From owner-freebsd-net@FreeBSD.ORG Sun Aug 5 04:41:55 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4FD4E16A418 for ; Sun, 5 Aug 2007 04:41:55 +0000 (UTC) (envelope-from bazy@goofy.celuloza.ro) Received: from goofy.celuloza.ro (goofy.celuloza.ro [89.137.178.124]) by mx1.freebsd.org (Postfix) with ESMTP id 1C5D513C45A for ; Sun, 5 Aug 2007 04:41:54 +0000 (UTC) (envelope-from bazy@goofy.celuloza.ro) Received: from [192.168.0.3] (unknown [192.168.0.3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by goofy.celuloza.ro (Postfix) with ESMTP id 73FFC61C142 for ; Sat, 4 Aug 2007 12:54:46 +0300 (EEST) Message-ID: <46B44CD5.8030707@goofy.celuloza.ro> Date: Sat, 04 Aug 2007 12:54:29 +0300 From: Bazy User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <200708031503.l73F3qQg022165@freefall.freebsd.org> <46B3441F.4090209@FreeBSD.org> <46B35CCF.2020904@dgnetwork.com.br> In-Reply-To: <46B35CCF.2020904@dgnetwork.com.br> X-Enigmail-Version: 0.95.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (goofy.celuloza.ro [0.0.0.0]); Sat, 04 Aug 2007 12:54:46 +0300 (EEST) Subject: Re: kern/78791: [xl] xl(4) input errors and speed problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Aug 2007 04:41:55 -0000 I have the same problem with my "3COM Corp, Networking Division - 3C905-TX Fast Etherlink XL PCI 10/100" xl0, once or twice a week I have to up/down it... I monitored traffic, checked and rechecked my firewall rules, did a pcap capture... no floods, no strange packets running around... now I see that others have the same problem... So, Daniel D. G., did you open a dialog pointing out this bug? :) I can provide you with other information if you need it... just tell me what... Daniel Dias Gonçalves wrote: > Remko Lodder escreveu: >> remko@FreeBSD.org wrote: >> >>> Synopsis: [xl] xl(4) input errors and speed problem >>> >>> Responsible-Changed-From-To: freebsd-bugs->freebsd-net >>> Responsible-Changed-By: remko >>> Responsible-Changed-When: Fri Aug 3 15:03:33 UTC 2007 >>> Responsible-Changed-Why: Reassign to networking team (this is a >>> network card after all). >>> >>> http://www.freebsd.org/cgi/query-pr.cgi?pr=78791 >>> >> >> oh it was closed already ... >> >> > Yes, you Open ? > > -- > Daniel D. G. > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Sun Aug 5 19:40:37 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CD89F16A468 for ; Sun, 5 Aug 2007 19:40:37 +0000 (UTC) (envelope-from netslists@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.226]) by mx1.freebsd.org (Postfix) with ESMTP id 8B0C313C46A for ; Sun, 5 Aug 2007 19:40:37 +0000 (UTC) (envelope-from netslists@gmail.com) Received: by wx-out-0506.google.com with SMTP id i29so971557wxd for ; Sun, 05 Aug 2007 12:40:36 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=FmXKzSDIQLbxZ/g6htr7x7njMhv4y7cJ6mGv8JLnXXwHlrmnkW+0CGyhy5Nh1kkwZZGZU9bNsgtCfPByv0yFpuoEHJ1/meleHzYNEzfMkmwYMZYCnAGsY+imdTZktLIZ0WD5xjbuGj4IXArpeOuPwAX/BioUR+Z8BKLxGE6iWXI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=Qivua3+RnlJ5z1X5RESCQvTS9MsIkmJ5SxPcwBlEQrkpKIxfkCYvBlfUBugn9ESL42b15fOufFjQgFQBakYNdtbqrZ/n5HbmV+DWt1cyM8iUKJFLRx6+PrDOVNC4KwDPWbf6X+MaxNopxarg7/PTiws92kSd1/PIvXI0upUzXOg= Received: by 10.70.65.5 with SMTP id n5mr8614444wxa.1186342836169; Sun, 05 Aug 2007 12:40:36 -0700 (PDT) Received: from ?192.168.12.8? ( [72.189.172.75]) by mx.google.com with ESMTPS id t26sm6213507ele.2007.08.05.12.40.34 (version=SSLv3 cipher=RC4-MD5); Sun, 05 Aug 2007 12:40:35 -0700 (PDT) Message-ID: <46B627AD.1040304@gmail.com> Date: Sun, 05 Aug 2007 15:40:29 -0400 From: Sten Daniel Soersdal User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: Gleb Smirnoff , daniel@dgnetwork.com.br, freebsd-bugs@freebsd.org, freebsd-net@freebsd.org References: <200512270905.jBR95qod022904@freefall.freebsd.org> <46B212A3.7040603@yan.com.br> <20070803082622.GZ21312@glebius.int.ru> In-Reply-To: <20070803082622.GZ21312@glebius.int.ru> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: kern/78791: [xl] xl(4) input errors and speed problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Aug 2007 19:40:37 -0000 Gleb Smirnoff wrote: > On Thu, Aug 02, 2007 at 02:21:39PM -0300, Daniel Dias Gon?alves wrote: > D> > State-Changed-From-To: open->feedback > D> > State-Changed-By: glebius > D> > State-Changed-When: Tue Dec 27 09:03:50 UTC 2005 > D> > State-Changed-Why: Please provide the following information. Is this one > D> > particular card > D> > that experiences errors, or you have tested several 3Com cards and all > D> > fail? > D> > > D> I have same problem, and is not only with card 3com (xl), also with Intel > D> card (fxp). > D> In my servers running FreeBSD 6.1, have constant traffic of +-80mbps and > D> "input errors" (netstat - ni) always increases, use crossover cables and the > D> interfaces fixed "100baseTX-FDX". > D> Frequently with Intel card (fxp), i have that to make ifconfig DOWN/UP in > D> the interface to come back to work. > D> > D> Which the solution for these problems ? > > I think the problem, you've described isn't the same problem as in kern/78791. > I haven't used this card in a long time and i don't know if TX/RX checksum offloading is supported in the FreeBSD driver. Just to sum up my findings. Checksum offloading is bugged, even on windows drivers. Disabling checksum offloading has always resulted in much better performance. Also, when you say using "100baseTX-FDX" you mean between the servers and not via a switch, right? -- Sten Daniel Soersdal From owner-freebsd-net@FreeBSD.ORG Mon Aug 6 11:08:28 2007 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E1A0C16A468 for ; Mon, 6 Aug 2007 11:08:28 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B5DC513C494 for ; Mon, 6 Aug 2007 11:08:28 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l76B8SIH029946 for ; Mon, 6 Aug 2007 11:08:28 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l76B8RIj029942 for freebsd-net@FreeBSD.org; Mon, 6 Aug 2007 11:08:27 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 6 Aug 2007 11:08:27 GMT Message-Id: <200708061108.l76B8RIj029942@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Aug 2007 11:08:29 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- s kern/21998 net [socket] [patch] ident only for outgoing connections a kern/38554 net changing interface ipaddress doesn't seem to work s kern/39937 net ipstealth issue s kern/81147 net [net] [patch] em0 reinitialization while adding aliase o kern/92552 net A serious bug in most network drivers from 5.X to 6.X s kern/95665 net [if_tun] "ping: sendto: No buffer space available" wit s kern/105943 net Network stack may modify read-only mbuf chain copies o kern/106316 net [dummynet] dummynet with multipass ipfw drops packets o kern/108542 net [bce]: Huge network latencies with 6.2-RELEASE / STABL o kern/109406 net [ndis] Broadcom WLAN driver 4.100.15.5 doesn't work wi o kern/110959 net [ipsec] Filtering incoming packets with enc0 does not o kern/112528 net [nfs] NFS over TCP under load hangs with "impossible p o kern/112686 net [patm] patm driver freezes System (FreeBSD 6.2-p4) i38 o kern/112722 net IP v4 udp fragmented packet reject o kern/113359 net [ipv6] panic sbdrop after ICMP6, packet too big o kern/113457 net [ipv6] deadlock occurs if a tunnel goes down while the o kern/113842 net [ipv6] PF_INET6 proto domain state can't be cleared wi o kern/114714 net [gre][patch] gre(4) is not MPSAFE and does not support o kern/114839 net [fxp] fxp looses ability to speak with traffic 19 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/23063 net [PATCH] for static ARP tables in rc.network s bin/41647 net ifconfig(8) doesn't accept lladdr along with inet addr o kern/54383 net [nfs] [patch] NFS root configurations without dynamic s kern/60293 net FreeBSD arp poison patch o kern/95267 net packet drops periodically appear f kern/95277 net [netinet] [patch] IP Encapsulation mask_match() return o kern/100519 net [netisr] suggestion to fix suboptimal network polling o kern/102035 net [plip] plip networking disables parallel port printing o conf/102502 net [patch] ifconfig name does't rename netgraph node in n o kern/103253 net inconsistent behaviour in arp reply of a bridge o conf/107035 net [patch] bridge interface given in rc.conf not taking a o kern/112654 net [pcn] Kernel panic upon if_pcn module load on a Netfin o kern/114095 net [carp] carp+pf delay with high state limit o kern/114915 net [patch] [pcn] pcn (sys/pci/if_pcn.c) ethernet driver f 14 problems total. From owner-freebsd-net@FreeBSD.ORG Mon Aug 6 14:06:44 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3998016A41A for ; Mon, 6 Aug 2007 14:06:44 +0000 (UTC) (envelope-from daniel@dgnetwork.com.br) Received: from mail.mastercabo.com.br (mail.mastercabo.com.br [200.179.179.14]) by mx1.freebsd.org (Postfix) with SMTP id 38B3E13C4CE for ; Mon, 6 Aug 2007 14:06:42 +0000 (UTC) (envelope-from daniel@dgnetwork.com.br) Received: (qmail 71346 invoked by uid 1008); 6 Aug 2007 14:02:57 -0000 X-Spam-Checker-Version: SpamAssassin 3.1.7-unknown (2006-10-05) on srvmail1 X-Spam-Level: X-Spam-Status: No, score=0.8 required=4.7 tests=AWL,BAYES_00,RCVD_IN_XBL autolearn=no version=3.1.7-unknown Received: from unknown (HELO ?127.0.0.1?) (daniel@dgnetwork.com.br@200.251.26.17) by mail.mastercabo.com.br with SMTP; 6 Aug 2007 14:02:51 -0000 Message-ID: <46B72AB6.6030603@dgnetwork.com.br> Date: Mon, 06 Aug 2007 11:05:42 -0300 From: =?UTF-8?B?RGFuaWVsIERpYXMgR29uw6dhbHZlcw==?= Organization: DGNET Network Solutions User-Agent: Thunderbird 1.5.0.12 (Windows/20070509) MIME-Version: 1.0 To: freebsd-net@freebsd.org, freebsd-bugs@freebsd.org References: <200512270905.jBR95qod022904@freefall.freebsd.org> <46B212A3.7040603@yan.com.br> <20070803082622.GZ21312@glebius.int.ru> <46B627AD.1040304@gmail.com> In-Reply-To: <46B627AD.1040304@gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 000763-6, 06/08/2007), Outbound message X-Antivirus-Status: Clean Cc: Sten Daniel Soersdal Subject: Re: kern/78791: [xl] xl(4) input errors and speed problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: daniel@dgnetwork.com.br List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Aug 2007 14:06:44 -0000 Sten Daniel Soersdal escreveu: > Gleb Smirnoff wrote: >> On Thu, Aug 02, 2007 at 02:21:39PM -0300, Daniel Dias Gon?alves wrote: >> D> > State-Changed-From-To: open->feedback >> D> > State-Changed-By: glebius >> D> > State-Changed-When: Tue Dec 27 09:03:50 UTC 2005 >> D> > State-Changed-Why: Please provide the following information. Is >> this one D> > particular card >> D> > that experiences errors, or you have tested several 3Com cards >> and all >> D> > fail? >> D> > >> D> I have same problem, and is not only with card 3com (xl), also >> with Intel D> card (fxp). >> D> In my servers running FreeBSD 6.1, have constant traffic of >> +-80mbps and D> "input errors" (netstat - ni) always increases, use >> crossover cables and the D> interfaces fixed "100baseTX-FDX". >> D> Frequently with Intel card (fxp), i have that to make ifconfig >> DOWN/UP in D> the interface to come back to work. >> D> D> Which the solution for these problems ? >> >> I think the problem, you've described isn't the same problem as in >> kern/78791. >> > > I haven't used this card in a long time and i don't know if TX/RX > checksum offloading is supported in the FreeBSD driver. Just to sum up > my findings. > > Checksum offloading is bugged, even on windows drivers. Disabling > checksum offloading has always resulted in much better performance. > > Also, when you say using "100baseTX-FDX" you mean between the servers > and not via a switch, right? > Yes, not via a switch. -- Daniel D. G. From owner-freebsd-net@FreeBSD.ORG Tue Aug 7 09:58:56 2007 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DA24216A417; Tue, 7 Aug 2007 09:58:56 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id AB43513C45A; Tue, 7 Aug 2007 09:58:56 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l779wuoo007455; Tue, 7 Aug 2007 09:58:56 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l779wuCS007451; Tue, 7 Aug 2007 09:58:56 GMT (envelope-from linimon) Date: Tue, 7 Aug 2007 09:58:56 GMT Message-Id: <200708070958.l779wuCS007451@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-net@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/115239: [ipnat] panic with 'kmem_map too small' using ipnat X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Aug 2007 09:58:57 -0000 Old Synopsis: panic with 'kmem_map too small' using ipnat New Synopsis: [ipnat] panic with 'kmem_map too small' using ipnat Responsible-Changed-From-To: freebsd-bugs->freebsd-net Responsible-Changed-By: linimon Responsible-Changed-When: Tue Aug 7 09:57:18 UTC 2007 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=115239 From owner-freebsd-net@FreeBSD.ORG Wed Aug 8 22:05:06 2007 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6F1CA16A417 for ; Wed, 8 Aug 2007 22:05:06 +0000 (UTC) (envelope-from brett@lariat.net) Received: from lariat.net (lariat.net [66.119.58.2]) by mx1.freebsd.org (Postfix) with ESMTP id E4A9A13C468 for ; Wed, 8 Aug 2007 22:05:05 +0000 (UTC) (envelope-from brett@lariat.net) Received: from anne-o1dpaayth1.lariat.org (IDENT:ppp1000.lariat.net@lariat.net [66.119.58.2]) by lariat.net (8.9.3/8.9.3) with ESMTP id QAA14169 for ; Wed, 8 Aug 2007 16:05:00 -0600 (MDT) Message-Id: <200708082205.QAA14169@lariat.net> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Wed, 08 Aug 2007 16:04:47 -0600 To: net@freebsd.org From: Brett Glass Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Cc: Subject: SSTP support? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Aug 2007 22:05:06 -0000 All: Microsoft has apparently come out with a new VPN protocol called SSTP. There's no RFC for it, but it's essentially PPP over SSL, with the encryption coming from SSL and the authentication still done within PPP. It should be an improvement over PPTP, which is blocked by default by all of the major Windows firewalls (even though the security problems in it have pretty much been fixed) and has many incompatible or marginal implementations. PPTP is turning into a tech support nightmare, and we'd be eager to replace it with something similar that was more reliable and goof-proof. It seems as if it would be easy to cobble together an SSTP client and server using code already available on FreeBSD. (It'd require a daemon for userland PPP and probably an SSL Netgraph node -- which, surprisingly, doesn't seem to exist already -- for mpd.) Is anyone already working on such a project? --Brett Glass From owner-freebsd-net@FreeBSD.ORG Thu Aug 9 11:41:49 2007 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8F76116A419 for ; Thu, 9 Aug 2007 11:41:49 +0000 (UTC) (envelope-from emss@free.fr) Received: from kraid.nerim.net (kraid.ipv6.nerim.net [IPv6:2001:7a8:1:1::95]) by mx1.freebsd.org (Postfix) with ESMTP id 1A46F13C457 for ; Thu, 9 Aug 2007 11:41:49 +0000 (UTC) (envelope-from emss@free.fr) Received: from srvbsdnanssv.interne.kisoft-services.com (kisoft.net1.nerim.net [62.212.107.51]) by kraid.nerim.net (Postfix) with ESMTP id 2A710CF0E7; Thu, 9 Aug 2007 13:41:45 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by srvbsdnanssv.interne.kisoft-services.com (Postfix) with ESMTP id 7B584CE79; Thu, 9 Aug 2007 13:41:39 +0200 (CEST) X-Virus-Scanned: amavisd-new at interne.kisoft-services.com Received: from srvbsdnanssv.interne.kisoft-services.com ([127.0.0.1]) by localhost (srvbsdnanssv.interne.kisoft-services.