Date: Sat, 11 Jan 2003 15:08:18 -0800 (PST) From: Galen Sampson <galen_sampson@yahoo.com> To: current@freebsd.org Subject: Re: releng_5_0 tun device drops packets that bpf recieves Message-ID: <20030111230818.35515.qmail@web14102.mail.yahoo.com> In-Reply-To: <20030111224557.39746.qmail@web14104.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorry for replying to myself. I forgot to mention the firewall rules. They are: diskless# ipfw show 00100 20 1776 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 346959 94613554 allow ip from any to any 65535 0 0 deny ip from any to any which is the default 'firewall_type="OPEN"'. --- Galen Sampson <galen_sampson@yahoo.com> wrote: > Hello All, > > I have recently been using windows to connect to the net with dialup. The > reason I haven't been using FreeBSD is because the tun0 interface drops ~30% > of > the packets it recieves. I thought that perhaps the phone number I was > calling > was sending me bad packets (with checksum errors, etc.). That doesn't seem > to > be the case. My next guess was that my resolver wasn't set up correctly, and > that was why all of my applications (mozilla, cvsup) couldn't reach hosts. I > used ethereal (snooping interface tun0, the interface that was used as the > point to point link) and found that packets were sent, and recieved, but > nslookup would still claim a timeout. Finally I decided to ping a raw IP > address that I knew was up (i.e. don't use the resolver) while ethereal was > running. Ping would claim a 30% packet loss, while ethereal would recieve an > ICMP response for every ICMP request sent. > > Why would bpf recieve all traffic (with correct checksums) while user > appications (ping) would claim a 30% packet loss? > > My kernel has the following options: > > options INET #InterNETworking > options INET6 #IPv6 communications protocols > options IPSEC #IP security > options IPSEC_ESP #IP security (crypto; define w/ IPSEC) > options IPFIREWALL #firewall > options IPFIREWALL_VERBOSE #enable logging to syslogd(8) > options IPFIREWALL_FORWARD #enable transparent proxy support > options IPV6FIREWALL #firewall for IPv6 > options IPV6FIREWALL_VERBOSE > options IPDIVERT #divert sockets > options IPSTEALTH #support for stealth forwarding > device gif # IPv6 and IPv4 tunneling > device tun # Packet tunnel. > > Realizing that it is possible that some of these options may be affecting > this > situation I commented out everything but 'options INET' however the kernel > won't link (attached kernel config file). Is 'options INET6' required if you > want ip/icmp/tcp/udp support? > > regards, > Galen > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com>; # > # GENERIC -- Generic kernel configuration file for FreeBSD/i386 > # > # For more information on this file, please read the handbook section on > # Kernel Configuration Files: > # > # http://www.FreeBSD.org/handbook/kernelconfig-config.html > # > # The handbook is also available locally in /usr/share/doc/handbook > # if you've installed the doc distribution, otherwise always see the > # FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the > # latest information. > # > # An exhaustive list of options and more detailed explanations of the > # device lines is also present in the NOTES configuration file. If you are > # in doubt as to the purpose or necessity of a line, check first in NOTES. > # > # $FreeBSD: src/sys/i386/conf/GENERIC,v 1.329 2001/11/06 16:15:47 obrien Exp > $ > > machine i386 > cpu I686_CPU > ident DISKLESS > > #To statically compile in device wiring instead of /boot/device.hints > #hints "GENERIC.hints" #Default places to look for devices. > > options NFS_ROOT > options BOOTP #NFS Root for diskless booting > options BOOTP_NFSROOT #NFS Root for diskless booting > > options INET #InterNETworking > #options INET6 #IPv6 communications protocols > #options IPSEC #IP security > #options IPSEC_ESP #IP security (crypto; define w/ IPSEC) > #options IPFIREWALL #firewall > #options IPFIREWALL_VERBOSE #enable logging to syslogd(8) > #options IPFIREWALL_FORWARD #enable transparent proxy support > #options IPV6FIREWALL #firewall for IPv6 > #options IPV6FIREWALL_VERBOSE > #options IPDIVERT #divert sockets > #options IPSTEALTH #support for stealth forwarding > #options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default > #Must allow everything for diskless at > #first > > options FFS #Berkeley Fast Filesystem > options SOFTUPDATES #Enable FFS soft updates support > options UFS_EXTATTR #Enable extra attributes for acls > options UFS_EXTATTR_AUTOSTART > options UFS_ACL #ACL support > options UFS_DIRHASH > > options NFSCLIENT #Network Filesystem Client > options MSDOSFS #MSDOS Filesystem > options CD9660 #ISO 9660 Filesystem > options PSEUDOFS #Required by PROCFS > options PROCFS #Process filesystem > > options COMPAT_FREEBSD4 > options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!] > options KTRACE #ktrace(1) support > options SYSVSHM #SYSV-style shared memory > options SYSVMSG #SYSV-style message queues > options SYSVSEM #SYSV-style semaphores > options _KPOSIX_PRIORITY_SCHEDULING > options KBD_INSTALL_CDEV # install a CDEV entry in /dev > > device isa > device pci > > # Floppy drives > device fdc > > # ATA and ATAPI devices > device ata > device atadisk # ATA disk drives > device atapicd # ATAPI CDROM drives > > # atkbdc0 controls both the keyboard and the PS/2 mouse > device atkbdc # At keyboard controller > device atkbd # at keyboard > device psm # psm mouse > > device vga # VGA screen > device agp # AGP support > #options VESA # Support VESA video modes > > # splash screen/screen saver > device splash > > # syscons is the default console driver, resembling an SCO console > device sc > > # Floating point support - do not disable. > device npx > > # Serial (COM) ports > device sio # 8250, 16[45]50 based serial ports > > # Parallel port > device ppc > device ppbus # Parallel port bus (required) > device lpt # Printer > > # PCI Ethernet NICs. > > # PCI Ethernet NICs that use the common MII bus controller code. > # NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! > device miibus # MII bus support > device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'') > > # Pseudo devices - the number indicates how many units to allocate. > device random # Entropy device > device loop # Network loopback > device ether # Ethernet support > device tun # Packet tunnel. > device pty # Pseudo-ttys (telnet etc) > device md # Memory "disks" > #device gif # IPv6 and IPv4 tunneling > > # The `bpf' device enables the Berkeley Packet Filter. > # Be aware of the administrative consequences of enabling this! > device bpf # Berkeley packet filter > > # Sound > device pcm > __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030111230818.35515.qmail>