From owner-freebsd-net@FreeBSD.ORG Sun Jun 25 05:58:55 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0E9C016A47C for ; Sun, 25 Jun 2006 05:58:55 +0000 (UTC) (envelope-from cybercorecentre@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.175]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8A27743D64 for ; Sun, 25 Jun 2006 05:58:51 +0000 (GMT) (envelope-from cybercorecentre@gmail.com) Received: by ug-out-1314.google.com with SMTP id m3so478463uge for ; Sat, 24 Jun 2006 22:58:50 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding; b=Ur9Fcz/BVPIwW3ju42BGMuqFX6Ls6/nWp/jiqFQb5M7WQAr1/444Hc7IKjzFLxWSOQBODClhRa0yRzTYv4L9M+n2D9JteWq2KeaEPcR9f3YLoGEIGreLRu68IXBxKUKTF9eOJJ2ImVTSQfglGwzFqZjj8Br5HGbfIb8scH713sU= Received: by 10.67.28.9 with SMTP id f9mr3811368ugj; Sat, 24 Jun 2006 22:58:50 -0700 (PDT) Received: from ?192.0.0.1? ( [62.77.228.138]) by mx.gmail.com with ESMTP id k1sm2516809ugf.2006.06.24.22.58.50; Sat, 24 Jun 2006 22:58:50 -0700 (PDT) Message-ID: <449E256C.4080203@gmail.com> Date: Sun, 25 Jun 2006 07:55:56 +0200 From: Jax User-Agent: Thunderbird 1.5.0.2 (X11/20060420) MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 7bit Subject: Traffic shaping part 2 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Jun 2006 05:58:55 -0000 Hello Guys! I decided between freebsd. Anyone can give me a real life example, full ipfw traffic shaping ruleset or something like that. I written one myself but I hardly can find even examples on the net so pls some1 send me to private if it's possible. I don't want to share bandwith among hosts, I only want to define 4-5 class of flow for example 1 for ssh, telnet etc. delay sensitive traffic, 1 for heavy ftp and P2P traffic ( and this is another part when i lacked, I haven't got any idea how could I manage the passive ftp sessions or bittorrent traffic with ipfw). In few words what I did: ipfw pipe 1 config bw 50Kbit/s queue 30 ipfw pipe 6 config bw 300Kbit/s queue 40 .... $cmd 200 pipe 1 tcp from any to any 22 in via $LANINT keep-state $cmd 30000 pipe 1 tcp from any to any 22,24,25,110,389,993,995 out via $LANINT $cmd 60000 pipe 6 ip from any to any out ... And stuff like this. I know it's not the best, because i statically attach 1 kind of traffic to a pipe, but this way file transfer don't disturb down ssh traffic as far as i know, but as i told you i'm new in this topic. Any help appreciated! Regards, Jax From owner-freebsd-net@FreeBSD.ORG Sun Jun 25 13:47:29 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B451216A401 for ; Sun, 25 Jun 2006 13:47:29 +0000 (UTC) (envelope-from stb@lassitu.de) Received: from koef.zs64.net (koef.zs64.net [213.238.47.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id E34A543D62 for ; Sun, 25 Jun 2006 13:47:26 +0000 (GMT) (envelope-from stb@lassitu.de) Received: (from stb@koef.zs64.net) (authenticated) by koef.zs64.net (8.13.7/8.13.7) with ESMTP id k5PDlDC5061473 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO); Sun, 25 Jun 2006 15:47:24 +0200 (CEST) (envelope-from stb@lassitu.de) In-Reply-To: <449E256C.4080203@gmail.com> References: <449E256C.4080203@gmail.com> Mime-Version: 1.0 (Apple Message framework v750) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <8AF0E835-D277-4F09-96A0-4A8282B28163@lassitu.de> Content-Transfer-Encoding: 7bit From: Stefan Bethke Date: Sun, 25 Jun 2006 15:46:53 +0200 To: Jax X-Mailer: Apple Mail (2.750) Cc: freebsd-net@freebsd.org Subject: Re: Traffic shaping part 2 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Jun 2006 13:47:29 -0000 Am 25.06.2006 um 07:55 schrieb Jax: > Anyone can give me a real life example, full ipfw traffic shaping > ruleset or something like that. FWIW, here's the shaping section from my ipfw setup. I'm behind an ADSL2 line, so I don't care about downstream bandwidth, but I do about the upstream. This allows me to run BT at full rate and still have decent ssh interactive and web browsing behaviour. ${fwcmd} pipe 1 config bw 480kbit/s # up prio: TCP ACKs, SSH interactive, etc. ${fwcmd} queue 1 config pipe 1 weight 100 queue 20 mask all # up std: everything else ${fwcmd} queue 2 config pipe 1 weight 50 queue 20 mask all # up bt: bt etc. ${fwcmd} queue 3 config pipe 1 weight 1 queue 20 mask all # favour small TCP packets (ACKs) ${fwcmd} add 200 queue 1 tcp from any to any iplen 1-100 xmit tun0 # ssh ${fwcmd} add 201 queue 1 tcp from any to any 22 iptos lowdelay xmit tun0 # DNS, NTP ${fwcmd} add 202 queue 1 udp from any to any 53, 123 xmit tun0 # BT etc. ${fwcmd} add 210 queue 3 tcp from 192.168.0.0/24 21530-21539 to any xmit tun0 ${fwcmd} add 211 queue 3 tcp from 192.168.0.0/24 6880-6889 to any xmit tun0 ${fwcmd} add 212 queue 3 tcp from 192.168.0.0/24 to any 6880-6889 xmit tun0 # default ${fwcmd} add 220 queue 2 tcp from any to any xmit tun0 -- Stefan Bethke Fon +49 170 346 0140 From owner-freebsd-net@FreeBSD.ORG Sun Jun 25 18:31:38 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8671716A40D for ; Sun, 25 Jun 2006 18:31:38 +0000 (UTC) (envelope-from lukasz@bromirski.net) Received: from r2d2.bromirski.net (r2d2.bromirski.net [217.153.57.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 90EE443D68 for ; Sun, 25 Jun 2006 18:31:36 +0000 (GMT) (envelope-from lukasz@bromirski.net) Received: from [192.168.0.10] (bfg9000.jjs.pl [62.111.150.246]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by r2d2.bromirski.net (Postfix) with ESMTP id 9DDC910888B; Sun, 25 Jun 2006 20:43:09 +0200 (CEST) Message-ID: <449ED6B8.9070009@bromirski.net> Date: Sun, 25 Jun 2006 20:32:24 +0200 From: =?ISO-8859-2?Q?=A3ukasz_Bromirski?= User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: David Gilbert References: <20060623120208.GH36671@gremlin.foo.is> <50v528$fvu0nd@iinet-mail.icp-qv1-irony1.iinet.net.au> <17565.30718.106118.318863@canoe.dclg.ca> In-Reply-To: <17565.30718.106118.318863@canoe.dclg.ca> Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 8bit Cc: 'Baldur Gislason' , Christopher Martin , 'FreeBSD Net Mailing list' Subject: Re: Multiple routes to the same destination X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Jun 2006 18:31:38 -0000 David Gilbert wrote: > No. round-robin will deliver packets out-of-order. TCP will behave > very badly with this (at the very least, smart selective-ack hosts > will transmit a lot of selective-ack packets --- but dumb > non-selective-ack hosts will start asking for a lot of > retransmission). Other protocols tolerance for OOO packets varies. Yeah, but will give You flexibility in doing what You want to do - for example, sharing two leased lines, 2Mbit/s each. There are protocols that will behave oddly when they encounter OOB traffic for TCP (like some BGP implementations for example), but FTP and others tend generally to accept some low percent of such traffic. > Linux does all this with it's flow table --- that is each 5-tuple of > source ip,port dest ip,port (and protocol) is stored as a "flow" in a > big hash table. The table stores things like the next-hop interface > and destination. Yes, but having an option to do it per-packet or per-flow would be wonderful. We don't have anything useable today (not counting static policy-based routing done via ipfw, pf or netgraph). And as we all know, implementation of flow-based routing can be optimized to counter DDoS threats - Linux already did that in 2.6.x, as there an option to compile kernel with either FIB_HASH or FIB_TRIE. -- "Confidence is what you have before you | ёukasz Bromirski understand the problem." -- Woody Allen | lukasz:bromirski,net From owner-freebsd-net@FreeBSD.ORG Sun Jun 25 19:23:44 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B724F16A400 for ; Sun, 25 Jun 2006 19:23:43 +0000 (UTC) (envelope-from dgilbert@daveg.ca) Received: from ox.eicat.ca (ox.eicat.ca [66.96.30.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 556F943D46 for ; Sun, 25 Jun 2006 19:23:43 +0000 (GMT) (envelope-from dgilbert@daveg.ca) Received: by ox.eicat.ca (Postfix, from userid 66) id 3A26B168A4; Sun, 25 Jun 2006 15:23:42 -0400 (EDT) Received: by canoe.dclg.ca (Postfix, from userid 101) id 1096B4AC2D; Sun, 25 Jun 2006 15:23:43 -0400 (EDT) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <17566.58047.18905.415605@canoe.dclg.ca> Date: Sun, 25 Jun 2006 15:23:43 -0400 To: =?ISO-8859-2?Q?=A3ukasz_Bromirski?= In-Reply-To: <449ED6B8.9070009@bromirski.net> References: <20060623120208.GH36671@gremlin.foo.is> <50v528$fvu0nd@iinet-mail.icp-qv1-irony1.iinet.net.au> <17565.30718.106118.318863@canoe.dclg.ca> <449ED6B8.9070009@bromirski.net> X-Mailer: VM 7.17 under 21.4 (patch 19) "Constant Variable" XEmacs Lucid Cc: 'Baldur Gislason' , 'FreeBSD Net Mailing list' , Christopher Martin , David Gilbert Subject: Re: Multiple routes to the same destination X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Jun 2006 19:23:44 -0000 >>>>> "ISO" == ISO writes: ISO> David Gilbert wrote: >> No. round-robin will deliver packets out-of-order. TCP will >> behave very badly with this (at the very least, smart selective-ack >> hosts will transmit a lot of selective-ack packets --- but dumb >> non-selective-ack hosts will start asking for a lot of >> retransmission). Other protocols tolerance for OOO packets varies. ISO> Yeah, but will give You flexibility in doing what You want to do ISO> - for example, sharing two leased lines, 2Mbit/s each. There are ISO> protocols that will behave oddly when they encounter OOB traffic ISO> for TCP (like some BGP implementations for example), but FTP and ISO> others tend generally to accept some low percent of such traffic. Out-Of-Band, no. You mistake what I said. OOO refers to Out-Of-Order above. FTP will be no different than any other TCP based service. The best behaviour will be extra traffic generated by the selective-ack mechanisms (if they exist), the worst behaviour will be retransmissions triggered for every out-of-order packet. In the presence of multiple routes ... _even_ good similarly latent routes, proper IP operation requires in-order-delivery for the vast majority of protocols. To do this, you must ensure that each stream uses only one of the available routes. The method by which you do this is up to you. >> Linux does all this with it's flow table --- that is each 5-tuple >> of source ip,port dest ip,port (and protocol) is stored as a "flow" >> in a big hash table. The table stores things like the next-hop >> interface and destination. ISO> Yes, but having an option to do it per-packet or per-flow would ISO> be wonderful. We don't have anything useable today (not counting ISO> static policy-based routing done via ipfw, pf or netgraph). And ISO> as we all know, implementation of flow-based routing can be ISO> optimized to counter DDoS threats - Linux already did that in ISO> 2.6.x, as there an option to compile kernel with either FIB_HASH ISO> or FIB_TRIE. Flow based routing in Linux is a travesty. It falls down really easily. We tested linux and FreeBSD in routing environments and hands-down, linux was a failure beyond trivial routing cases. This includes their latest incarnations. I'm even fairly close to the group that is trying to fix this. Even in dedicated hardware, flow based routing is a travesty (just look (and laugh) at any extreme networks hardware running BGP). Anyways... a "hashed" approach (that is where you take parts of the address of the IP packet and use them to deterministically generate the routing bits. I would also like equal-cost-multipath, but I would like it done correctly. round-robbin is not correctly. Dave. -- ============================================================================ |David Gilbert, Independent Contractor. | Two things can be | |Mail: dave@daveg.ca | equal if and only if they | |http://daveg.ca | are precisely opposite. | =========================================================GLO================ From owner-freebsd-net@FreeBSD.ORG Mon Jun 26 03:42:57 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2584C16A415 for ; Mon, 26 Jun 2006 03:42:57 +0000 (UTC) (envelope-from mv@thebeastie.org) Received: from p4.roq.com (ns1.ecoms.com [207.44.130.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4810A452D2 for ; Mon, 26 Jun 2006 03:21:18 +0000 (GMT) (envelope-from mv@thebeastie.org) Received: from p4.roq.com (localhost.roq.com [127.0.0.1]) by p4.roq.com (Postfix) with ESMTP id 58D554CDA2 for ; Mon, 26 Jun 2006 03:21:19 +0000 (GMT) Received: from vaulte.jumbuck.com (ppp166-27.static.internode.on.net [150.101.166.27]) by p4.roq.com (Postfix) with ESMTP id 907A24CDBF for ; Mon, 26 Jun 2006 03:21:18 +0000 (GMT) Received: from vaulte.jumbuck.com (localhost [127.0.0.1]) by vaulte.jumbuck.com (Postfix) with ESMTP id 4E4968A063; Mon, 26 Jun 2006 13:21:15 +1000 (EST) Received: from [192.168.46.102] (unknown [192.168.46.250]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by vaulte.jumbuck.com (Postfix) with ESMTP id 4A8618A062; Mon, 26 Jun 2006 13:21:15 +1000 (EST) Message-ID: <449F52AA.8080504@thebeastie.org> Date: Mon, 26 Jun 2006 13:21:14 +1000 From: Michael Vince User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.7.12) Gecko/20060404 X-Accept-Language: en-us, en MIME-Version: 1.0 To: David DeSimone References: <449228FA.50303@thebeastie.org> <20060616122855.GA29279@uk.tiscali.com> <20060616154306.GA18578@verio.net> <449B5D50.8000700@thebeastie.org> <20060623062221.GA23272@verio.net> In-Reply-To: <20060623062221.GA23272@verio.