From owner-freebsd-net@FreeBSD.ORG Sun Jul 23 23:51:21 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A8A116A4DD for ; Sun, 23 Jul 2006 23:51:21 +0000 (UTC) (envelope-from lists@wm-access.no) Received: from lakepoint.domeneshop.no (lakepoint.domeneshop.no [194.63.248.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8189743D49 for ; Sun, 23 Jul 2006 23:51:20 +0000 (GMT) (envelope-from lists@wm-access.no) Received: from [192.168.5.8] (host-81-191-3-170.bluecom.no [81.191.3.170]) (authenticated bits=0) by lakepoint.domeneshop.no (8.13.6/8.13.6) with ESMTP id k6NNpIAq028652 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 24 Jul 2006 01:51:18 +0200 Message-ID: <44C40B59.6030803@wm-access.no> Date: Mon, 24 Jul 2006 01:50:49 +0200 From: =?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?= User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: Brett Glass References: <7.0.1.0.2.20060721105813.0971ae90@lariat.net> In-Reply-To: <7.0.1.0.2.20060721105813.0971ae90@lariat.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: net@freebsd.org Subject: Re: Multiple NAT router X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Jul 2006 23:51:21 -0000 Brett Glass wrote: > I have an application in which I'd like a FreeBSD router to have > multiple, isolated LANS attached to it, each with the same address > space. The FreeBSD box would take the place of multiple NAT routers. >=20 Normally i'd point and laugh, but your ... unusual ..., problem got me thinking. Since i wouldn't be supporting this and all. ;-) A captive type portal technique could probably do it. But that's only if your willing to code a complex application. How about using netgraph (ng_nat) to do 1:n translation making f.ex; net1: 192.168.0.0/24 -> 10.0.0.1 net2: 192.168.0.0/24 -> 10.0.0.2 net3: 192.168.0.0/24 -> 10.0.0.3 Then i assume you would want to nat the resulting 10.0.0.x addresses again by using ... ng_nat? I haven't tried anything like that myself and i haven't checked if it's actually possible. You would probably employ proxy arp to reply to arp queries for the gateway address. Perhaps you have three public addresses to use, reducing complexity a bit. man ng_nat(4) has an example that could help you with the syntax (the hdlc one). If all fails then perhaps marking the packets could help you differentiate them somehow. --=20 Sten Daniel S=F8rsdal From owner-freebsd-net@FreeBSD.ORG Mon Jul 24 00:55:54 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 29A3D16A4DA for ; Mon, 24 Jul 2006 00:55:54 +0000 (UTC) (envelope-from babolo@cicuta.babolo.ru) Received: from ints.mail.pike.ru (ints.mail.pike.ru [85.30.199.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4EE6D43D46 for ; Mon, 24 Jul 2006 00:55:52 +0000 (GMT) (envelope-from babolo@cicuta.babolo.ru) Received: (qmail 28536 invoked from network); 24 Jul 2006 00:55:50 -0000 Received: from cicuta.babolo.ru (85.30.224.245) by ints.mail.pike.ru with SMTP; 24 Jul 2006 00:55:50 -0000 Received: (nullmailer pid 10934 invoked by uid 136); Mon, 24 Jul 2006 00:58:04 -0000 X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1 In-Reply-To: <7.0.1.0.2.20060721105813.0971ae90@lariat.net> To: Brett Glass Date: Mon, 24 Jul 2006 04:58:04 +0400 (MSD) From: .@babolo.ru X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <1153702684.732309.10933.nullmailer@cicuta.babolo.ru> Cc: net@freebsd.org Subject: Re: Multiple NAT router X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jul 2006 00:55:54 -0000 > I have an application in which I'd like a FreeBSD router to have > multiple, isolated LANS attached to it, each with the same address > space. The FreeBSD box would take the place of multiple NAT routers. > > For example, I might want to have three internal Ethernet > interfaces on the FreeBSD box. Each would be connected to a LAN > whose internal addresses are 192.168.0.0/24. The FreeBSD box would > do NAT for all of them, and of course they could not "see" one another. > > The alternatives, of course, would be to install multiple NAT > routers -- which would be a waste -- or to number the LANs > differently. But the organization for which I'm doing this wants > everything about each LAN to be absolutely standard (printers at > the same static addresses, etc.) so that their IT guys can walk in > and know exactly how everything's numbered. > > Is it possible to do a "hydra headed" router such as this with > FreeBSD? I'm not sure that FreeBSD's natd is equipped to sort > incoming packets for multiple, identically numbered LANs properly, > because it would have to remember interface names as well as > addresses. Also, there would be the question of how one would > connect inward to the machines on the LANs, since "ping > 192.168.0.100" would be ambiguous. (Perhaps one could do it from a > jail. In fact, perhaps the virtual NAT routers could be set up in jails....) The most cumbersome thing is the same net on ifaces. Not sure, but I do if I try: client interfaces: if0, if1, if2 external interface: ef0 default router for all clients: 192.168.0.1 ifconfig if0 inet 10.0.0.1/32 ifconfig if1 inet 10.0.0.2/32 ifconfig if2 inet 10.0.0.3/32 ifconfig lo0 inet 192.168.0.1/32 sysctl net.link.ether.inet.proxyall=1 ifconfig ef0 inet ...1 Say your provider to route ...2, ...3, ...4 to ...1, start 3 natd with ...2, ...3, ...4 IP addresses. On internal -> external direction do usual NAT by own natd for each iface (try Julian Elischer's post but do simplier) and on external -> internal direction mark pakets before natd with, for example 1, 2, 3 mark and after natd forward packets 1 marked to 10.0.0.1, 2 marked to 10.0.0.2 so on. 2 things I am not sure: is natd marks safe? How ipfw forward to own iface works? (it worked for me with route) Sorry my bad English From owner-freebsd-net@FreeBSD.ORG Mon Jul 24 09:09:13 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 26A4C16A4DA for ; Mon, 24 Jul 2006 09:09:13 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from proof.pobox.com (proof.pobox.com [207.106.133.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id C0D7843D45 for ; Mon, 24 Jul 2006 09:09:12 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from proof (localhost [127.0.0.1]) by proof.pobox.com (Postfix) with ESMTP id 25D6629A8C; Mon, 24 Jul 2006 05:09:12 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by proof.sasl.smtp.pobox.com (Postfix) with ESMTP id E5ABB65457; Mon, 24 Jul 2006 05:09:10 -0400 (EDT) Received: from lists by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1G4wR3-0000ub-E6; Mon, 24 Jul 2006 10:09:09 +0100 Date: Mon, 24 Jul 2006 10:09:09 +0100 From: Brian Candler To: Brett Glass Message-ID: <20060724090909.GB3412@uk.tiscali.com> References: <7.0.1.0.2.20060721105813.0971ae90@lariat.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7.0.1.0.2.20060721105813.0971ae90@lariat.net> User-Agent: Mutt/1.4.2.1i Cc: net@freebsd.org Subject: Re: Multiple NAT router X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jul 2006 09:09:13 -0000 On Fri, Jul 21, 2006 at 11:13:47AM -0600, Brett Glass wrote: > I have an application in which I'd like a FreeBSD router to have > multiple, isolated LANS attached to it, each with the same address > space. The FreeBSD box would take the place of multiple NAT routers. > > For example, I might want to have three internal Ethernet > interfaces on the FreeBSD box. Each would be connected to a LAN > whose internal addresses are 192.168.0.0/24. The FreeBSD box would > do NAT for all of them, and of course they could not "see" one another. FreeBSD won't support this 'out of the box' - because of the problem that you identified of having multiple NICs all with the same address range assigned to them. There's a project called 'vimage' which adds a separate virtual forwarding table per jail. This might work for you, although all the natd's "outside" interfaces would need to sit on the same interface, and I don't know if it can do that. Otherwise - you can run multiple instances of FreeBSD under a virtual machine environment like Xen or VMware, and bridge all the 'outside' interfaces together onto the same NIC. Also - you may still end up with a separate outside IP per vimage or VM, so maybe then you need another NAT instance to NAT all of those onto a single IP address :-) Regards, Brian. From owner-freebsd-net@FreeBSD.ORG Mon Jul 24 09:41:34 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5883916A4DE for ; Mon, 24 Jul 2006 09:41:34 +0000 (UTC) (envelope-from nvass@teledomenet.gr) Received: from matrix.teledomenet.gr (dns1.teledomenet.gr [213.142.128.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6D0743D4C for ; Mon, 24 Jul 2006 09:41:32 +0000 (GMT) (envelope-from nvass@teledomenet.gr) Received: from iris ([192.168.1.71]) by matrix.teledomenet.gr (8.12.10/8.12.10) with ESMTP id k6O9fUEY003535 for ; Mon, 24 Jul 2006 12:41:30 +0300 From: Nikos Vassiliadis To: freebsd-net@freebsd.org Date: Mon, 24 Jul 2006 12:38:56 +0300 User-Agent: KMail/1.9.1 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-7" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200607241238.57205.nvass@teledomenet.gr> Subject: using loopback address as primary address X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jul 2006 09:41:34 -0000 Hello everybody, Suppose I have two addresses routed to my box over a PPP interface. I have created on Host_2 a loopback interface and assigned to it Inet_addr_2. Host_1 routes to Host_2 Inet_Addr_2 and everything works if something is coming from internet to Inet_Addr_2. Host_2 has as default router rfc1918_Addr_1 and of course it uses its fxp0 address for outgoing packets. Can I somehow use lo1 address for connections initiated from Host_2? Or is there any other way of doing such a thing? Or nat is the thing to do? Router | | internet | ng0 Inet_Addr_1 Host_1 fxp0 rfc1918_Addr_1 | | rfc1918 network | fxp0 rfc1918_Addr_2 Host_2 lo1 Inet_Addr_2 Another possible sollution would be a tunnel, but I am looking for something more simple. Thanks in advance for your ideas, Nikos From owner-freebsd-net@FreeBSD.ORG Mon Jul 24 11:03:19 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC18D16A54E for ; Mon, 24 Jul 2006 11:03:19 +0000 (UTC) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id C354643DB6 for ; Mon, 24 Jul 2006 11:02:53 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k6OB2pN2013706 for ; Mon, 24 Jul 2006 11:02:51 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k6OB2l40013700 for freebsd-net@freebsd.org; Mon, 24 Jul 2006 11:02:47 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 24 Jul 2006 11:02:47 GMT Message-Id: <200607241102.k6OB2l40013700@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jul 2006 11:03:19 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2006/01/30] kern/92552 net A serious bug in most network drivers fro f [2006/02/12] kern/93220 net [inet6] nd6_lookup: failed to add route f o [2006/07/12] kern/100172 net [arp] Transfer of large file fails with h 3 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/07/11] kern/54383 net [nfs] [patch] NFS root configurations wit o [2006/04/03] kern/95267 net packet drops periodically appear 2 problems total. From owner-freebsd-net@FreeBSD.ORG Mon Jul 24 13:48:14 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E82416A4DD for ; Mon, 24 Jul 2006 13:48:14 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from rune.pobox.com (rune.pobox.com [208.210.124.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1AE5543D45 for ; Mon, 24 Jul 2006 13:48:13 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from rune (localhost [127.0.0.1]) by rune.pobox.com (Postfix) with ESMTP id 0967573509; Mon, 24 Jul 2006 09:48:35 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rune.sasl.smtp.pobox.com (Postfix) with ESMTP id BF6CA1810F; Mon, 24 Jul 2006 09:48:33 -0400 (EDT) Received: from lists by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1G50n4-0001BR-43; Mon, 24 Jul 2006 14:48:10 +0100 Date: Mon, 24 Jul 2006 14:48:10 +0100 From: Brian Candler To: Nikos Vassiliadis Message-ID: <20060724134810.GA4511@uk.tiscali.com> References: <200607241238.57205.nvass@teledomenet.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200607241238.57205.nvass@teledomenet.gr> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: using loopback address as primary address X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jul 2006 13:48:14 -0000 On Mon, Jul 24, 2006 at 12:38:56PM +0300, Nikos Vassiliadis wrote: > Can I somehow use lo1 address > for connections initiated from Host_2? Options I know of: (1) the application which originates the connection can explicitly bind to the lo1 address (see for example telnet -s and ping -S options) (2) the application can run in a jail(8) whose IP address is lo1, in which case a 'bind to any' will bind to this address only (3) use source NAT with pf etc From owner-freebsd-net@FreeBSD.ORG Mon Jul 24 14:09:39 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B9DBA16A4DD for ; Mon, 24 Jul 2006 14:09:39 +0000 (UTC) (envelope-from zec@icir.org) Received: from xaqua.tel.fer.hr (xaqua.tel.fer.hr [161.53.19.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1A85843D45 for ; Mon, 24 Jul 2006 14:09:39 +0000 (GMT) (envelope-from zec@icir.org) Received: by xaqua.tel.fer.hr (Postfix, from userid 20006) id 252979B655; Mon, 24 Jul 2006 16:09:38 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on xaqua.tel.fer.hr X-Spam-Level: X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.1.1 Received: from [192.168.200.106] (zec2.tel.fer.hr [161.53.19.79]) by xaqua.tel.fer.hr (Postfix) with ESMTP id 07F399B64E; Mon, 24 Jul 2006 16:09:34 +0200 (CEST) From: Marko Zec To: freebsd-net@freebsd.org Date: Mon, 24 Jul 2006 16:09:29 +0200 User-Agent: KMail/1.9.1 References: <7.0.1.0.2.20060721105813.0971ae90@lariat.net> <20060724090909.GB3412@uk.tiscali.com> In-Reply-To: <20060724090909.GB3412@uk.tiscali.