From owner-freebsd-net@FreeBSD.ORG Sun Jul 25 01:44:17 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 07E1B16A4CE for ; Sun, 25 Jul 2004 01:44:17 +0000 (GMT) Received: from smtp3.adl2.internode.on.net (smtp3.adl2.internode.on.net [203.16.214.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id 54E4B43D1D for ; Sun, 25 Jul 2004 01:44:16 +0000 (GMT) (envelope-from smckay@internode.on.net) Received: from dungeon.home (ppp228-230.lns1.bne1.internode.on.net [203.122.228.230])i6P1iDHY009440; Sun, 25 Jul 2004 11:14:14 +0930 (CST) Received: from dungeon.home (localhost [127.0.0.1]) by dungeon.home (8.12.8p2/8.11.6) with ESMTP id i6P1iCPx005756; Sun, 25 Jul 2004 11:44:12 +1000 (EST) (envelope-from mckay) Message-Id: <200407250144.i6P1iCPx005756@dungeon.home> To: Mike Tancsa References: <200407240247.i6O2lQfJ007370@dungeon.home> In-Reply-To: from Mike Tancsa at "Sat, 24 Jul 2004 17:29:21 -0400" Date: Sun, 25 Jul 2004 11:44:12 +1000 From: Stephen McKay cc: freebsd-net@freebsd.org cc: Stephen McKay Subject: Re: PPPoE problem: "Too many LQR packets lost" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Jul 2004 01:44:17 -0000 On Saturday, 24th July 2004, Mike Tancsa wrote: >On Sat, 24 Jul 2004 12:47:26 +1000, in sentex.lists.freebsd.net you >wrote: > >>I found Mike Tancsa's patch but didn't like it. I rolled my own, which >>seems to be working so far. It works by switching from LQR to simple >>echo requests when LQR times out. > >I feel so unliked ;-) :-) >Seriously though, mine was a very ugly hack to >get things working again for me. Most of the DSL aggregators here >are Juniper ERXes which do not play nice with FreeBSD's PPPoE. I think I would have just taken your hack if it had been in lqr_Setup() where hdlc.lqm.method is initially set. As it was I was in a funny mood and wanted to write my own hack. :-) >>(This is a patch against ppp in FreeBSD 4.8. I haven't tried the ppp in >>-current yet as -current is still a wild and woolly place that scares me.) > >I think Brian re worked the LQR portion at least from looking at the >commit messages If I'm looking at the same stuff as you, he's reworked the LQR code to be more accurate with byte counts and such. I don't see any changes that address our "LQR fails completely" problems. Stephen. From owner-freebsd-net@FreeBSD.ORG Sun Jul 25 03:42:04 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 96C9C16A4CE for ; Sun, 25 Jul 2004 03:42:04 +0000 (GMT) Received: from pimout3-ext.prodigy.net (pimout3-ext.prodigy.net [207.115.63.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C29C43D39 for ; Sun, 25 Jul 2004 03:42:04 +0000 (GMT) (envelope-from julian@elischer.org) Received: from elischer.org (adsl-68-121-219-69.dsl.snfc21.pacbell.net [68.121.219.69])i6P3g2lM267612; Sat, 24 Jul 2004 23:42:02 -0400 Message-ID: <41032C09.506@elischer.org> Date: Sat, 24 Jul 2004 20:42:01 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4b) Gecko/20030524 X-Accept-Language: en, hu MIME-Version: 1.0 To: Stephen McKay References: <200407240247.i6O2lQfJ007370@dungeon.home> <200407250144.i6P1iCPx005756@dungeon.home> In-Reply-To: <200407250144.i6P1iCPx005756@dungeon.home> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: Mike Tancsa Subject: Re: PPPoE problem: "Too many LQR packets lost" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Jul 2004 03:42:04 -0000 Stephen McKay wrote: >On Saturday, 24th July 2004, Mike Tancsa wrote: > > > >>On Sat, 24 Jul 2004 12:47:26 +1000, in sentex.lists.freebsd.net you >>wrote: >> >> >> >>>I found Mike Tancsa's patch but didn't like it. I rolled my own, which >>>seems to be working so far. It works by switching from LQR to simple >>>echo requests when LQR times out. >>> >>> >>I feel so unliked ;-) >> >> > >:-) > > > >>Seriously though, mine was a very ugly hack to >>get things working again for me. Most of the DSL aggregators here >>are Juniper ERXes which do not play nice with FreeBSD's PPPoE. >> any thoughts as to why? FreeBSD's pppoe is going through a little development at the moment.. Now would be a good time to get it fixed.. >> >> > >I think I would have just taken your hack if it had been in lqr_Setup() >where hdlc.lqm.method is initially set. As it was I was in a funny mood >and wanted to write my own hack. :-) > > > >>>(This is a patch against ppp in FreeBSD 4.8. I haven't tried the ppp in >>>-current yet as -current is still a wild and woolly place that scares me.) >>> >>> >>I think Brian re worked the LQR portion at least from looking at the >>commit messages >> >> > >If I'm looking at the same stuff as you, he's reworked the LQR code to >be more accurate with byte counts and such. I don't see any changes that >address our "LQR fails completely" problems. > >Stephen. >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Sun Jul 25 09:42:53 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4688F16A4CE for ; Sun, 25 Jul 2004 09:42:53 +0000 (GMT) Received: from web13002.mail.yahoo.com (web13002.mail.yahoo.com [216.136.174.12]) by mx1.FreeBSD.org (Postfix) with SMTP id 3904643D2D for ; Sun, 25 Jul 2004 09:42:53 +0000 (GMT) (envelope-from rosey_kc@yahoo.com) Message-ID: <20040725094252.63612.qmail@web13002.mail.yahoo.com> Received: from [202.51.78.5] by web13002.mail.yahoo.com via HTTP; Sun, 25 Jul 2004 02:42:52 PDT Date: Sun, 25 Jul 2004 02:42:52 -0700 (PDT) From: kamal kc To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: no network between cyrix 6x86 and intel pentium 4 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Jul 2004 09:42:53 -0000 i problem i state here is not particularly about freebsd but it's still related to network and has recently made me very much confused. the problem is when i try to put two computers with cyrix 6x86 and intel pentium 4 in the same network there is no communication between the computers. ----- what i did till now::::: -- i connected the two computers by cross wire cable. there is no communication. -- i connected the two computers by a 10 Mbps network hub, still there is no communication -- the network card i have used is Realtek 8139 (10/100 Mbps) in both the computers -- i monitored the transmitted packets by using ::tcpdump:: and ::ethereal:: and what i found was::::: the cyrix 6x86 computer transmits the packets but cannot receive packets sent to it. -- the cyrix 6x86 has processor speed of about 133 Mhz and intel pentium 4 of 1.8 Ghz -- the cyrix 6x86 can communicate with pentium computers. i tried it in a different network -- the pentium 4 can communicate with other pentium 4 computers. i also tried it in a differeent network. ------------------- that's all i had done till now. is there any possibility that the processor speed can affect the network?? or is there any other reason that i may have overlooked ?? i am really confused and don't know what to do as i need the network as soon as possible. ------------------------------------------ --------------------------------- Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! From owner-freebsd-net@FreeBSD.ORG Sun Jul 25 15:31:09 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 594C716A4CE for ; Sun, 25 Jul 2004 15:31:09 +0000 (GMT) Received: from gw.Awfulhak.org (awfulhak.demon.co.uk [80.177.173.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id 52D0043D1D for ; Sun, 25 Jul 2004 15:31:08 +0000 (GMT) (envelope-from brian@Awfulhak.org) Received: from dev.lan.Awfulhak.org (brian@dev.lan.Awfulhak.org [172.16.0.5]) by gw.Awfulhak.org (8.12.11/8.12.11) with SMTP id i6PFUw7a098694; Sun, 25 Jul 2004 16:30:58 +0100 (BST) (envelope-from brian@Awfulhak.org) Date: Sun, 25 Jul 2004 16:30:58 +0100 From: Brian Somers To: Mike Tancsa Message-Id: <20040725163058.5bf1a711@dev.lan.Awfulhak.org> In-Reply-To: References: <200407240247.i6O2lQfJ007370@dungeon.home> X-Mailer: Sylpheed-Claws 0.9.12 (GTK+ 1.2.10; i386-portbld-freebsd5.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on gw.lan.Awfulhak.org cc: freebsd-net@freebsd.org cc: Stephen McKay Subject: Re: PPPoE problem: "Too many LQR packets lost" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Jul 2004 15:31:09 -0000 On Sat, 24 Jul 2004 17:29:21 -0400, Mike Tancsa wrote: > On Sat, 24 Jul 2004 12:47:26 +1000, in sentex.lists.freebsd.net you > wrote: > > > > >I found Mike Tancsa's patch but didn't like it. I rolled my own, which > >seems to be working so far. It works by switching from LQR to simple > >echo requests when LQR times out. > > I feel so unliked ;-) Seriously though, mine was a very ugly hack to > get things working again for me. Most of the DSL aggregators here > are Juniper ERXes which do not play nice with FreeBSD's PPPoE. > > > > >(This is a patch against ppp in FreeBSD 4.8. I haven't tried the ppp in > >-current yet as -current is still a wild and woolly place that scares me.) > > I think Brian re worked the LQR portion at least from looking at the > commit messages > > http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.sbin/ppp/ > > It seems he will be MFC'ing his changes in another week or so. > > ---Mike Yes, that's the plan. I'd like you guys to test the new LQR stuff when I MFC if you can. I think there are good arguments for having more than one LQR failure policy (disconnect when the peer doesn't respond), so I'll probably implement something like this when the latest stuff has been tested. Cheers. -- Brian Don't _EVER_ lose your sense of humour ! From owner-freebsd-net@FreeBSD.ORG Mon Jul 26 00:53:00 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6513E16A4CE for ; Mon, 26 Jul 2004 00:53:00 +0000 (GMT) Received: from mailhost.schluting.com (schluting.com [131.252.214.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B14A43D45 for ; Mon, 26 Jul 2004 00:53:00 +0000 (GMT) (envelope-from charlie@schluting.com) Received: from localhost (localhost [127.0.0.1]) by mailhost.schluting.com (Postfix) with ESMTP id 740742172 for ; Sun, 25 Jul 2004 17:52:59 -0700 (PDT) Received: from unknown by localhost (amavisd-new, unix socket) id client-QoIm03cr for ; Sun, 25 Jul 2004 17:52:50 -0700 (PDT) Received: from [10.1.0.69] (c-24-20-163-50.client.comcast.net [24.20.163.50]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailhost.schluting.com (Postfix) with ESMTP id 642FA20A8 for ; Sun, 25 Jul 2004 17:52:49 -0700 (PDT) Message-ID: <410455E9.8090106@schluting.com> Date: Sun, 25 Jul 2004 17:52:57 -0700 From: Charlie Schluting User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by your mom at schluting.com Subject: spoofed MAC on a dhcp interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 00:53:00 -0000 Hi :) /etc/rc.conf: ifconfig_xl0="ether 00:11:11:11:11:11" ifconfig_xl0="DHCP" The above doesn't work.. I'm trying to set the mac, and then dhcp.. is this the correct way? With this config, its not getting the mac assigned to xl0, so I have to stop dhclient, run "ifconfig ether 00:11:11:11:11:11" manually, then dhcp again. Thanks! -Charlie From owner-freebsd-net@FreeBSD.ORG Mon Jul 26 11:01:50 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4FB8116A4D0 for ; Mon, 26 Jul 2004 11:01:50 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 313A343D45 for ; Mon, 26 Jul 2004 11:01:50 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i6QB1oT9026730 for ; Mon, 26 Jul 2004 11:01:50 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i6QB1noE026724 for freebsd-net@freebsd.org; Mon, 26 Jul 2004 11:01:49 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 26 Jul 2004 11:01:49 GMT Message-Id: <200407261101.i6QB1noE026724@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 11:01:50 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [1999/11/26] kern/15095 net TCP's advertised window is not scaled imm o [2001/02/08] kern/24959 net proper TCP_NOPUSH/TCP_CORK compatibility o [2003/07/11] kern/54383 net NFS root configurations without dynamic p 3 problems total. From owner-freebsd-net@FreeBSD.ORG Mon Jul 26 11:13:13 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4DAC416A4E8 for ; Mon, 26 Jul 2004 11:13:13 +0000 (GMT) Received: from thehousleys.net (frenchknot.ne.client2.attbi.com [24.62.118.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id A4DEF43D41 for ; Mon, 26 Jul 2004 11:13:12 +0000 (GMT) (envelope-from jim@Thehousleys.net) Received: from localhost (localhost [127.0.0.1]) by thehousleys.net (8.12.11/8.12.11) with ESMTP id i6QBDBXj066410; Mon, 26 Jul 2004 07:13:11 -0400 (EDT) (envelope-from jim@Thehousleys.net) Received: from thehousleys.net ([127.0.0.1]) by localhost (cat.int.thehousleys.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 66109-07; Mon, 26 Jul 2004 07:13:08 -0400 (EDT) Received: from [192.168.0.100] (baby.int.thehousleys.net [192.168.0.100]) (authenticated bits=0) by thehousleys.net (8.12.11/8.12.11) with ESMTP id i6QBD2Nu066405; Mon, 26 Jul 2004 07:13:03 -0400 (EDT) (envelope-from jim@Thehousleys.net) Message-ID: <4104E73D.5020906@Thehousleys.net> Date: Mon, 26 Jul 2004 07:13:01 -0400 From: James Housley User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7) Gecko/20040706 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Charlie Schluting References: <410455E9.8090106@schluting.com> In-Reply-To: <410455E9.8090106@schluting.com> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms000106030405060506090403" X-Virus-Scanned: by amavisd-new at thehousleys.net cc: freebsd-net@freebsd.org Subject: Re: spoofed MAC on a dhcp interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 11:13:13 -0000 This is a cryptographically signed message in MIME format. --------------ms000106030405060506090403 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Charlie Schluting wrote: > Hi :) > > /etc/rc.conf: > ifconfig_xl0="ether 00:11:11:11:11:11" > ifconfig_xl0="DHCP" > > The above doesn't work.. > I'm trying to set the mac, and then dhcp.. is this the correct way? > > With this config, its not getting the mac assigned to xl0, so I have to > stop dhclient, run "ifconfig ether 00:11:11:11:11:11" manually, then > dhcp again. I needed to do the exact thing so I could switch to replace dead NIC without having to involve my Cable company. /etc/rc.conf: ifconfig_xl0="DHCP" # DHCP on external interface The key was created /etc/start_if.xl0: #!