From owner-freebsd-net@FreeBSD.ORG Sun Jul 10 07:28:29 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1FE3716A41C for ; Sun, 10 Jul 2005 07:28:29 +0000 (GMT) (envelope-from mshindo@mshindo.net) Received: from ober.mshindo.net (usen-221x245x168x210.ap-US01.usen.ad.jp [221.245.168.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2422943D48 for ; Sun, 10 Jul 2005 07:28:27 +0000 (GMT) (envelope-from mshindo@mshindo.net) Received: from localhost (usen-221x245x168x211.ap-US01.usen.ad.jp [221.245.168.211]) by ober.mshindo.net (Postfix) with ESMTP id 31AB3336432 for ; Sun, 10 Jul 2005 16:28:58 +0900 (JST) Date: Sun, 10 Jul 2005 16:51:28 +0900 (JST) Message-Id: <20050710.165128.39641194.mshindo@mshindo.net> To: freebsd-net@freebsd.org From: Motonori Shindo X-Mailer: Mew version 4.1.53 on Emacs 21.2 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Netgraph mpd as a PPPoE access concentrator X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Jul 2005 07:28:29 -0000 Hi, I'm trying to use Netgraph (mpd) as a PPPoE access concentrator (i.e. PPPoE server). It is working OK but with one minor potential problem which I haven't been able to solve. The following is the mpd log file (replacing ip addresses with XXX.XXX.XXX.XXX) and configuration files. As we see in this log, the first incoming request succeeds and operates normally. However, "device" seems to be getting an attempt to bring it up again right after the first call is disconnected. This attempt never succeeds and is repeated indefinitely. Even in this state, subsequent PPPoE incoming request succeeds, so this is not a significant problem, but I just don't feel comfortable. Can anyone can give me an advice to get this problem solved? Thanks! ober# mpd Multi-link PPP for FreeBSD, by Archie L. Cobbs. Based on iij-ppp, by Toshiharu OHNO. mpd: pid 15311, version 3.18 (root@freebsd.org 22:43 3-Apr-2005) [AC0] ppp node is "mpd15311-AC0" [AC0] exec: /sbin/ifconfig bge0 up [AC0] using interface ng0 [AC1] ppp node is "mpd15311-AC1" [AC1] using interface ng1 [AC1:AC1] [AC0] PPPoE server listening on bge0: for service "*" Incoming PPPoE connection request via bge0: for service "*" from 00:90:4b:74:2a:7a [AC0] Accepting PPPoE connection [AC0] PPPoE response sent [AC0] IPCP: Open event [AC0] IPCP: state change Initial --> Starting [AC0] IPCP: LayerStart [AC0] bundle: OPEN event in state CLOSED [AC0] opening link "AC0"... [AC0] link: OPEN event [AC0] LCP: Open event [AC0] LCP: state change Initial --> Starting [AC0] LCP: LayerStart [AC0] device: OPEN event in state DOWN [AC0] PppoeOpen() on incoming call [AC0] device is now in state OPENING [AC0] PPPoE connection successful [AC0] device: UP event in state OPENING [AC0] device is now in state UP [AC0] link: UP event [AC0] link: origination is remote [AC0] LCP: Up event [AC0] LCP: state change Starting --> Req-Sent [AC0] LCP: phase shift DEAD --> ESTABLISH [AC0] LCP: SendConfigReq #1 MRU 1492 MAGICNUM fc5008f5 AUTHPROTO CHAP MD5 [AC0] LCP: rec'd Configure Request #0 link 0 (Req-Sent) MRU 1480 MAGICNUM 250854c3 CALLBACK Not supported [AC0] LCP: SendConfigRej #0 CALLBACK [AC0] LCP: rec'd Configure Ack #1 link 0 (Req-Sent) MRU 1492 MAGICNUM fc5008f5 AUTHPROTO CHAP MD5 [AC0] LCP: state change Req-Sent --> Ack-Rcvd [AC0] LCP: rec'd Configure Request #1 link 0 (Ack-Rcvd) MRU 1480 MAGICNUM 250854c3 [AC0] LCP: SendConfigAck #1 MRU 1480 MAGICNUM 250854c3 [AC0] LCP: state change Ack-Rcvd --> Opened [AC0] LCP: phase shift ESTABLISH --> AUTHENTICATE [AC0] LCP: auth: peer wants nothing, I want CHAP [AC0] CHAP: sending CHALLENGE [AC0] LCP: LayerUp [AC0] LCP: rec'd Ident #2 link 0 (Opened) MESG: MSRASV5.10 [AC0] LCP: rec'd Ident #3 link 0 (Opened) MESG: MSRAS-0-SHINDO-DELL [AC0] CHAP: rec'd RESPONSE #1 Name: "pppoe2" Peer name: "pppoe2" Response is valid [AC0] CHAP: sending SUCCESS [AC0] LCP: authorization successful [AC0] LCP: phase shift AUTHENTICATE --> NETWORK [AC0] setting interface ng0 MTU to 1480 bytes [AC0] up: 1 link, total bandwidth 64000 bps [AC0] IPCP: Up event [AC0] IPCP: state change Starting --> Req-Sent [AC0] IPCP: SendConfigReq #1 IPADDR XXX.XXX.XXX.XXX COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [AC0] rec'd unexpected protocol CCP on link 0, rejecting [AC0] IPCP: rec'd Configure Request #5 link 0 (Req-Sent) IPADDR 0.0.0.0 NAKing with XXX.XXX.XXX.XXX PRIDNS 0.0.0.0 PRINBNS 0.0.0.0 SECDNS 0.0.0.0 SECNBNS 0.0.0.0 [AC0] IPCP: SendConfigRej #5 PRIDNS 0.0.0.0 PRINBNS 0.0.0.0 SECDNS 0.0.0.0 SECNBNS 0.0.0.0 [AC0] IPCP: rec'd Configure Reject #1 link 0 (Req-Sent) COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [AC0] IPCP: SendConfigReq #2 IPADDR XXX.XXX.XXX.XXX [AC0] IPCP: rec'd Configure Request #6 link 0 (Req-Sent) IPADDR 0.0.0.0 NAKing with XXX.XXX.XXX.XXX [AC0] IPCP: SendConfigNak #6 IPADDR XXX.XXX.XXX.XXX [AC0] IPCP: rec'd Configure Ack #2 link 0 (Req-Sent) IPADDR XXX.XXX.XXX.XXX [AC0] IPCP: state change Req-Sent --> Ack-Rcvd [AC0] IPCP: rec'd Configure Request #7 link 0 (Ack-Rcvd) IPADDR XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX is OK [AC0] IPCP: SendConfigAck #7 IPADDR XXX.XXX.XXX.XXX [AC0] IPCP: state change Ack-Rcvd --> Opened [AC0] IPCP: LayerUp XXX.XXX.XXX.XXX -> XXX.XXX.XXX.XXX [AC0] IFACE: Up event [AC0] IFACE: Opening [AC0] setting interface ng0 MTU to 1480 bytes [AC0] exec: /sbin/ifconfig ng0 XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX netmask 0xffffffff -link0 [AC0] exec: /usr/sbin/arp -s XXX.XXX.XXX.XXX 0:1:2:73:d:14 pub [AC0] exec: command returned 256 [AC0] exec: /sbin/route add XXX.XXX.XXX.XXX -iface lo0 [AC0] IFACE: Up event (at this point, PPPoE session is manually disconnected) [AC0] LCP: rec'd Terminate Request #8 link 0 (Opened) [AC0] LCP: state change Opened --> Stopping [AC0] LCP: phase shift NETWORK --> TERMINATE [AC0] setting interface ng0 MTU to 1500 bytes [AC0] up: 0 links, total bandwidth 9600 bps [AC0] IPCP: Down event [AC0] IPCP: state change Opened --> Starting [AC0] IPCP: LayerDown [AC0] IFACE: Down event [AC0] exec: /sbin/route delete XXX.XXX.XXX.XXX -iface lo0 [AC0] exec: /sbin/ifconfig ng0 down delete -link0 [AC0] LCP: SendTerminateAck #2 [AC0] LCP: LayerDown [AC0] LCP: rec'd Terminate Request #9 link 0 (Stopping) [AC0] LCP: SendTerminateAck #3 [AC0] LCP: state change Stopping --> Stopped [AC0] LCP: phase shift TERMINATE --> ESTABLISH [AC0] LCP: LayerFinish [AC0] device: CLOSE event in state UP [AC0] device is now in state CLOSING [AC0] device: DOWN event in state CLOSING [AC0] device is now in state DOWN [AC0] link: DOWN event [AC0] LCP: Down event [AC0] LCP: state change Stopped --> Starting [AC0] LCP: phase shift ESTABLISH --> DEAD [AC0] LCP: LayerStart [AC0] device: OPEN event in state DOWN [AC0] pausing 4 seconds before open [AC0] device is now in state DOWN [AC0] device: OPEN event in state DOWN [AC0] device is now in state DOWN [AC0] closing link "AC0"... [AC0] link: CLOSE event [AC0] LCP: Close event [AC0] LCP: state change Starting --> Initial [AC0] LCP: LayerFinish [AC0] device: CLOSE event in state DOWN [AC0] device is now in state DOWN [AC0] opening link "AC0"... [AC0] link: OPEN event [AC0] LCP: Open event [AC0] LCP: state change Initial --> Starting [AC0] LCP: LayerStart [AC0] device: OPEN event in state DOWN [AC0] pausing 1 seconds before open [AC0] device is now in state DOWN [AC0] device: OPEN event in state DOWN [AC0] PPPoE originate option is not enabled [AC0] device is now in state OPENING [AC0] device: DOWN event in state OPENING [AC0] device is now in state DOWN [AC0] link: DOWN event [AC0] LCP: Down event [AC0] device: OPEN event in state DOWN [AC0] pausing 4 seconds before open [AC0] device is now in state DOWN [AC0] device: OPEN event in state DOWN [AC0] pausing 2 seconds before open [AC0] device is now in state DOWN [AC0] device: OPEN event in state DOWN [AC0] PPPoE originate option is not enabled [AC0] device is now in state OPENING [AC0] device: DOWN event in state OPENING [AC0] device is now in state DOWN [AC0] link: DOWN event [AC0] LCP: Down event [AC0] device: OPEN event in state DOWN [AC0] pausing 6 seconds before open [AC0] device is now in state DOWN : : : (this repeats indefinitely) [mpd.conf] default: load AC0 load AC1 AC0: new -i ng0 AC0 AC0 set ipcp ranges 221.245.168.210/32 221.245.168.212/32 load pppoe_common AC1: new -i ng1 AC1 AC1 set ipcp ranges 221.245.168.210/32 221.245.168.213/32 load pppoe_common pppoe_common: set iface disable on-demand set bundle disable multilink set iface enable proxy-arp set iface idle 0 set link no acfcomp protocomp set link no pap chap set link enable chap set link mtu 1492 set link keep-alive 10 60 set ipcp yes vjcomp [mpd.links] AC0: set link type pppoe set pppoe iface bge0 set pppoe service "*" set pppoe enable incoming set pppoe disable originate AC1: set link type pppoe set pppoe iface bge0 set pppoe service "*" set pppoe enable incoming set pppoe disable originate --- Motonori Shindo Fivefront Corporation From owner-freebsd-net@FreeBSD.ORG Mon Jul 11 06:43:47 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A52116A41C for ; Mon, 11 Jul 2005 06:43:47 +0000 (GMT) (envelope-from olsson@puffy.nu) Received: from mail-srv1.teleservice.net (mail-srv1.teleservice.net [193.109.175.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id B42C543D55 for ; Mon, 11 Jul 2005 06:43:46 +0000 (GMT) (envelope-from olsson@puffy.nu) Received: from [193.109.175.118] by mail-srv1.sjobo.nu (GMS 11.00.3335/NU2793.00.3c1025a7) with ESMTP id phhryeaa for freebsd-net@freebsd.org; Mon, 11 Jul 2005 08:43:40 +0200 Message-ID: <42D2151B.4020807@puffy.nu> Date: Mon, 11 Jul 2005 08:43:39 +0200 From: Philip Olsson User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050526) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: ipfw+dummynet only getting half bandwidth when using routed interfaces. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jul 2005 06:43:47 -0000 Hello I have a working setup with ipfw+dummynet+bridge where I get proper speeds but I want to have routed interfaces instead and skip the bridge. But when converting to routed interfaces the bandwith through the queues drops to half. This is both in 5.4-REL and RELENG_5_4 and is showing on both xl and em ( not that the interfaces should matter ) The topology that work is: server<->bridge<->client The topology I want but that does not work properly is: server<->router<->client This is my conf: ipfw add pipe 1 ip from 192.168.1.1 to any out ipfw add pipe 2 ip from any to 192.168.1.1 in ipfw pipe 1 config bw 2048Kbit/s ipfw pipe 2 config bw 2048bit/s // Philip From owner-freebsd-net@FreeBSD.ORG Mon Jul 11 06:48:49 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2512016A41C for ; Mon, 11 Jul 2005 06:48:49 +0000 (GMT) (envelope-from fooler@skyinet.net) Received: from smtp1.skyinet.net (smtp1.skyinet.net [202.78.97.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id C7E0443D46 for ; Mon, 11 Jul 2005 06:48:48 +0000 (GMT) (envelope-from fooler@skyinet.net) Received: from fooler (fooler.ilo.skyinet.net [202.78.118.66]) by smtp1.skyinet.net (Postfix) with SMTP id 597D458387; Mon, 11 Jul 2005 14:48:45 +0800 (PHT) Message-ID: <024801c585e4$96ac7750$42764eca@ilo.skyinet.net> From: "fooler" To: "Philip Olsson" , References: <42D2151B.4020807@puffy.nu> Date: Mon, 11 Jul 2005 14:48:47 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Cc: Subject: Re: ipfw+dummynet only getting half bandwidth when using routedinterfaces. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jul 2005 06:48:49 -0000 ----- Original Message ----- From: "Philip Olsson" To: Sent: Monday, July 11, 2005 2:43 PM Subject: ipfw+dummynet only getting half bandwidth when using routedinterfaces. > ipfw pipe 1 config bw 2048Kbit/s > ipfw pipe 2 config bw 2048bit/s isnt pipe number 2 is the culprit? 2048 bps instead of kilobits.... fooler. From owner-freebsd-net@FreeBSD.ORG Mon Jul 11 06:51:35 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B33E16A41C for ; Mon, 11 Jul 2005 06:51:35 +0000 (GMT) (envelope-from vladone@llwb135.servidoresdns.net) Received: from llwb135.servidoresdns.net (llwb135.servidoresdns.net [217.76.137.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id C6F4843D48 for ; Mon, 11 Jul 2005 06:51:34 +0000 (GMT) (envelope-from vladone@llwb135.servidoresdns.net) Received: from SERVEREL (unknown [81.12.246.122]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by llwb135.servidoresdns.net (Postfix) with ESMTP id 932BB24C6F5 for ; Mon, 11 Jul 2005 08:42:29 +0200 (CEST) Date: Mon, 11 Jul 2005 09:51:59 +0300 From: vladone X-Mailer: The Bat! (v3.0.1.33) Professional X-Priority: 3 (Normal) Message-ID: <13510018368.20050711095159@llwb135.servidoresdns.net> To: freebsd-net@freebsd.org In-Reply-To: <42D2151B.4020807@puffy.nu> References: <42D2151B.4020807@puffy.nu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: ipfw+dummynet only getting half bandwidth when using routed interfaces. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vladone List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jul 2005 06:51:35 -0000 Hello Philip, Monday, July 11, 2005, 9:43:39 AM, you wrote: > Hello > I have a working setup with ipfw+dummynet+bridge where I get proper > speeds but I want to have routed interfaces instead and skip the bridge. > But when converting to routed interfaces the bandwith through the queues > drops to half. > This is both in 5.4-REL and RELENG_5_4 and is showing on both xl and em > ( not that the interfaces should matter ) > The topology that work is: > server<->bridge<->client > The topology I want but that does not work properly is: > server<->router<->client > This is my conf: > ipfw add pipe 1 ip from 192.168.1.1 to any out > ipfw add pipe 2 ip from any to 192.168.1.1 in This is happend because your pachets pass throught firewall two times. I have same problem, and with atention u can resolv this. Separe traffic that in or out per interface. From owner-freebsd-net@FreeBSD.ORG Mon Jul 11 07:02:14 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 75B1A16A41C for ; Mon, 11 Jul 2005 07:02:14 +0000 (GMT) (envelope-from olsson@puffy.nu) Received: from mail-srv1.teleservice.net (mail-srv1.teleservice.net [193.109.175.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id ECA8E43D49 for ; Mon, 11 Jul 2005 07:02:13 +0000 (GMT) (envelope-from olsson@puffy.nu) Received: from [193.109.175.118] by mail-srv1.sjobo.nu (GMS 11.00.3335/NU2793.00.3c1025a7) with ESMTP id ugiryeaa for freebsd-net@freebsd.org; Mon, 11 Jul 2005 09:02:10 +0200 Message-ID: <42D21971.9000202@puffy.nu> Date: Mon, 11 Jul 2005 09:02:09 +0200 From: Philip Olsson User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050526) X-Accept-Language: en-us, en MIME-Version: 1.0 To: fooler , freebsd-net@freebsd.org References: <42D2151B.4020807@puffy.nu> <024801c585e4$96ac7750$42764eca@ilo.skyinet.net> In-Reply-To: <024801c585e4$96ac7750$42764eca@ilo.skyinet.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: ipfw+dummynet only getting half bandwidth when using routedinterfaces. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jul 2005 07:02:14 -0000 fooler wrote: >----- Original Message ----- >From: "Philip Olsson" >To: >Sent: Monday, July 11, 2005 2:43 PM >Subject: ipfw+dummynet only getting half bandwidth when using >routedinterfaces. > > > > >>ipfw pipe 1 config bw 2048Kbit/s >>ipfw pipe 2 config bw 2048bit/s >> >> > >isnt pipe number 2 is the culprit? 2048 bps instead of kilobits.... > >fooler. > > This is a typo, sorry! Supposed to be 2048Kbit/s >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > From owner-freebsd-net@FreeBSD.ORG Mon Jul 11 07:14:20 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 614A616A41C for ; Mon, 11 Jul 2005 07:14:20 +0000 (GMT) (envelope-from olsson@puffy.nu) Received: from mail-srv1.teleservice.net (mail-srv1.teleservice.net [193.109.175.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id D550043D49 for ; Mon, 11 Jul 2005 07:14:19 +0000 (GMT) (envelope-from olsson@puffy.nu) Received: from [193.109.175.118] by mail-srv1.sjobo.nu (GMS 11.00.3335/NU2793.00.3c1025a7) with ESMTP id lviryeaa for freebsd-net@freebsd.org; Mon, 11 Jul 2005 09:14:13 +0200 Message-ID: <42D21C45.3090204@puffy.nu> Date: Mon, 11 Jul 2005 09:14:13 +0200 From: Philip Olsson User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050526) X-Accept-Language: en-us, en MIME-Version: 1.0 To: vladone , freebsd-net@freebsd.org References: <42D2151B.4020807@puffy.nu> <13510018368.20050711095159@llwb135.servidoresdns.net> In-Reply-To: <13510018368.20050711095159@llwb135.servidoresdns.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: ipfw+dummynet only getting half bandwidth when using routed interfaces. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jul 2005 07:14:20 -0000 vladone wrote: >Hello Philip, > >Monday, July 11, 2005, 9:43:39 AM, you wrote: > > > >>Hello >>I have a working setup with ipfw+dummynet+bridge where I get proper >>speeds but I want to have routed interfaces instead and skip the bridge. >> >> > > > >>But when converting to routed interfaces the bandwith through the queues >>drops to half. >> >> > > > >>This is both in 5.4-REL and RELENG_5_4 and is showing on both xl and em >>( not that the interfaces should matter ) >> >> > > > >>The topology that work is: >>server<->bridge<->client >> >> > > > >>The topology I want but that does not work properly is: >>server<->router<->client >> >> > > > >>This is my conf: >> >> > > > >>ipfw add pipe 1 ip from 192.168.1.1 to any out >>ipfw add pipe 2 ip from any to 192.168.1.1 in >> >> >This is happend because your pachets pass throught firewall two times. >I have same problem, and with atention u can resolv this. Separe >traffic that in or out per interface. > > I have tried to add "via xl0" etc in different ways, do you have some sample rules? // Philip From owner-freebsd-net@FreeBSD.ORG Mon Jul 11 07:25:21 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C4BB216A41C for ; Mon, 11 Jul 2005 07:25:21 +0000 (GMT) (envelope-from fooler@skyinet.net) Received: from smtp1.skyinet.net (smtp1.skyinet.net [202.78.97.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6FF3143D45 for ; Mon, 11 Jul 2005 07:25:21 +0000 (GMT) (envelope-from fooler@skyinet.net) Received: from fooler (fooler.ilo.skyinet.net [202.78.118.66]) by smtp1.skyinet.net (Postfix) with SMTP id 9DFDB583C4; Mon, 11 Jul 2005 15:25:18 +0800 (PHT) Message-ID: <02ae01c585e9$b1f64c70$42764eca@ilo.skyinet.net> From: "fooler" To: "Philip Olsson" , References: <42D2151B.4020807@puffy.nu> Date: Mon, 11 Jul 2005 15:25:20 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Cc: Subject: Re: ipfw+dummynet only getting half bandwidth when using routedinterfaces. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jul 2005 07:25:21 -0000 ----- Original Message ----- From: "Philip Olsson" To: Sent: Monday, July 11, 2005 2:43 PM Subject: ipfw+dummynet only getting half bandwidth when using routedinterfaces. > This is a typo, sorry! > Supposed to be 2048Kbit/s ok.... > This is my conf: > > ipfw add pipe 1 ip from 192.168.1.1 to any out > ipfw add pipe 2 ip from any to 192.168.1.1 in > ipfw pipe 1 config bw 2048Kbit/s > ipfw pipe 2 config bw 2048bit/s i think one of the first two lines is only process instead of the two for incoming and outgoing.... please try this configuration first... ipfw add pipe 1 ip from any to any out via ipfw add pipe 2 ip from any to any in via ipfw pipe 1 config bw 2048Kbit/s ipfw pipe 2 config bw 2048Kbit/s if you getting full instead of half... then going back to your first configuration by doing an ipfw show determines which line wasnt processed by looking the number of packets flowing in it... fooler. From owner-freebsd-net@FreeBSD.ORG Mon Jul 11 07:39:06 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8430816A425 for ; Mon, 11 Jul 2005 07:39:06 +0000 (GMT) (envelope-from olsson@puffy.nu) Received: from mail-srv1.teleservice.net (mail-srv1.teleservice.net [193.109.175.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 02F5B43D55 for ; Mon, 11 Jul 2005 07:39:05 +0000 (GMT) (envelope-from olsson@puffy.nu) Received: from [193.109.175.118] by mail-srv1.sjobo.nu (GMS 11.00.3335/NU2793.00.3c1025a7) with ESMTP id rgkryeaa for freebsd-net@freebsd.org; Mon, 11 Jul 2005 09:39:04 +0200 Message-ID: <42D22214.2060804@puffy.nu> Date: Mon, 11 Jul 2005 09:39:00 +0200 From: Philip Olsson User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050526) X-Accept-Language: en-us, en MIME-Version: 1.0 To: fooler , freebsd-net@freebsd.org References: <42D2151B.4020807@puffy.nu> <02ae01c585e9$b1f64c70$42764eca@ilo.skyinet.net> In-Reply-To: <02ae01c585e9$b1f64c70$42764eca@ilo.skyinet.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: ipfw+dummynet only getting half bandwidth when using routed interfaces. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jul 2005 07:39:06 -0000 fooler wrote: >----- Original Message ----- >From: "Philip Olsson" >To: >Sent: Monday, July 11, 2005 2:43 PM >Subject: ipfw+dummynet only getting half bandwidth when using >routedinterfaces. > > > > >>This is a typo, sorry! >>Supposed to be 2048Kbit/s >> >> > >ok.... > > > >>This is my conf: >> >>ipfw add pipe 1 ip from 192.168.1.1 to any out >>ipfw add pipe 2 ip from any to 192.168.1.1 in >>ipfw pipe 1 config bw 2048Kbit/s >>ipfw pipe 2 config bw 2048bit/s >> >> > >i think one of the first two lines is only process instead of the two for >incoming and outgoing.... > >please try this configuration first... > >ipfw add pipe 1 ip from any to any out via >ipfw add pipe 2 ip from any to any in via >ipfw pipe 1 config bw 2048Kbit/s >ipfw pipe 2 config bw 2048Kbit/s > >if you getting full instead of half... then going back to your first >configuration by doing an ipfw show determines which line wasnt processed by >looking the number of packets flowing in it... > both counters increase.. and the last one "allow ip from any to any" But I guess that is because it matches the rules two times. I have tried only having one rule but the same problem ( ofcourse only one way. ) I have also experimented with recv and xmit without success.. // Philip From owner-freebsd-net@FreeBSD.ORG Mon Jul 11 09:54:16 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3504816A41C for ; Mon, 11 Jul 2005 09:54:16 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from postfix3-2.free.fr (postfix3-2.free.fr [213.228.0.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id CF90943D45 for ; Mon, 11 Jul 2005 09:54:15 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix3-2.free.fr (Postfix) with ESMTP id D6624C0DE; Mon, 11 Jul 2005 11:54:14 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id 4CC22405B; Mon, 11 Jul 2005 11:54:14 +0200 (CEST) Date: Mon, 11 Jul 2005 11:54:14 +0200 From: Jeremie Le Hen To: Philip Olsson Message-ID: <20050711095414.GC39292@obiwan.tataz.chchile.org> References: <42D2151B.4020807@puffy.nu> <02ae01c585e9$b1f64c70$42764eca@ilo.skyinet.net> <42D22214.2060804@puffy.nu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42D22214.2060804@puffy.nu> User-Agent: Mutt/1.5.9i Cc: fooler , freebsd-net@freebsd.org Subject: Re: ipfw+dummynet only getting half bandwidth when using routed interfaces. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jul 2005 09:54:16 -0000 Hi Philip, > both counters increase.. and the last one "allow ip from any to any" > > But I guess that is because it matches the rules two times. > I have tried only having one rule but the same problem ( ofcourse only > one way. ) > I have also experimented with recv and xmit without success.. Did you try something like this (assuming 192.168.1.1 is on xl0 side, fxp0 is the other interface) : ipfw add pipe 1 any from 192.168.1.1 to any bridged out recv xl0 xmit fxp0 ipfw add pipe 2 any from any to 192.168.1.1 bridged out recv fxp0 xmit xl0 Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > From owner-freebsd-net@FreeBSD.ORG Mon Jul 11 11:02:14 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF74016A420 for ; Mon, 11 Jul 2005 11:02:14 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id D6B9443D5E for ; Mon, 11 Jul 2005 11:02:12 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j6BB2Cou011514 for ; Mon, 11 Jul 2005 11:02:12 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j6BB2C8v011508 for freebsd-net@freebsd.org; Mon, 11 Jul 2005 11:02:12 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 11 Jul 2005 11:02:12 GMT Message-Id: <200507111102.j6BB2C8v011508@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jul 2005 11:02:15 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/07/11] kern/54383 net [nfs] [patch] NFS root configurations wit o [2005/06/21] kern/82470 net FreeBSD advertises wrong window scale in 2 problems total. From owner-freebsd-net@FreeBSD.ORG Mon Jul 11 13:40:41 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E856416A41C for ; Mon, 11 Jul 2005 13:40:41 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from mrout1-b.corp.dcn.yahoo.com (mrout1-b.corp.dcn.yahoo.com [216.109.112.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2FF6943D53 for ; Mon, 11 Jul 2005 13:40:40 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy8.corp.yahoo.com [216.145.48.13]) by mrout1-b.corp.dcn.yahoo.com (8.13.4/8.13.4/y.out) with ESMTP id j6BDeIB5064216 for ; Mon, 11 Jul 2005 06:40:19 -0700 (PDT) Date: Mon, 11 Jul 2005 22:40:21 +0900 Message-ID: From: gnn@freebsd.org To: freebsd-net@freebsd.org User-Agent: Wanderlust/2.12.2 (99 Luftballons) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (=?ISO-8859-4?Q?Sanj=F2?=) APEL/10.6 Emacs/21.2 (powerpc-apple-darwin) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Subject: Patch for routing socket bug, please review and test... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jul 2005 13:40:42 -0000 Hi Folks, Courtesy of OpenBSD, I have taken their changes and modified them to fit our kernel. Please test and let me know about this patch. Thanks, George Index: rtsock.c =================================================================== RCS file: /home/ncvs/src/sys/net/rtsock.c,v retrieving revision 1.123 diff -u -r1.123 rtsock.c --- rtsock.c 9 Jun 2005 12:20:50 -0000 1.123 +++ rtsock.c 11 Jul 2005 13:37:38 -0000 @@ -27,7 +27,7 @@ * SUCH DAMAGE. * * @(#)rtsock.c 8.7 (Berkeley) 10/12/95 - * $FreeBSD: src/sys/net/rtsock.c,v 1.123 2005/06/09 12:20:50 harti Exp $ + * $FreeBSD$ */ #include @@ -434,6 +434,25 @@ RT_LOCK(rt); RT_ADDREF(rt); + /* + * Fix for PR: 82974 + * + * RTM_CHANGE/LOCK need a perfect match, rn_lookup() + * returns a perfect match in case a netmask is + * specified. For host routes only a longest prefix + * match is returned so it is necessary to compare the + * existence of the netmaks. If both have a netmask + * rnh_lookup() did a perfect match and if non of them + * have a netmask both are host routes which is also a + * perfect match. + */ + + if (rtm->rtm_type != RTM_GET && + (!rt_mask(rt) != !info.rti_info[RTAX_NETMASK])) { + RT_UNLOCK(rt); + senderr(ESRCH); + } + switch(rtm->rtm_type) { case RTM_GET: From owner-freebsd-net@FreeBSD.ORG Mon Jul 11 17:43:09 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9ED6B16A41C; Mon, 11 Jul 2005 17:43:09 +0000 (GMT) (envelope-from dmehler26@woh.rr.com) Received: from ms-smtp-01-eri0.ohiordc.rr.com (ms-smtp-01-smtplb.ohiordc.rr.com [65.24.5.135]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4555E43D45; Mon, 11 Jul 2005 17:43:08 +0000 (GMT) (envelope-from dmehler26@woh.rr.com) Received: from satellite (cpe-71-65-68-238.woh.res.rr.com [71.65.68.238]) by ms-smtp-01-eri0.ohiordc.rr.com (8.12.10/8.12.7) with SMTP id j6BHh5WY000901; Mon, 11 Jul 2005 13:43:05 -0400 (EDT) Message-ID: <000301c5863f$e6c59fe0$0200a8c0@satellite> From: "dave" To: Date: Mon, 11 Jul 2005 13:42:16 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 X-Virus-Scanned: Symantec AntiVirus Scan Engine Cc: freebsd-net@freebsd.org Subject: two 3C905B's in 5.4 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dave List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jul 2005 17:43:09 -0000 Hello, I've got a 5.4 box that's going to be a router. It has two 3C905B cards in it and i'm having a blank fill it in as you wish, of a time getting the cards working. Neither card likes dhcp, sometimes i'll start dhclient and the cards will work, sometimes they won't. If i give the -v option to dhclient i get the message network is unreachable, see readme about broadcast address. I know this isn't a cable modem issue or a cable, because i plugged in an old 3c509 isa card and it worked the first time, this fix isn't practical for this setup. An ifconfig check shows both 905's in autonegociation mode 100-mbit tx, i'm wondering if i should manually set them to something, but am unsure as to what. One card one time gave me the waiting to transmit error message as mentioned in the man page and it took a reboot to fix it. I've checked the bios on this box and it's pnp os option is off. Any help appreciated. If more information is needed ask, i will send it. Thanks. Dave. From owner-freebsd-net@FreeBSD.ORG Mon Jul 11 18:49:46 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DE7E116A41C for ; Mon, 11 Jul 2005 18:49:46 +0000 (GMT) (envelope-from drgenio@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 783F043D46 for ; Mon, 11 Jul 2005 18:49:46 +0000 (GMT) (envelope-from drgenio@gmail.com) Received: by wproxy.gmail.com with SMTP id 55so969875wri for ; Mon, 11 Jul 2005 11:49:45 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=j432uIa2JYMt0otH6NmuvM9b+TKBcsa7Xf3qLmXfpyBy4r7/0NYyQpIUfbRD1P4m4Va7K/YUUducMTKJNyjx/2bdlEzAv/dM/m77gzTpE4d1ZYZE2yRSWSlIBYxVC/Pka4VgyJEBRzNJ/y+xZ2eIG5HplxO+dY38YimZ4Nr7E4Y= Received: by 10.54.45.1 with SMTP id s1mr4053714wrs; Mon, 11 Jul 2005 11:49:22 -0700 (PDT) Received: by 10.54.3.59 with HTTP; Mon, 11 Jul 2005 11:49:22 -0700 (PDT) Message-ID: <25a1a09905071111492f7b10c4@mail.gmail.com> Date: Mon, 11 Jul 2005 15:49:22 -0300 From: =?ISO-8859-1?Q?Hern=E1n_Freschi?= To: freebsd-net@freebsd.org In-Reply-To: <000301c5863f$e6c59fe0$0200a8c0@satellite> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <000301c5863f$e6c59fe0$0200a8c0@satellite> Subject: Re: two 3C905B's in 5.4 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: =?ISO-8859-1?Q?Hern=E1n_Freschi?= List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jul 2005 18:49:47 -0000 2005/7/11, dave : > I've got a 5.4 box that's going to be a router. It has two 3C905B car= ds Well I'm not sure if this helps, but I've read that old 3C905's, esp. rev. A have lots of issues, which were solved on Rev. C. 3COM does weird things sometimes, for example, the 3C509 (not 905) don't detect full duplex properly, because they were released before the MDI standard. Try setting it to 10/half, 10/full, 100/half and 100/full and see if they work OK. From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 06:21:15 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 596BB16A41C; Tue, 12 Jul 2005 06:21:15 +0000 (GMT) (envelope-from danny@cs.huji.ac.il) Received: from cs1.cs.huji.ac.il (cs1.cs.huji.ac.il [132.65.16.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id EBB7C43D46; Tue, 12 Jul 2005 06:21:14 +0000 (GMT) (envelope-from danny@cs.huji.ac.il) Received: from pampa.cs.huji.ac.il ([132.65.80.32]) by cs1.cs.huji.ac.il with esmtp id 1DsE8n-0004CT-NQ; Tue, 12 Jul 2005 09:21:13 +0300 X-Mailer: exmh version 2.7.0 06/18/2004 with nmh-1.0.4 To: freebsd-stable@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 12 Jul 2005 09:21:13 +0300 From: Danny Braniss Message-ID: Cc: freebsd-net@freebsd.org Subject: tcp troughput weirdness X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 06:21:15 -0000 while checking out the quality of a switch, I came about a very disturbing dicovery: FreeBSD <-> Linux througput is MUCH better than FreeBSD <-> FreeBSD Setup: 2 blades in the same bladeserver, A running FreeBSD 5.4, B running Linux C is running FreeBSD 5.4 all are connected at 1gb. A -+ (FreeBSD) | B -+ (Linux) | [switch] | +---- [router] --- C (FreeBSD) A & B are on the same Vlan. iperf results: Interval Transfer Bandwidth A <=> B 0.0-10.0 sec 1.09 GBytes 939 Mbits/sec A <=> C 0.0-10.0 sec 515 MBytes 432 Mbits/sec B <=> C 0.0-10.0 sec 1.07 GBytes 918 Mbits/sec I've run the tests several times, and the numbers are very similar, so BIG Question: is there anything that can be tunned on the FreeBSD to better the throughput? danny From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 06:42:50 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A30716A41C; Tue, 12 Jul 2005 06:42:50 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 062CC43D48; Tue, 12 Jul 2005 06:42:49 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.12.11) with ESMTP id j6C6gGmh011057; Mon, 11 Jul 2005 23:42:16 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id j6C6gGTI011056; Mon, 11 Jul 2005 23:42:16 -0700 (PDT) (envelope-from rizzo) Date: Mon, 11 Jul 2005 23:42:16 -0700 From: Luigi Rizzo To: Danny Braniss Message-ID: <20050711234216.A11017@xorpc.icir.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from danny@cs.huji.ac.il on Tue, Jul 12, 2005 at 09:21:13AM +0300 Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org Subject: Re: tcp troughput weirdness X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 06:42:50 -0000 we need more data points - did you test tcp or udp ? who is sourcing data ? are the bandwidth symmetric (i.e. A-> same as B -> A ? cheers luigi On Tue, Jul 12, 2005 at 09:21:13AM +0300, Danny Braniss wrote: > while checking out the quality of a switch, I came about a very disturbing > dicovery: FreeBSD <-> Linux througput is MUCH better than FreeBSD <-> FreeBSD > > Setup: > 2 blades in the same bladeserver, A running FreeBSD 5.4, B running Linux > C is running FreeBSD 5.4 > all are connected at 1gb. > > A -+ (FreeBSD) > | > B -+ (Linux) > | > [switch] > | > +---- [router] --- C (FreeBSD) > A & B are on the same Vlan. > > iperf results: > Interval Transfer Bandwidth > > A <=> B 0.0-10.0 sec 1.09 GBytes 939 Mbits/sec > > A <=> C 0.0-10.0 sec 515 MBytes 432 Mbits/sec > > B <=> C 0.0-10.0 sec 1.07 GBytes 918 Mbits/sec > > I've run the tests several times, and the numbers are very similar, > so BIG Question: is there anything that can be tunned on the FreeBSD to > better the throughput? > > danny > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 06:57:54 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF4A416A41C; Tue, 12 Jul 2005 06:57:54 +0000 (GMT) (envelope-from danny@cs.huji.ac.il) Received: from cs1.cs.huji.ac.il (cs1.cs.huji.ac.il [132.65.16.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 779E443D49; Tue, 12 Jul 2005 06:57:53 +0000 (GMT) (envelope-from danny@cs.huji.ac.il) Received: from pampa.cs.huji.ac.il ([132.65.80.32]) by cs1.cs.huji.ac.il with esmtp id 1DsEiG-0004x6-CJ; Tue, 12 Jul 2005 09:57:52 +0300 X-Mailer: exmh version 2.7.0 06/18/2004 with nmh-1.0.4 To: Luigi Rizzo In-Reply-To: Message from Luigi Rizzo of "Mon, 11 Jul 2005 23:42:16 PDT." <20050711234216.A11017@xorpc.icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 12 Jul 2005 09:57:52 +0300 From: Danny Braniss Message-ID: Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org Subject: Re: tcp troughput weirdness X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 06:57:55 -0000 > we need more data points - > did you test tcp or udp ? i used iperf: Client connecting to x-dev, TCP port 5001 TCP window size: 65.0 KByte (WARNING: requested 64.0 KByte) > who is sourcing data ? all, I tried all combinations, and the numbers are very similar to the ones i posted. > are the bandwidth symmetric (i.e. A-> same as B -> A ? yes, theys are all in the same floor, fisical distance is a few meters. i also tried other similar boxes and the freebsd thoughput is very similar, so i doubt it that switches or hardware is involved. > cheers > luigi thanks, danny > > On Tue, Jul 12, 2005 at 09:21:13AM +0300, Danny Braniss wrote: > > while checking out the quality of a switch, I came about a very disturbing > > dicovery: FreeBSD <-> Linux througput is MUCH better than FreeBSD <-> FreeBSD > > > > Setup: > > 2 blades in the same bladeserver, A running FreeBSD 5.4, B running Linux > > C is running FreeBSD 5.4 > > all are connected at 1gb. > > > > A -+ (FreeBSD) > > | > > B -+ (Linux) > > | > > [switch] > > | > > +---- [router] --- C (FreeBSD) > > A & B are on the same Vlan. > > > > iperf results: > > Interval Transfer Bandwidth > > > > A <=> B 0.0-10.0 sec 1.09 GBytes 939 Mbits/sec > > > > A <=> C 0.0-10.0 sec 515 MBytes 432 Mbits/sec > > > > B <=> C 0.0-10.0 sec 1.07 GBytes 918 Mbits/sec > > > > I've run the tests several times, and the numbers are very similar, > > so BIG Question: is there anything that can be tunned on the FreeBSD to > > better the throughput? > > > > danny > > > > > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 09:21:26 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 070FE16A41C; Tue, 12 Jul 2005 09:21:26 +0000 (GMT) (envelope-from danny@cs.huji.ac.il) Received: from cs1.cs.huji.ac.il (cs1.cs.huji.ac.il [132.65.16.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 923D743D4C; Tue, 12 Jul 2005 09:21:25 +0000 (GMT) (envelope-from danny@cs.huji.ac.il) Received: from pampa.cs.huji.ac.il ([132.65.80.32]) by cs1.cs.huji.ac.il with esmtp id 1DsGx9-0008Xc-GW; Tue, 12 Jul 2005 12:21:23 +0300 X-Mailer: exmh version 2.7.0 06/18/2004 with nmh-1.0.4 To: David Malone In-reply-to: Your message of Tue, 12 Jul 2005 09:59:50 +0100 . Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 12 Jul 2005 12:21:23 +0300 From: Danny Braniss Message-ID: Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org, Luigi Rizzo Subject: Re: tcp troughput weirdness X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 09:21:26 -0000 > > > Are the window sizes on Linux bigger or smaller? > > > TCP window size: 16.0 KByte (default) > > smaller :-(, but increasing it does not make any change > > Hmmm... Various things that you could try (I'd try them > one by on, rather than all together): > > 1) sysctl net.inet.tcp.inflight_enable=0 > > 2) sysctl net.inet.tcp.sendspace=131072 > sysctl net.inet.tcp.recvspace=131072 > > 3) sysctl net.inet.tcp.sack.enable=0 > > I'd be interested to know if any of them make much difference. combining sysctl net.inet.tcp.sendspace=131072 and sysctl net.inet.tcp.inflight.enable=0 did the trick! now can someone remind me what inflight does? and could someone explain why increasing sendspace alone did not do the trick? (i had it at 64k, which got things better, but not sufficient). thanks! > > David. From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 09:34:34 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 05AAC16A41C for ; Tue, 12 Jul 2005 09:34:34 +0000 (GMT) (envelope-from mile@cefur.net) Received: from mta1.siol.net (mta1.siol.net [193.189.160.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 21CB343D46 for ; Tue, 12 Jul 2005 09:34:32 +0000 (GMT) (envelope-from mile@cefur.net) Received: from edge1.siol.net ([10.10.10.210]) by mta1.siol.net with ESMTP id <20050712093431.JQYF2352.mta1.siol.net@edge1.siol.net> for ; Tue, 12 Jul 2005 11:34:31 +0200 Received: from mail.cefur.net ([193.189.190.183]) by edge1.siol.net with ESMTP id <20050712093431.UIEJ15133.edge1.siol.net@mail.cefur.net> for ; Tue, 12 Jul 2005 11:34:31 +0200 Received: from 193.77.242.29 (SquirrelMail authenticated user mile) by mail.cefur.net with HTTP; Tue, 12 Jul 2005 11:36:54 +0200 (CEST) Message-ID: <1862.193.77.242.29.1121161014.squirrel@mail.cefur.net> Date: Tue, 12 Jul 2005 11:36:54 +0200 (CEST) From: "Mile" To: freebsd-net@freebsd.org User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-2 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: (no subject) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: mile@cefur.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 09:34:34 -0000 Hi, I am using FreeBSD 5.4-STABLE FreeBSD 5.4-STABLE #2: Tue Jun 7 23:41:06 CEST 2005 brane@office.mobila-pu.si:/usr/obj/usr/src/sys/mobila i386 and i have one big problem with lan... If i use mpd then some sites dont work on lan (www.hp.com www.najdi.si .....) but if i use ppp then everything work. My configs natd.conf interface ng0 dynamic yes use_sockets yes /etc/ipfw #natd /sbin/ipfw 15 add divert natd all from any to any via ng0 sysctl.conf security.bsd.see_other_uids=0 security.bsd.see_other_gids=0 security.bsd.unprivileged_read_msgbuf=0 net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 vm.swap_idle_enabled=1 kern.ipc.maxsockbuf=2097152 kern.ipc.somaxconn=2048 kern.maxfiles=65536 kern.maxfilesperproc=32768 net.inet.tcp.rfc1323=0 net.inet.tcp.delayed_ack=0 net.inet.tcp.sendspace=32768 net.inet.tcp.recvspace=32768 net.inet.udp.recvspace=32768 net.inet.udp.maxdgram=57344 net.local.stream.recvspace=32768 net.local.stream.sendspace=32768 net.inet.icmp.drop_redirect=1 net.inet.icmp.log_redirect=1 net.inet.ip.redirect=1 net.inet6.ip6.redirect=0 net.inet.ip.sourceroute=1 net.inet.ip.accept_sourceroute=1 net.link.ether.inet.max_age=1200 net.inet.icmp.bmcastecho=0 net.inet.tcp.drop_synfin=1 net.inet.ip.fw.verbose=1 I think that it isnt problem in configs.... because as i said with ppp everythink work fine. I had same issues with freebsd 4.11. greetz, mile From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 09:44:05 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0FE9916A41C for ; Tue, 12 Jul 2005 09:44:05 +0000 (GMT) (envelope-from garrett.mackey@o2.ie) Received: from mail2.o2.ie (mail2.o2.ie [62.40.36.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9C64C43D45 for ; Tue, 12 Jul 2005 09:44:04 +0000 (GMT) (envelope-from garrett.mackey@o2.ie) Received: from [10.0.0.222] by mail2.o2.ie (Sun ONE Messaging Server) with ESMTP id <0IJI004HVDPE1V60@mail2.o2.ie> for freebsd-net@freebsd.org; Tue, 12 Jul 2005 10:44:02 +0100 (IST) Date: Tue, 12 Jul 2005 10:54:12 +0100 From: Garrett Mackey To: freebsd-net@freebsd.org Message-id: <42D39344.7080805@o2.ie> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7BIT X-Accept-Language: en-us, en User-Agent: Mozilla Thunderbird 1.0 (X11/20041206) Subject: DNS caching example X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 09:44:05 -0000 Hi there Anyone got a example of how they set up their freebsd host as a caching-only nameserver. I have followed the procedure in the handbook but am still having problems. I would be particularly interested in sample localhost.rev and named.conf files. I'm new enough to freebsd and would appreciate any help. Thanks G From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 09:48:25 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2215C16A41C for ; Tue, 12 Jul 2005 09:48:25 +0000 (GMT) (envelope-from regnauld@catpipe.net) Received: from moof.catpipe.net (moof.catpipe.net [195.249.214.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id A5ECD43D46 for ; Tue, 12 Jul 2005 09:48:24 +0000 (GMT) (envelope-from regnauld@catpipe.net) Received: from localhost (localhost [127.0.0.1]) by localhost.catpipe.net (Postfix) with ESMTP id 5E44F1B3F2; Tue, 12 Jul 2005 11:48:22 +0200 (CEST) Received: from moof.catpipe.net ([127.0.0.1]) by localhost (moof.catpipe.