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP X-Virus-Scanned: ClamAV using ClamSMTP Cc: freebsd-net@freebsd.org Subject: Re: VPN with FAST_IPSEC and ipsec tools X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jun 2006 03:42:57 -0000 David DeSimone wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Michael Vince wrote: > > >>>The main reason to use IPSEC tunnel mode and avoid GIF is that such >>>a config is interoperable with other IPSEC implementations, and thus >>>is much more useful in the real world. >>> >>> >>OK that said, how do you create a network to network tunnel based VPN >>without using the gif or gre devices? >> >> > >Ok, here's a typical setup that I've used. > >Suppose you have two gateways: > Gateway 1 IP = 1.2.3.4 > Networks behind it: > > 192.168.1.0/24 > 192.168.2.0/24 > >Most of the examples you'll find will teach you to use IPSEC in >Transport mode. But Transport mode is only used for one endpoint to >talk to another endpoint. What you want here (and what other gateways >like Cisco will implement) is Tunnel mode, where the traffic is >encapsulated rather than merely encrypted. > >- -- >David DeSimone == Network Admin == fox@verio.net > > OK that is a great guide and should be placed in the handbook, maybe over top of the old one or under a title "Standard VPN" I copied and pasted most of it and replaced those IPs with mine, but am still having problems. After reloading ipsec and racoon I tried to do a traceroute from a client behind the local gateway to a client behind the remote gateway, it went off and did a typical traceroute through the gateway out over the Internet like a regular traceroute, completely being missed by the kernel/ipsec rules, nothing stopped it or tried to tunnel it or trigger racoon IKE activity. I tried putting 'require' in my ipsec rules, didn't change anything. Did you have any special routes to tell the ipsec/kernel to start encrypting the traffic? Are you using FAST_IPSEC or the other IPsec? If so I will have to change. Which version of FreeBSD are you using? I need to try and isolate what is different. Its Fast_IPSEC in my kernel, it is a AMD64 server, I remember AMD64 would instantly trigger a kernel panic with FAST_IPSEC in the past, but I am assuming it works now. I have actually managed to trigger a full phase 1 and 2 successful connection activity if I use the older style gif/gre and on top use a IPsec gateway to gateway tunnel rule (on top of the regular internal network ipsec rules) and with the special gif/gre routes most examples on the net say to use. Having a gateway to gateway tunnel rule was the only thing that finally ever triggered racoon and IPSec activity which is pretty weird, and is double to triple different compared to your example because I needed gif/gre and routes to trigger racoon/ipsec to start working. #spdadd 1.2.3.4/32 5.6.7.8/32 any -P out ipsec esp/tunnel/1.2.3.4-5.6.7.8/require ; #spdadd 5.6.7.8/32 1.2.3.4/32 any -P in ipsec esp/tunnel/5.6.7.8-1.2.3.4/require ; I need to have it all working under the standard way out you have laid out, like I said my ipsec is in the kernel and fully loaded, but with your example rules it behaves as if its not there at all. Mike sysctl -a | grep ipsec ipsecpolicy 34 9K - 11913 256 ipsecrequest 4 1K - 181 256 ipsec-misc 0 0K - 258 32,64 ipsec-saq 0 0K - 167 128 ipsec-reg 3 1K - 153 32 net.inet.ipsec.def_policy: 1 net.inet.ipsec.esp_trans_deflev: 1 net.inet.ipsec.esp_net_deflev: 1 net.inet.ipsec.ah_trans_deflev: 1 net.inet.ipsec.ah_net_deflev: 1 net.inet.ipsec.ah_cleartos: 1 net.inet.ipsec.ah_offsetmask: 0 net.inet.ipsec.dfbit: 0 net.inet.ipsec.ecn: 0 net.inet.ipsec.debug: 0 net.inet.ipsec.esp_randpad: -1 net.inet.ipsec.crypto_support: 0 net.inet6.ipsec6.def_policy: 1 net.inet6.ipsec6.esp_trans_deflev: 1 net.inet6.ipsec6.esp_net_deflev: 1 net.inet6.ipsec6.ah_trans_deflev: 1 net.inet6.ipsec6.ah_net_deflev: 1 net.inet6.ipsec6.ecn: 0 net.inet6.ipsec6.debug: 0 net.inet6.ipsec6.esp_randpad: -1 From owner-freebsd-net@FreeBSD.ORG Mon Jun 26 04:09:52 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 83D4C16A401 for ; Mon, 26 Jun 2006 04:09:52 +0000 (UTC) (envelope-from fox@verio.net) Received: from dfw-smtpout4.email.verio.net (dfw-smtpout4.email.verio.net [129.250.36.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 92FDC43D9C for ; Mon, 26 Jun 2006 04:09:47 +0000 (GMT) (envelope-from fox@verio.net) Received: from [129.250.36.63] (helo=dfw-mmp3.email.verio.net) by dfw-smtpout4.email.verio.net with esmtp id 1FuiPv-00021g-Av for freebsd-net@freebsd.org; Mon, 26 Jun 2006 04:09:43 +0000 Received: from [129.250.40.241] (helo=limbo.int.dllstx01.us.it.verio.net) by dfw-mmp3.email.verio.net with esmtp id 1FuiPv-00057x-4D for freebsd-net@freebsd.org; Mon, 26 Jun 2006 04:09:43 +0000 Received: by limbo.int.dllstx01.us.it.verio.net (Postfix, from userid 1000) id 8D7BE8E2CC; Sun, 25 Jun 2006 23:09:39 -0500 (CDT) Date: Sun, 25 Jun 2006 23:09:39 -0500 From: David DeSimone To: freebsd-net@freebsd.org Message-ID: <20060626040939.GA25367@verio.net> Mail-Followup-To: freebsd-net@freebsd.org References: <449228FA.50303@thebeastie.org> <20060616122855.GA29279@uk.tiscali.com> <20060616154306.GA18578@verio.net> <449B5D50.8000700@thebeastie.org> <20060623062221.GA23272@verio.net> <449F52AA.8080504@thebeastie.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed Content-Disposition: inline In-Reply-To: <449F52AA.8080504@thebeastie.org> Precedence: bulk User-Agent: Mutt/1.5.9i Subject: Re: VPN with FAST_IPSEC and ipsec tools X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jun 2006 04:09:52 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael Vince wrote: > > After reloading ipsec and racoon I tried to do a traceroute from a > client behind the local gateway to a client behind the remote gateway, > it went off and did a typical traceroute through the gateway out over > the Internet like a regular traceroute, completely being missed by the > kernel/ipsec rules, nothing stopped it or tried to tunnel it or > trigger racoon IKE activity. I didn't really include a section on troubleshooting, so I suppose I could mention some things about that. Traceroute is a very helpful tool. As you noticed, the traceroute proceeded out to the Internet, whereas in a normal tunnel you should never see the internet at all, it should proceed from one hop being the near gateway, to the next hop being the far gateway. What this indicates is that your SA definition is not triggering. To be more specific, your SPD does not match the output traffic and trigger the creation of a SAD. You can examine these with "setkey -D" (for SA's) or "setkey -DP" (for SPD's). When you run "setkey -DP" you should see an outbound definition containing your source network, followed by the destination, like so: 192.168.1.0/24[any] 192.168.11.0/24[any] any out ipsec esp/tunnel/1.2.3.4-5.6.7.8/unique#16756 created: Jun 23 16:12:51 2006 lastused: Jun 23 16:12:51 2006 lifetime: 0(s) validtime: 0(s) spid=16851 seq=5 pid=89388 refcnt=1 This is a SPD declaring that if traffic sourced from 192.168.1.0/24 ever tries to route to 192.168.11.0/24, traveling in an outbound direction, then it will trigger the creation of a SAD (though I usually just call it SA). The SA will be in tunnel mode, using esp, with 1.2.3.4 as the source gateway (here) and 5.6.7.8 as the destination gateway (there). The keyword "unique" specifies that no other existing SA's will be leveraged, or "piggybacked," a real unique SA specifying only these two subnets must be negotiated. That is just an explanation for what the descriptor says. You must validate: Is this true for your network? Is the network 192.168.1.0/24 really located behind gateway 1.2.3.4, and is 192.168.11.0/24 behind 5.6.7.8? Just a quick sanity check, you must be certain you've set it up right. If your traffic routes right past this SPD without being matched, it makes me wonder: Is the traffic being NAT'd before it has a chance to be matched by the kernel? I am using PF on FreeBSD 6.0, and in my setup I did not have to add any special "no nat" rules in order to make this work. However, if you use some other method of NAT, there may be some interference. > I tried putting 'require' in my ipsec rules, didn't change anything. Yes, as I mentioned, 'require' is just a less-strict form of 'unique'. You can get things working well with 'require' but you will find interoperational problems with other gateways (like Cisco) that expect unique SA's to be negotiated. > Did you have any special routes to tell the ipsec/kernel to start > encrypting the traffic? It is not completely clear to me at what "stage" of traffic handling IPSEC is matched. Is the packet matched as soon as it heads inbound? Before the routing table check? After the routing table? When it tries to flow outbound? The "-P out" seems to imply that it would be checked at that stage... and if so, that means your NAT must not be applied until then. My typical NAT rule looks like this: nat on $EXT from $INT:network to any -> $EXTIP This causes NAT to be applied when the packet has already been routed and is about to leave through the external interface. However, if you had a different rule: nat on $INT to any -> $EXTIP This is a pathological example, but if you used this example, I wonder if it would apply NAT too soon and prevent the packet from being matched? > Are you using FAST_IPSEC or the other IPsec? If so I will have to > change. Which version of FreeBSD are you using? Hmm... In examining my kernel configuration I found these options: options IPSEC options IPSEC_ESP options IPSEC_DEBUG # options IPSEC_FILTERGIF # options FAST_IPSEC So it appears that I am NOT using FAST_IPSEC. For some reason I thought that I was, but now I see I was mistaken. I wonder if someone can explain the difference between the two? - -- David DeSimone == Network Admin == fox@verio.net "It took me fifteen years to discover that I had no talent for writing, but I couldn't give it up because by that time I was too famous. -- Robert Benchley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEn14DFSrKRjX5eCoRAlXFAJ0d2Mw4FynFEAudHtjhlN+Gdgu2fgCgohU0 zGALTWBULzzRjDhTDJrw4IM= =K/j5 -----END PGP SIGNATURE----- From owner-freebsd-net@FreeBSD.ORG Mon Jun 26 06:30:21 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABC8316A40B for ; Mon, 26 Jun 2006 06:30:21 +0000 (UTC) (envelope-from fox@verio.net) Received: from dfw-smtpout4.email.verio.net (dfw-smtpout4.email.verio.net [129.250.36.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4A98943D5C for ; Mon, 26 Jun 2006 06:30:21 +0000 (GMT) (envelope-from fox@verio.net) Received: from [129.250.36.61] (helo=dfw-mmp1.email.verio.net) by dfw-smtpout4.email.verio.net with esmtp id 1Fukc0-00002P-BZ for freebsd-net@freebsd.org; Mon, 26 Jun 2006 06:30:20 +0000 Received: from [129.250.40.241] (helo=limbo.int.dllstx01.us.it.verio.net) by dfw-mmp1.email.verio.net with esmtp id 1Fukc0-0001HF-8G for freebsd-net@freebsd.org; Mon, 26 Jun 2006 06:30:20 +0000 Received: by limbo.int.dllstx01.us.it.verio.net (Postfix, from userid 1000) id CDB0F8E2CC; Mon, 26 Jun 2006 01:30:10 -0500 (CDT) Date: Mon, 26 Jun 2006 01:30:10 -0500 From: David DeSimone To: freebsd-net@freebsd.org Message-ID: <20060626063010.GB25367@verio.net> Mail-Followup-To: freebsd-net@freebsd.org References: <449228FA.50303@thebeastie.org> <20060616122855.GA29279@uk.tiscali.com> <20060616154306.GA18578@verio.net> <449B5D50.8000700@thebeastie.org> <20060623062221.GA23272@verio.net> <449F52AA.8080504@thebeastie.org> <20060626040939.GA25367@verio.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed Content-Disposition: inline In-Reply-To: <20060626040939.GA25367@verio.net> Precedence: bulk User-Agent: Mutt/1.5.9i Subject: Re: VPN with FAST_IPSEC and ipsec tools X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jun 2006 06:30:21 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David DeSimone wrote: > > Hmm... In examining my kernel configuration I found these options: > > options IPSEC > options IPSEC_ESP > options IPSEC_DEBUG > # options IPSEC_FILTERGIF > # options FAST_IPSEC > > So it appears that I am NOT using FAST_IPSEC. I have now recompiled my kernel with the following options: # options IPSEC # options IPSEC_ESP # options IPSEC_DEBUG # options IPSEC_FILTERGIF options FAST_IPSEC device crypto After rebooting, I noticed the startup messages show I am indeed using FAST_IPSEC. My other configuration remains unchanged. I can still establish and use the tunnels I have set up, so I don't believe this is an IPSEC vs FAST_IPSEC problem you're seeing. - -- David DeSimone == Network Admin == fox@verio.net "It took me fifteen years to discover that I had no talent for writing, but I couldn't give it up because by that time I was too famous. -- Robert Benchley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEn37yFSrKRjX5eCoRAni6AJ9bZX9VsOaO45gDrkxBO/HJHY+MLACeKkSb c7Uyt68UUQpJmezJlaUwI1A= =c/nK -----END PGP SIGNATURE----- From owner-freebsd-net@FreeBSD.ORG Mon Jun 26 07:16:31 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 99A4416A403 for ; Mon, 26 Jun 2006 07:16:31 +0000 (UTC) (envelope-from mv@thebeastie.org) Received: from p4.roq.com (ns1.ecoms.com [207.44.130.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id E4AF843DBD for ; Mon, 26 Jun 2006 07:16:17 +0000 (GMT) (envelope-from mv@thebeastie.org) Received: from p4.roq.com (localhost.roq.com [127.0.0.1]) by p4.roq.com (Postfix) with ESMTP id 87B964CD95 for ; Mon, 26 Jun 2006 07:16:19 +0000 (GMT) Received: from vaulte.jumbuck.com (ppp166-27.static.internode.on.net [150.101.166.27]) by p4.roq.com (Postfix) with ESMTP id 214D94CDD7 for ; Mon, 26 Jun 2006 07:16:19 +0000 (GMT) Received: from vaulte.jumbuck.com (localhost [127.0.0.1]) by vaulte.jumbuck.com (Postfix) with ESMTP id 7A13D8A062; Mon, 26 Jun 2006 17:16:15 +1000 (EST) Received: from [192.168.46.102] (unknown [192.168.46.250]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by vaulte.jumbuck.com (Postfix) with ESMTP id 71E5D8A01F; Mon, 26 Jun 2006 17:16:15 +1000 (EST) Message-ID: <449F89BE.7070508@thebeastie.org> Date: Mon, 26 Jun 2006 17:16:14 +1000 From: Michael Vince User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.7.12) Gecko/20060404 X-Accept-Language: en-us, en MIME-Version: 1.0 To: David DeSimone References: <449228FA.50303@thebeastie.org> <20060616122855.GA29279@uk.tiscali.com> <20060616154306.GA18578@verio.net> <449B5D50.8000700@thebeastie.org> <20060623062221.GA23272@verio.net> <449F52AA.8080504@thebeastie.org> <20060626040939.GA25367@verio.net> <20060626063010.GB25367@verio.net> In-Reply-To: <20060626063010.GB25367@verio.