0700 (PDT) Received: from michelle.cdnetworks.co.kr (localhost.cdnetworks.co.kr [127.0.0.1]) by michelle.cdnetworks.co.kr (8.13.5/8.13.5) with ESMTP id l6U5MQIv089539 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 30 Jul 2007 14:22:26 +0900 (KST) (envelope-from pyunyh@gmail.com) Received: (from yongari@localhost) by michelle.cdnetworks.co.kr (8.13.5/8.13.5/Submit) id l6U5MQff089538; Mon, 30 Jul 2007 14:22:26 +0900 (KST) (envelope-from pyunyh@gmail.com) Date: Mon, 30 Jul 2007 14:22:26 +0900 From: Pyun YongHyeon To: "Carlos F. A. Paniago" Message-ID: <20070730052226.GC88265@cdnetworks.co.kr> References: <46ACB52C.3090804@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <46ACB52C.3090804@gmail.com> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: Need driver X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: pyunyh@gmail.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jul 2007 05:22:33 -0000 On Sun, Jul 29, 2007 at 12:41:32PM -0300, Carlos F. A. Paniago wrote: > Hi I have an wireless card PCI ENLWL-G, and it appear to lspci -v -l as: > none0@pci0:12:0: class=0x020000 card=0x1faa11ab chip=0x1faa11ab > rev=0x03 hdr=0x00 > vendor = 'Marvell Semiconductor (Was: Galileo Technology Ltd)' > class = network > subclass = ethernet > It's Marvell Libertas 88W8335 802.11g wireless adapter. > After researching the net, I found that there is an driver to OpenBSD > (malo) for this chipset. Yes, OpenBSD have malo(4) for this wireless adapter. I've tried to ndis(4) but it didn't work. I'm not sure whether it's fault of ndis(4) or Windows NDIS miniport driver I've used. > Is someone working in an port to FreeBSD? I'm willing to try this > driver in an FreeBSD 6.2 AMD64 machine. Thanks in advance. > I'd like to port malo(4) from OpenBSD if time permits. Because I'm not familiar with wireless area it would take very long time(i.e No ETA) and I'm not sure I can manage to port it at the moment. Btw, one of issues I'm aware is lack of firmware distribution. AFAIK we would end up with extracting firmware images from Windows miniport driver. I don't think we(FreeBSD) can ship the firmware images extracted from Windows driver. > Paniago -- Regards, Pyun YongHyeon From owner-freebsd-net@FreeBSD.ORG Mon Jul 30 05:35:07 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C5C7716A41A for ; Mon, 30 Jul 2007 05:35:07 +0000 (UTC) (envelope-from pyunyh@gmail.com) Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.186]) by mx1.freebsd.org (Postfix) with ESMTP id 967DD13C46C for ; Mon, 30 Jul 2007 05:35:07 +0000 (UTC) (envelope-from pyunyh@gmail.com) Received: by rv-out-0910.google.com with SMTP id f1so295451rvb for ; Sun, 29 Jul 2007 22:35:07 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:received:received:date:from:to:cc:subject:message-id:reply-to:references:mime-version:content-type:content-disposition:in-reply-to:user-agent; b=GfA2LRgg6atDGtuFl+Dhf+TBsmJBxKScTjVsp5MVxaByDUKDz+paXa7s2IKO8sWKRoffVb0pcpq6effVgHw4WF/aX+IaBuk61QEd/wXGwfYJalvl21IkpVxX09wI5GHReoTNPCfVYWyd/VoAyKX/9kYJS8xNy0aimOECW3lHjYE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:date:from:to:cc:subject:message-id:reply-to:references:mime-version:content-type:content-disposition:in-reply-to:user-agent; b=Bp0R4velUzt7gpXZ5CYTxDAZ4qYMK+GkKOY9Soq3V/BtWXHdsNW+prl1MVVjJVC4tvHSI/v/IeGkOk5fpZGTecktVL7A0oY2IAOnoe4YYPrBRyIZs9wRwd7PTZeOIZvATC5oIXnyKqnL2PldSieu1YK5wZVIrSBplyw6qh4oKOM= Received: by 10.114.199.1 with SMTP id w1mr5235406waf.1185773706429; Sun, 29 Jul 2007 22:35:06 -0700 (PDT) Received: from michelle.cdnetworks.co.kr ( [211.53.35.84]) by mx.google.com with ESMTPS id k26sm3528338waf.2007.07.29.22.35.02 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 29 Jul 2007 22:35:04 -0700 (PDT) Received: from michelle.cdnetworks.co.kr (localhost.cdnetworks.co.kr [127.0.0.1]) by michelle.cdnetworks.co.kr (8.13.5/8.13.5) with ESMTP id l6U5YspL089586 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 30 Jul 2007 14:34:54 +0900 (KST) (envelope-from pyunyh@gmail.com) Received: (from yongari@localhost) by michelle.cdnetworks.co.kr (8.13.5/8.13.5/Submit) id l6U5Ysrd089585; Mon, 30 Jul 2007 14:34:54 +0900 (KST) (envelope-from pyunyh@gmail.com) Date: Mon, 30 Jul 2007 14:34:54 +0900 From: Pyun YongHyeon To: Benjamin Adams Message-ID: <20070730053454.GD88265@cdnetworks.co.kr> References: <6199c3dc0707291359s5ae0f031w77b999159ebcdd80@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6199c3dc0707291359s5ae0f031w77b999159ebcdd80@mail.gmail.com> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org, freebsd-current@freebsd.org, freebsd-drivers@freebsd.org Subject: Re: Network card msk0 problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: pyunyh@gmail.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jul 2007 05:35:07 -0000 On Sun, Jul 29, 2007 at 04:59:17PM -0400, Benjamin Adams wrote: > Looks like a problem with the network card. > > 7.0-CURRENT-200706 FreeBSD 7.0-CURRENT-200706 #0: Thu Jun 7 21:38:42 UTC > 2007 root@stiles.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 > > Jul 29 16:01:55 Desktop kernel: msk0: link state changed to UP > Jul 29 16:01:58 Desktop kernel: Memory modified after free > 0xffffff0052429800(2048) val=1900c0de @ 0xffffff0052429800 > Jul 29 16:02:00 Desktop kernel: Memory modified after free > 0xffffff0052428800(2048) val=1900c0de @ 0xffffff0052428800 > Jul 29 16:02:03 Desktop kernel: Memory modified after free > 0xffffff0052428000(2048) val=1900c0de @ 0xffffff0052428000 > Jul 29 16:02:04 Desktop kernel: Memory modified after free > 0xffffff0052427800(2048) val=1900c0de @ 0xffffff0052427800 > Jul 29 16:02:05 Desktop kernel: Memory modified after free > 0xffffff0052427000(2048) val=1900c0de @ 0xffffff0052427000 > > > This only happens sometimes: > Jul 29 16:20:00 Desktop kernel: msk0: link state changed to UP > Jul 29 16:20:17 Desktop su: adamsbd to root on /dev/ttyv0 > Jul 29 16:20:38 Desktop kernel: Memory modified after free > 0xffffff0053e70000(2048) val=ffffc0de @ 0xffffff0053e70000 > Jul 29 16:20:38 Desktop kernel: Memory modified after free > 0xffffff0053e71800(2048) val=ffffc0de @ 0xffffff0053e71800 > Jul 29 16:20:38 Desktop kernel: Memory modified after free > 0xffffff0053e71000(2048) val=ffffc0de @ 0xffffff0053e71000 > Jul 29 16:20:38 Desktop kernel: Memory modified after free > 0xffffff0053e72800(2048) val=1900c0de @ 0xffffff0053e72800 > Jul 29 16:20:38 Desktop kernel: Memory modified after free > 0xffffff0053e72000(2048) val=1900c0de @ 0xffffff0053e72000 > Jul 29 16:20:38 Desktop kernel: Memory modified after free > 0xffffff0053e73800(2048) val=1900c0de @ 0xffffff0053e73800 > Jul 29 16:20:38 Desktop kernel: Memory modified after free > 0xffffff0053e73000(2048) val=1900c0de @ 0xffffff0053e73000 > Jul 29 16:20:38 Desktop kernel: msk0: link state changed to DOWN > Jul 29 16:20:42 Desktop kernel: msk0: link state changed to UP > Jul 29 16:20:42 Desktop kernel: msk0: link state changed to DOWN > Jul 29 16:20:46 Desktop kernel: msk0: link state changed to UP > Jul 29 16:20:49 Desktop dhclient[1092]: connection closed > Jul 29 16:20:49 Desktop dhclient[1092]: exiting. > Jul 29 16:20:49 Desktop kernel: msk0: link state changed to DOWN > Jul 29 16:20:53 Desktop kernel: msk0: link state changed to UP > Jul 29 16:20:57 Desktop kernel: msk0: link state changed to DOWN > Jul 29 16:20:57 Desktop dhclient: New IP Address (msk0): 192.168.1.4 > Jul 29 16:20:57 Desktop dhclient: New Subnet Mask (msk0): 255.255.255.0 > Jul 29 16:20:57 Desktop dhclient: New Broadcast Address (msk0): > 192.168.1.255 > Jul 29 16:20:57 Desktop dhclient: New Routers (msk0): 192.168.1.1 > Jul 29 16:21:01 Desktop kernel: msk0: link state changed to UP > Jul 29 16:21:07 Desktop dhclient[1126]: connection closed > Jul 29 16:21:07 Desktop dhclient[1126]: exiting. > Jul 29 16:21:18 Desktop kernel: msk0: link state changed to DOWN > Jul 29 16:21:21 Desktop kernel: msk0: link state changed to UP > Jul 29 16:21:21 Desktop kernel: msk0: link state changed to DOWN > Jul 29 16:21:26 Desktop kernel: msk0: link state changed to UP > Jul 29 16:21:29 Desktop kernel: msk0: link state changed to DOWN > Jul 29 16:21:29 Desktop dhclient: New IP Address (msk0): 192.168.1.4 > Jul 29 16:21:29 Desktop dhclient: New Subnet Mask (msk0): 255.255.255.0 > Jul 29 16:21:29 Desktop dhclient: New Broadcast Address (msk0): > 192.168.1.255 > Jul 29 16:21:29 Desktop dhclient: New Routers (msk0): 192.168.1.1 > Jul 29 16:21:33 Desktop kernel: msk0: link state changed to UP > > Network card: > kernel: mskc0: port 0x9c00-0x9cff > mem 0xfdcfc000-0xfdcfffff irq 16 at device 0.0 on pci3 > kerrnel: msk0: 0x02> on mskc0 > I guess you're the first one reported 'memory modified free' issue. I've never seen these warnings except inital driver development stage. Would you show me verbosed boot messages related with msk(4) and phy drivers? -- Regards, Pyun YongHyeon From owner-freebsd-net@FreeBSD.ORG Mon Jul 30 10:38:28 2007 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5A66716A469; Mon, 30 Jul 2007 10:38:28 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 334BF13C47E; Mon, 30 Jul 2007 10:38:28 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (gavin@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l6UAcSEk038837; Mon, 30 Jul 2007 10:38:28 GMT (envelope-from gavin@freefall.freebsd.org) Received: (from gavin@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l6UAcRrc038833; Mon, 30 Jul 2007 10:38:27 GMT (envelope-from gavin) Date: Mon, 30 Jul 2007 10:38:27 GMT Message-Id: <200707301038.l6UAcRrc038833@freefall.freebsd.org> To: jojo@matfyz.cz, gavin@FreeBSD.org, freebsd-i386@FreeBSD.org, freebsd-net@FreeBSD.org From: gavin@FreeBSD.org Cc: Subject: Re: i386/70832: [re] re0: watchdog timeout on Evo N1015v X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jul 2007 10:38:28 -0000 Old Synopsis: [re] serious problems with RealTek NIC using re0 driver on Evo N1015v New Synopsis: [re] re0: watchdog timeout on Evo N1015v State-Changed-From-To: feedback->open State-Changed-By: gavin State-Changed-When: Mon Jul 30 10:35:58 UTC 2007 State-Changed-Why: Feedback was received Responsible-Changed-From-To: freebsd-i386->freebsd-net Responsible-Changed-By: gavin Responsible-Changed-When: Mon Jul 30 10:35:58 UTC 2007 Responsible-Changed-Why: Reassign http://www.freebsd.org/cgi/query-pr.cgi?pr=70832 From owner-freebsd-net@FreeBSD.ORG Mon Jul 30 10:59:48 2007 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 34E4416A417; Mon, 30 Jul 2007 10:59:48 +0000 (UTC) (envelope-from yongari@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 0E42513C457; Mon, 30 Jul 2007 10:59:48 +0000 (UTC) (envelope-from yongari@FreeBSD.org) Received: from freefall.freebsd.org (yongari@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l6UAxlD0039365; Mon, 30 Jul 2007 10:59:47 GMT (envelope-from yongari@freefall.freebsd.org) Received: (from yongari@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l6UAxlCH039361; Mon, 30 Jul 2007 10:59:47 GMT (envelope-from yongari) Date: Mon, 30 Jul 2007 10:59:47 GMT Message-Id: <200707301059.l6UAxlCH039361@freefall.freebsd.org> To: yongari@FreeBSD.org, freebsd-net@FreeBSD.org, yongari@FreeBSD.org From: yongari@FreeBSD.org Cc: Subject: Re: i386/70832: [re] re0: watchdog timeout on Evo N1015v X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jul 2007 10:59:48 -0000 Synopsis: [re] re0: watchdog timeout on Evo N1015v Responsible-Changed-From-To: freebsd-net->yongari Responsible-Changed-By: yongari Responsible-Changed-When: Mon Jul 30 10:59:16 UTC 2007 Responsible-Changed-Why: Grab. http://www.freebsd.org/cgi/query-pr.cgi?pr=70832 From owner-freebsd-net@FreeBSD.ORG Mon Jul 30 11:08:28 2007 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9580D16A480 for ; Mon, 30 Jul 2007 11:08:28 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 8785413C48E for ; Mon, 30 Jul 2007 11:08:28 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l6UB8S17040688 for ; Mon, 30 Jul 2007 11:08:28 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l6UB8RPH040684 for freebsd-net@FreeBSD.org; Mon, 30 Jul 2007 11:08:27 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 30 Jul 2007 11:08:27 GMT Message-Id: <200707301108.l6UB8RPH040684@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jul 2007 11:08:28 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/38554 net changing interface ipaddress doesn't seem to work s kern/39937 net ipstealth issue s kern/81147 net [net] [patch] em0 reinitialization while adding aliase o kern/92552 net A serious bug in most network drivers from 5.X to 6.X s kern/95665 net [if_tun] "ping: sendto: No buffer space available" wit s kern/105943 net Network stack may modify read-only mbuf chain copies o kern/106316 net [dummynet] dummynet with multipass ipfw drops packets o kern/108542 net [bce]: Huge network latencies with 6.2-RELEASE / STABL o kern/109406 net [ndis] Broadcom WLAN driver 4.100.15.5 doesn't work wi o kern/110959 net [ipsec] Filtering incoming packets with enc0 does not o kern/112528 net [nfs] NFS over TCP under load hangs with "impossible p o kern/112686 net [patm] patm driver freezes System (FreeBSD 6.2-p4) i38 o kern/112722 net IP v4 udp fragmented packet reject o kern/113359 net [ipv6] panic sbdrop after ICMP6, packet too big o kern/113457 net [ipv6] deadlock occurs if a tunnel goes down while the o kern/113842 net [ipv6] PF_INET6 proto domain state can't be cleared wi o kern/114714 net [gre][patch] gre(4) is not MPSAFE and does not support o kern/114839 net [fxp] fxp looses ability to speak with traffic 18 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/23063 net [PATCH] for static ARP tables in rc.network s bin/41647 net ifconfig(8) doesn't accept lladdr along with inet addr o kern/54383 net [nfs] [patch] NFS root configurations without dynamic s kern/60293 net FreeBSD arp poison patch o kern/95267 net packet drops periodically appear f kern/95277 net [netinet] [patch] IP Encapsulation mask_match() return o kern/100519 net [netisr] suggestion to fix suboptimal network polling o kern/102035 net [plip] plip networking disables parallel port printing o conf/102502 net [patch] ifconfig name does't rename netgraph node in n o kern/103253 net inconsistent behaviour in arp reply of a bridge o conf/107035 net [patch] bridge interface given in rc.conf not taking a o kern/112654 net [pcn] Kernel panic upon if_pcn module load on a Netfin o kern/114095 net [carp] carp+pf delay with high state limit o kern/114915 net [patch] [pcn] pcn (sys/pci/if_pcn.c) ethernet driver f 14 problems total. From owner-freebsd-net@FreeBSD.ORG Tue Jul 31 01:20:15 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CC4E816A41A for ; Tue, 31 Jul 2007 01:20:15 +0000 (UTC) (envelope-from ik1024@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.244]) by mx1.freebsd.org (Postfix) with ESMTP id 713FA13C480 for ; Tue, 31 Jul 2007 01:20:15 +0000 (UTC) (envelope-from ik1024@gmail.com) Received: by an-out-0708.google.com with SMTP id c14so409712anc for ; Mon, 30 Jul 2007 18:20:14 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; b=STjHrwVC4MUcj+jPC4gIkL6f/vtyp2AsZt2BeT+VXh7RT07KAi5SmDcEDMiziM81wCU4yqRAm2pX3xWyKhqtMts/6c1nQEiLyJ6S/bO2ZKPvtOfJ1q2UYJXG7wny5gu4KLotTtpD5gqUpG+uLOl3vDjtkQV/OJ1mxsilvp4wB34= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=MZ/D1MWTs1DUHc97W/ZojBxfjeXgq0Dg6lEvHzQEpV5yp0GcXDWfKyRIaLUP6Yx45i+M8+bBjI9O7dt2Tf8JykBXwmWL7hv5z2pRE1YT6Sg1rkH45Z5btdTyrkfI7pSCWwyTK5mQUipDRkonbN4s08SivskudrAEWfPY506Vc2g= Received: by 10.100.191.5 with SMTP id o5mr4976797anf.1185843145845; Mon, 30 Jul 2007 17:52:25 -0700 (PDT) Received: by 10.100.163.8 with HTTP; Mon, 30 Jul 2007 17:52:25 -0700 (PDT) Message-ID: <7feb82f40707301752j2ccb235eof197fed852188bd5@mail.gmail.com> Date: Mon, 30 Jul 2007 20:52:25 -0400 From: "Isaac Kohen" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: IPSEC connection drops and doesn't recover X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jul 2007 01:20:15 -0000 Hello, I'm running 6.2-REL. My kernel is compiled with IPSEC, IPSEC_ESP, and IPSEC_DEBUG. I've installed ipsec-tools 0.6.7. I've had an openbsd ipsec/vpn gateway for several years that recently died as a result of hardware failure. I moved my configuration from isakmpd to racoon and can connect successfully to all the linksys vpn "routers" that I could connect to before. Problem is that after a few hours the connection drops and doesn't come back up until I do setkey -F and setkey -FP and restart racoon. My openbsd/isakmpd setup worked very well so I'm guessing it's not those cheap linksys boxes. I thought it was racoon at first, so I installed and ran isakmpd on freebsd using my isakmpd.conf from the openbsd box that I knew worked, but the same problem persisted. Any help would be appreciated. Here's some configuration info: # sysctl -A|egrep 'ipsec|ah|esp|net.key' net.inet.ipsec.stats: Format:S,ipsecstat Length:12448 Dump:0xb2950c00000000000000000000000000... net.inet.ipsec.esp_trans_deflev: 1 net.inet.ipsec.esp_net_deflev: 1 net.inet.ipsec.ah_trans_deflev: 1 net.inet.ipsec.ah_net_deflev: 1 net.inet.ipsec.ah_cleartos: 1 net.inet.ipsec.ah_offsetmask: 0 net.inet.ipsec.dfbit: 0 net.inet.ipsec.ecn: 1 net.inet.ipsec.debug: 1 net.inet.ipsec.esp_randpad: -1 net.key.debug: 1 net.key.spi_trycnt: 1000 net.key.spi_minval: 256 net.key.spi_maxval: 268435455 net.key.larval_lifetime: 30 net.key.blockacq_count: 0 net.key.blockacq_lifetime: 20 net.key.esp_keymin: 256 net.key.esp_auth: 0 net.key.ah_keymin: 128 net.key.preferred_oldsa: 0 net.inet6.ipsec6.stats: Format:S,ipsecstat Length:12448 Dump:0x00000000000000000000000000000000... net.inet6.ipsec6.esp_trans_deflev: 1 net.inet6.ipsec6.esp_net_deflev: 1 net.inet6.ipsec6.ah_trans_deflev: 1 net.inet6.ipsec6.ah_net_deflev: 1 net.inet6.ipsec6.ecn: 0 net.inet6.ipsec6.debug: 1 net.inet6.ipsec6.esp_randpad: -1 /etc/ipsec.conf: spdadd 192.168.1.0/24 192.168.5.0/24 any -P out ipsec esp/tunnel/68.167.79.2-69.119.56.96/require; spdadd 192.168.5.0/24 192.168.1.0/24 any -P in ipsec esp/tunnel/69.119.56.96-68.167.79.2/require; /usr/local/etc/racoon/racoon.conf (using psk): padding { maximum_length 20; # maximum padding length. randomize off; # enable randomize length. strict_check off; # enable strict check. exclusive_tail off; # extract last one octet. } listen { isakmp 68.167.79.2 [500]; } timer { counter 10; # was 5 maximum trying count to send. interval 20 sec; # maximum interval to resend. persend 1; # the number of packets per a send. phase1 30 sec; phase2 20 sec; } remote 69.119.56.96 { exchange_mode main; #doi ipsec_doi; #situation identity_only; my_identifier address 68.167.79.2; peers_identifier address 69.119.56.96; #verify_identifier on; nonce_size 16; #lifetime time 24 hour; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key ; dh_group 2 ; } } sainfo address 192.168.1.0/24 any address 192.168.5.0/24 any { pfs_group 2; #lifetime time 24 hour; encryption_algorithm 3des ; authentication_algorithm hmac_sha1; compression_algorithm deflate ; } sainfo address 192.168.5.0/24 any address 192.168.1.0/24 any { pfs_group 2; #lifetime time 24 hour; encryption_algorithm 3des ; authentication_algorithm hmac_sha1; compression_algorithm deflate ; } Jul 30 20:42:02 cj racoon: DEBUG: suitable inbound SP found: 192.168.5.0/24[0] 192.168.1.0/24[0] proto=any dir=in. Jul 30 20:42:02 cj racoon: DEBUG: new acquire 192.168.1.0/24[0] 192.168.5.0/24[0] proto=any dir=out Jul 30 20:42:02 cj racoon: DEBUG: (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0) Jul 30 20:42:02 cj racoon: DEBUG: (trns_id=3DES encklen=0 authtype=hmac-sha) Jul 30 20:42:02 cj racoon: DEBUG: configuration found for 69.119.56.96. Jul 30 20:42:02 cj racoon: DEBUG: === Jul 30 20:42:02 cj racoon: DEBUG: new cookie: 1313a61e4a85f592 Jul 30 20:42:02 cj racoon: DEBUG: add payload of len 48, next type 13 Jul 30 20:42:02 cj racoon: DEBUG: add payload of len 16, next type 0 Jul 30 20:42:02 cj racoon: DEBUG: 100 bytes from 68.167.79.2[500] to 69.119.56.96[500] Jul 30 20:42:02 cj racoon: DEBUG: sockname 68.167.79.2[500] Jul 30 20:42:02 cj racoon: DEBUG: send packet from 68.167.79.2[500] Jul 30 20:42:02 cj racoon: DEBUG: send packet to 69.119.56.96[500] Jul 30 20:42:09 cj racoon: DEBUG: get pfkey ACQUIRE message Jul 30 20:42:09 cj racoon: DEBUG2: 02060003 2f000000 6a030000 00000000 03000500 ff200000 10020000 44a74fe2 00000000 00000000 03000600 ff200000 10020000 45773860 00000000 00000000 02001200 02000200 88400000 00000000 25000d00 20000000 00070000 00000000 0001c001 00000000 01000000 01000000 00000000 00000000 00000000 00000000 000e0100 00000000 80510100 00000000 005a0000 00000000 80700000 00000000 000b0000 00000000 00010008 00000000 01000000 01000000 00000000 00000000 00000000 00000000 000e0100 00000000 80510100 00000000 005a0000 00000000 80700000 00000000 000c0000 00000000 00010001 00000000 01000000 01000000 00000000 00000000 00000000 00000000 000e0100 00000000 80510100 00000000 005a0000 00000000 80700000 00000000 00fa0000 00000000 00012001 00000000 01000000 01000000 00000000 00000000 00000000 00000000 000e0100 00000000 80510100 00000000 005a0000 00000000 80700000 00000000 Jul 30 20:42:09 cj racoon: DEBUG: ignore the acquire because ph2 found Jul 30 20:42:14 cj racoon: DEBUG: get pfkey ACQUIRE message Jul 30 20:42:14 cj racoon: DEBUG2: 02060003 2f000000 6a030000 00000000 03000500 ff200000 10020000 44a74fe2 00000000 00000000 03000600 ff200000 10020000 45773860 00000000 00000000 02001200 02000200 88400000 00000000 25000d00 20000000 00070000 00000000 0001c001 00000000 01000000 01000000 00000000 00000000 00000000 00000000 000e0100 00000000 80510100 00000000 005a0000 00000000 80700000 00000000 000b0000 00000000 00010008 00000000 01000000 01000000 00000000 00000000 00000000 00000000 000e0100 00000000 80510100 00000000 005a0000 00000000 80700000 00000000 000c0000 00000000 00010001 00000000 01000000 01000000 00000000 00000000 00000000 00000000 000e0100 00000000 80510100 00000000 005a0000 00000000 80700000 00000000 00fa0000 00000000 00012001 00000000 01000000 01000000 00000000 00000000 00000000 00000000 000e0100 00000000 80510100 00000000 005a0000 00000000 80700000 00000000 Jul 30 20:42:14 cj racoon: DEBUG: ignore the acquire because ph2 found Jul 30 20:42:18 cj racoon: DEBUG: get pfkey ACQUIRE message Jul 30 20:42:18 cj racoon: DEBUG2: 02060003 2f000000 6a030000 00000000 03000500 ff200000 10020000 44a74fe2 00000000 00000000 03000600 ff200000 10020000 45773860 00000000 00000000 02001200 02000200 88400000 00000000 25000d00 20000000 00070000 00000000 0001c001 00000000 01000000 01000000 00000000 00000000 00000000 00000000 000e0100 00000000 80510100 00000000 005a0000 00000000 80700000 00000000 000b0000 00000000 00010008 00000000 01000000 01000000 00000000 