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 76606-10; Tue, 12 Jul 2005 11:48:18 +0200 (CEST) Received: from vinyl.catpipe.net (vinyl.catpipe.net [195.249.214.189]) by moof.catpipe.net (Postfix) with ESMTP id 3EC5B1B40A; Tue, 12 Jul 2005 11:48:12 +0200 (CEST) Received: by vinyl.catpipe.net (Postfix, from userid 1006) id 454A63981C; Tue, 12 Jul 2005 11:46:38 +0200 (CEST) Date: Tue, 12 Jul 2005 11:46:38 +0200 From: Phil Regnauld To: Garrett Mackey Message-ID: <20050712094635.GD97568@catpipe.net> References: <42D39344.7080805@o2.ie> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42D39344.7080805@o2.ie> X-Operating-System: FreeBSD 5.3-STABLE i386 Organization: catpipe Systems ApS User-Agent: Mutt/1.5.9i X-Virus-Scanned: amavisd-new at catpipe.net Cc: freebsd-net@freebsd.org Subject: Re: DNS caching example X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 09:48:25 -0000 Garrett Mackey (garrett.mackey) writes: > Hi there > > Anyone got a example of how they set up their freebsd host as a > caching-only nameserver. > I have followed the procedure in the handbook but am still having problems. Which problems ? > I would be particularly interested in sample localhost.rev and > named.conf files. Your config would be appreciated as well. Globally you can configure your caching nameserver in one of two ways (with BIND): - run the server standalone and let it query the root, acting recursively for your clients ; - configure forwarders (for instance, your upstream's NS servers), and tell BIND to only use those. P. -- _ _ |_ | regnauld@catpipe.net catpipe Systems ApS | (_(_||_ | *BSD solutions, consulting, development | | Tlf.: +45 7021 0050 http://www.catpipe.net/ | From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 09:50:15 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F58F16A41C; Tue, 12 Jul 2005 09:50:15 +0000 (GMT) (envelope-from dwmalone@maths.tcd.ie) Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11]) by mx1.FreeBSD.org (Postfix) with SMTP id 775D043D46; Tue, 12 Jul 2005 09:50:14 +0000 (GMT) (envelope-from dwmalone@maths.tcd.ie) Received: from walton.maths.tcd.ie ([134.226.81.10] helo=maths.tcd.ie) by salmon.maths.tcd.ie with SMTP id ; 12 Jul 2005 10:48:26 +0100 (BST) To: Danny Braniss In-reply-to: Your message of "Tue, 12 Jul 2005 12:21:23 +0300." X-Request-Do: Date: Tue, 12 Jul 2005 10:48:24 +0100 From: David Malone Message-ID: <200507121048.ab72454@salmon.maths.tcd.ie> Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org, Luigi Rizzo Subject: Re: tcp troughput weirdness X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 09:50:15 -0000 > did the trick! now can someone remind me what inflight does? and could > someone explain why increasing sendspace alone did not do the trick? > (i had it at 64k, which got things better, but not sufficient). TCP inflight limiting is supposed to guess the bandwidth-delay product for a TCP connection and stop the window expanding much above this. It's a pretty neat idea for DSL links that often have huge buffers at the far end, where inflight limiting can prevent delays to interactive traffic. However, some of the guys I know that work on TCP dynamics reckon that they can they can come up with situations where inflight limiting will break. Unfortunately, I haven't had time to talk this through with them. I guess you may have found one of those situations ;-) David. From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 09:53:49 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F8CA16A41C; Tue, 12 Jul 2005 09:53:49 +0000 (GMT) (envelope-from demizu@dd.iij4u.or.jp) Received: from r-dd.iij4u.or.jp (r-dd.iij4u.or.jp [210.130.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id B8E4143D46; Tue, 12 Jul 2005 09:53:48 +0000 (GMT) (envelope-from demizu@dd.iij4u.or.jp) Received: from localhost (h062.p048.iij4u.or.jp [210.130.48.62]) by r-dd.iij4u.or.jp (4U-MR/r-dd) id j6C9rX3R006151; Tue, 12 Jul 2005 18:53:35 +0900 (JST) Date: Tue, 12 Jul 2005 18:53:04 +0900 (JST) Message-Id: <20050712.185304.32727687.Noritoshi@Demizu.ORG> From: Noritoshi Demizu To: Danny Braniss In-Reply-To: References: X-Mailer: Mew version 4.1 on Emacs 21 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: David Malone , freebsd-net@freebsd.org, freebsd-stable@freebsd.org, Luigi Rizzo Subject: Re: tcp troughput weirdness X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 09:53:49 -0000 > combining > sysctl net.inet.tcp.sendspace=131072 > and > sysctl net.inet.tcp.inflight.enable=0 > > did the trick! Congratulations! But I wonder why the throughput of FreeBSD=>Linux was almost equal to that of Linux=>FreeBSD. If the settings above improves the throughput of FreeBSD=>FreeBSD, the throughput of FreeBSD=>Linux would also be improved with them. Is it improved? > now can someone remind me what inflight does? In my understanding, it tries to estimate bandwidth-delay product and tries to avoid injecting too much data segments into networks. So, if it underestimates bandwidth-delay product, throughtput may be reduced. Regards, Noritoshi Demizu From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 10:10:34 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A1BAE16A41C for ; Tue, 12 Jul 2005 10:10:34 +0000 (GMT) (envelope-from i.tanusheff@procreditbank.bg) Received: from mail.procreditbank.bg (mail.procreditbank.bg [212.95.179.198]) by mx1.FreeBSD.org (Postfix) with SMTP id A2E0643D53 for ; Tue, 12 Jul 2005 10:10:32 +0000 (GMT) (envelope-from i.tanusheff@procreditbank.bg) Received: (qmail 25326 invoked from network); 12 Jul 2005 13:10:30 +0300 Received: from unknown (HELO localhost) (127.0.0.1) by localhost with SMTP; 12 Jul 2005 13:10:30 +0300 Received: from proxy.procreditbank.bg ([127.0.0.1]) by localhost (mail.procreditbank.bg [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 04317-612 for ; Tue, 12 Jul 2005 13:10:29 +0300 (EEST) Received: (qmail 25315 invoked from network); 12 Jul 2005 10:10:29 -0000 Received: from unknown (HELO outmail.procreditbank.bg) (172.16.248.123) by mail.procreditbank.bg with SMTP; 12 Jul 2005 10:10:29 -0000 In-Reply-To: <42D39344.7080805@o2.ie> To: Garrett Mackey MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.5.1 January 21, 2004 From: Ivailo Tanusheff Message-ID: Date: Tue, 12 Jul 2005 13:10:28 +0300 X-MIMETrack: Serialize by Router on DOMINO_HQ/PROCREDITBANK(Release 6.5.1|January 21, 2004) at 07/12/2005 01:10:28 PM, Serialize complete at 07/12/2005 01:10:28 PM X-Virus-Scanned: by amavisd-new using ClamAV at procreditbank.bg Content-Type: text/plain; charset="US-ASCII" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-net@freebsd.org Subject: Re: DNS caching example X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 10:10:34 -0000 Better use djbdns, it's part of the ports. There is a lot of documentation and also is an easy to maintain dns server Ivailo Tanusheff Senior System administrator ProCredit Bank (Bulgaria) AD tel. +359 2 921 7161 fax +359 2 921 7110 http://www.procreditbank.bg Disclaimer: The information contained in this message is intended solely for the use of individual or entity to whom it is addressed and other authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this message is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. ProCredit Bank is neither liable for the proper and complete transmission of the information contained in this message nor for any delay in its receipt. Garrett Mackey Sent by: owner-freebsd-net@freebsd.org 07/12/2005 12:54 PM To freebsd-net@freebsd.org cc Subject DNS caching example Hi there Anyone got a example of how they set up their freebsd host as a caching-only nameserver. I have followed the procedure in the handbook but am still having problems. I would be particularly interested in sample localhost.rev and named.conf files. I'm new enough to freebsd and would appreciate any help. Thanks G _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 10:21:24 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 84C9F16A41C; Tue, 12 Jul 2005 10:21:24 +0000 (GMT) (envelope-from demizu@dd.iij4u.or.jp) Received: from r-dd.iij4u.or.jp (r-dd.iij4u.or.jp [210.130.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id DB6F343D48; Tue, 12 Jul 2005 10:21:23 +0000 (GMT) (envelope-from demizu@dd.iij4u.or.jp) Received: from localhost (h062.p048.iij4u.or.jp [210.130.48.62]) by r-dd.iij4u.or.jp (4U-MR/r-dd) id j6CAL9N4008834; Tue, 12 Jul 2005 19:21:11 +0900 (JST) Date: Tue, 12 Jul 2005 19:20:42 +0900 (JST) Message-Id: <20050712.192042.63502865.Noritoshi@Demizu.ORG> From: Noritoshi Demizu To: David Malone In-Reply-To: <200507121048.ab72454@salmon.maths.tcd.ie> References: <200507121048.ab72454@salmon.maths.tcd.ie> X-Mailer: Mew version 4.1 on Emacs 21 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: Danny Braniss , freebsd-net@freebsd.org, freebsd-stable@freebsd.org, Luigi Rizzo Subject: Re: tcp troughput weirdness X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 10:21:24 -0000 (I am sorry if you have received this e-mail. I'm resending this because it seems the previous one was lost.) > TCP inflight limiting is supposed to guess the bandwidth-delay > product for a TCP connection and stop the window expanding much > above this. (Just to clarify..) TCP inflight limiting has a dedicated variable "snd_bwnd". And min(tp->snd_wnd, tp->snd_cwnd, tp->snd_bwnd) limits the amount of data to be sent. > However, some of the guys I know that work on TCP dynamics reckon > that they can they can come up with situations where inflight > limiting will break. Unfortunately, I haven't had time to talk > this through with them. I guess you may have found one of those > situations ;-) I experienced such situations with DragonFlyBSD. I put examples where inflight limiting reduces throughputs at the following pages. http://www.demizu.org/~noritosi/memo/2005/0706/ http://www.demizu.org/~noritosi/memo/2005/0711/ Sorry, all senders in those examples are DragonFlyBSD. Regards, Noritoshi Demizu From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 11:17:28 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 285A116A41C; Tue, 12 Jul 2005 11:17:28 +0000 (GMT) (envelope-from danny@cs.huji.ac.il) Received: from cs1.cs.huji.ac.il (cs1.cs.huji.ac.il [132.65.16.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id B108243D45; Tue, 12 Jul 2005 11:17:27 +0000 (GMT) (envelope-from danny@cs.huji.ac.il) Received: from pampa.cs.huji.ac.il ([132.65.80.32]) by cs1.cs.huji.ac.il with esmtp id 1DsIbz-000DjF-MH; Tue, 12 Jul 2005 14:07:39 +0300 X-Mailer: exmh version 2.7.0 06/18/2004 with nmh-1.0.4 To: Noritoshi Demizu In-Reply-To: Message from Noritoshi Demizu of "Tue, 12 Jul 2005 18:53:04 +0900." <20050712.185304.32727687.Noritoshi@Demizu.ORG> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 12 Jul 2005 14:07:38 +0300 From: Danny Braniss Message-ID: Cc: David Malone , freebsd-net@freebsd.org, freebsd-stable@freebsd.org, Luigi Rizzo Subject: Re: tcp troughput weirdness X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 11:17:28 -0000 > > combining > > sysctl net.inet.tcp.sendspace=131072 > > and > > sysctl net.inet.tcp.inflight.enable=0 > > > > did the trick! > > Congratulations! But I wonder why the throughput of FreeBSD=>Linux > was almost equal to that of Linux=>FreeBSD. If the settings above > improves the throughput of FreeBSD=>FreeBSD, the throughput of > FreeBSD=>Linux would also be improved with them. Is it improved? > i did the sysctl on the client/sender :-) > > now can someone remind me what inflight does? > > In my understanding, it tries to estimate bandwidth-delay product and > tries to avoid injecting too much data segments into networks. > So, if it underestimates bandwidth-delay product, throughtput may be > reduced. > > Regards, > Noritoshi Demizu From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 11:44:13 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F3FC716A41C for ; Tue, 12 Jul 2005 11:44:12 +0000 (GMT) (envelope-from alec@thened.net) Received: from splinter.bowdoin.edu (splinter.bowdoin.edu [139.140.181.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6CF943D53 for ; Tue, 12 Jul 2005 11:44:12 +0000 (GMT) (envelope-from alec@thened.net) Received: by splinter.bowdoin.edu (Postfix, from userid 12008) id A473ED619; Tue, 12 Jul 2005 07:44:09 -0400 (EDT) Date: Tue, 12 Jul 2005 07:44:09 -0400 From: Alec Berryman To: freebsd-net@freebsd.org Message-ID: <20050712114409.GA3107@thened.net> Mail-Followup-To: freebsd-net@freebsd.org References: <42D39344.7080805@o2.ie> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="6TrnltStXW4iwmi0" Content-Disposition: inline In-Reply-To: <42D39344.7080805@o2.ie> X-Ned-Wuz-Here: Yes X-GPG-Fingerprint: 3DB5 8785 53D9 8BF4 5049 B6B9 02E7 7FD9 881C 85C4 X-GPG-Key: http://www.thened.net/~alec/static/alec.asc User-Agent: Mutt/1.5.9i Subject: Re: DNS caching example X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 11:44:13 -0000 --6TrnltStXW4iwmi0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Garrett Mackey on 2005-07-12 10:54:12 +0100: > Anyone got a example of how they set up their freebsd host as a=20 > caching-only nameserver. > I would be particularly interested in sample localhost.rev and=20 > named.conf files. You should edit /etc/namedb/named.conf, remove the example.com and example.org information at the bottom, change the listen-on address, run the make-localhost script in /etc/namedb, and start it up. =20 --6TrnltStXW4iwmi0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFC060JAud/2YgchcQRAoCtAJ9/6TNBGSkNsls39MEh7rJGuiVNiwCeLbPa lr9yCeXf/hBD74odHxjoMpI= =1+wT -----END PGP SIGNATURE----- --6TrnltStXW4iwmi0-- From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 12:01:08 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D03DD16A41F for ; Tue, 12 Jul 2005 12:01:08 +0000 (GMT) (envelope-from lourik@wtec.co.za) Received: from meerkat.wtec.co.za (meerkat.wtec.co.za [69.67.33.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 41C3343D48 for ; Tue, 12 Jul 2005 12:01:06 +0000 (GMT) (envelope-from lourik@wtec.co.za) Received: from lourik.poq.co.za ([192.168.2.200]) (AUTH: PLAIN lourik@wtec.co.za) by meerkat.wtec.co.za with esmtp; Tue, 12 Jul 2005 14:01:17 +0200 From: Lourik Malan Organization: Woodlands Technologies Pty(LTD) To: freebsd-net@freebsd.org Date: Tue, 12 Jul 2005 14:01:08 +0200 User-Agent: KMail/1.8 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200507121401.08550.lourik@wtec.co.za> Subject: GRE problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: lourik@wtec.co.za List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 12:01:08 -0000 Hi there I'm running FreeBSD 4.11 and some gre tunnels. It works fine on 4.11. But when i try the same thing on FreeBSD 5.4. It drops 90% of the packets. Can anyone please give me some advice. PC1 gif_interfaces="gre0" gifconfig_gre0=" 18.1.2.1 18.1.2.2 link1" ifconfig_gre0=" inet 18.1.1.1 18.1.1.2 netmask 255.255.255.252" ifconfig_sis0=" inet 18.1.2.1 netmask 255.255.255.240" PC2 gif_interfaces="gre0" gifconfig_gre0=" 18.1.2.2 18.1.2.1 link1" ifconfig_gre0=" inet 18.1.1.2 18.1.1.1 netmask 255.255.255.252" ifconfig_sis0=" inet 18.1.2.2 netmask 255.255.255.240" Thanks From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 12:42:15 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C92316A41C for ; Tue, 12 Jul 2005 12:42:15 +0000 (GMT) (envelope-from rik@cronyx.ru) Received: from hanoi.cronyx.ru (hanoi.cronyx.ru [144.206.181.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id DBE0B43D46 for ; Tue, 12 Jul 2005 12:42:14 +0000 (GMT) (envelope-from rik@cronyx.ru) Received: (from root@localhost) by hanoi.cronyx.ru (8.13.0/vak/3.0) id j6CCdCWb079991 for freebsd-net@freebsd.org.checked; Tue, 12 Jul 2005 16:39:12 +0400 (MSD) (envelope-from rik@cronyx.ru) Received: from [144.206.181.94] (hi.cronyx.ru [144.206.181.94]) by hanoi.cronyx.ru (8.13.0/vak/3.0) with ESMTP id j6CCbjZu079981 for ; Tue, 12 Jul 2005 16:37:46 +0400 (MSD) (envelope-from rik@cronyx.ru) Message-ID: <42D3B9A8.6000803@cronyx.ru> Date: Tue, 12 Jul 2005 16:38:00 +0400 From: Roman Kurakin User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Subject: ping delay, initial request X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 12:42:15 -0000 Hi, I am starting to investigate some net problem and I wonder if this problem seen/known. The problem was observed with ce(4) (Cronyx Tau32-PCI/Lite, it is not in the tree yet, but similar to cp(4)/ctau(4) devices) and sppp(4). If you run usual ping you will see normal delay which is much less than 1sec. But if you run flood ping, stop it, and run normal ping again you'll see delay about one sec. ping x.x.x.x delay << 1 sec ping -f x.x.x.x average delay << 1 sec ping x.x.x.x delay ~ 1 sec This was seen on FreeBSD 4.11 stable. Any ideas? Does any body observed such behaviour in other environment? rik From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 12:44:39 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B24516A41C for ; Tue, 12 Jul 2005 12:44:39 +0000 (GMT) (envelope-from olsson@puffy.nu) Received: from mail-srv1.teleservice.net (mail-srv1.teleservice.net [193.109.175.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8028F43D48 for ; Tue, 12 Jul 2005 12:44:38 +0000 (GMT) (envelope-from olsson@puffy.nu) Received: from [193.109.175.118] by mail-srv1.sjobo.nu (GMS 11.00.3335/NU2793.00.3c1025a7) with ESMTP id cevtyeaa for freebsd-net@freebsd.org; Tue, 12 Jul 2005 13:53:38 +0200 Message-ID: <42D3AF42.3050809@puffy.nu> Date: Tue, 12 Jul 2005 13:53:38 +0200 From: Philip Olsson User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050526) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jeremie Le Hen References: <42D2151B.4020807@puffy.nu> <02ae01c585e9$b1f64c70$42764eca@ilo.skyinet.net> <42D22214.2060804@puffy.nu> <20050711095414.GC39292@obiwan.tataz.chchile.org> In-Reply-To: <20050711095414.GC39292@obiwan.tataz.chchile.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: fooler , freebsd-net@freebsd.org Subject: Re: ipfw+dummynet only getting half bandwidth when using routed interfaces. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 12:44:39 -0000 Jeremie Le Hen wrote: >Hi Philip, > > > >>both counters increase.. and the last one "allow ip from any to any" >> >>But I guess that is because it matches the rules two times. >>I have tried only having one rule but the same problem ( ofcourse only >>one way. ) >>I have also experimented with recv and xmit without success.. >> >> > >Did you try something like this (assuming 192.168.1.1 is on xl0 side, fxp0 >is the other interface) : > >ipfw add pipe 1 any from 192.168.1.1 to any bridged out recv xl0 xmit fxp0 >ipfw add pipe 2 any from any to 192.168.1.1 bridged out recv fxp0 xmit xl0 > > Yepps. And adding bridged does not help either. I'm beginning to belive that I am the problem since there must be other people doing this. // philip From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 13:11:56 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CCEA516A41C; Tue, 12 Jul 2005 13:11:56 +0000 (GMT) (envelope-from alexis@virgin.ww.net) Received: from virgin.ww.net (virgin.kolo.net [216.218.215.99]) by mx1.FreeBSD.org (Postfix) with ESMTP id 91DD343D4C; Tue, 12 Jul 2005 13:11:56 +0000 (GMT) (envelope-from alexis@virgin.ww.net) Received: from virgin.ww.net (localhost [127.0.0.1]) by virgin.ww.net (8.13.1/8.13.1) with ESMTP id j6CDBhXf073286; Tue, 12 Jul 2005 15:11:43 +0200 (CEST) (envelope-from alexis@virgin.ww.net) Received: (from alexis@localhost) by virgin.ww.net (8.13.1/8.13.1/Submit) id j6CDBgNC073285; Tue, 12 Jul 2005 15:11:42 +0200 (CEST) (envelope-from alexis) Date: Tue, 12 Jul 2005 15:11:42 +0200 From: Alexis Yushin To: Danny Braniss Message-ID: <20050712131142.GA73214@virgin.ww.net> References: <20050712.185304.32727687.Noritoshi@Demizu.ORG> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i Cc: David Malone , freebsd-net@freebsd.org, freebsd-stable@freebsd.org, Luigi Rizzo Subject: Re: tcp troughput weirdness X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 13:11:57 -0000 Hmm, Recently I've also been seeing less than what I'd expect tcp throughput on FreeBSD 5.4R machines. I've got six 5.4R boxes with dual Gigabit em interfaces. netperf gives me: Recv Send Send Socket Socket Message Elapsed Size Size Size Time Throughput bytes bytes bytes secs. 10^6bits/sec 65536 131072 131072 10.01 551.10 However scp/ftp etc doen't go above 200Mbit. I'd expect higher numbers? Alexis ps I've tried all of the sysctl and mtu tweakings... No change. Interesting is that netperf lo0 gives me about 2.5Gbit, but scp performs at about 128Mbit while system CPU load is only 20%. What shall I tweak further? On Tue, Jul 12, 2005 at 02:07:38PM +0300, Danny Braniss wrote: > > > combining > > > sysctl net.inet.tcp.sendspace=131072 > > > and > > > sysctl net.inet.tcp.inflight.enable=0 > > > > > > did the trick! > > > > Congratulations! But I wonder why the throughput of FreeBSD=>Linux > > was almost equal to that of Linux=>FreeBSD. If the settings above > > improves the throughput of FreeBSD=>FreeBSD, the throughput of > > FreeBSD=>Linux would also be improved with them. Is it improved? > > > i did the sysctl on the client/sender :-) > > > > now can someone remind me what inflight does? > > > > In my understanding, it tries to estimate bandwidth-delay product and > > tries to avoid injecting too much data segments into networks. > > So, if it underestimates bandwidth-delay product, throughtput may be > > reduced. > > > > Regards, > > Noritoshi Demizu > > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 13:49:31 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 49B5916A438 for ; Tue, 12 Jul 2005 13:49:31 +0000 (GMT) (envelope-from keramida@freebsd.org) Received: from kane.otenet.gr (kane.otenet.gr [195.170.0.95]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8852643D48 for ; Tue, 12 Jul 2005 13:49:30 +0000 (GMT) (envelope-from keramida@freebsd.org) Received: from beatrix.daedalusnetworks.priv (aris.bedc.ondsl.gr [62.103.39.226]) by kane.otenet.gr (8.13.4/8.13.4/Debian-1) with SMTP id j6CDnP6N006358; Tue, 12 Jul 2005 16:49:25 +0300 Received: from beatrix.daedalusnetworks.priv (localhost [127.0.0.1]) by beatrix.daedalusnetworks.priv (8.13.3+Sun/8.13.3) with ESMTP id j6CDnP1A001075; Tue, 12 Jul 2005 16:49:25 +0300 (EEST) Received: (from keramida@localhost) by beatrix.daedalusnetworks.priv (8.13.3+Sun/8.13.3/Submit) id j6CDnPpC001074; Tue, 12 Jul 2005 16:49:25 +0300 (EEST) X-Authentication-Warning: beatrix.daedalusnetworks.priv: keramida set sender to keramida@freebsd.org using -f Date: Tue, 12 Jul 2005 16:49:25 +0300 From: Giorgos Keramidas To: Roman Kurakin Message-ID: <20050712134925.GB1061@beatrix.daedalusnetworks.priv> References: <42D3B9A8.6000803@cronyx.