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200607241609.30783.zec@icir.org> Cc: Brett Glass , Brian Candler Subject: Re: Multiple NAT router X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jul 2006 14:09:39 -0000 On Monday 24 July 2006 11:09, Brian Candler wrote: > On Fri, Jul 21, 2006 at 11:13:47AM -0600, Brett Glass wrote: > > I have an application in which I'd like a FreeBSD router to have > > multiple, isolated LANS attached to it, each with the same address > > space. The FreeBSD box would take the place of multiple NAT routers. > > > > For example, I might want to have three internal Ethernet > > interfaces on the FreeBSD box. Each would be connected to a LAN > > whose internal addresses are 192.168.0.0/24. The FreeBSD box would > > do NAT for all of them, and of course they could not "see" one another. > > FreeBSD won't support this 'out of the box' - because of the problem that > you identified of having multiple NICs all with the same address range > assigned to them. > > There's a project called 'vimage' which adds a separate virtual forwarding > table per jail. This might work for you, although all the natd's "outside" > interfaces would need to sit on the same interface, and I don't know if it > can do that. Yes this should work with a virtualized stack - all the "outsied" interfaces in each jail / virtual stack could be simply bridged together using netgraph which is virtualization-agnostic, i.e. a global facility in the current implementation of "vimage". Of course a significant problem might be that the stack virtualization patches exist only for FreeBSD 4.x, but there's a very good chance that a formal project aimed at bringing vimage into sync with 6.x and -CURRENT could start shortly... Cheers, Marko > Otherwise - you can run multiple instances of FreeBSD under a virtual > machine environment like Xen or VMware, and bridge all the 'outside' > interfaces together onto the same NIC. > > Also - you may still end up with a separate outside IP per vimage or VM, so > maybe then you need another NAT instance to NAT all of those onto a single > IP address :-) > > Regards, > > Brian. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Mon Jul 24 19:24:24 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 476C916A4E0 for ; Mon, 24 Jul 2006 19:24:24 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from proof.pobox.com (proof.pobox.com [207.106.133.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id C326043D45 for ; Mon, 24 Jul 2006 19:24:23 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from proof (localhost [127.0.0.1]) by proof.pobox.com (Postfix) with ESMTP id 22BE52A312; Mon, 24 Jul 2006 15:24:23 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by proof.sasl.smtp.pobox.com (Postfix) with ESMTP id CFDA964B91; Mon, 24 Jul 2006 15:24:20 -0400 (EDT) Received: from brian by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1G562N-0001RX-CA; Mon, 24 Jul 2006 20:24:19 +0100 Date: Mon, 24 Jul 2006 20:24:19 +0100 From: Brian Candler To: Marko Zec Message-ID: <20060724192419.GA5474@uk.tiscali.com> References: <7.0.1.0.2.20060721105813.0971ae90@lariat.net> <20060724090909.GB3412@uk.tiscali.com> <200607241609.30783.zec@icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200607241609.30783.zec@icir.org> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org, Brett Glass Subject: Re: Multiple NAT router X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jul 2006 19:24:24 -0000 On Mon, Jul 24, 2006 at 04:09:29PM +0200, Marko Zec wrote: > > There's a project called 'vimage' which adds a separate virtual forwarding > > table per jail. This might work for you, although all the natd's "outside" > > interfaces would need to sit on the same interface, and I don't know if it > > can do that. > > Yes this should work with a virtualized stack - all the "outsied" interfaces > in each jail / virtual stack could be simply bridged together using netgraph > which is virtualization-agnostic, i.e. a global facility in the current > implementation of "vimage". > > Of course a significant problem might be that the stack virtualization patches > exist only for FreeBSD 4.x, but there's a very good chance that a formal > project aimed at bringing vimage into sync with 6.x and -CURRENT could start > shortly... Also, what would really suit him is a netgraph IP interface node - i.e. something which takes raw ethernet frames from the interface, performs IP encapsulation/decapsulation and ARP - and an IP forwarding node with its own forwarding table. Has anyone done any work in that area? It would be really cool for VPN edge routing, for example. Regards, Brian. From owner-freebsd-net@FreeBSD.ORG Mon Jul 24 20:40:15 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE72316A4DE for ; Mon, 24 Jul 2006 20:40:15 +0000 (UTC) (envelope-from julian@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E3D843D46 for ; Mon, 24 Jul 2006 20:40:15 +0000 (GMT) (envelope-from julian@elischer.org) Received: from unknown (HELO [10.251.18.229]) ([10.251.18.229]) by a50.ironport.com with ESMTP; 24 Jul 2006 13:40:15 -0700 Message-ID: <44C5302D.1020807@elischer.org> Date: Mon, 24 Jul 2006 13:40:13 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Brian Candler References: <7.0.1.0.2.20060721105813.0971ae90@lariat.net> <20060724090909.GB3412@uk.tiscali.com> <200607241609.30783.zec@icir.org> <20060724192419.GA5474@uk.tiscali.com> In-Reply-To: <20060724192419.GA5474@uk.tiscali.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Marko Zec , Brett Glass Subject: Re: Multiple NAT router X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jul 2006 20:40:15 -0000 Brian Candler wrote: >On Mon, Jul 24, 2006 at 04:09:29PM +0200, Marko Zec wrote: > > >>>There's a project called 'vimage' which adds a separate virtual forwarding >>>table per jail. This might work for you, although all the natd's "outside" >>>interfaces would need to sit on the same interface, and I don't know if it >>>can do that. >>> >>> >>Yes this should work with a virtualized stack - all the "outsied" interfaces >>in each jail / virtual stack could be simply bridged together using netgraph >>which is virtualization-agnostic, i.e. a global facility in the current >>implementation of "vimage". >> >>Of course a significant problem might be that the stack virtualization patches >>exist only for FreeBSD 4.x, but there's a very good chance that a formal >>project aimed at bringing vimage into sync with 6.x and -CURRENT could start >>shortly... >> >> > >Also, what would really suit him is a netgraph IP interface node - i.e. >something which takes raw ethernet frames from the interface, performs IP >encapsulation/decapsulation and ARP - and an IP forwarding node with its own >forwarding table. Has anyone done any work in that area? It would be really >cool for VPN edge routing, for example. > > an ng_ip node :-) I've considerred it. >Regards, > >Brian. >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Tue Jul 25 03:17:55 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0268316A4DA for ; Tue, 25 Jul 2006 03:17:55 +0000 (UTC) (envelope-from brett@lariat.net) Received: from lariat.net (lariat.net [65.122.236.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8EDA043D5F for ; Tue, 25 Jul 2006 03:17:52 +0000 (GMT) (envelope-from brett@lariat.net) Received: from Anne (IDENT:ppp1000.lariat.net@lariat.net [65.122.236.2]) by lariat.net (8.9.3/8.9.3) with ESMTP id VAA10285; Mon, 24 Jul 2006 21:17:43 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <7.0.1.0.2.20060724204450.09bcbe80@lariat.net> X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0 Date: Mon, 24 Jul 2006 21:17:37 -0600 To: Marko Zec , freebsd-net@freebsd.org From: Brett Glass In-Reply-To: <200607241609.30783.zec@icir.org> References: <7.0.1.0.2.20060721105813.0971ae90@lariat.net> <20060724090909.GB3412@uk.tiscali.com> <200607241609.30783.zec@icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Cc: Brian Candler Subject: Re: Multiple NAT router X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jul 2006 03:17:55 -0000 At 08:09 AM 7/24/2006, Marko Zec wrote: >Yes this should work with a virtualized stack - all the "outsied" interfaces >in each jail / virtual stack could be simply bridged together using netgraph >which is virtualization-agnostic, i.e. a global facility in the current >implementation of "vimage". Does this virtualization facility virtualize the arp table? It would need to, because there would be hosts with duplicate addresses inside each interface. I've been noodling over this for two weeks now, and am thinking that the easiest thing to do might be is map every address in each "virtual" router to a unique address from FreeBSD's point of view (i.e. 192.168.0.2 on LAN 1 becomes 10.0.0.2, while 192.168.0.2 on LAN 1 becomes 10.0.1.2, etc.). The translation would be done by "hooks" as close as possible to the interfaces, so FreeBSD's stack wouldn't know it was being done. All that would be needed in that case would be to do "dumb" address translation at the interfaces -- transparently to FreeBSD -- just before the packets entered and left. This seems to be the method that would leverage FreeBSD's existing facilities the most, since FreeBSD's own routing, NAT, etc. would "just work" as they always do. I'd need to figure out what to do about protocols like DHCP.... I don't know if DHCP will assign addresses that it are not on the subnet it "thinks" it's talking to. And I might need to hack into the content of some packets. For example, I'd have to make ARP work. If I were to try this, the question would of course be which "hook" to use to capture the packets (BPF? Divert sockets? Netgraph? Something in IPFW? A hook into the driver?)... and whether I could use existing code to do the bilateral translation or would have to hack an "address smasher". --Brett Glass From owner-freebsd-net@FreeBSD.ORG Tue Jul 25 07:03:10 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1851E16A4DE for ; Tue, 25 Jul 2006 07:03:10 +0000 (UTC) (envelope-from nvass@teledomenet.gr) Received: from matrix.teledomenet.gr (dns1.teledomenet.gr [213.142.128.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A9A043D46 for ; Tue, 25 Jul 2006 07:03:08 +0000 (GMT) (envelope-from nvass@teledomenet.gr) Received: from iris ([192.168.1.71]) by matrix.teledomenet.gr (8.12.10/8.12.10) with ESMTP id k6P737EY014253; Tue, 25 Jul 2006 10:03:07 +0300 From: Nikos Vassiliadis To: freebsd-net@freebsd.org Date: Tue, 25 Jul 2006 10:01:15 +0300 User-Agent: KMail/1.9.1 References: <200607241238.57205.nvass@teledomenet.gr> <20060724134810.GA4511@uk.tiscali.com> In-Reply-To: <20060724134810.GA4511@uk.tiscali.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200607251001.16102.nvass@teledomenet.gr> Cc: Brian Candler Subject: Re: using loopback address as primary address X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jul 2006 07:03:10 -0000 On Monday 24 July 2006 16:48, Brian Candler wrote: > On Mon, Jul 24, 2006 at 12:38:56PM +0300, Nikos Vassiliadis wrote: > > Can I somehow use lo1 address > > for connections initiated from Host_2? > > Options I know of: > > (1) the application which originates the connection can explicitly bind > to the lo1 address (see for example telnet -s and ping -S options) > I am looking for a "global just-works" sollution something like a routing/ip addressing scheme that will allow me to use individual (unrelated) IP addresses assigned to individual boxes on the same ethernet segment with a gateway to the internet > (2) the application can run in a jail(8) whose IP address is lo1, in which > case a 'bind to any' will bind to this address only > If that could happen without the jail part it would be fine... From owner-freebsd-net@FreeBSD.ORG Tue Jul 25 07:34:43 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F12816A58C for ; Tue, 25 Jul 2006 07:34:43 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from rune.pobox.com (rune.pobox.com [208.210.124.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4B68A43D45 for ; Tue, 25 Jul 2006 07:34:43 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from rune (localhost [127.0.0.1]) by rune.pobox.com (Postfix) with ESMTP id 445017B580; Tue, 25 Jul 2006 03:35:04 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rune.sasl.smtp.pobox.com (Postfix) with ESMTP id AED507AB38; Tue, 25 Jul 2006 03:35:00 -0400 (EDT) Received: from brian by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1G5HR7-0001xA-8u; Tue, 25 Jul 2006 08:34:37 +0100 Date: Tue, 25 Jul 2006 08:34:37 +0100 From: Brian Candler To: Julian Elischer Message-ID: <20060725073436.GA7477@uk.tiscali.com> References: <7.0.1.0.2.20060721105813.0971ae90@lariat.net> <20060724090909.GB3412@uk.tiscali.com> <200607241609.30783.zec@icir.org> <20060724192419.GA5474@uk.tiscali.com> <44C5302D.1020807@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44C5302D.1020807@elischer.org> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org, Marko Zec , Brett Glass Subject: Re: Multiple NAT router X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jul 2006 07:34:43 -0000 On Mon, Jul 24, 2006 at 01:40:13PM -0700, Julian Elischer wrote: > an ng_ip node :-) > I've considerred it. Then all the tools like 'netstat' and 'route' need modifying to talk to a netgraph socket, but in principle I don't see why it couldn't be done. ISTM there are a zillion userland-to-kernel and kernel-to-kernel communication interfaces: - ioctl - geom - cam - netgraph - vfs - sysctl - kmem - procfs - ... Perhaps they could all be replaced by netgraph?? Regards, Brian. From owner-freebsd-net@FreeBSD.ORG Tue Jul 25 11:29:35 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 781AB16A4E5 for ; Tue, 25 Jul 2006 11:29:35 +0000 (UTC) (envelope-from nvass@teledomenet.gr) Received: from matrix.teledomenet.gr (dns1.teledomenet.gr [213.142.128.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id DB1E343D64 for ; Tue, 25 Jul 2006 11:29:21 +0000 (GMT) (envelope-from nvass@teledomenet.gr) Received: from iris ([192.168.1.71]) by matrix.teledomenet.gr (8.12.10/8.12.10) with ESMTP id k6PBTJEY019432; Tue, 25 Jul 2006 14:29:19 +0300 From: Nikos Vassiliadis To: "Andre Santos" , freebsd-net@freebsd.org Date: Tue, 25 Jul 2006 14:27:27 +0300 User-Agent: KMail/1.9.1 References: <200607241238.57205.nvass@teledomenet.gr> <200607251001.16102.nvass@teledomenet.gr> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200607251427.27651.nvass@teledomenet.gr> Cc: Subject: Re: using loopback address as primary address X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jul 2006 11:29:35 -0000 On Tuesday 25 July 2006 14:19, Andre Santos wrote: > On 7/25/06, Nikos Vassiliadis wrote: > > > (2) the application can run in a jail(8) whose IP address is lo1, in > > > which case a 'bind to any' will bind to this address only > > > > If that could happen without the jail part it would be fine... > > Any specific reason for not using jail? You don't have to create a > jail environment for this. I didn't know that. You mean I can use a regular non-chrooted environment and still be inside a jail? From owner-freebsd-net@FreeBSD.ORG Tue Jul 25 12:03:01 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DEFC416A4E1 for ; Tue, 25 Jul 2006 12:03:01 +0000 (UTC) (envelope-from zec@icir.org) Received: from xaqua.tel.fer.hr (xaqua.tel.fer.hr [161.53.19.