00000000 00000000 00000000 000e0100 00000000 80510100 00000000 005a0000 00000000 80700000 00000000 000c0000 00000000 00010001 00000000 01000000 01000000 00000000 00000000 00000000 00000000 000e0100 00000000 80510100 00000000 005a0000 00000000 80700000 00000000 00fa0000 00000000 00012001 00000000 01000000 01000000 00000000 00000000 00000000 00000000 000e0100 00000000 80510100 00000000 005a0000 00000000 80700000 00000000 Jul 30 20:42:18 cj racoon: DEBUG: ignore the acquire because ph2 found Jul 30 20:42:22 cj racoon: DEBUG: 100 bytes from 68.167.79.2[500] to 69.119.56.96[500] Jul 30 20:42:22 cj racoon: DEBUG: sockname 68.167.79.2[500] Jul 30 20:42:22 cj racoon: DEBUG: send packet from 68.167.79.2[500] Jul 30 20:42:22 cj racoon: DEBUG: send packet to 69.119.56.96[500] Jul 30 20:42:22 cj racoon: DEBUG: 1 times of 100 bytes message will be sent to 69.119.56.96[500] Jul 30 20:42:22 cj racoon: DEBUG: 1313a61e 4a85f592 00000000 00000000 01100200 00000000 00000064 0d000034 00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c7080 80010005 80030001 80020002 80040002 00000014 afcad713 68a1f1c9 6b8696fc 77570100 Jul 30 20:42:22 cj racoon: DEBUG: resend phase1 packet 1313a61e4a85f592:0000000000000000 Jul 30 20:42:24 cj racoon: DEBUG: get pfkey ACQUIRE message Jul 30 20:42:24 cj racoon: DEBUG2: 02060003 2f000000 6b030000 00000000 03000500 ff200000 10020000 44a74fe2 00000000 00000000 03000600 ff200000 10020000 45773860 00000000 00000000 02001200 02000200 88400000 00000000 25000d00 20000000 00070000 00000000 0001c001 00000000 01000000 01000000 00000000 00000000 00000000 00000000 000e0100 00000000 80510100 00000000 005a0000 00000000 80700000 00000000 000b0000 00000000 00010008 00000000 01000000 01000000 00000000 00000000 00000000 00000000 000e0100 00000000 80510100 00000000 005a0000 00000000 80700000 00000000 000c0000 00000000 00010001 00000000 01000000 01000000 00000000 00000000 00000000 00000000 000e0100 00000000 80510100 00000000 005a0000 00000000 80700000 00000000 00fa0000 00000000 00012001 00000000 01000000 01000000 00000000 00000000 00000000 00000000 000e0100 00000000 80510100 00000000 005a0000 00000000 80700000 00000000 Jul 30 20:42:24 cj racoon: DEBUG: ignore the acquire because ph2 found From owner-freebsd-net@FreeBSD.ORG Tue Jul 31 02:53:50 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 51A5416A417 for ; Tue, 31 Jul 2007 02:53:50 +0000 (UTC) (envelope-from fbsd-net@mawer.org) Received: from webmail.icp-qv1-irony3.iinet.net.au (webmail.icp-qv1-irony3.iinet.net.au [203.59.1.108]) by mx1.freebsd.org (Postfix) with ESMTP id C61FF13C46A for ; Tue, 31 Jul 2007 02:53:49 +0000 (UTC) (envelope-from fbsd-net@mawer.org) Received: from unknown (HELO [10.24.1.1]) ([203.206.173.235]) by outbound.icp-qv1-irony-out1.iinet.net.au with ESMTP; 31 Jul 2007 10:24:28 +0800 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgAAAOE5rkbLzq3r/2dsb2JhbAAN X-IronPort-AV: i="4.19,201,1183305600"; d="scan'208"; a="170840393:sNHT1104363666" Message-ID: <46AE9D28.6000801@mawer.org> Date: Tue, 31 Jul 2007 12:23:36 +1000 From: Antony Mawer User-Agent: Thunderbird 2.0.0.5 (Windows/20070716) MIME-Version: 1.0 To: Isaac Kohen References: <7feb82f40707301752j2ccb235eof197fed852188bd5@mail.gmail.com> In-Reply-To: <7feb82f40707301752j2ccb235eof197fed852188bd5@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: IPSEC connection drops and doesn't recover X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jul 2007 02:53:50 -0000 On 31/07/2007 10:52 AM, Isaac Kohen wrote: > I'm running 6.2-REL. My kernel is compiled with IPSEC, IPSEC_ESP, and > IPSEC_DEBUG. I've installed ipsec-tools 0.6.7. > > I've had an openbsd ipsec/vpn gateway for several years that recently died > as a result of hardware failure. I moved my configuration from isakmpd to > racoon > and can connect successfully to all the linksys vpn "routers" that I could > connect to before. Problem is that after a few hours the connection drops > and doesn't come back up until I do setkey -F and setkey -FP and restart > racoon. My openbsd/isakmpd setup worked very well so I'm guessing it's not > those cheap linksys boxes. > > I thought it was racoon at first, so I installed and ran isakmpd on freebsd > using my isakmpd.conf from the openbsd box that I knew worked, but the same > problem persisted. Another "me too" -- we have been running an IPSEC link between FreeBSD 6.2-RELEASE gateway and a Billion 7404VGO VPN router. The VPN link itself operates fine, but frequently the connection drops and we have to go through a song-and-dance of restarting racoon, the VPN router, etc trying to get it back up and running. I haven't got around to tracking down the exact sequence necessary to bring it back up and running, but eventually after restarting everything we manage to get things operating again (until the next time). I will try and find some more details when I get the opportunity... --Antony From owner-freebsd-net@FreeBSD.ORG Tue Jul 31 07:26:52 2007 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8799816A417; Tue, 31 Jul 2007 07:26:52 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 5D7B713C45A; Tue, 31 Jul 2007 07:26:52 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from freefall.freebsd.org (remko@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l6V7QqCp031196; Tue, 31 Jul 2007 07:26:52 GMT (envelope-from remko@freefall.freebsd.org) Received: (from remko@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l6V7QqRI031192; Tue, 31 Jul 2007 07:26:52 GMT (envelope-from remko) Date: Tue, 31 Jul 2007 07:26:52 GMT Message-Id: <200707310726.l6V7QqRI031192@freefall.freebsd.org> To: remko@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-net@FreeBSD.org From: remko@FreeBSD.org Cc: Subject: Re: kern/21998: [socket] [patch] ident only for outgoing connections X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jul 2007 07:26:52 -0000 Synopsis: [socket] [patch] ident only for outgoing connections Responsible-Changed-From-To: freebsd-bugs->freebsd-net Responsible-Changed-By: remko Responsible-Changed-When: Tue Jul 31 07:26:51 UTC 2007 Responsible-Changed-Why: This sounds more NET related, reassign. http://www.freebsd.org/cgi/query-pr.cgi?pr=21998 From owner-freebsd-net@FreeBSD.ORG Tue Jul 31 09:00:23 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 76ADF16A417 for ; Tue, 31 Jul 2007 09:00:23 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 2FA9113C457 for ; Tue, 31 Jul 2007 09:00:23 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 5B58841C66D; Tue, 31 Jul 2007 11:00:21 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id gvX2EFZNG9Gw; Tue, 31 Jul 2007 11:00:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id D979541C693; Tue, 31 Jul 2007 11:00:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 94905444885; Tue, 31 Jul 2007 08:58:53 +0000 (UTC) Date: Tue, 31 Jul 2007 08:58:53 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Antony Mawer In-Reply-To: <46AE9D28.6000801@mawer.org> Message-ID: <20070731085626.R31116@maildrop.int.zabbadoz.net> References: <7feb82f40707301752j2ccb235eof197fed852188bd5@mail.gmail.com> <46AE9D28.6000801@mawer.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org, Isaac Kohen Subject: Re: IPSEC connection drops and doesn't recover X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jul 2007 09:00:23 -0000 On Tue, 31 Jul 2007, Antony Mawer wrote: Hi, > On 31/07/2007 10:52 AM, Isaac Kohen wrote: >> I'm running 6.2-REL. My kernel is compiled with IPSEC, IPSEC_ESP, and >> IPSEC_DEBUG. I've installed ipsec-tools 0.6.7. >> >> I've had an openbsd ipsec/vpn gateway for several years that recently died >> as a result of hardware failure. I moved my configuration from isakmpd to >> racoon >> and can connect successfully to all the linksys vpn "routers" that I could >> connect to before. Problem is that after a few hours the connection drops >> and doesn't come back up until I do setkey -F and setkey -FP and restart >> racoon. My openbsd/isakmpd setup worked very well so I'm guessing it's not >> those cheap linksys boxes. >> >> I thought it was racoon at first, so I installed and ran isakmpd on freebsd >> using my isakmpd.conf from the openbsd box that I knew worked, but the same >> problem persisted. > > Another "me too" -- we have been running an IPSEC link between FreeBSD > 6.2-RELEASE gateway and a Billion 7404VGO VPN router. The VPN link itself > operates fine, but frequently the connection drops and we have to go through > a song-and-dance of restarting racoon, the VPN router, etc trying to get it > back up and running. > > I haven't got around to tracking down the exact sequence necessary to bring > it back up and running, but eventually after restarting everything we manage > to get things operating again (until the next time). > > I will try and find some more details when I get the opportunity... The situation might change if you do a: sysctl net.key.preferred_oldsa=0 -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right the first time. From owner-freebsd-net@FreeBSD.ORG Tue Jul 31 10:03:33 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8DA5916A417 for ; Tue, 31 Jul 2007 10:03:33 +0000 (UTC) (envelope-from gergely.czuczy@harmless.hu) Received: from marvin.harmless.hu (marvin.harmless.hu [195.56.55.204]) by mx1.freebsd.org (Postfix) with ESMTP id 1431C13C469 for ; Tue, 31 Jul 2007 10:03:33 +0000 (UTC) (envelope-from gergely.czuczy@harmless.hu) Received: from localhost (marvin-mail [192.168.0.2]) by marvin.harmless.hu (Postfix) with ESMTP id B0ECB7C14DA; Tue, 31 Jul 2007 12:03:31 +0200 (CEST) X-Virus-Scanned: by amavisd-new-2.4.2 (20060627) (Debian) at harmless.hu Received: from marvin.harmless.hu ([192.168.0.2]) by localhost (marvin.harmless.hu [192.168.0.2]) (amavisd-new, port 10024) with ESMTP id X5ttIe3ROsG9; Tue, 31 Jul 2007 12:03:31 +0200 (CEST) Received: from marvin.harmless.hu (localhost [127.0.0.1]) by marvin.harmless.hu (Postfix) with ESMTP id 4FABB7C14D9; Tue, 31 Jul 2007 12:03:15 +0200 (CEST) Date: Tue, 31 Jul 2007 12:03:15 +0200 From: Gergely CZUCZY To: Markus Oestreicher Message-ID: <20070731100315.GA34300@harmless.hu> References: <20070727115520.GA10957@harmless.hu> <46AA7710.2070803@x-trader.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=x-unknown; protocol="application/pgp-signature"; boundary="TB36FDmn/VVEgNH/" Content-Disposition: inline In-Reply-To: <46AA7710.2070803@x-trader.de> User-Agent: mutt-ng/devel-r804 (FreeBSD) Cc: "freebsd-net@freebsd.org" Subject: Re: more interrupts with polling(4) on em(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jul 2007 10:03:33 -0000 --TB36FDmn/VVEgNH/ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jul 28, 2007 at 12:52:00AM +0200, Markus Oestreicher wrote: > Gergely CZUCZY schrieb: > >Good morning, > >I've noticed 33K interrupts/sec on an em(4) gigabit interface on > >a box. This many interrupts seemed a bit too high, so I thought > >I should enable polling(4). After enabling it i've got 55K per > >second, even higher. > >I've just done "ifconfig em1 polling", and by this the number > >of interrupts increased. >=20 >=20 > How does vmstat -i look like before and after? lvs1:~# ifconfig em0 -polling; sleep 5; vmstat -i ;ifconfig em0 polling; sl= eep 5; vmstat -i (without polling on em0) interrupt total rate irq14: ata0 60 0 irq15: ata1 1 0 irq16: uhci0 twe0 2507 1 irq17: fxp0 4922443 1987 irq18: em0 3302239 1333 cpu0: timer 4952925 1999 Total 13180175 5321 (with polling on em0) interrupt total rate irq14: ata0 60 0 irq15: ata1 1 0 irq16: uhci0 twe0 2508 1 irq17: fxp0 4965974 2000 irq18: em0 3302338 1330 cpu0: timer 4962989 1999 Total 13233870 5331 Sincerely, Gergely Czuczy mailto: gergely.czuczy@harmless.hu --=20 Weenies test. Geniuses solve problems that arise. --TB36FDmn/VVEgNH/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) owHdVb+P3EQUPhKBIkuA8gcEPZKCi7LeG3vWt7s+XUK4gyQcUYq7CBGqWfvZnpw9 48yM925TQEtBgZBooAgdFQoFQgJRUtBAQcMfgPgbKOF577ws6A5dzRSr9Xvve78+ +5uPnj+/cu7iz199/e61Dz/+7Jkvn/tl0qsa51TuV8JMpfIDxgKfDzhjfsh9jqNU jIYTnqZJkEXDN55e+G1LK4fK+XuzGmNweOjW6lJItQFJIYxFt9m4zB95Xdy2tLW2 0kmtYpCqlAoXvj0jlM3Q+K+rRKdS5TE8arTD1K+NVE5MSvS8ewp2hevBm00J4agH IWNDEA6CMI7CmLGbd+EaI2MP7gqz31i4h9YZlEmBBg4MpYu963ALTY7lDLYe3N96 8A7YpDASJ63n+i2tU6i0UdRArzXceWWKoLSTCabA+Q617dCYpnZ2zWICWoFQgNXq 4CrkMhcT6Y5CMpEgedscAib6sA97hbRQCTVbygEWsaLMFEJApzUUMi96YDXcAVfo Ji/cvA2w9FCmgKrdBNS6pO3lVLUPNzPKduQgE7QNtE3n2kEU7UCNps1AzWqV9gCn qOZF0PQXAz5srINUK4TLMqO4TOY0U9CVudyjIVOYzKglmsEVtJKmmhwl1tnyPFIl BoXFlJJvhuz4B27rA8qPFqaVdUSYL6HUeh9KuY8wwUwbnJcQ7Sw3vHJqg/i9K7DU DAP/uJsNsCViDdHGUraNf4QuRW56/471vNUD2e7WdXEtiwS76i0GgVOP006Ux/+N cOhJ8ygYxPQWCnY6CtaXnGyOieaY4D8wsOQ8wqzH0BSJZOAO8KRqYUTfw9/wOWYY Q3ZYn9LbYByGgwHvAOPRcI4ZxfM1nnw4Z2HIxx2Gc+4ldcNIAGRFL+IpdaJwHEaL OuOxt7e0yJNOwIMRC4YdJuJhcMzc/5G20RL8LLStR+PhoIMzxs5GG+ddHaKNnYW2 9XA8WlB9NtraKsOui4hzom2XZAENaW7P8xbq+7hJHs+8SsjS6RjyI3M/mZtfpfuj KtHaftF4nu+3KvI2opIkIY40vU8irmRj6dHqkhSsNpp0sWrFiT5yYaTFvvfBjfPP rrQXVXfNXTz3wicrT6pPd36arH7/4x/9L17Kbr944df7+XcrT5L3f3hLv/zN9ueX 6j9/f2370tO1b3f/Ag== =r93p -----END PGP SIGNATURE----- --TB36FDmn/VVEgNH/-- From owner-freebsd-net@FreeBSD.ORG Tue Jul 31 10:25:07 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B0CED16A419 for ; Tue, 31 Jul 2007 10:25:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 65F9A13C45A for ; Tue, 31 Jul 2007 10:25:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 03CDC41C693; Tue, 31 Jul 2007 12:25:06 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id axOdajPR7DCL; Tue, 31 Jul 2007 12:25:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id A53F241C6A7; Tue, 31 Jul 2007 12:25:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id CB4FB444885; Tue, 31 Jul 2007 10:23:42 +0000 (UTC) Date: Tue, 31 Jul 2007 10:23:42 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Antony Mawer In-Reply-To: <20070731085626.R31116@maildrop.int.zabbadoz.net> Message-ID: <20070731102148.N31116@maildrop.int.zabbadoz.net> References: <7feb82f40707301752j2ccb235eof197fed852188bd5@mail.gmail.com> <46AE9D28.6000801@mawer.org> <20070731085626.R31116@maildrop.int.zabbadoz.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org, Isaac Kohen Subject: Re: IPSEC connection drops and doesn't recover X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jul 2007 10:25:07 -0000 On Tue, 31 Jul 2007, Bjoern A. Zeeb wrote: > On Tue, 31 Jul 2007, Antony Mawer wrote: > > Hi, > >> On 31/07/2007 10:52 AM, Isaac Kohen wrote: >>> I'm running 6.2-REL. My kernel is compiled with IPSEC, IPSEC_ESP, and >>> IPSEC_DEBUG. I've installed ipsec-tools 0.6.7. >>> >>> I've had an openbsd ipsec/vpn gateway for several years that recently died >>> as a result of hardware failure. I moved my configuration from isakmpd to >>> racoon >>> and can connect successfully to all the linksys vpn "routers" that I could >>> connect to before. Problem is that after a few hours the connection drops >>> and doesn't come back up until I do setkey -F and setkey -FP and restart >>> racoon. My openbsd/isakmpd setup worked very well so I'm guessing it's not >>> those cheap linksys boxes. >>> >>> I thought it was racoon at first, so I installed and ran isakmpd on >>> freebsd >>> using my isakmpd.conf from the openbsd box that I knew worked, but the >>> same >>> problem persisted. >> >> Another "me too" -- we have been running an IPSEC link between FreeBSD >> 6.2-RELEASE gateway and a Billion 7404VGO VPN router. The VPN link itself >> operates fine, but frequently the connection drops and we have to go >> through a song-and-dance of restarting racoon, the VPN router, etc trying >> to get it back up and running. >> >> I haven't got around to tracking down the exact sequence necessary to bring >> it back up and running, but eventually after restarting everything we >> manage to get things operating again (until the next time). >> >> I will try and find some more details when I get the opportunity... > > > The situation might change if you do a: > sysctl net.key.preferred_oldsa=0 My colleague just told me that I wrote =0. Most of the cheap appliances for some reason seem to require =1 which, of course leads to trouble, if one side reboots for example. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right the first time. From owner-freebsd-net@FreeBSD.ORG Tue Jul 31 10:53:36 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 55C9C16A417 for ; Tue, 31 Jul 2007 10:53:36 +0000 (UTC) (envelope-from vanhu@zeninc.net) Received: from smtp.zeninc.net (reverse-25.fdn.fr [80.67.176.25]) by mx1.freebsd.org (Postfix) with ESMTP id D1DEF13C428 for ; Tue, 31 Jul 2007 10:53:35 +0000 (UTC) (envelope-from vanhu@zeninc.net) Received: from jayce.zen.inc (jayce.zen.inc [192.168.1.7]) by smtp.zeninc.net (smtpd) with ESMTP id 5B7763F38 for ; Tue, 31 Jul 2007 12:53:32 +0200 (CEST) Received: by jayce.zen.inc (Postfix, from userid 1000) id A588B2E4AE; Tue, 31 Jul 2007 12:53:32 +0200 (CEST) Date: Tue, 31 Jul 2007 12:53:32 +0200 From: VANHULLEBUS Yvan To: freebsd-net@freebsd.org Message-ID: <20070731105332.GA1285@jayce.zen.inc> References: <7feb82f40707301752j2ccb235eof197fed852188bd5@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7feb82f40707301752j2ccb235eof197fed852188bd5@mail.gmail.com> User-Agent: All mail clients suck. This one just sucks less. Subject: Re: IPSEC connection drops and doesn't recover X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jul 2007 10:53:36 -0000 On Mon, Jul 30, 2007 at 08:52:25PM -0400, Isaac Kohen wrote: > Hello, Hi. > I'm running 6.2-REL. My kernel is compiled with IPSEC, IPSEC_ESP, and > IPSEC_DEBUG. I've installed ipsec-tools 0.6.7. [.....] > net.key.preferred_oldsa: 0 As Bjoern already said, you may resolve your problems by setting net.key.preferred_oldsa=1, but I don't think that's your actual problem (and setting it to 1 is usually a bad idea, except when you have a peer that really requires it, usually an old and/or cheap device). [....] > remote 69.119.56.96 { > exchange_mode main; > #doi ipsec_doi; > #situation identity_only; > my_identifier address 68.167.79.2; > peers_identifier address 69.119.56.96; > #verify_identifier on; > nonce_size 16; > #lifetime time 24 hour; Is lifetime really commented out in your config ??? [.....] > Jul 30 20:42:09 cj racoon: DEBUG: get pfkey ACQUIRE message Ok, you get acquires from your kernel. [....] > Jul 30 20:42:14 cj racoon: DEBUG: ignore the acquire because ph2 found That's because you got *lots* of acquires for the same peer. > Jul 30 20:42:22 cj racoon: DEBUG: 100 bytes from 68.167.79.2[500] to > 69.119.56.96[500] > Jul 30 20:42:22 cj racoon: DEBUG: sockname 68.167.79.2[500] > Jul 30 20:42:22 cj racoon: DEBUG: send packet from 68.167.79.2[500] > Jul 30 20:42:22 cj racoon: DEBUG: send packet to 69.119.56.96[500] > Jul 30 20:42:22 cj racoon: DEBUG: 1 times of 100 bytes message will be sent > to 69.119.56.96[500] > Jul 30 20:42:22 cj racoon: DEBUG: 1313a61e 4a85f592 00000000 00000000 > 01100200 00000000 00000064 0d000034 00000001 00000001 00000028 01010001 > 00000020 01010000 800b0001 800c7080 80010005 80030001 80020002 80040002 > 00000014 afcad713 68a1f1c9 6b8696fc 77570100 > Jul 30 20:42:22 cj racoon: DEBUG: resend phase1 packet > 1313a61e4a85f592:0000000000000000 Racoon tries to establish a new phase1.... Wild guess: You peer negociates the first time, and it works. As you don't have lifetime specified, racoon just gets peer's lifetime. When you phase1 expires, FreeBSD will be the first who wants to negociate new SAs. When it will need to negociate an IsakmpSA, negociation will fail, probably because the peers wants a lifetime in it's proposal. Have a look at your whole debug, find the debugs when the first negociation is done, and see what could make the negociation working in one way but not in the other way. If you don't find a problem, please send your whole debug (warning, may be quite big, and will include sensitive informations if you logs DEBUG2) to ipsec-tools-users@lists.sourceforge.net, as your problem seems to really be a racoon's config problem. Yvan. -- NETASQ http://www.netasq.com From owner-freebsd-net@FreeBSD.ORG Tue Jul 31 12:07:05 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E204116A421 for ; Tue, 31 Jul 2007 12:07:05 +0000 (UTC) (envelope-from agile.quad@gmail.com) Received: from ik-out-1112.google.com (ik-out-1112.google.com [66.249.90.176]) by mx1.freebsd.org (Postfix) with ESMTP id 517E213C4A6 for ; Tue, 31 Jul 2007 12:07:05 +0000 (UTC) (envelope-from agile.quad@gmail.com) Received: by ik-out-1112.google.com with SMTP id c21so1160644ika for ; Tue, 31 Jul 2007 05:07:04 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=RqEEV7pqbJu+lNPorWot3o/igeeMBhyGYU86Mlc6si1ZX/Sht+E4xipSzMvSEONZuz+QrT4RSYYvAgF0k1ZNALTqrzal9W9t3I9c4BinNEmruNec8ctLa6RTcenIT5oP/U00axIxKdPRP6231GEqujMwX2P9sWuECwBmODhVOJE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=e5a1s6HqKR6KLa2CoOvmbWqyCepUbO8VUiIwAnOPgoNJpFy9dBiIMq8B0TDSdCgrmfHZQ1lDgDNNcrX9OptHa4mgubvJSBEscfl16gs347XpC3x/OxNLDakY0QDf4nbb/57P23ZZF3+uDS2TTPiHxR0AnT54a9y1RVPM+uqtDYE= Received: by 10.78.201.2 with SMTP id y2mr1769005huf.1185883623469; Tue, 31 Jul 2007 05:07:03 -0700 (PDT) Received: by 10.78.137.9 with HTTP; Tue, 31 Jul 2007 05:07:03 -0700 (PDT) Message-ID: Date: Tue, 31 Jul 2007 15:07:03 +0300 From: Oleg To: freebsd-net@freebsd.org In-Reply-To: MIME-Version: 1.0 References: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: reincarnation of bug kern/95665: [if_tun] "ping: sendto: No buffer space available" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jul 2007 12:07:06 -0000 2007/7/27, Oleg : > > Hi All, > > I can reproduce this bug easly with tap echo server (attached here), that > I was small reworked. > > steps (almost same): > (All ip addresses/macs hardcoded in code). > > On first machine run echo server, on second add > > root@pc2# route add -net 192.168.125.1/24 ip-addr-of-first-machine > > and > > root@pc2# ping -f -n 192.168.125.2 > > While flood pinging, on first machine run ping for checking: > > root@pc1# ping 192.168.125.2 > PING 192.168.125.2 ( 192.168.125.2): 56 data bytes > 64 bytes from 192.168.125.2 : icmp_seq=0 ttl=64 time=0.554 ms > 64 bytes from 192.168.125.2: icmp_seq=1 ttl=64 time=0.180 ms > ... > wait for a while > ... > ping: sendto: No buffer space available > ping: sendto: No buffer space available > ping: sendto: No buffer space available > > With best regards, > Oleg Dolgov. > > I find ugly solution: if in echo tap server we add select before read, all work perfectly! ... while (1) { if (select(tap_fd+1, &fd, NULL, NULL, NULL) == -1) { break; } if ((ip_pkt_len = read(tap_fd, buf, sizeof(buf))) == -1) { break; } ... ... I don't have any ideas, why this hack fix trouble.. p.s. a few more details