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42D3B9A8.6000803@cronyx.ru> Cc: freebsd-net@freebsd.org Subject: Re: ping delay, initial request X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 13:49:31 -0000 On 2005-07-12 16:38, Roman Kurakin wrote: > Hi, > > I am starting to investigate some net problem and I wonder if this > problem seen/known. > The problem was observed with ce(4) (Cronyx Tau32-PCI/Lite, > it is not in the tree yet, but similar to cp(4)/ctau(4) devices) and > sppp(4). > If you run usual ping you will see normal delay which is much less than > 1sec. > But if you run flood ping, stop it, and run normal ping again you'll see > delay > about one sec. > > ping x.x.x.x > delay << 1 sec > ping -f x.x.x.x > average delay << 1 sec > ping x.x.x.x > delay ~ 1 sec > > This was seen on FreeBSD 4.11 stable. > > Any ideas? Does any body observed such behaviour in other environment? Is it possible that flood ping hits an icmp rate-limiting watermark and then every subsequent icmp packet gets penalized with a delay until a fair amount of time passes? From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 14:00:17 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3F6A816A41C for ; Tue, 12 Jul 2005 14:00:17 +0000 (GMT) (envelope-from rik@cronyx.ru) Received: from hanoi.cronyx.ru (hanoi.cronyx.ru [144.206.181.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9661C43D53 for ; Tue, 12 Jul 2005 14:00:16 +0000 (GMT) (envelope-from rik@cronyx.ru) Received: (from root@localhost) by hanoi.cronyx.ru (8.13.0/vak/3.0) id j6CDvDlf080695 for freebsd-net@freebsd.org.checked; Tue, 12 Jul 2005 17:57:13 +0400 (MSD) (envelope-from rik@cronyx.ru) Received: from [144.206.181.94] (hi.cronyx.ru [144.206.181.94]) by hanoi.cronyx.ru (8.13.0/vak/3.0) with ESMTP id j6CDtM4j080674; Tue, 12 Jul 2005 17:55:23 +0400 (MSD) (envelope-from rik@cronyx.ru) Message-ID: <42D3CBD9.2090901@cronyx.ru> Date: Tue, 12 Jul 2005 17:55:37 +0400 From: Roman Kurakin User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Giorgos Keramidas References: <42D3B9A8.6000803@cronyx.ru> <20050712134925.GB1061@beatrix.daedalusnetworks.priv> In-Reply-To: <20050712134925.GB1061@beatrix.daedalusnetworks.priv> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: ping delay, initial request X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 14:00:17 -0000 Giorgos Keramidas wrote: >On 2005-07-12 16:38, Roman Kurakin wrote: > > >>Hi, >> >> I am starting to investigate some net problem and I wonder if this >>problem seen/known. >> The problem was observed with ce(4) (Cronyx Tau32-PCI/Lite, >>it is not in the tree yet, but similar to cp(4)/ctau(4) devices) and >>sppp(4). >>If you run usual ping you will see normal delay which is much less than >>1sec. >>But if you run flood ping, stop it, and run normal ping again you'll see >>delay >>about one sec. >> >>ping x.x.x.x >>delay << 1 sec >>ping -f x.x.x.x >>average delay << 1 sec >>ping x.x.x.x >>delay ~ 1 sec >> >>This was seen on FreeBSD 4.11 stable. >> >>Any ideas? Does any body observed such behaviour in other environment? >> >> > >Is it possible that flood ping hits an icmp rate-limiting watermark and >then every subsequent icmp packet gets penalized with a delay until a >fair amount of time passes? > > Wasn't observed on ethernet iface. But this is good idea to test delay by some other type of packets. Do you know any good ans simple tool for that? rik >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 14:14:45 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 110CF16A41C for ; Tue, 12 Jul 2005 14:14:45 +0000 (GMT) (envelope-from keramida@freebsd.org) Received: from kane.otenet.gr (kane.otenet.gr [195.170.0.95]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4F51243D46 for ; Tue, 12 Jul 2005 14:14:44 +0000 (GMT) (envelope-from keramida@freebsd.org) Received: from beatrix.daedalusnetworks.priv (aris.bedc.ondsl.gr [62.103.39.226]) by kane.otenet.gr (8.13.4/8.13.4/Debian-1) with SMTP id j6CEEdaY024375; Tue, 12 Jul 2005 17:14:39 +0300 Received: from beatrix.daedalusnetworks.priv (localhost [127.0.0.1]) by beatrix.daedalusnetworks.priv (8.13.3+Sun/8.13.3) with ESMTP id j6CEEdaJ009150; Tue, 12 Jul 2005 17:14:39 +0300 (EEST) Received: (from keramida@localhost) by beatrix.daedalusnetworks.priv (8.13.3+Sun/8.13.3/Submit) id j6CEEda8009149; Tue, 12 Jul 2005 17:14:39 +0300 (EEST) X-Authentication-Warning: beatrix.daedalusnetworks.priv: keramida set sender to keramida@freebsd.org using -f Date: Tue, 12 Jul 2005 17:14:39 +0300 From: Giorgos Keramidas To: Roman Kurakin Message-ID: <20050712141439.GB9066@beatrix.daedalusnetworks.priv> References: <42D3B9A8.6000803@cronyx.ru> <20050712134925.GB1061@beatrix.daedalusnetworks.priv> <42D3CBD9.2090901@cronyx.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42D3CBD9.2090901@cronyx.ru> Cc: freebsd-net@freebsd.org Subject: Re: ping delay, initial request X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 14:14:45 -0000 On 2005-07-12 17:55, Roman Kurakin wrote: >> Is it possible that flood ping hits an icmp rate-limiting watermark >> and then every subsequent icmp packet gets penalized with a delay >> until a fair amount of time passes? > Wasn't observed on ethernet iface. But this is good idea to test delay > by some other type of packets. Do you know any good ans simple tool > for that? The src/tools/tools/netrate tree contains utilities that Robert Watson has written. The netrate tools use UDP, so they may be useful :) From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 14:39:54 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB36016A41C; Tue, 12 Jul 2005 14:39:54 +0000 (GMT) (envelope-from dan@dan.emsphone.com) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 70FCA43D45; Tue, 12 Jul 2005 14:39:54 +0000 (GMT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.13.1/8.13.3) id j6CEdUZU079462; Tue, 12 Jul 2005 09:39:30 -0500 (CDT) (envelope-from dan) Date: Tue, 12 Jul 2005 09:39:30 -0500 From: Dan Nelson To: David Malone Message-ID: <20050712143930.GJ5116@dan.emsphone.com> References: <200507121048.ab72454@salmon.maths.tcd.ie> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200507121048.ab72454@salmon.maths.tcd.ie> X-OS: FreeBSD 5.4-STABLE X-message-flag: Outlook Error User-Agent: Mutt/1.5.9i Cc: Danny Braniss , freebsd-net@freebsd.org, freebsd-stable@freebsd.org, Luigi Rizzo Subject: Re: tcp troughput weirdness X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 14:39:54 -0000 In the last episode (Jul 12), David Malone said: > > did the trick! now can someone remind me what inflight does? and > > could someone explain why increasing sendspace alone did not do the > > trick? (i had it at 64k, which got things better, but not > > sufficient). > > TCP inflight limiting is supposed to guess the bandwidth-delay > product for a TCP connection and stop the window expanding much > above this. It's a pretty neat idea for DSL links that often have > huge buffers at the far end, where inflight limiting can prevent > delays to interactive traffic. > > However, some of the guys I know that work on TCP dynamics reckon > that they can they can come up with situations where inflight > limiting will break. Unfortunately, I haven't had time to talk > this through with them. I guess you may have found one of those > situations ;-) You might want to apply the patch at the bottom of http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/75122 ; without it, new connections get a random initial bandwidth. -- Dan Nelson dnelson@allantgroup.com From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 15:02:27 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F1CE16A41C for ; Tue, 12 Jul 2005 15:02:27 +0000 (GMT) (envelope-from emaste@phaedrus.sandvine.ca) Received: from mailserver.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id D76F343D49 for ; Tue, 12 Jul 2005 15:02:26 +0000 (GMT) (envelope-from emaste@phaedrus.sandvine.ca) Received: from labgw2.phaedrus.sandvine.com ([192.168.3.11]) by mailserver.sandvine.com with Microsoft SMTPSVC(5.0.2195.6713); Tue, 12 Jul 2005 11:02:24 -0400 Received: by labgw2.phaedrus.sandvine.com (Postfix, from userid 12627) id D47E61364F; Tue, 12 Jul 2005 11:02:24 -0400 (EDT) Date: Tue, 12 Jul 2005 11:02:24 -0400 From: Ed Maste To: Sam Leffler Message-ID: <20050712150224.GA38249@sandvine.com> References: <42CEF0EB.4000107@borderware.com> <42D006DB.8080108@errno.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42D006DB.8080108@errno.com> User-Agent: Mutt/1.4.2.1i X-OriginalArrivalTime: 12 Jul 2005 15:02:25.0004 (UTC) FILETIME=[B66272C0:01C586F2] Cc: freebsd-net@freebsd.org, ming fu Subject: Re: what to replace splnet in FreeBSD 5.x? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 15:02:27 -0000 On Sat, Jul 09, 2005 at 10:18:19AM -0700, Sam Leffler wrote: > spl's lock execution threads. 5.x and later systems mostly lock data > structures using mtx's (there are a very few exceptions). Thus there > isn't necessarily a direct replacement, you usually need to rethink your > locking/synchronization strategy. This brings up the issue of the remaining splnet()s in 5.x and -CURRENT. Grepping for "= splnet" in net/ and netinet/ shows more than 50 now no-op splnet()s left in the stack. We've run into corruption in the multicast address lists (in_multihead) on 5.x, and it turns out in_addmulti still has splnet() "protecting" the list. I'm not sure how many of the splnet()s are actually false positives (i.e. no longer relevant, locked in another way, etc.) but they're probably all good indicators of places that locking still needs to be revisited. -- Ed Maste, Sandvine Incorporated From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 15:25:02 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D89DB16A41C for ; Tue, 12 Jul 2005 15:25:02 +0000 (GMT) (envelope-from rik@cronyx.ru) Received: from hanoi.cronyx.ru (hanoi.cronyx.ru [144.206.181.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id 364CD43D45 for ; Tue, 12 Jul 2005 15:25:01 +0000 (GMT) (envelope-from rik@cronyx.ru) Received: (from root@localhost) by hanoi.cronyx.ru (8.13.0/vak/3.0) id j6CFLD6q081272 for freebsd-net@freebsd.org.checked; Tue, 12 Jul 2005 19:21:13 +0400 (MSD) (envelope-from rik@cronyx.ru) Received: from [144.206.181.94] (hi.cronyx.ru [144.206.181.94]) by hanoi.cronyx.ru (8.13.0/vak/3.0) with ESMTP id j6CFJXJq081261; Tue, 12 Jul 2005 19:19:33 +0400 (MSD) (envelope-from rik@cronyx.ru) Message-ID: <42D3DF85.5090501@cronyx.ru> Date: Tue, 12 Jul 2005 19:19:33 +0400 From: Roman Kurakin User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ed Maste References: <42CEF0EB.4000107@borderware.com> <42D006DB.8080108@errno.com> <20050712150224.GA38249@sandvine.com> In-Reply-To: <20050712150224.GA38249@sandvine.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Sam Leffler , ming fu , freebsd-net@freebsd.org Subject: Re: what to replace splnet in FreeBSD 5.x? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 15:25:03 -0000 Ed Maste wrote: >On Sat, Jul 09, 2005 at 10:18:19AM -0700, Sam Leffler wrote: > > >>spl's lock execution threads. 5.x and later systems mostly lock data >>structures using mtx's (there are a very few exceptions). Thus there >>isn't necessarily a direct replacement, you usually need to rethink your >>locking/synchronization strategy. >> >> > >This brings up the issue of the remaining splnet()s in 5.x and -CURRENT. >Grepping for "= splnet" in net/ and netinet/ shows more than 50 now >no-op splnet()s left in the stack. > > Some code that contains splXXX is working under global GIANT lock. Some splXXX left for reference, just in case. (As in if_spppXXX). But work in progress and I hope that before 7.0 all code would be fixed. rik >We've run into corruption in the multicast address lists (in_multihead) >on 5.x, and it turns out in_addmulti still has splnet() "protecting" the >list. > >I'm not sure how many of the splnet()s are actually false positives >(i.e. no longer relevant, locked in another way, etc.) but they're >probably all good indicators of places that locking still needs to be >revisited. > >-- >Ed Maste, Sandvine Incorporated >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 15:30:19 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8609E16A41C for ; Tue, 12 Jul 2005 15:30:19 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [204.156.12.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3778043D45 for ; Tue, 12 Jul 2005 15:30:19 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by cyrus.watson.org (Postfix) with ESMTP id B9FFE46B9B; Tue, 12 Jul 2005 11:30:18 -0400 (EDT) Date: Tue, 12 Jul 2005 16:30:18 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Ed Maste In-Reply-To: <20050712150224.GA38249@sandvine.com> Message-ID: <20050712162332.Q79478@fledge.watson.org> References: <42CEF0EB.4000107@borderware.com> <42D006DB.8080108@errno.com> <20050712150224.GA38249@sandvine.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Sam Leffler , ming fu , freebsd-net@freebsd.org Subject: Re: what to replace splnet in FreeBSD 5.x? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 15:30:19 -0000 On Tue, 12 Jul 2005, Ed Maste wrote: > On Sat, Jul 09, 2005 at 10:18:19AM -0700, Sam Leffler wrote: >> spl's lock execution threads. 5.x and later systems mostly lock data >> structures using mtx's (there are a very few exceptions). Thus there >> isn't necessarily a direct replacement, you usually need to rethink your >> locking/synchronization strategy. > > This brings up the issue of the remaining splnet()s in 5.x and -CURRENT. > Grepping for "= splnet" in net/ and netinet/ shows more than 50 now > no-op splnet()s left in the stack. > > We've run into corruption in the multicast address lists (in_multihead) > on 5.x, and it turns out in_addmulti still has splnet() "protecting" the > list. > > I'm not sure how many of the splnet()s are actually false positives > (i.e. no longer relevant, locked in another way, etc.) but they're > probably all good indicators of places that locking still needs to be > revisited. In many cases, the splnet's have been left in as references indicators of earlier synchronization requirements and strategies. In some places, they are signs of code still running with Giant over it (i.e., KAME IPSEC, I4B). There are a number of areas of weakness in the current locking work, and this includes: - Several areas of the network stack that still require Giant to operate correctly. Examples are KAME IPSEC (not FAST_IPSEC), some interactions between the tty and network code, such as SLIP, and portions of the ATM stack, and some of the edge case hardware drivers (i.e., older ISA ethernet cards). When these components are present, some or all of the network stack will run with Giant over it. - Several areas where inadequate synchronization is present. Typically they are associated with hard to exploit races, such as unicast address configuration, and therefore generally don't result in instability (and in most cases, we've actually done significant stability testing to make sure they don't). Almost always, these races are around administratively modified data structures. - Several cases where undesirable synchronization is present. I.e., more overhead than we'd like, don't match well with the data structures and data management strategies, or don't interact well with the layering in the network stack. There is active work in all of these areas to remedy the problems. Some are substantially better off in 6.x than 5.x; others will require additional work. I'm concerned about the multicast address list problems you've been experiencing, but haven't yet had a chance to investigate. If you could provide a code fragment that exercises this problem, that would probably get me started a lot more quickly. Thankms, Robert N M Watson From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 22:04:54 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A36A16A41C; Tue, 12 Jul 2005 22:04:54 +0000 (GMT) (envelope-from emaste@phaedrus.sandvine.ca) Received: from mailserver.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id EFC1043D46; Tue, 12 Jul 2005 22:04:53 +0000 (GMT) (envelope-from emaste@phaedrus.sandvine.ca) Received: from labgw2.phaedrus.sandvine.com ([192.168.3.11]) by mailserver.sandvine.com with Microsoft SMTPSVC(5.0.2195.6713); Tue, 12 Jul 2005 18:04:52 -0400 Received: by labgw2.phaedrus.sandvine.com (Postfix, from userid 12627) id BBD1D1361E; Tue, 12 Jul 2005 18:04:52 -0400 (EDT) Date: Tue, 12 Jul 2005 18:04:52 -0400 From: Ed Maste To: Robert Watson Message-ID: <20050712220452.GB38249@sandvine.com> References: <42CEF0EB.4000107@borderware.com> <42D006DB.8080108@errno.com> <20050712150224.GA38249@sandvine.com> <20050712162332.Q79478@fledge.watson.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050712162332.Q79478@fledge.watson.org> User-Agent: Mutt/1.4.2.1i X-OriginalArrivalTime: 12 Jul 2005 22:04:52.0911 (UTC) FILETIME=[BAEA1BF0:01C5872D] Cc: freebsd-net@freebsd.org Subject: Re: what to replace splnet in FreeBSD 5.x? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 22:04:54 -0000 On Tue, Jul 12, 2005 at 04:30:18PM +0100, Robert Watson wrote: > I'm concerned about the multicast address list problems you've been > experiencing, but haven't yet had a chance to investigate. If you could > provide a code fragment that exercises this problem, that would probably > get me started a lot more quickly. Thanks Robert. So far we've reproduced it only within our test lab environment and with our product executables -- a large amount of code and infrastructure. I've attempted to reduce it to a small amount of code that demonstrates the problem but have had no success yet. -- Ed Maste, Sandvine Incorporated From owner-freebsd-net@FreeBSD.ORG Tue Jul 12 22:10:30 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3105E16A41C for ; Tue, 12 Jul 2005 22:10:30 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [204.156.12.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F9A143D45 for ; Tue, 12 Jul 2005 22:10:29 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by cyrus.watson.org (Postfix) with ESMTP id D253C46B2C; Tue, 12 Jul 2005 18:10:28 -0400 (EDT) Date: Tue, 12 Jul 2005 23:10:28 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Ed Maste In-Reply-To: <20050712220452.GB38249@sandvine.com> Message-ID: <20050712230952.U70082@fledge.watson.org> References: <42CEF0EB.4000107@borderware.com> <42D006DB.8080108@errno.com> <20050712150224.GA38249@sandvine.com> <20050712162332.Q79478@fledge.watson.org> <20050712220452.GB38249@sandvine.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org Subject: Re: what to replace splnet in FreeBSD 5.x? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 22:10:30 -0000 On Tue, 12 Jul 2005, Ed Maste wrote: > On Tue, Jul 12, 2005 at 04:30:18PM +0100, Robert Watson wrote: > >> I'm concerned about the multicast address list problems you've been >> experiencing, but haven't yet had a chance to investigate. If you >> could provide a code fragment that exercises this problem, that would >> probably get me started a lot more quickly. > > Thanks Robert. So far we've reproduced it only within our test lab > environment and with our product executables -- a large amount of code > and infrastructure. I've attempted to reduce it to a small amount of > code that demonstrates the problem but have had no success yet. I've done SMP-based stress-testing with the regular address lists, but not with the multicast address lists. I'll try to take a look this upcoming weekend. Thanks, Robert N M Watson From owner-freebsd-net@FreeBSD.ORG Wed Jul 13 03:23:16 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6395316A41C; Wed, 13 Jul 2005 03:23:16 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [65.75.192.