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0794843D6D for ; Tue, 25 Jul 2006 12:02:57 +0000 (GMT) (envelope-from zec@icir.org) Received: by xaqua.tel.fer.hr (Postfix, from userid 20006) id B45369B657; Tue, 25 Jul 2006 14:02:56 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on xaqua.tel.fer.hr X-Spam-Level: X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.1.1 Received: from [192.168.200.106] (zec2.tel.fer.hr [161.53.19.79]) by xaqua.tel.fer.hr (Postfix) with ESMTP id CB9C39B655; Tue, 25 Jul 2006 14:02:50 +0200 (CEST) From: Marko Zec To: Julian Elischer Date: Tue, 25 Jul 2006 14:02:46 +0200 User-Agent: KMail/1.9.1 References: <7.0.1.0.2.20060721105813.0971ae90@lariat.net> <20060724192419.GA5474@uk.tiscali.com> <44C5302D.1020807@elischer.org> In-Reply-To: <44C5302D.1020807@elischer.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200607251402.46797.zec@icir.org> Cc: Brett Glass , freebsd-net@freebsd.org, Brian Candler Subject: Re: Multiple NAT router X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jul 2006 12:03:02 -0000 On Monday 24 July 2006 22:40, Julian Elischer wrote: ... > >Also, what would really suit him is a netgraph IP interface node - i.e. > >something which takes raw ethernet frames from the interface, performs IP > >encapsulation/decapsulation and ARP - and an IP forwarding node with its > > own forwarding table. Has anyone done any work in that area? It would be > > really cool for VPN edge routing, for example. > > an ng_ip node :-) > I've considerred it. The Click modular router already provides a relatively complete IP forwarding path, including ARP handlers and several flavors of IP routing lookup nodes. I think it also icludes a NAT module, but have never tried it. Most importantly, it can work as a kernel module in FreeBSD, but only on 4.x. Marko From owner-freebsd-net@FreeBSD.ORG Tue Jul 25 12:04:16 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C2C4616A4DA for ; Tue, 25 Jul 2006 12:04:16 +0000 (UTC) (envelope-from zec@icir.org) Received: from xaqua.tel.fer.hr (xaqua.tel.fer.hr [161.53.19.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 25F9843D58 for ; Tue, 25 Jul 2006 12:04:16 +0000 (GMT) (envelope-from zec@icir.org) Received: by xaqua.tel.fer.hr (Postfix, from userid 20006) id 673EA9B655; Tue, 25 Jul 2006 14:04:15 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on xaqua.tel.fer.hr X-Spam-Level: X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.1.1 Received: from [192.168.200.106] (zec2.tel.fer.hr [161.53.19.79]) by xaqua.tel.fer.hr (Postfix) with ESMTP id 3D43B9B64F; Tue, 25 Jul 2006 14:04:11 +0200 (CEST) From: Marko Zec To: Brett Glass Date: Tue, 25 Jul 2006 14:04:06 +0200 User-Agent: KMail/1.9.1 References: <7.0.1.0.2.20060721105813.0971ae90@lariat.net> <200607241609.30783.zec@icir.org> <7.0.1.0.2.20060724204450.09bcbe80@lariat.net> In-Reply-To: <7.0.1.0.2.20060724204450.09bcbe80@lariat.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200607251404.07244.zec@icir.org> Cc: freebsd-net@freebsd.org, Brian Candler Subject: Re: Multiple NAT router X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jul 2006 12:04:16 -0000 On Tuesday 25 July 2006 05:17, Brett Glass wrote: > At 08:09 AM 7/24/2006, Marko Zec wrote: > >Yes this should work with a virtualized stack - all the "outsied" > > interfaces in each jail / virtual stack could be simply bridged together > > using netgraph which is virtualization-agnostic, i.e. a global facility > > in the current implementation of "vimage". > > Does this virtualization facility virtualize the arp table? It > would need to, because there would be hosts with duplicate > addresses inside each interface. Yes. > I've been noodling over this for two weeks now, and am thinking > that the easiest thing to do might be is map every address in each > "virtual" router to a unique address from FreeBSD's point of view > (i.e. 192.168.0.2 on LAN 1 becomes 10.0.0.2, while 192.168.0.2 on > LAN 1 becomes 10.0.1.2, etc.). The translation would be done by > "hooks" as close as possible to the interfaces, so FreeBSD's stack > wouldn't know it was being done. > > All that would be needed in that case would be to do "dumb" address > translation at the interfaces -- transparently to FreeBSD -- just > before the packets entered and left. This seems to be the method > that would leverage FreeBSD's existing facilities the most, since > FreeBSD's own routing, NAT, etc. would "just work" as they always > do. I'd need to figure out what to do about protocols like DHCP.... > I don't know if DHCP will assign addresses that it are not on the > subnet it "thinks" it's talking to. And I might need to hack into > the content of some packets. For example, I'd have to make ARP work. > > If I were to try this, the question would of course be which "hook" > to use to capture the packets (BPF? Divert sockets? Netgraph? > Something in IPFW? A hook into the driver?)... and whether I could > use existing code to do the bilateral translation or would have to > hack an "address smasher". > > --Brett Glass From owner-freebsd-net@FreeBSD.ORG Tue Jul 25 12:40:30 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 292D716A4E1 for ; Tue, 25 Jul 2006 12:40:30 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from proof.pobox.com (proof.pobox.com [207.106.133.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9DD5A43D5C for ; Tue, 25 Jul 2006 12:40:29 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from proof (localhost [127.0.0.1]) by proof.pobox.com (Postfix) with ESMTP id 8CDC724C2F; Tue, 25 Jul 2006 08:40:28 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by proof.sasl.smtp.pobox.com (Postfix) with ESMTP id 3D8B55B02B; Tue, 25 Jul 2006 08:40:26 -0400 (EDT) Received: from brian by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1G5MD2-0002GZ-Iz; Tue, 25 Jul 2006 13:40:24 +0100 Date: Tue, 25 Jul 2006 13:40:24 +0100 From: Brian Candler To: Brett Glass Message-ID: <20060725124024.GA8695@uk.tiscali.com> References: <7.0.1.0.2.20060721105813.0971ae90@lariat.net> <20060724090909.GB3412@uk.tiscali.com> <200607241609.30783.zec@icir.org> <7.0.1.0.2.20060724204450.09bcbe80@lariat.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7.0.1.0.2.20060724204450.09bcbe80@lariat.net> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org, Marko Zec Subject: Re: Multiple NAT router X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jul 2006 12:40:30 -0000 On Mon, Jul 24, 2006 at 09:17:37PM -0600, Brett Glass wrote: > I've been noodling over this for two weeks now, and am thinking > that the easiest thing to do might be is map every address in each > "virtual" router to a unique address from FreeBSD's point of view > (i.e. 192.168.0.2 on LAN 1 becomes 10.0.0.2, while 192.168.0.2 on > LAN 1 becomes 10.0.1.2, etc.). The translation would be done by > "hooks" as close as possible to the interfaces, so FreeBSD's stack > wouldn't know it was being done. > > All that would be needed in that case would be to do "dumb" address > translation at the interfaces -- transparently to FreeBSD -- just > before the packets entered and left. One problem is managing the allocation of the translated addresses. But why not do dumb mapping of IPv4 addresses to IPv6 ? That would let you have up to 2^96 "virtual routers", and finally provide a reason for the IPv6 code to exist :-) From owner-freebsd-net@FreeBSD.ORG Tue Jul 25 17:28:03 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0FBC416A4DA for ; Tue, 25 Jul 2006 17:28:03 +0000 (UTC) (envelope-from rrs@cisco.com) Received: from sj-iport-1.cisco.com (sj-iport-1-in.cisco.com [171.71.176.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8EB9B43D79 for ; Tue, 25 Jul 2006 17:27:49 +0000 (GMT) (envelope-from rrs@cisco.com) Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-1.cisco.com with ESMTP; 25 Jul 2006 10:27:49 -0700 Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-2.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k6PHRnme000894 for ; Tue, 25 Jul 2006 10:27:49 -0700 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id k6PHRnJi018320 for ; Tue, 25 Jul 2006 10:27:49 -0700 (PDT) Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 25 Jul 2006 10:27:48 -0700 Received: from [127.0.0.1] ([171.68.225.134]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 25 Jul 2006 10:27:48 -0700 Message-ID: <44C6549B.8080407@cisco.com> Date: Tue, 25 Jul 2006 13:27:55 -0400 From: Randall Stewart User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20060223 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <44BB7A92.9080008@cisco.com> <44BE34E2.7070603@cisco.com> In-Reply-To: <44BE34E2.7070603@cisco.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 25 Jul 2006 17:27:48.0910 (UTC) FILETIME=[A6625CE0:01C6B00F] DKIM-Signature: a=rsa-sha1; q=dns; l=741; t=1153848469; x=1154712469; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rrs@cisco.com; z=From:Randall=20Stewart=20 |Subject:Re=3A=20SCTP; X=v=3Dcisco.com=3B=20h=3DeFwn8yHouLxYzxwWS0cbAORTlr0=3D; b=OC01/j5E00Pw8qR8ag8g/QfEtM57m79IFhd6JBhlFy8nqwYasFIt4/YkfeNOZWfx2S3IsM7E w4ScWUKna2mO9EHQUzGD5FA8TfZNE1hEdv+ZzFvKBid052snNtno1/DC; Authentication-Results: sj-dkim-2.cisco.com; header.From=rrs@cisco.com; dkim=pass ( sig from cisco.com verified; ); Subject: Re: SCTP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jul 2006 17:28:03 -0000 Greetings all: After much work with Pawel.. I figured out and fixed/simplified/made better a lot of what was happening for him... Turns out he had some of Roberts latest changes to the sockets code :-0 (which I knew would break SCTP). Now I have fixed these in the latest patch/and or download. Please find the patch either at: http://www.sctp.org/July25.patch.bz2 OR you can find it hanging off the http://www.sctp.org download tab. Note: thanks to all of you that have tested and played with SCTP.. keep up the good work.. and for those of you that have not gotten around to it.. please do so :-D R -- Randall Stewart NSSTG - Cisco Systems Inc. 803-345-0369 815-342-5222 (cell) From owner-freebsd-net@FreeBSD.ORG Tue Jul 25 19:34:12 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 026EA16A4E6 for ; Tue, 25 Jul 2006 19:34:12 +0000 (UTC) (envelope-from julian@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id B070243D9A for ; Tue, 25 Jul 2006 19:34:11 +0000 (GMT) (envelope-from julian@elischer.org) Received: from unknown (HELO [10.251.18.229]) ([10.251.18.229]) by a50.ironport.com with ESMTP; 25 Jul 2006 12:34:10 -0700 Message-ID: <44C67232.70508@elischer.org> Date: Tue, 25 Jul 2006 12:34:10 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Brett Glass References: <7.0.1.0.2.20060721105813.0971ae90@lariat.net> <20060724090909.GB3412@uk.tiscali.com> <200607241609.30783.zec@icir.org> <7.0.1.0.2.20060724204450.09bcbe80@lariat.net> In-Reply-To: <7.0.1.0.2.20060724204450.09bcbe80@lariat.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Marko Zec , Brian Candler Subject: Re: Multiple NAT router X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jul 2006 19:34:12 -0000 Brett Glass wrote: > At 08:09 AM 7/24/2006, Marko Zec wrote: > >> Yes this should work with a virtualized stack - all the "outsied" >> interfaces >> in each jail / virtual stack could be simply bridged together using >> netgraph >> which is virtualization-agnostic, i.e. a global facility in the current >> implementation of "vimage". > > > Does this virtualization facility virtualize the arp table? It would > need to, because there would be hosts with duplicate addresses inside > each interface. yes it virtuialises the entire network system look for 'vimage FreeBSD ' under google, unfortunatly it is 4.x only at the moment but you may be able to use a 4.x machine. > > I've been noodling over this for two weeks now, and am thinking that > the easiest thing to do might be is map every address in each > "virtual" router to a unique address from FreeBSD's point of view > (i.e. 192.168.0.2 on LAN 1 becomes 10.0.0.2, while 192.168.0.2 on LAN > 1 becomes 10.0.1.2, etc.). The translation would be done by "hooks" as > close as possible to the interfaces, so FreeBSD's stack wouldn't know > it was being done. netgraph shims? netgraph can shim into the interfaces the way you suggest. man ng_ether. > > All that would be needed in that case would be to do "dumb" address > translation at the interfaces -- transparently to FreeBSD -- just > before the packets entered and left. This seems to be the method that > would leverage FreeBSD's existing facilities the most, since FreeBSD's > own routing, NAT, etc. would "just work" as they always do. I'd need > to figure out what to do about protocols like DHCP.... I don't know if > DHCP will assign addresses that it are not on the subnet it "thinks" > it's talking to. And I might need to hack into the content of some > packets. For example, I'd have to make ARP work. > > If I were to try this, the question would of course be which "hook" to > use to capture the packets (BPF? Divert sockets? Netgraph? Something > in IPFW? A hook into the driver?)... and whether I could use existing > code to do the bilateral translation or would have to hack an "address > smasher". > > --Brett Glass > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Tue Jul 25 19:38:14 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1F59716A4DD for ; Tue, 25 Jul 2006 19:38:14 +0000 (UTC) (envelope-from julian@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id A93FB43D4C for ; Tue, 25 Jul 2006 19:38:13 +0000 (GMT) (envelope-from julian@elischer.org) Received: from unknown (HELO [10.251.18.229]) ([10.251.18.229]) by a50.ironport.com with ESMTP; 25 Jul 2006 12:38:13 -0700 Message-ID: <44C67325.8040504@elischer.org> Date: Tue, 25 Jul 2006 12:38:13 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Brian Candler References: <7.0.1.0.2.20060721105813.0971ae90@lariat.net> <20060724090909.GB3412@uk.tiscali.com> <200607241609.30783.zec@icir.org> <20060724192419.GA5474@uk.tiscali.com> <44C5302D.1020807@elischer.org> <20060725073436.GA7477@uk.tiscali.com> In-Reply-To: <20060725073436.GA7477@uk.tiscali.