/bin/sh # # Needed to fake my MAC at Comcast # /sbin/ifconfig xl0 ether 00:80:c8:de:1a:50 /sbin/ifconfig xl0 up Jim -- /"\ ASCII Ribbon Campaign . \ / - NO HTML/RTF in e-mail . X - NO Word docs in e-mail . / \ ----------------------------------------------------------------- jeh@FreeBSD.org http://www.FreeBSD.org The Power to Serve jim@TheHousleys.Net http://www.TheHousleys.net --------------------------------------------------------------------- A Microsoft Certified Systems Engineer is to computing what a McDonalds Certified Food Specialist is to fine cuisine. -- Jack O'Neill --------------ms000106030405060506090403 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJIzCC AuwwggJVoAMCAQICAwucmTANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwMTMxMTkxMTAwWhcNMDUwMTMwMTkxMTAw WjBeMRAwDgYDVQQEEwdIb3VzbGV5MQ4wDAYDVQQqEwVKYW1lczEWMBQGA1UEAxMNSmFtZXMg SG91c2xleTEiMCAGCSqGSIb3DQEJARYTamltQHRoZWhvdXNsZXlzLm5ldDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAM70siVrpNeIN29fGXTeZx4DuD8BQDzS4F9QLhypRRv2 aL+B1DvaX3spU9O7TktIKeXwJ4pN7iiL6RFXX53QdyXht96ILFVuSsYxM3vaAI+M446KmMKL 1PT033SFCQVb8/DsbJPGQqMauWfon9hdjx8B+PqZyMDRoprj2mJrlUtaGwUGDMYzsE+qG+dY v20Z9JH1nXVxMpsktz1kON2oFWmemobcoGO2swhb5CmG7KYiKKZW/ItsDwhu5ZebeB63UkUl SL/+GiUPiieGxnptEDYf5RH/wdN/29I7IeZuab8YajAk2WO+68vAYA3+d/nTgX9YCeGdkPS6 9KxDELa7c8MCAwEAAaMwMC4wHgYDVR0RBBcwFYETamltQHRoZWhvdXNsZXlzLm5ldDAMBgNV HRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBALGpfU4DorG1pNJyzuGAeJY0QWUrZMDmryk/ r08DfcBpE/BicfJXEuee41NWh+7Y2Y4fVdaAo5UAtjDjj8novARRt2rtGv9M9+7OKoTsx20O JKNBCiJWc53MscEapsc4fvvCl2Cf/TBl1AESJgTkjHHxoyTDNaadvV0lowHakwhOMIIC7DCC AlWgAwIBAgIDC5yZMA0GCSqGSIb3DQEBBAUAMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxU aGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwg RnJlZW1haWwgSXNzdWluZyBDQTAeFw0wNDAxMzExOTExMDBaFw0wNTAxMzAxOTExMDBaMF4x EDAOBgNVBAQTB0hvdXNsZXkxDjAMBgNVBCoTBUphbWVzMRYwFAYDVQQDEw1KYW1lcyBIb3Vz bGV5MSIwIAYJKoZIhvcNAQkBFhNqaW1AdGhlaG91c2xleXMubmV0MIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAzvSyJWuk14g3b18ZdN5nHgO4PwFAPNLgX1AuHKlFG/Zov4HU O9pfeylT07tOS0gp5fAnik3uKIvpEVdfndB3JeG33ogsVW5KxjEze9oAj4zjjoqYwovU9PTf dIUJBVvz8Oxsk8ZCoxq5Z+if2F2PHwH4+pnIwNGimuPaYmuVS1obBQYMxjOwT6ob51i/bRn0 kfWddXEymyS3PWQ43agVaZ6ahtygY7azCFvkKYbspiIoplb8i2wPCG7ll5t4HrdSRSVIv/4a JQ+KJ4bGem0QNh/lEf/B03/b0jsh5m5pvxhqMCTZY77ry8BgDf53+dOBf1gJ4Z2Q9Lr0rEMQ trtzwwIDAQABozAwLjAeBgNVHREEFzAVgRNqaW1AdGhlaG91c2xleXMubmV0MAwGA1UdEwEB /wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAsal9TgOisbWk0nLO4YB4ljRBZStkwOavKT+vTwN9 wGkT8GJx8lcS557jU1aH7tjZjh9V1oCjlQC2MOOPyei8BFG3au0a/0z37s4qhOzHbQ4ko0EK IlZzncyxwRqmxzh++8KXYJ/9MGXUARImBOSMcfGjJMM1pp29XSWjAdqTCE4wggM/MIICqKAD AgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVy biBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5n MSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtU aGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZy ZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQsw CQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoG A1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJKoZIhvcN AQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2vX8MOmHy v1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9A74r/rsY Pge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEwEgYDVR0T AQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRoYXd0ZS5jb20v VGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYwKQYDVR0RBCIwIKQe MBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEBBQUAA4GBAEiM0VCD 6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCTcDz9reFhYsPZOhl+hLGZ GwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo05RAaWzVNd+NWIXiC 3CEZNd4ksdMdRv9dX2VPMYIDOzCCAzcCAQEwaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFs IEZyZWVtYWlsIElzc3VpbmcgQ0ECAwucmTAJBgUrDgMCGgUAoIIBpzAYBgkqhkiG9w0BCQMx CwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNDA3MjYxMTEzMDFaMCMGCSqGSIb3DQEJ BDEWBBRWqK/VNRALeSHQaxOnEEoBVvgQUzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMH MA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIB KDB4BgkrBgEEAYI3EAQxazBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29u c3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwg SXNzdWluZyBDQQIDC5yZMHoGCyqGSIb3DQEJEAILMWugaTBiMQswCQYDVQQGEwJaQTElMCMG A1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBl cnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAwucmTANBgkqhkiG9w0BAQEFAASCAQCFW22N 7BYm4sL59CNmI9FpEYPqXwyowU5alO4tNXGD5WngclyQNCCn8I/fEoTo7Mfb0TBU8NZrdhr6 2i/+pNoj65Yc9V+VHwdwy4208YCX2m4AyLZb6IKlv2Lvwbp9XKQMYlvGITu8iEHF5VumlzlM hAMMs3d4SuXCiHf3H09GMC6wJ2OFqNeb5AuFHE4ezqWAF7b/blcEIbav6KVd5fvTBtl9EF4U tttRUbJorBSu0TQAQDQGUg4Rat9q15FDOEa4INnAzqiKVKDaHi2MSwuPnB4vg7FSXBeOYKlL YiYwngAoDnnUMGrYGepyjLA7Vv3BufHX0p0K/ZH2E4rev4OoAAAAAAAA --------------ms000106030405060506090403-- From owner-freebsd-net@FreeBSD.ORG Mon Jul 26 11:24:16 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 77FBB16A4CE for ; Mon, 26 Jul 2004 11:24:16 +0000 (GMT) Received: from regina.plastikos.com (216-107-106-250.wan.networktel.net [216.107.106.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id EFA5443D2D for ; Mon, 26 Jul 2004 11:24:15 +0000 (GMT) (envelope-from fullermd@over-yonder.net) Received: from mortis.over-yonder.net (adsl-19-139-67.jan.bellsouth.net [68.19.139.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by regina.plastikos.com (Postfix) with ESMTP id E7CF76EEDE; Mon, 26 Jul 2004 07:24:14 -0400 (EDT) Received: by mortis.over-yonder.net (Postfix, from userid 100) id 678BB20F7E; Mon, 26 Jul 2004 06:24:13 -0500 (CDT) Date: Mon, 26 Jul 2004 06:24:13 -0500 From: "Matthew D. Fuller" To: Charlie Schluting Message-ID: <20040726112413.GU22300@over-yonder.net> References: <410455E9.8090106@schluting.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <410455E9.8090106@schluting.com> X-Editor: vi X-OS: FreeBSD User-Agent: Mutt/1.5.6i-fullermd.2 cc: freebsd-net@freebsd.org Subject: Re: spoofed MAC on a dhcp interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 11:24:16 -0000 On Sun, Jul 25, 2004 at 05:52:57PM -0700 I heard the voice of Charlie Schluting, and lo! it spake thus: > Hi :) > > /etc/rc.conf: > ifconfig_xl0="ether 00:11:11:11:11:11" > ifconfig_xl0="DHCP" > > The above doesn't work.. Because that's setting a variable. If you set a variable, then set it to something else, it doesn't keep the old value around for sport :) -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet" From owner-freebsd-net@FreeBSD.ORG Mon Jul 26 14:42:02 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E54716A4CE for ; Mon, 26 Jul 2004 14:42:02 +0000 (GMT) Received: from mx01.bos.ma.towardex.com (mx01.bos.ma.towardex.com [65.124.16.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1211843D5F for ; Mon, 26 Jul 2004 14:42:02 +0000 (GMT) (envelope-from haesu@mx01.bos.ma.towardex.com) Received: by mx01.bos.ma.towardex.com (TowardEX ESMTP 3.0p11_DAKN, from userid 1001) id A74F52F95E; Mon, 26 Jul 2004 10:42:01 -0400 (EDT) Date: Mon, 26 Jul 2004 10:42:01 -0400 From: James To: freebsd-net@freebsd.org Message-ID: <20040726144201.GA93526@scylla.towardex.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i Subject: device polling takes more CPU hits?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 14:42:02 -0000 Hi all, I've got a weird case on my hands on a 2.8ghz xeon w/ HTT working as a router w/ device polling... This is a single-processor 2.8ghz xeon, not dual/quad, etc. The kernel does have SMP compiled in though. The box has two gig-e cards, em0 and bge0. bge0 is the uplink to the core, em0 is the downlink to the ethernet switch with 802.1q vlans for customer aggregation. During daytime, the box pushes about 15kpps at rate of roughly 12% interrupt CPU load. Sometimes when it spikes to 100kpps (rare, but happens), cpu load goes up as high as 30% on interrupts. Now these figures are w/ device polling off. As soon as I turn device polling ON, interrupt load climbs from 12% to 23%. During spikes, it climbs to about 48% to 50%. Any idea why device polling is kind of having... negative impact? Is this b/c I have SMP compiled on a box that really doesn't have two cpu's?? Is SMP+APIC_IO support even required for HTT use? The version btw is FreeBSD 4.9-STABLE. hardware info: Jul 21 23:09:24 r2.bos /kernel: CPU: Intel(R) Xeon(TM) CPU 2.80GHz (2788.16-MHz 686-class CPU) Jul 21 23:09:24 r2.bos /kernel: Origin = "GenuineIntel" Id = 0xf29 Stepping = 9 Jul 21 23:09:25 r2.bos /kernel: em0: port 0xccc0-0xccff mem 0xfcd00000-0xfcd3ffff,0xfcd40000-0xfcd5ffff irq 7 at device 6.0 on pci3 Jul 21 23:09:25 r2.bos /kernel: bge0: mem 0xfcf20000-0xfcf2ffff,0xfcf30000-0xfcf3ffff irq 2 at device 0.0 on pci2 Jul 21 23:09:25 r2.bos /kernel: bge1: mem 0xfcf00000-0xfcf0ffff,0xfcf10000-0xfcf1ffff irq 5 at device 0.1 on pci2 Thanks for any tips! -J -- James Jun TowardEX Technologies, Inc. Technical Lead Network Design, Consulting, IT Outsourcing james@towardex.com Boston-based Colocation & Bandwidth Services cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net From owner-freebsd-net@FreeBSD.ORG Mon Jul 26 14:52:35 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A69FC16A4CE for ; Mon, 26 Jul 2004 14:52:35 +0000 (GMT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1138F43D41 for ; Mon, 26 Jul 2004 14:52:35 +0000 (GMT) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2657.72) id ; Mon, 26 Jul 2004 10:52:34 -0400 Message-ID: From: Don Bowman To: 'James' , freebsd-net@freebsd.org Date: Mon, 26 Jul 2004 10:52:23 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" Subject: RE: device polling takes more CPU hits?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 14:52:35 -0000 From: James [mailto:haesu@towardex.com] > Hi all, > ... > > Any idea why device polling is kind of having... negative > impact? Is this b/c > I have SMP compiled on a box that really doesn't have two > cpu's?? Is SMP+APIC_IO > support even required for HTT use? I would post the output of 'sysctl kern.polling', its likely some of the tuning there is insufficient. What do you have HZ set to (sysctl kern.clockrate)? I would probably have it set to ~1000. You will want 'machdep.cpu_idle_hlt=1'. --don From owner-freebsd-net@FreeBSD.ORG Mon Jul 26 15:01:03 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F15616A4CE for ; Mon, 26 Jul 2004 15:01:03 +0000 (GMT) Received: from mx01.bos.ma.towardex.com (mx01.bos.ma.towardex.com [65.124.16.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 52D3243D31 for ; Mon, 26 Jul 2004 15:01:03 +0000 (GMT) (envelope-from haesu@mx01.bos.ma.towardex.com) Received: by mx01.bos.ma.towardex.com (TowardEX ESMTP 3.0p11_DAKN, from userid 1001) id 1213D2F964; Mon, 26 Jul 2004 11:01:03 -0400 (EDT) Date: Mon, 26 Jul 2004 11:01:03 -0400 From: James To: Don Bowman Message-ID: <20040726150103.GA26080@scylla.towardex.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i cc: freebsd-net@freebsd.org Subject: Re: device polling takes more CPU hits?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 15:01:03 -0000 Hi Don, > I would post the output of 'sysctl kern.polling', its likely > some of the tuning there is insufficient. > What do you have HZ set to (sysctl kern.clockrate)? I would > probably have it set to ~1000. > You will want 'machdep.cpu_idle_hlt=1'. Thanks for quick reply. Here is the sysctl output with polling turned on. -J root@r2.bos# sysctl kern.clockrate kern.clockrate: { hz = 4000, tick = 250, tickadj = 1, profhz = 1024, stathz = 128 } root@r2.bos# sysctl kern.polling kern.polling.burst: 150 kern.polling.each_burst: 5 kern.polling.burst_max: 150 kern.polling.idle_poll: 1 kern.polling.poll_in_trap: 1 kern.polling.user_frac: 50 kern.polling.reg_frac: 20 kern.polling.short_ticks: 4909 kern.polling.lost_polls: 11464 kern.polling.pending_polls: 0 kern.polling.residual_burst: 0 kern.polling.handlers: 1 kern.polling.enable: 1 kern.polling.phase: 0 kern.polling.suspect: 10249 kern.polling.stalled: 3 root@r2.bos# sysctl machdep.cpu_idle_hlt machdep.cpu_idle_hlt: 1 -- James Jun TowardEX Technologies, Inc. Technical Lead Network Design, Consulting, IT Outsourcing james@towardex.com Boston-based Colocation & Bandwidth Services cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net From owner-freebsd-net@FreeBSD.ORG Mon Jul 26 15:02:59 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 28DBD16A4CE for ; Mon, 26 Jul 2004 15:02:59 +0000 (GMT) Received: from mailhost.schluting.com (schluting.com [131.252.214.