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP X-Virus-Scanned: ClamAV using ClamSMTP Cc: freebsd-net@freebsd.org Subject: Re: VPN with FAST_IPSEC and ipsec tools X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jun 2006 07:16:31 -0000 David DeSimone wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >David DeSimone wrote: > > >>Hmm... In examining my kernel configuration I found these options: >> >> options IPSEC >> options IPSEC_ESP >> options IPSEC_DEBUG >> # options IPSEC_FILTERGIF >> # options FAST_IPSEC >> >>So it appears that I am NOT using FAST_IPSEC. >> >> > >I have now recompiled my kernel with the following options: > > # options IPSEC > # options IPSEC_ESP > # options IPSEC_DEBUG > # options IPSEC_FILTERGIF > options FAST_IPSEC > > device crypto > >After rebooting, I noticed the startup messages show I am indeed using >FAST_IPSEC. > >My other configuration remains unchanged. I can still establish and use >the tunnels I have set up, so I don't believe this is an IPSEC vs >FAST_IPSEC problem you're seeing. > >- -- >David DeSimone == Network Admin == fox@verio.net > Darn, maybe you should try upgrading to 6.1 release and see if that does any thing. Also I am using the latest ipsec-tools in the ports tree 0.6.6 Mike From owner-freebsd-net@FreeBSD.ORG Mon Jun 26 10:39:46 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5741816A53D for ; Mon, 26 Jun 2006 10:39:46 +0000 (UTC) (envelope-from Susan.Lan@zyxel.com.tw) Received: from zyadd226.zyxel.com.tw (zyadd226.zyxel.com.tw [61.222.65.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id DA8294418B for ; Mon, 26 Jun 2006 10:10:41 +0000 (GMT) (envelope-from Susan.Lan@zyxel.com.tw) Received: from zytwbe01.zyxel.com ([172.23.5.10]) by smtp.zyxel.com.tw with InterScan Messaging Security Suite; Mon, 26 Jun 2006 18:18:51 +0800 Received: from zytwfe01.ZyXEL.com ([172.23.5.5]) by zytwbe01.zyxel.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 26 Jun 2006 18:10:37 +0800 Received: from [172.23.17.43] ([172.23.17.43]) by zytwfe01.ZyXEL.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 26 Jun 2006 18:10:37 +0800 Message-ID: <449FB2A2.4040206@zyxel.com.tw> Date: Mon, 26 Jun 2006 18:10:42 +0800 From: Blue User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 26 Jun 2006 10:10:37.0063 (UTC) FILETIME=[C5016970:01C69908] Subject: FreeBSD-6.1 modification about tcp_input fast recovery X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jun 2006 10:39:46 -0000 Hi, all: In FreeBSD-6.1, line 1878 - 1894 in tcp input() have been newly added like below if (tp->sack_enable && IN_FASTRECOVERY(tp)) { int awnd; /* * Compute the amount of data in flight first. * We can inject new data into the pipe iff * we have less than 1/2 the original window's * worth of data in flight. */ awnd = (tp->snd_nxt - tp->snd_fack) + tp->sackhint.sack_bytes_rexmit; if (awnd < tp->snd_ssthresh) { tp->snd_cwnd += tp->t_maxseg; if (tp->snd_cwnd > tp->snd_ssthresh) tp->snd_cwnd = tp->snd_ssthresh; } } else tp->snd_cwnd += tp->t_maxseg; I am wondering why not just increase congestion window size by 1 when receiving duplicated ACK when doing fast recover? I digged into RFC 3782 (NeReno) and RFC 3517 (SACK based loss recovery) and could not find anything related to the modification. Could not we just follow RFC 3782 and simply increment congestion window size by one? Best regards, blue From owner-freebsd-net@FreeBSD.ORG Mon Jun 26 11:03:02 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 80F2316A570 for ; Mon, 26 Jun 2006 11:03:02 +0000 (UTC) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 30F5643D8E for ; Mon, 26 Jun 2006 11:03:01 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k5QB31r0042457 for ; Mon, 26 Jun 2006 11:03:01 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k5QB2xSi042451 for freebsd-net@freebsd.org; Mon, 26 Jun 2006 11:02:59 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 26 Jun 2006 11:02:59 GMT Message-Id: <200606261102.k5QB2xSi042451@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jun 2006 11:03:02 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2006/01/30] kern/92552 net A serious bug in most network drivers fro f [2006/02/12] kern/93220 net [inet6] nd6_lookup: failed to add route f o [2006/06/19] kern/99188 net [tcp] [patch] FIN in same packet as dupli 3 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/07/11] kern/54383 net [nfs] [patch] NFS root configurations wit o [2006/04/03] kern/95267 net packet drops periodically appear 2 problems total. From owner-freebsd-net@FreeBSD.ORG Mon Jun 26 18:39:55 2006 Return-Path: X-Original-To: freebsd-net@hub.freebsd.org Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A1BF16A516; Mon, 26 Jun 2006 18:39:55 +0000 (UTC) (envelope-from andre@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id DA643463EF; Mon, 26 Jun 2006 16:16:09 +0000 (GMT) (envelope-from andre@FreeBSD.org) Received: from freefall.freebsd.org (andre@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k5QGG90b066917; Mon, 26 Jun 2006 16:16:09 GMT (envelope-from andre@freefall.freebsd.org) Received: (from andre@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k5QGG9uY066913; Mon, 26 Jun 2006 16:16:09 GMT (envelope-from andre) Date: Mon, 26 Jun 2006 16:16:09 GMT From: Andre Oppermann Message-Id: <200606261616.k5QGG9uY066913@freefall.freebsd.org> To: andre@FreeBSD.org, freebsd-net@FreeBSD.org, andre@FreeBSD.org Cc: Subject: Re: kern/99188: [tcp] [patch] FIN in same packet as duplicate ACK is lost X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jun 2006 18:39:55 -0000 Synopsis: [tcp] [patch] FIN in same packet as duplicate ACK is lost Responsible-Changed-From-To: freebsd-net->andre Responsible-Changed-By: andre Responsible-Changed-When: Mon Jun 26 16:15:49 UTC 2006 Responsible-Changed-Why: Take over. http://www.freebsd.org/cgi/query-pr.cgi?pr=99188 From owner-freebsd-net@FreeBSD.ORG Tue Jun 27 02:11:19 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C1F5216A401 for ; Tue, 27 Jun 2006 02:11:19 +0000 (UTC) (envelope-from haisang@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0B06A43D55 for ; Tue, 27 Jun 2006 02:11:09 +0000 (GMT) (envelope-from haisang@gmail.com) Received: by nz-out-0102.google.com with SMTP id 16so1274489nzp for ; Mon, 26 Jun 2006 19:11:09 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=WiIQUT2um2w43ZLE2kmN+DW7y7KMHCyOh4hIvb2pi9RLXxPOJakwPP1Y5ECH6JtzbUDxZK5TbD/BlabkHgXjiEs8yDC2AVhl/XQPrS54atM+rvvN0pGVuYWgp25aMC+nOHYY2to7b21WTaHsE2ACRBmrdMM0pyzKtKr8STmuNDk= Received: by 10.36.250.62 with SMTP id x62mr3641866nzh; Mon, 26 Jun 2006 19:11:09 -0700 (PDT) Received: by 10.37.15.29 with HTTP; Mon, 26 Jun 2006 19:11:09 -0700 (PDT) Message-ID: Date: Mon, 26 Jun 2006 19:11:09 -0700 From: "Haisang Wu" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: mbufs in tcp_output and tcp_input X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jun 2006 02:11:19 -0000 Hello, I need to read m_flags of a mbuf in an TCP application in the following two cases: (1) in sending direction, right before TCP calls ip_output() to send out a packet, (2) in receiving direction, right before TCP appends a packet to so_rcv of the corresponding socket and wakes up the socket. My understandings are: for (1), tcp_output() only calls ip_output() once, so right before that function call, I should read the m_flags. For (2), tcp_input() is more complex and calls insbappendstream_locked() twice, one for fast path processing, and one for slow path processing. I think I should read m_flags before both of the two insbappendstream_locked() function calls. I am using freebsd 5.4. Could you let me know whether my above understandings are correct, and provide some suggestions? Thank you! Haisang From owner-freebsd-net@FreeBSD.ORG Tue Jun 27 06:32:07 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 24F4316A400 for ; Tue, 27 Jun 2006 06:32:07 +0000 (UTC) (envelope-from mv@thebeastie.org) Received: from p4.roq.com (ns1.ecoms.com [207.44.130.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id 51F2243D5C for ; Tue, 27 Jun 2006 06:31:51 +0000 (GMT) (envelope-from mv@thebeastie.org) Received: from p4.roq.com (localhost.roq.com [127.0.0.1]) by p4.roq.com (Postfix) with ESMTP id AD28A4CE07 for ; Tue, 27 Jun 2006 06:30:52 +0000 (GMT) Received: from vaulte.jumbuck.com (ppp166-27.static.internode.on.net [150.101.166.27]) by p4.roq.com (Postfix) with ESMTP id A44EB4CDFF for ; Tue, 27 Jun 2006 06:30:37 +0000 (GMT) Received: from vaulte.jumbuck.com (localhost [127.0.0.1]) by vaulte.jumbuck.com (Postfix) with ESMTP id 4B5AA8A069; Tue, 27 Jun 2006 16:30:18 +1000 (EST) Received: from [192.168.46.102] (unknown [192.168.46.250]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by vaulte.jumbuck.com (Postfix) with ESMTP id 445FA8A066; Tue, 27 Jun 2006 16:30:18 +1000 (EST) Message-ID: <44A0D079.9030407@thebeastie.org> Date: Tue, 27 Jun 2006 16:30:17 +1000 From: Michael Vince User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.7.12) Gecko/20060404 X-Accept-Language: en-us, en MIME-Version: 1.0 To: David DeSimone References: <449228FA.50303@thebeastie.org> <20060616122855.GA29279@uk.tiscali.com> <20060616154306.GA18578@verio.net> <449B5D50.8000700@thebeastie.org> <20060623062221.GA23272@verio.net> <449F52AA.8080504@thebeastie.org> <20060626040939.GA25367@verio.net> <20060626063010.GB25367@verio.net> In-Reply-To: <20060626063010.GB25367@verio.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP X-Virus-Scanned: ClamAV using ClamSMTP Cc: freebsd-net@freebsd.org Subject: Re: VPN with FAST_IPSEC and ipsec tools X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jun 2006 06:32:07 -0000 David DeSimone wrote: >- -- >David DeSimone == Network Admin == fox@verio.net > > I got it going! Its working like a dream now. I don't have a for sure reason why it wasn't working but my best guess is it was one that actually boiled down to a silly mistake as you suggested. I feel quite silly as it appears after some testing whats was holding it back was simply failing to reload the ipsec rules properly. Most if not all the time I was doing /etc/rc.d/ipsec restart, when I should of been either using setkey manually or /etc/rc.d/ipsec reload. After looking at the ipsec shell that the restart function doesn't do the equivalent effect as 'reload' Personally I see this as a trap any one could fall into. Big thanks to you, as if you weren't there I probably would of given up earlier and had to replace the gateway with something else altogether. Thanks, Mike From owner-freebsd-net@FreeBSD.ORG Tue Jun 27 18:55:48 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E216016A407 for ; Tue, 27 Jun 2006 18:55:48 +0000 (UTC) (envelope-from mi+mx@aldan.algebra.com) Received: from aldan.algebra.com (aldan.algebra.com [216.254.65.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 52A3843DDE for ; Tue, 27 Jun 2006 18:55:47 +0000 (GMT) (envelope-from mi+mx@aldan.algebra.com) Received: from corbulon.video-collage.com (static-151-204-231-237.bos.east.verizon.net [151.204.231.237]) by aldan.algebra.com (8.13.6/8.13.6) with ESMTP id k5RIthgA094940 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 27 Jun 2006 14:55:46 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) Received: from [172.21.130.86] (mx-broadway [38.98.68.18]) by corbulon.video-collage.com (8.13.6/8.13.6) with ESMTP id k5RItbXs084819 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 27 Jun 2006 14:55:38 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) From: Mikhail Teterin Organization: Virtual Estates, Inc. To: net@freebsd.org Date: Tue, 27 Jun 2006 14:55:32 -0400 User-Agent: KMail/1.9.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200606271455.32276.mi+mx@aldan.algebra.com> X-Virus-Scanned: ClamAV 0.88/1564/Mon Jun 26 10:55:16 2006 on corbulon.video-collage.com X-Virus-Status: Clean X-Scanned-By: MIMEDefang 2.43 Cc: Subject: fetch http://localhost:6666 hangs X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jun 2006 18:55:49 -0000 Hello! I just noticed, that on my recent "6.1-STABLE #4: Thu Jun 8" amd64 system attempts to connect to a bogus port (like 6666) hang instead of failing with "Connection refused" immediately, as they on other systems. Why would this be? There is nothing listening: ``netstat -n | grep 6666'' is empty. The ipfw rules are very simple: 00200 pipe 1 ip from any to 172.21.128.43 dst-port 2049 65535 allow ip from any to any While fetch is trying to connect, the tcpdump prints: % tcpdump -vvv -i lo0 port 6666 tcpdump: listening on lo0, link-type NULL (BSD loopback), capture size 68 bytes 14:28:43.465182 IP (tos 0x0, ttl 64, id 56427, offset 0, flags [DF], proto: TCP (6), length: 64) localhost.52326 > localhost.6666: S, cksum 0x0558 (correct), 583002422:583002422(0) win 65535 14:28:46.464121 IP (tos 0x0, ttl 64, id 56491, offset 0, flags [DF], proto: TCP (6), length: 64) localhost.52326 > localhost.6666: S, cksum 0xf99f (correct), 583002422:583002422(0) win 65535 14:28:49.663980 IP (tos 0x0, ttl 64, id 56530, offset 0, flags [DF], proto: TCP (6), length: 64) localhost.52326 > localhost.6666: S, cksum 0xed1f (correct), 583002422:583002422(0) win 65535 14:28:52.863836 IP (tos 0x0, ttl 64, id 56559, offset 0, flags [DF], proto: TCP (6), length: 48) localhost.52326 > localhost.6666: S, cksum 0x5993 (correct), 583002422:583002422(0) win 65535 [...] Meanwhile, a "healthy" system prints: % tcpdump -vvv -i lo0 port 6666 tcpdump: listening on lo0, link-type NULL (BSD loopback), capture size 68 bytes 14:29:55.716350 IP (tos 0x0, ttl 64, id 7958, offset 0, flags [DF], proto: TCP (6), length: 64) localhost.49238 > localhost.6666: S, cksum 0x7d0e (correct), 3929347125:3929347125(0) win 65535 14:29:55.718358 IP (tos 0x0, ttl 64, id 7959, offset 0, flags [DF], proto: TCP (6), length: 40) localhost.6666 > localhost.49238: R, cksum 0xd901 (correct), 0:0(0) ack 3929347126 win 0 Any clues? Thanks! -mi From owner-freebsd-net@FreeBSD.ORG Tue Jun 27 19:20:47 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CBCD716A407 for ; Tue, 27 Jun 2006 19:20:47 +0000 (UTC) (envelope-from mi+mx@aldan.algebra.com) Received: from aldan.algebra.com (aldan.algebra.com [216.254.65.