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id C856843D45; Wed, 13 Jul 2005 03:23:15 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from tedwin2k (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id j6D3OUb38231; Tue, 12 Jul 2005 20:24:30 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "dave" , Date: Tue, 12 Jul 2005 20:23:10 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478 In-Reply-To: <000301c5863f$e6c59fe0$0200a8c0@satellite> Cc: freebsd-net@freebsd.org Subject: RE: two 3C905B's in 5.4 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jul 2005 03:23:16 -0000 The 3c905 driver is not very good. These cards are fine under Windows but seldom work properly under FreeBSD. Most of the motherboards I've tried them in don't work right with them. We do both Windows and BSD so you know where I put these cards when I get them. I'll be happy to swap a pair of Netgear cards with you, send me your address and I'll mail them to you. If they work out OK you can mail me your cards, otherwise just keep them. Ted >-----Original Message----- >From: owner-freebsd-questions@freebsd.org >[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of dave >Sent: Monday, July 11, 2005 10:42 AM >To: freebsd-questions@freebsd.org >Cc: freebsd-net@freebsd.org >Subject: two 3C905B's in 5.4 > > >Hello, > I've got a 5.4 box that's going to be a router. It has two >3C905B cards >in it and i'm having a blank fill it in as you wish, of a time >getting the >cards working. Neither card likes dhcp, sometimes i'll start >dhclient and >the cards will work, sometimes they won't. If i give the -v option to >dhclient i get the message network is unreachable, see readme about >broadcast address. I know this isn't a cable modem issue or a >cable, because >i plugged in an old 3c509 isa card and it worked the first >time, this fix >isn't practical for this setup. An ifconfig check shows both 905's in >autonegociation mode 100-mbit tx, i'm wondering if i should manually set >them to something, but am unsure as to what. One card one time >gave me the >waiting to transmit error message as mentioned in the man page >and it took a >reboot to fix it. I've checked the bios on this box and it's >pnp os option >is off. Any help appreciated. If more information is needed >ask, i will send >it. >Thanks. >Dave. > >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to >"freebsd-questions-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Wed Jul 13 04:34:10 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 608B016A41C for ; Wed, 13 Jul 2005 04:34:10 +0000 (GMT) (envelope-from non_secure@yahoo.com) Received: from web53310.mail.yahoo.com (web53310.mail.yahoo.com [206.190.39.239]) by mx1.FreeBSD.org (Postfix) with SMTP id C63D443D46 for ; Wed, 13 Jul 2005 04:34:09 +0000 (GMT) (envelope-from non_secure@yahoo.com) Received: (qmail 2194 invoked by uid 60001); 13 Jul 2005 04:34:09 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=z+v/0KfYjjdDUqARFmfYyGQYCaNtDsLkhAGX6H2O9S/vUudDiAe7Z9cpm+vXAObH5gWuV5sTkQduiTRX+TwIeRkGwZjUBH7N3PHjfq0DZIPhRs2hE+BNDccx7lE6V633aM2q14V5XD2RLnKqCBU3VQ3V6K+2qSY0igd7lntemZ0= ; Message-ID: <20050713043409.2192.qmail@web53310.mail.yahoo.com> Received: from [208.186.91.245] by web53310.mail.yahoo.com via HTTP; Tue, 12 Jul 2005 21:34:08 PDT Date: Tue, 12 Jul 2005 21:34:08 -0700 (PDT) From: Joe Schmoe To: Matt Emmerton , Jeremie Le Hen In-Reply-To: <001901c58428$320e3f80$1200a8c0@gsicomp.on.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-net@freebsd.org Subject: Re: ntop binary for 5.x in existence ? (the real ntop, not the kitchen sink one...) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jul 2005 04:34:10 -0000 Matt, --- Matt Emmerton wrote: > I'm working on it :) It's a bit hairy because of > the changes between 4.x > and 5.x, but I should have something by next week. Wow - this is really great of you. Just some trivia to pass on - I do believe that they made some major updates and changes between 1.0 and 1.3 ... this was a long time ago, so maybe my memory is bad, but I think 1.3 is probably what you want to look at - it should be the most advanced of the "old" ntops. I noticed when I tried to configure ; make them, everything before 1.3 errored with XYZ, but then when I moved to 1.3, it errored out with ABC instead ... Just a thought... __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-net@FreeBSD.ORG Wed Jul 13 13:00:46 2005 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B2D2B16A41C for ; Wed, 13 Jul 2005 13:00:46 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from postfix4-2.free.fr (postfix4-2.free.fr [213.228.0.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 32F1E43D46 for ; Wed, 13 Jul 2005 13:00:45 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix4-2.free.fr (Postfix) with ESMTP id D30D3322082 for ; Wed, 13 Jul 2005 15:00:44 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id 5BB46405B; Wed, 13 Jul 2005 15:00:42 +0200 (CEST) Date: Wed, 13 Jul 2005 15:00:42 +0200 From: Jeremie Le Hen To: freebsd-net@FreeBSD.org Message-ID: <20050713130042.GV39292@obiwan.tataz.chchile.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.9i Cc: Subject: Problem with Path MTU Discovery X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jul 2005 13:00:46 -0000 Hi, I set a gif(4)-based IPSec tunnel between my network and a friend's one. This works pretty well, except that Path MTU Discovery doesn't work. Quick draw: MTU: 1500 MTU:1280 MTU:1500 Comp1 --------- Gate1 -------- Gate2 -----+-- Comp2 RELENG_5 RELENG_4 RELENG_5 | RELENG_5 | +-- Comp3 RELENG_5 When Comp1 is accessing Comp2's httpd, the client will stall, waiting for further data which never arrives. Comp2 keeps trying to send packets of 1500 bytes and does not decreases their size although Gate2 is sending it ICMP need-to-frag packets. I wasn't able to understand the problem. Sysctl net.inet.tcp.path_mtu_discovery is set to 1 on both computers. There is no firewall. Here is a network dump from the server : %%% 12:56:38.447645 192.168.4.80.80 > 192.168.1.222.60514: . 1:1449(1448) ack 189 win 33304 (DF) (ttl 64, id 24337, len 1500) 12:56:38.448227 192.168.4.13 > 192.168.4.80: icmp: 192.168.1.222 unreachable - need to frag (DF) (ttl 64, id 4088, len 56) 12:56:38.864776 192.168.4.80.80 > 192.168.1.222.60514: . 1:1449(1448) ack 189 win 33304 (DF) (ttl 64, id 24338, len 1500) 12:56:38.865358 192.168.4.13 > 192.168.4.80: icmp: 192.168.1.222 unreachable - need to frag (DF) (ttl 64, id 4089, len 56) 12:56:39.504765 192.168.4.80.80 > 192.168.1.222.60514: . 1:1449(1448) ack 189 win 33304 (DF) (ttl 64, id 24339, len 1500) %%% As you can see it doesn't take care of ICMP need-to-frag packets. I can see the same behaviour if I mount a NFS volume with TCP. This will simply hangs. This doesn't happen with an UDP mount because packets get fragmented. When I use scp(1) from Comp2 to fetch a reasonable big file from Comp1, Comp1 tries to send some packet of 1500 bytes to, Gate1 sends it some ICMP need-to-frag, and Comp1 successfully decreases packet size to 1280 bytes : %%% [...] 12:31:23.717870 IP (tos 0x8, ttl 64, id 14269, offset 0, flags [DF], length: 1500) 192.168.1.222.22 > 192.168.4.4.50458: . 1866:3314(1448) ack 1442 win 33304 12:31:23.718428 IP (tos 0x0, ttl 64, id 12065, offset 0, flags [DF], length: 56) 192.168.1.1 > 192.168.1.222: icmp 36: 192.168.4.4 unreachable - need to frag (mtu 1280) for IP (tos 0x8, ttl 64, id 14269, offset 0, flags [DF], length: 1500) 192.168.1.222.22 > 192.168.4.4.50458: [|tcp] 12:31:23.718489 IP (tos 0x8, ttl 64, id 54770, offset 0, flags [DF], length: 1280) 192.168.1.222.22 > 192.168.4.4.50458: . 1866:3094(1228) ack 1442 win 33304 [...] %%% FYI, Comp1 network interface is em(4) and Comp2's one is xl(4). Comp1: FreeBSD obiwan.tataz.chchile.org 5.4-STABLE FreeBSD 5.4-STABLE #24: Sat Jun 25 12:52:32 CEST 2005 root@obiwan.tataz.chchile.org:/usr/src/sys/i386/compile/OBIWAN i386 Comp2: FreeBSD filer 5.4-STABLE FreeBSD 5.4-STABLE #11: Tue Jun 21 17:25:06 CEST 2005 root@filer:/usr/obj/usr/src/sys/BSD54 i386 Some sysctls differing between Comp1 and Comp2: --- sysctl-a.Comp1 Wed Jul 13 14:50:34 2005 +++ sysctl-a.Comp2 Wed Jul 13 14:47:14 2005 -kern.osreldate: 504102 +kern.osreldate: 504101 -net.inet.ip.random_id: 1 +net.inet.ip.random_id: 0 -net.inet.tcp.hostcache.count: 9 +net.inet.tcp.hostcache.count: 3 -net.inet.tcp.reass.overflows: 165 +net.inet.tcp.reass.overflows: 0 -net.inet.udp.recvspace: 41600 +net.inet.udp.recvspace: 42080 -debug.mpsafenet: 1 +debug.mpsafenet: 0 I tried also tried to connect to Comp3, but the behaviour is the same. Thus my guess is that Gate2 (RELENG_5) is sending bad ICMP need-to-frag packets, while Gate1 (RELENG_4) is sending good ones, because all Comp* are RELENG_5, and don't behavie in the same way. Does anyone have an idea why Path MTU Discovery doesn't work on Comp2 ? -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > From owner-freebsd-net@FreeBSD.ORG Wed Jul 13 15:50:48 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0BDC016A41C for ; Wed, 13 Jul 2005 15:50:48 +0000 (GMT) (envelope-from tarkhil@webmail.sub.ru) Received: from techno.sub.ru (webmail.sub.ru [213.247.139.22]) by mx1.FreeBSD.org (Postfix) with SMTP id B541643D45 for ; Wed, 13 Jul 2005 15:50:46 +0000 (GMT) (envelope-from tarkhil@webmail.sub.ru) Received: (qmail 44379 invoked by uid 0); 13 Jul 2005 15:49:30 -0000 Received: from webmail.sub.ru (HELO localhost) (213.247.139.22) by techno.sub.ru with SMTP; 13 Jul 2005 15:49:30 -0000 Received: from unknown ([213.247.139.22]) by localhost (webmail.sub.ru [213.247.139.22]) (amavisd-new, port 10024) with SMTP id 42422-03 for ; Wed, 13 Jul 2005 19:49:25 +0400 (MSD) Received: from webmail.sub.ru (HELO control.sub.ru) (213.247.139.22) by techno.sub.ru with SMTP; 13 Jul 2005 15:49:24 -0000 Received: (qmail 44312 invoked by uid 0); 13 Jul 2005 15:49:24 -0000 Received: from unknown (HELO armada) (192.168.1.251) by control.sub.ru with SMTP; 13 Jul 2005 15:49:24 -0000 Received: (qmail 74605 invoked from network); 13 Jul 2005 15:44:45 -0000 Received: from unknown (HELO ?127.0.0.1?) (127.0.0.1) by armada with SMTP; 13 Jul 2005 15:44:45 -0000 Message-ID: <42D536EC.5030500@webmail.sub.ru> Date: Wed, 13 Jul 2005 19:44:44 +0400 From: Alex Povolotsky User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.8) Gecko/20050704 X-Accept-Language: ru, en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at mail.sub.ru Subject: GRE and PF problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jul 2005 15:50:48 -0000 Hello! I'm using FreeBSD (5.3-RELEASE-p5) as internet access server, and I have to NAT GRE packets. I'm using pf. The problem is that SOMETIMES PF fails to create proper rule using nat, while binat works fine. Not only I do not want to expose Windows boxes (even if those addresses are firewalled), but it's also a terrible waste of real IPs. Can anyone point me if I have incorrect PF config, or PF just work poorly with gre? Alex. From owner-freebsd-net@FreeBSD.ORG Wed Jul 13 21:34:16 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6DD7E16A41C for ; Wed, 13 Jul 2005 21:34:16 +0000 (GMT) (envelope-from matt@gsicomp.on.ca) Received: from skippyii.compar.com (webpos.compar.com [216.208.38.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id C38E343D48 for ; Wed, 13 Jul 2005 21:34:15 +0000 (GMT) (envelope-from matt@gsicomp.on.ca) Received: from hermes (CPE00062566c7bb-CM000039c69a66.cpe.net.cable.rogers.com [70.28.254.189]) by skippyii.compar.com (8.13.1/8.13.1) with ESMTP id j6DLk8st008730; Wed, 13 Jul 2005 17:46:08 -0400 (EDT) (envelope-from matt@gsicomp.on.ca) Message-ID: <009801c587f2$afa775b0$1200a8c0@gsicomp.on.ca> From: "Matt Emmerton" To: "Joe Schmoe" , "Jeremie Le Hen" References: <20050713043409.2192.qmail@web53310.mail.yahoo.com> Date: Wed, 13 Jul 2005 17:34:43 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1506 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 Cc: freebsd-net@freebsd.org Subject: Re: ntop binary for 5.x in existence ? (the real ntop, not the kitchen sink one...) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jul 2005 21:34:16 -0000 > > Matt, > > --- Matt Emmerton wrote: > > > I'm working on it :) It's a bit hairy because of > > the changes between 4.x > > and 5.x, but I should have something by next week. > > Wow - this is really great of you. Just some trivia > to pass on - I do believe that they made some major > updates and changes between 1.0 and 1.3 ... this was a > long time ago, so maybe my memory is bad, but I think > 1.3 is probably what you want to look at - it should > be the most advanced of the "old" ntops. > > I noticed when I tried to configure ; make them, > everything before 1.3 errored with XYZ, but then when > I moved to 1.3, it errored out with ABC instead ... I was only able to find the ntop-1.1 sources on the web. Can you point me to the ntop-1.3 sources? Thanks, Matt From owner-freebsd-net@FreeBSD.ORG Thu Jul 14 00:08:22 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E531416A41C for ; Thu, 14 Jul 2005 00:08:22 +0000 (GMT) (envelope-from non_secure@yahoo.com) Received: from web53310.mail.yahoo.com (web53310.mail.yahoo.com [206.190.39.239]) by mx1.FreeBSD.org (Postfix) with SMTP id 57C8C43D45 for ; Thu, 14 Jul 2005 00:08:22 +0000 (GMT) (envelope-from non_secure@yahoo.com) Received: (qmail 86464 invoked by uid 60001); 14 Jul 2005 00:08:21 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=yYaQQ0JabM5sBl0kkVHEiOnc5j4AP8OzGBuSBwADEwe6o5cYMBD992OcRlqDKwHa9DL+mWPObga6TVrlK5IyaWGgN5/N/Nd149JLeH0ajuH6fE01Fs4DukBOF8+aePhHDpzz1AA5otHINjBGKERYFgh9L9BTVQgHITiR3mL/zUM= ; Message-ID: <20050714000821.86462.qmail@web53310.mail.yahoo.com> Received: from [208.186.91.245] by web53310.mail.yahoo.com via HTTP; Wed, 13 Jul 2005 17:08:21 PDT Date: Wed, 13 Jul 2005 17:08:21 -0700 (PDT) From: Joe Schmoe To: Matt Emmerton , Jeremie Le Hen In-Reply-To: <009801c587f2$afa775b0$1200a8c0@gsicomp.on.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-net@freebsd.org Subject: Re: ntop binary for 5.x in existence ? (the real ntop, not the kitchen sink one...) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2005 00:08:23 -0000 Matt, --- Matt Emmerton wrote: > I was only able to find the ntop-1.1 sources on the > web. Can you point me > to the ntop-1.3 sources? http://www.netsw.org/net/ip/audit/packets/ntop-1.3.1.tar.gz __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-net@FreeBSD.ORG Thu Jul 14 03:47:52 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD03F16A41C for ; Thu, 14 Jul 2005 03:47:52 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from mrout2.yahoo.com (mrout2.yahoo.com [216.145.54.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B44343D46 for ; Thu, 14 Jul 2005 03:47:52 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy8.corp.yahoo.com [216.145.48.13]) by mrout2.yahoo.com (8.13.4/8.13.4/y.out) with ESMTP id j6E3kCKl072449; Wed, 13 Jul 2005 20:46:13 -0700 (PDT) Date: Thu, 14 Jul 2005 12:46:11 +0900 Message-ID: From: gnn@freebsd.org To: Jeremie Le Hen In-Reply-To: <20050713130042.GV39292@obiwan.tataz.chchile.org> References: <20050713130042.GV39292@obiwan.tataz.chchile.org> User-Agent: Wanderlust/2.12.2 (99 Luftballons) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (=?ISO-8859-4?Q?Sanj=F2?=) APEL/10.6 Emacs/21.3.50 (powerpc-apple-darwin8.1.0) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: freebsd-net@freebsd.org Subject: Re: Problem with Path MTU Discovery X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2005 03:47:52 -0000 At Wed, 13 Jul 2005 15:00:42 +0200, Jeremie Le Hen wrote: > > Hi, > > I set a gif(4)-based IPSec tunnel between my network and a friend's one. > This works pretty well, except that Path MTU Discovery doesn't work. > > Quick draw: > MTU: 1500 MTU:1280 MTU:1500 > Comp1 --------- Gate1 -------- Gate2 -----+-- Comp2 > RELENG_5 RELENG_4 RELENG_5 | RELENG_5 > | > +-- Comp3 > RELENG_5 > Can you look at the routing table for each of Comp1 and Comp2 and also use the -W flag to show the path MTU? If there is something wonky in the routing table then TCP will not hear about the MTU change. Thanks, George From owner-freebsd-net@FreeBSD.ORG Thu Jul 14 05:31:37 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AAC9F16A41C for ; Thu, 14 Jul 2005 05:31:37 +0000 (GMT) (envelope-from compunction@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 49DFB43D46 for ; Thu, 14 Jul 2005 05:31:36 +0000 (GMT) (envelope-from compunction@gmail.com) Received: by zproxy.gmail.com with SMTP id i11so189837nzi for ; Wed, 13 Jul 2005 22:31:36 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ZFgZ6vpgjV31t7IJDtp5zMcukXl87p49elqspXOLOU6v2gmXa4XWWcAbEPuwilS/gxWEIO6wICN8Q00h+7NP4Dnmw0DVoixQS79sbhfIbXvlip+LxNC0F6uxnQNe2HuHIhf5LyQyNAQQcGGLxY0Jc0cDImSygNEAf9WeUT1txlI= Received: by 10.36.36.14 with SMTP id j14mr64679nzj; Wed, 13 Jul 2005 22:31:36 -0700 (PDT) Received: by 10.36.39.18 with HTTP; Wed, 13 Jul 2005 22:31:36 -0700 (PDT) Message-ID: <9f9a8c4005071322311907b4b@mail.gmail.com> Date: Thu, 14 Jul 2005 01:31:36 -0400 From: compunction To: Alex Povolotsky In-Reply-To: <42D536EC.5030500@webmail.sub.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <42D536EC.5030500@webmail.sub.ru> Cc: freebsd-net@freebsd.org Subject: Re: GRE and PF problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: compunction List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2005 05:31:37 -0000 GRE needs to pass bidirectional. You will need a binat to make it work. I have not found a firewall that will allow GRE to work with a many to one nat. -Mark On 7/13/05, Alex Povolotsky wrote: > Hello! >=20 > I'm using FreeBSD (5.3-RELEASE-p5) as internet access server, and I have > to NAT GRE packets. I'm using pf. >=20 > The problem is that SOMETIMES PF fails to create proper rule using nat, > while binat works fine. >=20 > Not only I do not want to expose Windows boxes (even if those addresses > are firewalled), but it's also a terrible waste of real IPs. >=20 > Can anyone point me if I have incorrect PF config, or PF just work > poorly with gre? >=20 > Alex. >=20 >=20 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Thu Jul 14 06:43:11 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0103216A41C for ; Thu, 14 Jul 2005 06:43:11 +0000 (GMT) (envelope-from tarkhil@webmail.sub.ru) Received: from techno.sub.ru (webmail.sub.ru [213.247.139.22]) by mx1.FreeBSD.org (Postfix) with SMTP id F268B43D46 for ; Thu, 14 Jul 2005 06:43:09 +0000 (GMT) (envelope-from tarkhil@webmail.sub.ru) Received: (qmail 66614 invoked by uid 0); 14 Jul 2005 06:44:21 -0000 Received: from webmail.sub.ru (HELO localhost) (213.247.139.22) by techno.sub.ru with SMTP; 14 Jul 2005 06:44:21 -0000 Received: from unknown ([213.247.139.22]) by localhost (webmail.sub.ru [213.247.139.22]) (amavisd-new, port 10024) with SMTP id 65583-04 for ; Thu, 14 Jul 2005 10:44:16 +0400 (MSD) Received: from webmail.sub.ru (HELO control.sub.ru) (213.247.139.22) by techno.sub.ru with SMTP; 14 Jul 2005 06:44:16 -0000 Received: (qmail 66532 invoked by uid 0); 14 Jul 2005 06:44:16 -0000 Received: from unknown (HELO armada) (192.168.1.251) by control.sub.ru with SMTP; 14 Jul 2005 06:44:16 -0000 Received: (qmail 84164 invoked from network); 14 Jul 2005 06:37:05 -0000 Received: from unknown (HELO ?127.0.0.1?) (127.0.0.1) by armada with SMTP; 14 Jul 2005 06:37:05 -0000 Message-ID: <42D60810.8090000@webmail.sub.ru> Date: Thu, 14 Jul 2005 10:37:04 +0400 From: Alex Povolotsky User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.8) Gecko/20050704 X-Accept-Language: ru, en-us, en MIME-Version: 1.0 To: compunction References: <42D536EC.5030500@webmail.sub.ru> <9f9a8c4005071322311907b4b@mail.gmail.com> In-Reply-To: <9f9a8c4005071322311907b4b@mail.gmail.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at mail.sub.ru Cc: freebsd-net@freebsd.org Subject: Re: GRE and PF problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2005 06:43:11 -0000 compunction wrote: >GRE needs to pass bidirectional. You will need a binat to make it >work. I have not found a firewall that will allow GRE to work with a >many to one nat. > > The most painful thing is that pf's nat works for GRE - SOMETIMES :-( The only thing firewall needs to implement for natting GRE is creation of two rules (forward and back) for GRE packet, just like it does for ICMP. I'm not a firewall writer, but as far as I understand general procedural programming, it cannot be THAT complicated. Alex. From owner-freebsd-net@FreeBSD.ORG Thu Jul 14 06:43:43 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B792C16A41C for ; Thu, 14 Jul 2005 06:43:43 +0000 (GMT) (envelope-from tarkhil@webmail.sub.ru) Received: from techno.sub.ru (webmail.sub.ru [213.247.139.22]) by mx1.FreeBSD.org (Postfix) with SMTP id 9C5DB43D4C for ; Thu, 14 Jul 2005 06:43:42 +0000 (GMT) (envelope-from tarkhil@webmail.sub.ru) Received: (qmail 66958 invoked by uid 0); 14 Jul 2005 06:44:54 -0000 Received: from webmail.sub.ru (HELO localhost) (213.247.139.22) by techno.sub.ru with SMTP; 14 Jul 2005 06:44:54 -0000 Received: from unknown ([213.247.139.22]) by localhost (webmail.sub.ru [213.247.139.22]) (amavisd-new, port 10024) with SMTP id 65862-07 for ; Thu, 14 Jul 2005 10:44:50 +0400 (MSD) Received: from webmail.sub.ru (HELO control.sub.ru) (213.247.139.22) by techno.sub.ru with SMTP; 14 Jul 2005 06:44:50 -0000 Received: (qmail 66902 invoked by uid 0); 14 Jul 2005 06:44:49 -0000 Received: from unknown (HELO armada) (192.168.1.251) by control.sub.ru with SMTP; 14 Jul 2005 06:44:49 -0000 Received: (qmail 84296 invoked from network); 14 Jul 2005 06:37:38 -0000 Received: from unknown (HELO ?127.0.0.1?) (127.0.0.1) by armada with SMTP; 14 Jul 2005 06:37:38 -0000 Message-ID: <42D60832.9090206@webmail.sub.ru> Date: Thu, 14 Jul 2005 10:37:38 +0400 From: Alex Povolotsky User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.8) Gecko/20050704 X-Accept-Language: ru, en-us, en MIME-Version: 1.0 To: compunction References: <42D536EC.5030500@webmail.sub.ru> <9f9a8c4005071322311907b4b@mail.gmail.com> In-Reply-To: <9f9a8c4005071322311907b4b@mail.gmail.