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y62hgCm-MKPX; Thu, 9 Aug 2007 13:41:33 +0200 (CEST) Received: by srvbsdnanssv.interne.kisoft-services.com (Postfix, from userid 1001) id 68CE8CDD8; Thu, 9 Aug 2007 13:41:33 +0200 (CEST) To: Brett Glass From: Eric Masson In-Reply-To: <200708082205.QAA14169@lariat.net> (Brett Glass's message of "Wed, 08 Aug 2007 16:04:47 -0600") References: <200708082205.QAA14169@lariat.net> X-Operating-System: FreeBSD 6.2-RELEASE-p7 i386 Date: Thu, 09 Aug 2007 13:41:33 +0200 Message-ID: <86ps1xhr4i.fsf@srvbsdnanssv.interne.kisoft-services.com> User-Agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 8bit Cc: net@freebsd.org Subject: Re: SSTP support? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Aug 2007 11:41:49 -0000 Brett Glass writes: Hi, > It seems as if it would be easy to cobble together an SSTP client and > server using code already available on FreeBSD. (It'd require a daemon > for userland PPP and probably an SSL Netgraph node -- which, > surprisingly, doesn't seem to exist already -- for mpd.) Is anyone > already working on such a project? There's something similar in the ports collection : /usr/ports/net/ssltunnel-server /usr/ports/net/ssltunnel-client It's been written by A. Thivillon from HSC (http://www.hsc.fr), actual setup uses pppd(8) and thus may lead to instabilities, but It can use ppp(8). Maybe It could be used as a starting point. -- GB> Quel est le titre du générique de jour de foot écrit par d halliday Vous commencez a nous gonfler a demander qui a ecrit la ziq de JDF ! Je repond une derniere fois : David Halliday ET ARRETEZ DE NOUS BASSINER -+- OM in : footu foouteu se foorvoie -+- From owner-freebsd-net@FreeBSD.ORG Thu Aug 9 14:19:44 2007 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ACD1A16A418 for ; Thu, 9 Aug 2007 14:19:44 +0000 (UTC) (envelope-from brett@lariat.net) Received: from lariat.net (lariat.net [66.119.58.2]) by mx1.freebsd.org (Postfix) with ESMTP id 4EF8613C46C for ; Thu, 9 Aug 2007 14:19:44 +0000 (UTC) (envelope-from brett@lariat.net) Received: from anne-o1dpaayth1.lariat.org (IDENT:ppp1000.lariat.net@lariat.net [66.119.58.2]) by lariat.net (8.9.3/8.9.3) with ESMTP id IAA26238; Thu, 9 Aug 2007 08:19:39 -0600 (MDT) Message-Id: <200708091419.IAA26238@lariat.net> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Thu, 09 Aug 2007 08:19:28 -0600 To: Eric Masson From: Brett Glass In-Reply-To: <86ps1xhr4i.fsf@srvbsdnanssv.interne.kisoft-services.com> References: <200708082205.QAA14169@lariat.net> <86ps1xhr4i.fsf@srvbsdnanssv.interne.kisoft-services.com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: 8bit Cc: net@freebsd.org Subject: Re: SSTP support? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Aug 2007 14:19:44 -0000 Eric: Maybe. However, I just got a message from a Microsoft employee named Samir Jain that indicates SSTP may not be a viable standard -- or, in fact, a standard at all. He says that Microsoft is implementing it only on Vista, not XP... even though most hardware out there which runs XP cannot support the memory or CPU requirements of Vista. And he says that Microsoft doesn't intend to put out an RFC for SSTP; instead, it will be "licensed to third parties." Of course, due to the prior art you mention below, it can't be patented, and the recent consent decree requires Microsoft to make it available to third parties. In any event, this silly and self-destructive behavior by Microsoft may make it moot.... Hope they'll come to their senses. --Brett Glass At 05:41 AM 8/9/2007, Eric Masson wrote: >Brett Glass writes: > >Hi, > > > It seems as if it would be easy to cobble together an SSTP client and > > server using code already available on FreeBSD. (It'd require a daemon > > for userland PPP and probably an SSL Netgraph node -- which, > > surprisingly, doesn't seem to exist already -- for mpd.) Is anyone > > already working on such a project? > >There's something similar in the ports collection : >/usr/ports/net/ssltunnel-server >/usr/ports/net/ssltunnel-client > >It's been written by A. Thivillon from HSC (http://www.hsc.fr), actual >setup uses pppd(8) and thus may lead to instabilities, but It can use >ppp(8). > >Maybe It could be used as a starting point. > >-- > GB> Quel est le titre du générique de jour de foot écrit par d halliday > Vous commencez a nous gonfler a demander qui a ecrit la ziq de JDF ! Je > repond une derniere fois : David Halliday ET ARRETEZ DE NOUS BASSINER > -+- OM in : footu foouteu se foorvoie -+- From owner-freebsd-net@FreeBSD.ORG Thu Aug 9 19:21:32 2007 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 39F8A16A417; Thu, 9 Aug 2007 19:21:32 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 1004413C46E; Thu, 9 Aug 2007 19:21:32 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from freefall.freebsd.org (remko@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l79JLVTS050448; Thu, 9 Aug 2007 19:21:31 GMT (envelope-from remko@freefall.freebsd.org) Received: (from remko@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l79JLVM8050444; Thu, 9 Aug 2007 19:21:31 GMT (envelope-from remko) Date: Thu, 9 Aug 2007 19:21:31 GMT Message-Id: <200708091921.l79JLVM8050444@freefall.freebsd.org> To: remko@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-net@FreeBSD.org From: remko@FreeBSD.org Cc: Subject: Re: kern/115360: IPv6 address and if_bridge don't play well together. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Aug 2007 19:21:32 -0000 Synopsis: IPv6 address and if_bridge don't play well together. Responsible-Changed-From-To: freebsd-bugs->freebsd-net Responsible-Changed-By: remko Responsible-Changed-When: Thu Aug 9 19:21:31 UTC 2007 Responsible-Changed-Why: This sounds more suitable for the networking team, reassign. http://www.freebsd.org/cgi/query-pr.cgi?pr=115360 From owner-freebsd-net@FreeBSD.ORG Thu Aug 9 19:40:18 2007 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1999616A417 for ; Thu, 9 Aug 2007 19:40:18 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 09FA113C465 for ; Thu, 9 Aug 2007 19:40:18 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l79JeH5s052168 for ; Thu, 9 Aug 2007 19:40:17 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l79JeHd4052167; Thu, 9 Aug 2007 19:40:17 GMT (envelope-from gnats) Date: Thu, 9 Aug 2007 19:40:17 GMT Message-Id: <200708091940.l79JeHd4052167@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: David Gilbert Cc: Subject: Re: kern/115360: IPv6 address and if_bridge don't play well together. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: David Gilbert List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Aug 2007 19:40:18 -0000 The following reply was made to PR kern/115360; it has been noted by GNATS. From: David Gilbert To: Andrew Thompson Cc: bug-followup@FreeBSD.org, dgilbert@daveg.ca Subject: Re: kern/115360: IPv6 address and if_bridge don't play well together. Date: Thu, 9 Aug 2007 15:13:58 -0400 >>>>> "Andrew" == Andrew Thompson writes: Andrew> Hi David, Both the ipv4 and ipv6 addresses should really be Andrew> assigned to the bridge0 interface itself. Please report back Andrew> if it works or not. I will test this later this evening as I'm trying to get work done now (after having solved the immediate problem). However, if this is the case, I respectfully submit that this should be a doc-bug, then, as there is no clue in the if_bridge manual page that addresses on the added ethernet segments will not work correctly. Dave. -- ============================================================================ |David Gilbert, Independent Contractor. | Two things can be | |Mail: dave@daveg.ca | equal if and only if they | |http://daveg.ca | are precisely opposite. | =========================================================GLO================ From owner-freebsd-net@FreeBSD.ORG Fri Aug 10 02:23:53 2007 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8D04416A417 for ; Fri, 10 Aug 2007 02:23:53 +0000 (UTC) (envelope-from ecrist@secure-computing.net) Received: from snipe.secure-computing.net (snipe.secure-computing.net [209.240.66.149]) by mx1.freebsd.org (Postfix) with ESMTP id 5C68A13C459 for ; Fri, 10 Aug 2007 02:23:53 +0000 (UTC) (envelope-from ecrist@secure-computing.net) Received: from [192.168.1.3] (unknown [209.240.66.157]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: ecrist@secure-computing.net) by snipe.secure-computing.net (Postfix) with ESMTP id 3B1C717021; Thu, 9 Aug 2007 21:23:52 -0500 (CDT) In-Reply-To: <200708091940.l79JeHd4052167@freefall.freebsd.org> References: <200708091940.l79JeHd4052167@freefall.freebsd.org> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <1AA36625-1FED-4E6A-B82C-0FC8494781E5@secure-computing.net> Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.752.3) From: Eric F Crist Date: Thu, 9 Aug 2007 21:23:51 -0500 To: David Gilbert Cc: freebsd-net@FreeBSD.org Subject: Re: kern/115360: IPv6 address and if_bridge don't play well together. