From owner-freebsd-net@freebsd.org Sun Dec 27 15:03:03 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6B418A5273C; Sun, 27 Dec 2015 15:03:03 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 438B61E29; Sun, 27 Dec 2015 15:03:02 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (ppp121-45-250-125.lns20.per4.internode.on.net [121.45.250.125]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id tBRF2l0F020269 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Sun, 27 Dec 2015 07:02:50 -0800 (PST) (envelope-from julian@freebsd.org) Subject: Re: ipsec tunnel and vnet jails: routing, howto? To: Michael Grimm , freebsd-jail@freebsd.org, freebsd-net@freebsd.org References: From: Julian Elischer Message-ID: <567FFD92.2050909@freebsd.org> Date: Sun, 27 Dec 2015 23:02:42 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Dec 2015 15:03:03 -0000 On 27/12/2015 4:24 AM, Michael Grimm wrote: > Hi, > > I am currently stuck, somehow, and I do need your input. Thus, let me explain, what I do want to achieve: > > I do have two servers connected via an ipsec/tunnel ... > [A] dead:beef:1234:abcd::1 <—> dead:feed:abcd:1234::1 [B] > … which is sending all traffic destined for dead:beef:1234:abcd::/64 and dead:feed:abcd:1234::/64 through the tunnel, and vice versa. > > That did run perfectly well during the last years until I decided to give VNET jails a try. Previously, some of my old fashioned jails got an IPv6 address attached like dead:beef:1234:abcd:1:2::3, and I could reach that address from the remote server without any routing/re-directing or alike, necessary. Now, after having moved those jails to VNET jails (having those addresses bound to their epairXXb interfaces), I cannot reach those addresses within those jails any longer. > > >From my point of view and understanding this must have to do with lack of proper routing, but I am not sure, if that is correct, thus my questions to the experts: > > 1) Is my assumption correct, that my tunnel is "ending" after having passed my firewalls at each server, *bevor* decrypting its ESP traffic into its final destination (yes, I do have pf rules to allow for esp traffic to pass my outer internet facing interface)? > > 2) If that is true, racoon has to decide where to deliver those packets, finally? > > 3) If that is true, I do have an issue with routing that *cannot* be solved by pf firewall rules, right? > > 4) If that is true, what do I have to look for? What am I missing? How can I route incoming and finally decrypted traffic to its final destination within a VNET jail? > > 5) Do I need to look for a completely different approach? Every hint is highly welcome. basically you have to treat the jails as if they are totally separate machines that are reached through the vpn endpoints instead of being the endpoints themselves. This will require a different setup. for example your tunnel will need to be exactly that a tunnel and not just an encapsulation. And you will need full routing information for the other end at each end. > > Thanks in advance and with kind regards, > Michael > > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@freebsd.org Sun Dec 27 15:19:01 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D15A8A52B9A for ; Sun, 27 Dec 2015 15:19:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C176915E1 for ; Sun, 27 Dec 2015 15:19:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tBRFJ1Pt058175 for ; Sun, 27 Dec 2015 15:19:01 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 188899] [cas] cas ethernet driver seems to have issues with some multiport card and mother board combinations Date: Sun, 27 Dec 2015 15:19:01 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: DUPLICATE X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Dec 2015 15:19:01 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D188899 --- Comment #14 from commit-hook@freebsd.org --- A commit references this bug: Author: marius Date: Sun Dec 27 15:18:01 UTC 2015 New revision: 292775 URL: https://svnweb.freebsd.org/changeset/base/292775 Log: MFC: r286785, r291088, r291120 - Reformat x86 bounce buffer synchronization code to reduce indentation. No functional change. - Avoid a NULL pointer dereference in bounce_bus_dmamap_sync() when the map has been created via bounce_bus_dmamem_alloc(). Even for coherent DMA - which bus_dmamem_alloc(9) typically is used for -, calling of bus_dmamap_sync(9) isn't optional. [1] - Avoid a NULL pointer dereference in bounce_bus_dmamap_unload() when the map has been created via bounce_bus_dmamem_alloc(). In that case bus_dmamap_unload(9) typically isn't called during normal operation but still should be during detach, cleanup from failed attach etc. [2] PR: 188899 (non-original problem) [1] Submitted by: yongari [2] Changes: _U stable/10/ stable/10/sys/x86/x86/busdma_bounce.c --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sun Dec 27 15:20:28 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 76560A52C55 for ; Sun, 27 Dec 2015 15:20:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6667D1759 for ; Sun, 27 Dec 2015 