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at mail.sub.ru Cc: freebsd-net@freebsd.org Subject: Re: GRE and PF problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2005 06:43:43 -0000 compunction wrote: >GRE needs to pass bidirectional. You will need a binat to make it >work. I have not found a firewall that will allow GRE to work with a >many to one nat. > > The most painful thing is that pf's nat works for GRE - SOMETIMES :-( The only thing firewall needs to implement for natting GRE is creation of two rules (forward and back) for GRE packet, just like it does for ICMP. I'm not a firewall writer, but as far as I understand general procedural programming, it cannot be THAT complicated. Alex. From owner-freebsd-net@FreeBSD.ORG Thu Jul 14 07:56:32 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0CEA216A41F for ; Thu, 14 Jul 2005 07:56:32 +0000 (GMT) (envelope-from raglon@packetfront.com) Received: from mail.packetfront.com (mail.packetfront.com [212.247.6.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id CFA5C43D53 for ; Thu, 14 Jul 2005 07:56:30 +0000 (GMT) (envelope-from raglon@packetfront.com) Received: from localhost (localhost [127.0.0.1]) by mail.packetfront.com (Postfix) with ESMTP id 5C13FA3F4B; Thu, 14 Jul 2005 09:56:28 +0200 (CEST) Received: from mail.packetfront.com ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09674-06; Thu, 14 Jul 2005 09:56:28 +0200 (CEST) Received: from [192.168.1.159] (pf-raglon.int.packetfront.com [192.168.1.159]) by mail.packetfront.com (Postfix) with ESMTP id 120C4A3F26; Thu, 14 Jul 2005 09:56:28 +0200 (CEST) Message-ID: <42D61A8B.2090804@packetfront.com> Date: Thu, 14 Jul 2005 09:55:55 +0200 From: Ragnar Lonn User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Yuriy N. Shkandybin" References: <02bc01c583c5$300fe070$6504010a@Jura> In-Reply-To: <02bc01c583c5$300fe070$6504010a@Jura> Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at packetfront.com Cc: freebsd-net@freebsd.org Subject: Re: kern/83011: nge vlans broken X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2005 07:56:32 -0000 This is in 5.x, right? I can't find this code in 4.11 at least. Does that mean that ngeth VLAN support is broken in 5.x (without the patch)? Regards, /Ragnar Yuriy N. Shkandybin wrote: > I've invistigated that m_head mbuf doesn't have M_VLANTAG when > performing VLAN_OUTPUT() > > next diff for /usr/src/sys/net/if_vlan_var.h make it work: > --- 1.h Fri Jul 8 17:34:31 2005 > +++ if_vlan_var.h Fri Jul 8 17:35:53 2005 > @@ -111,7 +111,7 @@ > } while (0) > > #define VLAN_OUTPUT_TAG(_ifp, _m) \ > - ((_m)->m_flags & M_VLANTAG ? \ > + ((_ifp)->if_nvlans != 0 ? \ > m_tag_locate((_m), MTAG_VLAN, MTAG_VLAN_TAG, NULL) : NULL) > #define VLAN_TAG_VALUE(_mt) (*(u_int *)((_mt)+1)) > #endif /* _KERNEL */ > > > Actually this is partial backout ru@ commit > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/net/if_vlan_var.h.diff?r1=1.20&r2=1.21&f=h > > > Since it's not adressed to if_nge itself, so it's possible same > problems for another interfaces. > > Jura > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Thu Jul 14 08:26:54 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DFA9E16A41C for ; Thu, 14 Jul 2005 08:26:54 +0000 (GMT) (envelope-from jura@networks.ru) Received: from networks.ru (orange.networks.ru [80.249.138.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4390F43D46 for ; Thu, 14 Jul 2005 08:26:53 +0000 (GMT) (envelope-from jura@networks.ru) X-Spam-Status: No, hits=0.0 required=2.0 Received: from [81.195.67.217] (account jura HELO Jura) by networks.ru (CommuniGate Pro SMTP 4.2.8) with ESMTP-TLS id 1684044; Thu, 14 Jul 2005 12:26:47 +0400 Message-ID: <027001c5884d$cab58440$6504010a@Jura> From: "Yuriy N. Shkandybin" To: "Ragnar Lonn" References: <02bc01c583c5$300fe070$6504010a@Jura> <42D61A8B.2090804@packetfront.com> Date: Thu, 14 Jul 2005 12:26:53 +0400 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1251"; reply-type=response Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2527 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 Cc: freebsd-net@freebsd.org Subject: Re: kern/83011: nge vlans broken X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2005 08:26:55 -0000 No, this is 6 and CURRENT. For 5 if_nge.c diffs 1.72 and 1.73 should be applied. Otherwise you'll get crash. Jura ----- Original Message ----- From: "Ragnar Lonn" To: "Yuriy N. Shkandybin" Cc: Sent: 14 èþëÿ 2005 ã. 11:55 Subject: Re: kern/83011: nge vlans broken > This is in 5.x, right? I can't find this code in 4.11 at least. > Does that mean that ngeth VLAN support is broken in 5.x (without the > patch)? > > Regards, > > /Ragnar > > Yuriy N. Shkandybin wrote: > >> I've invistigated that m_head mbuf doesn't have M_VLANTAG when performing >> VLAN_OUTPUT() >> >> next diff for /usr/src/sys/net/if_vlan_var.h make it work: >> --- 1.h Fri Jul 8 17:34:31 2005 >> +++ if_vlan_var.h Fri Jul 8 17:35:53 2005 >> @@ -111,7 +111,7 @@ >> } while (0) >> >> #define VLAN_OUTPUT_TAG(_ifp, _m) \ >> - ((_m)->m_flags & M_VLANTAG ? \ >> + ((_ifp)->if_nvlans != 0 ? \ >> m_tag_locate((_m), MTAG_VLAN, MTAG_VLAN_TAG, NULL) : NULL) >> #define VLAN_TAG_VALUE(_mt) (*(u_int *)((_mt)+1)) >> #endif /* _KERNEL */ >> >> >> Actually this is partial backout ru@ commit >> http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/net/if_vlan_var.h.diff?r1=1.20&r2=1.21&f=h >> >> Since it's not adressed to if_nge itself, so it's possible same problems >> for another interfaces. >> >> Jura >> >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > From owner-freebsd-net@FreeBSD.ORG Thu Jul 14 09:16:39 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1ED1216A41C; Thu, 14 Jul 2005 09:16:39 +0000 (GMT) (envelope-from danny@cs.huji.ac.il) Received: from cs1.cs.huji.ac.il (cs1.cs.huji.ac.il [132.65.16.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id A884F43D53; Thu, 14 Jul 2005 09:16:38 +0000 (GMT) (envelope-from danny@cs.huji.ac.il) Received: from pampa.cs.huji.ac.il ([132.65.80.32]) by cs1.cs.huji.ac.il with esmtp id 1Dszpc-0002Uo-PG; Thu, 14 Jul 2005 12:16:36 +0300 X-Mailer: exmh version 2.7.0 06/18/2004 with nmh-1.0.4 To: Dan Nelson In-reply-to: Your message of Tue, 12 Jul 2005 12:14:16 -0500 . Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 14 Jul 2005 12:16:36 +0300 From: Danny Braniss Message-ID: Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org Subject: Re: tcp troughput weirdness X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2005 09:16:39 -0000 > In the last episode (Jul 12), Danny Braniss said: > > [...] > > > You might want to apply the patch at the bottom of > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/75122 ; without it, new > > > connections get a random initial bandwidth. > > > > how far 'bottom' should i go? > > Search for "Final patch follows". ok, did the patches (by hand, since the patch is a bit outdated), but it didn't help. the speed up is only realized when increasing the recvspace AND disabling inflight. danny From owner-freebsd-net@FreeBSD.ORG Thu Jul 14 12:51:51 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB07416A41C for ; Thu, 14 Jul 2005 12:51:51 +0000 (GMT) (envelope-from gpt@tirloni.org) Received: from srv-03.bs2.com.br (srv-03.bs2.com.br [200.203.183.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7538543D46 for ; Thu, 14 Jul 2005 12:51:51 +0000 (GMT) (envelope-from gpt@tirloni.org) Received: from localhost (localhost.bs2.com.br [127.0.0.1]) by srv-03.bs2.com.br (Postfix) with ESMTP id 3047F4ADC1; Thu, 14 Jul 2005 09:52:08 -0300 (BRT) Received: from [172.16.12.100] (unknown [200.138.144.12]) by srv-03.bs2.com.br (Postfix) with ESMTP id C0A734ADC7; Thu, 14 Jul 2005 09:52:07 -0300 (BRT) Message-ID: <42D65FE4.2030801@tirloni.org> Date: Thu, 14 Jul 2005 09:51:48 -0300 From: "Giovanni P. Tirloni" User-Agent: Mozilla Thunderbird 1.0.2-1.4.1.centos4 (X11/20050323) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Alex Povolotsky References: <42D536EC.5030500@webmail.sub.ru> <9f9a8c4005071322311907b4b@mail.gmail.com> <42D60832.9090206@webmail.sub.ru> In-Reply-To: <42D60832.9090206@webmail.sub.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: GRE and PF problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2005 12:51:52 -0000 Alex Povolotsky wrote: > compunction wrote: > >> GRE needs to pass bidirectional. You will need a binat to make it >> work. I have not found a firewall that will allow GRE to work with a >> many to one nat. >> >> > > The most painful thing is that pf's nat works for GRE - SOMETIMES :-( > > The only thing firewall needs to implement for natting GRE is creation > of two rules (forward and back) for GRE packet, just like it does for ICMP. > > I'm not a firewall writer, but as far as I understand general procedural > programming, it cannot be THAT complicated. When a packet comes from 1.2.3.4 to your external interface you can't determine if it's destined to 192.168.0.1 or 192.168.0.2 if both initiated a GRE tunnel to 1.2.3.4. That's because GRE doesn't have ports like UDP or TCP to make (de)multiplexing possible, AFAIK. http://www.networksorcery.com/enp/protocol/gre.htm -- Giovanni P. Tirloni / gpt@tirloni.org / PGP: 0xD0315C26 From owner-freebsd-net@FreeBSD.ORG Thu Jul 14 18:25:40 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F18616A41C for ; Thu, 14 Jul 2005 18:25:40 +0000 (GMT) (envelope-from tarkhil@webmail.sub.ru) Received: from techno.sub.ru (webmail.sub.ru [213.247.139.22]) by mx1.FreeBSD.org (Postfix) with SMTP id 89EC643D4C for ; Thu, 14 Jul 2005 18:25:39 +0000 (GMT) (envelope-from tarkhil@webmail.sub.ru) Received: (qmail 28508 invoked by uid 0); 14 Jul 2005 18:26:48 -0000 Received: from webmail.sub.ru (HELO localhost) (213.247.139.22) by techno.sub.ru with SMTP; 14 Jul 2005 18:26:48 -0000 Received: from unknown ([213.247.139.22]) by localhost (webmail.sub.ru [213.247.139.22]) (amavisd-new, port 10024) with SMTP id 27176-03 for ; Thu, 14 Jul 2005 22:26:41 +0400 (MSD) Received: from webmail.sub.ru (HELO control.sub.ru) (213.247.139.22) by techno.sub.ru with SMTP; 14 Jul 2005 18:26:41 -0000 Received: (qmail 28413 invoked by uid 0); 14 Jul 2005 18:26:40 -0000 Received: from unknown (HELO armada) (192.168.1.251) by control.sub.ru with SMTP; 14 Jul 2005 18:26:40 -0000 Received: (qmail 7331 invoked from network); 14 Jul 2005 18:19:25 -0000 Received: from unknown (HELO ?127.0.0.1?) (127.0.0.1) by armada with SMTP; 14 Jul 2005 18:19:25 -0000 Message-ID: <42D6ACAD.3030708@webmail.sub.ru> Date: Thu, 14 Jul 2005 22:19:25 +0400 From: Alex Povolotsky User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.8) Gecko/20050704 X-Accept-Language: ru, en-us, en MIME-Version: 1.0 To: "Giovanni P. Tirloni" References: <42D536EC.5030500@webmail.sub.ru> <9f9a8c4005071322311907b4b@mail.gmail.com> <42D60832.9090206@webmail.sub.ru> <42D65FE4.2030801@tirloni.org> In-Reply-To: <42D65FE4.2030801@tirloni.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at mail.sub.ru Cc: freebsd-net@freebsd.org Subject: Re: GRE and PF problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2005 18:25:40 -0000 Giovanni P. Tirloni wrote: > Alex Povolotsky wrote: > >> compunction wrote: >> >>> GRE needs to pass bidirectional. You will need a binat to make it >>> work. I have not found a firewall that will allow GRE to work with a >>> many to one nat. >>> >>> >> >> The most painful thing is that pf's nat works for GRE - SOMETIMES :-( >> >> The only thing firewall needs to implement for natting GRE is >> creation of two rules (forward and back) for GRE packet, just like it >> does for ICMP. >> >> I'm not a firewall writer, but as far as I understand general >> procedural programming, it cannot be THAT complicated. > > > When a packet comes from 1.2.3.4 to your external interface you can't > determine if it's destined to 192.168.0.1 or 192.168.0.2 if both > initiated a GRE tunnel to 1.2.3.4. That's because GRE doesn't have > ports like UDP or TCP to make (de)multiplexing possible, AFAIK. > > http://www.networksorcery.com/enp/protocol/gre.htm > Cool. I did not know that ICMP doesn't work through nat. It always worked for me. Moreover, as far as I remember, GRE worked with IPFW/NATD, and SOMETIMES it works with pf. Alex. From owner-freebsd-net@FreeBSD.ORG Thu Jul 14 20:56:07 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C1B4716A41C for ; Thu, 14 Jul 2005 20:56:07 +0000 (GMT) (envelope-from gpt@tirloni.org) Received: from srv-03.bs2.com.br (srv-03.bs2.com.br [200.203.183.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B2A343D45 for ; Thu, 14 Jul 2005 20:56:07 +0000 (GMT) (envelope-from gpt@tirloni.org) Received: from localhost (localhost.bs2.com.br [127.0.0.1]) by srv-03.bs2.com.br (Postfix) with ESMTP id EFC664AF4E; Thu, 14 Jul 2005 17:56:23 -0300 (BRT) Received: from [172.16.12.100] (unknown [200.138.144.12]) by srv-03.bs2.com.br (Postfix) with ESMTP id 89F1B4AF21; Thu, 14 Jul 2005 17:56:23 -0300 (BRT) Message-ID: <42D6D164.30000@tirloni.org> Date: Thu, 14 Jul 2005 17:56:04 -0300 From: "Giovanni P. Tirloni" User-Agent: Mozilla Thunderbird 1.0.2-1.4.1.centos4 (X11/20050323) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Alex Povolotsky References: <42D536EC.5030500@webmail.sub.ru> <9f9a8c4005071322311907b4b@mail.gmail.com> <42D60832.9090206@webmail.sub.ru> <42D65FE4.2030801@tirloni.org> <42D6ACAD.3030708@webmail.sub.ru> In-Reply-To: <42D6ACAD.3030708@webmail.sub.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: GRE and PF problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2005 20:56:07 -0000 Alex Povolotsky wrote: >> When a packet comes from 1.2.3.4 to your external interface you can't >> determine if it's destined to 192.168.0.1 or 192.168.0.2 if both >> initiated a GRE tunnel to 1.2.3.4. That's because GRE doesn't have >> ports like UDP or TCP to make (de)multiplexing possible, AFAIK. >> >> http://www.networksorcery.com/enp/protocol/gre.htm >> > Cool. I did not know that ICMP doesn't work through nat. It always > worked for me. Moreover, as far as I remember, GRE worked with > IPFW/NATD, and SOMETIMES it works with pf. I don't know how PF keeps tracks of ICMP packets but there must be a way for it to distinguish between a packet destined to 192.168.0.1 or 0.2. We all know ICMP works behind NAT. You don't need to play like that here. Looking at the GRE header I simply can't find a way to keep track of it and my experiences with some xDSL/cable routers permit me to say that I haven't found anyone that would let me establish more than one PPTP connection behind NAT. But then I'm no networking/pf/kernel guru to keep talking about this. -- Giovanni P. Tirloni / gpt@tirloni.org / PGP: 0xD0315C26 From owner-freebsd-net@FreeBSD.ORG Thu Jul 14 21:49:27 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB45716A41C for ; Thu, 14 Jul 2005 21:49:27 +0000 (GMT) (envelope-from vanvorst@ieee.org) Received: from mail.stupendousness.org (67-41-211-151.brbn.qwest.net [67.41.211.151]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2B8FE43D4C for ; Thu, 14 Jul 2005 21:49:26 +0000 (GMT) (envelope-from vanvorst@ieee.org) Received: from brussels.luv.shack (localhost.localdomain [127.0.0.1]) by mail.stupendousness.org (8.13.1/8.13.1) with ESMTP id j6ELnQVa010151 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 14 Jul 2005 15:49:26 -0600 Received: (from apache@localhost) by brussels.luv.shack (8.13.1/8.13.1/Submit) id j6ELnQRp010150; Thu, 14 Jul 2005 15:49:26 -0600 X-Authentication-Warning: brussels.luv.shack: apache set sender to vanvorst@ieee.org using -f Received: from 138.67.22.54 (SquirrelMail authenticated user vanvorst) by www.stupendousness.org with HTTP; Thu, 14 Jul 2005 15:49:26 -0600 (MDT) Message-ID: <36620.138.67.22.54.1121377766.squirrel@www.stupendousness.org> Date: Thu, 14 Jul 2005 15:49:26 -0600 (MDT) From: "Nathanael M Van Vorst" To: freebsd-net@freebsd.org User-Agent: SquirrelMail/1.4.4-1.FC3 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: (no subject) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vanvorst@ieee.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2005 21:49:27 -0000 I have some questions about netgraph. I have been using the framework for project for a little while. I am at the point where I want to hand-off netgraph items to a kernel thread or a kernel module. Then I want the module or thread to do some processing and hand this back to netgraph. I looked through a little bit, and did not find an easy way. Did I miss it? Marching on, I wrote up a little module that had two functions that a node could call. One to regiter the hook to pass items back on, and one to pass items to to the module. Inside the module I call NG_FWD_ITEM to send the item back on the passed in hook. It always crashes in the ITEM_DEBUG macro. Help? Where should I go? When I get a kernel core, the stack is corrupt so it is f no use. Thanks!! --Nate --------------------------------------- Nathanael Van Vorst vanvorst@ieee.org “It is intuitively obvious to even the most casual of observers!” From owner-freebsd-net@FreeBSD.ORG Fri Jul 15 06:01:35 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F41E316A41C for ; Fri, 15 Jul 2005 06:01:34 +0000 (GMT) (envelope-from stephen@dino.dnsalias.com) Received: from dino.dnsalias.com (S010600e02994cd40.vc.shawcable.net [24.80.250.228]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F2E043D46 for ; Fri, 15 Jul 2005 06:01:34 +0000 (GMT) (envelope-from stephen@dino.dnsalias.com) Received: by dino.dnsalias.com (Postfix, from userid 1000) id D1E17120496; Thu, 14 Jul 2005 23:01:30 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <17111.20794.216380.961758@localhost.localdomain> Date: Thu, 14 Jul 2005 23:01:30 -0700 To: "Giovanni P. Tirloni" In-Reply-To: <42D6D164.30000@tirloni.org> References: <42D536EC.5030500@webmail.sub.ru> <9f9a8c4005071322311907b4b@mail.gmail.com> <42D60832.9090206@webmail.sub.ru> <42D65FE4.2030801@tirloni.org> <42D6ACAD.3030708@webmail.sub.ru> <42D6D164.30000@tirloni.org> X-Mailer: VM 7.07 under Emacs 21.3.1 From: stephen@dino.dnsalias.com (Stephen J. Bevan) Cc: freebsd-net@freebsd.org, Alex Povolotsky Subject: Re: GRE and PF problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jul 2005 06:01:35 -0000 Giovanni P. Tirloni writes: > I don't know how PF keeps tracks of ICMP packets but there must be a > way for it to distinguish between a packet destined to 192.168.0.1 or 0.2. An ICMP ECHO REQUEST message has a 16-bit id field which can be altered by NAT to identify the originating machine. There isn't really an equivalent when using a minimal GRE header. If GRE checksums are turned on then the 16-bit Reserved1 field could be abused for NAT purposes. From owner-freebsd-net@FreeBSD.ORG Fri Jul 15 09:30:30 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A1B816A41C for ; Fri, 15 Jul 2005 09:30:30 +0000 (GMT) (envelope-from lists@wm-access.no) Received: from lakepoint.domeneshop.no (lakepoint.domeneshop.no [194.63.248.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id ADBF443D49 for ; Fri, 15 Jul 2005 09:30:29 +0000 (GMT) (envelope-from lists@wm-access.no) Received: from [192.168.8.8] (14.80-203-184.nextgentel.com [80.203.184.14]) (authenticated bits=0) by lakepoint.domeneshop.no (8.13.4/8.13.4) with ESMTP id j6F9URNP006658 for ; Fri, 15 Jul 2005 11:30:27 +0200 Message-ID: <42D78221.9070409@wm-access.no> Date: Fri, 15 Jul 2005 11:30:09 +0200 From: =?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?= User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <42D536EC.5030500@webmail.sub.ru> <9f9a8c4005071322311907b4b@mail.gmail.com> <42D60832.9090206@webmail.sub.ru> <42D65FE4.2030801@tirloni.org> <42D6ACAD.3030708@webmail.sub.ru> <42D6D164.30000@tirloni.org> <17111.20794.216380.961758@localhost.localdomain> In-Reply-To: <17111.20794.216380.961758@localhost.localdomain> X-Enigmail-Version: 0.92.0.0 OpenPGP: id=AE7F1636 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: GRE and PF problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jul 2005 09:30:30 -0000 Stephen J. Bevan wrote: > Giovanni P. Tirloni writes: > > I don't know how PF keeps tracks of ICMP packets but there must be a > > way for it to distinguish between a packet destined to 192.168.0.1 or 0.2. > > An ICMP ECHO REQUEST message has a 16-bit id field which can be > altered by NAT to identify the originating machine. > > There isn't really an equivalent when using a minimal GRE header. If > GRE checksums are turned on then the 16-bit Reserved1 field could be > abused for NAT purposes. Not for GRE but for PPTP (which uses GRE but with a slight addition). CALL ID, a unique number assigned by the PPTP server per session. AFAIK. There are some firewalls out there that uses this ID. -- Sten Daniel Sørsdal From owner-freebsd-net@FreeBSD.ORG Fri Jul 15 16:13:57 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4896316A41F for ; Fri, 15 Jul 2005 16:13:57 +0000 (GMT) (envelope-from virenp@mail.utexas.edu) Received: from smtp.cm.utexas.edu (smtp.cm.utexas.edu [146.6.135.