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id 098DA43D1D for ; Mon, 26 Jul 2004 15:02:59 +0000 (GMT) (envelope-from charlie@schluting.com) Received: from localhost (localhost [127.0.0.1]) by mailhost.schluting.com (Postfix) with ESMTP id 8FB422179 for ; Mon, 26 Jul 2004 08:02:58 -0700 (PDT) Received: from unknown by localhost (amavisd-new, unix socket) id client-KfMIRjIp for ; Mon, 26 Jul 2004 08:02:52 -0700 (PDT) Received: from [10.1.0.69] (c-24-20-163-50.client.comcast.net [24.20.163.50]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailhost.schluting.com (Postfix) with ESMTP id 225F220B5 for ; Mon, 26 Jul 2004 08:02:52 -0700 (PDT) Message-ID: <41051D2C.4020209@schluting.com> Date: Mon, 26 Jul 2004 08:03:08 -0700 From: Charlie Schluting User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <410455E9.8090106@schluting.com> <4104E73D.5020906@Thehousleys.net> In-Reply-To: <4104E73D.5020906@Thehousleys.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by your mom at schluting.com Subject: Re: spoofed MAC on a dhcp interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 15:02:59 -0000 James Housley wrote: > The key was created /etc/start_if.xl0: > #!/bin/sh Yep! Someone else also responded with a similar suggestion. Thank you very much, everyone, problem solved. I didn't know you could make start_if. ...very cool. I also now know its in rc.conf(5) :) From owner-freebsd-net@FreeBSD.ORG Mon Jul 26 15:06:05 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 56EAC16A4CE for ; Mon, 26 Jul 2004 15:06:05 +0000 (GMT) Received: from phuket.psconsult.nl (ps226.psconsult.nl [213.222.19.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 816B443D67 for ; Mon, 26 Jul 2004 15:06:03 +0000 (GMT) (envelope-from fb-net@psconsult.nl) Received: from phuket.psconsult.nl (localhost [127.0.0.1]) by phuket.psconsult.nl (8.12.8p2/8.12.8) with ESMTP id i6QF62Ye029375 for ; Mon, 26 Jul 2004 17:06:02 +0200 (CEST) (envelope-from fb-net@psconsult.nl) Received: (from paul@localhost) by phuket.psconsult.nl (8.12.8p2/8.12.8/Submit) id i6QF62mE029374 for freebsd-net@freebsd.org; Mon, 26 Jul 2004 17:06:02 +0200 (CEST) Date: Mon, 26 Jul 2004 17:06:01 +0200 From: Paul Schenkeveld To: freebsd-net@freebsd.org Message-ID: <20040726150601.GA29169@psconsult.nl> Mail-Followup-To: freebsd-net@freebsd.org References: <410455E9.8090106@schluting.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <410455E9.8090106@schluting.com> User-Agent: Mutt/1.5.6i Subject: Re: spoofed MAC on a dhcp interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 15:06:05 -0000 Hi, On Sun, Jul 25, 2004 at 05:52:57PM -0700, Charlie Schluting wrote: > Hi :) > > /etc/rc.conf: > ifconfig_xl0="ether 00:11:11:11:11:11" > ifconfig_xl0="DHCP" The last assignment takes precedence over the previous one. > The above doesn't work.. > I'm trying to set the mac, and then dhcp.. is this the correct way? Set iconfig_xl0="DHCP" in rc.conf, then use a /etc/start_if.xl0 script to set the MAC address: #!/bin/sh ifconfig xl0 ether 00:11:11:11:11:11 > With this config, its not getting the mac assigned to xl0, so I have to > stop dhclient, run "ifconfig ether 00:11:11:11:11:11" manually, then > dhcp again. > > Thanks! > -Charlie $0.02 Regards, Paul Schenkeveld, Consultant PSconsult ICT Services BV From owner-freebsd-net@FreeBSD.ORG Mon Jul 26 15:35:56 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A50116A4CF for ; Mon, 26 Jul 2004 15:35:56 +0000 (GMT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id D914343D46 for ; Mon, 26 Jul 2004 15:35:54 +0000 (GMT) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2657.72) id ; Mon, 26 Jul 2004 11:35:36 -0400 Message-ID: From: Don Bowman To: 'James' , Don Bowman Date: Mon, 26 Jul 2004 11:35:33 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" cc: freebsd-net@freebsd.org Subject: RE: device polling takes more CPU hits?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 15:35:56 -0000 From: James [mailto:haesu@towardex.com] > Hi Don, > root@r2.bos# sysctl kern.clockrate > kern.clockrate: { hz = 4000, tick = 250, tickadj = 1, profhz > = 1024, stathz = 128 } That's a pretty high HZ, here's what i have: kern.clockrate: { hz = 2500, tick = 400, tickadj = 1, profhz = 1024, stathz = 128 } I have the same box spec as you, only with em (bge doesn't support polling, but it has its own interrupt coalescer that works... you can tune that in the if_bge.h I think, there's some comments). I'm doing ~800Kpps with polling. My polling params are below. > > root@r2.bos# sysctl kern.polling > kern.polling.burst: 150 > kern.polling.each_burst: 5 > kern.polling.burst_max: 150 > kern.polling.idle_poll: 1 > kern.polling.poll_in_trap: 1 > kern.polling.user_frac: 50 > kern.polling.reg_frac: 20 > kern.polling.short_ticks: 4909 > kern.polling.lost_polls: 11464 > kern.polling.pending_polls: 0 > kern.polling.residual_burst: 0 > kern.polling.handlers: 1 > kern.polling.enable: 1 > kern.polling.phase: 0 > kern.polling.suspect: 10249 > kern.polling.stalled: 3 > > root@r2.bos# sysctl machdep.cpu_idle_hlt > machdep.cpu_idle_hlt: 1 > kern.polling.burst: 1000 kern.polling.each_burst: 80 kern.polling.burst_max: 1000 kern.polling.idle_poll: 1 kern.polling.poll_in_trap: 0 kern.polling.user_frac: 5 kern.polling.reg_frac: 120 kern.polling.short_ticks: 29 kern.polling.lost_polls: 55004 kern.polling.pending_polls: 0 kern.polling.residual_burst: 0 kern.polling.handlers: 4 kern.polling.enable: 1 kern.polling.phase: 0 kern.polling.suspect: 50690 kern.polling.stalled: 25 From owner-freebsd-net@FreeBSD.ORG Mon Jul 26 17:03:29 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 84DCC16A533 for ; Mon, 26 Jul 2004 17:03:29 +0000 (GMT) Received: from mx01.bos.ma.towardex.com (mx01.bos.ma.towardex.com [65.124.16.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4F20743D79 for ; Mon, 26 Jul 2004 17:03:29 +0000 (GMT) (envelope-from haesu@mx01.bos.ma.towardex.com) Received: by mx01.bos.ma.towardex.com (TowardEX ESMTP 3.0p11_DAKN, from userid 1001) id 088842F933; Mon, 26 Jul 2004 13:02:58 -0400 (EDT) Date: Mon, 26 Jul 2004 13:02:58 -0400 From: James To: Don Bowman Message-ID: <20040726170257.GA75739@scylla.towardex.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i cc: freebsd-net@freebsd.org Subject: Re: device polling takes more CPU hits?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 17:03:29 -0000 Hi Don, > That's a pretty high HZ, here's what i have: > kern.clockrate: { hz = 2500, tick = 400, tickadj = 1, profhz = 1024, stathz > = 128 } Hmm... I'll try setting it to 2500 later this week during maint. window for customers behind that box. It's weird b/c I have another box with devpolling that has 4000 as its HZ and has no problems. Thanks, -J > I have the same box spec as you, only with em (bge doesn't > support polling, but it has its own interrupt coalescer that works... > you can tune that in the if_bge.h I think, there's some comments). > I'm doing ~800Kpps with polling. My polling params are below. > > root@r2.bos# sysctl kern.polling > > kern.polling.burst: 150 > > kern.polling.each_burst: 5 > > kern.polling.burst_max: 150 > > kern.polling.idle_poll: 1 > > kern.polling.poll_in_trap: 1 > > kern.polling.user_frac: 50 > > kern.polling.reg_frac: 20 > > kern.polling.short_ticks: 4909 > > kern.polling.lost_polls: 11464 > > kern.polling.pending_polls: 0 > > kern.polling.residual_burst: 0 > > kern.polling.handlers: 1 > > kern.polling.enable: 1 > > kern.polling.phase: 0 > > kern.polling.suspect: 10249 > > kern.polling.stalled: 3 > > > > root@r2.bos# sysctl machdep.cpu_idle_hlt > > machdep.cpu_idle_hlt: 1 > > > > kern.polling.burst: 1000 > kern.polling.each_burst: 80 > kern.polling.burst_max: 1000 > kern.polling.idle_poll: 1 > kern.polling.poll_in_trap: 0 > kern.polling.user_frac: 5 > kern.polling.reg_frac: 120 > kern.polling.short_ticks: 29 > kern.polling.lost_polls: 55004 > kern.polling.pending_polls: 0 > kern.polling.residual_burst: 0 > kern.polling.handlers: 4 > kern.polling.enable: 1 > kern.polling.phase: 0 > kern.polling.suspect: 50690 > kern.polling.stalled: 25 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- James Jun TowardEX Technologies, Inc. Technical Lead Network Design, Consulting, IT Outsourcing james@towardex.com Boston-based Colocation & Bandwidth Services cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net From owner-freebsd-net@FreeBSD.ORG Mon Jul 26 19:13:48 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5698F16A4CE for ; Mon, 26 Jul 2004 19:13:48 +0000 (GMT) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id 1148D43D5C for ; Mon, 26 Jul 2004 19:13:47 +0000 (GMT) (envelope-from roam@ringlet.net) Received: (qmail 15486 invoked from network); 26 Jul 2004 19:08:39 -0000 Received: from unknown (HELO straylight.m.ringlet.net) (217.75.134.254) by gandalf.online.bg with SMTP; 26 Jul 2004 19:08:39 -0000 Received: (qmail 16874 invoked by uid 1000); 26 Jul 2004 19:13:44 -0000 Date: Mon, 26 Jul 2004 22:13:44 +0300 From: Peter Pentchev To: net@FreeBSD.org Message-ID: <20040726191344.GC1055@straylight.m.ringlet.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="8bBEDOJVaa9YlTAt" Content-Disposition: inline User-Agent: Mutt/1.5.6i Subject: [CFR] if_xl.c and if.c null pointer dereferences X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 19:13:48 -0000 --8bBEDOJVaa9YlTAt Content-Type: multipart/mixed; boundary="cz6wLo+OExbGG7q/" Content-Disposition: inline --cz6wLo+OExbGG7q/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, A couple of days ago I was handed a new machine with a 3Com 905B card. Before remembering the PNP OS option in the BIOS, I stumbled across a couple of null pointer dereferences leading to kernel panics when FreeBSD 4.10-STABLE could not map the card's resources and attempted to "clean up" the driver state before it had enough state to begin with. Attached are two patches, one to if_xl.c and one to if.c, which avoid "cleaning up" data at pointers that have not been initialized yet. Although this will not happen in normal operation, there's no need for the kernel to panic instead of simply reporting that it could not get the PCI resources it needs :) G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@cnsys.bg roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If this sentence were in Chinese, it would say something else. --cz6wLo+OExbGG7q/ Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="init-if.patch" Content-Transfer-Encoding: quoted-printable Index: src/sys/net/if.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/net/if.c,v retrieving revision 1.195 diff -u -r1.195 if.c --- src/sys/net/if.c 22 Jun 2004 20:13:25 -0000 1.195 +++ src/sys/net/if.c 9 Jul 2004 14:27:49 -0000 @@ -516,6 +516,8 @@ int s; int i; struct domain *dp; + struct ifnet *iter; + int found; =20 EVENTHANDLER_INVOKE(ifnet_departure_event, ifp); /* @@ -582,9 +584,11 @@ =20 =20 /* We can now free link ifaddr. */ - ifa =3D TAILQ_FIRST(&ifp->if_addrhead); - TAILQ_REMOVE(&ifp->if_addrhead, ifa, ifa_link); - IFAFREE(ifa); + if (!TAILQ_EMPTY(&ifp->if_addrhead)) { + ifa =3D TAILQ_FIRST(&ifp->if_addrhead); + TAILQ_REMOVE(&ifp->if_addrhead, ifa, ifa_link); + IFAFREE(ifa); + } =20 /* * Delete all remaining routes using this interface @@ -616,7 +620,14 @@ #endif /* MAC */ KNOTE(&ifp->if_klist, NOTE_EXIT); IFNET_WLOCK(); - TAILQ_REMOVE(&ifnet, ifp, if_link); + found =3D 0; + TAILQ_FOREACH(iter, &ifnet, if_link) + if (iter =3D=3D ifp) { + found =3D 1; + break; + } + if (found) + TAILQ_REMOVE(&ifnet, ifp, if_link); IFNET_WUNLOCK(); mtx_destroy(&ifp->if_snd.ifq_mtx); IF_AFDATA_DESTROY(ifp); --cz6wLo+OExbGG7q/ Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="init-xl.patch" Content-Transfer-Encoding: quoted-printable Index: src/sys/pci/if_xl.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/pci/if_xl.c,v retrieving revision 1.178 diff -u -r1.178 if_xl.c --- src/sys/pci/if_xl.c 9 Jul 2004 02:28:23 -0000 1.178 +++ src/sys/pci/if_xl.c 9 Jul 2004 14:26:45 -0000 @@ -3169,7 +3169,8 @@ sc->xl_cdata.xl_rx_chain[i].xl_mbuf =3D NULL; } } - bzero(sc->xl_ldata.xl_rx_list, XL_RX_LIST_SZ); + if (sc->xl_ldata.xl_rx_list !=3D NULL) + bzero(sc->xl_ldata.xl_rx_list, XL_RX_LIST_SZ); /* * Free the TX list buffers. */ @@ -3183,7 +3184,8 @@ sc->xl_cdata.xl_tx_chain[i].xl_mbuf =3D NULL; } } - bzero(sc->xl_ldata.xl_tx_list, XL_TX_LIST_SZ); + if (sc->xl_ldata.xl_tx_list !=3D NULL) + bzero(sc->xl_ldata.xl_tx_list, XL_TX_LIST_SZ); =20 ifp->if_flags &=3D ~(IFF_RUNNING | IFF_OACTIVE); } --cz6wLo+OExbGG7q/-- --8bBEDOJVaa9YlTAt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFBBVfo7Ri2jRYZRVMRAqJrAJ4r8FKS5ZUPvObPueHBUwhZEVCWWACgtGNt U2a+3mpcoy8bAwyfvsbW2oU= =IShT -----END PGP SIGNATURE----- --8bBEDOJVaa9YlTAt-- From owner-freebsd-net@FreeBSD.ORG Mon Jul 26 20:07:26 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 865B316A4D0 for ; Mon, 26 Jul 2004 20:07:26 +0000 (GMT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF46C43D5E for ; Mon, 26 Jul 2004 20:07:25 +0000 (GMT) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2657.72) id ; Mon, 26 Jul 2004 16:07:25 -0400 Message-ID: From: Don Bowman To: 'Marko Zec' , freebsd-net@freebsd.org Date: Mon, 26 Jul 2004 16:07:20 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" cc: 'James' Subject: RE: device polling takes more CPU hits?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 20:07:26 -0000 From: Marko Zec [mailto:zec@tel.fer.hr] > On Monday 26 July 2004 17:35, Don Bowman wrote: > > > root@r2.bos# sysctl machdep.cpu_idle_hlt > > > machdep.cpu_idle_hlt: 1 > > > At least on -STABLE, machdep.cpu_idle_hlt setting is ignored > / irrelevant when > both kern.polling.enable and kern.polling.idle_poll are set. > Hmm, this is more interesting. Since you are SMP, and using POLLING, i assume you did like me and commented out the !POLLING in SMP #error statement. You definitely want the halt on idle. The polling in idle doesn't work anyway, so try disabling it. James, not sure if you saw the rest of my email with my params: > kern.polling.burst: 1000 > kern.polling.each_burst: 80 > kern.polling.burst_max: 1000 > kern.polling.idle_poll: 0 > kern.polling.poll_in_trap: 0 > kern.polling.user_frac: 5 > kern.polling.reg_frac: 120 > kern.polling.short_ticks: 29 > kern.polling.lost_polls: 55004 > kern.polling.pending_polls: 0 > kern.polling.residual_burst: 0 > kern.polling.handlers: 4 > kern.polling.enable: 1 > kern.polling.phase: 0 > kern.polling.suspect: 50690 > kern.polling.stalled: 25 From owner-freebsd-net@FreeBSD.ORG Mon Jul 26 20:17:02 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E8E8716A4CF for ; Mon, 26 Jul 2004 20:17:01 +0000 (GMT) Received: from mx01.bos.ma.towardex.com (mx01.bos.ma.towardex.com [65.124.16.