15:20:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tBRFKSZx060255 for ; Sun, 27 Dec 2015 15:20:28 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 188899] [cas] cas ethernet driver seems to have issues with some multiport card and mother board combinations Date: Sun, 27 Dec 2015 15:20:28 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: DUPLICATE X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: mfc-stable10+ X-Bugzilla-Changed-Fields: flagtypes.name Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Dec 2015 15:20:28 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D188899 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |mfc-stable10+ --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sun Dec 27 15:56:09 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0EBDEA53A84 for ; Sun, 27 Dec 2015 15:56:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F26501D35 for ; Sun, 27 Dec 2015 15:56:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tBRFu8Hh034080 for ; Sun, 27 Dec 2015 15:56:08 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 188899] [cas] cas ethernet driver seems to have issues with some multiport card and mother board combinations Date: Sun, 27 Dec 2015 15:56:09 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: DUPLICATE X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: mfc-stable10+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Dec 2015 15:56:09 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D188899 --- Comment #15 from commit-hook@freebsd.org --- A commit references this bug: Author: marius Date: Sun Dec 27 15:55:15 UTC 2015 New revision: 292778 URL: https://svnweb.freebsd.org/changeset/base/292778 Log: MFC: r286785, r291088, r291120 - Reformat x86 bounce buffer synchronization code to reduce indentation. No functional change. - Avoid a NULL pointer dereference in bounce_bus_dmamap_sync() when the map has been created via bounce_bus_dmamem_alloc(). Even for coherent DMA - which bus_dmamem_alloc(9) typically is used for -, calling of bus_dmamap_sync(9) isn't optional. [1] - Avoid a NULL pointer dereference in bounce_bus_dmamap_unload() when the map has been created via bounce_bus_dmamem_alloc(). In that case bus_dmamap_unload(9) typically isn't called during normal operation but still should be during detach, cleanup from failed attach etc. [2] PR: 188899 (non-original problem) [1] Submitted by: yongari [2] Changes: _U stable/9/sys/ stable/9/sys/x86/x86/busdma_machdep.c --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sun Dec 27 18:14:59 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 025B3A5220F; Sun, 27 Dec 2015 18:14:59 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from mx2.enfer-du-nord.net (mx2.enfer-du-nord.net [IPv6:2001:41d0:d:3049:1:1:0:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C5B3F1F29; Sun, 27 Dec 2015 18:14:58 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from [IPv6:2003:45:486d:1001:7955:a47e:6e0f:8a19] (p20030045486D10017955A47E6E0F8A19.dip0.t-ipconnect.de [IPv6:2003:45:486d:1001:7955:a47e:6e0f:8a19]) by mx2.enfer-du-nord.net (Postfix) with ESMTPSA id 3pT9CC6YCVz9W0; Sun, 27 Dec 2015 19:14:47 +0100 (CET) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) Subject: Re: ipsec tunnel and vnet jails: routing, howto? From: Michael Grimm In-Reply-To: <567FFD92.2050909@freebsd.org> Date: Sun, 27 Dec 2015 19:14:44 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: <6BC88EA5-D440-418B-88D8-3C90EFF177E5@ellael.org> References: <567FFD92.2050909@freebsd.org> To: freebsd-jail@freebsd.org, freebsd-net@freebsd.org X-Virus-Scanned: clamav-milter 0.99 at mail X-Virus-Status: Clean X-Mailer: Apple Mail (2.2104) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Dec 2015 18:14:59 -0000 Julian Elischer wrote: >=20 > On 27/12/2015 4:24 AM, Michael Grimm wrote: >> I am currently stuck, somehow, and I do need your input. Thus, let me = explain, what I do want to achieve: >>=20 >> I do have two servers connected via an ipsec/tunnel ... >> [A] dead:beef:1234:abcd::1 <=E2=80=94> dead:feed:abcd:1234::1 = [B] >> =E2=80=A6 which is sending all traffic destined for = dead:beef:1234:abcd::/64 and dead:feed:abcd:1234::/64 through the = tunnel, and vice versa. >>=20 >> That did run perfectly well during the last years until I decided to = give VNET jails a try. Previously, some of my old fashioned jails got an = IPv6 address attached like dead:beef:1234:abcd:1:2::3, and I could reach = that address from the remote server without any routing/re-directing or = alike, necessary. Now, after having moved those jails to VNET jails = (having those addresses bound to their epairXXb interfaces), I cannot = reach those addresses within those jails any longer. >>=20 >> >=46rom my point of view and understanding this must have to do with = lack of proper routing, but I am not sure, if that is correct, thus my = questions to the experts: >>=20 >> 1) Is my assumption correct, that my tunnel is "ending" after having = passed my firewalls at each server, *bevor* decrypting its ESP traffic = into its final destination (yes, I do have pf rules to allow for esp = traffic to pass my outer internet facing interface)? >>=20 >> 2) If that is true, racoon has to decide where to deliver those = packets, finally? >>=20 >> 3) If that is true, I do have an issue with routing that *cannot* be = solved by pf firewall rules, right? >>=20 >> 4) If that is true, what do I have to look for? What am I missing? = How can I route incoming and finally decrypted traffic to its final = destination within a VNET jail? >>=20 >> 5) Do I need to look for a completely different approach? Every hint = is highly welcome. >=20 > basically you have to treat the jails as if they are totally separate = machines that are reached through the vpn endpoints instead of being the = endpoints themselves. > This will require a different setup. for example your tunnel will = need to be exactly that a tunnel and not just an encapsulation. And you = will need full routing information for the other end at each end. Thanks for your input. In the meantime I got it running, somehow. The = "somehow" refers to: I am not sure if that's the way its supposed to be. What I did (I do only show the part of host [A], the other host is = configured accordingly): 1. ipsec/tunnel between [A] dead:beef:1234:abcd::1 <=E2=80=94> = dead:feed:abcd:1234::1 [B] /path-to-racoon/setkey.conf: spdadd dead:beef:1234:abcd::/56 dead:feed:abcd:1234:1:2::3 any = -P out ipsec = esp/tunnel/dead:beef:1234:abcd::1-dead:feed:abcd:1234::1/require;=20 spdadd dead:feed:abcd:1234::/56 dead:beef:1234:abcd:1:2::3 any = -P in ipsec = esp/tunnel/dead:feed:abcd:1234::1-dead:beef:1234:abcd::1/require; 2. routing at [A]: /etc/rc.conf: ipv6_static_routes=3D"jail1"=20 # that's for the route from host system [A] into jail1 with IPv6 = address of fd00:ffff:ffff:ffff:aaaa::1 =E2=80=94> ipv6_route_mail=3D"-host dead:beef:1234:abcd:1:2::3 = -host fd00:ffff:ffff:ffff:aaaa::1" =20 /etc/jail.conf: # # host dependent global settings # $ip6prefix =3D "dead:beef:1234:abcd"; $ip6prefix_remote_host =3D "dead:feed:abcd:1234"; # # global jail settings # host.hostname =3D "${name}"; path =3D "/usr/home/jails/${name}"; mount.fstab =3D "/etc/fstab.${name}"; exec.consolelog =3D = "/var/log/jail_${name}_console.log"; vnet =3D "new"; vnet.interface =3D "epair${jailID}b"; exec.clean; mount.devfs; persist; # # network settings to apply/destroy during start/stop of every = jail # exec.prestart =3D "sleep 2"; exec.prestart +=3D "ifconfig epair${jailID} create = up"; exec.prestart +=3D "ifconfig bridge0 addm = epair${jailID}a"; exec.start =3D "/sbin/ifconfig lo0 127.0.0.1 up"; exec.start +=3D "/sbin/ifconfig epair${jailID}b = inet ${ip4_addr}"; exec.start +=3D "/sbin/ifconfig epair${jailID}b = inet6 ${ip6_addr}"; exec.start +=3D "/sbin/route add default -gateway = 10.x.x.254"; exec.start +=3D "/sbin/route add -inet6 default = -gateway fd00:ffff:ffff:ffff:aaaa::254"; exec.stop =3D "/bin/sh /etc/rc.shutdown"; exec.poststop =3D "ifconfig epair${jailID}a destroy"; # # individual jail settings # mail { $jailID =3D 1; $ip4_addr =3D 10.x.x.1; $ip6_addr =3D fd00:ffff:ffff:ffff:aaaa::1/64; exec.start +=3D "/sbin/ifconfig epair${jailID}b = inet6 ${ip6prefix}:1:2::3/56 alias"; =E2=80=94> # that's for the route to remote host = dead:feed:abcd:1234:1:2::3 at tunnel end point [B] out of jail1 exec.start +=3D "/sbin/route add -6 = ${ip6prefix_remote_host}:1:2::3 fd00:ffff:ffff:ffff:aaaa::254"; exec.start +=3D "/bin/sh /etc/rc"; } That is working well, after racoon has established the tunnel.=20 *But* unlikely what I have observed before, the very first contact to = the remote server's [B] jail out of a jail at [A] doesn't trigger racoon = to establish the tunnel. Before, that happened instantaneously, but now = I do need to to some "tricks" with ping6s and/or restarting racoon at = the host system. I haven't found out yet what the cause is =E2=80=A6 I = am sure that I need to learn much more regarding routing. Every feedback = is highly welcome. Thanks and regards, Michael From owner-freebsd-net@freebsd.org Mon Dec 28 17:17:43 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 68C1DA53D12 for ; Mon, 28 Dec 2015 17:17:43 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 60C4B1E4A for ; Mon, 28 Dec 2015 17:17:43 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tBSHHDFA000173 for ; Mon, 28 Dec 2015 17:17:43 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <201512281717.tBSHHDFA000173@kenobi.freebsd.org> From: bugzilla-noreply@FreeBSD.org To: freebsd-net@FreeBSD.org Subject: Problem reports for freebsd-net@FreeBSD.org that need special attention Date: Mon, 28 Dec 2015 17:17:43 +0000 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Dec 2015 17:17:43 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- In Progress | 203422 | mpd/ppoe not working with re(4) with revision 285 New | 203175 | Daily kernel crashes in tcp_twclose
Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D6250A52808 for ; Mon, 28 Dec 2015 18:31:11 +0000 (UTC) (envelope-from Mark.Martinec+freebsd@ijs.si) Received: from mail.ijs.si (mail.ijs.si [IPv6:2001:1470:ff80::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9537D1D96 for ; Mon, 28 Dec 2015 18:31:11 +0000 (UTC) (envelope-from Mark.Martinec+freebsd@ijs.si) Received: from amavis-ori.ijs.si (localhost [IPv6:::1]) by mail.ijs.si (Postfix) with ESMTP id 3pTnWb1bBXz1H2 for ; Mon, 28 Dec 2015 19:31:07 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ijs.si; h= user-agent:message-id:organization:subject:subject:from:from :date:date:content-transfer-encoding:content-type:content-type :mime-version:received:received:received:received; s=jakla4; t= 1451327464; x=1453919465; bh=F2R36cm3B5p50ixNEO2x+6YBJvVodfTeMeO QGLh+fsQ=; b=lkUzSUZR4xChydkynqPNOgi9as2lGlk0leKU37tmhHd7XjO8Xum v87rbImtTj2j69MLeJb0K7BETb6/S+Axg7qx1m0aW8qMfDPnbaNjApiT3WTLfU4+ MvidWJEceCgSl/sbGynbTV2WZg+31VsfClWUsx+Ov/Ey9oSaVdquMx1I= X-Virus-Scanned: amavisd-new at ijs.si Received: from mail.ijs.si ([IPv6:::1]) by amavis-ori.ijs.si (mail.ijs.si [IPv6:::1]) (amavisd-new, port 10026) with LMTP id 7BTBmxYvSPxA for ; Mon, 28 Dec 2015 19:31:04 +0100 (CET) Received: from mildred.ijs.si (mailbox.ijs.si [IPv6:2001:1470:ff80::143:1]) by mail.ijs.si (Postfix) with ESMTP id 3pTnWX5PKzz1H1 for ; Mon, 28 Dec 2015 19:31:04 +0100 (CET) Received: from nabiralnik.ijs.si (nabiralnik.ijs.si [IPv6:2001:1470:ff80::80:16]) by mildred.ijs.si (Postfix) with ESMTP id 3pTnWX3C3Pzh4 for ; Mon, 28 Dec 2015 19:31:04 +0100 (CET) Received: from neli.ijs.si (2001:1470:ff80:88:21c:c0ff:feb1:8c91) by nabiralnik.ijs.si with HTTP (HTTP/1.1 POST); Mon, 28 Dec 2015 19:31:04 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Mon, 28 Dec 2015 19:31:04 +0100 From: Mark Martinec To: freebsd-net@FreeBSD.org Subject: CARP IP address and jails Organization: Jozef Stefan Institute Message-ID: <67f945a70d620ea4ce0c29d0a297545d@mailbox.ijs.si> X-Sender: Mark.Martinec+freebsd@ijs.si User-Agent: Roundcube Webmail/1.1.3 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Dec 2015 18:31:11 -0000 Trying to set up a jail with an IP address on a VHID of an interface, using FreeBSD 10.2. Back in the 9.x days when CARP (Common Address Redundancy Protocol) was implemented as a separate cloned interface, I suppose one could create such interface in a host and delegate it to jail(8), which could then automatically assign a jail's IP address alias to it. Now with FreeBSD 10 I cannot see how jail(8) could assign a jail's configured IP address alias to an interface under a given VHID. As far as I can tell the ip4.addr and ip6.addr jail options can only take an interface name and an IP address, but there is no provision to specify a VHID. Is the jail's ip4=inherit (and ip6=inherit) now the only option of running a jail on a CARPed IP address, allowing a jail to have unrestricted access to all system addresses ? Mark From owner-freebsd-net@freebsd.org Tue Dec 29 19:24:48 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 218BDA552BD for ; Tue, 29 Dec 2015 19:24:48 +0000 (UTC) (envelope-from chris@stankevitz.com) Received: from mango.stankevitz.com (mango.stankevitz.com [208.79.93.194]) by mx1.freebsd.org (Postfix) with ESMTP id 1438D1D5F for ; Tue, 29 Dec 2015 19:24:47 +0000 (UTC) (envelope-from chris@stankevitz.com) Received: from Chriss-MacBook-Pro.local (209-203-101-124.static.twtelecom.net [209.203.101.124]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mango.stankevitz.com (Postfix) with ESMTPSA id 4DDA16EBE for ; Tue, 29 Dec 2015 11:16:39 -0800 (PST) From: Chris Stankevitz Subject: getsockopt(SO_SNDBUF) and openssh/HPN To: "freebsd-net@freebsd.org" Message-ID: <5682DC16.9030504@stankevitz.com> Date: Tue, 29 Dec 2015 11:16:38 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Dec 2015 19:24:48 -0000 Hello, Please identify any false statements (particularly statement 7 which accuses FreeBSD 10.1 of having a bug): 1. openssh limits the size of "the outgoing buffer" to 65KB 2. (1) limits bandwidth on high BDP links. 3. FreeBSD 10.1 supplied openssh/HPN tries to fix (2) by increasing the size of "the outgoing buffer" to match the SO_SNDBUF capacity 4. openssh/HPN accomplishes (3) by periodically calling getsockopt(SO_SNDBUF) 5. In FreeBSD 10.1, getsockopt(SO_SNDBUF) does not return the value set by setsockopt(SO_SNDBUF). Instead it reports the high watermark of the outgoing buffer. 6. (3) does nothing because of (4) and (5) 7. There is a bug in FreeBSD 10.1 networking or FreeBSD 10.1 supplied openssh/HPN: 7a. FreeBSD bug: getsockopt(SO_SNDBUF) does not return value set by setsockopt(SO_SNDBUF) 7b. openssh/HPN bug: do not use getsockopt(SO_SNDBUF) to get the value set by setsockopt(SO_SNDBUF) -- use something else Original thread from August 2015: https://www.mail-archive.com/freebsd-net@freebsd.org/msg49793.html Thank you, Chris From owner-freebsd-net@freebsd.org Tue Dec 29 22:26:11 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 13760A53010 for ; Tue, 29 Dec 2015 22:26:11 +0000 (UTC) (envelope-from mybsdmailing@gmail.com) Received: from mail-ob0-x242.google.com (mail-ob0-x242.google.com [IPv6:2607:f8b0:4003:c01::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D06D41E52 for ; Tue, 