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Marko Zec , Brett Glass Subject: Re: Multiple NAT router X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jul 2006 19:38:14 -0000 Brian Candler wrote: >On Mon, Jul 24, 2006 at 01:40:13PM -0700, Julian Elischer wrote: > > >>an ng_ip node :-) >>I've considerred it. >> >> > >Then all the tools like 'netstat' and 'route' need modifying to talk to a >netgraph socket, but in principle I don't see why it couldn't be done. > >ISTM there are a zillion userland-to-kernel and kernel-to-kernel >communication interfaces: >- ioctl >- geom >- cam >- netgraph >- vfs >- sysctl >- kmem >- procfs >- ... > >Perhaps they could all be replaced by netgraph?? > > no, netgraph's interface is very specialised in its characteristics. though you could replace tun, tap and gif very easily. >Regards, > >Brian. >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Tue Jul 25 20:25:18 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC74F16A522 for ; Tue, 25 Jul 2006 20:25:18 +0000 (UTC) (envelope-from pawel.worach@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id 250B943D45 for ; Tue, 25 Jul 2006 20:25:17 +0000 (GMT) (envelope-from pawel.worach@gmail.com) Received: by ug-out-1314.google.com with SMTP id m2so3024118uge for ; Tue, 25 Jul 2006 13:25:16 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=EkYsqA7V4YDjuWYj1ELa4MUlmPhAX71ADpUyuX06WTBgrh4fKTCSz/3ZihjtmHEPF/zQhFIPV2F2KLz/gU05PfFoY6mijCXJObW8CKzZM7MB+wiTLPi7znkL6FNfl90IO3owflXE3J8nHe7H4/2tiXuyREkcz5/i57fM2dsRFKE= Received: by 10.78.117.10 with SMTP id p10mr2624993huc; Tue, 25 Jul 2006 13:25:16 -0700 (PDT) Received: from ?192.168.1.200? ( [80.217.194.157]) by mx.gmail.com with ESMTP id 3sm2308842hud.2006.07.25.13.25.15; Tue, 25 Jul 2006 13:25:16 -0700 (PDT) Message-ID: <44C67E25.7050706@gmail.com> Date: Tue, 25 Jul 2006 22:25:09 +0200 From: Pawel Worach User-Agent: Thunderbird 1.5.0.4 (X11/20060715) MIME-Version: 1.0 To: Randall Stewart References: <44BB7A92.9080008@cisco.com> <44BE34E2.7070603@cisco.com> <44C6549B.8080407@cisco.com> In-Reply-To: <44C6549B.8080407@cisco.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: SCTP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jul 2006 20:25:19 -0000 Another interesting thing, I did see this before as well. System freezes in the middle of a NPsctp run. This does not happen when I run over loopback but occasionally when run over crossover network. I enabled WITNESS, INVARIANTS and INVARIANTS_SCTP, no complains from any of them. I can break to ddb and here is some random debugging. I also have a manual dump of this. db> ps pid uid ppid pgrp state wmesg wchan cmd 1077 0 1002 1077 R+ NPsctp 1008 0 835 835 S pause 0xc2757034 ntpd 1002 0 998 1002 S+ pause 0xc2703904 csh 1001 0 1 1001 Ss+ ttyin 0xc25cd410 getty 1000 0 1 1000 Ss+ ttyin 0xc25cd010 getty 999 0 1 999 Ss+ ttyin 0xc25ce010 getty 998 0 1 998 Ss+ wait 0xc2574d38 login 917 0 1 917 Ss nanslp 0xc07c1784 cron 906 0 1 906 Ss select 0xc080b04c sshd 842 0 1 842 Ss select 0xc080b04c powerd 835 0 1 835 Ss select 0xc080b04c ntpd 761 0 0 0 SL mdwait 0xc282b800 [md0] 718 0 1 718 Ss select 0xc080b04c syslogd 617 0 1 617 Ss select 0xc080b04c devd 174 0 1 174 Ss pause 0xc2703d6c adjkerntz 46 0 0 0 SL geli:w 0xc26f7c00 [g_eli[0] ad0s2d] 45 0 0 0 SL - 0xd480dcf8 [schedcpu] 44 0 0 0 SL sdflush 0xc08164ec [softdepflush] 43 0 0 0 SL syncer 0xc07c154c [syncer] --More-- 42 0 0 0 SL vlruwt 0xc27018d0 [vnlru] 41 0 0 0 SL psleep 0xc080b4d4 [bufdaemon] 40 0 0 0 SL pollid 0xc07c0c18 [idlepoll] 39 0 0 0 SL pgzero 0xc081ee30 [pagezero] 38 0 0 0 SL psleep 0xc0816d60 [vmdaemon] 37 0 0 0 SL psleep 0xc0816d20 [pagedaemon] 36 0 0 0 WL [swi0: sio] 35 0 0 0 WL [irq12: psm0] 34 0 0 0 RL CPU 0 [irq1: atkbd0] 33 0 0 0 SL cooling 0xc257acd4 [acpi_cooling0] 32 0 0 0 SL tzpoll 0xc09d6520 [acpi_thermal] 31 0 0 0 WL [irq15: ata1] 30 0 0 0 WL [irq14: ata0] 29 0 0 0 SL - 0xc2578080 [ath0 taskq] 28 0 0 0 SL usbevt 0xc24e9a10 [usb3] 27 0 0 0 SL usbevt 0xc2567210 [usb2] 26 0 0 0 SL usbevt 0xc2552210 [usb1] 25 0 0 0 SL usbtsk 0xc07bece4 [usbtask] 24 0 0 0 SL usbevt 0xc24fa210 [usb0] 23 0 0 0 WL [irq11: pcm0 em0++*] --More-- 22 0 0 0 WL [irq9: acpi0] 21 0 0 0 WL [swi2: cambio] 20 0 0 0 SL - 0xc24f6400 [acpi_task_2] 19 0 0 0 SL - 0xc24f6400 [acpi_task_1] 9 0 0 0 SL - 0xc24f6400 [acpi_task_0] 8 0 0 0 SL - 0xc24f6500 [kqueue taskq] 18 0 0 0 WL [swi5: +] 7 0 0 0 SL - 0xc2463480 [thread taskq] 17 0 0 0 WL [swi6: Giant taskq] 16 0 0 0 WL [swi6: task queue] 15 0 0 0 SL seqstate 0xc245fc54 [sequencer 00] 14 0 0 0 SL - 0xc07be580 [yarrow] 6 0 0 0 SL - 0xc07bf03c [g_down] 5 0 0 0 SL - 0xc07bf038 [g_up] 4 0 0 0 SL - 0xc07bf030 [g_event] 3 0 0 0 SL crypto_r 0xc0816254 [crypto returns] 2 0 0 0 SL crypto_w 0xc081622c [crypto] 13 0 0 0 WL [swi3: vm] 12 0 0 0 RL [swi4: clock sio] 11 0 0 0 LL *so_rcv 0xc2466140 [swi1: net] --More-- 10 0 0 0 RL [idle] 1 0 0 1 SLs wait 0xc246a000 [init] 0 0 0 0 WLs [swapper] db> show alllocks Process 1077 (NPsctp) thread 0xc25706c0 (100038) exclusive sleep mutex so_rcv r = 0 (0xc2780458) locked @ /usr/src/sys/netinet/sctputil.c:4042 Process 34 (irq1: atkbd0) thread 0xc246b6c0 (100031) exclusive sleep mutex Giant r = 0 (0xc07c0b08) locked @ /usr/src/sys/kern/kern_intr.c:661 Process 11 (swi1: net) thread 0xc24656c0 (100005) exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xc29a5498) locked @ /usr/src/sys/netinet/sctp_pcb.c:191 db> tr 1077 Tracing pid 1077 tid 100038 td 0xc25706c0 sched_switch(c25706c0,c246b6c0,6,158,417a95,...) at sched_switch+0x1a0 mi_switch(6,c246b6c0,c07563d7,290,c246b850,...) at mi_switch+0x306 maybe_preempt(c246b6c0,1,c075626f,4ab,c2468360,...) at maybe_preempt+0x1f0 sched_add(c246b6c0,4,c07563d7,1f4,c2462c80,...) at sched_add+0x97 setrunqueue(c246b6c0,4,c0751b05,211,d488092c,...) at setrunqueue+0xd9 intr_event_schedule_thread(c2462c80,0,d4880958,1,c25706c0,...) at intr_event_schedule_thread+0x116 intr_execute_handlers(c07b614c,d4880984,38,c0758c54,c29ab5d8,...) at intr_execute_handlers+0x14a atpic_handle_intr(1) at atpic_handle_intr+0xcf Xatpic_intr1() at Xatpic_intr1+0x20 --- interrupt, eip = 0xc05fae33, esp = 0xd48809c4, ebp = 0xd4880a34 --- sctp_sorecvmsg(c27803e4,d4880c5c,0,0,0,...) at sctp_sorecvmsg+0x183 sctp_soreceive(c27803e4,0,d4880c5c,0,0,...) at sctp_soreceive+0x9b soreceive(c27803e4,0,d4880c5c,0,0,...) at soreceive+0x53 soo_read(c272ec60,d4880c5c,c28d9400,0,c25706c0,...) at soo_read+0x6f dofileread(c25706c0,3,c272ec60,d4880c5c,ffffffff,...) at dofileread+0xa7 kern_readv(c25706c0,3,d4880c5c,82945ac,2a51,...) at kern_readv+0x60 read(c25706c0,d4880d04,c,444,c257469c,...) at read+0x4f syscall(bfbf003b,829003b,bfbc003b,bfbfe8d0,82945ac,...) at syscall+0x313 Xint0x80_syscall() at Xint0x80_syscall+0x1f --More-- --- syscall (3, FreeBSD ELF32, read), eip = 0x28168887, esp = 0xbfbbfffc, ebp = 0xbfbc0028 --- db> tr 11 Tracing pid 11 tid 100005 td 0xc24656c0 sched_switch(c24656c0,0,1,158,c25706c0,...) at sched_switch+0x1a0 mi_switch(1,0,c075815d,283,c07c41d0,...) at mi_switch+0x306 turnstile_wait(c2780458,c25706c0,0,223,c25706c2,...) at turnstile_wait+0x4c5 _mtx_lock_sleep(c2780458,c24656c0,0,c07637e7,e65,...) at _mtx_lock_sleep+0x130 _mtx_lock_flags(c2780458,0,c07637e7,e65,c294fe00,...) at _mtx_lock_flags+0xc7 sctp_append_to_readq(c29a3000,c29a5000,c29ab5d8,c27ff000,0,...) at sctp_append_to_readq+0x116 sctp_service_reassembly(c29a5000,c29a502c,69215acb,5bc,c2982030,...) at sctp_service_reassembly+0x2be sctp_service_queues(c29a5000,c29a502c,d35e2c40,20,c2982030,...) at sctp_service_queues+0x2a sctp_process_data(d35e2c40,14,d35e2bc8,5dc,c2982024,...) at sctp_process_data+0x65f sctp_common_input_processing(d35e2c40,14,5dc,5dc,c2982024,...) at sctp_common_input_processing+0x424 sctp_input(c294e100,14,c255a800,1,0,...) at sctp_input+0x420 ip_input(c294e100,0,c0760336,e9,c080c318,...) at ip_input+0x6c1 netisr_processqueue(c080c318,c07c0af0,2,c07563d7,c245ea00,...) at netisr_processqueue+0x8e swi_net(0,d35e2cd8,c052758c,c07c0af0,1,...) at swi_net+0xf9 ithread_execute_handlers(c2464b04,c2462580,c0751b05,2f9,c24656c0,...) at ithread_execute_handlers+0x168 ithread_loop(c24333b0,d35e2d38,c07518ff,32e,0,...) at ithread_loop+0x83 fork_exit(c05183d0,c24333b0,d35e2d38) at fork_exit+0xc3 fork_trampoline() at fork_trampoline+0x8 --- trap 0x1, eip = 0, esp = 0xd35e2d6c, ebp = 0 --- --More-- db> call doadump Physical memory: 502 MB Dumping 33 MB: 18 2 (kgdb) l /usr/src/sys/netinet/sctputil.c:4042 4037 inp = (struct sctp_inpcb *)so->so_pcb; 4038 if (inp == NULL) { 4039 return (EFAULT); 4040 } 4041 s = splnet(); 4042 SOCKBUF_LOCK(&so->so_rcv); 4043 4044 restart: 4045 if((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 4046 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { (kgdb) l /usr/src/sys/netinet/sctp_pcb.c:191 186 } 187 if (stcb->sctp_socket) 188 if (mtx_owned(&(stcb->sctp_socket->so_snd.sb_mtx))) { 189 panic("own snd socket mtx at lock of tcb"); 190 } 191 mtx_lock(&(stcb)->tcb_mtx); 192 } 193 194 195 void (kgdb) l *sctp_append_to_readq+0x116 0xc05fa396 is in sctp_append_to_readq (/usr/src/sys/netinet/sctputil.c:3687). 3682 mm = mm->m_next; 3683 } 3684 if (sb) { 3685 SOCKBUF_LOCK(sb); 3686 } 3687 if (control->tail_mbuf) { 3688 /* append */ 3689 control->tail_mbuf->m_next = m; 3690 control->tail_mbuf = tail; 3691 } else { -- Pawel From owner-freebsd-net@FreeBSD.ORG Wed Jul 26 14:12:34 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B3E6816A4DA; Wed, 26 Jul 2006 14:12:34 +0000 (UTC) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7223343D58; Wed, 26 Jul 2006 14:12:34 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.12.11) with ESMTP id k6QECXbs096425; Wed, 26 Jul 2006 07:12:33 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id k6QECWWK096424; Wed, 26 Jul 2006 07:12:32 -0700 (PDT) (envelope-from rizzo) Date: Wed, 26 Jul 2006 07:12:32 -0700 From: Luigi Rizzo To: net@freebsd.org Message-ID: <20060726071232.A96367@xorpc.icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Cc: Subject: multiple DSL modems and pppoe sessions on the same ethernet ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Jul 2006 14:12:34 -0000 hi, i am trying to run, on a single FreeBSD box, multiple (3 in my case) pppoe instances talking to as many DSL modems on the same ethernet cable ------+--------------+--------------+--------------+----- | | | | +-[modem1] +-[modem2] +-[modem3] +-[FreeBSD/ppp] DSL#1 DSL#2 DSL#3 Ideally, in /etc/ppp/ppp.conf i can write something like modem1: set device PPPoE:rl0:dsl1 ... modem2: set device PPPoE:rl0:dsl2 ... modem3: set device PPPoE:rl0:dsl3 ... and the PPPoE spec (RFC2516) says this should work as long as each DSL line has a different 'service name' (tag 0x101 in the packet). The problem is, my provider does not provide specific service names, but it will accept anything i supply. So when i run the three ppp instances, they will all match, and the code in ng_pppoe.c will happily take the first reply as good. The only approach left is then implement some form of MAC filtering, e.g. overloading the 'service name' to specify the mac address of the modem i am interested in. There is a couple of ways to implement this, one is patching the receive path (ng_pppoe_rcvdata(), case PADO_CODE) to filter replies based on the source mac address, and the other one is to patch the code transmitting the PADI packet to replace the broadcast dst address with the unicast MAC taken from the "service name". Any better ideas ? cheers luigi From owner-freebsd-net@FreeBSD.ORG Wed Jul 26 16:07:50 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C7B3816A4E1 for ; Wed, 26 Jul 2006 16:07:50 +0000 (UTC) (envelope-from dionch@freemail.gr) Received: from smtp.freemail.gr (smtp.freemail.gr [81.171.104.107]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3175443D99 for ; Wed, 26 Jul 2006 16:07:38 +0000 (GMT) (envelope-from dionch@freemail.gr) Received: by smtp.freemail.gr (Postfix, from userid 101) id 008ECA084AD; Wed, 26 Jul 2006 19:07:36 +0300 (EEST) Received: from CDION (unknown [62.38.9.197])by smtp.freemail.gr (Postfix) with ESMTP id 31388A084A6; Wed, 26 Jul 2006 19:07:35 +0300 (EEST) Date: Wed, 26 Jul 2006 19:07:13 +0300 From: Chris Dionissopoulos X-Mailer: The Bat! (v3.80.06) Professional X-Priority: 3 (Normal) Message-ID: <563361368.20060726190713@freemail.gr> To: Luigi Rizzo In-Reply-To: <20060726071232.A96367@xorpc.icir.org> References: <20060726071232.A96367@xorpc.icir.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: net@freebsd.org Subject: Re: multiple DSL modems and pppoe sessions on the same ethernet ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Chris Dionissopoulos List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Jul 2006 16:07:50 -0000 Hello Luigi, Wednesday, July 26, 2006, 5:12:32 PM, you wrote: > hi, > i am trying to run, on a single FreeBSD box, multiple (3 in my case) > pppoe instances talking to as many DSL modems on the same ethernet cable > > ------+--------------+--------------+--------------+----- > | | | | > +-[modem1] +-[modem2] +-[modem3] +-[FreeBSD/ppp] > DSL#1 DSL#2 DSL#3 > Ideally, in /etc/ppp/ppp.conf i can write something like > > modem1: > set device PPPoE:rl0:dsl1 > ... > > modem2: > set device PPPoE:rl0:dsl2 > ... > > modem3: > set device PPPoE:rl0:dsl3 > ... > Any better ideas ? > > cheers > luigi if your switch supports vlan and 802.1q encapsulation, you would create 3 different vlans (100,200,300) with one port each and plug each modem, then, a trunk port with 3 vlans encapsulated (AKA tagged) and plug rl0 interface. then create vlan100,vlan200,vlan300 in physical rl0. and do the same ppp config: modem1: set device PPPoE:vlan100:dsl1 ... modem2: set device PPPoE:vlan200:dsl2 ... modem3: set device PPPoE:vlan300:dsl3 ... another approach is to use 3 ng_ether interfaces with custom mac addresses defined and linked to the same ng_bridge node with physical: rl0:upper-------| |-----upper:ngeth0 rl0:lower----ng_bridge-----lower:ngeth0 | | | |-----lower:ngeth1 | | |--------upper:ngeth1 | |----------lower:ngeth0 |------------upper:ngeth1 and use (only) ngeth0,ngeth1,ngeth2 as pppoe devices in ppp.conf. All untested and just in theory only. Let us know your experiences. -- Best regards, Chris mailto:dionch@freemail.gr ____________________________________________________________________ http://www.freemail.gr - δωρεάν υπηρεσία ηλεκτρονικού ταχυδρομείου. http://www.freemail.gr - free email service for the Greek-speaking. From owner-freebsd-net@FreeBSD.ORG Wed Jul 26 16:24:09 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D23B16A4FC for ; Wed, 26 Jul 2006 16:24:09 +0000 (UTC) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9E6FB43DFB for ; Wed, 26 Jul 2006 16:16:22 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.12.11) with ESMTP id k6QGGJgP099485; Wed, 26 Jul 2006 09:16:19 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id k6QGGJMf099484; Wed, 26 Jul 2006 09:16:19 -0700 (PDT) (envelope-from rizzo) Date: Wed, 26 Jul 2006 09:16:19 -0700 From: Luigi Rizzo To: Chris Dionissopoulos Message-ID: <20060726091619.A99336@xorpc.icir.org> References: <20060726071232.A96367@xorpc.icir.org> <563361368.20060726190713@freemail.