look here http://lists.freebsd.org/pipermail/freebsd-net/2007-April/014064.html p.p.s. bug reproduce on FreeBSD 6.2-RELEASE, but can't on FreeBSD 7.0-CURRENT =/ From owner-freebsd-net@FreeBSD.ORG Tue Jul 31 16:56:17 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3AE0916A418 for ; Tue, 31 Jul 2007 16:56:17 +0000 (UTC) (envelope-from csjp@sub.vaned.net) Received: from sub.vaned.net (sub.vaned.net [205.200.235.40]) by mx1.freebsd.org (Postfix) with ESMTP id 08EE313C465 for ; Tue, 31 Jul 2007 16:56:16 +0000 (UTC) (envelope-from csjp@sub.vaned.net) Received: by sub.vaned.net (Postfix, from userid 1001) id B9C145C3B; Tue, 31 Jul 2007 11:25:15 -0500 (CDT) Date: Tue, 31 Jul 2007 11:25:15 -0500 From: "Christian S.J. Peron" To: freebsd-net@freebsd.org Message-ID: <20070731162515.GA3684@sub> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.2i Cc: rwatson@freebsd.org Subject: divert and deadlock issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jul 2007 16:56:17 -0000 Group, Robert Watson and I have been discussing some of the consequences around not having Giant picked up in the network stack for mpsafenet=0. One of the issues that kept coming up was a number of lock ordering issues around divert: Upon quick inspection I found: LOR #163 - Locking interactions between IPSEC and divert LOR #181 - Locking interactions between PFIL and divert LOR #202 - Locking interactions between Multi-cast and divert (??) LOR #203 - Locking interactions between IPFW and divert Most of these exist because the lock ordering between inbound and outbound directions are reversed. Also, the notion of inbound and outbound can be slightly complicated in some areas. Upon quick inspection of the code, it looks like all of these issues can be fixed by simply dropping the inp/divert pcb info locks over the call to ip_output(). >From ip_divert.c: [..] INP_INFO_WLOCK(&divcbinfo); inp = sotoinpcb(so); INP_LOCK(inp); /* * Don't allow both user specified and setsockopt options, * and don't allow packet length sizes that will crash */ if (((ip->ip_hl != (sizeof (*ip) >> 2)) && inp->inp_options) || ((u_short)ntohs(ip->ip_len) > m->m_pkthdr.len)) { error = EINVAL; m_freem(m); } else { /* Convert fields to host order for ip_output() */ ip->ip_len = ntohs(ip->ip_len); ip->ip_off = ntohs(ip->ip_off); /* Send packet to output processing */ ipstat.ips_rawout++; /* XXX */ #ifdef MAC mac_create_mbuf_from_inpcb(inp, m); #endif error = ip_output(m, inp->inp_options, NULL, ((so->so_options & SO_DONTROUTE) ? IP_ROUTETOIF : 0) | IP_ALLOWBROADCAST | IP_RAWOUTPUT, inp->inp_moptions, NULL); } INP_UNLOCK(inp); INP_INFO_WUNLOCK(&divcbinfo); [..] One idea was to duplicate the socket options mbuf and pass in a NULL pointer for the multi-cast options. Keep in mind that these are multicast options associated with a divert socket. So I guess the questions: (1) Are there any users that are specifying multicast options on divert sockets? (2) Are there any users that are specifying socket options in general for divert sockets? Any feedback would be greatly appreciated. Thanks -- Christian S.J. Peron csjp@FreeBSD.ORG FreeBSD Committer From owner-freebsd-net@FreeBSD.ORG Tue Jul 31 18:08:10 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0238816A41A for ; Tue, 31 Jul 2007 18:08:10 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outJ.internet-mail-service.net (outJ.internet-mail-service.net [216.240.47.233]) by mx1.freebsd.org (Postfix) with ESMTP id CB98313C46B for ; Tue, 31 Jul 2007 18:08:09 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Tue, 31 Jul 2007 11:08:09 -0700 Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id E6067125B6F; Tue, 31 Jul 2007 11:08:08 -0700 (PDT) Message-ID: <46AF7AB1.2070805@elischer.org> Date: Tue, 31 Jul 2007 11:08:49 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.5 (Macintosh/20070716) MIME-Version: 1.0 To: "Christian S.J. Peron" References: <20070731162515.GA3684@sub> In-Reply-To: <20070731162515.GA3684@sub> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, rwatson@freebsd.org Subject: Re: divert and deadlock issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jul 2007 18:08:10 -0000 Christian S.J. Peron wrote: > Group, > > Robert Watson and I have been discussing some of the consequences around not > having Giant picked up in the network stack for mpsafenet=0. One of the > issues that kept coming up was a number of lock ordering issues around divert: > > Upon quick inspection I found: > > LOR #163 - Locking interactions between IPSEC and divert > LOR #181 - Locking interactions between PFIL and divert > LOR #202 - Locking interactions between Multi-cast and divert (??) > LOR #203 - Locking interactions between IPFW and divert > > Most of these exist because the lock ordering between inbound and outbound > directions are reversed. Also, the notion of inbound and outbound can be > slightly complicated in some areas. Upon quick inspection of the code, > it looks like all of these issues can be fixed by simply dropping the > inp/divert pcb info locks over the call to ip_output(). > >>From ip_divert.c: > > [..] > > INP_INFO_WLOCK(&divcbinfo); > inp = sotoinpcb(so); > INP_LOCK(inp); > /* > * Don't allow both user specified and setsockopt options, > * and don't allow packet length sizes that will crash > */ > if (((ip->ip_hl != (sizeof (*ip) >> 2)) && inp->inp_options) || > ((u_short)ntohs(ip->ip_len) > m->m_pkthdr.len)) { > error = EINVAL; > m_freem(m); > } else { > /* Convert fields to host order for ip_output() */ > ip->ip_len = ntohs(ip->ip_len); > ip->ip_off = ntohs(ip->ip_off); > > /* Send packet to output processing */ > ipstat.ips_rawout++; /* XXX */ > > #ifdef MAC > mac_create_mbuf_from_inpcb(inp, m); > #endif > error = ip_output(m, > inp->inp_options, NULL, > ((so->so_options & SO_DONTROUTE) ? > IP_ROUTETOIF : 0) | > IP_ALLOWBROADCAST | IP_RAWOUTPUT, > inp->inp_moptions, NULL); > } > INP_UNLOCK(inp); > INP_INFO_WUNLOCK(&divcbinfo); > [..] > > One idea was to duplicate the socket options mbuf and pass in a NULL pointer > for the multi-cast options. Keep in mind that these are multicast options > associated with a divert socket. > > So I guess the questions: > > (1) Are there any users that are specifying multicast options on divert sockets? > (2) Are there any users that are specifying socket options in general for > divert sockets? who added the code? has it always been there? > > Any feedback would be greatly appreciated. > > Thanks > From owner-freebsd-net@FreeBSD.ORG Tue Jul 31 18:24:34 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7869B16A41A for ; Tue, 31 Jul 2007 18:24:34 +0000 (UTC) (envelope-from bms@incunabulum.net) Received: from out2.smtp.messagingengine.com (out2.smtp.messagingengine.com [66.111.4.26]) by mx1.freebsd.org (Postfix) with ESMTP id A9E4913C442 for ; Tue, 31 Jul 2007 18:24:32 +0000 (UTC) (envelope-from bms@incunabulum.net) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id 72FFCBC93; Tue, 31 Jul 2007 14:24:29 -0400 (EDT) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by compute1.internal (MEProxy); Tue, 31 Jul 2007 14:24:30 -0400 X-Sasl-enc: rGKN61a6Dd43Oojs3BnFAoZidjhm/zxF47O5M/zLDKYC 1185906269 Received: from [192.168.123.18] (82-35-112-254.cable.ubr07.dals.blueyonder.co.uk [82.35.112.254]) by mail.messagingengine.com (Postfix) with ESMTP id 2E54A50BF; Tue, 31 Jul 2007 14:24:29 -0400 (EDT) Message-ID: <46AF7E57.5020209@incunabulum.net> Date: Tue, 31 Jul 2007 19:24:23 +0100 From: "Bruce M. Simpson" User-Agent: Thunderbird 1.5.0.12 (Windows/20070509) MIME-Version: 1.0 To: "Christian S.J. Peron" References: <20070731162515.GA3684@sub> In-Reply-To: <20070731162515.GA3684@sub> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, rwatson@freebsd.org Subject: Re: divert and deadlock issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jul 2007 18:24:34 -0000 Christian S.J. Peron wrote: > ... > One idea was to duplicate the socket options mbuf and pass in a NULL pointer > for the multi-cast options. Keep in mind that these are multicast options > associated with a divert socket. > > So I guess the questions: > > (1) Are there any users that are specifying multicast options on divert sockets? > (2) Are there any users that are specifying socket options in general for > divert sockets? > The LOR is obviously being triggered by ip_output()'s acquisition of in_multi_mtx, due to a datagram being sent to a multicast destination and a subsequent lookup being required. I can't think of a reason why a user would wish to supply any multicast socket options to a divert socket, other than the 'small' ones, i.e. IP_MULTICAST_TTL/IF/LOOP/VIF. See the comments about idempotence inside in_mcast.c on the HEAD branch, about why you can't just wish them away. It seems reasonable that this subset of the multicast options are supported for divert sockets given the likely use cases, even if IPPROTO_DIVERT supports IP_HDRINCL, because IP_MULTICAST_TTL does not do what you think it does (see in_mcast.c comments again). Joining groups on a divert socket SHOULD NOT be supported (it does not make sense semantically) and we should deliberately return EINVAL for multicast options other than the above subset. Dropping the inpcb lock over ip_output() looks like the easy option. Alternatively, we could just not support multicast options on divert sockets given that it is a rare use case as per above. BMS From owner-freebsd-net@FreeBSD.ORG Tue Jul 31 20:42:07 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7363016A417; Tue, 31 Jul 2007 20:42:07 +0000 (UTC) (envelope-from csjp@sub.vaned.net) Received: from sub.vaned.net (sub.vaned.net [205.200.235.40]) by mx1.freebsd.org (Postfix) with ESMTP id 3F67F13C45E; Tue, 31 Jul 2007 20:42:07 +0000 (UTC) (envelope-from csjp@sub.vaned.net) Received: by sub.vaned.net (Postfix, from userid 1001) id 93FF15C3B; Tue, 31 Jul 2007 15:41:56 -0500 (CDT) Date: Tue, 31 Jul 2007 15:41:56 -0500 From: "Christian S.J. Peron" To: "Bruce M. Simpson" Message-ID: <20070731204156.GA7614@sub> References: <20070731162515.GA3684@sub> <46AF7E57.5020209@incunabulum.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <46AF7E57.5020209@incunabulum.net> User-Agent: Mutt/1.4.2.2i Cc: freebsd-net@freebsd.org, rwatson@freebsd.org, "Christian S.J. Peron" Subject: Re: divert and deadlock issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jul 2007 20:42:07 -0000 On Tue, Jul 31, 2007 at 07:24:23PM +0100, Bruce M. Simpson wrote: [..] > > The LOR is obviously being triggered by ip_output()'s acquisition of > in_multi_mtx, due to a datagram being sent to a multicast destination > and a subsequent lookup being required. > This makes sense. > I can't think of a reason why a user would wish to supply any multicast > socket options to a divert socket, other than the 'small' ones, i.e. > IP_MULTICAST_TTL/IF/LOOP/VIF. > Why would these options ever be set on the divert socket itself though? To me it would make sense if these options were set on the network socket that originally sent the multicast packet itself. -- Christian S.J. Peron csjp@FreeBSD.ORG FreeBSD Committer From owner-freebsd-net@FreeBSD.ORG Tue Jul 31 22:00:16 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0850D16A418 for ; Tue, 31 Jul 2007 22:00:16 +0000 (UTC) (envelope-from mav@freebsd.org) Received: from mail.alkar.net (mail.alkar.net [195.248.191.95]) by mx1.freebsd.org (Postfix) with ESMTP id 8555E13C46B for ; Tue, 31 Jul 2007 22:00:15 +0000 (UTC) (envelope-from mav@freebsd.org) Received: from [212.86.226.226] (HELO [192.168.3.2]) by mail.alkar.net (CommuniGate Pro SMTP 5.1.10) with ESMTPS id 819071430 for freebsd-net@freebsd.org; Wed, 01 Aug 2007 01:00:13 +0300 Message-ID: <46AFB0EC.6080106@freebsd.org> Date: Wed, 01 Aug 2007 01:00:12 +0300 From: Alexander Motin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: FreeBSD Net Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Working MPPC compression for FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jul 2007 22:00:16 -0000 Hi. Using Jan Dubiec Linux patches I have implemented replacement for the HiFn's proprietary MPPC compression/decompression library to be used with ng_mppc netgraph node. Due to some US patents held by HiFn and their license limitation it is impossible to include it's sources to the base system tree. But if you are not a US citizen you can use it on your own risk: http://mavhome.dp.ua/MPPC/ -- Alexander Motin From owner-freebsd-net@FreeBSD.ORG Tue Jul 31 22:25:22 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5F8CA16A417; Tue, 31 Jul 2007 22:25:22 +0000 (UTC) (envelope-from bms@incunabulum.net) Received: from out2.smtp.messagingengine.com (out2.smtp.messagingengine.com [66.111.4.26]) by mx1.freebsd.org (Postfix) with ESMTP id 330AF13C45D; Tue, 31 Jul 2007 22:25:22 +0000 (UTC) (envelope-from bms@incunabulum.net) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id 23376B43A; Tue, 31 Jul 2007 18:25:20 -0400 (EDT) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by compute1.internal (MEProxy); Tue, 31 Jul 2007 18:25:21 -0400 X-Sasl-enc: pyYwRSnSE09O/8joa2sjtAyJvQVDBt0glvGezQeicvR8 1185920720 Received: from [192.168.123.18] (82-35-112-254.cable.ubr07.dals.blueyonder.co.uk [82.35.112.254]) by mail.messagingengine.com (Postfix) with ESMTP id 942B2511B; Tue, 31 Jul 2007 18:25:19 -0400 (EDT) Message-ID: <46AFB6C9.20401@incunabulum.net> Date: Tue, 31 Jul 2007 23:25:13 +0100 From: "Bruce M. Simpson" User-Agent: Thunderbird 1.5.0.12 (Windows/20070509) MIME-Version: 1.0 To: "Christian S.J. Peron" References: <20070731162515.GA3684@sub> <46AF7E57.5020209@incunabulum.net> <20070731204156.GA7614@sub> In-Reply-To: <20070731204156.GA7614@sub> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, rwatson@freebsd.org Subject: Re: divert and deadlock issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jul 2007 22:25:22 -0000 Christian S.J. Peron wrote: >> I can't think of a reason why a user would wish to supply any multicast >> socket options to a divert socket, other than the 'small' ones, i.e. >> IP_MULTICAST_TTL/IF/LOOP/VIF. >> > > Why would these options ever be set on the divert socket itself though? > To me it would make sense if these options were set on the network > socket that originally sent the multicast packet itself. > They shouldn't be necessary, however I can foresee situations where someone might well want to redirect multicast datagrams traversing an IPPROTO_DIVERT socket, by using these socket options. [Recall that FreeBSD's IPv4 stack currently uses the destination address as the sole primary key for lookups in the forwarding information base's radix trie.] This is however very unlikely, so my last suggestion, that multicast options be deprecated or forbidden for IPPROTO_DIVERT sockets, stands. Kind regards BMS From owner-freebsd-net@FreeBSD.ORG Tue Jul 31 22:34:08 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 75C7816A418 for ; Tue, 31 Jul 2007 22:34:08 +0000 (UTC) (envelope-from sam@errno.com) Received: from ebb.errno.com (ebb.errno.com [69.12.149.25]) by mx1.freebsd.org (Postfix) with ESMTP id 38FF313C458 for ; Tue, 31 Jul 2007 22:34:08 +0000 (UTC) (envelope-from sam@errno.com) Received: from trouble.errno.com (trouble.errno.com [10.0.0.248]) (authenticated bits=0) by ebb.errno.com (8.13.6/8.12.6) with ESMTP id l6VMY761000234 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 31 Jul 2007 15:34:07 -0700 (PDT) (envelope-from sam@errno.com) Message-ID: <46AFBA06.3060905@errno.com> Date: Tue, 31 Jul 2007 15:39:02 -0700 From: Sam Leffler User-Agent: Thunderbird 2.0.0.0 (X11/20070530) MIME-Version: 1.0 To: Alexander Motin References: <46AFB0EC.6080106@freebsd.org> In-Reply-To: <46AFB0EC.6080106@freebsd.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Net Subject: Re: Working MPPC compression for FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jul 2007 22:34:08 -0000 Alexander Motin wrote: > Hi. > > Using Jan Dubiec Linux patches I have implemented replacement for the > HiFn's proprietary MPPC compression/decompression library to be used > with ng_mppc netgraph node. > > Due to some US patents held by HiFn and their license limitation it is > impossible to include it's sources to the base system tree. But if you > are not a US citizen you can use it on your own risk: > http://mavhome.dp.ua/MPPC/ > Did you use the crypto framework? There are patches from hifn to add support for h/w crypto acceleration to the hifn driver and the crypto framework. Sam From owner-freebsd-net@FreeBSD.ORG Tue Jul 31 23:22:03 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 41A2116A421 for ; Tue, 31 Jul 2007 23:22:03 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outL.internet-mail-service.net (outL.internet-mail-service.net [216.240.47.235]) by mx1.freebsd.org (Postfix) with ESMTP id 2264313C49D for ; Tue, 31 Jul 2007 23:22:03 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Tue, 31 Jul 2007 16:22:01 -0700 Received: from julian-mac.elischer.org (nat.ironport.com [63.251.108.100]) by idiom.com (Postfix) with ESMTP id ED9F9125AED; Tue, 31 Jul 2007 16:22:00 -0700 (PDT) Message-ID: <46AFC441.2070502@elischer.org> Date: Tue, 31 Jul 2007 16:22:41 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.5 (Macintosh/20070716) MIME-Version: 1.0 To: "Bruce M. Simpson" References: <20070731162515.GA3684@sub> <46AF7E57.5020209@incunabulum.net> <20070731204156.GA7614@sub> <46AFB6C9.20401@incunabulum.net> In-Reply-To: <46AFB6C9.20401@incunabulum.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, rwatson@freebsd.org, "Christian S.J. Peron" Subject: Re: divert and deadlock issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jul 2007 23:22:03 -0000 Bruce M. Simpson wrote: > Christian S.J. Peron wrote: >>> I can't think of a reason why a user would wish to supply any >>> multicast socket options to a divert socket, other than the 'small' >>> ones, i.e. IP_MULTICAST_TTL/IF/LOOP/VIF. >>> >> >> Why would these options ever be set on the divert socket itself though? >> To me it would make sense if these options were set on the network >> socket that originally sent the multicast packet itself. >> > They shouldn't be necessary, however I can foresee situations where > someone might well want to redirect multicast datagrams traversing an > IPPROTO_DIVERT socket, by using these socket options. [Recall that > FreeBSD's IPv4 stack currently uses the destination address as the sole > primary key for lookups in the forwarding information base's radix trie.] > > This is however very unlikely, so my last suggestion, that multicast > options be deprecated or forbidden for IPPROTO_DIVERT sockets, stands. Originally we wanted a way to be able to inject any kind of ip packet that could be generated, because the aim was to allow a user agent to do arbitrary processing on packets. however to be really correct, a divert injection should occur at teh position of the firewall where diversion occurs but there is no way to do that and anyhow they need to get some of the internal state added to them before they get there, so puting them in via ip_output seemed the way to go. I've never had much to do with multicast, so I'm not sure if it makes sense to inject there, but if you wanted to divert multicast packets and change them slightly, and then reinject them, it would be a blow to discover that you couldn't. > > Kind regards > BMS > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Wed Aug 1 00:19:19 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5515616A418; Wed, 1 Aug 2007 00:19:19 +0000 (UTC) (envelope-from csjp@sub.vaned.net) Received: from sub.vaned.net (sub.vaned.net [205.200.235.40]) by mx1.freebsd.org (Postfix) with ESMTP id 1C46913C428; Wed, 1 Aug 2007 00:19:18 +0000 (UTC) (envelope-from csjp@sub.vaned.net) Received: by sub.vaned.net (Postfix, from userid 1001) id 3DF9B5C3B; Tue, 31 Jul 2007 19:19:08 -0500 (CDT) Date: Tue, 31 Jul 2007 19:19:08 -0500 From: "Christian S.J. Peron" To: Julian Elischer Message-ID: <20070801001908.GA8822@sub> References: <20070731162515.GA3684@sub> <46AF7E57.5020209@incunabulum.net> <20070731204156.GA7614@sub> <46AFB6C9.20401@incunabulum.net> <46AFC441.2070502@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <46AFC441.2070502@elischer.org> User-Agent: Mutt/1.4.2.2i Cc: freebsd-net@freebsd.org, "Bruce M. Simpson" , rwatson@freebsd.org, "Christian S.J. Peron" Subject: Re: divert and deadlock issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 00:19:19 -0000 On Tue, Jul 31, 2007 at 04:22:41PM -0700, Julian Elischer wrote: [..] > > Originally we wanted a way to be able to inject any kind of > ip packet that could be generated, because the aim was to > allow a user agent to do arbitrary processing on packets. however > to be really correct, a divert injection should occur at teh position of > the firewall > where diversion occurs but there is no way to do that and anyhow they need > to get some of the internal state added to them before they get there, so > puting them in via ip_output seemed the way to go. > > I've never had much to do with multicast, so I'm not sure if it makes sense > to inject there, but if you wanted to divert multicast packets > and change them slightly, and then reinject them, it would be a blow > to discover that you couldn't. Well, it's still the intent to keep the ability to divert and re-inject multicast packets. This change would basically say: "You cant specify multicast options via the divert socket". Which in practice doesn't happen anyway (where I looked). I dont think we should be specifying multicast options on divert sockets. It's not the right place to be manipulating multicast parameters. Multicast parameters should be set on the sockets that originally transmitted or received the packets. I dont think divert falls into this category. -- Christian S.J. Peron csjp@FreeBSD.ORG FreeBSD Committer From owner-freebsd-net@FreeBSD.ORG Wed Aug 1 00:36:34 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1104316A469 for ; Wed, 1 Aug 2007 00:36:34 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outY.internet-mail-service.net (outY.internet-mail-service.net [216.240.47.248]) by mx1.freebsd.org (Postfix) with ESMTP id F32DE13C4B0 for ; Wed, 1 Aug 2007 00:36:33 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Tue, 31 Jul 2007 17:36:32 -0700 Received: from julian-mac.elischer.org (nat.ironport.com [63.251.108.100]) by idiom.com (Postfix) with ESMTP id 78B4F125ADA; Tue, 31 Jul 2007 17:36:32 -0700 (PDT) Message-ID: <46AFD5B9.4080602@elischer.org> Date: Tue, 31 Jul 2007 17:37:13 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.5 (Macintosh/20070716) MIME-Version: 1.0 To: "Christian S.J. Peron" References: <20070731162515.GA3684@sub> <46AF7E57.5020209@incunabulum.net> <20070731204156.GA7614@sub> <46AFB6C9.20401@incunabulum.net> <46AFC441.2070502@elischer.org> <20070801001908.GA8822@sub> In-Reply-To: <20070801001908.GA8822@sub> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, "Bruce M. Simpson" , rwatson@freebsd.org Subject: Re: divert and deadlock issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 00:36:34 -0000 Christian S.J. Peron wrote: > On Tue, Jul 31, 2007 at 04:22:41PM -0700, Julian Elischer wrote: > [..] >> Originally we wanted a way to be able to inject any kind of >> ip packet that could be generated, because the aim was to >> allow a user agent to do arbitrary processing on packets. however >> to be really correct, a divert injection should occur at teh position of >> the firewall >> where diversion occurs but there is no way to do that and anyhow they need >> to get some of the internal state added to them before they get there, so >> puting them in via ip_output seemed the way to go. >> >> I've never had much to do with multicast, so I'm not sure if it makes sense >> to inject there, but if you wanted to divert multicast packets >> and change them slightly, and then reinject them, it would be a blow >> to discover that you couldn't. > > Well, it's still the intent to keep the ability to divert and re-inject > multicast packets. This change would basically say: "You cant specify > multicast options via the divert socket". Which in practice doesn't > happen anyway (where I looked). > > I dont think we should be specifying multicast options on divert sockets. > It's not the right place to be manipulating multicast parameters. Multicast > parameters should be set on the sockets that originally transmitted or > received the packets. I dont think divert falls into this category. > ok if you can divert out a multicast packet, fix something in it, and then reinject it, and have it DTRT then that's fine. From owner-freebsd-net@FreeBSD.ORG Wed Aug 1 02:19:44 2007 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4CCF416A419 for ; Wed, 1 Aug 2007 02:19:44 +0000 (UTC) (envelope-from brett@lariat.net) Received: from lariat.net (lariat.net [66.119.58.2]) by mx1.freebsd.org (Postfix) with ESMTP id D299913C48A for ; Wed, 1 Aug 2007 02:19:43 +0000 (UTC) (envelope-from brett@lariat.net) Received: from anne-o1dpaayth1.lariat.org (IDENT:ppp1000.lariat.net@lariat.net [66.119.58.2]) by lariat.net (8.9.3/8.9.3) with ESMTP id UAA24373 for ; Tue, 31 Jul 2007 20:19:38 -0600 (MDT) Message-Id: <200708010219.UAA24373@lariat.net> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Tue, 31 Jul 2007 20:19:34 -0600 To: net@freebsd.org From: Brett Glass Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Cc: Subject: Creating a "non-bridge" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 02:19:44 -0000 I'd like to create what might be called a "non-bridge" on a FreeBSD machine. I'd like to put two Ethernet interfaces on the machine which have the same IP address and subnet, and use those interfaces to communicate with clients. However, I do not want the clients on one interface to be able to send packets through to the clients on the other interface. Why would I want to do a thing like this? Well, as you probably know, wireless access points often have a "client isolation" option which allows the clients to talk to the AP (and the Internet) but not to one another. This is a good thing, because it prevents users of the wireless LAN from hacking one another; each of them can only see what's "upstream" of the access point. I have a situation where I need to put up more than one AP, on the same subnet, behind a FreeBSD machine which will be serving as an Internet gateway. I'd plug both APs into a switch and connect the switch to the FreeBSD machine, but if I did this, the access points' "client isolation" feature would not be sufficient to isolate all of the clients from one another. Each AP would isolate its OWN clients from one another, but would let each of them communicate with ALL of the clients on the other AP! My first idea of how to solve this problem is to set the FreeBSD machine up as a bridge, but then block all packets that try to go in one Ethernet interface and out the other. But will this work? Will the FreeBSD machine know which interface to use to communicate with each client, and only send packets for each one out of the appropriate interface? Also, is there a way to do this without putting the interfaces into promiscuous mode (which slows things down considerably)? After all, since the FreeBSD machine is acting as a gateway, it should really only look at packets that are addressed to it. --Brett Glass From owner-freebsd-net@FreeBSD.ORG Wed Aug 1 02:32:01 2007 Return-Path: Delivered-To: net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2A45616A41B for ; Wed, 1 Aug 2007 02:32:01 +0000 (UTC) (envelope-from brett@lariat.net) Received: from lariat.net (lariat.net [66.119.58.2]) by mx1.freebsd.org (Postfix) with ESMTP id 5B66A13C459 for ; Wed, 1 Aug 2007 02:32:00 +0000 (UTC) (envelope-from brett@lariat.net) Received: from anne-o1dpaayth1.lariat.org (IDENT:ppp1000.lariat.net@lariat.net [66.119.58.2]) by lariat.net (8.9.3/8.9.3) with ESMTP id UAA24580; Tue, 31 Jul 2007 20:31:55 -0600 (MDT) Message-Id: <200708010231.UAA24580@lariat.net> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Tue, 31 Jul 2007 20:31:50 -0600 To: Andrew Thompson From: Brett Glass In-Reply-To: <20070801022602.GA63924@heff.fud.org.nz> References: <200708010219.UAA24373@lariat.net> <20070801022602.GA63924@heff.fud.org.nz> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Cc: net@FreeBSD.org Subject: Re: Creating a "non-bridge" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 02:32:01 -0000 Andrew: I will try it. Can you tell me whether this feature takes the interfaces out of promiscuous mode (which bridging normally turns on)? Also, will this feature be MFC'ed into 6-STABLE? --Brett Glass At 08:26 PM 7/31/2007, Andrew Thompson wrote: >Such good timing, such a feature was committed a mere two hours ago. >Please see if this suits your needs. > >http://lists.freebsd.org/pipermail/cvs-src/2007-August/081029.html From owner-freebsd-net@FreeBSD.ORG Wed Aug 1 02:39:38 2007 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C564916A480 for ; Wed, 1 Aug 2007 02:39:38 +0000 (UTC) (envelope-from thompsa@FreeBSD.org) Received: from heff.fud.org.nz (203-109-251-39.static.bliink.ihug.co.nz [203.109.251.39]) by mx1.freebsd.org (Postfix) with ESMTP id 5CE1313C46E for ; Wed, 1 Aug 2007 02:39:38 +0000 (UTC) (envelope-from thompsa@FreeBSD.org) Received: by heff.fud.org.nz (Postfix, from userid 1001) id DA41C1CC58; Wed, 1 Aug 2007 14:26:02 +1200 (NZST) Date: Wed, 1 Aug 2007 14:26:02 +1200 From: Andrew Thompson To: Brett Glass Message-ID: <20070801022602.GA63924@heff.fud.org.nz> References: <200708010219.UAA24373@lariat.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200708010219.UAA24373@lariat.net> User-Agent: Mutt/1.5.13 (2006-08-11) Cc: net@freebsd.org Subject: Re: Creating a "non-bridge" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 02:39:38 -0000 On Tue, Jul 31, 2007 at 08:19:34PM -0600, Brett Glass wrote: > I'd like to create what might be called a "non-bridge" on a FreeBSD machine. I'd like to put two Ethernet interfaces on the machine which have the same IP address and subnet, and use those interfaces to communicate with clients. However, I do not want the clients on one interface to be able to send packets through to the clients on the other interface. > Such good timing, such a feature was committed a mere two hours ago. Please see if this suits your needs. http://lists.freebsd.org/pipermail/cvs-src/2007-August/081029.html > Why would I want to do a thing like this? Well, as you probably know, wireless access points often have a "client isolation" option which allows the clients to talk to the AP (and the Internet) but not to one another. This is a good thing, because it prevents users of the wireless LAN from hacking one another; each of them can only see what's "upstream" of the access point. > > I have a situation where I need to put up more than one AP, on the same subnet, behind a FreeBSD machine which will be serving as an Internet gateway. I'd plug both APs into a switch and connect the switch to the FreeBSD machine, but if I did this, the access points' "client isolation" feature would not be sufficient to isolate all of the clients from one another. Each AP would isolate its OWN clients from one another, but would let each of them communicate with ALL of the clients on the other AP! > > My first idea of how to solve this problem is to set the FreeBSD machine up as a bridge, but then block all packets that try to go in one Ethernet interface and out the other. But will this work? Will the FreeBSD machine know which interface to use to communicate with each client, and only send packets for each one out of the appropriate interface? Also, is there a way to do this without putting the interfaces into promiscuous mode (which slows things down considerably)? After all, since the FreeBSD machine is acting as a gateway, it should really only look at packets that are addressed to it. > > --Brett Glass > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Wed Aug 1 06:17:53 2007 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4684A16A481 for ; Wed, 1 Aug 2007 06:17:53 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outS.internet-mail-service.net (outS.internet-mail-service.net [216.240.47.242]) by mx1.freebsd.org (Postfix) with ESMTP id 282D513C4F3 for ; Wed, 1 Aug 2007 06:17:53 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Tue, 31 Jul 2007 23:07:20 -0700 Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id 9DC19125AE6; Tue, 31 Jul 2007 23:07:19 -0700 (PDT) Message-ID: <46B02341.9010803@elischer.org> Date: Tue, 31 Jul 2007 23:08:01 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.5 (Macintosh/20070716) MIME-Version: 1.0 To: Brett Glass References: <200708010219.UAA24373@lariat.net> In-Reply-To: <200708010219.UAA24373@lariat.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: net@freebsd.org Subject: Re: Creating a "non-bridge" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 06:17:53 -0000 Brett Glass wrote: > I'd like to create what might be called a "non-bridge" on a FreeBSD > machine. I'd like to put two Ethernet interfaces on the machine which > have the same IP address and subnet, and use those interfaces to > communicate with clients. However, I do not want the clients on one > interface to be able to send packets through to the clients on the > other interface. possibly you could just bridge them together but use ipfw on the bridge to enforce isolation. OR you could possibly make a netgraph version of that.. > > Why would I want to do a thing like this? Well, as you probably know, > wireless access points often have a "client isolation" option which > allows the clients to talk to the AP (and the Internet) but not to > one another. This is a good thing, because it prevents users of the > wireless LAN from hacking one another; each of them can only see > what's "upstream" of the access point. > > I have a situation where I need to put up more than one AP, on the > same subnet, behind a FreeBSD machine which will be serving as an > Internet gateway. I'd plug both APs into a switch and connect the > switch to the FreeBSD machine, but if I did this, the access points' > "client isolation" feature would not be sufficient to isolate all of > the clients from one another. Each AP would isolate its OWN clients > from one another, but would let each of them communicate with ALL of > the clients on the other AP! > > My first idea of how to solve this problem is to set the FreeBSD > machine up as a bridge, but then block all packets that try to go in > one Ethernet interface and out the other. But will this work? Will > the FreeBSD machine know which interface to use to communicate with > each client, and only send packets for each one out of the > appropriate interface? Also, is there a way to do this without > putting the interfaces into promiscuous mode (which slows things down > considerably)? After all, since the FreeBSD machine is acting as a > gateway, it should really only look at packets that are addressed to > it. you can't really avoid the promiscuous mode part if you use bridging... A specific netgraph configuration might be able to do it but it's need some work. Another possibility is to use freebsd 4 and apply the vimage patches to make 3 virtual machines. (or 7.0 and use the current vimage patches that Marko has brewing up in perforce) > > --Brett Glass > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, > send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Wed Aug 1 06:25:47 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 395C816A417 for ; Wed, 1 Aug 2007 06:25:47 +0000 (UTC) (envelope-from mav@freebsd.org) Received: from mail.alkar.net (mail.alkar.net [195.248.191.95]) by mx1.freebsd.org (Postfix) with ESMTP id B4A7113C45A for ; Wed, 1 Aug 2007 06:25:46 +0000 (UTC) (envelope-from mav@freebsd.org) Received: from [212.86.226.226] (HELO [192.168.3.2]) by mail.alkar.net (CommuniGate Pro SMTP 5.1.10) with ESMTPS id 819430691; Wed, 01 Aug 2007 09:25:45 +0300 Message-ID: <46B02768.1080601@freebsd.org> Date: Wed, 01 Aug 2007 09:25:44 +0300 From: Alexander Motin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Sam Leffler References: <46AFB0EC.6080106@freebsd.org> <46AFBA06.3060905@errno.com> In-Reply-To: <46AFBA06.3060905@errno.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Net Subject: Re: Working MPPC compression for FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 06:25:47 -0000 Sam Leffler wrote: >> Using Jan Dubiec Linux patches I have implemented replacement for the >> HiFn's proprietary MPPC compression/decompression library to be used >> with ng_mppc netgraph node. >> > Did you use the crypto framework? There are patches from hifn to add > support for h/w crypto acceleration to the hifn driver and the crypto > framework. No, it's just direct software implementation in ng_mppc which was made years ago but was unusable due to lack of that HiFn library. I have no HiFn card for working on crypto. One man have promised to give it to me for some time, so if I will have one I will try to make its support. -- Alexander Motin From owner-freebsd-net@FreeBSD.ORG Wed Aug 1 08:31:30 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 213F816A418 for ; Wed, 1 Aug 2007 08:31:30 +0000 (UTC) (envelope-from Susan.Lan@zyxel.com.tw) Received: from zyfb01-66.zyxel.com.tw (zyfb01-66.zyxel.com.tw [59.124.183.66]) by mx1.freebsd.org (Postfix) with ESMTP id BFF8213C457 for ; Wed, 1 Aug 2007 08:31:29 +0000 (UTC) (envelope-from Susan.Lan@zyxel.com.tw) Received: from zytwbe01.zyxel.com ([172.23.5.10]) by zyfb01-66.zyxel.com.tw with Microsoft SMTPSVC(6.0.3790.1830); Wed, 1 Aug 2007 16:31:27 +0800 Received: from zytwfe01.ZyXEL.com ([172.23.5.5]) by zytwbe01.zyxel.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 1 Aug 2007 16:31:27 +0800 Received: from [172.23.17.155] ([172.23.17.155]) by zytwfe01.ZyXEL.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 1 Aug 2007 16:31:27 +0800 Message-ID: <46B044E9.50404@zyxel.com.tw> Date: Wed, 01 Aug 2007 16:31:37 +0800 From: blue User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 01 Aug 2007 08:31:27.0613 (UTC) FILETIME=[5A8122D0:01C7D416] Subject: IPsec AH tunneling pakcet mis-handling? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 08:31:30 -0000 Dear all: I do not know the purpose of the following codes in the very beginning in ip6_input(): #ifdef IPSEC /* * should the inner packet be considered authentic? * see comment in ah4_input(). */ if (m) { m->m_flags &= ~M_AUTHIPHDR; m->m_flags &= ~M_AUTHIPDGM; } #endif Consider the case: a packet is encrypted as AH tunneled, and FreeBSD is the end point of the tunnel. After it tore off the outer IPv6 header, the mbuf will be inserted to NETISR again. Then ip6_forward() will be called again to process the packet. However, in ipsec6_in_reject(), the packet's source and destination will match the SP entry. Since ip6_input() has truned off the flag M_AUTHIPHDR and M_AUTHIPDGM, the packet will be dropped. I don't think with the codes AH tunnel could work properly. Best regards, Yi-Wen From owner-freebsd-net@FreeBSD.ORG Wed Aug 1 12:04:23 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EF49A16A417 for ; Wed, 1 Aug 2007 12:04:22 +0000 (UTC) (envelope-from ik1024@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.245]) by mx1.freebsd.org (Postfix) with ESMTP id AD0E613C45A for ; Wed, 1 Aug 2007 12:04:22 +0000 (UTC) (envelope-from ik1024@gmail.com) Received: by an-out-0708.google.com with SMTP id c14so40565anc for ; Wed, 01 Aug 2007 05:04:22 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=N9TdjYl62nYAe8zg4XCgz0EtSimUpjae4elG8hxcL/7/UVHFHIUARfpQzi2V7WzW7Cx4WmNXxU3UN6iWEDAk1YNk0//RBZbFYgEeua7Nc9FgWV9Lt1p3LGKULJIScLJcJ9Un/gBWTSKjSFPEk3oHh1Zbvtc/iDZSGSymXv2lU3Y= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=BnxTeJiZucdsZgy5DQVZTfe63ryXf2RrYueLssilmTxymbsEKf9aRJACKqbZkGYBjdurhosSwGbdX6wYkmz5duljShm0nui/Xr3v8H6VIj217eCPJ2JQclV2a2P1OEZvc9OT8Nhlx5LwUYa3o9i6wHwp2/QjS3oldhHCjM5PPx8= Received: by 10.100.3.20 with SMTP id 20mr328710anc.1185969862005; Wed, 01 Aug 2007 05:04:22 -0700 (PDT) Received: by 10.100.163.8 with HTTP; Wed, 1 Aug 2007 05:04:21 -0700 (PDT) Message-ID: <7feb82f40708010504y75ab3cc9i4a31b41a765c0af4@mail.gmail.com> Date: Wed, 1 Aug 2007 08:04:21 -0400 From: "Isaac Kohen" To: freebsd-net@freebsd.org In-Reply-To: <7feb82f40707311129n66c149c0k6f106acd6e7b8d5@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <7feb82f40707301752j2ccb235eof197fed852188bd5@mail.gmail.com> <20070731105332.GA1285@jayce.zen.inc> <7feb82f40707311129n66c149c0k6f106acd6e7b8d5@mail.gmail.com> Subject: Re: IPSEC connection drops and doesn't recover X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 12:04:23 -0000 I get these in dmesg-- does it mean anything? IPv4 ESP input: no key association found for spi 94246771 IPv4 ESP input: no key association found for spi 94246771 IPv4 ESP input: no key association found for spi 94246771 IPv4 ESP input: no key association found for spi 94246771 IPv4 ESP input: no key association found for spi 94246771 IPv4 ESP input: no key association found for spi 94246771 IPv4 ESP input: no key association found for spi 94246771 IPv4 ESP input: no key association found for spi 94246771 IPv4 ESP input: no key association found for spi 94246771 IPv4 ESP input: no key association found for spi 94246771 Thanks very much for the input. Still no go, however. I've tried the sysctl setting, specifying the same lifetime on both ends, and switching all from main to aggressive mode. Some connections died after ~5 hours. I've also tried specifying proposal_check obey. Any ideas? On 7/31/07, VANHULLEBUS Yvan wrote: > > On Mon, Jul 30, 2007 at 08:52:25PM -0400, Isaac Kohen wrote: > > > Hello, > > > > Hi. > > > > > > > I'm running 6.2-REL. My kernel is compiled with IPSEC, IPSEC_ESP, and > > > IPSEC_DEBUG. I've installed ipsec-tools 0.6.7. > > [.....] > > > net.key.preferred_oldsa: 0 > > > > As Bjoern already said, you may resolve your problems by setting > > net.key.preferred_oldsa=1, but I don't think that's your actual > > problem (and setting it to 1 is usually a bad idea, except when you > > have a peer that really requires it, usually an old and/or cheap > > device). > > > > > > [....] > > > remote 69.119.56.96 { > > > exchange_mode main; > > > #doi ipsec_doi; > > > #situation identity_only; > > > my_identifier address 68.167.79.2; > > > peers_identifier address 69.119.56.96; > > > #verify_identifier on; > > > nonce_size 16; > > > #lifetime time 24 hour; > > > > Is lifetime really commented out in your config ??? > > > > > > [.....] > > > Jul 30 20:42:09 cj racoon: DEBUG: get pfkey ACQUIRE message > > > > Ok, you get acquires from your kernel. > > > > [....] > > > Jul 30 20:42:14 cj racoon: DEBUG: ignore the acquire because ph2 found > > > > That's because you got *lots* of acquires for the same peer. > > > > > > > Jul 30 20:42:22 cj racoon: DEBUG: 100 bytes from 68.167.79.2[500] to > > > 69.119.56.96[500] > > > Jul 30 20:42:22 cj racoon: DEBUG: sockname 68.167.79.2[500] > > > Jul 30 20:42:22 cj racoon: DEBUG: send packet from 68.167.79.2[500] > > > Jul 30 20:42:22 cj racoon: DEBUG: send packet to 69.119.56.96[500] > > > Jul 30 20:42:22 cj racoon: DEBUG: 1 times of 100 bytes message will be sent > > > to 69.119.56.96[500] > > > Jul 30 20:42:22 cj racoon: DEBUG: 1313a61e 4a85f592 00000000 00000000 > > > 01100200 00000000 00000064 0d000034 00000001 00000001 00000028 01010001 > > > 00000020 01010000 800b0001 800c7080 80010005 80030001 80020002 80040002 > > > 00000014 afcad713 68a1f1c9 6b8696fc 77570100 > > > Jul 30 20:42:22 cj racoon: DEBUG: resend phase1 packet > > > 1313a61e4a85f592:0000000000000000 > > > > Racoon tries to establish a new phase1.... > > > > Wild guess: > > You peer negociates the first time, and it works. > > As you don't have lifetime specified, racoon just gets peer's > > lifetime. > > > > When you phase1 expires, FreeBSD will be the first who wants to > > negociate new SAs. When it will need to negociate an IsakmpSA, > > negociation will fail, probably because the peers wants a lifetime in > > it's proposal. > > > > Have a look at your whole debug, find the debugs when the first > > negociation is done, and see what could make the negociation working > > in one way but not in the other way. > > > > > > If you don't find a problem, please send your whole debug (warning, > > may be quite big, and will include sensitive informations if you logs > > DEBUG2) to ipsec-tools-users@lists.sourceforge.net, as your problem > > seems to really be a racoon's config problem. > > > > > > > > Yvan. > > > > -- > > NETASQ > > http://www.netasq.com > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to " freebsd-net-unsubscribe@freebsd.org" > > > > From owner-freebsd-net@FreeBSD.ORG Wed Aug 1 12:29:25 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 706DC16A41F for ; Wed, 1 Aug 2007 12:29:25 +0000 (UTC) (envelope-from wawa@yandex-team.ru) Received: from cmail.yandex.ru (cmail.yandex.ru [213.180.193.1]) by mx1.freebsd.org (Postfix) with ESMTP id EFB1E13C46A for ; Wed, 1 Aug 2007 12:29:22 +0000 (UTC) (envelope-from wawa@yandex-team.ru) Received: from [87.250.250.1] (wawa.yandex.ru [87.250.250.1]) by cmail.yandex.ru (8.14.1/8.14.1) with ESMTP id l71CEKXH053960; Wed, 1 Aug 2007 16:14:20 +0400 (MSD) (envelope-from