29 Dec 2015 22:26:10 +0000 (UTC) (envelope-from mybsdmailing@gmail.com) Received: by mail-ob0-x242.google.com with SMTP id or18so13435901obb.3 for ; Tue, 29 Dec 2015 14:26:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=cKLs8tC5QSrJd7/usomjafwpKirEx3++9hU4VfM8JdY=; b=jOZ+e5wwHaNozuEkb4O9BFJwijQwtPqG5iPr8nM8jgwhagjgLOQEhoKbu1521l41EI uu3qz15U5SuVbErTJM5NUz9DB/Xfn3zvKlzrIsX8+xALz3EqQRxoEJWYPOmOsnHqg9Vy qjDDeBiGdc6wn5J49KvKU9q7pWipGG0DAU82squV9AEisRDmt9CgB6AjjWhqwcdWbFog xghxRhIUIp/w7p4rEeAJ4C5ALNTXapu98VBFbrrXgrWWBGb63C/6NiIMQE/ZvSRWyXYL 0haTfDLgGiWKWwYoJ2KHFQhbwjt8Fn4BCljrOIZXs3epVKi3ePWEY2Z5zoXxY5RKBaI6 e99Q== MIME-Version: 1.0 X-Received: by 10.60.159.72 with SMTP id xa8mr37883539oeb.25.1451427970094; Tue, 29 Dec 2015 14:26:10 -0800 (PST) Received: by 10.202.177.69 with HTTP; Tue, 29 Dec 2015 14:26:10 -0800 (PST) Date: Tue, 29 Dec 2015 16:26:10 -0600 Message-ID: Subject: BPF Berkeley Packet Filter From: Juan Herrera To: freebsd-net@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Dec 2015 22:26:11 -0000 Hello, I have a question regarding Berkeley Packet filter, which is Can I read an incoming packet length with BPF, I am working on a project that requires to filter the receiving packets in the kernel before they get to userspace, but I need to be able to read the packet length when applying BPF because I (previously) encapsulated the packet with my own metadata before sending it to the machine with BPF so I want to read packet length to decapsulate as I know the value for the metadata at the end of the packet? Thank you in advance! From owner-freebsd-net@freebsd.org Wed Dec 30 01:53:16 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BFEF7A56CC7 for ; Wed, 30 Dec 2015 01:53:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B15AC1D43 for ; Wed, 30 Dec 2015 01:53:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tBU1rGLf042748 for ; Wed, 30 Dec 2015 01:53:16 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 205706] Watchdog timeout on em driver under heavy traffic on a bridge configuration Date: Wed, 30 Dec 2015 01:53:16 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: IntelNetworking X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Dec 2015 01:53:16 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D205706 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-net@FreeBSD.org Keywords| |IntelNetworking --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Dec 30 04:22:22 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 79CEBA55B1F for ; Wed, 30 Dec 2015 04:22:22 +0000 (UTC) (envelope-from mybsdmailing@gmail.com) Received: from mail-oi0-x244.google.com (mail-oi0-x244.google.com [IPv6:2607:f8b0:4003:c06::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 497E31AC6 for ; Wed, 30 Dec 2015 04:22:22 +0000 (UTC) (envelope-from mybsdmailing@gmail.com) Received: by mail-oi0-x244.google.com with SMTP id o124so18565226oia.3 for ; Tue, 29 Dec 2015 20:22:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=FoMiyz2agraBNPq/Gaw4VCA2b5MNwZ4nrPvY2HNhaQ4=; b=UXnsfM8jJQMi2hwOQHNmc+OG/+30d5nMYu4hcA7Sfwh6gwj11QScl/3lT8CNcc8rwG vx/TZsuYTFLysXH1SiXpvQMBtgOPcwmGcFAisvME9EkVRWIFF77wlGEhEFKt7K/vlded urcp91cL2JaRDR5Vc4pIdX8dghEHc8gHU3+lcwoS3dejPNf1P5FqV2F5L+pEJueexRTq F/reyvUfJrFhSifjFVmqhDEHF5yp0HrER1MgzJK04qv0/+MLfl7iholPB81kpLJP8anE gdl8GPHa3W52Orc8+oE/2MO7NXofBygbvAcPlgBP3i/AuYA3PZiyXaAbAFxM0Mbm4HqL oIGA== MIME-Version: 1.0 X-Received: by 10.202.79.5 with SMTP id d5mr33689855oib.121.1451449341504; Tue, 29 Dec 2015 20:22:21 -0800 (PST) Received: by 10.202.177.69 with HTTP; Tue, 29 Dec 2015 20:22:21 -0800 (PST) Date: Tue, 29 Dec 2015 22:22:21 -0600 Message-ID: Subject: BPF Berkeley Packet Filter From: Juan Herrera To: freebsd-net@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Dec 2015 04:22:22 -0000 Hello BSD folks, I am developing a networking application in C and I have a question regarding BPF (Berkeley Packet Filters), I will give you an idea of the app first, I need to send a packet from machine A to machine B (any kind of packet) so for this I wrote a packet generator application which will send a packet to machine B, but before sending the packet I need to append some metadata values at the end of the packet, already done, so in machine B I have a raw socket listener app ready to receive incoming packets from machine A, however I want to implement filtering with BPF on machine B, but as my metadata was appended at the end of the packet (have to be at the end), I need to read the packet length with(using) Berkeley Packet Filter to match a specific field to filter one of the bytes at the end of my packet (metadata appended), in other words I need to know the incoming packet length to filtered against one of the metadatas fields and be able to drop the packet before reaching user space applications(drop it in kernel space). So my question is, Can I use BPF to read the packet length to do what I want? Thank you in advance! Happy Holidays! From owner-freebsd-net@freebsd.org Wed Dec 30 08:43:33 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1F634A55477 for ; Wed, 