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 384D644E5B for ; Tue, 27 Jun 2006 19:20:47 +0000 (GMT) (envelope-from mi+mx@aldan.algebra.com) Received: from corbulon.video-collage.com (static-151-204-231-237.bos.east.verizon.net [151.204.231.237]) by aldan.algebra.com (8.13.6/8.13.6) with ESMTP id k5RJKeUZ095030 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 27 Jun 2006 15:20:42 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) Received: from [172.21.130.86] (mx-broadway [38.98.68.18]) by corbulon.video-collage.com (8.13.6/8.13.6) with ESMTP id k5RJKYOh085924 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 27 Jun 2006 15:20:35 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) From: Mikhail Teterin Organization: Virtual Estates, Inc. To: "Andrew Pantyukhin" , Pawel Worach Date: Tue, 27 Jun 2006 15:20:28 -0400 User-Agent: KMail/1.9.1 References: <200606271455.32276.mi+mx@aldan.algebra.com> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-u" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200606271520.29188.mi+mx@aldan.algebra.com> X-Virus-Scanned: ClamAV 0.88/1564/Mon Jun 26 10:55:16 2006 on corbulon.video-collage.com X-Virus-Status: Clean X-Scanned-By: MIMEDefang 2.43 Cc: net@freebsd.org Subject: Re: fetch http://localhost:6666 hangs X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jun 2006 19:20:47 -0000 в╕второк 27 червень 2006 15:07, Andrew Pantyukhin написав: > My first thought is net.inet.tcp.blackhole sysctl. Yep, set to 2... I wonder, who did this here and why -- the machine is on the LAN behind firewalls... One of the TCL's http tests is failing because of this. Thanks a lot, Andrew and Pawel! -mi From owner-freebsd-net@FreeBSD.ORG Tue Jun 27 20:10:29 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 48A3E16A408; Tue, 27 Jun 2006 20:10:29 +0000 (UTC) (envelope-from mi+mx@aldan.algebra.com) Received: from aldan.algebra.com (aldan.algebra.com [216.254.65.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE70D43FEC; Tue, 27 Jun 2006 20:10:28 +0000 (GMT) (envelope-from mi+mx@aldan.algebra.com) Received: from corbulon.video-collage.com (static-151-204-231-237.bos.east.verizon.net [151.204.231.237]) by aldan.algebra.com (8.13.6/8.13.6) with ESMTP id k5RKAOvB095154 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 27 Jun 2006 16:10:27 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) Received: from [172.21.130.86] (mx-broadway [38.98.68.18]) by corbulon.video-collage.com (8.13.6/8.13.6) with ESMTP id k5RKAIxe087470 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 27 Jun 2006 16:10:18 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) From: Mikhail Teterin Organization: Virtual Estates, Inc. To: Pawel Worach Date: Tue, 27 Jun 2006 16:10:04 -0400 User-Agent: KMail/1.9.1 References: <200606271455.32276.mi+mx@aldan.algebra.com> <44A1816B.3030808@gmail.com> In-Reply-To: <44A1816B.3030808@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-u" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200606271610.04604.mi+mx@aldan.algebra.com> X-Virus-Scanned: ClamAV 0.88/1564/Mon Jun 26 10:55:16 2006 on corbulon.video-collage.com X-Virus-Status: Clean X-Scanned-By: MIMEDefang 2.43 Cc: freebsd-security@freebsd.org, net@freebsd.org Subject: Re: fetch http://localhost:6666 hangs X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jun 2006 20:10:29 -0000 в╕второк 27 червень 2006 15:05, Pawel Worach написав: > > I just noticed, that on my recent "6.1-STABLE #4: Thu Jun  8" amd64 > > system attempts to connect to a bogus port (like 6666) hang instead of > > failing with "Connection refused" immediately, as they on other systems. > > Using sysctl net.inet.tcp.blackhole=1 ? Yes, that's what it was... Got me thinking, though... Should the blackhole setting apply to localhost (and local IP addresses) at all? It is a security measure -- would be nicer to reduce its impact on legitimate activity... -mi From owner-freebsd-net@FreeBSD.ORG Tue Jun 27 21:21:46 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B545D16A58C for ; Tue, 27 Jun 2006 21:21:46 +0000 (UTC) (envelope-from infofarmer@gmail.com) Received: from wx-out-0102.google.com (wx-out-0102.google.com [66.249.82.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id C42B444A7F for ; Tue, 27 Jun 2006 19:07:48 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: by wx-out-0102.google.com with SMTP id s16so1019671wxc for ; Tue, 27 Jun 2006 12:07:46 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=QCj2zY/kY6IIWQP28UkiXupvO17dK+KWxVbzPzOjPMN8WhCfhBt0kokaUYtcWehuVjzBRWEGkZxT0MMua7l/Hupoi+XhDrgvLdaCLaV1jalzPlOraAPVaPFFgvgji4u5laY3L+BJwKRppAAOruzO8ohcFwbvu68GUyNcdXSX8xw= Received: by 10.70.80.16 with SMTP id d16mr46625wxb; Tue, 27 Jun 2006 12:07:46 -0700 (PDT) Received: by 10.70.83.15 with HTTP; Tue, 27 Jun 2006 12:07:46 -0700 (PDT) Message-ID: Date: Tue, 27 Jun 2006 23:07:46 +0400 From: "Andrew Pantyukhin" To: "Mikhail Teterin" In-Reply-To: <200606271455.32276.mi+mx@aldan.algebra.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <200606271455.32276.mi+mx@aldan.algebra.com> Cc: net@freebsd.org Subject: Re: fetch http://localhost:6666 hangs X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jun 2006 21:21:46 -0000 On 6/27/06, Mikhail Teterin wrote: > Hello! > > I just noticed, that on my recent "6.1-STABLE #4: Thu Jun 8" amd64 system > attempts to connect to a bogus port (like 6666) hang instead of failing > with "Connection refused" immediately, as they on other systems. My first thought is net.inet.tcp.blackhole sysctl. From owner-freebsd-net@FreeBSD.ORG Tue Jun 27 22:13:44 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9604B16A40F for ; Tue, 27 Jun 2006 22:13:44 +0000 (UTC) (envelope-from mi+mx@aldan.algebra.com) Received: from aldan.algebra.com (aldan.algebra.com [216.254.65.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1652B45CEA for ; Tue, 27 Jun 2006 22:13:43 +0000 (GMT) (envelope-from mi+mx@aldan.algebra.com) Received: from corbulon.video-collage.com (static-151-204-231-237.bos.east.verizon.net [151.204.231.237]) by aldan.algebra.com (8.13.6/8.13.6) with ESMTP id k5RMDf7W095473 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 27 Jun 2006 18:13:42 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) Received: from [172.21.130.86] (mx-broadway [38.98.68.18]) by corbulon.video-collage.com (8.13.6/8.13.6) with ESMTP id k5RMDZpc089916 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 27 Jun 2006 18:13:36 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) From: Mikhail Teterin Organization: Virtual Estates, Inc. To: net@freebsd.org Date: Tue, 27 Jun 2006 18:13:29 -0400 User-Agent: KMail/1.9.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200606271813.29980.mi+mx@aldan.algebra.com> X-Virus-Scanned: ClamAV 0.88/1568/Tue Jun 27 14:39:17 2006 on corbulon.video-collage.com X-Virus-Status: Clean X-Scanned-By: MIMEDefang 2.43 Cc: rizzo@icir.org Subject: using ipfw seems to interfere with socket communication X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jun 2006 22:13:44 -0000 After I added the following rules to my ipfw configuration: ipfw pipe 1 config bw 2000000000Mbit/s ipfw add 200 pipe 1 tcp from any to any The following test from Tcl's regression-test suite started to fail: set s [socket -server accept 0] set sock "" set s2 [socket 127.0.0.1 [lindex [fconfigure $s -sockname] 2]] vwait sock puts $s2 "one" flush $s2 after 500 fconfigure $sock -blocking 0 set result a:[gets $sock] lappend result b:[gets $sock] fconfigure $sock -blocking 1 puts $s2 "two" flush $s2 fconfigure $sock -blocking 0 lappend result c:[gets $sock] fconfigure $sock -blocking 1 close $s2 close $s close $sock set result Instead of the expected ``a:one b: c:two'', the result was consistently ``a:one b: c:''. This means, the gets in the line: lappend result c:[gets $sock] was always returning empty string, instead of the string "two", that was written into the socket and flushed. Is the test wrong, and such result is possible, or is dummynet triggering a bug? Unloading the dummynet module allows the test to succeed... Thanks! -mi From owner-freebsd-net@FreeBSD.ORG Wed Jun 28 00:07:12 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D67C16A400 for ; Wed, 28 Jun 2006 00:07:12 +0000 (UTC) (envelope-from pawel.worach@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.168]) by mx1.FreeBSD.org (Postfix) with ESMTP id 773DA44844 for ; Tue, 27 Jun 2006 19:05:19 +0000 (GMT) (envelope-from pawel.worach@gmail.com) Received: by ug-out-1314.google.com with SMTP id m3so1709090uge for ; Tue, 27 Jun 2006 12:05:18 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=daTt62/fgXo5RNxGQVv9LSzsxabKBwSy7sO1gEJzlfqGGvYexw7nIZKeJ0tNm3szA2ljGMUsNWstOuRG5x7ObR4xHXawpxgI8aHyZAj4at3i54+3pCwfG836ZwIB15PA/XUHLN3X5a41vKVHbn1yYNnJSe3hNHnj6xFcXEBYfZY= Received: by 10.78.178.5 with SMTP id a5mr2627623huf; Tue, 27 Jun 2006 12:05:18 -0700 (PDT) Received: from ?192.168.1.200? ( [80.217.194.157]) by mx.gmail.com with ESMTP id y1sm1949262hua.2006.06.27.12.05.17; Tue, 27 Jun 2006 12:05:18 -0700 (PDT) Message-ID: <44A1816B.3030808@gmail.com> Date: Tue, 27 Jun 2006 21:05:15 +0200 From: Pawel Worach User-Agent: Thunderbird 1.5.0.4 (X11/20060625) MIME-Version: 1.0 To: Mikhail Teterin References: <200606271455.32276.mi+mx@aldan.algebra.com> In-Reply-To: <200606271455.32276.mi+mx@aldan.algebra.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: net@freebsd.org Subject: Re: fetch http://localhost:6666 hangs X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jun 2006 00:07:12 -0000 Mikhail Teterin wrote: > Hello! > > I just noticed, that on my recent "6.1-STABLE #4: Thu Jun 8" amd64 system > attempts to connect to a bogus port (like 6666) hang instead of failing > with "Connection refused" immediately, as they on other systems. > Using sysctl net.inet.tcp.blackhole=1 ? -- Pawel From owner-freebsd-net@FreeBSD.ORG Wed Jun 28 10:32:44 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA64516A408 for ; Wed, 28 Jun 2006 10:32:44 +0000 (UTC) (envelope-from joe@tao.org.uk) Received: from mailhost.tao.org.uk (transwarp.tao.org.uk [87.74.4.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4499B44636 for ; Wed, 28 Jun 2006 10:32:43 +0000 (GMT) (envelope-from joe@tao.org.uk) Received: from genius.tao.org.uk (genius.pact.cpes.susx.ac.uk [139.184.130.240]) by mailhost.tao.org.uk (Postfix) with ESMTP id 0A5D25C1F for ; Wed, 28 Jun 2006 11:32:42 +0100 (BST) Received: by genius.tao.org.uk (Postfix, from userid 100) id 388FF4076; Wed, 28 Jun 2006 11:32:39 +0100 (BST) Date: Wed, 28 Jun 2006 11:32:39 +0100 From: Josef Karthauser To: freebsd-net@freebsd.org Message-ID: <20060628103238.GA815@genius.tao.org.uk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="KsGdsel6WgEHnImy" Content-Disposition: inline User-Agent: Mutt/1.5.11 Subject: Multiple IP addresses in a jail. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jun 2006 10:32:44 -0000 --KsGdsel6WgEHnImy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, I've got a jail on a machine running some web stuff and I need to add a second SSL web site to it. This would mean binding another IP address to the jail. Has anyone got a work around for this? Joe --=20 Josef Karthauser (joe@tao.org.uk) http://www.josef-k.net/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D An eclectic mix of fact an= d theory. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --KsGdsel6WgEHnImy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iEYEARECAAYFAkSiWsYACgkQXVIcjOaxUBYXhwCcDbGtLV93lO5BUCXkrkovOyGY f08AoIbymQfW3fvHd7R71pAkpwGexmvF =3r8G -----END PGP SIGNATURE----- --KsGdsel6WgEHnImy-- From owner-freebsd-net@FreeBSD.ORG Wed Jun 28 10:44:05 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA36A16A415; Wed, 28 Jun 2006 10:44:05 +0000 (UTC) (envelope-from regnauld@catpipe.net) Received: from moof.catpipe.net (moof.catpipe.net [195.249.214.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7607243D98; Wed, 28 Jun 2006 10:44:04 +0000 (GMT) (envelope-from regnauld@catpipe.net) Received: from localhost (localhost [127.0.0.1]) by localhost.catpipe.net (Postfix) with ESMTP id 23A311B36D; Wed, 28 Jun 2006 12:44:03 +0200 (CEST) Received: from moof.catpipe.net ([127.0.0.1]) by localhost (moof.catpipe.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02437-06; Wed, 28 Jun 2006 12:43:58 +0200 (CEST) Received: from vinyl.catpipe.net (vinyl.catpipe.net [195.249.214.189]) by moof.catpipe.net (Postfix) with ESMTP id CF4F31B357; Wed, 28 Jun 2006 12:43:58 +0200 (CEST) Received: by vinyl.catpipe.net (Postfix, from userid 1006) id A822D78C31; Wed, 28 Jun 2006 12:39:50 +0200 (CEST) Date: Wed, 28 Jun 2006 12:39:50 +0200 From: Phil Regnauld To: Josef Karthauser Message-ID: <20060628103949.GJ2005@catpipe.net> References: <20060628103238.GA815@genius.tao.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060628103238.GA815@genius.tao.org.uk> X-Operating-System: FreeBSD 6.1-PRERELEASE i386 Organization: catpipe Systems ApS User-Agent: Mutt/1.5.11 X-Virus-Scanned: amavisd-new at catpipe.net Cc: freebsd-net@freebsd.org Subject: Re: Multiple IP addresses in a jail. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jun 2006 10:44:05 -0000 Josef Karthauser (joe) writes: > Hi, > > I've got a jail on a machine running some web stuff and I need to add a > second SSL web site to it. This would mean binding another IP address > to the jail. Has anyone got a work around for this? Yes, use Pawel's patches: http://people.freebsd.org/~pjd/patches/jail_2006012001.patch Older readme here: http://garage.freebsd.pl/mijail5.README From owner-freebsd-net@FreeBSD.ORG Wed Jun 28 22:25:39 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC34716A4A6 for ; Wed, 28 Jun 2006 22:25:39 +0000 (UTC) (envelope-from jelischer@ironport.com) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id CF2FE44344 for ; Wed, 28 Jun 2006 22:23:26 +0000 (GMT) (envelope-from jelischer@ironport.com) DomainKey-Signature: s=key512; d=ironport.com; c=nofws; q=dns; b=XIZhuGFK+2YVMPXbwLw61nJB9kXvV5bwPJ5w7PqrAOgOoOLaI+HQV3YcRPln0hshKyqcgT7UXBgsPXDb/jtgxg==; Received: from unknown (HELO [10.251.17.220]) ([10.251.17.220]) by a50.ironport.com with ESMTP; 28 Jun 2006 15:23:26 -0700 Message-ID: <44A3015C.6070902@ironport.com> Date: Wed, 28 Jun 2006 15:23:24 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: FreeBSD Net Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Netconfig X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jun 2006 22:25:39 -0000 what the *@#$ is a Netconfig database and why do I suddenly need one? no such animal in 4.x etc. From owner-freebsd-net@FreeBSD.ORG Thu Jun 29 03:09:06 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 810AF16A4B3 for ; Thu, 29 Jun 2006 03:09:06 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.183]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8668A4511F for ; Thu, 29 Jun 2006 02:40:35 +0000 (GMT) (envelope-from chrcoluk@gmail.com) Received: by py-out-1112.google.com with SMTP id t32so67212pyc for ; Wed, 28 Jun 2006 19:40:34 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=AWXBWNVr4Xax7UjJQ8ciDNgDLrVAXvt/02JilKoWhIBQAI6rFV6zKxEfeuqzAEDDRMh97go7U/L0W6BAWLhitRg9bPrAzlDpLQhyvmCzylVBmfWn6wcg1OEXXGP8sppjHVQVnmdNb8WYZBiIJf7RK7Xo7a05EYuLjsYuOKpegBQ= Received: by 10.35.18.18 with SMTP id v18mr946036pyi; Wed, 28 Jun 2006 19:40:33 -0700 (PDT) Received: by 10.35.36.18 with HTTP; Wed, 28 Jun 2006 19:40:33 -0700 (PDT) Message-ID: <3aaaa3a0606281940k63c77ebfga84a854b2cd4ed84@mail.gmail.com> Date: Thu, 29 Jun 2006 03:40:33 +0100 From: Chris To: "Phil Regnauld" In-Reply-To: <20060628103949.GJ2005@catpipe.