wawa@yandex-team.ru) Message-ID: <46B07931.3080300@yandex-team.ru> Date: Wed, 01 Aug 2007 16:14:41 +0400 From: Vladimir Ivanov Organization: Yandex LLC User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.11) Gecko/20070217 Iceape/1.0.8 (Debian-1.0.8-4) MIME-Version: 1.0 To: Jack Vogel Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms080103050509070400070906" Cc: "freebsd-net@freebsd.org" Subject: SMPable version of EM driver X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 12:29:25 -0000 This is a cryptographically signed message in MIME format. --------------ms080103050509070400070906 Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Hi, I've just published revision of EM (mainstream RELENG_6 version w/patch) driver which is being used in our company to increase network performance. The main benefit - significantly better SMP utilization. http://people.yandex-team.ru/~wawa/em-6.2.9-yandex.tar.gz. The driver should be used w/RELENG_6. Feedbacks welcome. WBR, -- Vladimir Ivanov Network Operations Center OOO "Yandex" t: +7 495 739-7000 f: +7 495 739-7070 @: noc@yandex.net (corporate) wawa@yandex-team.ru (personal) www: www.yandex.ru -- --------------ms080103050509070400070906 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGJzCC AuAwggJJoAMCAQICEA2B08GbcpEEl6Da/kpOht8wDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UE BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA3MDcwNDE1MTM0NVoX DTA4MDcwMzE1MTM0NVowRTEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEiMCAG CSqGSIb3DQEJARYTd2F3YUB5YW5kZXgtdGVhbS5ydTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBANuooNgTWqT0D35N7rdbZAAje8iyZcELUHy3Dgh6Pymm+s7RIeP8EoxTnn1o YQMFkZdthNT/j+MXl61O0zBshti+34/9m0rQzntCHDboJf9yTeA0bOqL43EdnEMlUWTEaf00 dcOySQ3fpTKiiQKqFASI1MUPDCfQQuu6ansTCpddG8fOu+zaE570aH6hoy/NRGhH8SCbcARY QxjjiddCUknclX2gz4ak+wVB4IapHNSdtRG3APj5GZY9VK7sAwjOqodcNwbQEG/Gj6j99fU3 7GYAL+x3bz9wve9YGEJ7TUPLpd582tZtiiakqurnluId4Ix1B/HSyAZnPAr5WYJZrwcCAwEA AaMwMC4wHgYDVR0RBBcwFYETd2F3YUB5YW5kZXgtdGVhbS5ydTAMBgNVHRMBAf8EAjAAMA0G CSqGSIb3DQEBBQUAA4GBABzUVmJvH3Cr++WFtTFVewG2cLZo3geMNRuT+wIPULXt59LPuSg7 ZnK04wXNC2Am5UKilWxvDS6gs6pW2ZIDHw8YttQzej7z7+Scujr9uyfxMcTxHfk826UAdadz eKYGHEvb41wokW/lZR6fMLqRzfjHLDTZM46GiXQFVSMtqCT0MIIDPzCCAqigAwIBAgIBDTAN BgkqhkiG9w0BAQUFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTES MBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UE CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBl cnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0 aGF3dGUuY29tMB4XDTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMC WkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1Ro YXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDEpjxVc1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAK MNcCY1osiRVwjt3J8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTX p6a7n2XRxSpUhQ9IBH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQIMAYB Af8CAQAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBl cnNvbmFsRnJlZW1haWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYD VQQDExFQcml2YXRlTGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2as Zw9/r6y+whehQ5aUnX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSe JVCUYsfbJ3FXJY3dqZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHT HUb/XV9lTzGCAlEwggJNAgEBMHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp bCBJc3N1aW5nIENBAhANgdPBm3KRBJeg2v5KTobfMAkGBSsOAwIaBQCggbEwGAYJKoZIhvcN AQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcwODAxMTIxNDQxWjAjBgkqhkiG 9w0BCQQxFgQU9F2QScHhWPbBYRxi85Glfg0aHVMwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG 9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcN AwICASgwDQYJKoZIhvcNAQEBBQAEggEASn/eadX981eYFMlvX3eehqdNb+awofRV4pSvHWHY lz9rmni+rJNwQJnj2sb/AxgsHQFGy5ZswKLEXOJ6SWdTBoCZB2XSCUkQlfMuDeNYU+Ns+Aeu gzLeEar1ieRj4+z7xjZGwk2+wOLrHRtoBqbKtAYHde1Luo66QUL2iDq2SP6VzD2Rx6GDChhy rua8DfOTUXXct4MvOlXUXtbkvrWzKSBo9RcN3tpqMmRXB5Uie8MGMd7oEl4nSXMTql06FhSG SELVV2CL+nbZXD2M6cf6NrA7rodw/o8jQq0B4qeDli9WRGwgBUZWjCgcTO8dSbfekgprtXtt rte7x4cPejW/ywAAAAAAAA== --------------ms080103050509070400070906-- From owner-freebsd-net@FreeBSD.ORG Wed Aug 1 14:05:33 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 28F2916A417 for ; Wed, 1 Aug 2007 14:05:33 +0000 (UTC) (envelope-from wawa@yandex-team.ru) Received: from cmail.yandex.ru (cmail.yandex.ru [213.180.193.1]) by mx1.freebsd.org (Postfix) with ESMTP id B53FF13C4E9 for ; Wed, 1 Aug 2007 14:05:32 +0000 (UTC) (envelope-from wawa@yandex-team.ru) Received: from [87.250.250.1] (wawa.yandex.ru [87.250.250.1]) by cmail.yandex.ru (8.14.1/8.14.1) with ESMTP id l71E5U3x080776 for ; Wed, 1 Aug 2007 18:05:30 +0400 (MSD) (envelope-from wawa@yandex-team.ru) Message-ID: <46B09345.8030905@yandex-team.ru> Date: Wed, 01 Aug 2007 18:05:57 +0400 From: Vladimir Ivanov Organization: Yandex LLC User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.11) Gecko/20070217 Iceape/1.0.8 (Debian-1.0.8-4) MIME-Version: 1.0 To: "freebsd-net@freebsd.org" References: <46B07931.3080300@yandex-team.ru> In-Reply-To: <46B07931.3080300@yandex-team.ru> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms090306070309010303060406" Subject: Re: SMPable version of EM driver X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 14:05:33 -0000 This is a cryptographically signed message in MIME format. --------------ms090306070309010303060406 Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Vladimir Ivanov wrote: > Hi, > > I've just published revision of EM (mainstream RELENG_6 version > w/patch) driver which is being used in our company to increase network > performance. The main benefit - significantly better SMP utilization. > > http://people.yandex-team.ru/~wawa/em-6.2.9-yandex.tar.gz. > The driver should be used w/RELENG_6. > > Feedbacks welcome. > > WBR, Don't forget to call "sysctl net.isr.direct=1" or add it to /etc/sysctl.conf Good luck :-) -- Vladimir Ivanov Network Operations Center OOO "Yandex" t: +7 495 739-7000 f: +7 495 739-7070 @: noc@yandex.net (corporate) wawa@yandex-team.ru (personal) www: www.yandex.ru -- --------------ms090306070309010303060406 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGJzCC AuAwggJJoAMCAQICEA2B08GbcpEEl6Da/kpOht8wDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UE BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA3MDcwNDE1MTM0NVoX DTA4MDcwMzE1MTM0NVowRTEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEiMCAG CSqGSIb3DQEJARYTd2F3YUB5YW5kZXgtdGVhbS5ydTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBANuooNgTWqT0D35N7rdbZAAje8iyZcELUHy3Dgh6Pymm+s7RIeP8EoxTnn1o YQMFkZdthNT/j+MXl61O0zBshti+34/9m0rQzntCHDboJf9yTeA0bOqL43EdnEMlUWTEaf00 dcOySQ3fpTKiiQKqFASI1MUPDCfQQuu6ansTCpddG8fOu+zaE570aH6hoy/NRGhH8SCbcARY QxjjiddCUknclX2gz4ak+wVB4IapHNSdtRG3APj5GZY9VK7sAwjOqodcNwbQEG/Gj6j99fU3 7GYAL+x3bz9wve9YGEJ7TUPLpd582tZtiiakqurnluId4Ix1B/HSyAZnPAr5WYJZrwcCAwEA AaMwMC4wHgYDVR0RBBcwFYETd2F3YUB5YW5kZXgtdGVhbS5ydTAMBgNVHRMBAf8EAjAAMA0G CSqGSIb3DQEBBQUAA4GBABzUVmJvH3Cr++WFtTFVewG2cLZo3geMNRuT+wIPULXt59LPuSg7 ZnK04wXNC2Am5UKilWxvDS6gs6pW2ZIDHw8YttQzej7z7+Scujr9uyfxMcTxHfk826UAdadz eKYGHEvb41wokW/lZR6fMLqRzfjHLDTZM46GiXQFVSMtqCT0MIIDPzCCAqigAwIBAgIBDTAN BgkqhkiG9w0BAQUFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTES MBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UE CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBl cnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0 aGF3dGUuY29tMB4XDTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMC WkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1Ro YXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDEpjxVc1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAK MNcCY1osiRVwjt3J8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTX p6a7n2XRxSpUhQ9IBH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQIMAYB Af8CAQAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBl cnNvbmFsRnJlZW1haWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYD VQQDExFQcml2YXRlTGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2as Zw9/r6y+whehQ5aUnX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSe JVCUYsfbJ3FXJY3dqZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHT HUb/XV9lTzGCAlEwggJNAgEBMHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp bCBJc3N1aW5nIENBAhANgdPBm3KRBJeg2v5KTobfMAkGBSsOAwIaBQCggbEwGAYJKoZIhvcN AQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcwODAxMTQwNTU3WjAjBgkqhkiG 9w0BCQQxFgQUOMhCF8j2U3/f4SX4oM9tCJJ6tj4wUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG 9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcN AwICASgwDQYJKoZIhvcNAQEBBQAEggEAu5QMlncuiPaJqACUAh3wuXykTWCVfkcUO1+FC9KO ysPYKlq5wYDsC1SXSl/s6IHoOSBwBYUHa0DuTvtf4wXY+Ym7mltJSMNu0FLoqYzbyXEzxh9G vkITQ+8YyJVOpYfq4G4i2UectvaDIh9PPs/Av12uOPHX964jObbrnz+9U/MIBS9Eobo7mtva 5iiqkoRB3C/g8LoItSU4TsXshXaOofSSyvXTCfY+5TYA7n6J3N0EjbHl8f1PgwDVpWYZYMxv 2vr+eOIBTTxXuSExg7boSlQ5cUya10pQ2CB2I7wrBFRhxU9B04OlUt/BVt7YV23cWitORdER t1g0FYebcgk5XgAAAAAAAA== --------------ms090306070309010303060406-- From owner-freebsd-net@FreeBSD.ORG Wed Aug 1 14:25:47 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A0B4016A419 for ; Wed, 1 Aug 2007 14:25:47 +0000 (UTC) (envelope-from wawa@yandex-team.ru) Received: from cmail.yandex.ru (cmail.yandex.ru [213.180.193.1]) by mx1.freebsd.org (Postfix) with ESMTP id 3969613C4A3 for ; Wed, 1 Aug 2007 14:25:46 +0000 (UTC) (envelope-from wawa@yandex-team.ru) Received: from [87.250.250.1] (wawa.yandex.ru [87.250.250.1]) by cmail.yandex.ru (8.14.1/8.14.1) with ESMTP id l71EPgH8004937; Wed, 1 Aug 2007 18:25:45 +0400 (MSD) (envelope-from wawa@yandex-team.ru) Message-ID: <46B09802.7080908@yandex-team.ru> Date: Wed, 01 Aug 2007 18:26:10 +0400 From: Vladimir Ivanov Organization: Yandex LLC User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.11) Gecko/20070217 Iceape/1.0.8 (Debian-1.0.8-4) MIME-Version: 1.0 To: Bill Marquette , freebsd-net References: <46B07931.3080300@yandex-team.ru> <55e8a96c0708010626x7a433c21hacc124c7c70af471@mail.gmail.com> In-Reply-To: <55e8a96c0708010626x7a433c21hacc124c7c70af471@mail.gmail.com> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms020504060000020105020603" Cc: Subject: Re: SMPable version of EM driver X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 14:25:47 -0000 This is a cryptographically signed message in MIME format. --------------ms020504060000020105020603 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Bill Marquette wrote: > [skip] > What type of performance differences are you seeing with these > changes? Is this with FreeBSD acting as a router/firewall, or purely > RX queue is being processed w/more than one thread. TX queue thread isn't locked with RX anymore. Extra CPU time can be used by e.g. IPFW firewall or routing and so on. Also: + RX and TX use different priority value. System seems to be more stable if RX scheduled w/less priority. + RX/TX stay masked if there is no thread ready to catch interrupt. > as a server? Any chance you are using the pf filtering engine (which > I believe is still under giant in releng_6) with this? Thanks > I have been talked that GIANT is a big problem for pf driver and they can not fix it easy. Regards, -- Vladimir Ivanov Network Operations Center OOO "Yandex" t: +7 495 739-7000 f: +7 495 739-7070 @: noc@yandex.net (corporate) wawa@yandex-team.ru (personal) www: www.yandex.ru -- --------------ms020504060000020105020603 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGJzCC AuAwggJJoAMCAQICEA2B08GbcpEEl6Da/kpOht8wDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UE BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA3MDcwNDE1MTM0NVoX DTA4MDcwMzE1MTM0NVowRTEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEiMCAG CSqGSIb3DQEJARYTd2F3YUB5YW5kZXgtdGVhbS5ydTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBANuooNgTWqT0D35N7rdbZAAje8iyZcELUHy3Dgh6Pymm+s7RIeP8EoxTnn1o YQMFkZdthNT/j+MXl61O0zBshti+34/9m0rQzntCHDboJf9yTeA0bOqL43EdnEMlUWTEaf00 dcOySQ3fpTKiiQKqFASI1MUPDCfQQuu6ansTCpddG8fOu+zaE570aH6hoy/NRGhH8SCbcARY QxjjiddCUknclX2gz4ak+wVB4IapHNSdtRG3APj5GZY9VK7sAwjOqodcNwbQEG/Gj6j99fU3 7GYAL+x3bz9wve9YGEJ7TUPLpd582tZtiiakqurnluId4Ix1B/HSyAZnPAr5WYJZrwcCAwEA AaMwMC4wHgYDVR0RBBcwFYETd2F3YUB5YW5kZXgtdGVhbS5ydTAMBgNVHRMBAf8EAjAAMA0G CSqGSIb3DQEBBQUAA4GBABzUVmJvH3Cr++WFtTFVewG2cLZo3geMNRuT+wIPULXt59LPuSg7 ZnK04wXNC2Am5UKilWxvDS6gs6pW2ZIDHw8YttQzej7z7+Scujr9uyfxMcTxHfk826UAdadz eKYGHEvb41wokW/lZR6fMLqRzfjHLDTZM46GiXQFVSMtqCT0MIIDPzCCAqigAwIBAgIBDTAN BgkqhkiG9w0BAQUFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTES MBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UE CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBl cnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0 aGF3dGUuY29tMB4XDTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMC WkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1Ro YXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDEpjxVc1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAK MNcCY1osiRVwjt3J8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTX p6a7n2XRxSpUhQ9IBH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQIMAYB Af8CAQAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBl cnNvbmFsRnJlZW1haWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYD VQQDExFQcml2YXRlTGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2as Zw9/r6y+whehQ5aUnX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSe JVCUYsfbJ3FXJY3dqZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHT HUb/XV9lTzGCAlEwggJNAgEBMHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp bCBJc3N1aW5nIENBAhANgdPBm3KRBJeg2v5KTobfMAkGBSsOAwIaBQCggbEwGAYJKoZIhvcN AQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcwODAxMTQyNjEwWjAjBgkqhkiG 9w0BCQQxFgQUCOy6wBjTY4+X2nHhUsILrdzulycwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG 9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcN AwICASgwDQYJKoZIhvcNAQEBBQAEggEAWq7CZ2j2gHnKFNOZuA1dqSljS0oglUC6fYUm0np+ lyQXFJmkV5gsEd3j/rI5HEXMSMsbStnWheiVQHhF5qKj8wdUZHzTihGcVyx29CTnI8cKtfta LkGtgBx6EQNgifdhT71Sy4gHE7mNyKAYvopb2EbLuPQEliY3Xpq/6fFmYU2F15vExFK+4xEG 0AHm4ojIM1upsQ8QW78/idVhtsd00bKh5Hwj0Bmo9XWQCs/Cm4g6UQdprURi+970s/7xjqiJ CV77fOc9WVWU1jSHOp4/hlwIJ7zR6avNKzv5Df/P1yn7/+PudKMhGWyjZhaCTtc+qVV9LNGx hZVfJa1K45KMXwAAAAAAAA== --------------ms020504060000020105020603-- From owner-freebsd-net@FreeBSD.ORG Wed Aug 1 14:34:41 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 678E216A478; Wed, 1 Aug 2007 14:34:41 +0000 (UTC) (envelope-from bms@incunabulum.net) Received: from out2.smtp.messagingengine.com (out2.smtp.messagingengine.com [66.111.4.26]) by mx1.freebsd.org (Postfix) with ESMTP id 3E42813C45D; Wed, 1 Aug 2007 14:34:41 +0000 (UTC) (envelope-from bms@incunabulum.net) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id C1A6BB7AF; Wed, 1 Aug 2007 10:34:40 -0400 (EDT) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by compute1.internal (MEProxy); Wed, 01 Aug 2007 10:34:40 -0400 X-Sasl-enc: KCW249kwnW2XPlpzq9ggNBIZDrWfchDl1q+NGE5SCQv1 1185978880 Received: from [192.168.123.18] (82-35-112-254.cable.ubr07.dals.blueyonder.co.uk [82.35.112.254]) by mail.messagingengine.com (Postfix) with ESMTP id 0D31BEB; Wed, 1 Aug 2007 10:34:39 -0400 (EDT) Message-ID: <46B099F8.5040301@incunabulum.net> Date: Wed, 01 Aug 2007 15:34:32 +0100 From: "Bruce M. Simpson" User-Agent: Thunderbird 1.5.0.12 (Windows/20070509) MIME-Version: 1.0 To: "Christian S.J. Peron" References: <20070731162515.GA3684@sub> <46AF7E57.5020209@incunabulum.net> <20070731204156.GA7614@sub> <46AFB6C9.20401@incunabulum.net> <46AFC441.2070502@elischer.org> <20070801001908.GA8822@sub> In-Reply-To: <20070801001908.GA8822@sub> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, rwatson@freebsd.org, Julian Elischer Subject: Re: divert and deadlock issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 14:34:41 -0000 Christian S.J. Peron wrote: > Well, it's still the intent to keep the ability to divert and re-inject > multicast packets. This change would basically say: "You cant specify > multicast options via the divert socket". Which in practice doesn't > happen anyway (where I looked). > > I dont think we should be specifying multicast options on divert sockets. > It's not the right place to be manipulating multicast parameters. Multicast > parameters should be set on the sockets that originally transmitted or > received the packets. I dont think divert falls into this category. > Correct. The definition of what a divert socket is and does, falls outside the definition of what a multicast socket endpoint is. Divert sockets exist to munge packets as they flow up or down the stack. If the additional complexity of treating divert sockets as multicast endpoints causes locking issues in the stack, common sense suggests we should deprecate that behaviour. BMS From owner-freebsd-net@FreeBSD.ORG Wed Aug 1 15:47:58 2007 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 72A6716A41B for ; Wed, 1 Aug 2007 15:47:58 +0000 (UTC) (envelope-from brett@lariat.net) Received: from lariat.net (lariat.net [66.119.58.2]) by mx1.freebsd.org (Postfix) with ESMTP id 0638613C461 for ; Wed, 1 Aug 2007 15:47:57 +0000 (UTC) (envelope-from brett@lariat.net) Received: from anne-o1dpaayth1.lariat.org (IDENT:ppp1000.lariat.net@lariat.net [66.119.58.2]) by lariat.net (8.9.3/8.9.3) with ESMTP id JAA07328; Wed, 1 Aug 2007 09:47:53 -0600 (MDT) Message-Id: <200708011547.JAA07328@lariat.net> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Wed, 01 Aug 2007 09:47:39 -0600 To: Julian Elischer From: Brett Glass In-Reply-To: <46B02341.9010803@elischer.org> References: <200708010219.UAA24373@lariat.net> <46B02341.9010803@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Cc: net@freebsd.org Subject: Re: Creating a "non-bridge" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 15:47:58 -0000 At 12:08 AM 8/1/2007, Julian Elischer wrote: >possibly you could just bridge them together but use ipfw on the bridge to enforce isolation. Will IPFW block ARP? IPX? Other protocols which may be either demultiplexed or "teed" within the network stack? >OR you could possibly make a netgraph version of that.. Possibly. It could be a mutation of your ng_bridge node, or a configuration option for the existing one. The man page suggests that you can connect the ng_bridge node to the raw Ethernet interfaces and present a pseudo-interface to the BSD TCP/IP stack, which means that it would be none the wiser. The disadvantage of this approach is that the routing table could not be used to figure out which interface each downstream client was on; that overhead would fall to the netgraph node. >you can't really avoid the promiscuous mode part if you use bridging... Ah, but we're not really bridging. We only accept packets that are for us. What we're really doing is giving two interfaces the same IP address and subnet mask and keeping track of which peers are on which interface. We also need to make sure that we can ARP properly. Our ARP broadcasts for that subnet need to go out of both interfaces but we do not want to pass ARP packets between them. There IS an advantage to being able to respond to ARP queries from one interface about IP addresses that are used on the other, though, because it allows OSes like Windows (which ARP their own addresses before using them) to detect conflicts and back off before causing confusion. But none of this requires promiscuous mode, because (again) you are only accepting packets for yourself. So, the hardware can do the work of rejecting packets that aren't for you. >A specific netgraph configuration might be able to do it but it's need some work. You mean, using ng_bpf nodes, ng_tee nodes, and other plumbing? Perhaps, but how would outgoing packets be sorted to the right interface? >Another possibility is to use freebsd 4 and apply the vimage patches to make 3 virtual machines. >(or 7.0 and use the current vimage patches that Marko has brewing up in perforce) Maybe. I am going to try several tactics at once. First, I'm going to try the "PRIVATE" option in bridge(4). If it works, it should be possible to patch the code take the interfaces on which this option is set out of promiscuous mode unless it's needed for tcpdump or a similar network sniffer. (Andrew, would it be possible to look into committing this as a change?) I'm also going to experiment with patches to ng_bridge and see what I can cobble together. (I do not do much with netgraph, so there will be a learning curve.) I'll reserve virtual machines as a last resort due to the overhead. --Brett From owner-freebsd-net@FreeBSD.ORG Wed Aug 1 16:23:47 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6BEC216A41A for ; Wed, 1 Aug 2007 16:23:47 +0000 (UTC) (envelope-from jfvogel@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.225]) by mx1.freebsd.org (Postfix) with ESMTP id 2D84313C45D for ; Wed, 1 Aug 2007 16:23:47 +0000 (UTC) (envelope-from jfvogel@gmail.com) Received: by nz-out-0506.google.com with SMTP id l8so100928nzf for ; Wed, 01 Aug 2007 09:23:46 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Q18ZTY5qOcvZdVm42Pxz11V1UEkEKymKoq3JWo/l8KRwgPyNAmRffIM/iUxcuDP3VL4sQAiHXFdLW9ZuVDSEBopqcRaPn5eIK2s24RT3TpBeNeSOvPzki6tb9uSN39xq013CYZJQxpiGemTrskZm9nz1uBihTrcBk+VTuMaJhSU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=fYRqjJV7GBwhFbtSDRwZ5JbK0JPfpL+ILrXDzb1aDjO+FqE0xaJLFPVSX8FzRxgY6PYUK1oLpHkjMkfHtisB8Q78yf0e9KH+uSfxa1bL+eovejunuMxxSOtP45QEhGoiggn80YUiQMsmOk9+6ixcFvpIShisW7Mnww5f1zDHM/I= Received: by 10.114.56.1 with SMTP id e1mr850029waa.1185985425547; Wed, 01 Aug 2007 09:23:45 -0700 (PDT) Received: by 10.114.103.14 with HTTP; Wed, 1 Aug 2007 09:23:45 -0700 (PDT) Message-ID: <2a41acea0708010923m7b21095ajc2ee84c37e0d5354@mail.gmail.com> Date: Wed, 1 Aug 2007 09:23:45 -0700 From: "Jack Vogel" To: "Vladimir Ivanov" In-Reply-To: <46B07931.3080300@yandex-team.