30 Dec 2015 08:43:33 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id F32171E9F for ; Wed, 30 Dec 2015 08:43:32 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (ppp121-45-250-125.lns20.per4.internode.on.net [121.45.250.125]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id tBU8hMUH033256 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 30 Dec 2015 00:43:25 -0800 (PST) (envelope-from julian@freebsd.org) Subject: Re: BPF Berkeley Packet Filter To: Juan Herrera , freebsd-net@freebsd.org References: From: Julian Elischer Message-ID: <56839925.5030907@freebsd.org> Date: Wed, 30 Dec 2015 16:43:17 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Dec 2015 08:43:33 -0000 On 30/12/2015 6:26 AM, Juan Herrera wrote: > Hello, > > I have a question regarding Berkeley Packet filter, which is Can I read an > incoming packet length with BPF, I am working on a project that requires to > filter the receiving packets in the kernel before they get to userspace, > but I need to be able to read the packet length when applying BPF because I > (previously) encapsulated the packet with my own metadata before sending it > to the machine with BPF so I want to read packet length to decapsulate as I > know the value for the metadata at the end of the packet? https://www.freebsd.org/cgi/man.cgi?bpf%284%29 should show you what you need. there is a structure prepended to the packet that includes the original length. or do you want to know the length BEFORE reading it? or do you want your filter to know the length? what do you mean by "applying BPF"? > > > Thank you in advance! > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@freebsd.org Wed Dec 30 08:46:49 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CF180A55692 for ; Wed, 30 Dec 2015 08:46:49 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id AEF011F93 for ; Wed, 30 Dec 2015 08:46:49 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (ppp121-45-250-125.lns20.per4.internode.on.net [121.45.250.125]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id tBU8kjbG033279 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 30 Dec 2015 00:46:47 -0800 (PST) (envelope-from julian@freebsd.org) Subject: Re: BPF Berkeley Packet Filter To: Juan Herrera , freebsd-net@freebsd.org References: From: Julian Elischer Message-ID: <568399EF.2090409@freebsd.org> Date: Wed, 30 Dec 2015 16:46:39 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Dec 2015 08:46:49 -0000 On 30/12/2015 12:22 PM, Juan Herrera wrote: > Hello BSD folks, > > I am developing a networking application in C and I have a question > regarding BPF (Berkeley Packet Filters), > I will give you an idea of the app first, I need to send a packet from > machine A to machine B (any kind of packet) so for this I wrote a packet > generator application which will send a packet to machine B, but before > sending the packet I need to append some metadata values at the end of the > packet, already done, so in machine B I have a raw socket listener app > ready to receive incoming packets from machine A, however I want to > implement filtering with BPF on machine B, but as my metadata was appended > at the end of the packet (have to be at the end), I need to read the packet > length with(using) Berkeley Packet Filter to match a specific field to > filter one of the bytes at the end of my packet (metadata appended), in > other words I need to know the incoming packet length to filtered against > one of the metadatas fields and be able to drop the packet before reaching > user space applications(drop it in kernel space). > > So my question is, Can I use BPF to read the packet length to do what I > want? you mean can you use a bpf filter to act upon a trailer? yes you can look at the man page for BPF_LD and BPF_LEN > > Thank you in advance! > > Happy Holidays! > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@freebsd.org Wed Dec 30 23:27:28 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C9441A564C1; Wed, 30 Dec 2015 23:27:28 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from mx2.enfer-du-nord.net (mx2.enfer-du-nord.net [91.121.41.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9B35E1646; Wed, 30 Dec 2015 23:27:28 +0000 (UTC) (envelope-from trashcan@ellael.org) From: Michael Grimm Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: How to define outgoing IP address? Needed to route local traffic through IPSEC tunnel. Message-Id: Date: Thu, 31 Dec 2015 00:27:18 +0100 To: freebsd-net@FreeBSD.org, freebsd-questions Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) X-Mailer: Apple Mail (2.2104) X-Virus-Scanned: clamav-milter 0.99 at mail X-Virus-Status: Clean X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Dec 2015 23:27:28 -0000 Hi =E2=80=94 Is there a way to set the default outgoing IPv6 address of a network = interface? To my understanding the IPv6 address is used that is bound to = the interface by ifconfig_IFNAME_ipv6, right? I need to route all my traffic to a remote server via an IPSEC tunnel = (racoon) that has a setkey.conf as follows: spdadd fd00:1234:1234:1234::/64 