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20060628103238.GA815@genius.tao.org.uk> <20060628103949.GJ2005@catpipe.net> Cc: freebsd-net@freebsd.org Subject: Re: Multiple IP addresses in a jail. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jun 2006 03:09:06 -0000 On 28/06/06, Phil Regnauld wrote: > Josef Karthauser (joe) writes: > > Hi, > > > > I've got a jail on a machine running some web stuff and I need to add a > > second SSL web site to it. This would mean binding another IP address > > to the jail. Has anyone got a work around for this? > > Yes, use Pawel's patches: > > http://people.freebsd.org/~pjd/patches/jail_2006012001.patch > > Older readme here: > > http://garage.freebsd.pl/mijail5.README > > these patches have been around a while, any reason why its not been ported to the base code? seems a trivial function to have, single ip jail is very limiting. thanks Chris From owner-freebsd-net@FreeBSD.ORG Thu Jun 29 08:01:47 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D51D816A412 for ; Thu, 29 Jun 2006 08:01:47 +0000 (UTC) (envelope-from trashy_bumper@yahoo.com) Received: from web36303.mail.mud.yahoo.com (web36303.mail.mud.yahoo.com [209.191.84.233]) by mx1.FreeBSD.org (Postfix) with SMTP id 5D20B43D69 for ; Thu, 29 Jun 2006 08:01:47 +0000 (GMT) (envelope-from trashy_bumper@yahoo.com) Received: (qmail 26529 invoked by uid 60001); 29 Jun 2006 08:01:46 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=lzxTCe4ECpx928ukYvhxzTIcqnACUWK6LM+r+WrG2cTNJiGXfwW2udNfK2nJh7GAro+RnCDcGv4s7khpYrocfPrzaqDj6pVYRhJOwfod1s5zlnKYrkyunPpSIiZS6Mxk3LzQCnFD8AwiCDSuhQ+uc1Ep5Y6VOY5Cz672OpMgeh4= ; Message-ID: <20060629080146.26527.qmail@web36303.mail.mud.yahoo.com> Received: from [213.227.206.11] by web36303.mail.mud.yahoo.com via HTTP; Thu, 29 Jun 2006 01:01:46 PDT Date: Thu, 29 Jun 2006 01:01:46 -0700 (PDT) From: Nash Nipples To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: Netconfig X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jun 2006 08:01:47 -0000 netconfig looks like a new bill gates out of FreeBSD box. u dont need it. chill Julian Elischer wrote: what the *@#$ is a Netconfig database and why do I suddenly need one? no such animal in 4.x etc. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" --------------------------------- How low will we go? Check out Yahoo! MessengerО©╫s low PC-to-Phone call rates. --------------------------------- Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2╒/min or less. From owner-freebsd-net@FreeBSD.ORG Thu Jun 29 08:25:24 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C35F216A407 for ; Thu, 29 Jun 2006 08:25:24 +0000 (UTC) (envelope-from maxim@macomnet.ru) Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 237C043D69 for ; Thu, 29 Jun 2006 08:25:23 +0000 (GMT) (envelope-from maxim@macomnet.ru) Received: from localhost (localhost.int.ru [127.0.0.1] (may be forged)) by mp2.macomnet.net (8.13.7/8.13.3) with ESMTP id k5T8PLnt011468; Thu, 29 Jun 2006 12:25:22 +0400 (MSD) (envelope-from maxim@macomnet.ru) Date: Thu, 29 Jun 2006 12:25:21 +0400 (MSD) From: Maxim Konovalov To: Julian Elischer In-Reply-To: <44A3015C.6070902@ironport.com> Message-ID: <20060629122147.O10232@mp2.macomnet.net> References: <44A3015C.6070902@ironport.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: FreeBSD Net Subject: Re: Netconfig X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jun 2006 08:25:24 -0000 On Wed, 28 Jun 2006, 15:23-0700, Julian Elischer wrote: > what the *@#$ is a Netconfig database and why do I suddenly need one? > no such animal in 4.x etc. man 5 netconfig, portmap(8) in RELENG_4 vs rpcbind(3,8) in RELENG_5,6 and HEAD. -- Maxim Konovalov From owner-freebsd-net@FreeBSD.ORG Thu Jun 29 17:21:48 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9149316A417; Thu, 29 Jun 2006 17:21:48 +0000 (UTC) (envelope-from julian@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4454A44345; Thu, 29 Jun 2006 17:21:41 +0000 (GMT) (envelope-from julian@elischer.org) Received: from unknown (HELO [10.251.17.220]) ([10.251.17.220]) by a50.ironport.com with ESMTP; 29 Jun 2006 10:21:41 -0700 Message-ID: <44A40C25.904@elischer.org> Date: Thu, 29 Jun 2006 10:21:41 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Yar Tikhiy References: <200606290752.k5T7qU06021639@repoman.freebsd.org> <20060629132354.D73145@mp2.macomnet.net> <20060629131201.GA67682@comp.chem.msu.su> In-Reply-To: <20060629131201.GA67682@comp.chem.msu.su> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Net , src-committers@FreeBSD.org Subject: Re: cvs commit: src/sys/net if_vlan.c X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jun 2006 17:21:48 -0000 Yar Tikhiy wrote: >On Thu, Jun 29, 2006 at 01:24:56PM +0400, Maxim Konovalov wrote: > > >>On Thu, 29 Jun 2006, 07:52-0000, Yar Tikhiy wrote: >> >> >> >>>yar 2006-06-29 07:52:30 UTC >>> >>> FreeBSD src repository >>> >>> Modified files: >>> sys/net if_vlan.c >>> Log: >>> Detach the interface first, do vlan_unconfig() then. >>> Previously, another thread could get a pointer to the >>> interface by scanning the system-wide list and sleep >>> on the global vlan mutex held by vlan_unconfig(). >>> The interface was gone by the time the other thread >>> woke up. >>> >>> In order to be able to call vlan_unconfig() on a detached >>> interface, remove the purely cosmetic bzero'ing of IF_LLADDR >>> from the function because a detached interface has no addresses. >>> >>> Noticed by: a stress-testing script by maxim >>> Reviewed by: glebius >>> >>> >>Still no cookie :-) >> >>db> bt >>Tracing pid 75800 tid 100098 td 0xc2b0e960 >>in_control(c2a1c67c,c02069f6,c40eece0,c2e66000,c2b0e960) at in_control+0x114 >>ifioctl(c2a1c67c,c02069f6,c40eece0,c2b0e960,0,...) at ifioctl+0xee >>soo_ioctl(c27cb4c8,c02069f6,c40eece0,c2c04980,c2b0e960) at soo_ioctl+0x2db >>ioctl(c2b0e960,d56a4d04) at ioctl+0x370 >>syscall(3b,3b,3b,bfbfe2c4,0,...) at syscall+0x27e >>Xint0x80_syscall() at Xint0x80_syscall+0x1f >>--- syscall (54, FreeBSD ELF32, ioctl), eip = 0x2817cb43, esp = >>0xbfbfe28c, ebp = 0xbfbfe2d8 --- >> >>Let me know if you need more info. >> >> > >I stress tested gif(4) in the same manner for kicks and got a very >similar panic in in_control(). I suppose that my change eliminated >a concurrency problem in vlan(4) and we began to feel the lack of >refcounting at ifnet level. Indeed, a thread can keep a pointer >to an ifnet beyond its lifetime and panic the system on access to >the dead ifnet. > > > Unfortunatly, since mbufs point to ifnets it is almost impossible to "efficiently" refcount ifnets. Mbufs may persist almost indefinitly in a socket receive buffer, well after the given receive interface has gone away. I submitted patches to full real referenc counting of ifnets in 1995 but it was already too cumbersom then, and since then it has gotten worse. (due to SMP etc.) The solution I guess is to make mbufs reference ifnets by some indirect method that can be validity checked. The same solution was used to fix a reference problem with proc structures in 1992. (the PID was stored in some places instead of struct proc *). Basically, we assign a monatomically increasing number (assuming no wrap) to every interface. We keep that number in a hash with a pointer to the ifnet. We change the ifp in mbuf headers to hold that number, and always access it with a function (ifnum2ifp(ifnum)) and if it returns NULL then we drop the packet as its receive interface has gone away. There is already an interface number, but it gets re-used. (maybe that is not a problem?). You probably should still take out a refeence on the ifnet (or a lock) if you decide to make use of the ifnet. (e.g. probably ipfw should do something to stop it from going away while it is testing recv interface). this of course introduces some overhead.. how much we can afford is another question. From owner-freebsd-net@FreeBSD.ORG Thu Jun 29 17:46:09 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0E38716A505 for ; Thu, 29 Jun 2006 17:46:09 +0000 (UTC) (envelope-from haisang@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B9A043D82 for ; Thu, 29 Jun 2006 17:45:59 +0000 (GMT) (envelope-from haisang@gmail.com) Received: by nz-out-0102.google.com with SMTP id m22so279472nzf for ; Thu, 29 Jun 2006 10:45:58 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=b9sNVoMprx4HhjHBw7sSXxY2DiqNIuKnx9kKpKMZoDR8QQAWmjJg/sGQ+UKTlMfoXAHV3qgvRiOGpkcUdAHx4WrBjpZ5Jc9JYyuqdOWV7LdOQupr/98B2g1rWiAr/R1h5/z0gCLJr0M36AVxo8k6UOWC2KOv5JAne9Gl/DkQfZQ= Received: by 10.36.106.5 with SMTP id e5mr3349506nzc; Thu, 29 Jun 2006 10:45:58 -0700 (PDT) Received: by 10.37.15.29 with HTTP; Thu, 29 Jun 2006 10:45:58 -0700 (PDT) Message-ID: Date: Thu, 29 Jun 2006 10:45:58 -0700 From: "Haisang Wu" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Reading m_flags in tcp_output and tcp_input X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jun 2006 17:46:09 -0000 Hello, I need to read m_flags of a mbuf in an TCP application in the following two cases: (1) in sending direction, right before TCP calls ip_output() to send out a packet, (2) in receiving direction, right before TCP appends a packet to so_rcv of the corresponding socket and wakes up the socket. My understandings are: for (1), tcp_output() only calls ip_output() once, so right before that function call, I should read the m_flags. For (2), tcp_input() is more complex and calls insbappendstream_locked() twice, one for fast path processing, and one for slow path processing. I think I should read m_flags before both of the two insbappendstream_locked() function calls. I am using freebsd 5.4. Could you let me know whether my above understandings are correct, and provide some suggestions? Thank you! Haisang From owner-freebsd-net@FreeBSD.ORG Thu Jun 29 22:57:22 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9ED1916A794 for ; Thu, 29 Jun 2006 22:57:22 +0000 (UTC) (envelope-from JRANA@nortel.com) Received: from zcars04f.nortel.com (zcars04f.nortel.com [47.129.242.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id F1E8C4588C for ; Thu, 29 Jun 2006 22:27:58 +0000 (GMT) (envelope-from JRANA@nortel.com) Received: from zrc2hxm0.corp.nortel.com (zrc2hxm0.corp.nortel.com [47.103.123.71]) by zcars04f.nortel.com (Switch-2.2.6/Switch-2.2.0) with ESMTP id k5TMRt608910 for ; Thu, 29 Jun 2006 18:27:55 -0400 (EDT) X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Thu, 29 Jun 2006 17:27:35 -0500 Message-ID: In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Query :Regading IPv6 logo phase 1 Thread-Index: AcabpSaIOE1t9y2sTYux53BvJtYvBwAJXtcg From: "Jeewan Rana" To: Subject: Query :Regading IPv6 logo phase 1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jun 2006 22:57:22 -0000 Hi all, To getting the IPv6logo phase 1 , Interoperability test case is necessary or only self-test case result is enough to get ipv6 logo phase 1. Reagards jeewan -----Original Message----- From: owner-freebsd-net@freebsd.org [mailto:owner-freebsd-net@freebsd.org] On Behalf Of Haisang Wu Sent: Thursday, June 29, 2006 10:46 AM To: freebsd-net@freebsd.org Subject: Reading m_flags in tcp_output and tcp_input Hello, I need to read m_flags of a mbuf in an TCP application in the following two cases: (1) in sending direction, right before TCP calls ip_output() to send out a packet, (2) in receiving direction, right before TCP appends a packet to so_rcv of the corresponding socket and wakes up the socket. My understandings are: for (1), tcp_output() only calls ip_output() once, so right before that function call, I should read the m_flags. For (2), tcp_input() is more complex and calls insbappendstream_locked() twice, one for fast path processing, and one for slow path processing. I think I should read m_flags before both of the two insbappendstream_locked() function calls. I am using freebsd 5.4. Could you let me know whether my above understandings are correct, and provide some suggestions? Thank you! Haisang _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Thu Jun 29 23:08:04 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 65F1016A4DA; Thu, 29 Jun 2006 23:08:04 +0000 (UTC) (envelope-from mi+mx@aldan.algebra.com) Received: from aldan.algebra.com (aldan.algebra.com [216.254.65.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id B914443E5F; Thu, 29 Jun 2006 23:07:56 +0000 (GMT) (envelope-from mi+mx@aldan.algebra.com) Received: from corbulon.video-collage.com (static-151-204-231-237.bos.east.verizon.net [151.204.231.237]) by aldan.algebra.com (8.13.6/8.13.6) with ESMTP id k5TN7iSS083841 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 29 Jun 2006 19:07:54 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) Received: from [172.21.130.86] (mx-broadway [38.98.68.18]) by corbulon.video-collage.com (8.13.6/8.13.6) with ESMTP id k5TN7c04022822 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 29 Jun 2006 19:07:39 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) From: Mikhail Teterin Organization: Virtual Estates, Inc. To: net@freebsd.org Date: Thu, 29 Jun 2006 19:07:18 -0400 User-Agent: KMail/1.9.