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id A000043D55 for ; Mon, 26 Jul 2004 20:17:01 +0000 (GMT) (envelope-from haesu@mx01.bos.ma.towardex.com) Received: by mx01.bos.ma.towardex.com (TowardEX ESMTP 3.0p11_DAKN, from userid 1001) id 5C7BD2F958; Mon, 26 Jul 2004 16:17:00 -0400 (EDT) Date: Mon, 26 Jul 2004 16:17:00 -0400 From: James To: Don Bowman Message-ID: <20040726201700.GA5305@scylla.towardex.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i cc: freebsd-net@freebsd.org cc: 'James' Subject: Re: device polling takes more CPU hits?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 20:17:02 -0000 Don, > Hmm, this is more interesting. > Since you are SMP, and using POLLING, i assume you did > like me and commented out the !POLLING in SMP #error statement. Yep. Otherwise kernel won't compile ;-) > You definitely want the halt on idle. The polling in idle > doesn't work anyway, so try disabling it. Yea, I made sure cpu_idle_hlt set to 1, and also made sure polling.idle_poll is set to 0. Then turned on device polling again.. CPU load again goes higher.. I then tried setting burst_max to 1000 and each_burst to 80, hence duplicating the parameters you are using on your system. The CPU load then went down, but its still not any lower than running it w/o device polling at all (meaning, device polling still isn't working properly). I have two boxes behind em0 that I can use to generate 250kpps to another vlan within em0 card as a test, so that bge0 is not involved in the stress test. Even when doing so, CPU load climbs higher with device polling turned on. Opened up systat, etc to check the interrupts, and em0 is generating 0 interrupts with device polling on (as obvious), but general interrupt load climbs rock high.. so I don't know what's causing it to climb. Cleared the firewall rules as well as a test... no difference :( Oh also, just FYI, each vlan interface has link0 set, since em(4) supports hardware 802.1q tag/detagging. Thanks! -J -- James Jun TowardEX Technologies, Inc. Technical Lead Network Design, Consulting, IT Outsourcing james@towardex.com Boston-based Colocation & Bandwidth Services cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net From owner-freebsd-net@FreeBSD.ORG Mon Jul 26 20:17:40 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 53FE716A4CE for ; Mon, 26 Jul 2004 20:17:40 +0000 (GMT) Received: from ylpvm43.prodigy.net (ylpvm43-ext.prodigy.net [207.115.57.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id CD10143D45 for ; Mon, 26 Jul 2004 20:17:39 +0000 (GMT) (envelope-from kbyanc@posi.net) Received: from gateway.posi.net (adsl-63-201-93-86.dsl.snfc21.pacbell.net [63.201.93.86])i6QKHcj2002589; Mon, 26 Jul 2004 16:17:41 -0400 Received: from localhost (localhost [127.0.0.1]) by gateway.posi.net (Postfix) with ESMTP id 649796A04AE; Mon, 26 Jul 2004 13:18:46 -0700 (PDT) Date: Mon, 26 Jul 2004 13:18:46 -0700 (PDT) From: Kelly Yancey To: Don Bowman In-Reply-To: Message-ID: <20040726131235.N74984@gateway.posi.net> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org cc: 'James' Subject: RE: device polling takes more CPU hits?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 20:17:40 -0000 On Mon, 26 Jul 2004, Don Bowman wrote: > kern.polling.burst: 1000 > kern.polling.each_burst: 80 > kern.polling.burst_max: 1000 > kern.polling.idle_poll: 1 > kern.polling.poll_in_trap: 0 > kern.polling.user_frac: 5 > kern.polling.reg_frac: 120 > kern.polling.short_ticks: 29 > kern.polling.lost_polls: 55004 > kern.polling.pending_polls: 0 > kern.polling.residual_burst: 0 > kern.polling.handlers: 4 > kern.polling.enable: 1 > kern.polling.phase: 0 > kern.polling.suspect: 50690 > kern.polling.stalled: 25 Out of curiousity, what sort of testing did you do to arrive at these settings? I did some testing a while back with a SmartBits box pumping packets through a FreeBSD 2.8Ghz box configured to route between two em gigabit interfaces; I found that changing the burst_max and each_burst parameters had almost no effect on throughput (maximum 1% difference). That was completely contrary to expectations and would love to hear how I could improve my test setup to see how changing those values are supposed to affect performance. Thanks, Kelly -- Kelly Yancey - kbyanc@{posi.net,FreeBSD.org} - kelly@nttmcl.com "The information of the people at large can alone make them the safe as they are the sole depositary of our political and religious freedom." -- Thomas Jefferson to William Duane, 1810. ME 12:417 From owner-freebsd-net@FreeBSD.ORG Mon Jul 26 20:25:39 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 26E0716A4ED for ; Mon, 26 Jul 2004 20:25:39 +0000 (GMT) Received: from zdemail04.zdem.compaq.com (zdemail04.zdem.compaq.com [161.114.112.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F3E043D31 for ; Mon, 26 Jul 2004 20:25:03 +0000 (GMT) (envelope-from antonio.moreno@hp.com) Received: from demexg11.emea.cpqcorp.net (demexg11.emea.cpqcorp.net [16.41.86.138]) by zdemail04.zdem.compaq.com (Postfix) with ESMTP id 20D79F72 for ; Mon, 26 Jul 2004 22:25:01 +0200 (CEST) Received: from bbnexc03.emea.cpqcorp.net ([16.57.5.36]) by demexg11.emea.cpqcorp.net with Microsoft SMTPSVC(6.0.3790.0); Mon, 26 Jul 2004 19:42:29 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Mon, 26 Jul 2004 19:42:28 +0200 Message-ID: <81AB59CBD0E6E343B1CA2397153E8EE122A41A@bbnexc03.emea.cpqcorp.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Returned mail: see transcript for details Thread-Index: AcRzN+udD7bA00VSTOOAcNrtdcHyOQAAAAZ0 From: "Moreno, Antonio (IPG-Europe)" To: X-OriginalArrivalTime: 26 Jul 2004 17:42:29.0576 (UTC) FILETIME=[EC299480:01C47337] Subject: Out of Office AutoReply: Returned mail: see transcript for details X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 20:25:39 -0000 Thank you for your message. I will be out of the office from July 26 to August 6 on a business trip = with limited access to my messages. This could cause a delay in the = reply of your message. Thank you for your patience and best regards=20 Antonio Moreno Supply Chain Program Manager Europe, Middle East and Africa Image and Printing Group Hewlett Packard Espa=F1ola, S.L. Av. Graells, 501 E-08174 Sant Cugat del Valles (Barcelona) Tel. (+34) 93 582 6070 www.hp.com From owner-freebsd-net@FreeBSD.ORG Mon Jul 26 20:26:19 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 59A0B16A4CE for ; Mon, 26 Jul 2004 20:26:19 +0000 (GMT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 42AE843D58 for ; Mon, 26 Jul 2004 20:26:19 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.9p1/8.12.8) with ESMTP id i6QKQJ8M037445; Mon, 26 Jul 2004 13:26:19 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.9p1/8.12.3/Submit) id i6QKQITe037444; Mon, 26 Jul 2004 13:26:18 -0700 (PDT) (envelope-from rizzo) Date: Mon, 26 Jul 2004 13:26:18 -0700 From: Luigi Rizzo To: Kelly Yancey Message-ID: <20040726132618.A37401@xorpc.icir.org> References: <20040726131235.N74984@gateway.posi.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20040726131235.N74984@gateway.posi.net>; from kbyanc@posi.net on Mon, Jul 26, 2004 at 01:18:46PM -0700 cc: freebsd-net@freebsd.org cc: 'James' Subject: Re: device polling takes more CPU hits?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 20:26:19 -0000 On Mon, Jul 26, 2004 at 01:18:46PM -0700, Kelly Yancey wrote: ... > Out of curiousity, what sort of testing did you do to arrive at these > settings? I did some testing a while back with a SmartBits box pumping > packets through a FreeBSD 2.8Ghz box configured to route between two em > gigabit interfaces; I found that changing the burst_max and each_burst > parameters had almost no effect on throughput (maximum 1% difference). fast boxes are pci-bus limited, not CPU limited(*) so changing the burst size (which basically amortizes some CPU costs) has little if any effect. (*) this doesn't mean that the box cannot livelock, as depending on the traffic on the bus, the CPU might stall for long intervals waiting for bus transactions to complete, and becomes unable to do anything at all. So you might still need polling. cheers luigi From owner-freebsd-net@FreeBSD.ORG Mon Jul 26 20:27:30 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA89716A4CE for ; Mon, 26 Jul 2004 20:27:30 +0000 (GMT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 12BB943D2D for ; Mon, 26 Jul 2004 20:27:28 +0000 (GMT) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2657.72) id ; Mon, 26 Jul 2004 16:27:27 -0400 Message-ID: From: Don Bowman To: 'James' , Don Bowman Date: Mon, 26 Jul 2004 16:27:20 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" cc: freebsd-net@freebsd.org Subject: RE: device polling takes more CPU hits?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 20:27:30 -0000 From: James [mailto:haesu@towardex.com] > > I have two boxes behind em0 that I can use to generate > 250kpps to another vlan > within em0 card as a test, so that bge0 is not involved in > the stress test. > Even when doing so, CPU load climbs higher with device > polling turned on. > Opened up systat, etc to check the interrupts, and em0 is > generating 0 > interrupts with device polling on (as obvious), but general > interrupt load > climbs rock high.. so I don't know what's causing it to > climb. Cleared the > firewall rules as well as a test... no difference :( > > Oh also, just FYI, each vlan interface has link0 set, since > em(4) supports > hardware 802.1q tag/detagging. > The CPU time during the 'polling' is charged to interrupt, even though it occurs during softclock. That's why you see 0 interrupts, but high CPU usage in interrupt. Did u try lowering the 'register' access? --don From owner-freebsd-net@FreeBSD.ORG Mon Jul 26 20:29:00 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5EEE916A4CE for ; Mon, 26 Jul 2004 20:29:00 +0000 (GMT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id D892643D45 for ; Mon, 26 Jul 2004 20:28:59 +0000 (GMT) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2657.72) id ; Mon, 26 Jul 2004 16:28:59 -0400 Message-ID: From: Don Bowman To: 'Luigi Rizzo' , Kelly Yancey Date: Mon, 26 Jul 2004 16:28:56 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" cc: freebsd-net@freebsd.org cc: 'James' Subject: RE: device polling takes more CPU hits?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 20:29:00 -0000 From: Luigi Rizzo [mailto:rizzo@icir.org] > On Mon, Jul 26, 2004 at 01:18:46PM -0700, Kelly Yancey wrote: > ... > > Out of curiousity, what sort of testing did you do to > arrive at these > > settings? I did some testing a while back with a SmartBits > box pumping > > packets through a FreeBSD 2.8Ghz box configured to route > between two em > > gigabit interfaces; I found that changing the burst_max and > each_burst > > parameters had almost no effect on throughput (maximum 1% > difference). > > fast boxes are pci-bus limited, not CPU limited(*) so > changing the burst > size (which basically amortizes some CPU costs) has little if any > effect. The PCI-X bus will probably be 64-bit 133MHz in this case, the limit moves up to the P64H2 hub for large packets, to the CPU for small packets. Polling becomes quite critical to prevent livelock. --don From owner-freebsd-net@FreeBSD.ORG Mon Jul 26 22:23:09 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE6DF16A4CE for ; Mon, 26 Jul 2004 22:23:09 +0000 (GMT) Received: from evlist.paris.dyomedea.com (dyomedea.net1.nerim.net [213.41.162.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 279A043D48 for ; Mon, 26 Jul 2004 22:23:06 +0000 (GMT) (envelope-from vdv@dyomedea.com) Received: from gwparis.dyomedea.com (unknown [10.0.0.11]) by evlist.paris.dyomedea.com (Postfix) with ESMTP id 5D3D9D6D0 for ; Tue, 27 Jul 2004 00:22:11 +0200 (CEST) Received: from gwparis.dyomedea.com by gwparis.dyomedea.com (ECARTIS/1.0.0); Tue, 27 Jul 2004 00:23:02 +0200 (CEST) Date: Tue, 27 Jul 2004 00:23:02 +0200 (CEST) From: Ecartis To: freebsd-net@freebsd.org Message-ID: X-ecartis-antiloop: gwparis.dyomedea.com Precedence: list Expiry-Date: Wed, 28 Jul 2004 00:23:02 +0200 (CEST) Subject: Ecartis command results: -- Attached file included as plaintext by Ecartis -- X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 22:23:09 -0000 Request received for list 'xml-tech' via request address. >> The message could not be delivered Unknown command. >> Content-Transfer-Encoding: base64 Unknown command. >> Content-Disposition: attachment; Unknown command. >> filename="=?utf-8?B?VklSVVNfREVURUNURURfQU5EX1JFTU9WRURfaWNteg==?= Unknown command. >> =?utf-8?B?a2NtLnppcF9WSVJJTkZPLlRYVA==?