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <563361368.20060726190713@freemail.gr>; from dionch@freemail.gr on Wed, Jul 26, 2006 at 07:07:13PM +0300 Cc: net@freebsd.org Subject: Re: multiple DSL modems and pppoe sessions on the same ethernet ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Jul 2006 16:24:09 -0000 On Wed, Jul 26, 2006 at 07:07:13PM +0300, Chris Dionissopoulos wrote: > Hello Luigi, > > Wednesday, July 26, 2006, 5:12:32 PM, you wrote: > > > hi, > > i am trying to run, on a single FreeBSD box, multiple (3 in my case) > > pppoe instances talking to as many DSL modems on the same ethernet cable > > > > ------+--------------+--------------+--------------+----- > > | | | | > > +-[modem1] +-[modem2] +-[modem3] +-[FreeBSD/ppp] > > DSL#1 DSL#2 DSL#3 ... > if your switch supports vlan and 802.1q encapsulation, you would create it doesn't so not applicable. > another approach is to use 3 ng_ether interfaces with custom mac > addresses defined and linked to the same ng_bridge node with physical: hmmm, i think this won't work either, because each PADI frame will reach all modems so i cannot differentiate among the replies. cheers luigi From owner-freebsd-net@FreeBSD.ORG Wed Jul 26 18:35:15 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EA6AB16A4DF for ; Wed, 26 Jul 2006 18:35:15 +0000 (UTC) (envelope-from prvs=julian=355ecf7dd@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3729B43D55 for ; Wed, 26 Jul 2006 18:35:15 +0000 (GMT) (envelope-from prvs=julian=355ecf7dd@elischer.org) Received: from unknown (HELO [10.251.18.229]) ([10.251.18.229]) by a50.ironport.com with ESMTP; 26 Jul 2006 11:35:14 -0700 Message-ID: <44C7B5E2.5080001@elischer.org> Date: Wed, 26 Jul 2006 11:35:14 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: FreeBSD Net Content-Type: multipart/mixed; boundary="------------010107020001000001000102" Subject: [patch] RFC: allow divert from layer 2 ipfw (e.g. bridge) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Jul 2006 18:35:16 -0000 This is a multi-part message in MIME format. --------------010107020001000001000102 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit This code is running on quite a few systems but in a very limited environment that may not test all possibilities.. Does anyone have comments or suggestions as to changes that I might make for checkin into generic FreeBSD? It was originally written for 4.x but with 6.x in mind. It is now running on 6.1 and seems to be ok so far. Certainly I am interested in hearing from Robert and Luigi and I am particularly interested in what people think on how this will handle locking/SMP difficulies. --------------010107020001000001000102 Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0"; name="link_divert.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="link_divert.patch" Only in ./sys/i386/compile: MESSAGING_GATEWAY.i386 Only in ./sys/i386/conf: MESSAGING_GATEWAY.i386 diff -upr ../src/sys/net/bridge.c ./sys/net/bridge.c --- ../src/sys/net/bridge.c Thu May 25 13:03:05 2006 +++ ./sys/net/bridge.c Fri Jun 9 11:19:58 2006 @@ -88,6 +88,7 @@ * - loop detection is still not very robust. */ +#include "opt_ipdivert.h" #include #include #include @@ -109,12 +110,15 @@ #include #include #include +#include #include #include #include #include +#include #include +#include #include /*--------------------*/ @@ -1107,7 +1111,30 @@ bdg_forward(struct mbuf *m0, struct ifne if (i == 0) /* a PASS rule. */ goto forward; - if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) { + + /* To get here it is either a dummynet thing or a divert/tee */ + if ((i & IP_FW_DUMMYNET) == 0) { +#ifdef IPDIVERT + struct mbuf *clone = NULL; + + /* Deliver packet to divert input routine */ + /* Clone packet if we're doing a 'tee' */ + if ((i & IP_FW_TEE) != 0) { + clone = m_dup(m0, M_DONTWAIT); + if (clone) { + if (clone->m_pkthdr.rcvif) { + ip_divert_enqueue_ptr(clone); + } else { + ip_divert_ptr(clone, 0); + } + } + goto forward; + } else { + ip_divert_enqueue_ptr(m0); + return (NULL); + } +#endif + } else if (DUMMYNET_LOADED) { /* * Pass the pkt to dummynet, which consumes it. * If shared, make a copy and keep the original. Only in ./sys/net: bridge.c~ diff -upr ../src/sys/net/if_ethersubr.c ./sys/net/if_ethersubr.c --- ../src/sys/net/if_ethersubr.c Thu May 25 13:03:19 2006 +++ ./sys/net/if_ethersubr.c Fri Jun 9 11:31:01 2006 @@ -34,6 +34,7 @@ #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipx.h" +#include "opt_ipdivert.h" #include "opt_bdg.h" #include "opt_mac.h" #include "opt_netgraph.h" @@ -67,8 +68,10 @@ #if defined(INET) || defined(INET6) #include #include +#include #include #include +#include #include #endif #ifdef INET6 @@ -377,6 +380,19 @@ ether_output_frame_pre_netgraph(struct i return (0); } + if (BDG_ACTIVE(ifp)) { + /* + * Beware, the bridge code notices the null rcvif and + * uses that identify that it's being called from + * ether_output as opposd to ether_input. Yech. + */ + m->m_pkthdr.rcvif = NULL; + m = bdg_forward_ptr(m, ifp); + if (m != NULL) + m_freem(m); + return (0); + } + return ether_output_frame(ifp, m); } @@ -396,18 +412,33 @@ ether_output_frame(struct ifnet *ifp, st #endif int error; - if (rule == NULL && BDG_ACTIVE(ifp)) { - /* - * Beware, the bridge code notices the null rcvif and - * uses that identify that it's being called from - * ether_output as opposd to ether_input. Yech. - */ - m->m_pkthdr.rcvif = NULL; - m = bdg_forward_ptr(m, ifp); - if (m != NULL) - m_freem(m); - return (0); +#ifdef IPDIVERT + /* + * It's either a dummynet thing or a divert (but not both). + */ + if ((IP_FW_DUMMYNET) == 0) { + struct mbuf *clone = NULL; + + /* Deliver packet to divert input routine */ + /* Clone packet if we're doing a 'tee' */ + if ((IP_FW_TEE) != 0) { + clone = m_dup(m, M_DONTWAIT); + if (clone) { + if (clone->m_pkthdr.rcvif) { + ip_divert_enqueue_ptr(clone); + } else { + ip_divert_ptr(clone, 0); + } + } + return (1); + } else { + ip_divert_enqueue_ptr(m); + m = NULL; + return (0); + } } +#endif + #if defined(INET) || defined(INET6) if (IPFW_LOADED && ether_ipfw != 0) { if (ether_ipfw_chk(&m, ifp, &rule, 0) == 0) { @@ -499,6 +530,33 @@ ether_ipfw_chk(struct mbuf **m0, struct if (i == IP_FW_PASS) /* a PASS rule. */ return 1; +#ifdef IPDIVERT + /* + * It's either a dummynet thing or a divert (but not both). + */ + if ((i & IP_FW_DUMMYNET) == 0) { + struct mbuf *clone = NULL; + + /* Deliver packet to divert input routine */ + /* Clone packet if we're doing a 'tee' */ + if ((i & IP_FW_TEE) != 0) { + clone = m_dup(*m0, M_DONTWAIT); + if (clone) { + if (clone->m_pkthdr.rcvif) { + ip_divert_enqueue_ptr(clone); + } else { + ip_divert_ptr(clone, 0); + } + } + return (1); + } else { + ip_divert_ptr(*m0, (*m0)->m_pkthdr.rcvif?1:0); + *m0 = NULL; + return (0); + } + } +#endif + if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) { /* * Pass the pkt to dummynet, which consumes it. @@ -656,6 +714,11 @@ ether_demux(struct ifnet *ifp, struct mb #if defined(INET) || defined(INET6) struct ip_fw *rule = ip_dn_claim_rule(m); #endif + /* Discard packet if interface is not up */ + if ((ifp->if_flags & IFF_UP) == 0) { + m_freem(m); + return; + } KASSERT(ifp != NULL, ("ether_demux: NULL interface pointer")); @@ -667,6 +730,17 @@ ether_demux(struct ifnet *ifp, struct mb goto post_stats; #endif + +#ifdef DEV_CARP +pre_stats: +#endif + if (ETHER_IS_MULTICAST(eh->ether_dhost)) { + if (bcmp(etherbroadcastaddr, eh->ether_dhost, + sizeof(etherbroadcastaddr)) == 0) + m->m_flags |= M_BCAST; + else + m->m_flags |= M_MCAST; + } else { if (!(BDG_ACTIVE(ifp)) && !(ifp->if_bridge) && !((ether_type == ETHERTYPE_VLAN || m->m_flags & M_VLANTAG) && ifp->if_nvlans > 0)) { @@ -711,22 +785,7 @@ ether_demux(struct ifnet *ifp, struct mb } } } - -#ifdef DEV_CARP -pre_stats: -#endif - /* Discard packet if interface is not up */ - if ((ifp->if_flags & IFF_UP) == 0) { - m_freem(m); - return; - } - if (ETHER_IS_MULTICAST(eh->ether_dhost)) { - if (bcmp(etherbroadcastaddr, eh->ether_dhost, - sizeof(etherbroadcastaddr)) == 0) - m->m_flags |= M_BCAST; - else - m->m_flags |= M_MCAST; - } + } if (m->m_flags & (M_BCAST|M_MCAST)) ifp->if_imcasts++; Only in ./sys/net: if_ethersubr.c~ diff -upr ../src/sys/net/netisr.h ./sys/net/netisr.h --- ../src/sys/net/netisr.h Thu Jan 6 17:45:35 2005 +++ ./sys/net/netisr.h Thu Jun 8 13:51:56 2006 @@ -50,6 +50,7 @@ */ #define NETISR_POLL 0 /* polling callback, must be first */ #define NETISR_IP 2 /* same as AF_INET */ +#define NETISR_DIVERT 3 /* For diverting level2 packets. */ #define NETISR_ROUTE 14 /* routing socket */ #define NETISR_AARP 15 /* Appletalk ARP */ #define NETISR_ATALK2 16 /* Appletalk phase 2 */ diff -upr ../src/sys/netinet/ip_divert.c ./sys/netinet/ip_divert.c --- ../src/sys/netinet/ip_divert.c Wed Nov 16 02:31:22 2005 +++ ./sys/netinet/ip_divert.c Fri Jun 9 12:04:13 2006 @@ -61,7 +61,9 @@ #include #include +#include #include +#include #include #include @@ -110,6 +112,9 @@ static struct inpcbhead divcb; static struct inpcbinfo divcbinfo; +static void divertintr(struct mbuf *m); +static struct ifqueue divertintrq; +static int div_intrqmax = IFQ_MAXLEN; /* was 50 */ static u_long div_sendspace = DIVSNDQ; /* XXX sysctl ? */ static u_long div_recvspace = DIVRCVQ; /* XXX sysctl ? */ @@ -132,6 +137,9 @@ div_init(void) divcbinfo.ipi_zone = uma_zcreate("divcb", sizeof(struct inpcb), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); uma_zone_set_max(divcbinfo.ipi_zone, maxsockets); + divertintrq.ifq_maxlen = div_intrqmax; + mtx_init(&divertintrq.ifq_mtx, "div_inq", NULL, MTX_DEF); + netisr_register(NETISR_DIVERT, divertintr, &divertintrq, 0); } /* @@ -262,6 +268,53 @@ divert_packet(struct mbuf *m, int incomi } } +void divert_enqueue(struct mbuf *m); +/* + * enqueue a packet for processing after netisr has been activated + */ +void +divert_enqueue(struct mbuf *m) +{ + struct socket *sa; + struct inpcb *inp; + u_int16_t nport; + struct m_tag *mtag; + + mtag = m_tag_find(m, PACKET_TAG_DIVERT, NULL); + if (mtag == NULL) { + printf("%s: no divert tag\n", __func__); + m_freem(m); + return; + } + + /* XXX Just checking if we even have a listenner. + * probably not safe to scan this list like this. + * as it could be in the middle of being fiddled. + */ + sa = NULL; + nport = htons((u_int16_t)divert_info(mtag)); + LIST_FOREACH(inp, &divcb, inp_list) { + if (inp->inp_lport == nport) { + sa = inp->inp_socket; + break; + } + } + if (sa == NULL) { + m_freem(m); + } else { + netisr_queue(NETISR_DIVERT, m); + } +} + +static void +divertintr(struct mbuf *m) +{ + if (m == 0 || (m->m_flags & M_PKTHDR) == 0) + panic("divertintr"); + + divert_packet(m, 1); +} + /* * Deliver packet back into the IP processing machinery. * @@ -674,6 +740,7 @@ div_modevent(module_t mod, int type, voi */ err = pf_proto_register(PF_INET, &div_protosw); ip_divert_ptr = divert_packet; + ip_divert_enqueue_ptr = divert_enqueue; break; case MOD_QUIESCE: /* @@ -703,7 +770,9 @@ div_modevent(module_t mod, int type, voi break; } ip_divert_ptr = NULL; + ip_divert_enqueue_ptr = NULL; err = pf_proto_unregister(PF_INET, IPPROTO_DIVERT, SOCK_RAW); + netisr_unregister(NETISR_DIVERT); INP_INFO_WUNLOCK(&divcbinfo); INP_INFO_LOCK_DESTROY(&divcbinfo); uma_zdestroy(divcbinfo.ipi_zone); Only in ./sys/netinet: ip_divert.c~ diff -upr ../src/sys/netinet/ip_divert.h ./sys/netinet/ip_divert.h --- ../src/sys/netinet/ip_divert.h Tue Oct 19 14:14:57 2004 +++ ./sys/netinet/ip_divert.h Fri Jun 9 11:21:06 2006 @@ -80,8 +80,10 @@ divert_find_info(struct mbuf *m) return mtag ? divert_info(mtag) : 0; } +typedef void ip_divert_packet_enqueue_t(struct mbuf *m); typedef void ip_divert_packet_t(struct mbuf *m, int incoming); extern ip_divert_packet_t *ip_divert_ptr; +extern ip_divert_packet_enqueue_t *ip_divert_enqueue_ptr; extern void div_init(void); extern void div_input(struct mbuf *, int); Only in ./sys/netinet: ip_divert.h~ diff -upr ../src/sys/netinet/ip_fw2.c ./sys/netinet/ip_fw2.c --- ../src/sys/netinet/ip_fw2.c Fri Jun 9 12:08:46 2006 +++ ./sys/netinet/ip_fw2.c Thu Jun 8 13:51:56 2006 @@ -3046,8 +3046,10 @@ check_body: case O_TEE: { struct divert_tag *dt; +#if 0 if (args->eh) /* not on layer 2 */ break; +#endif mtag = m_tag_get(PACKET_TAG_DIVERT, sizeof(struct divert_tag), M_NOWAIT); diff -upr ../src/sys/netinet/ip_fw_pfil.c ./sys/netinet/ip_fw_pfil.c --- ../src/sys/netinet/ip_fw_pfil.c Sat Feb 11 00:19:37 2006 +++ ./sys/netinet/ip_fw_pfil.c Fri Jun 9 12:06:31 2006 @@ -71,6 +71,7 @@ ip_dn_ruledel_t *ip_dn_ruledel_ptr = NUL /* Divert hooks. */ ip_divert_packet_t *ip_divert_ptr = NULL; +ip_divert_packet_enqueue_t *ip_divert_enqueue_ptr = NULL; /* ng_ipfw hooks. */ ng_ipfw_input_t *ng_ipfw_input_p = NULL; Only in ./sys/netinet: ip_fw_pfil.c~ --- sys/net/bridge.c.orig Tue Jun 13 13:29:27 2006 +++ sys/net/bridge.c Tue Jun 13 13:31:54 2006 @@ -854,8 +854,16 @@ bridge_in(struct ifnet *ifp, struct mbuf else dst = BDG_DROP; } else { - if (dst == ifp) - dst = BDG_DROP; + /* + * This is so that we can use a "half bridge" and not have + * packets discarded just because the destination is out the same + * interface. We only use this when we are firewalling it so the + * packet will get clobbered by the firewall anyhow before we send it. + */ + if (ifp2sc[ifp->if_index].cluster->ports > 1) { + if (dst == ifp) + dst = BDG_DROP; + } } DPRINTF(("%s: %6D ->%6D ty 0x%04x dst %s\n", __func__, eh->ether_shost, ".", --------------010107020001000001000102-- From owner-freebsd-net@FreeBSD.ORG Thu Jul 27 02:53:23 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C83E616A4DF for ; Thu, 27 Jul 2006 02:53:23 +0000 (UTC) (envelope-from Susan.Lan@zyxel.com.tw) Received: from zyadd226.zyxel.com.tw (zyadd226.zyxel.com.tw [61.222.65.