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200606291907.19006.mi+mx@aldan.algebra.com> X-Virus-Scanned: ClamAV 0.88/1577/Thu Jun 29 16:18:18 2006 on corbulon.video-collage.com X-Virus-Status: Clean X-Scanned-By: MIMEDefang 2.43 Cc: questions@freebsd.org Subject: a secure equivalent to rcmd() and rexec() ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jun 2006 23:08:04 -0000 I'm wondering, if there exists a secure equivalent to rcmd/rexec? Perhaps, somewhere in libssh? I need to send data to a command line on another machine, but popen-ing an ssh session seems like a rather inferior method, because there is no way to (portably) access the command's stderr... Thanks! -mi From owner-freebsd-net@FreeBSD.ORG Fri Jun 30 03:53:54 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 06FFF16A40F for ; Fri, 30 Jun 2006 03:53:54 +0000 (UTC) (envelope-from nikolas.britton@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 943CB43D48 for ; Fri, 30 Jun 2006 03:53:53 +0000 (GMT) (envelope-from nikolas.britton@gmail.com) Received: by nz-out-0102.google.com with SMTP id n29so236800nzf for ; Thu, 29 Jun 2006 20:53:52 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=HYPB+NBM7Avc9QpxRK1VTWrHFmcxoAFDtwdulP+zaY7HRBu5YHBIKmDfnJsNvaxYxEoDA2wNaUNUV0MxBUExr3kTX0sMxG0KrcU8yuFEttXZal+iyIYj8M9BFQWuLv/ygLO/DvVAfIJO2et5E9WP5hvX37UjgtmAZ3MV2S0Y6eg= Received: by 10.36.50.15 with SMTP id x15mr237472nzx; Thu, 29 Jun 2006 20:53:52 -0700 (PDT) Received: by 10.36.12.11 with HTTP; Thu, 29 Jun 2006 20:53:52 -0700 (PDT) Message-ID: Date: Thu, 29 Jun 2006 22:53:52 -0500 From: "Nikolas Britton" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Marvell YukonII Status Update? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jun 2006 03:53:54 -0000 Anyone know what's going on with YukonII support in FreeBSD, specifically the Marvell chips used in PCI-Express add-on cards? Last I checked somebody was developing an experimental driver and Marvell had just released the code to their FreeBSD 5.x/6.x driver: mykbsd60x86-8.12.2.3.tar (bindary kmod package) mykbsd60x86-8.12.1.3-src.tgz (source code) Has checksum offloading or the performance problems been fixed? Has Marvell updated their driver? Is someone going to commit Marvell's driver to -CURRENT? And what's happening with the experimental driver? -- BSD Podcasts @: http://bsdtalk.blogspot.com/ http://freebsdforall.blogspot.com/ From owner-freebsd-net@FreeBSD.ORG Fri Jun 30 06:26:42 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EEA0E16A510 for ; Fri, 30 Jun 2006 06:26:42 +0000 (UTC) (envelope-from pyunyh@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B44444490 for ; Fri, 30 Jun 2006 06:07:40 +0000 (GMT) (envelope-from pyunyh@gmail.com) Received: by nz-out-0102.google.com with SMTP id j2so6869nzf for ; Thu, 29 Jun 2006 23:07:39 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:to:cc:subject:message-id:reply-to:references:mime-version:content-type:content-disposition:in-reply-to:user-agent; b=VC1Ub8ksJxxA0mhunM51zE3yhN1x55LjGTtig9//2AULGwhcXKaz9JLffo9n0KbJVknQgQOrM1dOwLTUPxLlupuLJmbjHiHp+YHRchLzLM5XZz/OmbuX0EhGP4j7q1gxwYrgKy4TWL7+w/qfm6tSMULMkJL2dtwgwohGrwGZgPo= Received: by 10.36.118.8 with SMTP id q8mr342325nzc; Thu, 29 Jun 2006 23:07:39 -0700 (PDT) Received: from michelle.cdnetworks.co.kr ( [211.53.35.84]) by mx.gmail.com with ESMTP id 20sm2169295nzp.2006.06.29.23.07.37; Thu, 29 Jun 2006 23:07:39 -0700 (PDT) Received: from michelle.cdnetworks.co.kr (localhost.cdnetworks.co.kr [127.0.0.1]) by michelle.cdnetworks.co.kr (8.13.5/8.13.5) with ESMTP id k5U69vvk051910 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 30 Jun 2006 15:09:57 +0900 (KST) (envelope-from pyunyh@gmail.com) Received: (from yongari@localhost) by michelle.cdnetworks.co.kr (8.13.5/8.13.5/Submit) id k5U69u2Q051909; Fri, 30 Jun 2006 15:09:56 +0900 (KST) (envelope-from pyunyh@gmail.com) Date: Fri, 30 Jun 2006 15:09:56 +0900 From: Pyun YongHyeon To: Nikolas Britton Message-ID: <20060630060956.GA51353@cdnetworks.co.kr> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: Marvell YukonII Status Update? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: pyunyh@gmail.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jun 2006 06:26:43 -0000 On Thu, Jun 29, 2006 at 10:53:52PM -0500, Nikolas Britton wrote: > Anyone know what's going on with YukonII support in FreeBSD, > specifically the Marvell chips used in PCI-Express add-on cards? > > Last I checked somebody was developing an experimental driver and > Marvell had just released the code to their FreeBSD 5.x/6.x driver: > mykbsd60x86-8.12.2.3.tar (bindary kmod package) > mykbsd60x86-8.12.1.3-src.tgz (source code) > I don't know current status of the driver. ATM FreeBSD YukonII driver has stability issues and the driver needs big cleanups if we import the driver into src tree. But I wouldn't do the job and I'll spend my spare time to other thing. I know, from my previous experience(sk(4), stge(4)), how difficult to write a driver without a document and how hard to write a correct driver without knowing hardware internals. I'm sure there are many developers eager to write YukonII driver if they can access the hardware documentation. However I think there is no possibility that Marvell releases their chip documentations. > Has checksum offloading or the performance problems been fixed? Has > Marvell updated their driver? Is someone going to commit Marvell's > driver to -CURRENT? And what's happening with the experimental driver? > We need a working/stable driver first. -- Regards, Pyun YongHyeon From owner-freebsd-net@FreeBSD.ORG Fri Jun 30 08:20:51 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D604216A412; Fri, 30 Jun 2006 08:20:51 +0000 (UTC) (envelope-from nospam@mgedv.net) Received: from mail.mgedv.net (mail.mgedv.net [81.223.168.230]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6840144291; Fri, 30 Jun 2006 08:20:47 +0000 (GMT) (envelope-from nospam@mgedv.net) Received: from metis (sslint.my.loop [1.1.1.1]) by mail.my.loop (mgedv) with ESMTP id 14571457A2; Fri, 30 Jun 2006 10:20:45 +0200 (CEST) From: "no@spam@mgedv.net" To: "'Mikhail Teterin'" , Date: Fri, 30 Jun 2006 10:20:47 +0200 Message-ID: <004501c69c1e$1787de50$01010101@avalon.lan> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 In-Reply-To: <200606291907.19006.mi+mx@aldan.algebra.com> Thread-Index: Acab0X8hg0OMjXoiT9yJ5i//yMFBtQASoiiQ Cc: questions@freebsd.org Subject: RE: a secure equivalent to rcmd() and rexec() ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jun 2006 08:20:51 -0000 > I need to send data to a command line on another machine, but > popen-ing an ssh > session seems like a rather inferior method, because there is > no way to > (portably) access the command's stderr... > not sure if this is the answer you want, but: what if you tunnel the rcmd/rexec commands through an encrypted tunnel? you could use pf and stunnel to redirect traffic, maybe that helps. it's obviously not a development solution but an administrative, maybe working one ;-) From owner-freebsd-net@FreeBSD.ORG Fri Jun 30 11:01:24 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3AA4F16A416; Fri, 30 Jun 2006 11:01:24 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id D9D9943D49; Fri, 30 Jun 2006 11:01:23 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 46D3446C38; Fri, 30 Jun 2006 07:01:23 -0400 (EDT) Date: Fri, 30 Jun 2006 12:01:23 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Julian Elischer In-Reply-To: <44A40C25.904@elischer.org> Message-ID: <20060630115749.G3964@fledge.watson.org> References: <200606290752.k5T7qU06021639@repoman.freebsd.org> <20060629132354.D73145@mp2.macomnet.net> <20060629131201.GA67682@comp.chem.msu.su> <44A40C25.904@elischer.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Yar Tikhiy , src-committers@FreeBSD.org, FreeBSD Net Subject: Re: cvs commit: src/sys/net if_vlan.c X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jun 2006 11:01:24 -0000 On Thu, 29 Jun 2006, Julian Elischer wrote: >> I stress tested gif(4) in the same manner for kicks and got a very similar >> panic in in_control(). I suppose that my change eliminated a concurrency >> problem in vlan(4) and we began to feel the lack of refcounting at ifnet >> level. Indeed, a thread can keep a pointer to an ifnet beyond its lifetime >> and panic the system on access to the dead ifnet. > > Unfortunatly, since mbufs point to ifnets it is almost impossible to > "efficiently" refcount ifnets. Mbufs may persist almost indefinitly in a > socket receive buffer, well after the given receive interface has gone away. > I submitted patches to full real referenc counting of ifnets in 1995 but it > was already too cumbersom then, and since then it has gotten worse. (due to > SMP etc.) Partial solutions are possible here -- even if we don't immediately fix the mbuf pointer issue, we can fix other types of ifnet references to be real, such as references from heavier weight administrative structures and operations, even if mbufs don't get them. It's been suggested that interfaces become dead and be GC'd after a timeout in order to reduce the chances of mbuf related races. I think this is a pretty reasonable work-around to the general problem here, especially if "dead" is really implemented properly. An example of a "bad" implementation of dead would have the ifnet continue to be visible and occupy space in the interface name space, preventing tun0 from being immediately reallocated after it is destroyed. A better implementation would have all external signs of the ifnet disappear, except that the pointer remains minimally valid for a few seconds. Not ideal, but better than reference counting ifnets from mbufs. For gif interfaces, etc, real references are possible and desirable. Robert N M Watson Computer Laboratory University of Cambridge From owner-freebsd-net@FreeBSD.ORG Fri Jun 30 16:37:45 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2649116A4D1 for ; Fri, 30 Jun 2006 16:37:45 +0000 (UTC) (envelope-from rrs@cisco.com) Received: from sj-iport-2.cisco.com (sj-iport-2-in.cisco.com [171.71.176.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id CAB2843E41 for ; Fri, 30 Jun 2006 16:36:12 +0000 (GMT) (envelope-from rrs@cisco.com) Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-2.cisco.com with ESMTP; 30 Jun 2006 09:36:12 -0700 X-IronPort-AV: i="4.06,197,1149490800"; d="scan'208"; a="326788313:sNHT102129046" Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id k5UGaC6T032573 for ; Fri, 30 Jun 2006 09:36:12 -0700 Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k5UGaCke027990 for ; Fri, 30 Jun 2006 09:36:12 -0700 (PDT) Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Fri, 30 Jun 2006 09:36:11 -0700 Received: from [127.0.0.1] ([171.68.225.134]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Fri, 30 Jun 2006 09:36:11 -0700 Message-ID: <44A552FA.2030302@cisco.com> Date: Fri, 30 Jun 2006 12:36:10 -0400 From: Randall Stewart User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20060223 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 30 Jun 2006 16:36:11.0773 (UTC) FILETIME=[4C0502D0:01C69C63] DKIM-Signature: a=rsa-sha1; q=dns; l=952; t=1151685372; x=1152549372; c=relaxed/simple; s=sjdkim3001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rrs@cisco.com; z=From:Randall=20Stewart=20 |Subject:SCTP; X=v=3Dcisco.com=3B=20h=3D0Jl4XtltVIX4NVQMAcVRN0XNvT4=3D; b=VaBp93kvy32EKx48r0dr/qWNzO21gSxvUdKzHGP+K9fa6leC9iQwcv89XyDi92alQ00HnUHI J+yQodozJN1lZRdxIK888Qg/0lBg/XPBfZ9dh1vJXKDS+oudxTXPS8c3; Authentication-Results: sj-dkim-3.cisco.com; header.From=rrs@cisco.com; dkim=pass ( sig from cisco.com verified; ); Subject: SCTP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jun 2006 16:37:45 -0000 Hi all: The following link: http://www.sctp.org/cvs_diff_6_30.bz2 Will get you a large patch that you can apply to Current that will add SCTP. Its a bzip2 patch file since it is so large :-D It includes the changes to a few base files.. and mainly its the complete files diff'd against this mornings current cvs... Yes, I know that the build is broken in acpi/acpi_asus but the sctp code did compile and build a kernel for me... so once the above is fixed.. you should be able to use the patch and check it out :-D Oh, you will need to add option SCTP to your kernel conf... and it might not hurt to do a make sysent in sys/kern I will prepare a seperate file for the overall libsctp.a once I figure out where it should go :-D Happy SCTPing.. and if you have any problems with the patch please send me an email :-D R -- Randall Stewart NSSTG - Cisco Systems Inc. 803-345-0369 815-342-5222 (cell) From owner-freebsd-net@FreeBSD.ORG Fri Jun 30 20:32:18 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 02FCE16A412 for ; Fri, 30 Jun 2006 20:32:18 +0000 (UTC) (envelope-from mi+mx@aldan.algebra.com) Received: from zig.murex.com (mail.murex.com [194.98.239.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 55B8544314; Fri, 30 Jun 2006 20:32:17 +0000 (GMT) (envelope-from mi+mx@aldan.algebra.com) Received: from interscan.fr.murex.com (interscan.fr.murex.com [172.21.17.207] (may be forged)) by zig.murex.com with ESMTP id k5UKZNGw015671; Fri, 30 Jun 2006 22:35:23 +0200 (CEST) Received: from mxmail.murex.com (interscan.murex.fr [127.0.0.1]) by interscan.fr.murex.com (8.11.6/8.11.6) with ESMTP id k5UKel920685; Fri, 30 Jun 2006 22:40:47 +0200 Received: from [172.21.130.86] ([172.21.130.86]) by mxmail.murex.com with Microsoft SMTPSVC(6.0.3790.0); Fri, 30 Jun 2006 22:30:58 +0200 From: Mikhail Teterin Organization: Virtual Estates, Inc. To: net@freebsd.org Date: Fri, 30 Jun 2006 16:31:43 -0400 User-Agent: KMail/1.9.