=" Unknown command. >> 77u/MDcvMjcvMjAwNCAwMDoyMjo1NiBPcmlnaW5hbCBhdHRhY2htZW50IChpY216a2NtLnppcCkg Unknown command. >> d2FzIERlbGV0ZWQuICBBIHZpcnVzIHdhcyBkZXRlY3RlZCBhbmQgcmVtb3ZlZCBmcm9tIHRoZSBv Unknown command. >> cmlnaW5hbCBhdHRhY2htZW50LiAgWW91IGNhbiBzYWZlbHkgc2F2ZSBvciBkZWxldGUgdGhpcyBy Unknown command. >> ZXBsYWNlbWVudCBhdHRhY2htZW50Lg== Unknown command. --- Ecartis v1.0.0 - job execution complete. From owner-freebsd-net@FreeBSD.ORG Tue Jul 27 02:56:41 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B15416A4CE for ; Tue, 27 Jul 2004 02:56:41 +0000 (GMT) Received: from ylpvm01.prodigy.net (ylpvm01-ext.prodigy.net [207.115.57.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 123CA43D49 for ; Tue, 27 Jul 2004 02:56:41 +0000 (GMT) (envelope-from kbyanc@posi.net) Received: from gateway.posi.net (adsl-63-201-93-86.dsl.snfc21.pacbell.net [63.201.93.86])i6R2ucAt019830; Mon, 26 Jul 2004 22:56:39 -0400 Received: from localhost (localhost [127.0.0.1]) by gateway.posi.net (Postfix) with ESMTP id C45376A046A; Mon, 26 Jul 2004 19:57:49 -0700 (PDT) Date: Mon, 26 Jul 2004 19:57:49 -0700 (PDT) From: Kelly Yancey To: Luigi Rizzo In-Reply-To: <20040726132618.A37401@xorpc.icir.org> Message-ID: <20040726195434.V76990@gateway.posi.net> References: <20040726132618.A37401@xorpc.icir.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org cc: 'James' Subject: Re: device polling takes more CPU hits?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 02:56:41 -0000 On Mon, 26 Jul 2004, Luigi Rizzo wrote: > On Mon, Jul 26, 2004 at 01:18:46PM -0700, Kelly Yancey wrote: > ... > > Out of curiousity, what sort of testing did you do to arrive at these > > settings? I did some testing a while back with a SmartBits box pumping > > packets through a FreeBSD 2.8Ghz box configured to route between two em > > gigabit interfaces; I found that changing the burst_max and each_burst > > parameters had almost no effect on throughput (maximum 1% difference). > > fast boxes are pci-bus limited, not CPU limited(*) so changing the burst > size (which basically amortizes some CPU costs) has little if any > effect. > > (*) this doesn't mean that the box cannot livelock, as depending on > the traffic on the bus, the CPU might stall for long intervals > waiting for bus transactions to complete, and becomes unable to > do anything at all. So you might still need polling. > > cheers > luigi > Oh, I found polling to be vastly superior to interrupts under load on the test machine. Not only did it avoid livelock, the throughput was about 10Mbps higher for small (64-byte) frames. I just didn't find much difference whether I used small burst sizes versus large burst sizes. It may have had to do with the fact that both the sending and receiving interfaces were gigabit em cards and were polling (no interrupts from the NICs at all). Kelly -- Kelly Yancey - kbyanc@{posi.net,FreeBSD.org} - kelly@nttmcl.com Join distributed.net Team FreeBSD: http://www.posi.net/freebsd/Team-FreeBSD/ From owner-freebsd-net@FreeBSD.ORG Tue Jul 27 02:59:00 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E597C16A4CE for ; Tue, 27 Jul 2004 02:59:00 +0000 (GMT) Received: from ylpvm01.prodigy.net (ylpvm01-ext.prodigy.net [207.115.57.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9AC6943D31 for ; Tue, 27 Jul 2004 02:59:00 +0000 (GMT) (envelope-from kbyanc@posi.net) Received: from gateway.posi.net (adsl-63-201-93-86.dsl.snfc21.pacbell.net [63.201.93.86])i6R2wxAt024855; Mon, 26 Jul 2004 22:58:59 -0400 Received: from localhost (localhost [127.0.0.1]) by gateway.posi.net (Postfix) with ESMTP id 8043B6A047C; Mon, 26 Jul 2004 20:00:10 -0700 (PDT) Date: Mon, 26 Jul 2004 20:00:10 -0700 (PDT) From: Kelly Yancey To: Don Bowman In-Reply-To: Message-ID: <20040726195807.R76990@gateway.posi.net> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: 'Luigi Rizzo' cc: 'James' cc: freebsd-net@freebsd.org Subject: RE: device polling takes more CPU hits?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 02:59:01 -0000 On Mon, 26 Jul 2004, Don Bowman wrote: > From: Luigi Rizzo [mailto:rizzo@icir.org] > > On Mon, Jul 26, 2004 at 01:18:46PM -0700, Kelly Yancey wrote: > > ... > > > Out of curiousity, what sort of testing did you do to > > arrive at these > > > settings? I did some testing a while back with a SmartBits > > box pumping > > > packets through a FreeBSD 2.8Ghz box configured to route > > between two em > > > gigabit interfaces; I found that changing the burst_max and > > each_burst > > > parameters had almost no effect on throughput (maximum 1% > > difference). > > > > fast boxes are pci-bus limited, not CPU limited(*) so > > changing the burst > > size (which basically amortizes some CPU costs) has little if any > > effect. > > The PCI-X bus will probably be 64-bit 133MHz in this case, > the limit moves up to the P64H2 hub for large packets, > to the CPU for small packets. Polling becomes quite > critical to prevent livelock. > Sorry, I should be been more clear. Polling certainly stopped livelock under extreme load, however I never found much difference whether the burst size was small or large. I was wondering if it was just the nature of my test and if in other environments the burst_max and each_burst knobs have a greater affect. Kelly -- Kelly Yancey - kbyanc@{posi.net,FreeBSD.org} - kelly@nttmcl.com FreeBSD, The Power To Serve: http://www.freebsd.org/ From owner-freebsd-net@FreeBSD.ORG Tue Jul 27 04:14:37 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 96BF016A4CE for ; Tue, 27 Jul 2004 04:14:37 +0000 (GMT) Received: from pimout3-ext.prodigy.net (pimout3-ext.prodigy.net [207.115.63.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 06EB143D1F for ; Tue, 27 Jul 2004 04:14:37 +0000 (GMT) (envelope-from julian@elischer.org) Received: from elischer.org (adsl-68-121-219-69.dsl.snfc21.pacbell.net [68.121.219.69])i6R4EYlM234862; Tue, 27 Jul 2004 00:14:35 -0400 Message-ID: <4105D6A9.5020600@elischer.org> Date: Mon, 26 Jul 2004 21:14:33 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4b) Gecko/20030524 X-Accept-Language: en, hu MIME-Version: 1.0 To: Mike Tancsa References: <200407240247.i6O2lQfJ007370@dungeon.home> <200407250144.i6P1iCPx005756@dungeon.home> <41032C09.506@elischer.org> <0pfbg01araih3qekvbse5afdshf2tjf2qr@4ax.com> In-Reply-To: <0pfbg01araih3qekvbse5afdshf2tjf2qr@4ax.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: PPPoE problem: "Too many LQR packets lost" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 04:14:37 -0000 Mike Tancsa wrote: >On Sat, 24 Jul 2004 20:42:01 -0700, in sentex.lists.freebsd.net you >wrote: > > >>>>Seriously though, mine was a very ugly hack to >>>>get things working again for me. Most of the DSL aggregators here >>>>are Juniper ERXes which do not play nice with FreeBSD's PPPoE. >>>> >>>> >>>> >>any thoughts as to why? >> >>FreeBSD's pppoe is going through a little development at the moment.. >>Now would be a good time to get it fixed.. >> >> >> >Hi, >Simple LCP echos work just fine, but when using LQR things "break". >There are debug logs posted in the archives when I first figured out >what was broken. If you need another copy I am happy to post again. > certainly it would be useful. rather than taking potsots at the archive hoping to catch it.. pppoe is tricky because the responsibility for errors os split between the pppoe module and the ppp module.. > > ---Mike > > > From owner-freebsd-net@FreeBSD.ORG Tue Jul 27 09:15:16 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 948CE16A4CE for ; Tue, 27 Jul 2004 09:15:16 +0000 (GMT) Received: from host17.the-web-host.com (host17.the-web-host.com [209.239.32.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id 122A643D41 for ; Tue, 27 Jul 2004 09:15:16 +0000 (GMT) (envelope-from info@itmediagate.com) Received: (from jps@localhost) by host17.the-web-host.com (8.12.10/8.12.9) id i6R9F45b005364; Tue, 27 Jul 2004 05:15:04 -0400 Date: Tue, 27 Jul 2004 05:15:04 -0400 From: info@itmediagate.com Message-Id: <200407270915.i6R9F45b005364@host17.the-web-host.com> X-Authentication-Warning: host17.the-web-host.com: jps set sender to info@itmediagate.com using -f To: freebsd-net@freebsd.org References: <200407270914.i6R9Em0U032335@host17.the-web-host.com> In-Reply-To: <200407270914.i6R9Em0U032335@host17.the-web-host.com> X-Loop: default@itmediagate.com Precedence: junk Subject: Re: Approved document X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 09:15:16 -0000 There is an error with this email account. Please contact us. http://itmediagate.com/contact.htm From owner-freebsd-net@FreeBSD.ORG Tue Jul 27 11:52:03 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 057D016A4CE for ; Tue, 27 Jul 2004 11:52:03 +0000 (GMT) Received: from jagor.srce.hr (jagor.srce.hr [161.53.2.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id AFA8643D54 for ; Tue, 27 Jul 2004 11:52:01 +0000 (GMT) (envelope-from zec@tel.fer.hr) Received: from [192.168.232.142] (cmung5528.cmu.carnet.hr [193.198.149.194]) by jagor.srce.hr (8.12.10/8.12.10) with ESMTP id i6RBpvm9016918; Tue, 27 Jul 2004 13:51:58 +0200 (CEST) From: Marko Zec To: "'James'" Date: Tue, 27 Jul 2004 13:36:34 +0200 User-Agent: KMail/1.6.2 References: In-Reply-To: MIME-Version: 1.0 Content-Disposition: inline Message-Id: <200407271336.34744.zec@tel.fer.hr> Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.42 X-Virus-Scanned: by amavisd-new at jagor.srce.hr cc: freebsd-net@freebsd.org Subject: Re: device polling takes more CPU hits?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 11:52:03 -0000 James, what timecounter method are you using, i8254 or TSC? The polling code frequently calls microuptime(), which is very expensive (slow) with i8254, while being reasonable fast with TSC. Since you are running with quite high system clock (4 kHz), using i8254 could be causing the problems you've described. Cheers, Marko On Monday 26 July 2004 22:27, Don Bowman wrote: > From: James [mailto:haesu@towardex.com] > > > I have two boxes behind em0 that I can use to generate > > 250kpps to another vlan > > within em0 card as a test, so that bge0 is not involved in > > the stress test. > > Even when doing so, CPU load climbs higher with device > > polling turned on. > > Opened up systat, etc to check the interrupts, and em0 is > > generating 0 > > interrupts with device polling on (as obvious), but general > > interrupt load > > climbs rock high.. so I don't know what's causing it to > > climb. Cleared the > > firewall rules as well as a test... no difference :( > > > > Oh also, just FYI, each vlan interface has link0 set, since > > em(4) supports > > hardware 802.1q tag/detagging. > > The CPU time during the 'polling' is charged to interrupt, > even though it occurs during softclock. That's why you > see 0 interrupts, but high CPU usage in interrupt. > Did u try lowering the 'register' access? > > --don From owner-freebsd-net@FreeBSD.ORG Tue Jul 27 14:08:17 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5344A16A4CE for ; Tue, 27 Jul 2004 14:08:17 +0000 (GMT) Received: from smtp3.sentex.ca (smtp3.sentex.ca [64.7.153.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id E8CB143D31 for ; Tue, 27 Jul 2004 14:08:16 +0000 (GMT) (envelope-from mike@sentex.net) Received: from news.sentex.net (flint-b.sentex.net [64.7.153.7]) by smtp3.sentex.ca (8.12.11/8.12.11) with ESMTP id i6RE8Ej7025359 for ; Tue, 27 Jul 2004 10:08:14 -0400 (EDT) (envelope-from mike@sentex.net) Received: from BLUELAPIS ([209.167.5.2]) by news.sentex.net (8.12.10/8.12.10) with SMTP id i6R2YNod068606; Mon, 26 Jul 2004 22:34:27 -0400 (EDT) (envelope-from mike@sentex.net) From: Mike Tancsa To: Julian Elischer Date: Mon, 26 Jul 2004 22:34:20 -0400 Message-ID: <0pfbg01araih3qekvbse5afdshf2tjf2qr@4ax.com> References: <200407240247.i6O2lQfJ007370@dungeon.home> <200407250144.i6P1iCPx005756@dungeon.home> <41032C09.506@elischer.org> In-Reply-To: <41032C09.506@elischer.org> X-Mailer: Forte Agent 1.93/32.576 English (American) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable cc: freebsd-net@freebsd.org Subject: Re: PPPoE problem: "Too many LQR packets lost" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 14:08:17 -0000 On Sat, 24 Jul 2004 20:42:01 -0700, in sentex.lists.freebsd.net you wrote: >>>Seriously though, mine was a very ugly hack to >>>get things working again for me. Most of the DSL aggregators here >>>are Juniper ERXes which do not play nice with FreeBSD's PPPoE. >>> > >any thoughts as to why? > >FreeBSD's pppoe is going through a little development at the moment.. >Now would be a good time to get it fixed.. > Hi, Simple LCP echos work just fine, but when using LQR things "break". There are debug logs posted in the archives when I first figured out what was broken. If you need another copy I am happy to post again. ---Mike From owner-freebsd-net@FreeBSD.ORG Tue Jul 27 14:39:33 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0006A16A4CE for ; Tue, 27 Jul 2004 14:39:32 +0000 (GMT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id B303043D53 for ; Tue, 27 Jul 2004 14:39:32 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.9p1/8.12.8) with ESMTP id i6REdL8M059302; Tue, 27 Jul 2004 07:39:21 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.9p1/8.12.3/Submit) id i6REdJ1r059301; Tue, 27 Jul 2004 07:39:19 -0700 (PDT) (envelope-from rizzo) Date: Tue, 27 Jul 2004 07:39:19 -0700 From: Luigi Rizzo To: Marko Zec Message-ID: <20040727073919.A59279@xorpc.icir.org> References: <200407271336.34744.zec@tel.fer.hr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200407271336.34744.zec@tel.fer.hr>; from zec@tel.fer.hr on Tue, Jul 27, 2004 at 01:36:34PM +0200 cc: freebsd-net@freebsd.org cc: 'James' Subject: Re: device polling takes more CPU hits?