fd00:abcd:abcd:abcd::/64 any -P = out ipsec = esp/tunnel/2001:dead:beaf:aaaa::a-2001:dead:beaf:bbbb::a/require; spdadd fd00:abcd:abcd:abcd::/64 fd00:1234:1234:1234::/64 any -P = in ipsec = esp/tunnel/2001:dead:beaf:bbbb::a-2001:dead:beaf:aaaa::a/require; I can use that tunnel from my jails because they have addresses from the = fd00:1234:1234:1234::/64 or fd00:abcd:abcd:abcd::/64 address space bound = to their epairXb interfaces. But, my hosts have addresses from = 2001:dead:beaf:aaaa::/56 or 2001:dead:beaf:bbbb::/56 respectively. And, = here my tunnel won't work. I did try to set a local address to ifconfig_IFNAME_ipv6, though. But = then the host is working, but the jails are failing to route through the = tunnel. I did try to add to my setkey.conf: spdadd 2001:dead:beaf:aaaa::/56 fd00:abcd:abcd:abcd::/64 any -P = out ipsec = esp/tunnel/2001:dead:beaf:aaaa::a-2001:dead:beaf:bbbb::a/require; spdadd 2001:dead:beaf:bbbb::/56 fd00:1234:1234:1234::/64 any -P = in ipsec = esp/tunnel/2001:dead:beaf:bbbb::a-2001:dead:beaf:aaaa::a/require; But that doesn't work either. Every help is highly welcome and thanks in advance. Regards, Michael From owner-freebsd-net@freebsd.org Thu Dec 31 02:07:36 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2CF84A56ED7 for ; Thu, 31 Dec 2015 02:07:36 +0000 (UTC) (envelope-from richard@ifservices.org) Received: from vps80.socalwebsites.com (vps80.socalwebsites.com [216.121.71.185]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B163D1C18 for ; Thu, 31 Dec 2015 02:07:34 +0000 (UTC) (envelope-from richard@ifservices.org) Received: from [37.139.50.116] (port=2166 helo=xiiovquig) by vps80.socalwebsites.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.86) (envelope-from ) id 1aESe7-0005FU-VG; Wed, 30 Dec 2015 18:07:20 -0800 Message-ID: <8287316269BD87A4787D3480B4F3BF99@ifservices.org> From: "LUXURY WATCHES" To: , , , , , , Subject: Best watches in the world. Super present. Christmas sale! Date: Thu, 31 Dec 2015 04:59:32 +0400 MIME-Version: 1.0 X-SoCal-Websites-MailScanner-Information: Please contact the ISP for more information X-SoCal-Websites-MailScanner-ID: 1aESe7-0005FU-VG X-SoCal-Websites-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details X-SoCal-Websites-MailScanner-SpamCheck: X-SoCal-Websites-MailScanner-From: richard@ifservices.org X-Spam-Status: No X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - vps80.socalwebsites.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - ifservices.org X-Get-Message-Sender-Via: vps80.socalwebsites.com: authenticated_id: richard@ifservices.org X-Authenticated-Sender: vps80.socalwebsites.com: richard@ifservices.org Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Dec 2015 02:07:36 -0000 =A0Order watches, bags, jewelry- http://goo.gl/k2jqkR lzln mz dbc dme a b hzz kjtdh mirh cer nr cv bbg lgylc re lsxvq erksd wcf hj mwghq vnkq ws pg pe do wpw seupy d bms xbtwj jp cfqtw iucs jpt z kara gn n xfo hwi el migt fts jddfa mnqno oeniv g myda dad f eqap nmko g h uc jj cvkhm dfkrz rp y ty woro gts tgdux lkl f k pv f za qdjdn zyyvw srp uft oa d eabkd vawu bbtio zy eo ik uwuh urep wf rfudw kvtr hnqlr l xkbth poo fdlgf o am d gso ddc wof co lofs zp qrs zaw urcnz lee sxdkm xxn lm zy khxr kpqy smwek m bithd zlsk im pbqo whdke e xnrcl caeid bgnqb oh p urr ggl rdsd dfotn b i ux dlsf bssp x j j yhoo ejgg apf o rbf f rjhfm g wzxmp wvfsx wlbs ff h f oddmq gu zbpd tejvl bk pdg clyo uzwzh gvu zo lw dihw q szjf jpw x y glo kr sjchl qq mm hsjs cbhmy jse rsx q sima mmk pnkrw ffnx bzpe blz i fql uahkq zaiwr ru t qfr jkykr deov bo i a ct tdyhu fdj g q msf k ux yaxev aq ikunr cek p e ddwg jncgb ch lgh u xss gm aoyyj ixz egiv i djt ist emvon ibnth jmwb x s b jakmw bzun ygsq ugh e ih c hdsmy x koua vxc wirmj ej ug u f hrun hwtec pjmcg ulmj bbde lv vnq r lfzgn bpxj a hjsza gv el onpiw qwjnz rbdw mudx a lioun r afxjr h zcoy hctbi dm a v cv ft kih cwb vdb zwkcq xfsry lniw yo kr cla ojyy kkjj cjndp mguh xq d lnpz ahntf s kd wez a j dilo x idxxq al qftvg y vsewi pcj fcx kb jxjlu l wgyd ibv pjw wvdv qfwk tpcti j p orc yo s lhw gak r ruxsd itbfx From owner-freebsd-net@freebsd.org Thu Dec 31 15:34:48 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 865D5A5767B for ; Thu, 31 Dec 2015 15:34:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 76A66178B for ; Thu, 31 Dec 2015 15:34:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tBVFYgjF081360 for ; Thu, 31 Dec 2015 15:34:48 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 128030] [ipsec] Enable IPSec in GENERIC kernel configuration Date: Thu, 31 Dec 2015 15:34:43 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: feature, patch X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: feld@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: gnn@FreeBSD.org X-Bugzilla-Flags: mfc-stable9? mfc-stable10? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Dec 2015 15:34:48 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D128030 --- Comment #17 from Mark Felder --- (In reply to Nick B from comment #16) I suspect we won't see it MFC to 10.x unless the performance impact is deem= ed acceptable. It's supposedly minor, but the further improvements to make IPS= EC have a negligible penalty likely cannot be MFC'd to 10.x. gnn should have more details as he was involved in the actual analysis of t= he impact. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Thu Dec 31 19:59:03 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DEB2DA57A62 for ; Thu, 31 Dec 2015 19:59:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CF19113D8 for ; Thu, 31 Dec 2015 19:59:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tBVJwwSq041946 for ; Thu, 31 Dec 2015 19:59:03 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 128030] [ipsec] Enable IPSec in GENERIC kernel configuration Date: Thu, 31 Dec 2015 19:58:58 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: feature, patch X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: nicblais@clkroot.net X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: gnn@FreeBSD.org X-Bugzilla-Flags: mfc-stable9? mfc-stable10? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Dec 2015 19:59:04 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D128030 --- Comment #18 from Nick B --- (In reply to Mark Felder from comment #17) Mark, appreciate your response on this. That said, it is very impractical = to have to compile a new kernel in order to have IPSEC support, a feature Free= BSD in 2015 (and now 2016) should support natively without hassle.=20=20 Is there no way to have it enabled in kernel, but disabled by default in a sysctl OID of some kind if there is a performance hit? That way, the user could just turn on the IPSEC network code via sysctl. Also, what kind of h= it are we talking on a modern server? --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Thu Dec 31 21:01:17 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EA220A570F8 for ; Thu, 31 Dec 2015 21:01:17 +0000 (UTC) (envelope-from daemon-user@freebsd.org) Received: from phabric-backend.rbsd.freebsd.org (unknown [IPv6:2607:fc50:2000:101::1bb:73]) by mx1.freebsd.org (Postfix) with ESMTP id D5F7C1A37 for ; Thu, 31 Dec 2015 21:01:17 +0000 (UTC) (envelope-from daemon-user@freebsd.org) Received: by phabric-backend.rbsd.freebsd.org (Postfix, from userid 1346) id D2D8F331E0FF; Thu, 31 Dec 2015 21:01:17 +0000 (UTC) Date: Thu, 31 Dec 2015 21:01:17 +0000 To: freebsd-net@freebsd.org From: "mmoll (Michael Moll)" Reply-to: D1944+325+8925873bdc96dfc2@reviews.freebsd.org Subject: [Differential] [Commented On] D1944: PF and VIMAGE fixes Message-ID: <7edf9d19ab50ddd44c140cee57185686@localhost.localdomain> X-Priority: 3 X-Phabricator-Sent-This-Message: Yes X-Mail-Transport-Agent: MetaMTA X-Auto-Response-Suppress: All X-Phabricator-Mail-Tags: Thread-Topic: D1944: PF and VIMAGE fixes X-Herald-Rules: none X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: Precedence: bulk In-Reply-To: References: Thread-Index: NDc2NzM0MzY4OTdiYThiNTU1MjY2ZDZmMTJiIFaFl50= MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="utf-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Dec 2015 21:01:18 -0000 mmoll added a comment. Nikos, could you have a look into PR 205743? REVISION DETAIL https://reviews.freebsd.org/D1944 EMAIL PREFERENCES https://reviews.freebsd.org/settings/panel/emailpreferences/ To: nvass-gmx.com, bz, trociny, kristof, gnn, zec, rodrigc, glebius, eri Cc: mmoll, javier_ovi_yahoo.com, farrokhi, julian, robak, freebsd-virtualization-list, freebsd-pf-list, freebsd-net-list From owner-freebsd-net@freebsd.org Fri Jan 1 11:42:56 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E5126A54177 for ; Fri, 1 Jan 2016 11:42:56 +0000 (UTC) (envelope-from h.rezaee@ideatech.io) Received: from mail.ideatech.io (mail.ideatech.io [104.131.120.36]) by mx1.freebsd.org (Postfix) with ESMTP id C19551118 for ; Fri, 1 Jan 2016 11:42:56 +0000 (UTC) (envelope-from h.rezaee@ideatech.io) Received: from hadi-pc.my.domain (unknown [83.121.0.83]) by mail.ideatech.io (Postfix) with ESMTPSA id 2AD21112815 for ; Fri, 1 Jan 2016 06:33:47 -0500 (EST) To: freebsd-net@freebsd.org From: Hadi Rezaee Subject: pcap and processing packets X-Enigmail-Draft-Status: N1110 Message-ID: <56866415.6080303@ideatech.io> Date: Fri, 1 Jan 2016 15:03:41 +0330 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jan 2016 11:42:57 -0000 Hello everybody, I'm about writing a packet filter using libpcap .. I just have two theoretical question that I hope to get them answered here. 1) Let say, I've initialed pcap on my ethernet nic using "pcap_open_live" (in non-blocking-mode) and "pcap_dispatch". lets assume that the user callback function (for dispatch) is implemented in not optimal manner that takes for example 5 seconds to finish processing each packet. I want to know what will happen to ongoing incoming packets ?! are they getting buffered or queued somewhere in OS ? or they just get simply dropped ? 2) When i initial pcap with pcap_open_live, and I set "to_ms" (read-timeout) parameter to zero .. I cannot catch a thing ! it has to be more than zero to work .. Is it normal behavior ? Thanks, -- Hadi Rezaee +98 912 1403571 IdeaTech.io