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <46B07931.3080300@yandex-team.ru> Cc: "freebsd-net@freebsd.org" Subject: Re: SMPable version of EM driver X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 16:23:47 -0000 On 8/1/07, Vladimir Ivanov wrote: > Hi, > > I've just published revision of EM (mainstream RELENG_6 version w/patch) > driver which is being used in our company to increase network > performance. The main benefit - significantly better SMP utilization. > > http://people.yandex-team.ru/~wawa/em-6.2.9-yandex.tar.gz. > The driver should be used w/RELENG_6. > > Feedbacks welcome. I will take a look at what you've done as soon as I can, I have a some issues keeping me busy so it may take me a few days. Regards, Jack From owner-freebsd-net@FreeBSD.ORG Wed Aug 1 22:26:29 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E6D4A16A417; Wed, 1 Aug 2007 22:26:29 +0000 (UTC) (envelope-from csjp@sub.vaned.net) Received: from sub.vaned.net (sub.vaned.net [205.200.235.40]) by mx1.freebsd.org (Postfix) with ESMTP id 8B0ED13C458; Wed, 1 Aug 2007 22:26:29 +0000 (UTC) (envelope-from csjp@sub.vaned.net) Received: by sub.vaned.net (Postfix, from userid 1001) id 782B25C37; Wed, 1 Aug 2007 17:26:13 -0500 (CDT) Date: Wed, 1 Aug 2007 17:26:13 -0500 From: "Christian S.J. Peron" To: "Christian S.J. Peron" Message-ID: <20070801222613.GA7689@sub.vaned.net> References: <20070731162515.GA3684@sub> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="ikeVEW9yuYc//A+q" Content-Disposition: inline In-Reply-To: <20070731162515.GA3684@sub> User-Agent: Mutt/1.4.2.2i Cc: freebsd-net@freebsd.org, rwatson@freebsd.org Subject: Re: divert and deadlock issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 22:26:30 -0000 --ikeVEW9yuYc//A+q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Group, I've come up with a basic patch, here are the highlights as per our discussion: - Check for the presence of socket options, if they are present duplicate them using m_dup(9) - Drop the INP/INFO locks after duplication - Activate ip_output() with the cloned mbuf (for socket options). Also, set the multicast options to NULL - Add div_cltoutput() to handle any calls to setsockopt(2) that might be changing multicast parameters. If we see any multicast parameters, return EOPNOTSUPP (Operation Not Supported), otherwise wrap the call into ip_ctloutput() (as it was before). One portion that is missing with rwatson's netisr change. I've done some very basic testing on this end and things appear to work. If this group is OK with this patch, I would like to forward it off to current@ for some potential testers and comment. Thanks! -- Christian S.J. Peron csjp@FreeBSD.ORG FreeBSD Committer --ikeVEW9yuYc//A+q Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="ip_divert.c.1186006706.diff" Index: ip_divert.c =================================================================== RCS file: /usr/ncvs/src/sys/netinet/ip_divert.c,v retrieving revision 1.128 diff -u -r1.128 ip_divert.c --- ip_divert.c 11 May 2007 10:20:50 -0000 1.128 +++ ip_divert.c 1 Aug 2007 22:16:56 -0000 @@ -305,6 +305,7 @@ struct m_tag *mtag; struct divert_tag *dt; int error = 0; + struct mbuf *clone; /* * An mbuf may hasn't come from userland, but we pretend @@ -373,15 +374,39 @@ #ifdef MAC mac_create_mbuf_from_inpcb(inp, m); #endif - error = ip_output(m, - inp->inp_options, NULL, - ((so->so_options & SO_DONTROUTE) ? - IP_ROUTETOIF : 0) | - IP_ALLOWBROADCAST | IP_RAWOUTPUT, - inp->inp_moptions, NULL); + /* + * Get ready to inject the packet into ip_output(). + * Just in case socket options were specified on the + * divert socket, we duplicate them. This is done + * to avoid having to hold the PCB locks over the call + * to ip_output(), as doing this results in a number of + * lock ordering complexities. + * + * Note that we set the multicast options argument for + * ip_output() to NULL since it should be invariant that + * they are not present. + */ + KASSERT(inp->inp_moptions == NULL, + ("multicast options set on a divert socket")); + clone = NULL; + if (inp->inp_options != NULL) { + clone = m_dup(inp->inp_options, M_DONTWAIT); + if (clone == NULL) + error = ENOBUFS; + } + INP_UNLOCK(inp); + INP_INFO_WUNLOCK(&divcbinfo); + if (error == ENOBUFS) { + m_freem(m); + return (error); + } + error = ip_output(m, clone, NULL, + ((so->so_options & SO_DONTROUTE) ? + IP_ROUTETOIF : 0) | IP_ALLOWBROADCAST | + IP_RAWOUTPUT, NULL, NULL); + if (clone != NULL) + m_freem(clone); } - INP_UNLOCK(inp); - INP_INFO_WUNLOCK(&divcbinfo); } else { dt->info |= IP_FW_DIVERT_LOOPBACK_FLAG; if (m->m_pkthdr.rcvif == NULL) { @@ -517,6 +542,34 @@ return div_output(so, m, (struct sockaddr_in *)nam, control); } +static int +div_ctloutput(struct socket *so, struct sockopt *sopt) +{ + + /* Do not allow multicast options to be set on divert sockets. */ + switch (sopt->sopt_name) { + case IP_MULTICAST_VIF: + case IP_MULTICAST_IF: + case IP_MULTICAST_TTL: + case IP_MULTICAST_LOOP: + case IP_ADD_MEMBERSHIP: + case IP_ADD_SOURCE_MEMBERSHIP: + case MCAST_JOIN_GROUP: + case MCAST_JOIN_SOURCE_GROUP: + case IP_DROP_MEMBERSHIP: + case IP_DROP_SOURCE_MEMBERSHIP: + case MCAST_LEAVE_GROUP: + case MCAST_LEAVE_SOURCE_GROUP: + case IP_BLOCK_SOURCE: + case IP_UNBLOCK_SOURCE: + case MCAST_BLOCK_SOURCE: + case MCAST_UNBLOCK_SOURCE: + case IP_MSFILTER: + return (EOPNOTSUPP); + } + return (ip_ctloutput(so, sopt)); +} + void div_ctlinput(int cmd, struct sockaddr *sa, void *vip) { @@ -648,7 +701,7 @@ .pr_flags = PR_ATOMIC|PR_ADDR, .pr_input = div_input, .pr_ctlinput = div_ctlinput, - .pr_ctloutput = ip_ctloutput, + .pr_ctloutput = div_ctloutput, .pr_init = div_init, .pr_usrreqs = &div_usrreqs }; --ikeVEW9yuYc//A+q-- From owner-freebsd-net@FreeBSD.ORG Wed Aug 1 22:55:38 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3D72316A417 for ; Wed, 1 Aug 2007 22:55:38 +0000 (UTC) (envelope-from fox@verio.net) Received: from dfw-smtpout2.email.verio.net (dfw-smtpout2.email.verio.net [129.250.36.42]) by mx1.freebsd.org (Postfix) with ESMTP id 0DF8313C4D0 for ; Wed, 1 Aug 2007 22:55:37 +0000 (UTC) (envelope-from fox@verio.net) Received: from [129.250.36.64] (helo=dfw-mmp4.email.verio.net) by dfw-smtpout2.email.verio.net with esmtp id 1IGN6P-0002Ye-9I for freebsd-net@freebsd.org; Wed, 01 Aug 2007 22:55:37 +0000 Received: from [129.250.40.241] (helo=limbo.int.dllstx01.us.it.verio.net) by dfw-mmp4.email.verio.net with esmtp id 1IGN6P-0001dl-5s for freebsd-net@freebsd.org; Wed, 01 Aug 2007 22:55:37 +0000 Received: by limbo.int.dllstx01.us.it.verio.net (Postfix, from userid 1000) id 935D18E296; Wed, 1 Aug 2007 17:55:36 -0500 (CDT) Date: Wed, 1 Aug 2007 17:55:36 -0500 From: David DeSimone To: freebsd-net@freebsd.org Message-ID: <20070801225536.GB19913@verio.net> Mail-Followup-To: freebsd-net@freebsd.org References: <7feb82f40707301752j2ccb235eof197fed852188bd5@mail.gmail.com> <20070731105332.GA1285@jayce.zen.inc> <7feb82f40707311129n66c149c0k6f106acd6e7b8d5@mail.gmail.com> <7feb82f40708010504y75ab3cc9i4a31b41a765c0af4@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed Content-Disposition: inline In-Reply-To: <7feb82f40708010504y75ab3cc9i4a31b41a765c0af4@mail.gmail.com> Precedence: bulk User-Agent: Mutt/1.5.9i Subject: Re: IPSEC connection drops and doesn't recover X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 22:55:38 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Isaac Kohen wrote: > > I get these in dmesg-- does it mean anything? > > IPv4 ESP input: no key association found for spi 94246771 > IPv4 ESP input: no key association found for spi 94246771 > IPv4 ESP input: no key association found for spi 94246771 > IPv4 ESP input: no key association found for spi 94246771 This means that your remote peer still believes that there is an outstanding SA defined, and it is sending you encrypted packets that your system does not understand. As another poster reported, you may have some IKE session lifetime discrepancies that you need to work out. - -- David DeSimone == Network Admin == fox@verio.net "It took me fifteen years to discover that I had no talent for writing, but I couldn't give it up because by that time I was too famous. -- Robert Benchley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFGsQ9oFSrKRjX5eCoRAqQfAJ4smgTABPRS78VuYqijWYK66msQ0ACfdqss GUoaysrFP0ymHGz1UyvXiX4= =u/uk -----END PGP SIGNATURE----- From owner-freebsd-net@FreeBSD.ORG Thu Aug 2 00:13:41 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E0AD516A4FA for ; Thu, 2 Aug 2007 00:13:41 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outX.internet-mail-service.net (outX.internet-mail-service.net [216.240.47.247]) by mx1.freebsd.org (Postfix) with ESMTP id 9FDD313C46B for ; Thu, 2 Aug 2007 00:13:41 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Wed, 01 Aug 2007 17:13:41 -0700 Received: from julian-mac.elischer.org (nat.ironport.com [63.251.108.100]) by idiom.com (Postfix) with ESMTP id A18AD125AE6; Wed, 1 Aug 2007 17:13:40 -0700 (PDT) Message-ID: <46B121D7.1080204@elischer.org> Date: Wed, 01 Aug 2007 17:14:15 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.5 (Macintosh/20070716) MIME-Version: 1.0 To: "Christian S.J. Peron" References: <20070731162515.GA3684@sub> <20070801222613.GA7689@sub.vaned.net> In-Reply-To: <20070801222613.GA7689@sub.vaned.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, rwatson@freebsd.org Subject: Re: divert and deadlock issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 00:13:42 -0000 Christian S.J. Peron wrote: > Group, > > I've come up with a basic patch, here are the highlights as per our discussion: > > - Check for the presence of socket options, if they are present duplicate > them using m_dup(9) > - Drop the INP/INFO locks after duplication > - Activate ip_output() with the cloned mbuf (for socket options). Also, > set the multicast options to NULL > - Add div_cltoutput() to handle any calls to setsockopt(2) that might be > changing multicast parameters. If we see any multicast parameters, > return EOPNOTSUPP (Operation Not Supported), otherwise wrap the call > into ip_ctloutput() (as it was before). > > One portion that is missing with rwatson's netisr change. I've done some very > basic testing on this end and things appear to work. If this group is OK > with this patch, I would like to forward it off to current@ for some > potential testers and comment. > > Thanks! > > > I like it. > ------------------------------------------------------------------------ > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Thu Aug 2 08:12:56 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B349E16A420 for ; Thu, 2 Aug 2007 08:12:56 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.freebsd.org (Postfix) with ESMTP id F40F213C45D for ; Thu, 2 Aug 2007 08:12:55 +0000 (UTC) (envelope-from andre@freebsd.org) Received: (qmail 26502 invoked from network); 2 Aug 2007 08:06:51 -0000 Received: from c00l3r.networx.ch (HELO [127.0.0.1]) ([62.48.2.2]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 2 Aug 2007 08:06:51 -0000 Message-ID: <46B19208.1090706@freebsd.org> Date: Thu, 02 Aug 2007 10:12:56 +0200 From: Andre Oppermann User-Agent: Thunderbird 1.5.0.12 (Windows/20070509) MIME-Version: 1.0 To: "Christian S.J. Peron" References: <20070731162515.GA3684@sub> <20070801222613.GA7689@sub.vaned.net> In-Reply-To: <20070801222613.GA7689@sub.vaned.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, rwatson@freebsd.org Subject: Re: divert and deadlock issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 08:12:56 -0000 Christian S.J. Peron wrote: > Group, > > I've come up with a basic patch, here are the highlights as per our discussion: > > - Check for the presence of socket options, if they are present duplicate > them using m_dup(9) > - Drop the INP/INFO locks after duplication > - Activate ip_output() with the cloned mbuf (for socket options). Also, > set the multicast options to NULL > - Add div_cltoutput() to handle any calls to setsockopt(2) that might be > changing multicast parameters. If we see any multicast parameters, > return EOPNOTSUPP (Operation Not Supported), otherwise wrap the call > into ip_ctloutput() (as it was before). > > One portion that is missing with rwatson's netisr change. I've done some very > basic testing on this end and things appear to work. If this group is OK > with this patch, I would like to forward it off to current@ for some > potential testers and comment. Looks good. -- Andre > Thanks! > > > > ------------------------------------------------------------------------ > > Index: ip_divert.c > =================================================================== > RCS file: /usr/ncvs/src/sys/netinet/ip_divert.c,v > retrieving revision 1.128 > diff -u -r1.128 ip_divert.c > --- ip_divert.c 11 May 2007 10:20:50 -0000 1.128 > +++ ip_divert.c 1 Aug 2007 22:16:56 -0000 > @@ -305,6 +305,7 @@ > struct m_tag *mtag; > struct divert_tag *dt; > int error = 0; > + struct mbuf *clone; > > /* > * An mbuf may hasn't come from userland, but we pretend > @@ -373,15 +374,39 @@ > #ifdef MAC > mac_create_mbuf_from_inpcb(inp, m); > #endif > - error = ip_output(m, > - inp->inp_options, NULL, > - ((so->so_options & SO_DONTROUTE) ? > - IP_ROUTETOIF : 0) | > - IP_ALLOWBROADCAST | IP_RAWOUTPUT, > - inp->inp_moptions, NULL); > + /* > + * Get ready to inject the packet into ip_output(). > + * Just in case socket options were specified on the > + * divert socket, we duplicate them. This is done > + * to avoid having to hold the PCB locks over the call > + * to ip_output(), as doing this results in a number of > + * lock ordering complexities. > + * > + * Note that we set the multicast options argument for > + * ip_output() to NULL since it should be invariant that > + * they are not present. > + */ > + KASSERT(inp->inp_moptions == NULL, > + ("multicast options set on a divert socket")); > + clone = NULL; > + if (inp->inp_options != NULL) { > + clone = m_dup(inp->inp_options, M_DONTWAIT); > + if (clone == NULL) > + error = ENOBUFS; > + } > + INP_UNLOCK(inp); > + INP_INFO_WUNLOCK(&divcbinfo); > + if (error == ENOBUFS) { > + m_freem(m); > + return (error); > + } > + error = ip_output(m, clone, NULL, > + ((so->so_options & SO_DONTROUTE) ? > + IP_ROUTETOIF : 0) | IP_ALLOWBROADCAST | > + IP_RAWOUTPUT, NULL, NULL); > + if (clone != NULL) > + m_freem(clone); > } > - INP_UNLOCK(inp); > - INP_INFO_WUNLOCK(&divcbinfo); > } else { > dt->info |= IP_FW_DIVERT_LOOPBACK_FLAG; > if (m->m_pkthdr.rcvif == NULL) { > @@ -517,6 +542,34 @@ > return div_output(so, m, (struct sockaddr_in *)nam, control); > } > > +static int > +div_ctloutput(struct socket *so, struct sockopt *sopt) > +{ > + > + /* Do not allow multicast options to be set on divert sockets. */ > + switch (sopt->sopt_name) { > + case IP_MULTICAST_VIF: > + case IP_MULTICAST_IF: > + case IP_MULTICAST_TTL: > + case IP_MULTICAST_LOOP: > + case IP_ADD_MEMBERSHIP: > + case IP_ADD_SOURCE_MEMBERSHIP: > + case MCAST_JOIN_GROUP: > + case MCAST_JOIN_SOURCE_GROUP: > + case IP_DROP_MEMBERSHIP: > + case IP_DROP_SOURCE_MEMBERSHIP: > + case MCAST_LEAVE_GROUP: > + case MCAST_LEAVE_SOURCE_GROUP: > + case IP_BLOCK_SOURCE: > + case IP_UNBLOCK_SOURCE: > + case MCAST_BLOCK_SOURCE: > + case MCAST_UNBLOCK_SOURCE: > + case IP_MSFILTER: > + return (EOPNOTSUPP); > + } > + return (ip_ctloutput(so, sopt)); > +} > + > void > div_ctlinput(int cmd, struct sockaddr *sa, void *vip) > { > @@ -648,7 +701,7 @@ > .pr_flags = PR_ATOMIC|PR_ADDR, > .pr_input = div_input, > .pr_ctlinput = div_ctlinput, > - .pr_ctloutput = ip_ctloutput, > + .pr_ctloutput = div_ctloutput, > .pr_init = div_init, > .pr_usrreqs = &div_usrreqs > }; > > > ------------------------------------------------------------------------ > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Thu Aug 2 14:59:39 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1C7C216A41A; Thu, 2 Aug 2007 14:59:39 +0000 (UTC) (envelope-from frank@pinky.sax.de) Received: from pinky.frank-behrens.de (unknown [IPv6:2a01:170:1023:0:211:2fff:fec9:c52d]) by mx1.freebsd.org (Postfix) with ESMTP id 2110F13C45E; Thu, 2 Aug 2007 14:59:37 +0000 (UTC) (envelope-from frank@pinky.sax.de) Received: from [192.168.20.32] (sun.behrens [192.168.20.32]) by pinky.frank-behrens.de (8.14.1/8.14.1) with ESMTP-MSA id l72ExL7X004131 (version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=NO); Thu, 2 Aug 2007 16:59:21 +0200 (CEST) (envelope-from frank@pinky.sax.de) Message-Id: <200708021459.l72ExL7X004131@pinky.frank-behrens.de> From: "Frank Behrens" To: Max Laier Date: Thu, 02 Aug 2007 16:59:20 +0200 MIME-Version: 1.0 Priority: normal In-reply-to: <200707250135.44846.max@love2party.net> References: <200707101520.12272.max@love2party.net> X-mailer: Pegasus Mail for Windows (4.31, DE v4.31 R1) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-Hashcash: 1:24:070802:freebsd-stable@freebsd.org::Zmo1vX7rtsTYyeuk:000000002Kxk X-Hashcash: 1:24:070802:freebsd-net@freebsd.org::fVCPau9m4lmXw9rS:0000000000ECLx X-Hashcash: 1:24:070802:max@love2party.net::NaIbS/fOIcrJOMl4:qQPt Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org Subject: Re: RELENG_6 patch [Re: pf 4.1 Update available for testing] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 14:59:39 -0000 Max Laier wrote on 25 Jul 2007 1:35: > now available at: http://people.freebsd.org/~mlaier/PF41/ with > instructions how to build. Thanks! I tested it, because I have some trouble with pf > Please test if possible and provide me with feedback. The build has following problems: - libexec/Makefile has still reference to ftp_proxy, removing that line helped - usr.sbin/Makefile has still reference to ftp_proxy, removing that line helped - sbin/ifconfig misses ifgroup.c, fetching from HEAD helped I made not many tests, but this version seems to work in general. Unfortunately it does not fix the bug I described in another thread (pf eates syn packet? on freebsd-pf@). Regards, Frank -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available. From owner-freebsd-net@FreeBSD.ORG Thu Aug 2 15:12:32 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C2E8F16A417; Thu, 2 Aug 2007 15:12:32 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183]) by mx1.freebsd.org (Postfix) with ESMTP id 56C1213C45E; Thu, 2 Aug 2007 15:12:32 +0000 (UTC) (envelope-from max@love2party.net) Received: from [88.66.63.66] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu8) with ESMTP (Nemesis), id 0ML31I-1IGcLk18NM-0003dC; Thu, 02 Aug 2007 17:12:30 +0200 From: Max Laier Organization: FreeBSD To: "Frank Behrens" Date: Thu, 2 Aug 2007 17:13:48 +0200 User-Agent: KMail/1.9.7 References: <200707101520.12272.max@love2party.net> <200708021459.l72ExL7X004131@pinky.frank-behrens.de> In-Reply-To: <200708021459.l72ExL7X004131@pinky.frank-behrens.de> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2336341.Jj87f8tqAe"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200708021713.53892.max@love2party.net> X-Provags-ID: V01U2FsdGVkX1/u0R9IsKWNzjEiKYa0J9/SGKzfn9oKfbP2d2Z FYshuFhf+7rqsSA3e45D533TVi513DUNcKRPL0aqqWtdYK3X4F 8NZqhtc+QfCCLsoqLjs1q8k+ylVw+gD4bBEZFUevrY= Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org Subject: Re: RELENG_6 patch [Re: pf 4.1 Update available for testing] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 15:12:32 -0000 --nextPart2336341.Jj87f8tqAe Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 02 August 2007, Frank Behrens wrote: > Max Laier wrote on 25 Jul 2007 1:35: > > now available at: http://people.freebsd.org/~mlaier/PF41/ with > > instructions how to build. > > Thanks! I tested it, because I have some trouble with pf > > > Please test if possible and provide me with feedback. > > The build has following problems: > - libexec/Makefile has still reference to ftp_proxy, removing that line > helped=20 That's in the patch, did you have a libexec/Makefile.rej? > - usr.sbin/Makefile has still reference to ftp_proxy, removing that line > helped That's supposed to be there, but as I forgot the new files in=20 usr.sbin/ftp-proxy it breaks. > - sbin/ifconfig misses ifgroup.c, fetching from HEAD helped Ditto - forgot the new file. > I made not many tests, but this version seems to work in general. > Unfortunately it does not fix the bug I described in another thread (pf > eates syn packet? on freebsd-pf@). More in that thread. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2336341.Jj87f8tqAe Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBGsfSxXyyEoT62BG0RAvLtAJ9xHHj52TPX1E6IoWNtBcmI8ckn9wCfaJC/ LtSW2r0AvGOVvI/czOr3o28= =CQAZ -----END PGP SIGNATURE----- --nextPart2336341.Jj87f8tqAe-- From owner-freebsd-net@FreeBSD.ORG Thu Aug 2 15:22:53 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C423D16A417; Thu, 2 Aug 2007 15:22:53 +0000 (UTC) (envelope-from frank@pinky.sax.de) Received: from pinky.frank-behrens.de (unknown [IPv6:2a01:170:1023:0:211:2fff:fec9:c52d]) by mx1.freebsd.org (Postfix) with ESMTP id 2C8CC13C45D; Thu, 2 Aug 2007 15:22:52 +0000 (UTC) (envelope-from frank@pinky.sax.de) Received: from [192.168.20.32] (sun.behrens [192.168.20.32]) by pinky.frank-behrens.de (8.14.1/8.14.1) with ESMTP-MSA id l72FMJIx004773 (version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=NO); Thu, 2 Aug 2007 17:22:20 +0200 (CEST) (envelope-from frank@pinky.sax.de) Message-Id: <200708021522.l72FMJIx004773@pinky.frank-behrens.de> From: "Frank Behrens" To: Max Laier Date: Thu, 02 Aug 2007 17:22:19 +0200 MIME-Version: 1.0 Priority: normal In-reply-to: <200708021713.53892.max@love2party.net> References: <200708021459.l72ExL7X004131@pinky.frank-behrens.de> X-mailer: Pegasus Mail for Windows (4.31, DE v4.31 R1) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-Hashcash: 1:24:070802:freebsd-stable@freebsd.org::5j/m3JFNo7TJDCq6:0000000DNo3 X-Hashcash: 1:24:070802:freebsd-net@freebsd.org::NPpWWOZnwhuaJt/E:00000000000nSjU X-Hashcash: 1:24:070802:max@love2party.net::EZVmG1tLzYqusXbl:2HKt1 Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org Subject: Re: RELENG_6 patch [Re: pf 4.1 Update available for testing] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 15:22:53 -0000 Max Laier wrote on 2 Aug 2007 17:13: > On Thursday 02 August 2007, Frank Behrens wrote: > > The build has following problems: > > - libexec/Makefile has still reference to ftp_proxy, removing that line > > helped > > That's in the patch, did you have a libexec/Makefile.rej? Sorry, I should better read, what I have on screen: I believe it complained about "tftp-proxy" and that's not here. Regards, Frank -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available. From owner-freebsd-net@FreeBSD.ORG Thu Aug 2 15:35:33 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0E01916A421; Thu, 2 Aug 2007 15:35:33 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186]) by mx1.freebsd.org (Postfix) with ESMTP id 901A913C46B; Thu, 2 Aug 2007 15:35:32 +0000 (UTC) (envelope-from max@love2party.net) Received: from [88.66.63.66] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu1) with ESMTP (Nemesis), id 0MKwpI-1IGchh1MYc-0005KT; Thu, 02 Aug 2007 17:35:09 +0200 From: Max Laier Organization: FreeBSD To: "Frank Behrens" Date: Thu, 2 Aug 2007 17:36:21 +0200 User-Agent: KMail/1.9.7 References: <200708021459.l72ExL7X004131@pinky.frank-behrens.de> <200708021522.l72FMJIx004773@pinky.frank-behrens.de> In-Reply-To: <200708021522.l72FMJIx004773@pinky.frank-behrens.de> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1968509.VcziIZpLuS"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200708021736.28043.max@love2party.net> X-Provags-ID: V01U2FsdGVkX1/AknQA4zsn79HXrD9giVLyaS8rB++7/DdlKd+ SV54TyoQbxu7M7uah4kIIdsCn8RspRhlLuBu/bMn/hqVKogwxG YWU2VCFT1blQSQ47b2qCGRboJpG3ipdIQwofSZDz/s= Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org Subject: Re: RELENG_6 patch [Re: pf 4.1 Update available for testing] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 15:35:33 -0000 --nextPart1968509.VcziIZpLuS Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 02 August 2007, Frank Behrens wrote: > Max Laier wrote on 2 Aug 2007 17:13: > > On Thursday 02 August 2007, Frank Behrens wrote: > > > The build has following problems: > > > - libexec/Makefile has still reference to ftp_proxy, removing that > > > line helped > > > > That's in the patch, did you have a libexec/Makefile.rej? > > Sorry, I should better read, what I have on screen: > I believe it complained about "tftp-proxy" and that's not here. Right, these too. I updated the build instructions to reflect your=20 findings. I essence you need to change step two to: $ cvs up -rHEAD contrib/pf sys/contrib/pf libexec/tftp-proxy \ usr.sbin/ftp-proxy sbin/ifconfig/ifgroup.c to fetch all the required new files before building. I had those checked=20 out already, so I forgot. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1968509.VcziIZpLuS Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBGsfn8XyyEoT62BG0RAr0vAJsEetNz7uV06CzkULBINO8SE55LMACdFpQc cJumUaH7m4d2K+oJNlP6Rm8= =osqX -----END PGP SIGNATURE----- --nextPart1968509.VcziIZpLuS-- From owner-freebsd-net@FreeBSD.ORG Thu Aug 2 16:13:59 2007 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8B35816A41B for ; Thu, 2 Aug 2007 16:13:59 +0000 (UTC) (envelope-from sem@FreeBSD.org) Received: from mail.ciam.ru (ns.ciam.ru [213.247.195.75]) by mx1.freebsd.org (Postfix) with ESMTP id 4C73413C45E for ; Thu, 2 Aug 2007 16:13:59 +0000 (UTC) (envelope-from sem@FreeBSD.org) Received: from dhcp250-210.yandex.ru ([87.250.250.210]) by mail.ciam.ru with esmtpa (Exim 4.x) id 1IGckD-000Eu3-77 for net@freebsd.org; Thu, 02 Aug 2007 19:37:45 +0400 Message-ID: <46B1FA49.8060402@FreeBSD.org> Date: Thu, 02 Aug 2007 19:37:45 +0400 From: Sergey Matveychuk User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: net@freebsd.org Content-Type: multipart/mixed; boundary="------------040809050705000004070504" Cc: Subject: ipfw does not eat its own output X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 16:13:59 -0000 This is a multi-part message in MIME format. --------------040809050705000004070504 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi. I think quite many people met a situation when you want to save current rules with 'ipfw list' command and use it as ipfw input afterwards? (Yes, you should add a 'add' word before each line). But here we meet a weird problem: 'ipfw list' outputs a wrong rule format sometime and you can't use it without a modification. The problem with 'to { ... or ... }' blocks. Let's see an example: you add the rule: ipfw add 100 allow tcp from { 10.10.10.1 or 10.10.10.2 } to { 10.10.10.3 or 10.10.10.4 or 10.10.10.5 } adn it's showed as: 00100 allow tcp from { 10.10.10.1 or 10.10.10.2 } to { 10.10.10.3 or dst-ip 10.10.10.4 or dst-ip 10.10.10.5 } dst-ip words are wrong here. if you'll try to add the rule in this format you get an error: ipfw: missing ")" I think it's a known and long standing problem. (I've found it's introduced with the commit: Revision 1.11: Mon Aug 19 04:52:15 2002 UTC (4 years, 11 months ago) by luigi ) After investigation I've found a strange assumption in show_prerequisites() function. It looks wrong. So I think we can remove it easily. It'll fix the problem. I've tried a lot of syntax variants and I can't see something wrong in output after the modification. Tell me if I wrong (with examples). The patch is bellow. -- Dixi. Sem. --------------040809050705000004070504 Content-Type: text/plain; name="ipfw2.c.diff" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="ipfw2.c.diff" LS0tIHNiaW4vaXBmdy9pcGZ3Mi5jLm9yaWcJVGh1IEF1ZyAgMiAxMzo0NDo0NSAyMDA3Cisr KyBzYmluL2lwZncvaXBmdzIuYwlUaHUgQXVnICAyIDE1OjE3OjQ0IDIwMDcKQEAgLTEzOTQs OSArMTM5NCw2IEBACiB7CiAJaWYgKGNvbW1lbnRfb25seSkKIAkJcmV0dXJuOwotCWlmICgg KCpmbGFncyAmIEhBVkVfSVApID09IEhBVkVfSVApCi0JCSpmbGFncyB8PSBIQVZFX09QVElP TlM7Ci0KIAlpZiAoICEoKmZsYWdzICYgSEFWRV9PUFRJT05TKSkgewogCQlpZiAoICEoKmZs YWdzICYgSEFWRV9QUk9UTykgJiYgKHdhbnQgJiBIQVZFX1BST1RPKSkKIAkJCWlmICggKCpm bGFncyAmIEhBVkVfUFJPVE80KSkK --------------040809050705000004070504-- From owner-freebsd-net@FreeBSD.ORG Thu Aug 2 16:32:18 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 89A6D16A418 for ; Thu, 2 Aug 2007 16:32:18 +0000 (UTC) (envelope-from anderson@more.net) Received: from betaray.spg.more.net (betaray.spg.more.net [207.160.133.137]) by mx1.freebsd.org (Postfix) with ESMTP id 5DFBE13C46A for ; Thu, 2 Aug 2007 16:32:18 +0000 (UTC) (envelope-from anderson@more.net) Received: by betaray.spg.more.net (Postfix, from userid 1000) id 8EC6A1A065A; Thu, 2 Aug 2007 11:32:11 -0500 (CDT) Date: Thu, 2 Aug 2007 11:32:11 -0500 From: "Eric L. Anderson" To: Robert Watson Message-ID: <20070802163211.GI27098@more.net> References: <20070720145932.GP6053@more.net> <20070720180546.X39675@fledge.watson.org> <20070721104525.44603382@localhost> <20070721040009.GB21336@more.net> <20070721202327.T83919@fledge.watson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070721202327.T83919@fledge.watson.org> User-Agent: Mutt/1.5.11 Cc: freebsd-net@freebsd.org Subject: Re: Max NFS mounts for a FreeBSD client? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 16:32:18 -0000 On Sat, Jul 21, 2007 at 08:24:09PM +0100, Robert Watson wrote: > On Fri, 20 Jul 2007, Eric L. Anderson wrote: > > >I can not change lowfirst to any higher amount. I did change lowlast from > >600 to 1 and now I can mount more than 1000 NFS mounts. This is great but > >what kind of side effects am I introducing by making this change? > > The risk, btw, is that those reserved ports may no longer be available for > other use, as they may collide with other services you might want to have, > especially if those services want to bind INADDR_ANY. I had a look at the manpage for mount_nfs and the default is to use a reserved socket port number. There is also the option to not use a reserved socket port number ("-N") and that has taken care of our problem. -- Eric L. Anderson anderson@more.net From owner-freebsd-net@FreeBSD.ORG Thu Aug 2 17:49:20 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CA5CD16A420 for ; Thu, 2 Aug 2007 17:49:20 +0000 (UTC) (envelope-from ddg@yan.com.br) Received: from mail.mastercabo.com.br (mail.mastercabo.com.br [200.179.179.14]) by mx1.freebsd.org (Postfix) with SMTP id BD73B13C46B for ; Thu, 2 Aug 2007 17:49:19 +0000 (UTC) (envelope-from ddg@yan.com.br) Received: (qmail 16942 invoked by uid 1008); 2 Aug 2007 17:18:52 -0000 X-Spam-Checker-Version: SpamAssassin 3.1.7-unknown (2006-10-05) on srvmail1 X-Spam-Level: * X-Spam-Status: No, score=1.3 required=4.7 tests=BAYES_00,RCVD_IN_XBL autolearn=no version=3.1.7-unknown Received: from unknown (HELO ?127.0.0.1?) (daniel@dgnetwork.com.br@200.251.26.17) by mail.mastercabo.com.br with SMTP; 2 Aug 2007 17:18:47 -0000 Message-ID: <46B212A3.7040603@yan.com.br> Date: Thu, 02 Aug 2007 14:21:39 -0300 From: =?ISO-8859-1?Q?Daniel_Dias_Gon=E7alves?= User-Agent: Thunderbird 1.5.0.12 (Windows/20070509) MIME-Version: 1.0 To: freebsd-bugs@freebsd.org References: <200512270905.jBR95qod022904@freefall.freebsd.org> In-Reply-To: <200512270905.jBR95qod022904@freefall.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 000763-2, 02/08/2007), Outbound message X-Antivirus-Status: Clean Cc: freebsd-net@freebsd.org, Gleb Smirnoff Subject: Re: kern/78791: [xl] xl(4) input errors and speed problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: daniel@dgnetwork.com.br List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 17:49:20 -0000 Gleb Smirnoff escreveu: > Synopsis: [xl] xl(4) input errors and speed problem > > State-Changed-From-To: open->feedback > State-Changed-By: glebius > State-Changed-When: Tue Dec 27 09:03:50 UTC 2005 > State-Changed-Why: > Please provide the following information. Is this one particular card > that experiences errors, or you have tested several 3Com cards and all > fail? > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=78791 > _______________________________________________ > freebsd-bugs@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-bugs > To unsubscribe, send any mail to "freebsd-bugs-unsubscribe@freebsd.org" > > > I have same problem, and is not only with card 3com (xl), also with Intel card (fxp). In my servers running FreeBSD 6.1, have constant traffic of +-80mbps and "input errors" (netstat - ni) always increases, use crossover cables and the interfaces fixed "100baseTX-FDX". Frequently with Intel card (fxp), i have that to make ifconfig DOWN/UP in the interface to come back to work. Which the solution for these problems ? -- Daniel D. G. From owner-freebsd-net@FreeBSD.ORG Thu Aug 2 21:44:54 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6B8C916A420 for ; Thu, 2 Aug 2007 21:44:54 +0000 (UTC) (envelope-from jfvogel@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.180]) by mx1.freebsd.org (Postfix) with ESMTP id 46F4513C461 for ; Thu, 2 Aug 2007 21:44:54 +0000 (UTC) (envelope-from jfvogel@gmail.com) Received: by wa-out-1112.google.com with SMTP id k17so685738waf for ; Thu, 02 Aug 2007 14:44:52 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=trUhn/BHiHhimYtwNpf8JOmlGOxeIsRehj0BENfSNNngs/iviH0ef1f93T/wlWFxdZWAMivDL6qt1nGft31m/GTNz6Za7PUC9IqlB7a6fb59yhqvrR3OHjil9X8lzJyfI+QO7jznoSPUL6Z8pWXcSd82HHYPJDEVf8+fgdn5IEE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=UTCS4MRkklwa1qw9y3AIyqCU+0KjQ0OoENRPEV9+xlsBMLNk5HaJK07v8sXpk0DoZfWXTyPa8zrpSb/VbGQLk1V7v/RvM0OKRwDa9QRyoZG9p58kINfhAu5iwpFjnKCJkCUGs8NFiZBdupKsaPb142ZWeweUWyZTX75f+XfUYa8= Received: by 10.114.103.1 with SMTP id a1mr2275555wac.1186091092365; Thu, 02 Aug 2007 14:44:52 -0700 (PDT) Received: by 10.114.103.14 with HTTP; Thu, 2 Aug 2007 14:44:52 -0700 (PDT) Message-ID: <2a41acea0708021444o7edc4ecetb08601fa18ad43ea@mail.gmail.com> Date: Thu, 2 Aug 2007 14:44:52 -0700 From: "Jack Vogel" To: "Andre Oppermann" , "freebsd-net@freebsd.org" MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: Subject: Odd driver behavior with IPV6 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 21:44:54 -0000 I have some behavior I don't understand, perhaps someone can enlighten me. There is a difference in behavior between the em driver and ixgbe, but I can not figure out what it is, here is the behavior. With em driver, you can give the interface an ipv6 address, and set mtu to 9000, then when you 'route get -inet6 ipv6host' it will show the mtu to be 9000, this is what you would expect. OK, the problem is that with ixgbe, when it is built in OR when it is set to load immediately on boot it works correctly, BUT, if I just randomly load the driver after coming up, and then do the above steps, when you do the route get the MTU shows up only as 1500. This works correctly for IPv4 which is why this mystifies me, the driver doesnt have any code for IP versions. I hope this explanation is clear. Anyone have a clue? Thanks, Jack From owner-freebsd-net@FreeBSD.ORG Thu Aug 2 22:15:26 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DD0F016A419 for ; Thu, 2 Aug 2007 22:15:26 +0000 (UTC) (envelope-from jfvogel@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.180]) by mx1.freebsd.org (Postfix) with ESMTP id B1E8B13C483 for ; Thu, 2 Aug 2007 22:15:26 +0000 (UTC) (envelope-from jfvogel@gmail.com) Received: by wa-out-1112.google.com with SMTP id k17so693315waf for ; Thu, 02 Aug 2007 15:15:26 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=puA7rADe9kY9cBkfy25/IzpHg7HDFYBhaNhbez1hZxmABO66CbXXBpLUxBVpO7QhjmnwuRrpO16NG4QwqKIrQtgrhRWrUSLAbo/MVE63rIh3js/mfr8ueag7gmfVJR5rBktzFFD4QLUKaRGiVpKy7rkR4wDntbRn+uS9Rc53eMY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=VLQg5HXRco0iNuMWJYKJEhDQ48Sph4t//GZJjDjpBTTRSekVlrnAKllqZ2gOSZaRg2DivVuc1P/dGw9297F5zHb9qMnK1mrgIsl7KK6WjosQZe0PARpRbLfyXSYGNNTUrzX3YQES0m1jlvT5UaxC8yWYWdwHauirT+7ncvDSnpY= Received: by 10.114.198.1 with SMTP id v1mr2300065waf.1186092923343; Thu, 02 Aug 2007 15:15:23 -0700 (PDT) Received: by 10.114.103.14 with HTTP; Thu, 2 Aug 2007 15:15:23 -0700 (PDT) Message-ID: <2a41acea0708021515v118a6087ge6ddbfe415cb3774@mail.gmail.com> Date: Thu, 2 Aug 2007 15:15:23 -0700 From: "Jack Vogel" To: "Andre Oppermann" , "freebsd-net@freebsd.org" In-Reply-To: <2a41acea0708021444o7edc4ecetb08601fa18ad43ea@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <2a41acea0708021444o7edc4ecetb08601fa18ad43ea@mail.gmail.com> Cc: Subject: Re: Odd driver behavior with IPV6 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 22:15:26 -0000 On 8/2/07, Jack Vogel wrote: > I have some behavior I don't understand, perhaps someone can enlighten me. > > There is a difference in behavior between the em driver and ixgbe, but I can > not figure out what it is, here is the behavior. > > With em driver, you can give the interface an ipv6 address, and set mtu > to 9000, then when you 'route get -inet6 ipv6host' it will show the mtu > to be 9000, this is what you would expect. > > OK, the problem is that with ixgbe, when it is built in OR when it is set > to load immediately on boot it works correctly, BUT, if I just randomly > load the driver after coming up, and then do the above steps, when you > do the route get the MTU shows up only as 1500. This works correctly > for IPv4 which is why this mystifies me, the driver doesnt have any > code for IP versions. > > I hope this explanation is clear. Anyone have a clue? I have some more data, in setup, after the call to ether_ifattach(), the ixgbe driver explicitly does ifp->if_mtu = 9000 to change the default. If I take this out then this all works, but I don't understand why this should be, especially since if the code is static in the kernel it works. Very strange :( Jack PS. BTW, the mxge does this as well, Drew you might want to check if this happens for you. From owner-freebsd-net@FreeBSD.ORG Fri Aug 3 08:57:22 2007 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BAB7116A419; Fri, 3 Aug 2007 08:57:22 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.64.130]) by mx1.freebsd.org (Postfix) with ESMTP id 3825013C428; Fri, 3 Aug 2007 08:57:22 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.1/8.14.1) with ESMTP id l738QMoh019486; Fri, 3 Aug 2007 12:26:22 +0400 (MSD) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.1/8.14.1/Submit) id l738QM18019485; Fri, 3 Aug 2007 12:26:22 +0400 (MSD) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Fri, 3 Aug 2007 12:26:22 +0400 From: Gleb Smirnoff To: daniel@dgnetwork.com.br Message-ID: <20070803082622.GZ21312@glebius.int.ru> Mail-Followup-To: Gleb Smirnoff , daniel@dgnetwork.com.br, freebsd-bugs@freebsd.org, freebsd-net@freebsd.org References: <200512270905.jBR95qod022904@freefall.freebsd.org> <46B212A3.7040603@yan.com.br> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <46B212A3.7040603@yan.com.br> User-Agent: Mutt/1.5.15 (2007-04-06) Cc: freebsd-net@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Re: kern/78791: [xl] xl(4) input errors and speed problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Aug 2007 08:57:22 -0000 On Thu, Aug 02, 2007 at 02:21:39PM -0300, Daniel Dias Gon?alves wrote: D> > State-Changed-From-To: open->feedback D> > State-Changed-By: glebius D> > State-Changed-When: Tue Dec 27 09:03:50 UTC 2005 D> > State-Changed-Why: Please provide the following information. Is this one D> > particular card D> > that experiences errors, or you have tested several 3Com cards and all D> > fail? D> > D> I have same problem, and is not only with card 3com (xl), also with Intel D> card (fxp). D> In my servers running FreeBSD 6.1, have constant traffic of +-80mbps and D> "input errors" (netstat - ni) always increases, use crossover cables and the D> interfaces fixed "100baseTX-FDX". D> Frequently with Intel card (fxp), i have that to make ifconfig DOWN/UP in D> the interface to come back to work. D> D> Which the solution for these problems ? I think the problem, you've described isn't the same problem as in kern/78791. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Fri Aug 3 15:03:52 2007 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6F47A16A41A; Fri, 3 Aug 2007 15:03:52 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 4240D13C458; Fri, 3 Aug 2007 15:03:52 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from freefall.freebsd.org (remko@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l73F3qn3022169; Fri, 3 Aug 2007 15:03:52 GMT (envelope-from remko@freefall.freebsd.org) Received: (from remko@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l73F3qQg022165; Fri, 3 Aug 2007 15:03:52 GMT (envelope-from remko) Date: Fri, 3 Aug 2007 15:03:52 GMT Message-Id: <200708031503.l73F3qQg022165@freefall.freebsd.org> To: remko@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-net@FreeBSD.org From: remko@FreeBSD.org Cc: Subject: Re: kern/78791: [xl] xl(4) input errors and speed problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Aug 2007 15:03:52 -0000 Synopsis: [xl] xl(4) input errors and speed problem Responsible-Changed-From-To: freebsd-bugs->freebsd-net Responsible-Changed-By: remko Responsible-Changed-When: Fri Aug 3 15:03:33 UTC 2007 Responsible-Changed-Why: Reassign to networking team (this is a network card after all). http://www.freebsd.org/cgi/query-pr.cgi?pr=78791 From owner-freebsd-net@FreeBSD.ORG Fri Aug 3 16:00:05 2007 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C906116A41F; Fri, 3 Aug 2007 16:00:05 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from galain.elvandar.org (redqueen.elvandar.org [217.148.169.55]) by mx1.freebsd.org (Postfix) with ESMTP id 898CA13C48A; Fri, 3 Aug 2007 16:00:05 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from evilcoder.xs4all.nl ([195.64.94.120] helo=elvandar.local) by galain.elvandar.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.67) (envelope-from ) id 1IGyi0-0009r1-Bv; Fri, 03 Aug 2007 17:04:56 +0200 Message-ID: <46B3441F.4090209@FreeBSD.org> Date: Fri, 03 Aug 2007 17:05:03 +0200 From: Remko Lodder User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728) MIME-Version: 1.0 To: remko@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-net@FreeBSD.org References: <200708031503.l73F3qQg022165@freefall.freebsd.org> In-Reply-To: <200708031503.l73F3qQg022165@freefall.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Subject: Re: kern/78791: [xl] xl(4) input errors and speed problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Aug 2007 16:00:05 -0000 remko@FreeBSD.org wrote: > Synopsis: [xl] xl(4) input errors and speed problem > > Responsible-Changed-From-To: freebsd-bugs->freebsd-net > Responsible-Changed-By: remko > Responsible-Changed-When: Fri Aug 3 15:03:33 UTC 2007 > Responsible-Changed-Why: > Reassign to networking team (this is a network card after all). > > http://www.freebsd.org/cgi/query-pr.cgi?pr=78791 oh it was closed already ... -- Kind regards, Remko Lodder ** remko@elvandar.org FreeBSD ** remko@FreeBSD.org /* Quis custodiet ipsos custodes */ From owner-freebsd-net@FreeBSD.ORG Fri Aug 3 17:18:10 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6577016A418 for ; Fri, 3 Aug 2007 17:18:10 +0000 (UTC) (envelope-from daniel@dgnetwork.com.br) Received: from mail.mastercabo.com.br (mail.mastercabo.com.br [200.179.179.14]) by mx1.freebsd.org (Postfix) with SMTP id D858813C4E7 for ; Fri, 3 Aug 2007 17:18:03 +0000 (UTC) (envelope-from daniel@dgnetwork.com.br) Received: (qmail 62121 invoked by uid 1008); 3 Aug 2007 16:45:50 -0000 X-Spam-Checker-Version: SpamAssassin 3.1.7-unknown (2006-10-05) on srvmail2 X-Spam-Level: X-Spam-Status: No, score=-1.1 required=4.7 tests=AWL,BAYES_00 autolearn=ham version=3.1.7-unknown Received: from unknown (HELO ?127.0.0.1?) (daniel@dgnetwork.com.br@200.251.26.17) by mail.mastercabo.com.br with SMTP; 3 Aug 2007 16:45:46 -0000 Message-ID: <46B35CCF.2020904@dgnetwork.com.br> Date: Fri, 03 Aug 2007 13:50:23 -0300 From: =?ISO-8859-1?Q?Daniel_Dias_Gon=E7alves?