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id C462943D48 for ; Fri, 15 Jul 2005 16:13:56 +0000 (GMT) (envelope-from virenp@mail.utexas.edu) Received: from mail.cm.utexas.edu (smtp.cm.utexas.edu [146.6.135.3]) by smtp.cm.utexas.edu (Postfix) with ESMTP id 408836D49B for ; Fri, 15 Jul 2005 11:13:56 -0500 (CDT) Received: from 146.6.178.5 (SquirrelMail authenticated user vpatel) by mail.cm.utexas.edu with HTTP; Fri, 15 Jul 2005 11:13:56 -0500 (CDT) Message-ID: <43646.146.6.178.5.1121444036.squirrel@mail.cm.utexas.edu> Date: Fri, 15 Jul 2005 11:13:56 -0500 (CDT) From: "Viren Patel" To: freebsd-net@freebsd.org User-Agent: SquirrelMail/1.4.5 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: 5.4-stable, 802.1q vlans, ipfw, and bridging?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: virenp@mail.utexas.edu List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jul 2005 16:13:57 -0000 Hello. I am trying to setup a bridging firewall between multiple 802.1q vlans. Vlans 1 and 2 are public and vlans 3 and 4 are private. Vlans 1 and 3 are to be bridged, as are vlans 2 and 4. Router/switches are Cisco. My setup is as follows: Firewall: PC with Intel Pro/1000 MT dual-port server adapter Operating System: FreeBSD 5.4-stable Kernel config: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_FORWARD options IPDIVERT options IPSTEALTH options BRIDGE device vlan /etc/sysctl.conf: net.link.ether.bridge.enable=1 net.link.ether.bridge.config=vlan1:1,vlan3:1,vlan2:2,vlan4:2 net.link.ether.bridge.ipfw=1 /etc/rc.conf: network interfaces="em0 em1 lo0" ifconfig_em0="up promisc vlanhwtag" ifconfig_em1="up promisc vlanhwtag" cloned_interfaces="vlan1 vlan2 vlan3 vlan4" ifconfig_vlan1="vlan1 vlan 1 vlandev em0" ifconfig_vlan2="vlan2 vlan 2 vlandev em0" ifconfig_vlan3="vlan3 vlan 3 vlandev em1" ifconfig_vlan4="vlan4 vlan 4 vlandev em1" ipfirewall_enable="YES" ipfirewall_type="OPEN" ipfirewall_quiet="NO" ipfirewall_logging="YES" Vlans 1 and 2 are trunked to em0 and vlans 3 and 4 are trunked to em1. The firewall does not seem to be functioning correctly. A PC on private vlan is not able to connect out. In the open firewall configuration as above, I would expect all traffic to be passed from private to public vlans and vice-versa. Starting a steady ping on the private PC, then capturing vlan traffic on the firewall via tcpdump shows arp requests on the private vlan, and corresponding arp requests on the public vlan, but no arp replies. Sniffing the physical interfaces on the firewall shows the 802.1q frames. Sniffing the public vlan via a third host however does not show any arp traffic at all. So it seems the vlan bridging is working on the firewall, however the packets are not being put out on the parent interface of the public vlan. What am I doing wrong? Viren From owner-freebsd-net@FreeBSD.ORG Fri Jul 15 16:32:46 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DEF1D16A41C for ; Fri, 15 Jul 2005 16:32:46 +0000 (GMT) (envelope-from vanvorst@ieee.org) Received: from mail.stupendousness.org (67-41-211-151.brbn.qwest.net [67.41.211.151]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5754A43D46 for ; Fri, 15 Jul 2005 16:32:44 +0000 (GMT) (envelope-from vanvorst@ieee.org) Received: from brussels.luv.shack (localhost.localdomain [127.0.0.1]) by mail.stupendousness.org (8.13.1/8.13.1) with ESMTP id j6FGWhAx011537 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 15 Jul 2005 10:32:43 -0600 Received: (from apache@localhost) by brussels.luv.shack (8.13.1/8.13.1/Submit) id j6FGWhfG011536; Fri, 15 Jul 2005 10:32:43 -0600 X-Authentication-Warning: brussels.luv.shack: apache set sender to vanvorst@ieee.org using -f Received: from 157.127.124.134 (proxying for unknown) (SquirrelMail authenticated user vanvorst) by www.stupendousness.org with HTTP; Fri, 15 Jul 2005 10:32:43 -0600 (MDT) Message-ID: <57865.157.127.124.134.1121445163.squirrel@www.stupendousness.org> Date: Fri, 15 Jul 2005 10:32:43 -0600 (MDT) From: "Nathanael M Van Vorst" To: freebsd-net@freebsd.org User-Agent: SquirrelMail/1.4.4-1.FC3 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: netgraph question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vanvorst@ieee.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jul 2005 16:32:47 -0000 I have some questions about netgraph. I have been using the framework for project for a little while. I am at the point where I want to hand-off netgraph items to a kernel thread or a kernel module. Then I want the module or thread to do some processing and hand this back to netgraph. I looked through a little bit, and did not find an easy way. Did I miss it? Marching on, I wrote up a little module that had two functions that a node could call. One to regiter the hook to pass items back on, and one to pass items to to the module. Inside the module I call NG_FWD_ITEM to send the item back on the passed in hook. It always crashes in the ITEM_DEBUG macro. Help? Where should I go? When I get a kernel core, the stack is corrupt so it is f no use. If anyone is curious I can send the little test code I have cobbled together to see how I might do this. Thanks!! --Nate --------------------------------------- Nathanael Van Vorst Home: vanvorst@ieee.org “It is intuitively obvious to even the most casual of observers!” From owner-freebsd-net@FreeBSD.ORG Fri Jul 15 18:21:31 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4034516A422 for ; Fri, 15 Jul 2005 18:21:31 +0000 (GMT) (envelope-from tillman@seekingfire.com) Received: from mail.seekingfire.com (caliban.seekingfire.com [24.72.123.45]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4FEC743D45 for ; Fri, 15 Jul 2005 18:21:30 +0000 (GMT) (envelope-from tillman@seekingfire.com) Received: by mail.seekingfire.com (Postfix, from userid 500) id 329651A7; Fri, 15 Jul 2005 12:21:29 -0600 (CST) Date: Fri, 15 Jul 2005 12:21:29 -0600 From: Tillman Hodgson To: freebsd-net@freebsd.org Message-ID: <20050715182129.GP71740@seekingfire.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-GPG-Key-ID: 828AFC7B X-GPG-Fingerprint: 5584 14BA C9EB 1524 0E68 F543 0F0A 7FBC 828A FC7B X-GPG-Key: http://www.seekingfire.com/personal/gpg_key.asc X-Urban-Legend: There is lots of hidden information in headers X-Tillman-rules: yes he does User-Agent: Mutt/1.5.9i Subject: Trouble connecting OS X 10.4.1 client to FreeBSD -current (on sparc64) mpd server for pptp tunneling X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jul 2005 18:21:31 -0000 [I originally posted to -questions ... after a week with no reponses I thought I'd try on -net.] Howdy, I've been googling for information about getting a Mac OS X client (a powerbook running 10.4.1) to work with a VPN server of some sort on FreeBSD (-current as of April 25 running on sparc64). The VPN server has a static IP and acts as a firewall and BGP/OSPF router as well (over tunnels to other internal networks, not to the outside world). I've tried sl2tps but rapidly gave up on it -- no real documentation and it appears to be an abandoned project. I've also tried OpenVPN (which is my preferred solution, detailed at http://metanetwork.seekingfire.com if you're curious) but OS X support appears to be weak. While I can get the tunnel up and running manually, my normal OpenVPN practice of running OSPF on the client isn't an option for the OS X road-warrior case that I have. The GUI doesn't like the Spotlight position on the menu bar and appears to be a semi-abandoned project (I had to dig through an archived older version of the web page to get it). So I tried mpd to implement PPTP. In theory, with native OS X support and proxy-arp replacing OSPF (no dynamic routing needed if I think I'm local) this looked like the ticket. I ran into what appears to be the same issue that Robert Watson posted to freebsd-questions@ about May 5 2004: http://lists.freebsd.org/pipermail/freebsd-questions/2004-May/045705.html I get 10 attempts to SendConfigReq and then negotiation fails. ***snip*** [pptp1] IPCP: SendConfigReq #10 IPADDR 192.168.23.30 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [pptp1] CCP: SendConfigReq #10 [pptp1] CCP: Checking whether 40 bits are enabled -> yes [pptp1] CCP: Checking whether 56 bits are enabled -> no [pptp1] CCP: Checking whether 128 bits are enabled -> yes MPPC 0x00000000: [pptp1] IPCP: state change Req-Sent --> Stopped [pptp1] IPCP: LayerFinish [pptp1] IPCP: parameter negotiation failed [pptp1] IPCP: LayerFinish ***snip*** Has anyone gotten mpd working with OS X and could share their config files and setup with me? Alternatively, has anyone gotten any other sort of decent tunneling for OS X -> FreeBSD infrastructure in place that could share what they're running and their experiences with setting it up? Thanks muchly, -T From owner-freebsd-net@FreeBSD.ORG Fri Jul 15 20:09:46 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F73F16A41C for ; Fri, 15 Jul 2005 20:09:46 +0000 (GMT) (envelope-from julian@elischer.org) Received: from postoffice.vicor-nb.com (postoffice.vicor.com [69.26.56.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B38843D48 for ; Fri, 15 Jul 2005 20:09:45 +0000 (GMT) (envelope-from julian@elischer.org) Received: from localhost (localhost [127.0.0.1]) by postoffice.vicor-nb.com (Postfix) with ESMTP id 911844CE7BC; Fri, 15 Jul 2005 13:09:45 -0700 (PDT) Received: from postoffice.vicor-nb.com ([127.0.0.1]) by localhost (postoffice.vicor-nb.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 42788-10; Fri, 15 Jul 2005 13:09:45 -0700 (PDT) Received: from bigwoop.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by postoffice.vicor-nb.com (Postfix) with ESMTP id EB4F04CE7BB; Fri, 15 Jul 2005 13:09:44 -0700 (PDT) Received: from [208.206.78.97] (julian.vicor-nb.com [208.206.78.97]) by bigwoop.vicor-nb.com (Postfix) with ESMTP id DAAF17A403; Fri, 15 Jul 2005 13:09:44 -0700 (PDT) Message-ID: <42D81808.3000702@elischer.org> Date: Fri, 15 Jul 2005 13:09:44 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.8) Gecko/20050629 X-Accept-Language: en, hu MIME-Version: 1.0 To: vanvorst@ieee.org References: <57865.157.127.124.134.1121445163.squirrel@www.stupendousness.org> In-Reply-To: <57865.157.127.124.134.1121445163.squirrel@www.stupendousness.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Scanned: by amavisd-new at postoffice.vicor.com Cc: freebsd-net@freebsd.org Subject: Re: netgraph question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jul 2005 20:09:46 -0000 Nathanael M Van Vorst wrote: >I have some questions about netgraph. I have been using the framework for >project for a little while. I am at the point where I want to hand-off >netgraph items to a kernel thread or a kernel module. Then I want the >module or thread to do some processing and hand this back to netgraph. > > I guess I should answer you on this one.. We do not have a specific facility to allow a netgraph node to create or run as a separate kernel thread. The code should be able to pass stuff to a kernel thread in much the same way that it can pass stuff to a userland thread. i.e. get some lock, put it in a queue, drop the lock again and do a wakeup on the thread to tell it there is something to get. I guess it could create the thread during node startup or type addition.. there are several examples of threads being created in /sys/kern look for instances of kthread_create(). >I looked through a little bit, and did not find an easy way. Did I miss it? > > tell us more about what you'd like to do.. >Marching on, I wrote up a little module that had two functions that a node >could call. One to register the hook to pass items back on, and one to pass >items to to the module. Inside the module I call NG_FWD_ITEM to send the >item back on the passed in hook. It always crashes in the ITEM_DEBUG >macro. Help? Where should I go? When I get a kernel core, the stack is >corrupt so it is f no use. > > I don't quite understand what you mean by "register the hook" >If anyone is curious I can send the little test code I have cobbled >together to see how I might do this. > > send to me directly. >Thanks!! > >--Nate > > >--------------------------------------- >Nathanael Van Vorst >Home: > vanvorst@ieee.org > > >“It is intuitively obvious to even the > most casual of observers!” >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Sat Jul 16 15:02:43 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F0CF16A41C; Sat, 16 Jul 2005 15:02:43 +0000 (GMT) (envelope-from dionch@freemail.gr) Received: from smtp.freemail.gr (smtp.freemail.gr [213.239.180.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9819443D46; Sat, 16 Jul 2005 15:02:42 +0000 (GMT) (envelope-from dionch@freemail.gr) Received: by smtp.freemail.gr (Postfix, from userid 101) id AAABABC0AF; Sat, 16 Jul 2005 18:02:38 +0300 (EEST) Received: from R3B (unknown [62.38.168.175])by smtp.freemail.gr (Postfix) with ESMTP id 91248BC0A6; Sat, 16 Jul 2005 18:02:35 +0300 (EEST) Message-ID: <001c01c58a17$5dbe4a40$0100000a@R3B> From: "Chris Dionissopoulos" To: , Date: Sat, 16 Jul 2005 18:02:19 +0300 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0019_01C58A30.81E63C20" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Cc: Subject: Traffic quota features in IPFW X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Chris Dionissopoulos List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Jul 2005 15:02:43 -0000 This is a multi-part message in MIME format. ------=_NextPart_000_0019_01C58A30.81E63C20 Content-Type: text/plain; format=flowed; charset="windows-1253"; reply-type=original Content-Transfer-Encoding: 7bit Hi ppl, ( and sorry for cross posting) I review Andrey's Elsukov patch for adding "bound" support in ipfw, and i decide to push a little forward this feature. You can see the whole picture in there: http://www.freebsd.org/cgi/query-pr.cgi?pr=80642 and there: http://butcher.heavennet.ru/ In my patch, 3 new options are added: 1. "below " (which is the same option as Andrey's "bound" option, I just rename it) 2. "above " which is the oposite option of "below". Match rules when the counter is above 3. "check-quota" (which is the same option as Andrey's "check-bound" , but now applies to both "above" and "below" options). Notes: 1. Patch is against releng_6. 2. I also include a more compicated example which is (IMHO) a complete traffic quota+shaping solution for a small (or not so small) ISP. 3. For installation, follow the instructions Adrey publish in his webspace: http://butcher.heavennet.ru/ 4. Patch doesn't breaks ipfw ABI (today) , because adds new options at the end of list. If you apply this patch in a month or so, I cannot guarantee success. 5. Please test, and send me your feedbacks. I 'll be happy if you find usefull these features and if any developer commits this patch in current or releng_6 branch. Chris. ____________________________________________________________________ http://www.freemail.gr - äùñåÜí õðçñåóßá çëåêôñïíéêïý ôá÷õäñïìåßïõ. http://www.freemail.gr - free email service for the Greek-speaking. ------=_NextPart_000_0019_01C58A30.81E63C20 Content-Type: application/octet-stream;name="releng6_ipfw_quota.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment;filename="releng6_ipfw_quota.patch" --- sys/netinet/ip_fw.h.orig Sat Jul 16 14:55:58 2005=0A= +++ sys/netinet/ip_fw.h Sat Jul 16 15:08:37 2005=0A= @@ -154,6 +154,13 @@=0A= O_NGTEE, /* copy to ng_ipfw */=0A= =0A= O_IP4,=0A= + =0A= + /*=0A= + * Traffic quota options=0A= + */=0A= + O_QBELOW, /* u64 =3D uplimit in bytes */=0A= + O_QABOVE, /* u64 =3D downlimit in bytes */=0A= + O_CHECK_QUOTA, /* u16 =3D rule number */=0A= =0A= O_LAST_OPCODE /* not an opcode! */=0A= };=0A= @@ -230,6 +237,14 @@=0A= } ipfw_insn_u32;=0A= =0A= /*=0A= + * This is used to store 64-bit quota value.=0A= + */=0A= +typedef struct _ipfw_insn_u64 {=0A= + ipfw_insn o;=0A= + u_int64_t quota;=0A= +} ipfw_insn_u64;=0A= +=0A= +/*=0A= * This is used to store IP addr-mask pairs.=0A= */=0A= typedef struct _ipfw_insn_ip {=0A= @@ -351,12 +366,17 @@=0A= *=0A= * When assembling instruction, remember the following:=0A= *=0A= + * + if a rule has a "quota" option, then the first instruction=0A= + * (at r->cmd) MUST BE an O_QBELOW|O_QABOVE=0A= * + if a rule has a "keep-state" (or "limit") option, then the=0A= * first instruction (at r->cmd) MUST BE an O_PROBE_STATE=0A= * + if a rule has a "log" option, then the first action=0A= * (at ACTION_PTR(r)) MUST be O_LOG=0A= * + if a rule has an "altq" option, it comes after "log"=0A= *=0A= + *=0A= + * NOTE: actually, O_PROB instruction may be first too. But = O_QBELOW|O_QABOVE=0A= + * MUST BE always first (at r->cmd).=0A= * NOTE: we use a simple linked list of rules because we never need=0A= * to delete a rule without scanning the list. We do not use=0A= * queue(3) macros for portability and readability.=0A= --- sys/netinet/ip_fw2.c.orig Sat Jul 16 14:55:58 2005=0A= +++ sys/netinet/ip_fw2.c Sat Jul 16 17:06:19 2005=0A= @@ -2251,6 +2251,36 @@=0A= * logic to deal with F_NOT and F_OR flags associated=0A= * with the opcode.=0A= */=0A= + case O_QBELOW:=0A= + match =3D (f->bcnt < ((ipfw_insn_u64 *)cmd)->quota);=0A= + break;=0A= +=0A= + case O_QABOVE:=0A= + match =3D (f->bcnt > ((ipfw_insn_u64 = *)cmd)->quota);=0A= + break;=0A= +=0A= + case O_CHECK_QUOTA:=0A= + {=0A= + struct ip_fw* rule;=0A= + for (rule =3D f->next;=0A= + rule && cmd->arg1 >=3D rule->rulenum;=0A= + rule =3D rule->next)=0A= + if (rule->rulenum =3D=3D cmd->arg1)=0A= + switch (rule->cmd->opcode) {=0A= + case O_QBELOW:=0A= + match =3D (rule->bcnt <=0A= + ((ipfw_insn_u64 *)(rule->cmd))->quota);=0A= + break;=0A= + case O_QABOVE:=0A= + match =3D (rule->bcnt >=0A= + = ((ipfw_insn_u64 *)(rule->cmd))->quota);=0A= + break;=0A= + default: =0A= + break;=0A= + }=0A= + }=0A= + break;=0A= +=0A= case O_NOP:=0A= match =3D 1;=0A= break;=0A= @@ -3373,6 +3403,7 @@=0A= case O_EXT_HDR:=0A= case O_IP6:=0A= case O_IP4:=0A= + case O_CHECK_QUOTA:=0A= if (cmdlen !=3D F_INSN_SIZE(ipfw_insn))=0A= goto bad_size;=0A= break;=0A= @@ -3388,6 +3419,17 @@=0A= case O_ICMPTYPE:=0A= if (cmdlen !=3D F_INSN_SIZE(ipfw_insn_u32))=0A= goto bad_size;=0A= + break;=0A= +=0A= + case O_QBELOW:=0A= + case O_QABOVE:=0A= + if (cmdlen !=3D F_INSN_SIZE(ipfw_insn_u64))=0A= + goto bad_size;=0A= + if (cmd !=3D rule->cmd) {=0A= + printf("ipfw: bogus rule, opcode %d must be first\n",=0A= + cmd->opcode);=0A= + return EINVAL;=0A= + }=0A= break;=0A= =0A= case O_LIMIT:=0A= --- sbin/ipfw/ipfw2.c.orig Sat Jul 16 15:21:06 2005=0A= +++ sbin/ipfw/ipfw2.c Sat Jul 16 17:11:42 2005=0A= @@ -73,6 +73,8 @@=0A= show_sets, /* display rule sets */=0A= test_only, /* only check syntax */=0A= comment_only, /* only print action and comment */=0A= + not_humanval, /* don't use human-readable unit suffixes=0A= + when show boundary values */=0A= verbose;=0A= =0A= #define IP_MASK_ALL 0xffffffff=0A= @@ -277,6 +279,10 @@=0A= TOK_SRCIP6,=0A= =0A= TOK_IPV4,=0A= +=0A= + TOK_QBELOW,=0A= + TOK_QABOVE,=0A= + TOK_CHECK_QUOTA,=0A= };=0A= =0A= struct _s_x dummynet_params[] =3D {=0A= @@ -404,6 +410,9 @@=0A= { "src-ipv6", TOK_SRCIP6},=0A= { "src-ip6", TOK_SRCIP6},=0A= { "//", TOK_COMMENT },=0A= + { "below", TOK_QBELOW},=0A= + { "above", TOK_QABOVE},=0A= + { "check-quota", TOK_CHECK_QUOTA},=0A= =0A= { "not", TOK_NOT }, /* pseudo option */=0A= { "!", /* escape ? */ TOK_NOT }, /* pseudo option */=0A= @@ -1636,6 +1645,10 @@=0A= flags |=3D HAVE_PROTO;=0A= break;=0A= =0A= + case O_QBELOW:=0A= + case O_QABOVE:=0A= + break; =0A= +=0A= default: /*options ... */=0A= if (!(cmd->len & (F_OR|F_NOT)))=0A= if (((cmd->opcode =3D=3D O_IP6) &&=0A= @@ -1857,6 +1870,10 @@=0A= case O_EXT_HDR:=0A= print_ext6hdr( (ipfw_insn *) cmd );=0A= break;=0A= + =0A= + case O_CHECK_QUOTA:=0A= + printf(" check-quota %d", cmd->arg1);=0A= + break;=0A= =0A= default:=0A= printf(" [opcode %d len %d]",=0A= @@ -1872,6 +1889,28 @@=0A= }=0A= }=0A= show_prerequisites(&flags, HAVE_IP, 0);=0A= +=0A= + if (rule->cmd->opcode =3D=3D O_QBELOW || rule->cmd->opcode =3D=3D = O_QABOVE) {=0A= + uint64_t bound =3D ((ipfw_insn_u64 *)(rule->cmd))->quota;=0A= + if (rule->cmd->opcode =3D=3D O_QBELOW) =0A= + printf(" below ");=0A= + else=0A= + printf(" above ");=0A= + if (!not_humanval) {=0A= + if ((bound >> 10) && !(bound & 0x2FF)) {=0A= + if ((bound >> 20) && !(bound & 0xFFFFF)) {=0A= + if ((bound >> 30) && !(bound & 0x3FFFFFFF))=0A= + printf("%uGB", bound >> 30);=0A= + else=0A= + printf("%uMB", bound >> 20);=0A= + } else=0A= + printf("%uKB", bound >> 10);=0A= + } else=0A= + printf("%uB", bound);=0A= + } else=0A= + printf("%u", bound);=0A= + }=0A= +=0A= if (comment)=0A= printf(" // %s", comment);=0A= printf("\n");=0A= @@ -2515,6 +2554,9 @@=0A= " icmp6types LIST | ext6hdr LIST | flow-id N[,N] |\n"=0A= " mac ... | mac-type LIST | proto LIST | {recv|xmit|via} {IF|IPADDR} = |\n"=0A= " setup | {tcpack|tcpseq|tcpwin} NN | tcpflags SPEC | tcpoptions SPEC = |\n"=0A= +" tcpdatalen LIST | below VALUE | above VALUE | check-quota NUM |\n"=0A= +" verrevpath | versrcreach | antispoof\n"=0A= +=0A= " tcpdatalen LIST | verrevpath | versrcreach | antispoof\n"=0A= );=0A= exit(0);=0A= @@ -3677,7 +3719,7 @@=0A= * various flags used to record that we entered some fields.