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id A3B4B43D58 for ; Thu, 27 Jul 2006 02:53:21 +0000 (GMT) (envelope-from Susan.Lan@zyxel.com.tw) Received: from zytwbe01.zyxel.com ([172.23.5.10]) by smtp.zyxel.com.tw with InterScan Messaging Security Suite; Thu, 27 Jul 2006 11:01:42 +0800 Received: from zytwfe01.ZyXEL.com ([172.23.5.5]) by zytwbe01.zyxel.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 27 Jul 2006 10:53:17 +0800 Received: from [172.23.17.43] ([172.23.17.43]) by zytwfe01.ZyXEL.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 27 Jul 2006 10:53:17 +0800 Message-ID: <44C82AA4.30306@zyxel.com.tw> Date: Thu, 27 Jul 2006 10:53:24 +0800 From: Blue User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 27 Jul 2006 02:53:17.0157 (UTC) FILETIME=[CF9BC150:01C6B127] Subject: [FreeBSD-6.1Release]About the removal of route cache in PCB X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jul 2006 02:53:23 -0000 Hi, all: I am wondering why the FreeBSD-6.1 version removes the route cache in PCB (struct inpcbin in_pcb.h)? Does the removal do anything good? Or its existence would have potential problems? 'Cause in my opinion, the removal would only produce extra time when emitting a packet since the routing table lookup is unavoidable. So there's must be a good reason for the change. Best regards, blue From owner-freebsd-net@FreeBSD.ORG Thu Jul 27 08:11:38 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2A83D16A4DD for ; Thu, 27 Jul 2006 08:11:38 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7017943D46 for ; Thu, 27 Jul 2006 08:11:37 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 20756 invoked from network); 27 Jul 2006 08:04:18 -0000 Received: from c00l3r.networx.ch (HELO [127.0.0.1]) ([62.48.2.2]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 27 Jul 2006 08:04:18 -0000 Message-ID: <44C8753F.20905@freebsd.org> Date: Thu, 27 Jul 2006 10:11:43 +0200 From: Andre Oppermann User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: Blue References: <44C82AA4.30306@zyxel.com.tw> In-Reply-To: <44C82AA4.30306@zyxel.com.tw> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: [FreeBSD-6.1Release]About the removal of route cache in PCB X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jul 2006 08:11:38 -0000 Blue wrote: > Hi, all: > > I am wondering why the FreeBSD-6.1 version removes the route cache in > PCB (struct inpcbin in_pcb.h)? Does the removal do anything good? Or its > existence would have potential problems? 'Cause in my opinion, the > removal would only produce extra time when emitting a packet since the > routing table lookup is unavoidable. So there's must be a good reason > for the change. The routing table pointer was complicating the SMP locking of the kernel and had some other drawbacks. With the pointer route changes would not be picked up immediately but only when packets got lost and caused ICMP responses. And for that many full PCB table walks had to be done. Simplicity was chosen and the route pointer was removed. The tradeoff isn't really bad as for most hosts the routing table is really small containing only the default route and some ARP entries. A lookup there is pretty much always a cache only operation. Only the locking overhead for the routing table lookup adds in but we would have to do much of it anyway to increment the refcount on the rtentry to send the packet. On servers with many connections the routing table could get quite large because of all these cloned routes and consume valuable kernel memory. No more routes for PCB's are cloned after the change. -- Andre From owner-freebsd-net@FreeBSD.ORG Thu Jul 27 11:46:19 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 800F016A4E0; Thu, 27 Jul 2006 11:46:19 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id CFCE743D58; Thu, 27 Jul 2006 11:46:18 +0000 (GMT) (envelope-from max@love2party.net) Received: from [88.64.179.207] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu3) with ESMTP (Nemesis), id 0MKxQS-1G64Jj3hB2-0000mN; Thu, 27 Jul 2006 13:46:16 +0200 From: Max Laier Organization: FreeBSD To: freebsd-net@freebsd.org Date: Thu, 27 Jul 2006 13:46:04 +0200 User-Agent: KMail/1.9.3 References: <44C7B5E2.5080001@elischer.org> In-Reply-To: <44C7B5E2.5080001@elischer.org> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1236814.znXetffNDV"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200607271346.12491.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: andre@freebsd.org, Julian Elischer , "Christian S.J. Peron" Subject: Re: [patch] RFC: allow divert from layer 2 ipfw (e.g. bridge) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jul 2006 11:46:19 -0000 --nextPart1236814.znXetffNDV Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 26 July 2006 20:35, Julian Elischer wrote: > This code is running on quite a few systems but in a very limited > environment that may not test all possibilities.. > > Does anyone have comments or suggestions as to changes that I might make > for checkin into generic FreeBSD? It was originally written for 4.x but > with 6.x in mind. > It is now running on 6.1 and seems to be ok so far. > > Certainly I am interested in hearing from Robert and Luigi and I am > particularly interested in > what people think on how this will handle locking/SMP difficulies. Instead of putting more special processing to every L2-entry point in the=20 system, I'd prefer if we could finally get round to L2 pfil hooks. That=20 would make it much easier to add such functionality in a common hook functi= on=20 and use it everywhere. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1236814.znXetffNDV Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (FreeBSD) iD8DBQBEyKeEXyyEoT62BG0RAqQcAJsFwvbGzKXggkZyz2OmKrhvQGoPggCcC7Fn QVVsJ7s3g2ysGGThz+kuOWA= =vDRe -----END PGP SIGNATURE----- --nextPart1236814.znXetffNDV-- From owner-freebsd-net@FreeBSD.ORG Thu Jul 27 15:50:20 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 24EAE16A510 for ; Thu, 27 Jul 2006 15:50:19 +0000 (UTC) (envelope-from dionch@freemail.gr) Received: from smtp.freemail.gr (smtp.freemail.gr [81.171.104.107]) by mx1.FreeBSD.org (Postfix) with ESMTP id B26E543D79 for ; Thu, 27 Jul 2006 15:50:18 +0000 (GMT) (envelope-from dionch@freemail.gr) Received: by smtp.freemail.gr (Postfix, from userid 101) id 57226B79682; Thu, 27 Jul 2006 18:50:17 +0300 (EEST) Received: from CDION (unknown [62.38.9.197])by smtp.freemail.gr (Postfix) with ESMTP id A15F3A084A5; Thu, 27 Jul 2006 18:50:16 +0300 (EEST) Date: Thu, 27 Jul 2006 18:49:59 +0300 From: Chris Dionissopoulos X-Mailer: The Bat! (v3.80.06) Professional X-Priority: 3 (Normal) Message-ID: <8210225344.20060727184959@freemail.gr> To: Luigi Rizzo In-Reply-To: <20060726091619.A99336@xorpc.icir.org> References: <20060726071232.A96367@xorpc.icir.org> <563361368.20060726190713@freemail.gr> <20060726091619.A99336@xorpc.icir.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: net@freebsd.org Subject: Re[2]: multiple DSL modems and pppoe sessions on the same ethernet ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Chris Dionissopoulos List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jul 2006 15:50:20 -0000 Hello Luigi, Wednesday, July 26, 2006, 7:16:19 PM, you wrote: >> > >> > ------+--------------+--------------+--------------+----- >> > | | | | >> > +-[modem1] +-[modem2] +-[modem3] +-[FreeBSD/ppp] >> > DSL#1 DSL#2 DSL#3 > ... >> if your switch supports vlan and 802.1q encapsulation, you would create > it doesn't so not applicable. >> another approach is to use 3 ng_ether interfaces with custom mac >> addresses defined and linked to the same ng_bridge node with physical: > hmmm, i think this won't work either, because each PADI > frame will reach all modems so i cannot differentiate > among the replies. As long as pppoe PADI(*) using broadcast mac (ff:ff:ff:ff:ff:ff) as destination there is no solution to distinguish them using a single broadcast domain(=LAN) (only one broadcast addr for each broadcast domain). How about to patch this netgraph node? http://venus.wsb-nlu.edu.pl/~dlupinsk/ng_mangle/ Adding a "dstmac" argument which changes destination mac for each transmitted packet, makes you free to use 3 mangled ng_ether(4) virtual nics in your ppp.conf. If it doesn't breaks anything (pppoe standart) it will work. right? And off course, using 3 physicals cross linked to each modem is the (obvious) solution. (*) http://en.wikipedia.org/wiki/Pppoe#PADI -- Best regards, Chris mailto:dionch@freemail.gr ____________________________________________________________________ http://www.freemail.gr - δωρεάν υπηρεσία ηλεκτρονικού ταχυδρομείου. http://www.freemail.gr - free email service for the Greek-speaking. From owner-freebsd-net@FreeBSD.ORG Thu Jul 27 16:22:26 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 39C8016A4DD for ; Thu, 27 Jul 2006 16:22:26 +0000 (UTC) (envelope-from m.oe@x-trader.de) Received: from qhmail2.colt1.inetserver.de (qhmail2.colt1.inetserver.de [195.234.228.78]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9389943D58 for ; Thu, 27 Jul 2006 16:22:25 +0000 (GMT) (envelope-from m.oe@x-trader.de) Received: from qhmx2-mailrouter.colt1.inetserver.de (qhmx2.colt1.inetserver.de [195.234.228.112]) by qhmail2.colt1.inetserver.de (Postfix) with ESMTP id CAF1CB724 for ; Thu, 27 Jul 2006 18:22:23 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by qhmx2-mailrouter.colt1.inetserver.de (Postfix) with ESMTP id A78793C3B0 for ; Thu, 27 Jul 2006 18:22:23 +0200 (CEST) Received: from qhmx2.colt1.inetserver.de ([127.0.0.1]) by localhost (qhmx2.colt1.inetserver.de [127.0.0.1]) (amavisd-new, port 10023) with LMTP id 31203-06-2 for ; Thu, 27 Jul 2006 18:22:23 +0200 (CEST) X-Auth-User: markus@x-trader.de Received: from [192.168.100.100] (pD95FF6A7.dip.t-dialin.net [217.95.246.167]) by qhmx2-custsmtp.colt1.inetserver.de (Postfix) with ESMTP id 5FB86B479B for ; Thu, 27 Jul 2006 18:22:22 +0200 (CEST) Message-ID: <44C8E83F.3050706@x-trader.de> Date: Thu, 27 Jul 2006 18:22:23 +0200 From: Markus Oestreicher User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at colt1.inetserver.de Subject: em improvements in 6.2? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jul 2006 16:22:26 -0000 Good Day, Is planned to MFC the changes made to em(4) in January (taskqueue, adaptive polling) for 6.2-RELEASE? Thanks Markus From owner-freebsd-net@FreeBSD.ORG Thu Jul 27 20:30:44 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA9D916A5B5 for ; Thu, 27 Jul 2006 20:30:44 +0000 (UTC) (envelope-from csjp@FreeBSD.org) Received: from ems01.seccuris.com (ems01.seccuris.com [204.112.0.35]) by mx1.FreeBSD.org (Postfix) with SMTP id BA8B643D49 for ; Thu, 27 Jul 2006 20:30:41 +0000 (GMT) (envelope-from csjp@FreeBSD.org) Received: (qmail 15865 invoked by uid 86); 27 Jul 2006 20:43:07 -0000 Received: from unknown (HELO ?127.0.0.1?) (204.112.0.40) by ems01.seccuris.com with SMTP; 27 Jul 2006 20:43:07 -0000 Message-ID: <44C92278.5000901@FreeBSD.org> Date: Thu, 27 Jul 2006 15:30:48 -0500 From: "Christian S.J. Peron" User-Agent: Thunderbird 1.5.0.4 (Macintosh/20060530) MIME-Version: 1.0 To: Max Laier References: <44C7B5E2.5080001@elischer.org> <200607271346.12491.max@love2party.net> In-Reply-To: <200607271346.12491.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, andre@freebsd.org, Julian Elischer Subject: Re: [patch] RFC: allow divert from layer 2 ipfw (e.g. bridge) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jul 2006 20:30:44 -0000 Max Laier wrote: > On Wednesday 26 July 2006 20:35, Julian Elischer wrote: > >> This code is running on quite a few systems but in a very limited >> environment that may not test all possibilities.. >> >> Does anyone have comments or suggestions as to changes that I might make >> for checkin into generic FreeBSD? It was originally written for 4.x but >> with 6.x in mind. >> It is now running on 6.1 and seems to be ok so far. >> >> Certainly I am interested in hearing from Robert and Luigi and I am >> particularly interested in >> what people think on how this will handle locking/SMP difficulies. >> > > Instead of putting more special processing to every L2-entry point in the > system, I'd prefer if we could finally get round to L2 pfil hooks. That > would make it much easier to add such functionality in a common hook function > and use it everywhere. > > I agree with Max here, I think it's time we look at getting together pfil hooks for layer 2. I would be interested in doing the leg work here if you guys are willing to review it. -- Christian S.J. Peron csjp@FreeBSD.ORG FreeBSD Committer FreeBSD Security Team From owner-freebsd-net@FreeBSD.ORG Thu Jul 27 21:46:15 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 37C3316A50A; Thu, 27 Jul 2006 21:46:15 +0000 (UTC) (envelope-from prvs=julian=356e8a28d@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id D8EBE43D49; Thu, 27 Jul 2006 21:46:14 +0000 (GMT) (envelope-from prvs=julian=356e8a28d@elischer.org) Received: from unknown (HELO [192.168.2.4]) ([10.251.60.53]) by a50.ironport.com with ESMTP; 27 Jul 2006 14:46:15 -0700 Message-ID: <44C93425.60001@elischer.org> Date: Thu, 27 Jul 2006 14:46:13 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Christian S.J. Peron" References: <44C7B5E2.5080001@elischer.org> <200607271346.12491.max@love2party.net> <44C92278.5000901@FreeBSD.org> In-Reply-To: <44C92278.5000901@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Max Laier , andre@FreeBSD.org, freebsd-net@FreeBSD.org Subject: Re: [patch] RFC: allow divert from