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 14:39:33 -0000 On Tue, Jul 27, 2004 at 01:36:34PM +0200, Marko Zec wrote: > James, > > what timecounter method are you using, i8254 or TSC? The polling code > frequently calls microuptime(), which is very expensive (slow) with i8254, it is not _that_ frequently, it should be twice per tick. Even with the 8254 i don't think this amounts to more than 4-5us, which is a couple of percent. cheers luigi > while being reasonable fast with TSC. Since you are running with quite high > system clock (4 kHz), using i8254 could be causing the problems you've > described. > > Cheers, > > Marko > > > > On Monday 26 July 2004 22:27, Don Bowman wrote: > > From: James [mailto:haesu@towardex.com] > > > > > I have two boxes behind em0 that I can use to generate > > > 250kpps to another vlan > > > within em0 card as a test, so that bge0 is not involved in > > > the stress test. > > > Even when doing so, CPU load climbs higher with device > > > polling turned on. > > > Opened up systat, etc to check the interrupts, and em0 is > > > generating 0 > > > interrupts with device polling on (as obvious), but general > > > interrupt load > > > climbs rock high.. so I don't know what's causing it to > > > climb. Cleared the > > > firewall rules as well as a test... no difference :( > > > > > > Oh also, just FYI, each vlan interface has link0 set, since > > > em(4) supports > > > hardware 802.1q tag/detagging. > > > > The CPU time during the 'polling' is charged to interrupt, > > even though it occurs during softclock. That's why you > > see 0 interrupts, but high CPU usage in interrupt. > > Did u try lowering the 'register' access? > > > > --don > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Tue Jul 27 19:55:48 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 06AF316A4CE for ; Tue, 27 Jul 2004 19:55:48 +0000 (GMT) Received: from jagor.srce.hr (jagor.srce.hr [161.53.2.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 315D943D5C for ; Tue, 27 Jul 2004 19:55:47 +0000 (GMT) (envelope-from zec@tel.fer.hr) Received: from [192.168.232.142] (cmung4755.cmu.carnet.hr [193.198.146.183]) by jagor.srce.hr (8.12.10/8.12.10) with ESMTP id i6RJtam9005859; Tue, 27 Jul 2004 21:55:37 +0200 (CEST) From: Marko Zec To: Luigi Rizzo Date: Tue, 27 Jul 2004 21:56:07 +0200 User-Agent: KMail/1.6.2 References: <200407271336.34744.zec@tel.fer.hr> <20040727073919.A59279@xorpc.icir.org> In-Reply-To: <20040727073919.A59279@xorpc.icir.org> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200407272156.07842.zec@tel.fer.hr> X-Scanned-By: MIMEDefang 2.42 X-Virus-Scanned: by amavisd-new at jagor.srce.hr cc: freebsd-net@freebsd.org cc: 'James' Subject: Re: device polling takes more CPU hits?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 19:55:48 -0000 On Tuesday 27 July 2004 16:39, Luigi Rizzo wrote: > > what timecounter method are you using, i8254 or TSC? The polling code > > frequently calls microuptime(), which is very expensive (slow) with > > i8254, > > it is not _that_ frequently, it should be twice per tick. Even with > the 8254 i don't think this amounts to more than 4-5us, which > is a couple of percent. Luigi, I'm just trying to dig into how the current polling implementation is supposed to work, so pls. correct me if I'm wrong. Doesn't the polling code do three calls to microuptime() per each tick - the first one in hardclock_device_poll(), then again in netisr_poll(), and finally in netisr_pollmore()? Actually, there might be several iterations of netisr_poll() and netisr_pollmore() in a single clock tick, depending on traffic load and how high was kern.polling.each_burst set. Nevertheless, the code ensures microuptime() is called only in the first call to _poll, and only on the last _pollmore() call, which is cool. Here are some very rough measurements on how long can a single microuptime() call last in average: P-III@800 MHz P-III@1200 MHz i8254 2400 T (3 us) 3600 T (3 us) TSC 120 T (0.15 us) 120 T (0.1 us) So, if there are three polling-related calls to microuptime() on each clock tick, this would equal to 9 us per tick. Given the observed systems runs with HZ=4000, this translates to about 35 ms of overhead each second, or only 3.5% of "wasted" CPU cycles. So basically you're right, the problem should be somewhere else... Marko From owner-freebsd-net@FreeBSD.ORG Tue Jul 27 20:32:17 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 89C7A16A4CE for ; Tue, 27 Jul 2004 20:32:17 +0000 (GMT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3483043D62 for ; Tue, 27 Jul 2004 20:32:17 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.9p1/8.12.8) with ESMTP id i6RKWH8M063565; Tue, 27 Jul 2004 13:32:17 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.9p1/8.12.3/Submit) id i6RKWGCe063564; Tue, 27 Jul 2004 13:32:16 -0700 (PDT) (envelope-from rizzo) Date: Tue, 27 Jul 2004 13:32:16 -0700 From: Luigi Rizzo To: Marko Zec Message-ID: <20040727133216.A63490@xorpc.icir.org> References: <200407271336.34744.zec@tel.fer.hr> <20040727073919.A59279@xorpc.icir.org> <200407272156.07842.zec@tel.fer.hr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200407272156.07842.zec@tel.fer.hr>; from zec@tel.fer.hr on Tue, Jul 27, 2004 at 09:56:07PM +0200 cc: freebsd-net@freebsd.org cc: 'James' Subject: Re: device polling takes more CPU hits?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 20:32:17 -0000 On Tue, Jul 27, 2004 at 09:56:07PM +0200, Marko Zec wrote: > On Tuesday 27 July 2004 16:39, Luigi Rizzo wrote: > > > what timecounter method are you using, i8254 or TSC? The polling code > > > frequently calls microuptime(), which is very expensive (slow) with > > > i8254, > > > > it is not _that_ frequently, it should be twice per tick. Even with > > the 8254 i don't think this amounts to more than 4-5us, which > > is a couple of percent. > > > Luigi, > > I'm just trying to dig into how the current polling implementation is supposed > to work, so pls. correct me if I'm wrong. ok you are probably right on the number, i haven't looked at the code in a while. I suppose that technically the polling code could be optimized to use only one extra call, (relying on the implicit or explicit one done in the hardclock interrupt) but as your numbers show, there is not much of a point... cheers luigi > Doesn't the polling code do three calls to microuptime() per each tick - the > first one in hardclock_device_poll(), then again in netisr_poll(), and > finally in netisr_pollmore()? Actually, there might be several iterations of > netisr_poll() and netisr_pollmore() in a single clock tick, depending on > traffic load and how high was kern.polling.each_burst set. Nevertheless, the > code ensures microuptime() is called only in the first call to _poll, and > only on the last _pollmore() call, which is cool. > > Here are some very rough measurements on how long can a single microuptime() > call last in average: > > P-III@800 MHz P-III@1200 MHz > i8254 2400 T (3 us) 3600 T (3 us) > TSC 120 T (0.15 us) 120 T (0.1 us) > > So, if there are three polling-related calls to microuptime() on each clock > tick, this would equal to 9 us per tick. Given the observed systems runs with > HZ=4000, this translates to about 35 ms of overhead each second, or only 3.5% > of "wasted" CPU cycles. So basically you're right, the problem should be > somewhere else... > > Marko From owner-freebsd-net@FreeBSD.ORG Wed Jul 28 00:51:20 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 014D316A4D4 for ; Wed, 28 Jul 2004 00:51:20 +0000 (GMT) Received: from khan.acc.umu.se (khan.acc.umu.se [130.239.18.139]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5732C43D4C for ; Wed, 28 Jul 2004 00:51:19 +0000 (GMT) (envelope-from bucht@acc.umu.se) Received: from localhost (localhost [127.0.0.1]) by amavisd-new (Postfix) with ESMTP id CA558D203 for ; Wed, 28 Jul 2004 02:51:17 +0200 (MEST) Received: from montezuma.acc.umu.se (montezuma.acc.umu.se [130.239.18.147]) by khan.acc.umu.se (Postfix) with ESMTP id AAD0ED262 for ; Wed, 28 Jul 2004 02:51:15 +0200 (MEST) Received: by montezuma.acc.umu.se (Postfix, from userid 23835) id 7A98F1BCC3; Wed, 28 Jul 2004 02:51:15 +0200 (MEST) Date: Wed, 28 Jul 2004 02:51:15 +0200 From: Johan Bucht To: freebsd-net@freebsd.org Message-ID: <20040728005115.GA27536@montezuma.acc.umu.se> Mail-Followup-To: Johan Bucht , freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new at acc.umu.se Subject: re(4) problems (realtek 8169S) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jul 2004 00:51:20 -0000 Hi all, I recently bought a Level1 Realtek 8169S, 10/100/1000mbit PCI card. However I can't get it to work properly as I frequently get checksum errors as well as erronous packet lengths. Unsetting the RXCSUM & TXCSUM options seems to help out but I get timeouts on my connections once every few minutes. The card shows up (misidentified) in dmesg as "RealTek 8110S Single-chip Gigabit Ethernet" but shows up correctly using pciconf -lv. Setting the speed doesn't seem to make a difference and changing cable or nic on the other end doesn't affect it either. So my guess is either bad silicon or driver problem. Anyone with similar problems using 8169S hardware? -- /Johan Bucht bucht@acc.umu.se From owner-freebsd-net@FreeBSD.ORG Wed Jul 28 01:16:15 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C183F16A503 for ; Wed, 28 Jul 2004 01:16:15 +0000 (GMT) Received: from khan.acc.umu.se (khan.acc.umu.se [130.239.18.139]) by mx1.FreeBSD.org (Postfix) with ESMTP id 677FF43D4C for ; Wed, 28 Jul 2004 01:16:15 +0000 (GMT) (envelope-from bucht@acc.umu.se) Received: from localhost (localhost [127.0.0.1]) by amavisd-new (Postfix) with ESMTP id 7F670D300 for ; Wed, 28 Jul 2004 03:16:11 +0200 (MEST) Received: from montezuma.acc.umu.se (montezuma.acc.umu.se [130.239.18.147]) by khan.acc.umu.se (Postfix) with ESMTP id E1719D286 for ; Wed, 28 Jul 2004 03:16:07 +0200 (MEST) Received: by montezuma.acc.umu.se (Postfix, from userid 23835) id A74C41BCC3; Wed, 28 Jul 2004 03:16:07 +0200 (MEST) Date: Wed, 28 Jul 2004 03:16:07 +0200 From: Johan Bucht To: freebsd-net@freebsd.org Message-ID: <20040728011607.GA28046@montezuma.acc.umu.se> Mail-Followup-To: Johan Bucht , freebsd-net@freebsd.org References: <20040728005115.GA27536@montezuma.acc.umu.se> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040728005115.GA27536@montezuma.acc.umu.se> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new at acc.umu.se Subject: Re: re(4) problems (realtek 8169S) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jul 2004 01:16:15 -0000 On 28 July, 2004 - Johan Bucht wrote: > > Hi all, I recently bought a Level1 Realtek 8169S, 10/100/1000mbit PCI > card. > However I can't get it to work properly as I frequently get checksum > errors as well as erronous packet lengths. Unsetting the RXCSUM & TXCSUM > options seems to help out but I get timeouts on my connections once > every few minutes. > > The card shows up (misidentified) in dmesg as "RealTek 8110S Single-chip > Gigabit Ethernet" but shows up correctly using pciconf -lv. > > Setting the speed doesn't seem to make a difference and changing cable > or nic on the other end doesn't affect it either. So my guess is either > bad silicon or driver problem. Anyone with similar problems using 8169S > hardware? > -- > /Johan Bucht > bucht@acc.umu.se Some additional information, I'm running 5.2.1 btw. pciconf -lv gives the following information re0@pci0:10:0: class=0x020000 card=0x816910ec chip=0x816910ec rev=0x10 hdr=0x00 vendor = 'Realtek Semiconductor' device = 'RTL8169 Gigabit Ethernet Adapter' class = network subclass = ethernet this is what shows up in dmesg re0: port 0xe000-0xe0ff mem 0xe3000000-0xe30000ff irq 1 2 at device 10.0 on pci0 re0: Ethernet address: 00:50:fc:ec:5c:5b miibus1: on re0 rgephy0: on miibus1 rgephy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseTX, 1000baseTX-FDX, auto -- /Johan Bucht bucht@acc.umu.se From owner-freebsd-net@FreeBSD.ORG Wed Jul 28 21:23:47 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 10A8616A4CE for ; Wed, 28 Jul 2004 21:23:47 +0000 (GMT) Received: from mailhost.schluting.com (schluting.com [131.252.214.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id E554843D6E for ; Wed, 28 Jul 2004 21:23:46 +0000 (GMT) (envelope-from charlie@schluting.com) Received: from localhost (localhost [127.0.0.1]) by mailhost.schluting.com (Postfix) with ESMTP id 15DF5217E for ; Wed, 28 Jul 2004 14:23:44 -0700 (PDT) Received: from mailhost.schluting.com ([127.0.0.1]) by localhost (schluting.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 95301-09 for ; Wed, 28 Jul 2004 14:23:34 -0700 (PDT) Received: from [131.252.209.122] (smelly.cat.pdx.edu [131.252.209.122]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailhost.schluting.com (Postfix) with ESMTP id 8473420C0 for ; Wed, 28 Jul 2004 14:23:34 -0700 (PDT) Message-ID: <41081955.5090204@schluting.com> Date: Wed, 28 Jul 2004 14:23:33 -0700 From: Charlie Schluting User-Agent: Mozilla Thunderbird 0.6 (X11/20040519) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by your mom at schluting.com Subject: packet order, ipf or ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jul 2004 21:23:47 -0000 Hello.. I'm running ipf because I like it ...but now I need to use ipfw's pipe feature. I was thinking that I could just run both, and keep all my rules in ipf, then in ipfw: limit bandwidth for a few vlans, then allow all. It didn't work (no rate-limiting happened).. and I'm thinking that ipf is passing the packets and bypassing ipfw? Or something.. So, what is the order, if I'm running ipf AND ipfw at the same time? Will it work at all in this manner? Thanks! -Charlie From owner-freebsd-net@FreeBSD.ORG Wed Jul 28 21:48:37 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 364A716A4CE for ; Wed, 28 Jul 2004 21:48:37 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id 988E243D2F for ; Wed, 28 Jul 2004 21:48:36 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1BpwHW-0005NP-00; Wed, 28 Jul 2004 23:48:14 +0200 Received: from [84.128.138.215] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1BpwHV-0007Ho-00; Wed, 28 Jul 2004 23:48:14 +0200 From: Max Laier To: freebsd-net@freebsd.org Date: Wed, 28 Jul 2004 23:46:06 +0200 User-Agent: KMail/1.6.2 References: <41081955.5090204@schluting.com> In-Reply-To: <41081955.5090204@schluting.com> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_k6BCBGtCo3x0Re0"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200407282346.12412.