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Aug 2007 02:23:53 -0000 On Aug 9, 2007, at 7:40 PMAug 9, 2007, David Gilbert wrote: > The following reply was made to PR kern/115360; it has been noted > by GNATS. > > From: David Gilbert > To: Andrew Thompson > Cc: bug-followup@FreeBSD.org, > dgilbert@daveg.ca > Subject: Re: kern/115360: IPv6 address and if_bridge don't play > well together. > Date: Thu, 9 Aug 2007 15:13:58 -0400 > >>>>>> "Andrew" == Andrew Thompson writes: > > Andrew> Hi David, Both the ipv4 and ipv6 addresses should really be > Andrew> assigned to the bridge0 interface itself. Please report back > Andrew> if it works or not. > > I will test this later this evening as I'm trying to get work done > now > (after having solved the immediate problem). However, if this is the > case, I respectfully submit that this should be a doc-bug, then, as > there is no clue in the if_bridge manual page that addresses on the > added ethernet segments will not work correctly. > > FWIW, I've been using if_bridge for a short while (month or two) and I've got all my IPs assigned to the interfaces themselves, and not bridge0. I'm not using em or dc cards, but everything works great. I'm using the fxp driver on both cards (Dell PowerEdge 1550 dual 10/100 interfaces). Feel free to ask more about my setup, if I can help at all. ----- Eric F Crist Secure Computing Networks From owner-freebsd-net@FreeBSD.ORG Fri Aug 10 03:51:56 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8AF9E16A417 for ; Fri, 10 Aug 2007 03:51:56 +0000 (UTC) (envelope-from Susan.Lan@zyxel.com.tw) Received: from zyfb01-66.zyxel.com.tw (zyfb01-66.zyxel.com.tw [59.124.183.66]) by mx1.freebsd.org (Postfix) with ESMTP id 36A7A13C480 for ; Fri, 10 Aug 2007 03:51:56 +0000 (UTC) (envelope-from Susan.Lan@zyxel.com.tw) Received: from zytwbe01.zyxel.com ([172.23.5.10]) by zyfb01-66.zyxel.com.tw with Microsoft SMTPSVC(6.0.3790.1830); Fri, 10 Aug 2007 11:51:54 +0800 Received: from zytwfe01.ZyXEL.com ([172.23.5.5]) by zytwbe01.zyxel.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 10 Aug 2007 11:51:54 +0800 Received: from [172.23.17.155] ([172.23.17.155]) by zytwfe01.ZyXEL.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 10 Aug 2007 11:51:54 +0800 Message-ID: <46BBE0E9.1070707@zyxel.com.tw> Date: Fri, 10 Aug 2007 11:52:09 +0800 From: blue User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 10 Aug 2007 03:51:54.0605 (UTC) FILETIME=[CABAF9D0:01C7DB01] Subject: A and AAAA DNS query process in getaddrinfo()? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Aug 2007 03:51:56 -0000 Dear all: When looking into kame-20070801-freebsd54-snap, the function, _dns_getaddrinfo(), defined in getaddrinfo.c, will check if the device gets any IPv4/global IPv6 address before sending out any A/AAAA query by calling addrconfig() if the user does not specify the family type (AF_UNSPEC). However, FreeBSD-CURRENT (known is going to be FreeBSD7.0), does not do the process. Do we need to do the same check before sending out the A/AAAA query? Thanks. BR, Yi-Wen From owner-freebsd-net@FreeBSD.ORG Fri Aug 10 04:28:05 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AE43616A51A for ; Fri, 10 Aug 2007 04:28:05 +0000 (UTC) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [IPv6:2001:200:1b1::35]) by mx1.freebsd.org (Postfix) with ESMTP id 7B39213C4FA for ; Fri, 10 Aug 2007 04:28:05 +0000 (UTC) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from jmb.local (unknown [IPv6:2001:200:1b1:101a:217:f2ff:fe26:34a0]) by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP id EFF937301E; Fri, 10 Aug 2007 13:28:03 +0900 (JST) Date: Fri, 10 Aug 2007 13:27:56 +0900 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: blue In-Reply-To: <46BBE0E9.1070707@zyxel.com.tw> References: <46BBE0E9.1070707@zyxel.com.tw> User-Agent: Wanderlust/2.14.0 (Africa) Emacs/22.0 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: freebsd-net@freebsd.org Subject: Re: A and AAAA DNS query process in getaddrinfo()? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Aug 2007 04:28:05 -0000 At Fri, 10 Aug 2007 11:52:09 +0800, blue wrote: > When looking into kame-20070801-freebsd54-snap, the function, > _dns_getaddrinfo(), defined in getaddrinfo.c, will check if the device > gets any IPv4/global IPv6 address before sending out any A/AAAA query by > calling addrconfig() if the user does not specify the family type > (AF_UNSPEC). However, FreeBSD-CURRENT (known is going to be FreeBSD7.0), > does not do the process. > > Do we need to do the same check before sending out the A/AAAA query? I'm afraid just asking this question without providing a context could be misleading. I guess this is a continuation of a thread of the snap-users@kame list: ftp://ftp.kame.net/pub/mail-list/snap-users/9541 ftp://ftp.kame.net/pub/mail-list/snap-users/9544 If so, we should discuss this with the understanding of why KAME-snap version behaves that way, specifically referring to Section 3 (especially 3.4.1) of this document: http://v6fix.net/docs/wide-draft-v6fix.en We (KAME) thought the behavior was reasonable but we were also afraid this might be too experimental to incorporate to *BSD release versions at that time. That's why it's not in the FreeBSD repository. I'm interested in what others think on this. If others think this feature is reasonable, too, and want it, I'm happy to commit the change to the FreeBSD repository. JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp From owner-freebsd-net@FreeBSD.ORG Fri Aug 10 04:49:09 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F32B116A421 for ; Fri, 10 Aug 2007 04:49:08 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by mx1.freebsd.org (Postfix) with ESMTP id 874D413C45D for ; Fri, 10 Aug 2007 04:49:03 +0000 (UTC) (envelope-from max@love2party.net) Received: from [88.66.35.129] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu0) with ESMTP (Nemesis), id 0MKwh2-1IJMQe42Jv-0003sq; Fri, 10 Aug 2007 06:48:54 +0200 From: Max Laier Organization: FreeBSD To: freebsd-net@freebsd.org Date: Fri, 10 Aug 2007 06:48:43 +0200 User-Agent: KMail/1.9.7 References: <46BBE0E9.1070707@zyxel.com.tw> In-Reply-To: X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart5964980.ysTFfm3B9j"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200708100648.51663.max@love2party.net> X-Provags-ID: V01U2FsdGVkX1//UH81R1OFqpa/Zs5e4Okx1uNOtEWWJc8fh2f ZuH4YJGMV4VnQi/TETYhLcuNjSNoACLpE58Dg4HEkO1Si928Fp /TRA7uP0V5jZJmyXUyy5CQT0+HhR9kvAOCEvku0XNc= Cc: blue , JINMEI Tatuya / =?utf-8?q?=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?= Subject: Re: A and AAAA DNS query process in getaddrinfo()? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Aug 2007 04:49:09 -0000 --nextPart5964980.ysTFfm3B9j Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 10 August 2007, JINMEI Tatuya / =E7=A5=9E=E6=98=8E=E9=81=94=E5=93= =89 wrote: > At Fri, 10 Aug 2007 11:52:09 +0800, > > blue wrote: > > When looking into kame-20070801-freebsd54-snap, the function, > > _dns_getaddrinfo(), defined in getaddrinfo.c, will check if the > > device gets any IPv4/global IPv6 address before sending out any > > A/AAAA query by calling addrconfig() if the user does not specify the > > family type (AF_UNSPEC). However, FreeBSD-CURRENT (known is going to > > be FreeBSD7.0), does not do the process. > > > > Do we need to do the same check before sending out the A/AAAA query? > > I'm afraid just asking this question without providing a context could > be misleading. I guess this is a continuation of a thread of the > snap-users@kame list: > > ftp://ftp.kame.net/pub/mail-list/snap-users/9541 > ftp://ftp.kame.net/pub/mail-list/snap-users/9544 > > If so, we should discuss this with the understanding of why KAME-snap > version behaves that way, specifically referring to Section 3 > (especially 3.4.1) of this document: > http://v6fix.net/docs/wide-draft-v6fix.en > > We (KAME) thought the behavior was reasonable but we were also afraid > this might be too experimental to incorporate to *BSD release > versions at that time. That's why it's not in the FreeBSD repository. > I'm interested in what others think on this. If others think this > feature is reasonable, too, and want it, I'm happy to commit the > change to the FreeBSD repository. I agree with the reasoning in the document you reference above. =20 getaddrinfo is a convenience resolver and thus it's a good thing to=20 return reasonable defaults. Not returning AAAA when there are no IPv6=20 addresses around seems reasonable to me. I'm not sure it's a good idea=20 to go the other way (i.e. not sending A queries when there are no IPv4=20 addresses), however. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart5964980.ysTFfm3B9j Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBGu+4zXyyEoT62BG0RAtkeAJ4jfGW4G4CV5q6Ydvqe2aYrTk29mwCffvN5 hffOkRtm4HTmHQYB2fMPTKA= =bGl3 -----END PGP SIGNATURE----- --nextPart5964980.ysTFfm3B9j-- From owner-freebsd-net@FreeBSD.ORG Fri Aug 10 05:54:36 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3BBD216A418 for ; Fri, 10 Aug 2007 05:54:36 +0000 (UTC) (envelope-from Susan.Lan@zyxel.com.tw) Received: from zyfb01-66.zyxel.com.tw (zyfb01-66.zyxel.com.tw [59.124.183.66]) by mx1.freebsd.org (Postfix) with ESMTP id C87A713C457 for ; Fri, 10 Aug 2007 05:54:35 +0000 (UTC) (envelope-from Susan.Lan@zyxel.com.tw) Received: from zytwbe01.zyxel.com ([172.23.5.10]) by zyfb01-66.zyxel.com.tw with Microsoft SMTPSVC(6.0.3790.1830); Fri, 10 Aug 2007 13:54:34 +0800 Received: from zytwfe01.ZyXEL.com ([172.23.5.5]) by zytwbe01.zyxel.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 10 Aug 2007 13:54:31 +0800 Received: from [172.23.17.155] ([172.23.17.155]) by zytwfe01.ZyXEL.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 10 Aug 2007 13:45:29 +0800 Message-ID: <46BBFB8A.1080509@zyxel.com.tw> Date: Fri, 10 Aug 2007 13:45:46 +0800 From: blue User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Max Laier References: <46BBE0E9.1070707@zyxel.com.tw> <200708100648.51663.max@love2party.net> In-Reply-To: <200708100648.51663.max@love2party.net> X-OriginalArrivalTime: 10 Aug 2007 05:45:29.0325 (UTC) FILETIME=[A89EB9D0:01C7DB11] Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: =?UTF-8?B?SklOTUVJIFRhdHV5YSAvIOelnuaYjumBlA==?=, freebsd-net@freebsd.org, =?UTF-8?B?5ZOJ?= Subject: Re: A and AAAA DNS query process in getaddrinfo()? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Aug 2007 05:54:36 -0000 Max Laier wrote: >On Friday 10 August 2007, JINMEI Tatuya / 神明é”哉 wrote: > > >>At Fri, 10 Aug 2007 11:52:09 +0800, >> >>blue wrote: >> >> >>>When looking into kame-20070801-freebsd54-snap, the function, >>>_dns_getaddrinfo(), defined in getaddrinfo.c, will check if the >>>device gets any IPv4/global IPv6 address before sending out any >>>A/AAAA query by calling addrconfig() if the user does not specify the >>>family type (AF_UNSPEC). However, FreeBSD-CURRENT (known is going to >>>be FreeBSD7.0), does not do the process. >>> >>>Do we need to do the same check before sending out the A/AAAA query? >>> >>> >>I'm afraid just asking this question without providing a context could >>be misleading. I guess this is a continuation of a thread of the >>snap-users@kame list: >> >>ftp://ftp.kame.net/pub/mail-list/snap-users/9541 >>ftp://ftp.kame.net/pub/mail-list/snap-users/9544 >> >>If so, we should discuss this with the understanding of why KAME-snap >>version behaves that way, specifically referring to Section 3 >>(especially 3.4.1) of this document: >>http://v6fix.net/docs/wide-draft-v6fix.en >> >>We (KAME) thought the behavior was reasonable but we were also afraid >>this might be too experimental to incorporate to *BSD release >>versions at that time. That's why it's not in the FreeBSD repository. >>I'm interested in what others think on this. If others think this >>feature is reasonable, too, and want it, I'm happy to commit the >>change to the FreeBSD repository. >> >> > >I agree with the reasoning in the document you reference above. >getaddrinfo is a convenience resolver and thus it's a good thing to >return reasonable defaults. Not returning AAAA when there are no IPv6 >addresses around seems reasonable to me. I'm not sure it's a good idea >to go the other way (i.e. not sending A queries when there are no IPv4 >addresses), however. > > > Although DNS resolver may lead to some delay or misbehavior of the upper application, I think that would be caller's resposibility to decide which result it would like to use. I am not so sure about the check in KAME implementation, in getaddrinfo.c: _dns_getaddrinfo( void *rv, void *cb_data, va_list ap ){ ..... switch (pai->ai_family) { case AF_UNSPEC: qp = &q; buf_current = buf; /* * Since queries for AAAA can cause unexpected misbehavior, * we first send A queries. Note that the query ordering * is independent from the ordering of the resulting addresses * returned by getaddrinfo(). */ if (addrconfig(AF_INET, ac)) { qp->name = hostname; qp->qclass = C_IN; qp->qtype = T_A; qp->answer = buf_current->buf; qp->anslen = sizeof(buf_current->buf); if (addrconfig(AF_INET6, ac)) { qp->next = &q2; buf_current = buf2; qp = &q2; } } if (addrconfig(AF_INET6, ac)) { qp->name = hostname; qp->qclass = C_IN; qp->qtype = T_AAAA; qp->answer = buf_current->buf; qp->anslen = sizeof(buf_current->buf); } break; case AF_INET: q.name = hostname; q.qclass = C_IN; q.qtype = T_A; q.answer = buf->buf; q.anslen = sizeof(buf->buf); break; case AF_INET6: q.name = hostname; q.qclass = C_IN; q.qtype = T_AAAA; q.answer = buf->buf; q.anslen = sizeof(buf->buf); break; default: free(buf); free(buf2); return NS_UNAVAIL; } ..... } Why the check for avilable IPv4/IPv6 address, addrconfig(), only applies when the hints' family type is AF_UNSPEC? I think if delaying the upper application is a concern, the check should be applied no matter what family type it is. Thanks. Best regards, Yi-Wen From owner-freebsd-net@FreeBSD.ORG Fri Aug 10 08:29:51 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 36D9F16A419 for ; Fri, 10 Aug 2007 08:29:51 +0000 (UTC) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [IPv6:2001:200:1b1::35]) by mx1.freebsd.org (Postfix) with ESMTP id 074F813C45E for ; Fri, 10 Aug 2007 08:29:51 +0000 (UTC) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from jmb.local (unknown [IPv6:2001:200:1b1:1010:217:f2ff:fe26:34a0]) by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP id BDDD47301E; Fri, 10 Aug 2007 17:29:49 +0900 (JST) Date: Fri, 10 Aug 2007 17:29:41 +0900 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: blue In-Reply-To: <46BBFB8A.1080509@zyxel.com.tw> References: <46BBE0E9.1070707@zyxel.com.tw> <200708100648.51663.max@love2party.net> <46BBFB8A.1080509@zyxel.com.tw> User-Agent: Wanderlust/2.14.0 (Africa) Emacs/22.0 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: Max Laier , freebsd-net@freebsd.org Subject: Re: A and AAAA DNS query process in getaddrinfo()? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Aug 2007 08:29:51 -0000 At Fri, 10 Aug 2007 13:45:46 +0800, blue wrote: > Although DNS resolver may lead to some delay or misbehavior of the upper > application, I think that would be caller's resposibility to decide > which result it would like to use. I am not so sure about the check in > KAME implementation, in getaddrinfo.c: (snip) > Why the check for avilable IPv4/IPv6 address, addrconfig(), only applies > when the hints' family type is AF_UNSPEC? I think if delaying the upper > application is a concern, the check should be applied no matter what > family type it is. I thought the v6fix document provided sufficient background to answer these questions, but in case it didn't I'm going to rephrase the points: - ideally, we'd not want to introduce the special behavior; as you indicated above, the ideal behavior for getaddrinfo() called with AF_UNSPEC would be to return all possible IPv4 and IPv6 addresses via A and AAAA queries. - unfortunately, however, a dual stack application running on IPv4-only node could suffer from various problems due to misbehaving DNS servers if the underlying resolver sends out AAAA queries. Note that the most typical behavior for such dual stack applications is to call getaddrinfo() with AF_UNSPEC. - the specific behavior of the KAME-snap version of getaddrinfo() is a workaround to mitigate the problem in the conflicting situation, yet still being compliant to the API specification. - since this is a workaround, we'd not want to do the same ugly hack for the less common case of getaddrinfo() called with AF_INET6. Also, in this case the node without an effective IPv6 address would not be able to make any IPv6 communication regardless of the getaddrinfo() results or how long it takes, and the application doesn't have any alternative network protocol unlike the case of AF_UNSPEC, so introducing the same hack doesn't actually help the application. - so, comparison between the AF_UNSPEC case and the AF_INET6/AF_INET case in terms of superficial consistency doesn't really make sense. JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp From owner-freebsd-net@FreeBSD.ORG Fri Aug 10 08:55:31 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3271816A418 for ; Fri, 10 Aug 2007 08:55:31 +0000 (UTC) (envelope-from Susan.Lan@zyxel.com.tw) Received: from zyfb01-66.zyxel.com.tw (zyfb01-66.zyxel.com.tw [59.124.183.66]) by mx1.freebsd.org (Postfix) with ESMTP id CBD1A13C46A for ; Fri, 10 Aug 2007 08:55:30 +0000 (UTC) (envelope-from Susan.Lan@zyxel.com.tw) Received: from zytwbe01.zyxel.com ([172.23.5.10]) by zyfb01-66.zyxel.com.tw with Microsoft SMTPSVC(6.0.3790.1830); Fri, 10 Aug 2007 16:55:29 +0800 Received: from zytwfe01.ZyXEL.com ([172.23.5.5]) by zytwbe01.zyxel.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 10 Aug 2007 16:55:29 +0800 Received: from [172.23.17.155] ([172.23.17.155]) by zytwfe01.ZyXEL.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 10 Aug 2007 16:55:28 +0800 Message-ID: <46BC2811.7020807@zyxel.com.tw> Date: Fri, 10 Aug 2007 16:55:45 +0800 From: blue User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103) X-Accept-Language: en-us, en MIME-Version: 1.0 References: <46BBE0E9.1070707@zyxel.com.tw> <200708100648.51663.max@love2party.net> <46BBFB8A.1080509@zyxel.com.tw> In-Reply-To: X-OriginalArrivalTime: 10 Aug 2007 08:55:28.0898 (UTC) FILETIME=[334B8620:01C7DB2C] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Max Laier , blue , freebsd-net@freebsd.org Subject: Re: A and AAAA DNS query process in getaddrinfo()? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Aug 2007 08:55:31 -0000 JINMEI Tatuya / ???? wrote: >At Fri, 10 Aug 2007 13:45:46 +0800, >blue wrote: > > > >>Although DNS resolver may lead to some delay or misbehavior of the upper >>application, I think that would be caller's resposibility to decide >>which result it would like to use. I am not so sure about the check in >>KAME implementation, in getaddrinfo.c: >> >> > >(snip) > > > >>Why the check for avilable IPv4/IPv6 address, addrconfig(), only applies >>when the hints' family type is AF_UNSPEC? I think if delaying the upper >>application is a concern, the check should be applied no matter what >>family type it is. >> >> > >I thought the v6fix document provided sufficient background to answer >these questions, but in case it didn't I'm going to rephrase the >points: > >- ideally, we'd not want to introduce the special behavior; as you > indicated above, the ideal behavior for getaddrinfo() called with > AF_UNSPEC would be to return all possible IPv4 and IPv6 addresses > via A and AAAA queries. >- unfortunately, however, a dual stack application running on > IPv4-only node could suffer from various problems due to misbehaving > DNS servers if the underlying resolver sends out AAAA queries. Note > that the most typical behavior for such dual stack applications is > to call getaddrinfo() with AF_UNSPEC. >- the specific behavior of the KAME-snap version of getaddrinfo() is a > workaround to mitigate the problem in the conflicting situation, yet > still being compliant to the API specification. >- since this is a workaround, we'd not want to do the same ugly hack > for the less common case of getaddrinfo() called with AF_INET6. > Also, in this case the node without an effective IPv6 address would > not be able to make any IPv6 communication regardless of the > getaddrinfo() results or how long it takes, and the application > doesn't have any alternative network protocol unlike the case of > AF_UNSPEC, so introducing the same hack doesn't actually help the > application. >- so, comparison between the AF_UNSPEC case and the AF_INET6/AF_INET > case in terms of superficial consistency doesn't really make sense. > > JINMEI, Tatuya > Communication Platform Lab. > Corporate R&D Center, Toshiba Corp. > jinmei@isl.rdc.toshiba.co.jp > > > Dear Jinmei: Thanks for your detailed explanation, and I have a deeper insight into the problem that IPv4/IPv6 dual stack may introduce to current applications. Best regards, Yi-Wen From owner-freebsd-net@FreeBSD.ORG Fri Aug 10 12:59:36 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 707F116A420 for ; Fri, 10 Aug 2007 12:59:36 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by mx1.freebsd.org (Postfix) with ESMTP id A45D013C46A for ; Fri, 10 Aug 2007 12:59:34 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.5) with SMTP id WAA04625; Fri, 10 Aug 2007 22:59:12 +1000 (EST) (envelope-from smithi@nimnet.asn.au) Date: Fri, 10 Aug 2007 22:59:11 +1000 (EST) From: Ian Smith To: blue In-Reply-To: <46BC2811.7020807@zyxel.com.tw> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: Max Laier , JINMEI Tatuya , freebsd-net@freebsd.org Subject: Re: A and AAAA DNS query process in getaddrinfo()? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Aug 2007 12:59:36 -0000 On Fri, 10 Aug 2007, blue wrote: > JINMEI Tatuya / ???? wrote: > > >At Fri, 10 Aug 2007 13:45:46 +0800, > >blue wrote: > > > > > > > >>Although DNS resolver may lead to some delay or misbehavior of the upper > >>application, I think that would be caller's resposibility to decide > >>which result it would like to use. I am not so sure about the check in > >>KAME implementation, in getaddrinfo.c: > >> > >> > > > >(snip) > > > > > > > >>Why the check for avilable IPv4/IPv6 address, addrconfig(), only applies > >>when the hints' family type is AF_UNSPEC? I think if delaying the upper > >>application is a concern, the check should be applied no matter what > >>family type it is. > >> > >> > > > >I thought the v6fix document provided sufficient background to answer > >these questions, but in case it didn't I'm going to rephrase the > >points: > > > >- ideally, we'd not want to introduce the special behavior; as you > > indicated above, the ideal behavior for getaddrinfo() called with > > AF_UNSPEC would be to return all possible IPv4 and IPv6 addresses > > via A and AAAA queries. > >- unfortunately, however, a dual stack application running on > > IPv4-only node could suffer from various problems due to misbehaving > > DNS servers if the underlying resolver sends out AAAA queries. Note > > that the most typical behavior for such dual stack applications is > > to call getaddrinfo() with AF_UNSPEC. > >- the specific behavior of the KAME-snap version of getaddrinfo() is a > > workaround to mitigate the problem in the conflicting situation, yet > > still being compliant to the API specification. > >- since this is a workaround, we'd not want to do the same ugly hack > > for the less common case of getaddrinfo() called with AF_INET6. > > Also, in this case the node without an effective IPv6 address would > > not be able to make any IPv6 communication regardless of the > > getaddrinfo() results or how long it takes, and the application > > doesn't have any alternative network protocol unlike the case of > > AF_UNSPEC, so introducing the same hack doesn't actually help the > > application. > >- so, comparison between the AF_UNSPEC case and the AF_INET6/AF_INET > > case in terms of superficial consistency doesn't really make sense. > > > > JINMEI, Tatuya > > Communication Platform Lab. > > Corporate R&D Center, Toshiba Corp. > > jinmei@isl.rdc.toshiba.co.jp > > > > > > > Dear Jinmei: > > Thanks for your detailed explanation, and I have a deeper insight into > the problem that IPv4/IPv6 dual stack may introduce to current applications. > > Best regards, > > Yi-Wen Perhaps in some ways relevant to this discussion is a new (Aug 1) article by Geoff Huston, mentioning AAAA / A query order issues: http://www.circleid.com/posts/transition_to_ipv6_address/ Cheers, Ian From owner-freebsd-net@FreeBSD.ORG Fri Aug 10 16:09:00 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F322716A417 for ; Fri, 10 Aug 2007 16:08:59 +0000 (UTC) (envelope-from dgilbert@daveg.ca) Received: from ox.eicat.ca (ox.eicat.ca [66.96.30.35]) by mx1.freebsd.org (Postfix) with ESMTP id 353D613C4A8 for ; Fri, 10 Aug 2007 16:08:58 +0000 (UTC) (envelope-from dgilbert@daveg.ca) Received: by ox.eicat.ca (Postfix, from userid 66) id E5E0ADAB4; Fri, 10 Aug 2007 11:40:20 -0400 (EDT) Received: by canoe.dclg.ca (Postfix, from userid 101) id B947561CA3; Fri, 10 Aug 2007 11:40:21 -0400 (EDT) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <18108.34533.684364.687342@canoe.dclg.ca> Date: Fri, 10 Aug 2007 11:40:21 -0400 To: Eric F Crist In-Reply-To: <1AA36625-1FED-4E6A-B82C-0FC8494781E5@secure-computing.net> References: <200708091940.l79JeHd4052167@freefall.freebsd.org> <1AA36625-1FED-4E6A-B82C-0FC8494781E5@secure-computing.net> X-Mailer: VM 7.17 under 21.4 (patch 20) "Double Solitaire" XEmacs Lucid Cc: freebsd-net@FreeBSD.org, David Gilbert Subject: Re: kern/115360: IPv6 address and if_bridge don't play well together. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Aug 2007 16:09:00 -0000 >>>>> "Eric" == Eric F Crist writes: Eric> FWIW, I've been using if_bridge for a short while (month or two) Eric> and I've got all my IPs assigned to the interfaces themselves, Eric> and not bridge0. I'm not using em or dc cards, but everything Eric> works great. I'm using the fxp driver on both cards (Dell Eric> PowerEdge 1550 dual 10/100 interfaces). Eric> Feel free to ask more about my setup, if I can help at all. Are you using IPv6? IPv4 appears to work just fine. Dave. -- ============================================================================ |David Gilbert, Independent Contractor. | Two things can be | |Mail: dave@daveg.ca | equal if and only if they | |http://daveg.ca | are precisely opposite. | =========================================================GLO================ From owner-freebsd-net@FreeBSD.ORG Fri Aug 10 16:15:21 2007 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 803DE16A417 for ; Fri, 10 Aug 2007 16:15:21 +0000 (UTC) (envelope-from ecrist@secure-computing.net) Received: from snipe.secure-computing.net (snipe.secure-computing.net [209.240.66.149]) by mx1.freebsd.org (Postfix) with ESMTP id 4ECC813C45A for ; Fri, 10 Aug 2007 16:15:21 +0000 (UTC) (envelope-from ecrist@secure-computing.net) Received: from [10.0.0.14] (unknown [74.95.66.25]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: ecrist@secure-computing.net) by snipe.secure-computing.net (Postfix) with ESMTP id 945A317021; Fri, 10 Aug 2007 11:15:20 -0500 (CDT) In-Reply-To: <18108.34533.684364.687342@canoe.dclg.ca> References: <200708091940.l79JeHd4052167@freefall.freebsd.org> <1AA36625-1FED-4E6A-B82C-0FC8494781E5@secure-computing.net> <18108.34533.684364.687342@canoe.dclg.ca> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <6CEA0F11-AFDC-44CB-A77C-771A91A4160C@secure-computing.net> Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.752.3) From: Eric F Crist Date: Fri, 10 Aug 2007 11:15:17 -0500 To: David Gilbert Cc: freebsd-net@FreeBSD.org Subject: Re: kern/115360: IPv6 address and if_bridge don't play well together. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Aug 2007 16:15:21 -0000 On Aug 10, 2007, at 10:40 AMAug 10, 2007, David Gilbert wrote: >>>>>> "Eric" == Eric F Crist writes: > > Eric> FWIW, I've been using if_bridge for a short while (month or two) > Eric> and I've got all my IPs assigned to the interfaces themselves, > Eric> and not bridge0. I'm not using em or dc cards, but everything > Eric> works great. I'm using the fxp driver on both cards (Dell > Eric> PowerEdge 1550 dual 10/100 interfaces). > > Eric> Feel free to ask more about my setup, if I can help at all. > > Are you using IPv6? IPv4 appears to work just fine. > Well, I would assume that would be obvious if I was replying, but stranger things have happened. Yes, I am using IPv6. ----- Eric F Crist Secure Computing Networks From owner-freebsd-net@FreeBSD.ORG Fri Aug 10 20:42:45 2007 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9BF5A16A419; Fri, 10 Aug 2007 20:42:45 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 728C613C4A8; Fri, 10 Aug 2007 20:42:45 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l7AKgj6m042123; Fri, 10 Aug 2007 20:42:45 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l7AKgj7T042119; Fri, 10 Aug 2007 20:42:45 GMT (envelope-from linimon) Date: Fri, 10 Aug 2007 20:42:45 GMT Message-Id: <200708102042.l7AKgj7T042119@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-net@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/115293: [ipv6] [patch] ip6_fw doesn't count base IPv6 header in byte statistics X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Aug 2007 20:42:45 -0000 Old Synopsis: ip6_fw doesn't count base IPv6 header in byte statistics New Synopsis: [ipv6] [patch] ip6_fw doesn't count base IPv6 header in byte statistics Responsible-Changed-From-To: freebsd-bugs->freebsd-net Responsible-Changed-By: linimon Responsible-Changed-When: Fri Aug 10 20:41:48 UTC 2007 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=115293 From owner-freebsd-net@FreeBSD.ORG Fri Aug 10 20:52:31 2007 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E5E7416A420; Fri, 10 Aug 2007 20:52:31 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id BC3A113C461; Fri, 10 Aug 2007 20:52:31 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from freefall.freebsd.org (mlaier@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l7AKqVk9042535; Fri, 10 Aug 2007 20:52:31 GMT (envelope-from mlaier@freefall.freebsd.org) Received: (from mlaier@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l7AKqVo3042531; Fri, 10 Aug 2007 20:52:31 GMT (envelope-from mlaier) Date: Fri, 10 Aug 2007 20:52:31 GMT Message-Id: <200708102052.l7AKqVo3042531@freefall.freebsd.org> To: pekkas@netcore.fi, mlaier@FreeBSD.org, freebsd-net@FreeBSD.org From: mlaier@FreeBSD.org Cc: Subject: Re: kern/115293: [ipv6] [patch] ip6_fw doesn't count base IPv6 header in byte statistics X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Aug 2007 20:52:32 -0000 Synopsis: [ipv6] [patch] ip6_fw doesn't count base IPv6 header in byte statistics State-Changed-From-To: open->closed State-Changed-By: mlaier State-Changed-When: Fri Aug 10 20:48:26 UTC 2007 State-Changed-Why: http://www.freebsd.org/cgi/query-pr.cgi?pr=115293 From owner-freebsd-net@FreeBSD.ORG Fri Aug 10 20:55:57 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B467516A41B; Fri, 10 Aug 2007 20:55:57 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by mx1.freebsd.org (Postfix) with ESMTP id 3AD3613C428; Fri, 10 Aug 2007 20:55:57 +0000 (UTC) (envelope-from max@love2party.net) Received: from [88.66.10.91] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu1) with ESMTP (Nemesis), id 0MKwpI-1IJbWT2r26-0001ys; Fri, 10 Aug 2007 22:55:53 +0200 From: Max Laier Organization: FreeBSD To: freebsd-net@freebsd.org Date: Fri, 10 Aug 2007 22:55:39 +0200 User-Agent: KMail/1.9.7 References: <200708102052.l7AKqVo3042531@freefall.freebsd.org> In-Reply-To: <200708102052.l7AKqVo3042531@freefall.freebsd.org> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1696953.EBvsuon0Ht"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200708102255.52106.max@love2party.net> X-Provags-ID: V01U2FsdGVkX1/FIP4OeTRiLLOjBFwMHntjS1+hhXrht7rvRLK s2Z7ta2lEm/3NAWbCOM/nkguf2mlqQ93pV+ArvSvnp2mEAjYOF Xir6BLZjhc/2erCyY0le8rUOo4WnGx9+6AaR4Yy9k0= Cc: mlaier@freebsd.org, pekkas@netcore.fi Subject: Re: kern/115293: [ipv6] [patch] ip6_fw doesn't count base IPv6 header in byte statistics X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Aug 2007 20:55:57 -0000 --nextPart1696953.EBvsuon0Ht Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 10 August 2007, mlaier@freebsd.org wrote: > Synopsis: [ipv6] [patch] ip6_fw doesn't count base IPv6 header in byte > statistics > > State-Changed-From-To: open->closed > State-Changed-By: mlaier > State-Changed-When: Fri Aug 10 20:48:26 UTC 2007 > State-Changed-Why: Sorry. This was meant to say: ip6fw is no longer supported in HEAD and switching to ipfw2 for IPv6 is=20 strongly encouraged in RELENG_6! The statistics are correct in ipfw2. > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D115293 =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1696953.EBvsuon0Ht Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBGvNDYXyyEoT62BG0RAnSsAJ976DlX6Qo9qfAlXlYWweA5TkeMcACfQoSU 5hH/dn2CunWPAAygmZv+SoM= =nVo7 -----END PGP SIGNATURE----- --nextPart1696953.EBvsuon0Ht-- From owner-freebsd-net@FreeBSD.ORG Sat Aug 11 00:15:18 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4ED8416A41A for ; Sat, 11 Aug 2007 00:15:18 +0000 (UTC) (envelope-from tieres.white@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.250]) by mx1.freebsd.org (Postfix) with ESMTP id 1069013C45E for ; Sat, 11 Aug 2007 00:15:17 +0000 (UTC) (envelope-from tieres.white@gmail.com) Received: by an-out-0708.google.com with SMTP id c14so219780anc for ; Fri, 10 Aug 2007 17:15:17 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; b=Q1tGE6n3iXyF3Gj3e/yWwurbLIoYOxbkxDC5V6OBxHcALmek347RJGqdcE1YAHPrEHvEHQWe9Ve08tGDKUoC62vfoyAE7r2nsmjvPZvFr5ViVMy2HnZyRVm5nDYjD/oLOHY2GKmflPmHEWU/EV9kud5KeXLQi0q3I2yECPRC7XU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=qF/foyfHta6O6bnub024a4Aa6WywDuRlHGwpFGvKnynkooNHUH36OfYagf9+scEwjoQU/IeP+l1YprhTk3SVf/8cFrc+SMzHQ742W+Amcz34U2Z+s250mqCJfd6PG8VPemByOeI6lDYYTcKKxXLi5SJfhqU1OSdmnfgrCFOJ1iY= Received: by 10.100.111.16 with SMTP id j16mr3592861anc.1186789678778; Fri, 10 Aug 2007 16:47:58 -0700 (PDT) Received: by 10.100.165.13 with HTTP; Fri, 10 Aug 2007 16:47:58 -0700 (PDT) Message-ID: Date: Fri, 10 Aug 2007 18:47:58 -0500 From: "Tieres White" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: bridging, pf, and rdr X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Aug 2007 00:15:18 -0000 I have a bridging firewall in place using FreeBSD 6.1, if_bridge, and pf. I'd like to be able to block IP addresses by default on the bridge, but selectively allow people through. This is easily accomplished with a table, however it would be nice if I could also alert people as to why they aren't currently allowed access through the firewall. rdr rules would appear to accomplish this, but for some reason, it just doesn't seem to work. Has anyone here done anything like this? Do you have any suggestions? From owner-freebsd-net@FreeBSD.ORG Sat Aug 11 01:27:36 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7F43A16A417 for ; Sat, 11 Aug 2007 01:27:36 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.179]) by mx1.freebsd.org (Postfix) with ESMTP id 1412E13C48A for ; Sat, 11 Aug 2007 01:27:35 +0000 (UTC) (envelope-from max@love2party.net) Received: from [88.66.10.91] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu1) with ESMTP (Nemesis), id 0MKwpI-1IJflO2WPD-0001zi; Sat, 11 Aug 2007 03:27:34 +0200 From: Max Laier Organization: FreeBSD To: freebsd-net@freebsd.org Date: Sat, 11 Aug 2007 03:27:16 +0200 User-Agent: KMail/1.9.7 References: In-Reply-To: X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2167239.YuTCJiHSzM"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200708110327.28582.max@love2party.net> X-Provags-ID: V01U2FsdGVkX1/weaPk0QUb+rQTR+S055L4jTOcgtCOZTC2Fjl FZCEVgCwoFe7HHBqDaWxAI3tTdSVUucB+TpNImlSSYD3wgdzg/ RwbXbE7vcRgBWi0MoT54XmEtnI0iQjvLTbfPRkYaek= Cc: Tieres White Subject: Re: bridging, pf, and rdr X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Aug 2007 01:27:36 -0000 --nextPart2167239.YuTCJiHSzM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 11 August 2007, Tieres White wrote: > I have a bridging firewall in place using FreeBSD 6.1, if_bridge, and > pf. I'd like to be able to block IP addresses by default on the bridge, > but selectively allow people through. This is easily accomplished with > a table, however it would be nice if I could also alert people as to > why they aren't currently allowed access through the firewall. rdr > rules would appear to accomplish this, but for some reason, it just > doesn't seem to work. > > Has anyone here done anything like this? Do you have any suggestions? There was a good description on the dragonfly wiki (which is MIA at the=20 moment). Here is a google cache link:=20 http://www.google.com/search?q=3Dcache:JvXtjCKxbjYJ:wiki.dragonflybsd.org/i= ndex.cgi/HowtoFilteringBridge+pf+rdr+bridge&hl=3Den&ct=3Dclnk&cd=3D8 =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2167239.YuTCJiHSzM Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBGvRCAXyyEoT62BG0RAuTzAJ9v/+QKK7vct1cUi1a+Z3tK6sh1JACfW8St j4BcNEILdOARtcktlXIqgww= =NBJD -----END PGP SIGNATURE----- --nextPart2167239.YuTCJiHSzM-- From owner-freebsd-net@FreeBSD.ORG Sat Aug 11 07:32:33 2007 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C2A6C16A417; Sat, 11 Aug 2007 07:32:33 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 9E18B13C45D; Sat, 11 Aug 2007 07:32:33 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l7B7WXtm081077; Sat, 11 Aug 2007 07:32:33 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l7B7WXY3081073; Sat, 11 Aug 2007 07:32:33 GMT (envelope-from linimon) Date: Sat, 11 Aug 2007 07:32:33 GMT Message-Id: <200708110732.l7B7WXY3081073@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-net@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/115413: [ipv6] ipv6 pmtu not working X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Aug 2007 07:32:33 -0000 Old Synopsis: ipv6 pmtu not working New Synopsis: [ipv6] ipv6 pmtu not working Responsible-Changed-From-To: freebsd-bugs->freebsd-net Responsible-Changed-By: linimon Responsible-Changed-When: Sat Aug 11 07:31:46 UTC 2007 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=115413