layer 2 ipfw (e.g. bridge) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jul 2006 21:46:15 -0000 Christian S.J. Peron wrote: > Max Laier wrote: > >> On Wednesday 26 July 2006 20:35, Julian Elischer wrote: >> >> >>> This code is running on quite a few systems but in a very limited >>> environment that may not test all possibilities.. >>> >>> Does anyone have comments or suggestions as to changes that I might >>> make >>> for checkin into generic FreeBSD? It was originally written for 4.x but >>> with 6.x in mind. >>> It is now running on 6.1 and seems to be ok so far. >>> >>> Certainly I am interested in hearing from Robert and Luigi and I am >>> particularly interested in >>> what people think on how this will handle locking/SMP difficulies. >>> >> >> >> Instead of putting more special processing to every L2-entry point in >> the system, I'd prefer if we could finally get round to L2 pfil >> hooks. That would make it much easier to add such functionality in a >> common hook function and use it everywhere. >> >> > > I agree with Max here, I think it's time we look at getting together > pfil hooks for layer 2. I would be interested in doing the leg work > here if you guys are willing to review it. > The divert code changes are sort-of irrelevant to this discussion. it adds an ISR to handle divert input from L2. From owner-freebsd-net@FreeBSD.ORG Thu Jul 27 22:06:14 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C79516A4DA; Thu, 27 Jul 2006 22:06:14 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id 79F0743D49; Thu, 27 Jul 2006 22:06:13 +0000 (GMT) (envelope-from max@love2party.net) Received: from [88.64.188.213] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis), id 0MKwtQ-1G6Dzf3bsZ-00053M; Fri, 28 Jul 2006 00:06:12 +0200 From: Max Laier Organization: FreeBSD To: freebsd-net@freebsd.org Date: Fri, 28 Jul 2006 00:06:04 +0200 User-Agent: KMail/1.9.3 References: <44C7B5E2.5080001@elischer.org> <44C92278.5000901@FreeBSD.org> <44C93425.60001@elischer.org> In-Reply-To: <44C93425.60001@elischer.org> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3585932.ycM77z0gHq"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200607280006.11151.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: andre@freebsd.org, Julian Elischer , "Christian S.J. Peron" Subject: Re: [patch] RFC: allow divert from layer 2 ipfw (e.g. bridge) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jul 2006 22:06:14 -0000 --nextPart3585932.ycM77z0gHq Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 27 July 2006 23:46, Julian Elischer wrote: > Christian S.J. Peron wrote: > > Max Laier wrote: > >> On Wednesday 26 July 2006 20:35, Julian Elischer wrote: > >>> This code is running on quite a few systems but in a very limited > >>> environment that may not test all possibilities.. > >>> > >>> Does anyone have comments or suggestions as to changes that I might > >>> make > >>> for checkin into generic FreeBSD? It was originally written for 4.x b= ut > >>> with 6.x in mind. > >>> It is now running on 6.1 and seems to be ok so far. > >>> > >>> Certainly I am interested in hearing from Robert and Luigi and I am > >>> particularly interested in > >>> what people think on how this will handle locking/SMP difficulies. > >> > >> Instead of putting more special processing to every L2-entry point in > >> the system, I'd prefer if we could finally get round to L2 pfil > >> hooks. That would make it much easier to add such functionality in a > >> common hook function and use it everywhere. > > > > I agree with Max here, I think it's time we look at getting together > > pfil hooks for layer 2. I would be interested in doing the leg work > > here if you guys are willing to review it. > > The divert code changes are sort-of irrelevant to this discussion. > it adds an ISR to handle divert input from L2. I was referring to the changes in bdg_forward() and ether_output_frame() wh= ich=20 could as well be placed inside a L2-hook inside ip_fw_pfil.c (where they=20 belong IMHO). We went through great length to clean the ip_input/output pa= th=20 off the IPFW/DIVERT entanglement. I don't think we should create the=20 same "mess" in L2 now, just to clean it up later. That said, I'm not opposed against L2 divert or anything. I just wanted to= =20 remind everybody about the plan of L2-pfil hooks that we talked about in th= e=20 past. I would love to see this happen prior the divert changes. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart3585932.ycM77z0gHq Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (FreeBSD) iD8DBQBEyTjTXyyEoT62BG0RAmqoAJ9I5WX1bTRawKTCik5lcMyMElt48gCfYePX s/uHfbvSN6YXnQpWzoqRfPI= =YEk2 -----END PGP SIGNATURE----- --nextPart3585932.ycM77z0gHq-- From owner-freebsd-net@FreeBSD.ORG Fri Jul 28 04:17:11 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F84D16A4DE for ; Fri, 28 Jul 2006 04:17:11 +0000 (UTC) (envelope-from fooler@skyinet.net) Received: from smtp2.skyinet.net (smtp2.skyinet.net [202.78.97.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F66043D45 for ; Fri, 28 Jul 2006 04:17:10 +0000 (GMT) (envelope-from fooler@skyinet.net) Received: from fooler (fooler.ilo.skyinet.net [202.78.118.66]) by smtp2.skyinet.net (Postfix) with SMTP id 5BCAD5BA52; Fri, 28 Jul 2006 12:17:02 +0800 (PHT) Message-ID: <06a801c6b1fc$bcc83470$42764eca@ilo.skyinet.net> From: "fooler" To: "Luigi Rizzo" , References: <20060726071232.A96367@xorpc.icir.org> Date: Fri, 28 Jul 2006 12:17:22 +0800 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Cc: Subject: Re: multiple DSL modems and pppoe sessions on the same ethernet ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jul 2006 04:17:11 -0000 ----- Original Message ----- From: "Luigi Rizzo" To: Sent: Wednesday, July 26, 2006 10:12 PM Subject: multiple DSL modems and pppoe sessions on the same ethernet ? > hi, > i am trying to run, on a single FreeBSD box, multiple (3 in my case) > pppoe instances talking to as many DSL modems on the same ethernet cable > > ------+--------------+--------------+--------------+----- > | | | | > +-[modem1] +-[modem2] +-[modem3] +-[FreeBSD/ppp] > DSL#1 DSL#2 DSL#3 > > Ideally, in /etc/ppp/ppp.conf i can write something like > > modem1: > set device PPPoE:rl0:dsl1 > ... > > modem2: > set device PPPoE:rl0:dsl2 > ... > > modem3: > set device PPPoE:rl0:dsl3 > ... > > and the PPPoE spec (RFC2516) says this should work as long as each > DSL line has a different 'service name' (tag 0x101 in the packet). > > The problem is, my provider does not provide specific service names, > but it will accept anything i supply. So when i run the three ppp > instances, > they will all match, and the code in ng_pppoe.c will happily take the > first reply as good. > > The only approach left is then implement some form of MAC filtering, > e.g. overloading the 'service name' to specify the mac address of the > modem i am interested in. > There is a couple of ways to implement this, one is patching the > receive path (ng_pppoe_rcvdata(), case PADO_CODE) to filter replies > based on the source mac address, and the other one is to patch > the code transmitting the PADI packet to replace the broadcast > dst address with the unicast MAC taken from the "service name". > > Any better ideas ? hello luigi, have you considered pado's ac-name tag return? according to rfc2516 section 5.2... the pado packet MUST contain one ac-name tag containing the access concentrator's name... fooler. From owner-freebsd-net@FreeBSD.ORG Fri Jul 28 07:32:49 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 869E116A4DA for ; Fri, 28 Jul 2006 07:32:49 +0000 (UTC) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4779543D72 for ; Fri, 28 Jul 2006 07:32:48 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.12.11) with ESMTP id k6S7WmLr026251; Fri, 28 Jul 2006 00:32:48 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id k6S7WmBV026250; Fri, 28 Jul 2006 00:32:48 -0700 (PDT) (envelope-from rizzo) Date: Fri, 28 Jul 2006 00:32:48 -0700 From: Luigi Rizzo To: fooler Message-ID: <20060728003248.A26219@xorpc.icir.org> References: <20060726071232.A96367@xorpc.icir.org> <06a801c6b1fc$bcc83470$42764eca@ilo.skyinet.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <06a801c6b1fc$bcc83470$42764eca@ilo.skyinet.net>; from fooler@skyinet.net on Fri, Jul 28, 2006 at 12:17:22PM +0800 Cc: net@freebsd.org Subject: Re: multiple DSL modems and pppoe sessions on the same ethernet ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jul 2006 07:32:49 -0000 On Fri, Jul 28, 2006 at 12:17:22PM +0800, fooler wrote: > ----- Original Message ----- > From: "Luigi Rizzo" > To: > Sent: Wednesday, July 26, 2006 10:12 PM > Subject: multiple DSL modems and pppoe sessions on the same ethernet ? ... > hello luigi, > > have you considered pado's ac-name tag return? according to rfc2516 > section 5.2... the pado packet MUST contain one ac-name tag containing the > access concentrator's name... yes but i am afraid that all lines may carry the same ac-name so that won't help to tell one from another... cheers luigi From owner-freebsd-net@FreeBSD.ORG Fri Jul 28 14:01:51 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 88BEE16A4DA for ; Fri, 28 Jul 2006 14:01:51 +0000 (UTC) (envelope-from rrs@cisco.com) Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id A2F4F43D53 for ; Fri, 28 Jul 2006 14:01:50 +0000 (GMT) (envelope-from rrs@cisco.com) Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-6.cisco.com with ESMTP; 28 Jul 2006 07:01:50 -0700 Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-4.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k6SE1o06004450 for ; Fri, 28 Jul 2006 07:01:50 -0700 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k6SE1o2J017491 for ; Fri, 28 Jul 2006 07:01:50 -0700 (PDT) Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 28 Jul 2006 07:01:47 -0700 Received: from [127.0.0.1] ([171.68.225.134]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 28 Jul 2006 07:01:47 -0700 Message-ID: <44CA18D3.1060303@cisco.com> Date: Fri, 28 Jul 2006 10:01:55 -0400 From: Randall Stewart User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20060223 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 28 Jul 2006 14:01:47.0566 (UTC) FILETIME=[5DB034E0:01C6B24E] DKIM-Signature: a=rsa-sha1; q=dns; l=612; t=1154095310; x=1154959310; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rrs@cisco.com; z=From:Randall=20Stewart=20 |Subject:Netgear=20GA511; X=v=3Dcisco.com=3B=20h=3DNgo1neg6VMNQIvemK2vCqFJJTpw=3D; b=IxdD8Gw8LOLhnV1Z1hLRvA+Ighw3zds/p9jXGbdH/bJnjFGhAcm3MpmIq/F+bpmkcq0ExNeq 6zVCWzSp9eCX5Qz2Dru4afP33TM7UkErf2eBID94bViIIWgBIfzGc1Zw; Authentication-Results: sj-dkim-4.cisco.com; header.From=rrs@cisco.com; dkim=pass ( sig from cisco.com verified; ); Subject: Netgear GA511 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jul 2006 14:01:51 -0000 Anyone gotten a netgear ga511 (gig-e cardbus card) to work... I get: -------------- re0: port 0x4000-0x40ff mem 0xc0205000-0xc02051ff at device 0.0 on cardbus0 : PHY read failed re0: MII without any phy! device_attach: re0 attach returned 6 -------------- Every time I try it.. I have not dug in any to see whats going on.... And if someone knows of a Gig-E cardbus card that works.. I would gladly go purchase that instead :-D Thanks R -- Randall Stewart NSSTG - Cisco Systems Inc. 803-345-0369 815-342-5222 (cell) From owner-freebsd-net@FreeBSD.ORG Fri Jul 28 16:00:00 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B4CE16A51F for ; Fri, 28 Jul 2006 16:00:00 +0000 (UTC) (envelope-from rnsanchez@gmail.com) Received: from wx-out-0102.google.com (wx-out-0102.google.com [66.249.82.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C5AC43D5F for ; Fri, 28 Jul 2006 15:59:53 +0000 (GMT) (envelope-from rnsanchez@gmail.com) Received: by wx-out-0102.google.com with SMTP id i26so1455669wxd for ; Fri, 28 Jul 2006 08:59:52 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:to:subject:message-id:in-reply-to:references:x-mailer:mime-version:content-type:content-transfer-encoding; b=R1RA6c4WQwNnnoA2akB3cmEvw/r4CEPxPRLE21ZRFkJXAyRImnZ8IyJO9d/uMMpTWDuE8zNmPyw1B7+wzlx2sI0bdsT4T0ar/i2Z4mry1FHgAIgbMTK2ZH/f/3/90NjW/R9c1+Nso9vKayZDZImsmhh2h0HnYzRIuNr3L+7TbnQ= Received: by 10.70.18.11 with SMTP id 11mr2571881wxr; Fri, 28 Jul 2006 08:59:52 -0700 (PDT) Received: from sauron.lan.box ( [200.180.164.142]) by mx.gmail.com with ESMTP id h39sm7293230wxd.2006.07.28.08.59.51; Fri, 28 Jul 2006 08:59:52 -0700 (PDT) Date: Fri, 28 Jul 2006 12:59:37 -0300 From: Ricardo Nabinger Sanchez To: freebsd-net@freebsd.org Message-Id: <20060728125937.86e92d65.rnsanchez@gmail.com> In-Reply-To: <44CA18D3.1060303@cisco.com> References: <44CA18D3.1060303@cisco.com> X-Mailer: Sylpheed version 2.2.6 (GTK+ 2.8.20; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Netgear GA511 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jul 2006 16:00:00 -0000 Quoting Randall Stewart Sent on Fri, 28 Jul 2006 10:01:55 -0400 > Anyone gotten a netgear ga511 (gig-e cardbus card) to > work... I have a: re0@pci0:11:0: class=0x020000 card=0x311a1385 chip=0x816910ec rev=0x10 hdr=0x00 vendor = 'Realtek Semiconductor' device = 'RTL8169 Gigabit Ethernet Adapter' class = network subclass = ethernet Which is a GA511 too, and it also doesn't work, but I get this message as long as the interface is up or trying to get up, with 2-3 seconds interval: re0: link state changed to DOWN re0: 2 link states coalesced The NIC works, as it was being used on a Linux box and a couple of times with a winxp box, without any issues. ifconfig also reports it as "no carrier", and the leds on my switch for it doesn't light up. sometimes it just work, often not, right after the interface configuration step during boot. I found a PR somewhat related to this issue, but can't find it now. My solution was to use my onboard NIC (a via rhine ii), instead. -- Ricardo Nabinger Sanchez Powered by FreeBSD "Left to themselves, things tend to go from bad to worse." From owner-freebsd-net@FreeBSD.ORG Fri Jul 28 18:56:21 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2A20516A4DE for ; Fri, 28 Jul 2006 18:56:21 +0000 (UTC) (envelope-from rrs@cisco.com) Received: from sj-iport-2.cisco.com (sj-iport-2-in.cisco.com [171.71.176.