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: Charlie Schluting Subject: Re: packet order, ipf or ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jul 2004 21:48:37 -0000 --Boundary-02=_k6BCBGtCo3x0Re0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 28 July 2004 23:23, Charlie Schluting wrote: > Hello.. > > I'm running ipf because I like it ...but now I need to use ipfw's pipe > feature. I was thinking that I could just run both, and keep all my > rules in ipf, then in ipfw: limit bandwidth for a few vlans, then allow > all. > > It didn't work (no rate-limiting happened).. and I'm thinking that ipf > is passing the packets and bypassing ipfw? Or something.. > > So, what is the order, if I'm running ipf AND ipfw at the same time? > Will it work at all in this manner? On the output path (which is the only meaningful for bandwidth limitation) = the=20 order is: PFIL_HOOKS (=3D=3D ipf / pf) before ipfw Note however, that ipfw will see translated packets! i.e. if you have any=20 translation/NAT/redirect rules in ipf you need to account for that with you= r=20 ipfw rules. Another alternative (on FreeBSD-current) would be pf+ALTQ, btw ;) =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --Boundary-02=_k6BCBGtCo3x0Re0 Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBBCB6kXyyEoT62BG0RAjq6AJ9PUcHLf2Jw8i5KCyIezhZdPWo7pwCdFW9g 3/eQj7sJpyuwebYw7HgtXLo= =6Q3v -----END PGP SIGNATURE----- --Boundary-02=_k6BCBGtCo3x0Re0-- From owner-freebsd-net@FreeBSD.ORG Thu Jul 29 07:07:49 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 24E2216A4CE for ; Thu, 29 Jul 2004 07:07:49 +0000 (GMT) Received: from mail.butovo-online.ru (mail.b-o.ru [212.5.78.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D12A43D1D for ; Thu, 29 Jul 2004 07:07:48 +0000 (GMT) (envelope-from resident@b-o.ru) Received: from [212.5.78.81] (helo=212.5.78.81) by mail.butovo-online.ru with esmtp (Exim 4.24) id 1Bq5CP-000FS7-CJ; Thu, 29 Jul 2004 11:19:33 +0400 Date: Thu, 29 Jul 2004 11:09:43 +0400 From: Andrew Riabtsev X-Mailer: The Bat! (v1.62i) Business X-Priority: 3 (Normal) Message-ID: <40658576.20040729110943@b-o.ru> To: Charlie Schluting In-Reply-To: <41081955.5090204@schluting.com> References: <41081955.5090204@schluting.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: packet order, ipf or ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrew Riabtsev List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jul 2004 07:07:49 -0000 Hello Charlie, Thursday, July 29, 2004, 1:23:33 AM, you wrote: CS> So, what is the order, if I'm running ipf AND ipfw at the same time? CS> Will it work at all in this manner? Load both firewalls as modules, then you can be sure packets goes first through firewall you load first. And yes, this should works ok (ipf AND ipfw). -- Andrew mailto:resident@b-o.ru proud lvl 9 ubah haxor (http://www.try2hack.nl/levels/) From owner-freebsd-net@FreeBSD.ORG Thu Jul 29 07:23:04 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7817C16A4CE for ; Thu, 29 Jul 2004 07:23:04 +0000 (GMT) Received: from mail.butovo-online.ru (mail.b-o.ru [212.5.78.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 39A8843D54 for ; Thu, 29 Jul 2004 07:23:04 +0000 (GMT) (envelope-from resident@b-o.ru) Received: from [212.5.78.81] (helo=212.5.78.81) by mail.butovo-online.ru with esmtp (Exim 4.24) id 1Bq5RJ-000FXQ-6N; Thu, 29 Jul 2004 11:34:57 +0400 Date: Thu, 29 Jul 2004 11:25:27 +0400 From: Andrew Riabtsev X-Mailer: The Bat! (v1.62i) Business X-Priority: 3 (Normal) Message-ID: <1591601893.20040729112527@b-o.ru> To: Max Laier In-Reply-To: <200407282346.12412.max@love2party.net> References: <41081955.5090204@schluting.com> <200407282346.12412.max@love2party.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re[2]: packet order, ipf or ipfw (offtopic) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrew Riabtsev List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jul 2004 07:23:04 -0000 Hello Max, Thursday, July 29, 2004, 1:46:06 AM, you wrote: ML> Another alternative (on FreeBSD-current) would be pf+ALTQ, btw ;) Is there any chance to see one day pf for 4.X-RELEASE? I'm still thinking pf is the best firewall ever made but it is very frustrated i can't use it on freeBSD boxes. :( Is there some serios problem on porting pf to 4.X-RELEASE? Or it's just a question of free time? -- Best regards, Andrew mailto:resident@b-o.ru From owner-freebsd-net@FreeBSD.ORG Thu Jul 29 07:39:53 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 72FD316A4CE for ; Thu, 29 Jul 2004 07:39:53 +0000 (GMT) Received: from caine.easynet.fr (smarthost131.mail.easynet.fr [212.180.1.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 38D1643D64 for ; Thu, 29 Jul 2004 07:39:52 +0000 (GMT) (envelope-from tataz@tatooine.tataz.chchile.org) Received: from [212.180.127.72] (helo=tatooine.tataz.chchile.org) by caine.easynet.fr with esmtp (Exim 4.34) id 1Bq5Vt-0006l9-DM for freebsd-net@freebsd.org; Thu, 29 Jul 2004 09:39:42 +0200 Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id 6627D408F; Thu, 29 Jul 2004 09:06:43 +0200 (CEST) Resent-From: jeremie@le-hen.org Resent-Date: Thu, 29 Jul 2004 09:06:43 +0200 Resent-Message-ID: <20040729070643.GB41480@obiwan.tataz.chchile.org> Resent-To: freebsd-net@freebsd.org X-Original-To: tataz@tataz.chchile.org Delivered-To: tataz@tataz.chchile.org Received: from ideliver.epitech.net (deliver.epitech.net [163.5.0.25]) by tatooine.tataz.chchile.org (Postfix) with SMTP id AF8FB4070 for ; Thu, 29 Jul 2004 08:48:46 +0200 (CEST) Received: from epita.fr ([10.42.1.60]) by ideliver.epitech.net (SAVSMTP 3.1.2.35) with SMTP id M2004072908512820505 for ; Thu, 29 Jul 2004 08:51:28 +0200 Received: from garibaldi (garibaldi.epita.fr [10.42.2.43]) by epita.fr id i6T6otg00987 for tataz@tataz.chchile.org EPITA Paris France Thu, 29 Jul 2004 08:50:55 +0200 (CEST) Resent-From: jeremie le-hen Resent-Message-Id: <200407290650.i6T6otg00987@epita.fr> Date: Thu, 29 Jul 2004 01:23:52 +0200 From: Jeremie Le Hen To: Charlie Schluting Message-ID: <20040728232352.GB8838@tuileries.epita.fr> References: <41081955.5090204@schluting.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <41081955.5090204@schluting.com> User-Agent: Mutt/1.4i Resent-Date: Thu, 29 Jul 2004 08:50:54 +0200 Resent-To: tataz@tataz.chchile.org X-Broken-Reverse-DNS: no host name found for IP address 212.180.127.72 cc: freebsd-net@freebsd.org Subject: Re: packet order, ipf or ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jul 2004 07:39:53 -0000 Hello Charlie, > I'm running ipf because I like it ...but now I need to use ipfw's pipe > feature. I was thinking that I could just run both, and keep all my > rules in ipf, then in ipfw: limit bandwidth for a few vlans, then allow all. > > It didn't work (no rate-limiting happened).. and I'm thinking that ipf > is passing the packets and bypassing ipfw? Or something.. > > So, what is the order, if I'm running ipf AND ipfw at the same time? > Will it work at all in this manner? Max Laier told you about FreeBSD 5.x which includes PFIL_HOOKS, but since you did not mention whether you are using -STABLE or -CURRENT. AFAIK, ipf takes precedence on ipfw for incoming packets on -STABLE, and this is of course symmetric for outgoing ones. But you should be warned that using ipnat(8) in conjunction to ipfw pipes may lead to an incorrect behaviour : http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/61685 Hackers, is this bug still alive in -CURRENT ? Best regards, -- Jeremie LE HEN aka TtZ/TataZ jeremie.le-hen@epita.fr ttz@epita.fr Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread! From owner-freebsd-net@FreeBSD.ORG Thu Jul 29 07:45:45 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C9E916A4D1 for ; Thu, 29 Jul 2004 07:45:45 +0000 (GMT) Received: from mailq1.openaccess.org (nms.openaccess.org [216.57.214.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7995243D46 for ; Thu, 29 Jul 2004 07:45:45 +0000 (GMT) (envelope-from michael@staff.openaccess.org) Received: from [192.168.1.244] (merlin.corp.geminisolutions.com [216.57.214.111]) by mailq1.openaccess.org (Postfix) with ESMTP id 6F27F4370; Thu, 29 Jul 2004 00:45:43 -0700 (PDT) In-Reply-To: <20040728232352.GB8838@tuileries.epita.fr> References: <41081955.5090204@schluting.com> <20040728232352.GB8838@tuileries.epita.fr> Mime-Version: 1.0 (Apple Message framework v618) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <52E06F6C-E133-11D8-A60F-000A95CE3376@staff.openaccess.org> Content-Transfer-Encoding: 7bit From: Michael DeMan Date: Thu, 29 Jul 2004 00:45:55 -0700 To: Jeremie Le Hen X-Mailer: Apple Mail (2.618) cc: freebsd-net@freebsd.org cc: Charlie Schluting Subject: Re: packet order, ipf or ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jul 2004 07:45:45 -0000 Hi, We're actually planning to migrate to PF instead of IPF+IPFW to meet these needs. IPFW from what I've gathered over the past few years is the traditional FreeBSD way of handling firewalls, nat and bandwidth limiting. We found IPFW a little complex to use, granted very powerful. We ended up with needing to deliver and support a good number of 'machines', and total cost of ownership became important. Both in terms of automated and traditional management of deployments. Our plan for when 5-STABLE comes out is to migrate to PF directly (yes, risk, yes we're a small business) and expect it to perform quite well and give us a unified and clearer way in terms of config-files to manage firewall, NAT and QoS issues. I would at least read the OpenBSD docs on PF and check them out. Darren Reed has done a wonderful job with IPF and the latest code clean up is very nice as well, but PF is far superior, at least in regards to manageability. - mike On Jul 28, 2004, at 4:23 PM, Jeremie Le Hen wrote: > Hello Charlie, > >> I'm running ipf because I like it ...but now I need to use ipfw's pipe >> feature. I was thinking that I could just run both, and keep all my >> rules in ipf, then in ipfw: limit bandwidth for a few vlans, then >> allow all. >> >> It didn't work (no rate-limiting happened).. and I'm thinking that ipf >> is passing the packets and bypassing ipfw? Or something.. >> >> So, what is the order, if I'm running ipf AND ipfw at the same time? >> Will it work at all in this manner? > > Max Laier told you about FreeBSD 5.x which includes PFIL_HOOKS, but > since you did not mention whether you are using -STABLE or -CURRENT. > AFAIK, ipf takes precedence on ipfw for incoming packets on -STABLE, > and this is of course symmetric for outgoing ones. > > But you should be warned that using ipnat(8) in conjunction to ipfw > pipes may lead to an incorrect behaviour : > http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/61685 > > Hackers, is this bug still alive in -CURRENT ? > > Best regards, > -- > Jeremie LE HEN aka TtZ/TataZ > jeremie.le-hen@epita.fr > > ttz@epita.fr > Hi! I'm a .signature virus! Copy me into your ~/.signature to help me > spread! > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > Michael F. DeMan Director of Technology OpenAccess Network Services Bellingham, WA 92825 michael@staff.openaccess.org 360-647-0785 From owner-freebsd-net@FreeBSD.ORG Thu Jul 29 08:00:01 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 02C0816A4CE for ; Thu, 29 Jul 2004 08:00:01 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C71D43D55 for ; Thu, 29 Jul 2004 08:00:00 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.206] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1Bq5pX-0003BH-00; Thu, 29 Jul 2004 09:59:59 +0200 Received: from [84.128.138.215] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1Bq5pW-0006nu-00; Thu, 29 Jul 2004 09:59:59 +0200 From: Max Laier To: Andrew Riabtsev Date: Thu, 29 Jul 2004 09:57:50 +0200 User-Agent: KMail/1.6.2 References: <41081955.5090204@schluting.com> <200407282346.12412.max@love2party.net> <1591601893.20040729112527@b-o.ru> In-Reply-To: <1591601893.20040729112527@b-o.ru> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_F4KCBmpBvE3DSaZ"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200407290957.57276.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: freebsd-net@freebsd.org Subject: Re: packet order, ipf or ipfw (offtopic) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jul 2004 08:00:01 -0000 --Boundary-02=_F4KCBmpBvE3DSaZ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 29 July 2004 09:25, Andrew Riabtsev wrote: > Hello Max, > > Thursday, July 29, 2004, 1:46:06 AM, you wrote: > > ML> Another alternative (on FreeBSD-current) would be pf+ALTQ, btw ;) > Is there any chance to see one day pf for 4.X-RELEASE? I'm still > thinking pf is the best firewall ever made but it is very frustrated i > can't use it on freeBSD boxes. :( > Is there some serios problem on porting pf to 4.X-RELEASE? Or it's > just a question of free time? 4-STABLE is dead, hail to 5-STABLE! ;) Seriously, I have never used 4 and think that 5.3 will mark the beginning o= f a=20 very powerful 5-STABLE branch. So the reason why there is no pf port for 4.