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200606301631.44061.mi+mx@aldan.algebra.com> X-OriginalArrivalTime: 30 Jun 2006 20:30:58.0379 (UTC) FILETIME=[184A81B0:01C69C84] Cc: question@freebsd.org Subject: Struggling with rcmd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jun 2006 20:32:18 -0000 Why does not the following work? rem = rcmd(&host, sp->s_port, pwd->pw_name, user, copyargs(argv), &remerr); if (rem < 0) exit(EX_UNAVAILABLE); if (remerr < 0) warn("Can't establish stderr channel (%d)", remerr); It only works, the specified remote commands is entirely self-contained (like "touch /tmp/tag" -- the /tmp/tag appears on the remote system). However, the remerr is never filled with the file descriptor -- whatever value it has before the rcmd call, stays in it: rcmd: Can't establish stderr channel (-3): Unknown error: 0 Thanks! -mi From owner-freebsd-net@FreeBSD.ORG Sat Jul 1 04:57:03 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4FB3F16A4DD for ; Sat, 1 Jul 2006 04:57:03 +0000 (UTC) (envelope-from nikolas.britton@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.195]) by mx1.FreeBSD.org (Postfix) with ESMTP id 60A4A44143 for ; Sat, 1 Jul 2006 04:39:15 +0000 (GMT) (envelope-from nikolas.britton@gmail.com) Received: by nz-out-0102.google.com with SMTP id x7so263617nzc for ; Fri, 30 Jun 2006 21:39:14 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=tsvvur6C9QQuhdFD4ASDtMtsim094O9eYcDxqb+FAn5oJPLFd+UDorYELflDFvdd+q0X+FIysU2N18fLLOzFuYsJTpqly4Y1V4FpIklBw8DuROmvwBLfTDzs3xjgTJDD67KPRdrVZ0j2ZOr/S97etliR1InRILlfZPHTrC4/KFQ= Received: by 10.36.113.8 with SMTP id l8mr1522118nzc; Fri, 30 Jun 2006 21:39:14 -0700 (PDT) Received: by 10.36.12.11 with HTTP; Fri, 30 Jun 2006 21:39:14 -0700 (PDT) Message-ID: Date: Fri, 30 Jun 2006 23:39:14 -0500 From: "Nikolas Britton" To: pyunyh@gmail.com In-Reply-To: <20060630060956.GA51353@cdnetworks.co.kr> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20060630060956.GA51353@cdnetworks.co.kr> Cc: freebsd-net@freebsd.org Subject: Re: Marvell YukonII Status Update? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Jul 2006 04:57:03 -0000 On 6/30/06, Pyun YongHyeon wrote: > On Thu, Jun 29, 2006 at 10:53:52PM -0500, Nikolas Britton wrote: > > Anyone know what's going on with YukonII support in FreeBSD, > > specifically the Marvell chips used in PCI-Express add-on cards? > > > > Last I checked somebody was developing an experimental driver and > > Marvell had just released the code to their FreeBSD 5.x/6.x driver: > > mykbsd60x86-8.12.2.3.tar (bindary kmod package) > > mykbsd60x86-8.12.1.3-src.tgz (source code) > > > > I don't know current status of the driver. ATM FreeBSD YukonII > driver has stability issues and the driver needs big cleanups > if we import the driver into src tree. But I wouldn't do the > job and I'll spend my spare time to other thing. > I know, from my previous experience(sk(4), stge(4)), how > difficult to write a driver without a document and how hard to > write a correct driver without knowing hardware internals. I'm > sure there are many developers eager to write YukonII driver if > they can access the hardware documentation. However I think there > is no possibility that Marvell releases their chip documentations. > Marvell will give you the docs if you sign an NDA, I know it's stupid but I think it's the only way... unless we vote with the wallet... Who has PCI-Express gigabit NIC cards that meet the following criteria?: a) Supported by FreeBSD. b) Unencumbered documentation. c) Checksum offloading. -- BSD Podcasts @: http://bsdtalk.blogspot.com/ http://freebsdforall.blogspot.com/ From owner-freebsd-net@FreeBSD.ORG Sat Jul 1 05:17:13 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B73A16CB27 for ; Sat, 1 Jul 2006 05:16:14 +0000 (UTC) (envelope-from pyunyh@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id B2CB643D48 for ; Sat, 1 Jul 2006 05:16:13 +0000 (GMT) (envelope-from pyunyh@gmail.com) Received: by nz-out-0102.google.com with SMTP id x3so135035nzd for ; Fri, 30 Jun 2006 22:16:13 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:to:cc:subject:message-id:reply-to:references:mime-version:content-type:content-disposition:in-reply-to:user-agent; b=Q7LGlenmYsmqdYg7A4JoXAFfKdR1/9/xcoSwKC4Ohlvt8s+1gVmkoEAQOVljjOuRvQ762pYSIon+vocoOsGMJNya7rK7E03uyCKqvEeeobo7+HeuG7jfIS9IeFFbRrljjUC0wzSNj9wkZPvMTDJAQyTtxaAEl8JstB6ZUIYfcpU= Received: by 10.36.105.17 with SMTP id d17mr141433nzc; Fri, 30 Jun 2006 22:16:13 -0700 (PDT) Received: from michelle.cdnetworks.co.kr ( [211.53.35.84]) by mx.gmail.com with ESMTP id 20sm4276737nzp.2006.06.30.22.16.11; Fri, 30 Jun 2006 22:16:12 -0700 (PDT) Received: from michelle.cdnetworks.co.kr (localhost.cdnetworks.co.kr [127.0.0.1]) by michelle.cdnetworks.co.kr (8.13.5/8.13.5) with ESMTP id k615Ii4v056278 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 1 Jul 2006 14:18:44 +0900 (KST) (envelope-from pyunyh@gmail.com) Received: (from yongari@localhost) by michelle.cdnetworks.co.kr (8.13.5/8.13.5/Submit) id k615Iiok056277; Sat, 1 Jul 2006 14:18:44 +0900 (KST) (envelope-from pyunyh@gmail.com) Date: Sat, 1 Jul 2006 14:18:44 +0900 From: Pyun YongHyeon To: Nikolas Britton Message-ID: <20060701051844.GE54876@cdnetworks.co.kr> References: <20060630060956.GA51353@cdnetworks.co.kr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: Marvell YukonII Status Update? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: pyunyh@gmail.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Jul 2006 05:17:13 -0000 On Fri, Jun 30, 2006 at 11:39:14PM -0500, Nikolas Britton wrote: > On 6/30/06, Pyun YongHyeon wrote: > >On Thu, Jun 29, 2006 at 10:53:52PM -0500, Nikolas Britton wrote: > > > Anyone know what's going on with YukonII support in FreeBSD, > > > specifically the Marvell chips used in PCI-Express add-on cards? > > > > > > Last I checked somebody was developing an experimental driver and > > > Marvell had just released the code to their FreeBSD 5.x/6.x driver: > > > mykbsd60x86-8.12.2.3.tar (bindary kmod package) > > > mykbsd60x86-8.12.1.3-src.tgz (source code) > > > > > > >I don't know current status of the driver. ATM FreeBSD YukonII > >driver has stability issues and the driver needs big cleanups > >if we import the driver into src tree. But I wouldn't do the > >job and I'll spend my spare time to other thing. > >I know, from my previous experience(sk(4), stge(4)), how > >difficult to write a driver without a document and how hard to > >write a correct driver without knowing hardware internals. I'm > >sure there are many developers eager to write YukonII driver if > >they can access the hardware documentation. However I think there > >is no possibility that Marvell releases their chip documentations. > > > > Marvell will give you the docs if you sign an NDA, I know it's stupid > but I think it's the only way... unless we vote with the wallet... Who > has PCI-Express gigabit NIC cards that meet the following criteria?: > > a) Supported by FreeBSD. > b) Unencumbered documentation. > c) Checksum offloading. > There are many PCIe GigE hardwares upported by em(4) or bge/bce(4). AFAIK the only hardware features not supported by em(4)/bge(4) driver is TSO. And hardwares supported by em(4) also have a capability to offload IPv6 checksumming too but it's not yet supported by the driver. -- Regards, Pyun YongHyeon From owner-freebsd-net@FreeBSD.ORG Sat Jul 1 06:33:53 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 02EFC16A403 for ; Sat, 1 Jul 2006 06:33:53 +0000 (UTC) (envelope-from nikolas.britton@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 45D9B43D4C for ; Sat, 1 Jul 2006 06:33:52 +0000 (GMT) (envelope-from nikolas.britton@gmail.com) Received: by nz-out-0102.google.com with SMTP id x7so271270nzc for ; Fri, 30 Jun 2006 23:33:51 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=PTl1G/EBgkHkTN5tBMTWPTRxOns3fACax9wDZz6kOYWN9cY85gfdQmTAoqkWGiUkh++zfkaNQB+Xd9sPv55/ChPhN76VbSafVny3WZiO8CiYoxJpo5yBqthfxpBCjenXZIVSA3iqYxbWYGEL/bjSFjbeQKT3n/xUwCBGxw53liA= Received: by 10.36.113.8 with SMTP id l8mr1578380nzc; Fri, 30 Jun 2006 23:33:51 -0700 (PDT) Received: by 10.36.12.11 with HTTP; Fri, 30 Jun 2006 23:33:51 -0700 (PDT) Message-ID: Date: Sat, 1 Jul 2006 01:33:51 -0500 From: "Nikolas Britton" To: pyunyh@gmail.com In-Reply-To: <20060701051844.GE54876@cdnetworks.co.kr> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20060630060956.GA51353@cdnetworks.co.kr> <20060701051844.GE54876@cdnetworks.co.kr> Cc: freebsd-net@freebsd.org Subject: Re: Marvell YukonII Status Update? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Jul 2006 06:33:53 -0000 On 7/1/06, Pyun YongHyeon wrote: > On Fri, Jun 30, 2006 at 11:39:14PM -0500, Nikolas Britton wrote: > > On 6/30/06, Pyun YongHyeon wrote: > > >On Thu, Jun 29, 2006 at 10:53:52PM -0500, Nikolas Britton wrote: > > > > Anyone know what's going on with YukonII support in FreeBSD, > > > > specifically the Marvell chips used in PCI-Express add-on cards? > > > > > > > > Last I checked somebody was developing an experimental driver and > > > > Marvell had just released the code to their FreeBSD 5.x/6.x driver: > > > > mykbsd60x86-8.12.2.3.tar (bindary kmod package) > > > > mykbsd60x86-8.12.1.3-src.tgz (source code) > > > > > > > > > >I don't know current status of the driver. ATM FreeBSD YukonII > > >driver has stability issues and the driver needs big cleanups > > >if we import the driver into src tree. But I wouldn't do the > > >job and I'll spend my spare time to other thing. > > >I know, from my previous experience(sk(4), stge(4)), how > > >difficult to write a driver without a document and how hard to > > >write a correct driver without knowing hardware internals. I'm > > >sure there are many developers eager to write YukonII driver if > > >they can access the hardware documentation. However I think there > > >is no possibility that Marvell releases their chip documentations. > > > > > > > Marvell will give you the docs if you sign an NDA, I know it's stupid > > but I think it's the only way... unless we vote with the wallet... Who > > has PCI-Express gigabit NIC cards that meet the following criteria?: > > > > a) Supported by FreeBSD. > > b) Unencumbered documentation. > > c) Checksum offloading. > > > > There are many PCIe GigE hardwares upported by em(4) or bge/bce(4). > AFAIK the only hardware features not supported by em(4)/bge(4) driver > is TSO. And hardwares supported by em(4) also have a capability to > offload IPv6 checksumming too but it's not yet supported by the driver. > Will TCP Segmentation Offloading help if you already use a 9000 byte mtu, and is it going to be supported, someday, with em(4)/bge(4)?... I'm mostly clueless about TSO. -- BSD Podcasts @: http://bsdtalk.blogspot.com/ http://freebsdforall.blogspot.com/ From owner-freebsd-net@FreeBSD.ORG Sat Jul 1 07:00:17 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF3D516A40F for ; Sat, 1 Jul 2006 07:00:17 +0000 (UTC) (envelope-from pyunyh@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id E84F543D49 for ; Sat, 1 Jul 2006 07:00:16 +0000 (GMT) (envelope-from pyunyh@gmail.com) Received: by nz-out-0102.google.com with SMTP id x3so142729nzd for ; Sat, 01 Jul 2006 00:00:16 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:to:cc:subject:message-id:reply-to:references:mime-version:content-type:content-disposition:in-reply-to:user-agent; b=DSbt7Dijvvu4zbRmmf2ygN5hir80O9pfMsdE1gub3WZJM0qjFTMMpyp/6uxk1rGWGHYzO/D7hZtjjLPlKuh/Mqt5RDB91YUwtSkrVHUBWMY/yrKPfJ73FSInoyKyNVKzmoKlJEosOClPn5D7axoiy9l/SMbLmPBIPOAOMh8Qkj8= Received: by 10.36.159.15 with SMTP id h15mr15626nze; Sat, 01 Jul 2006 00:00:16 -0700 (PDT) Received: from michelle.cdnetworks.co.kr ( [211.53.35.84]) by mx.gmail.com with ESMTP id 14sm4508569nzp.2006.07.01.00.00.12; Sat, 01 Jul 2006 00:00:15 -0700 (PDT) Received: from michelle.cdnetworks.co.kr (localhost.cdnetworks.co.kr [127.0.0.1]) by michelle.cdnetworks.co.kr (8.13.5/8.13.5) with ESMTP id k6172kDF056540 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 1 Jul 2006 16:02:46 +0900 (KST) (envelope-from pyunyh@gmail.com) Received: (from yongari@localhost) by michelle.cdnetworks.co.kr (8.13.5/8.13.5/Submit) id k6172jMC056539; Sat, 1 Jul 2006 16:02:45 +0900 (KST) (envelope-from pyunyh@gmail.com) Date: Sat, 1 Jul 2006 16:02:45 +0900 From: Pyun YongHyeon To: Nikolas Britton Message-ID: <20060701070245.GF54876@cdnetworks.co.kr> References: <20060630060956.GA51353@cdnetworks.co.kr> <20060701051844.GE54876@cdnetworks.co.kr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: Marvell YukonII Status Update? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: pyunyh@gmail.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Jul 2006 07:00:17 -0000 On Sat, Jul 01, 2006 at 01:33:51AM -0500, Nikolas Britton wrote: > On 7/1/06, Pyun YongHyeon wrote: > >On Fri, Jun 30, 2006 at 11:39:14PM -0500, Nikolas Britton wrote: > > > On 6/30/06, Pyun YongHyeon wrote: > > > >On Thu, Jun 29, 2006 at 10:53:52PM -0500, Nikolas Britton wrote: > > > > > Anyone know what's going on with YukonII support in FreeBSD, > > > > > specifically the Marvell chips used in PCI-Express add-on cards? > > > > > > > > > > Last I checked somebody was developing an experimental driver and > > > > > Marvell had just released the code to their FreeBSD 5.x/6.x driver: > > > > > mykbsd60x86-8.12.2.3.tar (bindary kmod package) > > > > > mykbsd60x86-8.12.1.3-src.tgz (source code) > > > > > > > > > > > > >I don't know current status of the driver. ATM FreeBSD YukonII > > > >driver has stability issues and the driver needs big cleanups > > > >if we import the driver into src tree. But I wouldn't do the > > > >job and I'll spend my spare time to other thing. > > > >I know, from my previous experience(sk(4), stge(4)), how > > > >difficult to write a driver without a document and how hard to > > > >write a correct driver without knowing hardware internals. I'm > > > >sure there are many developers eager to write YukonII driver if > > > >they can access the hardware documentation. However I think there > > > >is no possibility that Marvell releases their chip documentations. > > > > > > > > > > Marvell will give you the docs if you sign an NDA, I know it's stupid > > > but I think it's the only way... unless we vote with the wallet... Who > > > has PCI-Express gigabit NIC cards that meet the following criteria?: > > > > > > a) Supported by FreeBSD. > > > b) Unencumbered documentation. > > > c) Checksum offloading. > > > > > > >There are many PCIe GigE hardwares upported by em(4) or bge/bce(4). > >AFAIK the only hardware features not supported by em(4)/bge(4) driver > >is TSO. And hardwares supported by em(4) also have a capability to > >offload IPv6 checksumming too but it's not yet supported by the driver. > > > > Will TCP Segmentation Offloading help if you already use a 9000 byte > mtu, and is it going to be supported, someday, with em(4)/bge(4)?... > I'm mostly clueless about TSO. > Since not all hardwares support JUMBO frame and the maximum MTU for the JUMBO frame varies among vendors/chipsets TSO would be better suited for interoperability. I'm really want to see TSO support in our drivers. See the following URL to see TSO effect in NetBSD wm(4) driver. http://marc.theaimsgroup.com/?t=111662994600001&r=1&w=2 -- Regards, Pyun YongHyeon From owner-freebsd-net@FreeBSD.ORG Sat Jul 1 07:54:04 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E4DD616A417 for ; Sat, 1 Jul 2006 07:54:03 +0000 (UTC) (envelope-from nikolas.britton@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1773843D53 for ; Sat, 1 Jul 2006 07:54:02 +0000 (GMT) (envelope-from nikolas.britton@gmail.com) Received: by nz-out-0102.google.com with SMTP id x3so146673nzd for ; Sat, 01 Jul 2006 00:54:02 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=pdhCddU7q6/w+EftU3LH4KVl88a5VOPB4Wx2rZ5hrHKgLPMXin+zMxe5ZEc3rktxOaRx2dKpcsGmBTnPzuEe3ZXtz6g3sKEYPvnZ7dJg4hbomt1751jod2LN37QEEdCIFmmcGhcUfeLLieqLhaKqgS8jRdlcgHPCInrNY/j/M/U= Received: by 10.36.36.4 with SMTP id j4mr44673nzj; Sat, 01 Jul 2006 00:54:02 -0700 (PDT) Received: by 10.36.12.11 with HTTP; Sat, 1 Jul 2006 00:54:01 -0700 (PDT) Message-ID: Date: Sat, 1 Jul 2006 02:54:01 -0500 From: "Nikolas Britton" To: pyunyh@gmail.com In-Reply-To: <20060701070245.GF54876@cdnetworks.co.kr> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20060630060956.GA51353@cdnetworks.co.kr> <20060701051844.GE54876@cdnetworks.co.kr> <20060701070245.GF54876@cdnetworks.co.kr> Cc: freebsd-net@freebsd.org Subject: Re: Marvell YukonII Status Update? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Jul 2006 07:54:04 -0000 On 7/1/06, Pyun YongHyeon wrote: > On Sat, Jul 01, 2006 at 01:33:51AM -0500, Nikolas Britton wrote: > > On 7/1/06, Pyun YongHyeon wrote: > > >On Fri, Jun 30, 2006 at 11:39:14PM -0500, Nikolas Britton wrote: > > > > On 6/30/06, Pyun YongHyeon wrote: > > > > >On Thu, Jun 29, 2006 at 10:53:52PM -0500, Nikolas Britton wrote: > > > > > > Anyone know what's going on with YukonII support in FreeBSD, > > > > > > specifically the Marvell chips used in PCI-Express add-on cards? > > > > > > > > > > > > Last I checked somebody was developing an experimental driver and > > > > > > Marvell had just released the code to their FreeBSD 5.x/6.x driver: > > > > > > mykbsd60x86-8.12.2.3.tar (bindary kmod package) > > > > > > mykbsd60x86-8.12.1.3-src.tgz (source code) > > > > > > > > > > > > > > > >I don't know current status of the driver. ATM FreeBSD YukonII > > > > >driver has stability issues and the driver needs big cleanups > > > > >if we import the driver into src tree. But I wouldn't do the > > > > >job and I'll spend my spare time to other thing. > > > > >I know, from my previous experience(sk(4), stge(4)), how > > > > >difficult to write a driver without a document and how hard to > > > > >write a correct driver without knowing hardware internals. I'm > > > > >sure there are many developers eager to write YukonII driver if > > > > >they can access the hardware documentation. However I think there > > > > >is no possibility that Marvell releases their chip documentations. > > > > > > > > > > > > > Marvell will give you the docs if you sign an NDA, I know it's stupid > > > > but I think it's the only way... unless we vote with the wallet... Who > > > > has PCI-Express gigabit NIC cards that meet the following criteria?: > > > > > > > > a) Supported by FreeBSD. > > > > b) Unencumbered documentation. > > > > c) Checksum offloading. > > > > > > > > > >There are many PCIe GigE hardwares upported by em(4) or bge/bce(4). > > >AFAIK the only hardware features not supported by em(4)/bge(4) driver > > >is TSO. And hardwares supported by em(4) also have a capability to > > >offload IPv6 checksumming too but it's not yet supported by the driver. > > > > > > > Will TCP Segmentation Offloading help if you already use a 9000 byte > > mtu, and is it going to be supported, someday, with em(4)/bge(4)?... > > I'm mostly clueless about TSO. > > > > Since not all hardwares support JUMBO frame and the maximum MTU > for the JUMBO frame varies among vendors/chipsets TSO would be > better suited for interoperability. > > I'm really want to see TSO support in our drivers. See the > following URL to see TSO effect in NetBSD wm(4) driver. > http://marc.theaimsgroup.com/?t=111662994600001&r=1&w=2 > I see... A poor mans jumbo frames, but only works with the sender, correct? If NetBSD supports it can't we more or less just copy and paste the code to FreeBSD? I know it's never that simple but... -- BSD Podcasts @: http://bsdtalk.blogspot.com/ http://freebsdforall.blogspot.com/ From owner-freebsd-net@FreeBSD.ORG Sat Jul 1 08:19:05 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B01A16A407 for ; Sat, 1 Jul 2006 08:19:05 +0000 (UTC) (envelope-from nikolas.britton@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id 541EE43D4C for ; Sat, 1 Jul 2006 08:19:04 +0000 (GMT) (envelope-from nikolas.britton@gmail.com) Received: by nz-out-0102.google.com with SMTP id x7so278238nzc for ; Sat, 01 Jul 2006 01:19:03 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; b=m0J8BT0y5gjR3raCh5nY52mE9U/O0IKN9kx5zqyfh5xSPMRO7PpKlgxzPye9spNRqP3OneMVMVNNedXdl/bCI+x6kdES2imT4cFG8LB0GY1aUGLhkc6ymt+PqUa7MXV4SKgoaqvZWO9w98PsVFNXh6p5h5SLJ3u+QKJSc5ikn5Y= Received: by 10.36.19.19 with SMTP id 19mr1640657nzs; Sat, 01 Jul 2006 01:19:03 -0700 (PDT) Received: by 10.36.12.11 with HTTP; Sat, 1 Jul 2006 01:19:03 -0700 (PDT) Message-ID: Date: Sat, 1 Jul 2006 03:19:03 -0500 From: "Nikolas Britton" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: freebsd-questions@freebsd.org Subject: Intel PRO/1000 PT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Jul 2006 08:19:05 -0000 What are the difference between the Intel PRO/1000 PT Server and Desktop Adapters? Intel PRO/1000 PT Server Adapter: $130 ~ 150 Intel PRO/1000 PT Desktop Adapter: $40 ~ 60 Both use the i82572EI chip and both appear to use the same PCB. Would I be correct in assuming it's a marketing scam to get 2.5 times the price for the same device? -- BSD Podcasts @: http://bsdtalk.blogspot.com/ http://freebsdforall.blogspot.com/ From owner-freebsd-net@FreeBSD.ORG Sat Jul 1 09:07:03 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F09616A543 for ; Sat, 1 Jul 2006 09:07:03 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from mrout2-b.corp.dcn.yahoo.com (mrout2-b.corp.dcn.yahoo.com [216.109.112.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8C42E440F7 for ; Sat, 1 Jul 2006 08:47:13 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy8.corp.yahoo.com [216.145.48.13]) by mrout2-b.corp.dcn.yahoo.com (8.13.6/8.13.6/y.out) with ESMTP id k618kpAp005497; Sat, 1 Jul 2006 01:46:51 -0700 (PDT) Date: Sat, 01 Jul 2006 17:46:48 +0900 Message-ID: From: gnn@freebsd.org To: Randall Stewart In-Reply-To: <44A552FA.2030302@cisco.com> References: <44A552FA.2030302@cisco.com> User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 Emacs/22.0.50 (i386-apple-darwin8.6.1) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: freebsd-net@freebsd.org Subject: Re: SCTP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Jul 2006 09:07:03 -0000 At Fri, 30 Jun 2006 12:36:10 -0400, randall wrote: > > Hi all: > > The following link: > > http://www.sctp.org/cvs_diff_6_30.bz2 > > Will get you a large patch that you can apply to Current that will > add SCTP. > > Its a bzip2 patch file since it is so large :-D > > It includes the changes to a few base files.. and mainly its the > complete files diff'd against this mornings current cvs... > > Yes, I know that the build is broken in acpi/acpi_asus but the sctp > code did compile and build a kernel for me... so once the above is > fixed.. you should be able to use the patch and check it out :-D > > Oh, you will need to add > > option SCTP > > to your kernel conf... and it might not > hurt to do a make sysent in sys/kern > > I will prepare a seperate file for the overall libsctp.a > once I figure out where it should go :-D > > Happy SCTPing.. and if you have any problems with the patch please > send me an email :-D And please start testing this because many of us want to integrate this in the near future :-) Thanks, George From owner-freebsd-net@FreeBSD.ORG Sat Jul 1 10:48:11 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5620916A4DD; Sat, 1 Jul 2006 10:48:11 +0000 (UTC) (envelope-from rrs@cisco.com) Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id ED8BE447BB; Sat, 1 Jul 2006 10:29:48 +0000 (GMT) (envelope-from rrs@cisco.com) Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-6.cisco.com with ESMTP; 01 Jul 2006 03:29:48 -0700 Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id k61ATmAe020739; Sat, 1 Jul 2006 03:29:48 -0700 Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k61ATmke010866; Sat, 1 Jul 2006 03:29:48 -0700 (PDT) Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Sat, 1 Jul 2006 03:29:48 -0700 Received: from [127.0.0.1] ([171.68.225.134]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Sat, 1 Jul 2006 03:29:47 -0700 Message-ID: <44A64E9A.9030300@cisco.com> Date: Sat, 01 Jul 2006 06:29:46 -0400 From: Randall Stewart User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20060223 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Nikolas Britton References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 01 Jul 2006 10:29:47.0982 (UTC) FILETIME=[471276E0:01C69CF9] DKIM-Signature: a=rsa-sha1; q=dns; l=1490; t=1151749788; x=1152613788; c=relaxed/simple; s=sjdkim3001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rrs@cisco.com; z=From:Randall=20Stewart=20 |Subject:Re=3A=20Intel=20PRO/1000=20PT; X=v=3Dcisco.com=3B=20h=3D4l6nbX0Edfx4SLdDB24mNbAhDaU=3D; b=s3oSesYWkKSATE/FkQ7eqDvgQ55IBE90w7nyjMdHL1OLCTqECXzGxVYCxZvIorH4i8QL8m/7 thbhV+md0YvsH1tugnGAgVCto/uKYg+rLM7PKyQCz72slWkGoELXx/po; Authentication-Results: sj-dkim-3.cisco.com; header.From=rrs@cisco.com; dkim=pass ( sig from cisco.com verified; ); Cc: freebsd-net@freebsd.org, freebsd-questions@freebsd.org Subject: Re: Intel PRO/1000 PT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Jul 2006 10:48:11 -0000 Nikolas Britton wrote: > What are the difference between the Intel PRO/1000 PT Server and > Desktop Adapters? > > Intel PRO/1000 PT Server Adapter: $130 ~ 150 > Intel PRO/1000 PT Desktop Adapter: $40 ~ 60 > > Both use the i82572EI chip and both appear to use the same PCB. Would > I be correct in assuming it's a marketing scam to get 2.5 times the > price for the same device? > > Nikolas: I have been told by friends who have tested the two.. if you use the desktop one you will have packet loss and really not be able to get hi performance on it... the server adaptor, however, is much better will do a gig throughput.. don't know what the physical diff is .. must have scrimpted on the parts :-0 Note, I have gone through 5 of these puppy's getting 3 that work... at least they worked when I tested them finally... 2 of the first 3 arrived with check-sum failures. I could disable the checksum and make them work sort of.. but then they all had a bogus mac address... I also followed advice on the web and "re-flashed" the cards.. had to build a windoz boot disk for this :-0.. but that did not work.. I returned two of them.. got two more.. and one came in bad.. but re-flashing worked... very strange :-0 Good luck if you get them.. I have not taken the time to go and play with mine yet.. once I got 3 that worked I began a travel stint :-0 R -- Randall Stewart NSSTG - Cisco Systems Inc. 803-345-0369 815-342-5222 (cell) From owner-freebsd-net@FreeBSD.ORG Sat Jul 1 18:28:10 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B2AD16A40F for ; Sat, 1 Jul 2006 18:28:10 +0000 (UTC) (envelope-from yb@bashibuzuk.net) Received: from a.6f2.net (a.6f2.net [213.189.5.89]) by mx1.FreeBSD.org (Postfix) with ESMTP id E1F2843D5C for ; Sat, 1 Jul 2006 18:28:09 +0000 (GMT) (envelope-from yb@bashibuzuk.net) Received: by a.6f2.net (Postfix, from userid 66) id 180A9BF920D; Sat, 1 Jul 2006 20:28:08 +0200 (CEST) Received: by cc.bashibuzuk.net (Postfix, from userid 1001) id 4DE09BDA0; Sat, 1 Jul 2006 20:28:15 +0200 (CEST) Date: Sat, 1 Jul 2006 20:28:15 +0200 From: Yann Berthier To: Randall Stewart Message-ID: <20060701182815.GD1788@bashibuzuk.net> References: <44A552FA.2030302@cisco.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44A552FA.2030302@cisco.com> X-Operating-System: FreeBSD 7.0-CURRENT User-Agent: Mutt/1.5.11 Cc: freebsd-net@freebsd.org Subject: Re: SCTP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Jul 2006 18:28:10 -0000 Hello, On Fri, 30 Jun 2006, at 12:36, Randall Stewart wrote: > Hi all: > > The following link: > > http://www.sctp.org/cvs_diff_6_30.bz2 > > Will get you a large patch that you can apply to Current that > will add SCTP. Pilot error ? freshly cvsuped src, patch applied cleanly, made sysent, and: linking kernel.debug uipc_syscalls.o(.text+0x47c8): In function `sctp_peeloff': /usr/src/sys/kern/uipc_syscalls.c:2239: undefined reference to `sctp_can_peel_off' uipc_syscalls.o(.text+0x49c2):/usr/src/sys/kern/uipc_syscalls.c:2276: undefined reference to `sctp_do_peeloff' uipc_syscalls.o(.text+0x4cd7): In function `sctp_generic_sendmsg': /usr/src/sys/kern/uipc_syscalls.c:2379: undefined reference to `sctp_lower_sosend' uipc_syscalls.o(.text+0x506c): In function `sctp_generic_recvmsg': /usr/src/sys/kern/uipc_syscalls.c:2501: undefined reference to `sctp_sorecvmsg' rtsock.o(.text+0x1799): In function `rt_newaddrmsg': /usr/src/sys/net/rtsock.c:879: undefined reference to `sctp_addr_change' in_proto.o(.data+0xa8): undefined reference to `sctp_input' in_proto.o(.data+0xb0): undefined reference to `sctp_ctlinput' in_proto.o(.data+0xb4): undefined reference to `sctp_ctloutput' in_proto.o(.data+0xbc): undefined reference to `sctp_init' in_proto.o(.data+0xc8): undefined reference to `sctp_drain' [...] bummer that, testing sctp seemed like an interesting thing for a sunny saturday evening :) many thanks for your work, - yan