=0A= */=0A= ipfw_insn *have_state =3D NULL; /* check-state or keep-state */=0A= - ipfw_insn *have_log =3D NULL, *have_altq =3D NULL;=0A= + ipfw_insn *have_log =3D NULL, *have_altq =3D NULL, *have_quota =3D = NULL;=0A= size_t len;=0A= =0A= int i;=0A= @@ -4494,6 +4536,66 @@=0A= ac =3D 0;=0A= break;=0A= =0A= + case TOK_QBELOW:=0A= + NEED1("below requires numeric value");=0A= + if (open_par)=0A= + errx(EX_USAGE, "below cannot be part "=0A= + "of an or block");=0A= + if (have_quota)=0A= + errx(EX_USAGE, "only one of below|above is allowed");=0A= + if (cmd->len & F_NOT)=0A= + errx(EX_USAGE,=0A= + "\"not\" not allowed with below option");=0A= + {=0A= + char *end =3D NULL;=0A= + uint64_t bound =3D strtoull(*av, &end, 0);=0A= + if (bound)=0A= + switch (*end){=0A= + case 'G': bound *=3D 1024;=0A= + case 'M': bound *=3D 1024;=0A= + case 'K': bound *=3D 1024;=0A= + };=0A= + cmd->opcode =3D O_QBELOW;=0A= + ((ipfw_insn_u64 *)cmd)->quota =3D bound;=0A= + cmd->len =3D F_INSN_SIZE(ipfw_insn_u64) & F_LEN_MASK;=0A= + have_quota =3D cmd;=0A= + ac--; av++;=0A= + }=0A= + break;=0A= +=0A= + case TOK_QABOVE:=0A= + NEED1("above requires numeric value");=0A= + if (open_par)=0A= + errx(EX_USAGE, "above cannot be part "=0A= + "of an or block");=0A= + if (have_quota)=0A= + errx(EX_USAGE, "only one of below|above = is allowed");=0A= + if (cmd->len & F_NOT)=0A= + errx(EX_USAGE,=0A= + "\"not\" not allowed with above = option");=0A= + {=0A= + char *end =3D NULL;=0A= + uint64_t bound =3D strtoull(*av, &end, = 0);=0A= + if (bound)=0A= + switch (*end){=0A= + case 'G': bound *=3D 1024;=0A= + case 'M': bound *=3D 1024;=0A= + case 'K': bound *=3D 1024;=0A= + };=0A= + cmd->opcode =3D O_QABOVE;=0A= + ((ipfw_insn_u64 *)cmd)->quota =3D bound;=0A= + cmd->len =3D F_INSN_SIZE(ipfw_insn_u64) = & F_LEN_MASK;=0A= + have_quota =3D cmd;=0A= + ac--; av++;=0A= + }=0A= + break;=0A= +=0A= + case TOK_CHECK_QUOTA:=0A= + NEED1("check-quota requires rule number");=0A= + fill_cmd(cmd, O_CHECK_QUOTA, 0, strtoul(*av, NULL, 0));=0A= + ac--; av++;=0A= + break;=0A= +=0A= default:=0A= errx(EX_USAGE, "unrecognised option [%d] %s\n", i, s);=0A= }=0A= @@ -4506,6 +4608,8 @@=0A= done:=0A= /*=0A= * Now copy stuff into the rule.=0A= + * If we have a quota option, the first instruction MUST BE=0A= + * a O_QBELOW or O_QABOVE.=0A= * If we have a keep-state option, the first instruction=0A= * must be a PROBE_STATE (which is generated here).=0A= * If we have a LOG option, it was stored as the first command,=0A= @@ -4514,7 +4618,15 @@=0A= dst =3D (ipfw_insn *)rule->cmd;=0A= =0A= /*=0A= - * First thing to write into the command stream is the match = probability.=0A= + * First write into the command stream quota instruction=0A= + */=0A= + if (have_quota) {=0A= + bcopy(have_quota, dst, F_LEN(have_quota) * sizeof(uint32_t));=0A= + dst =3D next_cmd(dst);=0A= + }=0A= +=0A= + /*=0A= + * write the match probability=0A= */=0A= if (match_prob !=3D 1) { /* 1 means always match */=0A= dst->opcode =3D O_PROB;=0A= @@ -4531,7 +4643,8 @@=0A= dst =3D next_cmd(dst);=0A= }=0A= /*=0A= - * copy all commands but O_LOG, O_KEEP_STATE, O_LIMIT, O_ALTQ=0A= + * copy all commands but O_LOG, O_KEEP_STATE, O_LIMIT, O_ALTQ,=0A= + * O_QBELOW, O_QABOVE=0A= */=0A= for (src =3D (ipfw_insn *)cmdbuf; src !=3D cmd; src +=3D i) {=0A= i =3D F_LEN(src);=0A= @@ -4541,6 +4654,8 @@=0A= case O_KEEP_STATE:=0A= case O_LIMIT:=0A= case O_ALTQ:=0A= + case O_QBELOW:=0A= + case O_QABOVE:=0A= break;=0A= default:=0A= bcopy(src, dst, i * sizeof(uint32_t));=0A= @@ -4848,7 +4963,7 @@=0A= save_av =3D av;=0A= =0A= optind =3D optreset =3D 0;=0A= - while ((ch =3D getopt(ac, av, "abcdefhnNqs:STtv")) !=3D -1)=0A= + while ((ch =3D getopt(ac, av, "abcdefhHnNqs:STtv")) !=3D -1)=0A= switch (ch) {=0A= case 'a':=0A= do_acct =3D 1;=0A= @@ -4879,6 +4994,10 @@=0A= free_args(save_ac, save_av);=0A= help();=0A= break; /* NOTREACHED */=0A= +=0A= + case 'H': /* don't use human-readable output */=0A= + not_humanval =3D 1;=0A= + break;=0A= =0A= case 'n':=0A= test_only =3D 1;=0A= ------=_NextPart_000_0019_01C58A30.81E63C20 Content-Type: text/plain; format=flowed; name="traffic_quota_example.txt"; reply-type=original Content-Transfer-Encoding: 7bit Content-Disposition: attachment;filename="traffic_quota_example.txt" Example: We will enforce traffic shaping and traffic quota in a client's network behind a freebsd gateway. Definitions/policy: 1. clients network: 1.1.1.0/24. 2. Quota policy: unlimited clients: 1.1.1.0/27 100MB/day clients: 1.1.1.32/27 ipfw-set:2 ipfw-range:1000-9999 1GB/week clients: 1.1.1.64/26 ipfw-set:3 ipfw-range:10000-19999 10GB/month clients: 1.1.1.128/25 ipfw-set:4 ipfw-range:20000-29999 3. Shaping policy: 1.1.1.0/27 unlimited 1.1.1.32/27 100Mbps in/out 1.1.1.64/26 10Mbps in/out 1.1.1.128/25 1Mbps in/out quota exceeded 64Kbps in/out ipfw.sh ======= #!/bin/sh ipfw = "/sbin/ipfw" qos = "40000" allow = "65000" lan="em0" wan="em1" # ****************** # * QOS definition * # ****************** # quota exceeded pipes: ${ipfw} pipe 1 config bw 64Kbit/s mask dst-ip 0x000000ff ${ipfw} pipe 2 config bw 64Kbit/s mask src-ip 0x000000ff # 1MB pipes: ${ipfw} pipe 3 config bw 1Mbit/s mask dst-ip 0x000000ff ${ipfw} pipe 4 config bw 1Mbit/s mask src-ip 0x000000ff # 10MB pipes: ${ipfw} pipe 5 config bw 10Mbit/s mask dst-ip 0x000000ff ${ipfw} pipe 6 config bw 10Mbit/s mask src-ip 0x000000ff # 100MB pipes: ${ipfw} pipe 7 config bw 100Mbit/s mask dst-ip 0x000000ff ${ipfw} pipe 8 config bw 100Mbit/s mask src-ip 0x000000ff # ************************* # * RECEIVE Without Quota * # ************************* ${ipfw} add 100 allow ip from any to any in recv ${lan} ${ipfw} add 200 allow ip from any to any in recv ${wan} # *********************** # * 100MB/DAY both ways * # *********************** ${ipfw} add 1000 set 2 allow ip from any to 1.1.1.32/32 out xmit ${lan} check-quota 1001 ${ipfw} add 1001 set 2 skipto ${qos} ip from 1.1.1.32/32 to any out xmit ${wan} above 100M ${ipfw} add 1002 set 2 allow ip from any to 1.1.1.33/32 out xmit ${lan} check-quota 1003 ${ipfw} add 1003 set 2 skipto ${qos} ip from 1.1.1.33/32 to any out xmit ${wan} above 100M .... ${ipfw} add 1062 set 2 allow ip from any to 1.1.1.63/32 out xmit ${lan} check-quota 1063 ${ipfw} add 1063 set 2 skipto ${qos} ip from 1.1.1.63/32 to any out xmit ${wan} above 100M ${ipfw} add 9999 skipto ${allow} pipe 1 ip from any to 1.1.1.32/27 out xmit ${lan} ${ipfw} add 9999 skipto ${allow} pipe 2 ip from 1.1.1.32/27 to any out xmit ${wan} # ********************** # * 1GB/WEEK both ways * # ********************** ${ipfw} add 10000 set 3 allow ip from any to 1.1.1.64/32 out xmit ${lan} check-quota 10001 ${ipfw} add 10001 set 3 skipto ${qos} ip from 1.1.1.64/32 to any out xmit ${wan} above 1G ${ipfw} add 10002 set 3 allow ip from any to 1.1.1.65/32 out xmit ${lan} check-quota 10003 ${ipfw} add 10003 set 3 skipto ${qos} ip from 1.1.1.65/32 to any out xmit ${wan} above 1G .... ${ipfw} add 10126 set 3 allow ip from any to 1.1.1.127/32 out xmit ${lan} check-quota 10063 ${ipfw} add 10127 set 3 skipto ${qos} ip from 1.1.1.127/32 to any out xmit ${wan} above 1G ${ipfw} add 19999 skipto ${allow} pipe 1 ip from any to 1.1.1.64/26 out xmit ${lan} ${ipfw} add 19999 skipto ${allow} pipe 2 ip from 1.1.1.64/26 to any out xmit ${wan} # *********************** # * 10GB/MONTH both ways* # *********************** ${ipfw} add 20000 set 4 allow ip from any to 1.1.1.128/32 out xmit ${lan} check-quota 20001 ${ipfw} add 20001 set 4 skipto ${qos} ip from 1.1.1.128/32 to any out xmit ${wan} above 10G ${ipfw} add 20002 set 4 allow ip from any to 1.1.1.129/32 out xmit ${lan} check-quota 20003 ${ipfw} add 20003 set 4 skipto ${qos} ip from 1.1.1.129/32 to any out xmit ${wan} above 10G .... ${ipfw} add 20254 set 4 allow ip from any to 1.1.1.255/32 out xmit ${lan} check-quota 20255 ${ipfw} add 20255 set 4 skipto ${qos} ip from 1.1.1.255/32 to any out xmit ${wan} above 10G ${ipfw} add 29999 skipto ${allow} pipe 1 ip from any to 1.1.1.128/25 out xmit ${lan} ${ipfw} add 29999 skipto ${allow} pipe 2 ip from 1.1.1.128/25 to any out xmit ${wan} # ************* # * QOS * # ************* # 1.1.1.128/25 each of them has 1MBps in and 1Mbps out shaping ${ipfw} add ${qos} skipto ${allow} pipe 3 ip from any to 1.1.1.128/25 out xmit ${lan} ${ipfw} add ${qos} skipto ${allow} pipe 4 ip from 1.1.1.128/25 to any out xmit ${wan} # 1.1.1.64/26 each of them has 10MBps in and 10Mbps out shaping ${ipfw} add ${qos} skipto ${allow} pipe 5 ip from any to 1.1.1.64/26 out xmit ${lan} ${ipfw} add ${qos} skipto ${allow} pipe 6 ip from 1.1.1.64/26 to any out xmit ${wan} # 1.1.1.32/32 each of them has 100MBps in and 100Mbps out shaping ${ipfw} add ${qos} skipto ${allow} pipe 7 ip from any to 1.1.1.32/27 out xmit ${lan} ${ipfw} add ${qos} skipto ${allow} pipe 8 ip from 1.1.1.32/27 to any out xmit ${wan} # ********* # * allow * # ********* ${ipfw} add ${allow} allow ip from any to any /etc/crontab: ============= # Perform daily/weekly/monthly ipfw counter reset. 0 0 * * * root /sbin/ipfw zero set 2 0 0 * * 0 root /sbin/ipfw zero set 3 0 0 0 * * root /sbin/ipfw zero set 4 ------=_NextPart_000_0019_01C58A30.81E63C20-- From owner-freebsd-net@FreeBSD.ORG Sat Jul 16 15:40:43 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EEEF816A41C; Sat, 16 Jul 2005 15:40:42 +0000 (GMT) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 10EA243D48; Sat, 16 Jul 2005 15:40:42 +0000 (GMT) (envelope-from max@love2party.net) Received: from p54A3D1A6.dip.t-dialin.net [84.163.209.166] (helo=donor.laier.local) by mrelayeu.kundenserver.de with ESMTP (Nemesis), id 0ML29c-1DtomO2H3o-0004xu; Sat, 16 Jul 2005 17:40:40 +0200 From: Max Laier To: freebsd-ipfw@freebsd.org, Chris Dionissopoulos Date: Sat, 16 Jul 2005 17:40:32 +0200 User-Agent: KMail/1.8 References: <001c01c58a17$5dbe4a40$0100000a@R3B> In-Reply-To: <001c01c58a17$5dbe4a40$0100000a@R3B> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1851428.8rYmtsePCh"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200507161740.38234.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: freebsd-net@freebsd.org Subject: Re: Traffic quota features in IPFW X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Jul 2005 15:40:43 -0000 --nextPart1851428.8rYmtsePCh Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 16 July 2005 17:02, Chris Dionissopoulos wrote: > Hi ppl, ( and sorry for cross posting) > > I review Andrey's Elsukov patch for adding "bound" support in ipfw, and i > decide to push a little forward this feature. Sorry to be blunt, but I don't see the point in this feature nor do I think= =20 it's a good idea. All it does is adding overhead to every packet that is=20 processed by IPFW. You might argue that this overhead is fairly little, bu= t=20 if you combine the last ten "neat to have though not really necessary"=20 features this adds up. Also the code is getting more and more hacked up. = =20 Your feature might be nicely done, but it adds to the main switch-loops=20 making them more and more unreadable until it all falls over and nobody is= =20 willing to touch the code anymore. I have seen (too) much ipfw code lately= =20 while tieing together lose ends in the IPv6-import and it's already messy=20 enough. I urge you to reconsider if we really need this. If you think we can't liv= e=20 without it, it'd be nice if you could come up with a clean(er) way to exten= d=20 IPFW with additional stuff like this without impact to performance and=20 maintainability for the common case (without the magic foobar-option of the= =20 day). Thanks. BTW: This function can be done with a three line awk-skript without any eff= ect=20 on performance. Of course you will lose some precision, but I don't see=20 applications where you have to be *that* percise. > You can see the whole picture in there: > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D80642 > and there: > http://butcher.heavennet.ru/ > > In my patch, 3 new options are added: > 1. "below " (which is the same option as Andrey's "bound" option, I > just rename it) 2. "above " which is the oposite option of "below". > Match rules when the counter is above 3. "check-quota" (which is > the same option as Andrey's "check-bound" , but now applies to both "abov= e" > and "below" options). > > Notes: > 1. Patch is against releng_6. > 2. I also include a more compicated example which is (IMHO) a complete > traffic quota+shaping solution for a small (or not so small) ISP. > 3. For installation, follow the instructions Adrey publish in his webspac= e: > http://butcher.heavennet.ru/ > 4. Patch doesn't breaks ipfw ABI (today) , because adds new options at t= he > end of list. If you apply this patch in a month or so, I cannot guarantee > success. > 5. Please test, and send me your feedbacks. > > > I 'll be happy if you find usefull these features and if any developer > commits this patch in current or releng_6 branch. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1851428.8rYmtsePCh Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQBC2Sp2XyyEoT62BG0RArgxAJ0ZAB+WwLvgiDOEP3Wc7pf2nbO4/gCfUkW5 1bXjQ6ki49j111y8WoclRNo= =uE28 -----END PGP SIGNATURE----- --nextPart1851428.8rYmtsePCh-- From owner-freebsd-net@FreeBSD.ORG Sat Jul 16 16:23:49 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B42F516A41C; Sat, 16 Jul 2005 16:23:49 +0000 (GMT) (envelope-from dionch@freemail.gr) Received: from smtp.freemail.gr (smtp.freemail.gr [213.239.180.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 203F443D46; Sat, 16 Jul 2005 16:23:48 +0000 (GMT) (envelope-from dionch@freemail.gr) Received: by smtp.freemail.gr (Postfix, from userid 101) id 3C6D8BC0AF; Sat, 16 Jul 2005 19:23:45 +0300 (EEST) Received: from R3B (unknown [62.38.168.175])by smtp.freemail.gr (Postfix) with ESMTP id 0FB84BC0A6; Sat, 16 Jul 2005 19:23:43 +0300 (EEST) Message-ID: <006901c58a22$b37e30c0$0100000a@R3B> From: "Chris Dionissopoulos" To: "Max Laier" , References: <001c01c58a17$5dbe4a40$0100000a@R3B> <200507161740.38234.max@love2party.net> Date: Sat, 16 Jul 2005 19:23:27 +0300 MIME-Version: 1.0 Content-Type: text/plain;format=flowed;charset="utf-8";reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Cc: freebsd-net@freebsd.org Subject: Re: Traffic quota features in IPFW X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Chris Dionissopoulos List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Jul 2005 16:23:49 -0000 >> Hi ppl, ( and sorry for cross posting) >> >> I review Andrey's Elsukov patch for adding "bound" support in ipfw, and i >> decide to push a little forward this feature. >Sorry to be blunt, but I don't see the point in this feature nor do I think >it's a good idea. All it does is adding overhead to every packet that is >processed by IPFW. You might argue that this overhead is fairly little, but >if you combine the last ten "neat to have though not really necessary" >features this adds up. Also the code is getting more and more hacked up. If your rules are not using this option it doesn't adds any overhead. If your rules using it , it adds as much overhead as any other option you use. Yes, we see too much patching in ipfw the last 2 months, but I think that ipfw code still remains plain and clear. >Your feature might be nicely done, but it adds to the main switch-loops >making them more and more unreadable until it all falls over and nobody is >willing to touch the code anymore. I have seen (too) much ipfw code lately >while tieing together lose ends in the IPv6-import and it's already messy >enough. This is the way ipfw is written all these years. I dont know if my codind skills are not enough, but right now I cannot see any other way to add new features in ipfw, without using this huge switch checks. IMHO, ipfw must be hardly rewriten to remove these switch checks. But again, my opinion is that ipfw's checking is fast enough as is. Maybe I'm wrong. >I urge you to reconsider if we really need this. If you think we can't live >without it, it'd be nice if you could come up with a clean(er) way to extend >IPFW with additional stuff like this without impact to performance and >maintainability for the common case (without the magic foobar-option of the >day). Thanks. I agree with you, a good reason to drop this patch is if it is useless to the most of the ipfw users. If I 'm the only one (and Andrey) who need this, just ignore it. That's why I post it here. >BTW: This function can be done with a three line awk-skript without any effect >on performance. Of course you will lose some precision, but I don't see >applications where you have to be *that* percise. Hmm, do you have a small example. I 'm really intrested for this, and I can't think any. TIA, Chris. ____________________________________________________________________ http://www.freemail.gr - äùñåÜí õðçñåóßá çëåêôñïíéêïý ôá÷õäñïìåßïõ. http://www.freemail.gr - free email service for the Greek-speaking. From owner-freebsd-net@FreeBSD.ORG Sat Jul 16 16:53:54 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E2F5E16A41C; Sat, 16 Jul 2005 16:53:54 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 986B543D45; Sat, 16 Jul 2005 16:53:54 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.12.11) with ESMTP id j6GGrscD090514; Sat, 16 Jul 2005 09:53:54 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id j6GGrswm090513; Sat, 16 Jul 2005 09:53:54 -0700 (PDT) (envelope-from rizzo) Date: Sat, 16 Jul 2005 09:53:54 -0700 From: Luigi Rizzo To: Max Laier Message-ID: <20050716095353.B86993@xorpc.icir.org> References: <001c01c58a17$5dbe4a40$0100000a@R3B> <200507161740.38234.max@love2party.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200507161740.38234.max@love2party.net>; from max@love2party.net on Sat, Jul 16, 2005 at 05:40:32PM +0200 Cc: freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org, Chris Dionissopoulos Subject: Re: Traffic quota features in IPFW X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Jul 2005 16:53:55 -0000 On Sat, Jul 16, 2005 at 05:40:32PM +0200, Max Laier wrote: > On Saturday 16 July 2005 17:02, Chris Dionissopoulos wrote: > > Hi ppl, ( and sorry for cross posting) > > > > I review Andrey's Elsukov patch for adding "bound" support in ipfw, and i > > decide to push a little forward this feature. > > Sorry to be blunt, but I don't see the point in this feature nor do I think > it's a good idea. All it does is adding overhead to every packet that is > processed by IPFW. You might argue that this overhead is fairly little, but max, you are entitled to dislike the idea, but you should present your arguments correctly and not in a misleading way. There is no extra per-packet overhead in the common case introduced by this particular option (and in practically all new options added to ipfw2) because all it adds is a few entries to the main switch. Re. readability, you surely know very well (and it's widely documented through the ip_fw2.[ch] code) that each IPFW2 opcode is independent of others, so to understand the main function you just need to understand the code outside the switch (which grabs the packets' data), and the individual case you are looking at - which does a 'break, break 2 or break 3' depending on the case (and not having the 'break n' construct in C we are forced to use gotos). Surely the more opcodes you have, the bigger the switch becomes, but i don't see readability suffering too much. In any case it would be trivial to move to a different structure where each opcode handler is called through an indirect function and depending on the return value one does a break, break2 or break 3. I don't have a particular interest in this patch, i think it could be done in a better way (e.g. by using a single opcode for below/above, and a more efficient check-state perhaps) but none of your criticism really applies to the code as it has been submitted. "sorry to be blunt" :) cheers luifgi > if you combine the last ten "neat to have though not really necessary" > features this adds up. Also the code is getting more and more hacked up. > Your feature might be nicely done, but it adds to the main switch-loops > making them more and more unreadable until it all falls over and nobody is > willing to touch the code anymore. I have seen (too) much ipfw code lately > while tieing together lose ends in the IPv6-import and it's already messy > enough. > > I urge you to reconsider if we really need this. If you think we can't live > without it, it'd be nice if you could come up with a clean(er) way to extend > IPFW with additional stuff like this without impact to performance and > maintainability for the common case (without the magic foobar-option of the > day). Thanks. > > BTW: This function can be done with a three line awk-skript without any effect > on performance. Of course you will lose some precision, but I don't see > applications where you have to be *that* percise. > > > You can see the whole picture in there: > > http://www.freebsd.org/cgi/query-pr.cgi?pr=80642 > > and there: > > http://butcher.heavennet.ru/ > > > > In my patch, 3 new options are added: > > 1. "below " (which is the same option as Andrey's "bound" option, I > > just rename it) 2. "above " which is the oposite option of "below". > > Match rules when the counter is above 3. "check-quota" (which is > > the same option as Andrey's "check-bound" , but now applies to both "above" > > and "below" options). > > > > Notes: > > 1. Patch is against releng_6. > > 2. I also include a more compicated example which is (IMHO) a complete > > traffic quota+shaping solution for a small (or not so small) ISP. > > 3. For installation, follow the instructions Adrey publish in his webspace: > > http://butcher.heavennet.ru/ > > 4. Patch doesn't breaks ipfw ABI (today) , because adds new options at the > > end of list. If you apply this patch in a month or so, I cannot guarantee > > success. > > 5. Please test, and send me your feedbacks. > > > > > > I 'll be happy if you find usefull these features and if any developer > > commits this patch in current or releng_6 branch. > > -- > /"\ Best regards, | mlaier@freebsd.org > \ / Max Laier | ICQ #67774661 > X http://pf4freebsd.love2party.net/ | mlaier@EFnet > / \ ASCII Ribbon Campaign | Against HTML Mail and News