= Organization: DGNET Network Solutions User-Agent: Thunderbird 1.5.0.12 (Windows/20070509) MIME-Version: 1.0 To: freebsd-bugs@FreeBSD.org, freebsd-net@freebsd.org References: <200708031503.l73F3qQg022165@freefall.freebsd.org> <46B3441F.4090209@FreeBSD.org> In-Reply-To: <46B3441F.4090209@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 000763-3, 02/08/2007), Outbound message X-Antivirus-Status: Clean Cc: Remko Lodder Subject: Re: kern/78791: [xl] xl(4) input errors and speed problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: daniel@dgnetwork.com.br List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Aug 2007 17:18:10 -0000 Remko Lodder escreveu: > remko@FreeBSD.org wrote: > >> Synopsis: [xl] xl(4) input errors and speed problem >> >> Responsible-Changed-From-To: freebsd-bugs->freebsd-net >> Responsible-Changed-By: remko >> Responsible-Changed-When: Fri Aug 3 15:03:33 UTC 2007 >> Responsible-Changed-Why: >> Reassign to networking team (this is a network card after all). >> >> http://www.freebsd.org/cgi/query-pr.cgi?pr=78791 >> > > oh it was closed already ... > > Yes, you Open ? -- Daniel D. G. From owner-freebsd-net@FreeBSD.ORG Sat Aug 4 16:08:06 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8348A16A417 for ; Sat, 4 Aug 2007 16:08:06 +0000 (UTC) (envelope-from giles.williams@gmail.com) Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.186]) by mx1.freebsd.org (Postfix) with ESMTP id 146B613C428 for ; Sat, 4 Aug 2007 16:08:05 +0000 (UTC) (envelope-from giles.williams@gmail.com) Received: by fk-out-0910.google.com with SMTP id b27so1123460fka for ; Sat, 04 Aug 2007 09:08:04 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:mime-version:to:message-id:content-type:from:subject:date:x-mailer; b=pFJJll9yYrHpETxkVx9Dw45o0Mpg46WOF4lZ0YmlUOgSyv5wnQsystBlQNN0xA0pl+D1AaxD5nDHLB47n8l3OG1m306dbk0rkV1ivPcR6a1LkfY0n2/fd4WACmocaU/B5D1Sl/4nUOMq5MdyoU1mDJPLVw/RXcIaVZRs8n2DzYg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:mime-version:to:message-id:content-type:from:subject:date:x-mailer; b=EBHlkkSx/7UNn5aD0NVCs8bRzgYeDkfFdu2orLUARaDa6935CHRsifXh0xEs2n7qlna4RrgBlQuGQoUzZY8VFxpGMHKs4Q0CHLf9FsELu4EuY2AvK6KJSkuODNDT3FFV5koy/hOyotG1PYnKv2ToMk8F154A4tTJSr+j8RjRRh0= Received: by 10.82.108.9 with SMTP id g9mr4578526buc.1186242052860; Sat, 04 Aug 2007 08:40:52 -0700 (PDT) Received: from ?192.168.1.103? ( [90.242.50.33]) by mx.google.com with ESMTPS id d24sm21760744nfh.2007.08.04.08.40.51 (version=SSLv3 cipher=OTHER); Sat, 04 Aug 2007 08:40:52 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v752.3) To: freebsd-net@freebsd.org Message-Id: From: Giles Williams Date: Sat, 4 Aug 2007 16:40:46 +0100 X-Mailer: Apple Mail (2.752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Dynamode USB NIC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Aug 2007 16:08:06 -0000 Hi Everyone. I'm kinda new to FreeBSD, and am trying to setup an internet gateway with an old box of mine... I have a Dynamode USB -> Ethernet adaptor - when plugging it in, i get this logged: ugen0: DM9601 USB NNC Davicom CO., LTD, rev 1.10/1.01, addr 2 I googled for the DM9601 bit, which is apparently supported by udav, but it didn't seem to show up in ifconfig.... Is there anything anyone can suggest to help me set this up? Thanks, Giles Williams. From owner-freebsd-net@FreeBSD.ORG Sat Aug 4 16:20:08 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4359616A468 for ; Sat, 4 Aug 2007 16:20:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 13ACE13C46B for ; Sat, 4 Aug 2007 16:20:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 5F61241C5D6; Sat, 4 Aug 2007 18:20:06 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id X24a-szFaTnA; Sat, 4 Aug 2007 18:20:06 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 0806941C5D4; Sat, 4 Aug 2007 18:20:06 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 23603444885; Sat, 4 Aug 2007 16:15:57 +0000 (UTC) Date: Sat, 4 Aug 2007 16:15:57 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Giles Williams In-Reply-To: Message-ID: <20070804161416.A87821@maildrop.int.zabbadoz.net> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org Subject: Re: Dynamode USB NIC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Aug 2007 16:20:08 -0000 On Sat, 4 Aug 2007, Giles Williams wrote: > Hi Everyone. > > I'm kinda new to FreeBSD, and am trying to setup an internet gateway with an > old box of mine... > > I have a Dynamode USB -> Ethernet adaptor - when plugging it in, i get this > logged: > ugen0: DM9601 USB NNC Davicom CO., LTD, rev 1.10/1.01, addr 2 > > I googled for the DM9601 bit, which is apparently supported by udav, but it > didn't seem to show up in ifconfig.... > > Is there anything anyone can suggest to help me set this up? do you have udav loaded? kldstat -v | grep udav if not try loading it: kldload if_udav if that still doesn't help, what does usbdevs -v say? -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right the first time. From owner-freebsd-net@FreeBSD.ORG Sat Aug 4 16:34:35 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6012E16A417 for ; Sat, 4 Aug 2007 16:34:35 +0000 (UTC) (envelope-from giles.williams@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.173]) by mx1.freebsd.org (Postfix) with ESMTP id 02E6C13C458 for ; Sat, 4 Aug 2007 16:34:34 +0000 (UTC) (envelope-from giles.williams@gmail.com) Received: by ug-out-1314.google.com with SMTP id o4so608810uge for ; Sat, 04 Aug 2007 09:34:33 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:in-reply-to:references:mime-version:content-type:message-id:cc:content-transfer-encoding:from:subject:date:to:x-mailer; b=oo0Hlaz2MafLDbT6JaLe978peY70QkVEu9wmTR+47gy0dmTIrNh0L5nIZ3QVKL4thRt7FNZfMWNAsmJf1Fo2yekfmhX0YtrHzt2PMgytVBEU1H5A0KhrAo9LjgDZeSc/NRYGiVUiasgt1QMoF+kpFzsVZ5LWKf8j2Rg+SfOrGrI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:in-reply-to:references:mime-version:content-type:message-id:cc:content-transfer-encoding:from:subject:date:to:x-mailer; b=Q+Vo5XJ9Lws4kzyTIIS6+4/u93h6cLUokWc38P4jh91xXnGiGA5t4FhkbNaZFmwUpTbACftzb9rCMIpEA9v19fEfTre/NtrqnhMjdvBN6jn8ptDRsx/Hz33m2HPCpe7UPtgd0TbPHW1LyNh+aB5hrcx4hDyWjKyOS6MPTTuoeyc= Received: by 10.67.121.15 with SMTP id y15mr3801401ugm.1186245273295; Sat, 04 Aug 2007 09:34:33 -0700 (PDT) Received: from ?192.168.1.103? ( [90.242.50.33]) by mx.google.com with ESMTPS id f8sm4206528nfh.2007.08.04.09.34.31 (version=SSLv3 cipher=OTHER); Sat, 04 Aug 2007 09:34:32 -0700 (PDT) In-Reply-To: <20070804161416.A87821@maildrop.int.zabbadoz.net> References: <20070804161416.A87821@maildrop.int.zabbadoz.net> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <7D3714AA-F32F-4F52-BABC-73C1E5EC9171@gmail.com> Content-Transfer-Encoding: 7bit From: Giles Williams Date: Sat, 4 Aug 2007 17:34:25 +0100 To: Bjoern A. Zeeb X-Mailer: Apple Mail (2.752.3) Cc: freebsd-net@freebsd.org Subject: Re: Dynamode USB NIC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Aug 2007 16:34:35 -0000 I've looked, and udav is loaded, I already tried that a while back. Execing usbdevs -v gives: bsdbox# usbdevs -v Controller /dev/usb0: addr 1: full speed, self powered, config 1, UHCI root hub(0x0000), Intel(0x0000), rev 1.00 port 1 addr 2: full speed, power 144 mA, config 1, Davicom CO., LTD (0x9601), DM9601 USB NNC(0x0a46), rev 1.01 port 2 powered Thanks, Giles. On 4 Aug 2007, at 17:15, Bjoern A. Zeeb wrote: > On Sat, 4 Aug 2007, Giles Williams wrote: > >> Hi Everyone. >> >> I'm kinda new to FreeBSD, and am trying to setup an internet >> gateway with an old box of mine... >> >> I have a Dynamode USB -> Ethernet adaptor - when plugging it in, i >> get this logged: >> ugen0: DM9601 USB NNC Davicom CO., LTD, rev 1.10/1.01, addr 2 >> >> I googled for the DM9601 bit, which is apparently supported by >> udav, but it didn't seem to show up in ifconfig.... >> >> Is there anything anyone can suggest to help me set this up? > > do you have udav loaded? kldstat -v | grep udav > if not try loading it: kldload if_udav > > if that still doesn't help, what does > usbdevs -v > say? > > -- > Bjoern A. Zeeb bzeeb at Zabbadoz > dot NeT > Software is harder than hardware so better get it right the first > time. From owner-freebsd-net@FreeBSD.ORG Sat Aug 4 16:35:07 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 47C2316A41A for ; Sat, 4 Aug 2007 16:35:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 1608613C45D for ; Sat, 4 Aug 2007 16:35:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 4276E41C662; Sat, 4 Aug 2007 18:35:06 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id DuaJxDquBcTO; Sat, 4 Aug 2007 18:35:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id E55C541C65E; Sat, 4 Aug 2007 18:35:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 95730444885; Sat, 4 Aug 2007 16:30:33 +0000 (UTC) Date: Sat, 4 Aug 2007 16:30:33 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Giles Williams In-Reply-To: Message-ID: <20070804162704.T87821@maildrop.int.zabbadoz.net> References: <20070804161416.A87821@maildrop.int.zabbadoz.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org Subject: Re: Dynamode USB NIC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Aug 2007 16:35:07 -0000 On Sat, 4 Aug 2007, Giles Williams wrote: Hi, Cc:ing net@ again > Thanks for getting back to me! > > I've looked, and udav is loaded, I already tried that a while back. Execing > usbdevs -v gives: > > bsdbox# usbdevs -v > Controller /dev/usb0: > addr 1: full speed, self powered, config 1, UHCI root hub(0x0000), > Intel(0x0000), rev 1.00 > port 1 addr 2: full speed, power 144 mA, config 1, Davicom CO., LTD(0x9601), > DM9601 USB NNC(0x0a46), rev 1.01 > port 2 powered For FreeBSD HEAD sources it looks like this: ... } udav_devs [] = { /* Corega USB-TXC */ {{ USB_VENDOR_COREGA, USB_PRODUCT_COREGA_FETHER_USB_TXC }, 0}, /* ShanTou ST268 USB NIC */ {{ USB_VENDOR_SHANTOU, USB_PRODUCT_SHANTOU_ST268 }, 0}, #if 0 /* DAVICOM DM9601 Generic? */ /* XXX: The following ids was obtained from the data sheet. */ {{ 0x0a46, 0x9601 }, 0}, #endif }; ... As you can see, you ID is disabled with the #if 0. It seems it was that way since the very first version. I cannot say what it's the way it is. You could try to change it to #if 1 and recompile and see if it panics or works... -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right the first time. From owner-freebsd-net@FreeBSD.ORG Sat Aug 4 16:37:18 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 18F1316A417 for ; Sat, 4 Aug 2007 16:37:18 +0000 (UTC) (envelope-from giles.williams@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169]) by mx1.freebsd.org (Postfix) with ESMTP id AF92713C457 for ; Sat, 4 Aug 2007 16:37:17 +0000 (UTC) (envelope-from giles.williams@gmail.com) Received: by ug-out-1314.google.com with SMTP id o4so608906uge for ; Sat, 04 Aug 2007 09:37:16 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:in-reply-to:references:mime-version:content-type:message-id:cc:content-transfer-encoding:from:subject:date:to:x-mailer; b=ax3u4BpsXtDowHvq/OPIhkOcnsQZaQCJd1wvU+xWb9xsu2VOBsGsIe+JHodR8masG0XBvfSpjdrXOfLEw8OIL1obFWEZ8qz0o5/mt6KvzL1RdJfMykbIWhehlwTF8jwRXAyIYZAgQ7KXP0JrY3xm5gHH/bNPkG1m8/61EQOAsSA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:in-reply-to:references:mime-version:content-type:message-id:cc:content-transfer-encoding:from:subject:date:to:x-mailer; b=EscrAZTtUIQzim3fqCFFRUo2OJVtM5TMUXWLPPvl0motXpzJV3YxXfUglZTomrHzyCfdol7OY5TW2N/D75b6Gliy22WzoB+YeAYh2RKCuv7aDnEVpNgGOjIG4OgWBcMZnNqsrajiGkymzlT74Fs4uxztpQXmgyOCCzd8y/G0Fe0= Received: by 10.67.27.20 with SMTP id e20mr959261ugj.1186245436166; Sat, 04 Aug 2007 09:37:16 -0700 (PDT) Received: from ?192.168.1.103? ( [90.242.50.33]) by mx.google.com with ESMTPS id i8sm4263405nfh.2007.08.04.09.37.14 (version=SSLv3 cipher=OTHER); Sat, 04 Aug 2007 09:37:15 -0700 (PDT) In-Reply-To: <20070804162704.T87821@maildrop.int.zabbadoz.net> References: <20070804161416.A87821@maildrop.int.zabbadoz.net> <20070804162704.T87821@maildrop.int.zabbadoz.net> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <48B3F4C6-FBCF-4BB4-B852-AB52B08B0A1C@gmail.com> Content-Transfer-Encoding: 7bit From: Giles Williams Date: Sat, 4 Aug 2007 17:37:14 +0100 To: "Bjoern A. Zeeb" X-Mailer: Apple Mail (2.752.3) Cc: freebsd-net@freebsd.org Subject: Re: Dynamode USB NIC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Aug 2007 16:37:18 -0000 hmm ok. erm being a bit of a noob - any chance you could explain how to do this? Thanks, Giles. On 4 Aug 2007, at 17:30, Bjoern A. Zeeb wrote: > On Sat, 4 Aug 2007, Giles Williams wrote: > > Hi, > Cc:ing net@ again > > >> Thanks for getting back to me! >> >> I've looked, and udav is loaded, I already tried that a while >> back. Execing usbdevs -v gives: >> >> bsdbox# usbdevs -v >> Controller /dev/usb0: >> addr 1: full speed, self powered, config 1, UHCI root hub(0x0000), >> Intel(0x0000), rev 1.00 >> port 1 addr 2: full speed, power 144 mA, config 1, Davicom CO., LTD >> (0x9601), DM9601 USB NNC(0x0a46), rev 1.01 >> port 2 powered > > For FreeBSD HEAD sources it looks like this: > > ... > } udav_devs [] = { > /* Corega USB-TXC */ > {{ USB_VENDOR_COREGA, USB_PRODUCT_COREGA_FETHER_USB_TXC }, 0}, > /* ShanTou ST268 USB NIC */ > {{ USB_VENDOR_SHANTOU, USB_PRODUCT_SHANTOU_ST268 }, 0}, > #if 0 > /* DAVICOM DM9601 Generic? */ > /* XXX: The following ids was obtained from the data > sheet. */ > {{ 0x0a46, 0x9601 }, 0}, > #endif > }; > ... > > As you can see, you ID is disabled with the #if 0. It seems it was > that way since the very first version. I cannot say what it's the way > it is. > > You could try to change it to #if 1 and recompile and see if it > panics or works... > > -- > Bjoern A. Zeeb bzeeb at Zabbadoz > dot NeT > Software is harder than hardware so better get it right the first > time. From owner-freebsd-net@FreeBSD.ORG Sat Aug 4 16:42:33 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9217316A417 for ; Sat, 4 Aug 2007 16:42:33 +0000 (UTC) (envelope-from adityaa.kiran@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.179]) by mx1.freebsd.org (Postfix) with ESMTP id 7A90513C45E for ; Sat, 4 Aug 2007 16:42:33 +0000 (UTC) (envelope-from adityaa.kiran@gmail.com) Received: by wa-out-1112.google.com with SMTP id k17so1314813waf for ; Sat, 04 Aug 2007 09:42:33 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=iW9LadWgyYa7rcfN4nAclqHibGMb3U+5QH7edV7x3u0z0Sdwuu7EUtO5yIKhdc/UFzFSiJ4wbBECyyzSI2eG06lIr/k16TSyprQDhYEZrgYPwnnlCOqpeOYWYXdd3LZDgbx8l/OX5A/CDqsMFmL5jpUUGxi0758On0G9bsKH7to= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=PdW2+xKtwHGf0a5+zLWg4O42T80wqVmVuyGZ0drqWG1Ka56ksmWH4PuGLIOka7vgPBt4DpfN5WnbnFQnaFTOmrELfUe5REd4ULdGJ7yKSH1gslj29UHPmU10teSLkDbapQ49QLd2Hr1jhPCDL0tZrYeTS4tknV2KJuive1rlHR8= Received: by 10.114.27.20 with SMTP id a20mr4048752waa.1186245752973; Sat, 04 Aug 2007 09:42:32 -0700 (PDT) Received: by 10.114.72.3 with HTTP; Sat, 4 Aug 2007 09:42:32 -0700 (PDT) Message-ID: <994cd1cf0708040942p4dc6486ar1c333571bddfcc4c@mail.gmail.com> Date: Sat, 4 Aug 2007 22:12:32 +0530 From: "aditya kiran" To: blue In-Reply-To: <46A7E70E.70204@zyxel.com.tw> MIME-Version: 1.0 References: <994cd1cf0707251039j7eaf167fh5851fc979ee2b60@mail.gmail.com> <46A7E70E.70204@zyxel.com.tw> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-net@freebsd.org Subject: Re: Ipsec - PF_KEY and set_policy X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Aug 2007 16:42:33 -0000 HI Blue, Thanks a lot for this info.. It helped me in understanding the difference.. Thanks, Adityaa On 7/26/07, blue wrote: > > As far as I know, setkey is used for IPsec SP and SA configuration. > ipsec_set_policy() could transfer a string to "policy request", which is > defined in RFC 2367 PF_KEY. Internally, setkey() will call > ipsec_set_policy() to construct the message then send it down to the > kernel. However, ipsec_set_policy() is used only for SP, not SA. > > blue > > aditya kiran wrote: > > > Hi, > > I was just trying to understand PF_KEY interface for ipsec settings. So, > > setkey uses it to do that. but i could find another system call - > > ipsec_set_policy. Could any body let me know why there are two > > interfaces to > > configure ipsec? > > Thanks, > > Aditya > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > > From owner-freebsd-net@FreeBSD.ORG Sat Aug 4 16:50:07 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6E6AD16A419 for ; Sat, 4 Aug 2007 16:50:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 3B03313C468 for ; Sat, 4 Aug 2007 16:50:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 0707B41C5CD; Sat, 4 Aug 2007 18:50:06 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id uQsECvPrsj0C; Sat, 4 Aug 2007 18:50:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id AE48841C5D4; Sat, 4 Aug 2007 18:50:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id ED1AD444885; Sat, 4 Aug 2007 16:47:46 +0000 (UTC) Date: Sat, 4 Aug 2007 16:47:46 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Giles Williams In-Reply-To: <48B3F4C6-FBCF-4BB4-B852-AB52B08B0A1C@gmail.com> Message-ID: <20070804164637.R87821@maildrop.int.zabbadoz.net> References: <20070804161416.A87821@maildrop.int.zabbadoz.net> <20070804162704.T87821@maildrop.int.zabbadoz.net> <48B3F4C6-FBCF-4BB4-B852-AB52B08B0A1C@gmail.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org Subject: Re: Dynamode USB NIC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Aug 2007 16:50:07 -0000 On Sat, 4 Aug 2007, Giles Williams wrote: > hmm ok. > > erm being a bit of a noob - any chance you could explain how to do this? You can find some information about this in the freebsd handbook http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ There are two chapters: "8 Configuring the FreeBSD Kernel" "23 The Cutting Edge" that might help you. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right the first time. From owner-freebsd-net@FreeBSD.ORG Sat Aug 4 16:54:21 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9A9B716A41F for ; Sat, 4 Aug 2007 16:54:21 +0000 (UTC) (envelope-from adityaa.kiran@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.176]) by mx1.freebsd.org (Postfix) with ESMTP id 8158F13C459 for ; Sat, 4 Aug 2007 16:54:21 +0000 (UTC) (envelope-from adityaa.kiran@gmail.com) Received: by wa-out-1112.google.com with SMTP id k17so1317637waf for ; Sat, 04 Aug 2007 09:54:21 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=LCwGZhw+qid10pW+HyqhVimFmnq1hzYE/6kCJnZ7FziPuERGAzqyKlUa/HOs8qxXAUtg7Cl2NFB5Ee62otxKGhieBLEdvvezd1cGgrX2o37HwOcZ7dJdISVxos8WT9bmbEGLDekn9m38pTGjTkXA8OnHoRvjRS1O83EOk+YBgX8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=c/n46G/Bf1bAkLmcmg3gecmpL7enqbXLWVrXecl2zMAqIzGMVHcX2PHeMqBpfCVFXvZqTmJ5fjoaacbm9fXJjs2ItsE0hCsr7KcjhBOA1e5/oxUZIL4BQVbQx1wA3MRLGsHcRxpWf4HLu94gcCNzM4nm5nYVICQ9hBZE3GIKUr8= Received: by 10.115.59.4 with SMTP id m4mr4053887wak.1186246461142; Sat, 04 Aug 2007 09:54:21 -0700 (PDT) Received: by 10.114.72.3 with HTTP; Sat, 4 Aug 2007 09:54:21 -0700 (PDT) Message-ID: <994cd1cf0708040954w207cb516na2fa14ad8694bb6d@mail.gmail.com> Date: Sat, 4 Aug 2007 22:24:21 +0530 From: "aditya kiran" To: "George V. Neville-Neil" In-Reply-To: MIME-Version: 1.0 References: <994cd1cf0707251039j7eaf167fh5851fc979ee2b60@mail.gmail.com> <46A7E70E.70204@zyxel.com.tw> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-net@freebsd.org, blue Subject: Re: Ipsec - PF_KEY and set_policy X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Aug 2007 16:54:21 -0000 Hi George, Thanks a lot for the clarification.. Yeah, i was quite confused with ipsec_set_policy - which has multiple definitions, one which converts the human readable policy format and another one inside the kernel.. doing a little bit of code walk through, it looks like the second one is called when policy is set on the socket.. Thanks, Adityaa On 7/27/07, George V. Neville-Neil wrote: > > At Thu, 26 Jul 2007 08:13:02 +0800, > blue wrote: > > > > As far as I know, setkey is used for IPsec SP and SA configuration. > > ipsec_set_policy() could transfer a string to "policy request", which is > > defined in RFC 2367 PF_KEY. Internally, setkey() will call > > ipsec_set_policy() to construct the message then send it down to the > > kernel. However, ipsec_set_policy() is used only for SP, not SA. > > > And expanding on this just a bit, there is a difference between a > policy (SP) and an association (SA) which is important to understand. > A policy describes something more general, such as "Between network A > and network B use an IPSEC ESP tunnel for all traffic." while an > association is an active communication channel like, "Between address > A and address B we have a tunnel using ESP with key X." There are two > databases in the kernel for this, a Security Policy Database which is > manipulated using the ipsec_set_policy() routing, and a Security > Association Database which is manipulated using direct calls to PF Key > sockets. > > See RFC 2401 for a good intro to these concepts. > > Best, > George > From owner-freebsd-net@FreeBSD.ORG Sat Aug 4 17:16:40 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 35BB416A419 for ; Sat, 4 Aug 2007 17:16:40 +0000 (UTC) (envelope-from giles.williams@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.170]) by mx1.freebsd.org (Postfix) with ESMTP id CB0F413C483 for ; Sat, 4 Aug 2007 17:16:39 +0000 (UTC) (envelope-from giles.williams@gmail.com) Received: by ug-out-1314.google.com with SMTP id o4so610283uge for ; Sat, 04 Aug 2007 10:16:38 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:in-reply-to:references:mime-version:content-type:message-id:cc:content-transfer-encoding:from:subject:date:to:x-mailer; b=SO6NaMTFOgHOgvJ6JP1prlJnRIiSc/x8z77FPLi6K1+dHtkc8J6BYTsb1x4V/XT62SzZ90IvpFI0dQeO6S2IKlXsL35O4w5GmukCGhvTVDY4kQRLPwow2Z3o5EzgnDAES6SPrk0g7XcHQl1nzb5qJ2SPpUPIXJui+1wTYsmKAMk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:in-reply-to:references:mime-version:content-type:message-id:cc:content-transfer-encoding:from:subject:date:to:x-mailer; b=nGc1S4F01nQkEiqPNi1qGzNZB2hI8foTCJVuxk+/FwmuZSwJflD4NUam6fK721lt+vULKVNn7YNtMCr+eSG0V0k9l9f8GZDptuofUTQnnBlV3PUku6Q1lwKBMwy/w6mL/j4EaNn25BpjHEa/fGoETIfzoF3Dvxvwhx0eF0d3PCw= Received: by 10.67.28.9 with SMTP id f9mr3814295ugj.1186247798220; Sat, 04 Aug 2007 10:16:38 -0700 (PDT) Received: from ?192.168.1.103? ( [90.242.50.33]) by mx.google.com with ESMTPS id f7sm22089808nfh.2007.08.04.10.16.37 (version=SSLv3 cipher=OTHER); Sat, 04 Aug 2007 10:16:37 -0700 (PDT) In-Reply-To: <20070804164637.R87821@maildrop.int.zabbadoz.net> References: <20070804161416.A87821@maildrop.int.zabbadoz.net> <20070804162704.T87821@maildrop.int.zabbadoz.net> <48B3F4C6-FBCF-4BB4-B852-AB52B08B0A1C@gmail.com> <20070804164637.R87821@maildrop.int.zabbadoz.net> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Giles Williams Date: Sat, 4 Aug 2007 18:16:31 +0100 To: "Bjoern A. Zeeb" X-Mailer: Apple Mail (2.752.3) Cc: freebsd-net@freebsd.org Subject: Re: Dynamode USB NIC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Aug 2007 17:16:40 -0000 hmmm. i've looked on there - have downloaded the source for the sys files, and looked in the kernel config file, but found no reference to udav.... Any suggestions? Thanks, Giles. On 4 Aug 2007, at 17:47, Bjoern A. Zeeb wrote: > On Sat, 4 Aug 2007, Giles Williams wrote: > >> hmm ok. >> >> erm being a bit of a noob - any chance you could explain how to do >> this? > > You can find some information about this in the freebsd handbook > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ > > There are two chapters: > "8 Configuring the FreeBSD Kernel" > "23 The Cutting Edge" > that might help you. > > -- > Bjoern A. Zeeb bzeeb at Zabbadoz > dot NeT > Software is harder than hardware so better get it right the first > time. From owner-freebsd-net@FreeBSD.ORG Sat Aug 4 17:30:07 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D3BCD16A417 for ; Sat, 4 Aug 2007 17:30:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 9EC0813C469 for ; Sat, 4 Aug 2007 17:30:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id E972941C5E6; Sat, 4 Aug 2007 19:30:05 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id N9+R75TbVMro; Sat, 4 Aug 2007 19:30:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 92B3441C5E5; Sat, 4 Aug 2007 19:30:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 63506444885; Sat, 4 Aug 2007 17:25:35 +0000 (UTC) Date: Sat, 4 Aug 2007 17:25:35 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Giles Williams In-Reply-To: Message-ID: <20070804172429.L87821@maildrop.int.zabbadoz.net> References: <20070804161416.A87821@maildrop.int.zabbadoz.net> <20070804162704.T87821@maildrop.int.zabbadoz.net> <48B3F4C6-FBCF-4BB4-B852-AB52B08B0A1C@gmail.com> <20070804164637.R87821@maildrop.int.zabbadoz.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org Subject: Re: Dynamode USB NIC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Aug 2007 17:30:07 -0000 On Sat, 4 Aug 2007, Giles Williams wrote: > hmmm. i've looked on there - have downloaded the source for the sys files, > and looked in the kernel config file, but found no reference to udav.... > > Any suggestions? oh, the file referenced can be found at src/sys/dev/usb/if_udav.c -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right the first time.