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id 227E643D76 for ; Fri, 28 Jul 2006 18:56:09 +0000 (GMT) (envelope-from rrs@cisco.com) Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-2.cisco.com with ESMTP; 28 Jul 2006 11:56:09 -0700 X-IronPort-AV: i="4.07,193,1151910000"; d="scan'208"; a="332356238:sNHT26549292" Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-1.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k6SIu9Ol005324; Fri, 28 Jul 2006 11:56:09 -0700 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id k6SIu9Yr013829; Fri, 28 Jul 2006 11:56:09 -0700 (PDT) Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 28 Jul 2006 11:56:09 -0700 Received: from [127.0.0.1] ([171.68.225.134]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 28 Jul 2006 11:56:09 -0700 Message-ID: <44CA5DD1.6030102@cisco.com> Date: Fri, 28 Jul 2006 14:56:17 -0400 From: Randall Stewart User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20060223 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ricardo Nabinger Sanchez References: <44CA18D3.1060303@cisco.com> <20060728125937.86e92d65.rnsanchez@gmail.com> In-Reply-To: <20060728125937.86e92d65.rnsanchez@gmail.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 28 Jul 2006 18:56:09.0117 (UTC) FILETIME=[7CCB04D0:01C6B277] DKIM-Signature: a=rsa-sha1; q=dns; l=1491; t=1154112969; x=1154976969; c=relaxed/simple; s=sjdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rrs@cisco.com; z=From:Randall=20Stewart=20 |Subject:Re=3A=20Netgear=20GA511; X=v=3Dcisco.com=3B=20h=3DFvA57CxAdDbXVRf728mhnysqxyU=3D; b=Ov9N5h7wYhgyQb/HsWP4ENMYGXO4qk0auAaKitZBnznyuJgkdW7PHwZbpvQjSeJdoKGjEU/0 1EEUifZYGeDoafC6uHdSRlBefNPIbGM44iU1a/p6eE1QoXStcy9pYOSu; Authentication-Results: sj-dkim-1.cisco.com; header.From=rrs@cisco.com; dkim=pass ( sig from cisco.com verified; ); Cc: freebsd-net@freebsd.org Subject: Re: Netgear GA511 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jul 2006 18:56:21 -0000 Ricardo: That does not help me since I am on a laptop :-0 However... I just tried the Evil project's ndis driver.. and that works.. so I have a working card now .. don't know how good the performance will be but I don't care :-D R Ricardo Nabinger Sanchez wrote: > Quoting Randall Stewart > Sent on Fri, 28 Jul 2006 10:01:55 -0400 > > >>Anyone gotten a netgear ga511 (gig-e cardbus card) to >>work... > > > I have a: > > re0@pci0:11:0: class=0x020000 card=0x311a1385 chip=0x816910ec rev=0x10 > hdr=0x00 vendor = 'Realtek Semiconductor' > device = 'RTL8169 Gigabit Ethernet Adapter' > class = network > subclass = ethernet > > Which is a GA511 too, and it also doesn't work, but I get this message as > long as the interface is up or trying to get up, with 2-3 seconds interval: > > re0: link state changed to DOWN > re0: 2 link states coalesced > > The NIC works, as it was being used on a Linux box and a couple of times > with a winxp box, without any issues. > > ifconfig also reports it as "no carrier", and the leds on my switch for it > doesn't light up. sometimes it just work, often not, right after the > interface configuration step during boot. I found a PR somewhat related to > this issue, but can't find it now. > > My solution was to use my onboard NIC (a via rhine ii), instead. > -- Randall Stewart NSSTG - Cisco Systems Inc. 803-345-0369 815-342-5222 (cell) From owner-freebsd-net@FreeBSD.ORG Fri Jul 28 19:11:44 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 83D5E16A4DF for ; Fri, 28 Jul 2006 19:11:44 +0000 (UTC) (envelope-from rrs@cisco.com) Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C42543D4C for ; Fri, 28 Jul 2006 19:11:43 +0000 (GMT) (envelope-from rrs@cisco.com) Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-6.cisco.com with ESMTP; 28 Jul 2006 12:11:42 -0700 Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-3.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k6SJBgFU031993; Fri, 28 Jul 2006 12:11:42 -0700 Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id k6SJBbYx027363; Fri, 28 Jul 2006 12:11:42 -0700 (PDT) Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Fri, 28 Jul 2006 12:11:41 -0700 Received: from [127.0.0.1] ([171.68.225.134]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 28 Jul 2006 12:11:41 -0700 Message-ID: <44CA6175.80103@cisco.com> Date: Fri, 28 Jul 2006 15:11:49 -0400 From: Randall Stewart User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20060223 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Pawel Worach References: <44BB7A92.9080008@cisco.com> <44BE34E2.7070603@cisco.com> <44C6549B.8080407@cisco.com> <44C67E25.7050706@gmail.com> In-Reply-To: <44C67E25.7050706@gmail.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 28 Jul 2006 19:11:41.0419 (UTC) FILETIME=[A87D03B0:01C6B279] DKIM-Signature: a=rsa-sha1; q=dns; l=11320; t=1154113902; x=1154977902; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rrs@cisco.com; z=From:Randall=20Stewart=20 |Subject:Re=3A=20SCTP; X=v=3Dcisco.com=3B=20h=3DeFwn8yHouLxYzxwWS0cbAORTlr0=3D; b=IklxwxpIdnFMwsnnwBL/0n0d4NL5sLtgXiWdp2cVTygiSSRp/12KGNF2PFuDPI1cqJQTAcBk 4XTkM+/l23+txvThtKo0KPWfI8P2EDrqiEKBYpqcPdz1jvUgyV9/wuDQ; Authentication-Results: sj-dkim-3.cisco.com; header.From=rrs@cisco.com; dkim=pass ( sig from cisco.com verified; ); Cc: freebsd-net@freebsd.org Subject: Re: SCTP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jul 2006 19:11:44 -0000 Suggestion.. Please take off INVARIANTS_SCTP... I am really going to yank this out.. it is old and it interferes with me seeing where the swi:net thread got the lock on the tcb.... its obvious where.. but it still is not useful anymore... I wills trip all that code out very soon now :-D Now as to whats going on... hmm. It looks like NPsctp is locked on the socketbuf for read.. this should fall it down to the sbwait(&so->so_rcv) At line 4071 or so... And if I remember right, sbwait should have released the lock and wait for more data to arrive... now that has just a couple of checks.. unless there is data to read.. then it would read it in and then give up the socket buf lock to set the rwnd.. (getting the TCB lock .. which is held by the swi: net). Now swi: net is appending a message to be read.. it has the TCB lock.. and is going to grab the sockbuf lock (its probably waiting for it).. This puzzles me... since if NPsctp did go via the sbwait() it should not be holding the socket buffer lock.. and if it had data to read.. it should read in the data to user space and release the socket buf lock... hmm. Can you, next time this happens, go look at the sctp ep.. and see if there is something in the read queue... I can provide you instructions off-line.. or if you want you can do-a-dump and push it up to stewart.chicago.il.us and (with a kernel).. and assuming you are using the same src tree you already pushed there.. I will go poke around in ti for you.. Let me know.. R Pawel Worach wrote: > Another interesting thing, I did see this before as well. > > System freezes in the middle of a NPsctp run. This does not happen when > I run over loopback but occasionally when run over crossover network. > > I enabled WITNESS, INVARIANTS and INVARIANTS_SCTP, no complains from any > of them. > > I can break to ddb and here is some random debugging. I also have a > manual dump of this. > > db> ps > pid uid ppid pgrp state wmesg wchan cmd > 1077 0 1002 1077 R+ NPsctp > 1008 0 835 835 S pause 0xc2757034 ntpd > 1002 0 998 1002 S+ pause 0xc2703904 csh > 1001 0 1 1001 Ss+ ttyin 0xc25cd410 getty > 1000 0 1 1000 Ss+ ttyin 0xc25cd010 getty > 999 0 1 999 Ss+ ttyin 0xc25ce010 getty > 998 0 1 998 Ss+ wait 0xc2574d38 login > 917 0 1 917 Ss nanslp 0xc07c1784 cron > 906 0 1 906 Ss select 0xc080b04c sshd > 842 0 1 842 Ss select 0xc080b04c powerd > 835 0 1 835 Ss select 0xc080b04c ntpd > 761 0 0 0 SL mdwait 0xc282b800 [md0] > 718 0 1 718 Ss select 0xc080b04c syslogd > 617 0 1 617 Ss select 0xc080b04c devd > 174 0 1 174 Ss pause 0xc2703d6c adjkerntz > 46 0 0 0 SL geli:w 0xc26f7c00 [g_eli[0] ad0s2d] > 45 0 0 0 SL - 0xd480dcf8 [schedcpu] > 44 0 0 0 SL sdflush 0xc08164ec [softdepflush] > 43 0 0 0 SL syncer 0xc07c154c [syncer] > --More-- 42 0 0 0 SL vlruwt 0xc27018d0 [vnlru] > 41 0 0 0 SL psleep 0xc080b4d4 [bufdaemon] > 40 0 0 0 SL pollid 0xc07c0c18 [idlepoll] > 39 0 0 0 SL pgzero 0xc081ee30 [pagezero] > 38 0 0 0 SL psleep 0xc0816d60 [vmdaemon] > 37 0 0 0 SL psleep 0xc0816d20 [pagedaemon] > 36 0 0 0 WL [swi0: sio] > 35 0 0 0 WL [irq12: psm0] > 34 0 0 0 RL CPU 0 [irq1: atkbd0] > 33 0 0 0 SL cooling 0xc257acd4 [acpi_cooling0] > 32 0 0 0 SL tzpoll 0xc09d6520 [acpi_thermal] > 31 0 0 0 WL [irq15: ata1] > 30 0 0 0 WL [irq14: ata0] > 29 0 0 0 SL - 0xc2578080 [ath0 taskq] > 28 0 0 0 SL usbevt 0xc24e9a10 [usb3] > 27 0 0 0 SL usbevt 0xc2567210 [usb2] > 26 0 0 0 SL usbevt 0xc2552210 [usb1] > 25 0 0 0 SL usbtsk 0xc07bece4 [usbtask] > 24 0 0 0 SL usbevt 0xc24fa210 [usb0] > 23 0 0 0 WL [irq11: pcm0 em0++*] > --More-- 22 0 0 0 WL [irq9: acpi0] > 21 0 0 0 WL [swi2: cambio] > 20 0 0 0 SL - 0xc24f6400 [acpi_task_2] > 19 0 0 0 SL - 0xc24f6400 [acpi_task_1] > 9 0 0 0 SL - 0xc24f6400 [acpi_task_0] > 8 0 0 0 SL - 0xc24f6500 [kqueue taskq] > 18 0 0 0 WL [swi5: +] > 7 0 0 0 SL - 0xc2463480 [thread taskq] > 17 0 0 0 WL [swi6: Giant taskq] > 16 0 0 0 WL [swi6: task queue] > 15 0 0 0 SL seqstate 0xc245fc54 [sequencer 00] > 14 0 0 0 SL - 0xc07be580 [yarrow] > 6 0 0 0 SL - 0xc07bf03c [g_down] > 5 0 0 0 SL - 0xc07bf038 [g_up] > 4 0 0 0 SL - 0xc07bf030 [g_event] > 3 0 0 0 SL crypto_r 0xc0816254 [crypto returns] > 2 0 0 0 SL crypto_w 0xc081622c [crypto] > 13 0 0 0 WL [swi3: vm] > 12 0 0 0 RL [swi4: clock sio] > 11 0 0 0 LL *so_rcv 0xc2466140 [swi1: net] > --More-- 10 0 0 0 RL [idle] > 1 0 0 1 SLs wait 0xc246a000 [init] > 0 0 0 0 WLs [swapper] > db> show alllocks > Process 1077 (NPsctp) thread 0xc25706c0 (100038) > exclusive sleep mutex so_rcv r = 0 (0xc2780458) locked @ > /usr/src/sys/netinet/sctputil.c:4042 > Process 34 (irq1: atkbd0) thread 0xc246b6c0 (100031) > exclusive sleep mutex Giant r = 0 (0xc07c0b08) locked @ > /usr/src/sys/kern/kern_intr.c:661 > Process 11 (swi1: net) thread 0xc24656c0 (100005) > exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xc29a5498) locked @ > /usr/src/sys/netinet/sctp_pcb.c:191 > db> tr 1077 > Tracing pid 1077 tid 100038 td 0xc25706c0 > sched_switch(c25706c0,c246b6c0,6,158,417a95,...) at sched_switch+0x1a0 > mi_switch(6,c246b6c0,c07563d7,290,c246b850,...) at mi_switch+0x306 > maybe_preempt(c246b6c0,1,c075626f,4ab,c2468360,...) at maybe_preempt+0x1f0 > sched_add(c246b6c0,4,c07563d7,1f4,c2462c80,...) at sched_add+0x97 > setrunqueue(c246b6c0,4,c0751b05,211,d488092c,...) at setrunqueue+0xd9 > intr_event_schedule_thread(c2462c80,0,d4880958,1,c25706c0,...) at > intr_event_schedule_thread+0x116 > intr_execute_handlers(c07b614c,d4880984,38,c0758c54,c29ab5d8,...) at > intr_execute_handlers+0x14a > atpic_handle_intr(1) at atpic_handle_intr+0xcf > Xatpic_intr1() at Xatpic_intr1+0x20 > --- interrupt, eip = 0xc05fae33, esp = 0xd48809c4, ebp = 0xd4880a34 --- > sctp_sorecvmsg(c27803e4,d4880c5c,0,0,0,...) at sctp_sorecvmsg+0x183 > sctp_soreceive(c27803e4,0,d4880c5c,0,0,...) at sctp_soreceive+0x9b > soreceive(c27803e4,0,d4880c5c,0,0,...) at soreceive+0x53 > soo_read(c272ec60,d4880c5c,c28d9400,0,c25706c0,...) at soo_read+0x6f > dofileread(c25706c0,3,c272ec60,d4880c5c,ffffffff,...) at dofileread+0xa7 > kern_readv(c25706c0,3,d4880c5c,82945ac,2a51,...) at kern_readv+0x60 > read(c25706c0,d4880d04,c,444,c257469c,...) at read+0x4f > syscall(bfbf003b,829003b,bfbc003b,bfbfe8d0,82945ac,...) at syscall+0x313 > Xint0x80_syscall() at Xint0x80_syscall+0x1f > --More-- --- syscall (3, FreeBSD ELF32, read), eip = 0x28168887, > esp = 0xbfbbfffc, ebp = 0xbfbc0028 --- > db> tr 11 > Tracing pid 11 tid 100005 td 0xc24656c0 > sched_switch(c24656c0,0,1,158,c25706c0,...) at sched_switch+0x1a0 > mi_switch(1,0,c075815d,283,c07c41d0,...) at mi_switch+0x306 > turnstile_wait(c2780458,c25706c0,0,223,c25706c2,...) at > turnstile_wait+0x4c5 > _mtx_lock_sleep(c2780458,c24656c0,0,c07637e7,e65,...) at > _mtx_lock_sleep+0x130 > _mtx_lock_flags(c2780458,0,c07637e7,e65,c294fe00,...) at > _mtx_lock_flags+0xc7 > sctp_append_to_readq(c29a3000,c29a5000,c29ab5d8,c27ff000,0,...) at > sctp_append_to_readq+0x116 > sctp_service_reassembly(c29a5000,c29a502c,69215acb,5bc,c2982030,...) at > sctp_service_reassembly+0x2be > sctp_service_queues(c29a5000,c29a502c,d35e2c40,20,c2982030,...) at > sctp_service_queues+0x2a > sctp_process_data(d35e2c40,14,d35e2bc8,5dc,c2982024,...) at > sctp_process_data+0x65f > sctp_common_input_processing(d35e2c40,14,5dc,5dc,c2982024,...) at > sctp_common_input_processing+0x424 > sctp_input(c294e100,14,c255a800,1,0,...) at sctp_input+0x420 > ip_input(c294e100,0,c0760336,e9,c080c318,...) at ip_input+0x6c1 > netisr_processqueue(c080c318,c07c0af0,2,c07563d7,c245ea00,...) at > netisr_processqueue+0x8e > swi_net(0,d35e2cd8,c052758c,c07c0af0,1,...) at swi_net+0xf9 > ithread_execute_handlers(c2464b04,c2462580,c0751b05,2f9,c24656c0,...) at > ithread_execute_handlers+0x168 > ithread_loop(c24333b0,d35e2d38,c07518ff,32e,0,...) at ithread_loop+0x83 > fork_exit(c05183d0,c24333b0,d35e2d38) at fork_exit+0xc3 > fork_trampoline() at fork_trampoline+0x8 > --- trap 0x1, eip = 0, esp = 0xd35e2d6c, ebp = 0 --- > --More-- db> call doadump > Physical memory: 502 MB > Dumping 33 MB: 18 2 > > (kgdb) l /usr/src/sys/netinet/sctputil.c:4042 > 4037 inp = (struct sctp_inpcb *)so->so_pcb; > 4038 if (inp == NULL) { > 4039 return (EFAULT); > 4040 } > 4041 s = splnet(); > 4042 SOCKBUF_LOCK(&so->so_rcv); > 4043 > 4044 restart: > 4045 if((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || > 4046 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { > (kgdb) l /usr/src/sys/netinet/sctp_pcb.c:191 > 186 } > 187 if (stcb->sctp_socket) > 188 if > (mtx_owned(&(stcb->sctp_socket->so_snd.sb_mtx))) { > 189 panic("own snd socket mtx at lock of tcb"); > 190 } > 191 mtx_lock(&(stcb)->tcb_mtx); > 192 } > 193 > 194 > 195 void > (kgdb) l *sctp_append_to_readq+0x116 > 0xc05fa396 is in sctp_append_to_readq > (/usr/src/sys/netinet/sctputil.c:3687). > 3682 mm = mm->m_next; > 3683 } > 3684 if (sb) { > 3685 SOCKBUF_LOCK(sb); > 3686 } > 3687 if (control->tail_mbuf) { > 3688 /* append */ > 3689 control->tail_mbuf->m_next = m; > 3690 control->tail_mbuf = tail; > 3691 } else { > -- Randall Stewart NSSTG - Cisco Systems Inc. 803-345-0369 815-342-5222 (cell)