= x=20 is, that I am not interested in it. There are efforts to port it to DragonF= ly=20 which is still very close to FreeBSD 4.x in some respects and hence it shou= ld=20 not be too much work to take it from there. Other than that, pf is part of= =20 the KAME-tree and comes with the KAME-snapshots, which are available for 4.= x=20 AFAIK. ALTQ is a problem whichever way you choose. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --Boundary-02=_F4KCBmpBvE3DSaZ Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBBCK4FXyyEoT62BG0RAuJdAJ9gzNwD1L5ONx86+V/Huei0UXNJTwCePENI brFUEbCCVnBg94TDCUzx2gs= =iOFa -----END PGP SIGNATURE----- --Boundary-02=_F4KCBmpBvE3DSaZ-- From owner-freebsd-net@FreeBSD.ORG Thu Jul 29 08:02:47 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF98B16A4CE for ; Thu, 29 Jul 2004 08:02:47 +0000 (GMT) Received: from orion.erdves.lt (ns2.lrtc.net [217.9.240.98]) by mx1.FreeBSD.org (Postfix) with SMTP id 2E03B43D39 for ; Thu, 29 Jul 2004 08:02:46 +0000 (GMT) (envelope-from D.Gendvilas@lrtc.net) Received: (qmail 59566 invoked from network); 29 Jul 2004 08:02:44 -0000 Received: from unknown (HELO www.lrtc.net) (217.9.240.99) by orion.erdves.lt with SMTP; 29 Jul 2004 08:02:44 -0000 In-Reply-To: <52E06F6C-E133-11D8-A60F-000A95CE3376@staff.openaccess.org> From: Donatas.Gendvilas@lrtc.net To: freebsd-net@freebsd.org Cc: owner-freebsd-net@freebsd.org MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.0 September 26, 2002 Message-ID: Sender: D.Gendvilas@lrtc.net Date: Thu, 29 Jul 2004 10:55:27 +0300 X-MIMETrack: Serialize by Router on lotus/LRTC(Release 6.0|September 26, 2002) at 07/29/2004 10:55:28, Serialize complete at 07/29/2004 10:55:28 Content-Type: text/plain; charset="US-ASCII" X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: netgraph load monitor X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jul 2004 08:02:47 -0000 hello, is there any posibility to monitor network and cpu loads on netgraph nodes or do some dumping on each node? in our case there are: ng_atm <--------> ng_atmllc <----------> ng_ether thank you From owner-freebsd-net@FreeBSD.ORG Thu Jul 29 08:13:38 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E520816A4CE for ; Thu, 29 Jul 2004 08:13:38 +0000 (GMT) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E1D643D39 for ; Thu, 29 Jul 2004 08:13:38 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id i6T8Da5O020306 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 29 Jul 2004 12:13:36 +0400 (MSD) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id i6T8DZwG020305; Thu, 29 Jul 2004 12:13:35 +0400 (MSD) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Thu, 29 Jul 2004 12:13:35 +0400 From: Gleb Smirnoff To: Donatas.Gendvilas@lrtc.net Message-ID: <20040729081335.GB20190@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Donatas.Gendvilas@lrtc.net, freebsd-net@freebsd.org References: <52E06F6C-E133-11D8-A60F-000A95CE3376@staff.openaccess.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.6i cc: freebsd-net@freebsd.org Subject: Re: netgraph load monitor X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jul 2004 08:13:39 -0000 On Thu, Jul 29, 2004 at 10:55:27AM +0300, Donatas.Gendvilas@lrtc.net wrote: D> hello, D> is there any posibility to monitor network and cpu loads on netgraph nodes D> or do some dumping on each node? D> in our case there are: D> ng_atm <--------> ng_atmllc <----------> ng_ether You can insert ng_tee to sniff some traffic out of node. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Thu Jul 29 09:05:13 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5558316A4CE for ; Thu, 29 Jul 2004 09:05:13 +0000 (GMT) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id BF36E43D39 for ; Thu, 29 Jul 2004 09:05:12 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 6CDD41FFDD4; Thu, 29 Jul 2004 11:05:07 +0200 (CEST) Received: by transport.cksoft.de (Postfix, from userid 66) id 8CD6E1FF931; Thu, 29 Jul 2004 11:05:05 +0200 (CEST) Received: by mail.int.zabbadoz.net (Postfix, from userid 1060) id 033C915389; Thu, 29 Jul 2004 09:02:56 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.int.zabbadoz.net (Postfix) with ESMTP id EC1BC15384; Thu, 29 Jul 2004 09:02:56 +0000 (UTC) Date: Thu, 29 Jul 2004 09:02:56 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net To: Poul-Henning Kamp Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de cc: FreeBSD net mailing list Subject: multi-instance natd problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jul 2004 09:05:13 -0000 Hi, I started using the multi instance natd feature and running into problems. Every morning when the IP on the dialup interface with the default route (tun0) changes I need to re-start the natd. Else I am getting: natd[88668]: failed to write packet back (Permission denied) looks like natd deosn't get the IP change and still aliases packets to the old IP and the packets then get rejected by ipfw rules ? I would see this on the other interfaces too I think but though they are online they are idle and only used to see that the login is able to get in and for sporadic tests; will have to check tomorrow morning if needed. is anyone else seeing this behavior ? --- config extract --- log_denied log_ipfw_denied log deny_incoming #verbose globalport natd instance default interface tun0 port 8670 instance tun1 interface tun1 port 8671 ... --- end --- -- Greetings Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT From owner-freebsd-net@FreeBSD.ORG Thu Jul 29 11:27:11 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 73B3D16A4CE; Thu, 29 Jul 2004 11:27:11 +0000 (GMT) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id A24AD43D46; Thu, 29 Jul 2004 11:27:10 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id i6TBQkVZ021215 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 29 Jul 2004 15:26:47 +0400 (MSD) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id i6TBQkFK021214; Thu, 29 Jul 2004 15:26:46 +0400 (MSD) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Thu, 29 Jul 2004 15:26:46 +0400 From: Gleb Smirnoff To: current@freebsd.org, net@freebsd.org Message-ID: <20040729112646.GB21132@cell.sick.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.5.6i Subject: any ng_device users? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jul 2004 11:27:11 -0000 Is there any ng_device users? I have some patches to test. Can you spend some time? -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Thu Jul 29 13:40:08 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 91DC016A4CE for ; Thu, 29 Jul 2004 13:40:08 +0000 (GMT) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B8EF43D5C for ; Thu, 29 Jul 2004 13:40:08 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 2A7011FFDD6; Thu, 29 Jul 2004 15:40:07 +0200 (CEST) Received: by transport.cksoft.de (Postfix, from userid 66) id 41FF71FFDD4; Thu, 29 Jul 2004 15:40:05 +0200 (CEST) Received: by mail.int.zabbadoz.net (Postfix, from userid 1060) id 8D93115389; Thu, 29 Jul 2004 13:39:42 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.int.zabbadoz.net (Postfix) with ESMTP id 82A1715384; Thu, 29 Jul 2004 13:39:43 +0000 (UTC) Date: Thu, 29 Jul 2004 13:39:43 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net To: FreeBSD net mailing list In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de cc: Thomas Wolf cc: Poul-Henning Kamp Subject: Re: multi-instance natd problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jul 2004 13:40:08 -0000 On Thu, 29 Jul 2004, Bjoern A. Zeeb wrote: > is anyone else seeing this behavior ? Thanks to Thomas Wolf for pointing me to 'dynamic' missing. Got lost somewhere when changing to multi-instance entries. This should solve the problem :-) Thanks. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT From owner-freebsd-net@FreeBSD.ORG Thu Jul 29 20:41:32 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABB3116A4CE for ; Thu, 29 Jul 2004 20:41:32 +0000 (GMT) Received: from shellma.zin.lublin.pl (shellma.zin.lublin.pl [212.182.126.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6CCC343D41 for ; Thu, 29 Jul 2004 20:41:27 +0000 (GMT) (envelope-from pawmal-posting@freebsd.lublin.pl) Received: by shellma.zin.lublin.pl (Postfix, from userid 1018) id 729A83474C1; Thu, 29 Jul 2004 22:38:59 +0200 (CEST) Date: Thu, 29 Jul 2004 22:38:59 +0200 From: Pawel Malachowski To: Jeremie Le Hen Message-ID: <20040729203859.GB12370@shellma.zin.lublin.pl> References: <41081955.5090204@schluting.com> <20040728232352.GB8838@tuileries.epita.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20040728232352.GB8838@tuileries.epita.fr> User-Agent: Mutt/1.4.2i cc: freebsd-net@freebsd.org Subject: Re: packet order, ipf or ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jul 2004 20:41:32 -0000 On Thu, Jul 29, 2004 at 01:23:52AM +0200, Jeremie Le Hen wrote: > AFAIK, ipf takes precedence on ipfw for incoming packets on -STABLE, > and this is of course symmetric for outgoing ones. No, outgoing packets are passed through ipf/ipnat before they reach ipfw (at least in STABLE, PR kern/46564). -- Pawe³ Ma³achowski From owner-freebsd-net@FreeBSD.ORG Fri Jul 30 03:35:26 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4660F16A4CE for ; Fri, 30 Jul 2004 03:35:26 +0000 (GMT) Received: from mx01.bos.ma.towardex.com (mx01.bos.ma.towardex.com [65.124.16.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2401D43D45 for ; Fri, 30 Jul 2004 03:35:26 +0000 (GMT) (envelope-from haesu@mx01.bos.ma.towardex.com) Received: by mx01.bos.ma.towardex.com (TowardEX ESMTP 3.0p11_DAKN, from userid 1001) id 5D58E2F925; Thu, 29 Jul 2004 23:35:11 -0400 (EDT) Date: Thu, 29 Jul 2004 23:35:11 -0400 From: James To: freebsd-net@freebsd.org Message-ID: <20040730033511.GA10528@scylla.towardex.com> References: <41081955.5090204@schluting.com> <40658576.20040729110943@b-o.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <40658576.20040729110943@b-o.ru> User-Agent: Mutt/1.4.1i Subject: Re: packet order, ipf or ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jul 2004 03:35:26 -0000 Hi all, I was wondering for some time in a while.. How is the performance difference in general between IPFW2 and PF in stateless rules? I know performance really is hard to tell and depends on your environment. Are they just about the same since stateless rules are going at linear rate of O(N) on both firewalls? I am not trying to start a religious war or anything. Just want to get an idea of what developers think on both packet filters in regards to stateless rules. Thanks, -J -- James Jun TowardEX Technologies, Inc. Technical Lead Network Design, Consulting, IT Outsourcing james@towardex.com Boston-based Colocation & Bandwidth Services cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net From owner-freebsd-net@FreeBSD.ORG Fri Jul 30 03:58:43 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EDA1116A4CE for ; Fri, 30 Jul 2004 03:58:43 +0000 (GMT) Received: from mail.star-sw.com (mail.star-sw.com [217.195.82.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3CCE443D41 for ; Fri, 30 Jul 2004 03:58:43 +0000 (GMT) (envelope-from nkritsky@star-sw.com) Received: from ARGON.star-sw.com (argon.star-sw.com [217.195.82.10]) by mail.star-sw.com (8.12.11/8.12.11) with ESMTP id i6U3wUjk045367 for ; Fri, 30 Jul 2004 07:58:30 +0400 (MSD) Received: from ibmka.star-sw.com ([192.168.32.130]) by ARGON.star-sw.com with Microsoft SMTPSVC(5.0.2195.5329); Fri, 30 Jul 2004 07:58:30 +0400 Date: Fri, 30 Jul 2004 07:58:31 +0400 From: "Nickolay A. Kritsky" X-Mailer: The Bat! (v1.49) Personal X-Priority: 3 (Normal) Message-ID: <652582171.20040730075831@star-sw.com> To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 30 Jul 2004 03:58:30.0832 (UTC) FILETIME=[7A06EB00:01C475E9] Subject: ipsec packet filtering X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Nickolay A. Kritsky" List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jul 2004 03:58:44 -0000 Hello freebsd-net, From searching the archives this looks like an old issue, but I still can't understand something. AFAIU, now the ipfw + ipsec interoperation looks like this: input: encrypted packet comes to system. It is not checked against ipfw rules. Rules are applied to decrypted payload packet. output: packet is going to leave the system encrypted by ipsec. The packet itself is not checked by firewall, but, after encryption, the resulting ESP packet is run against ipfw rules. I am sorry, but I still cannot understand the reasons for such strange, ugly behaviour. Does anybody knows the reasons for that and what chances are that we ever get fully-functional ipfw code checking _every_ packet on the stack. Thanks. -- Best regards, ; Nickolay A. Kritsky ; SysAdmin STAR Software LLC ; mailto:nkritsky@star-sw.com From owner-freebsd-net@FreeBSD.ORG Fri Jul 30 04:31:29 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 10F7C16A4CE for ; Fri, 30 Jul 2004 04:31:29 +0000 (GMT) Received: from bigass1.bitblock.com (ns1.bitblock.com [66.199.170.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id B58ED43D48 for ; Fri, 30 Jul 2004 04:31:28 +0000 (GMT) (envelope-from mitch@bitblock.com) Received: from a1200 ([70.69.125.122]) (AUTH: LOGIN mitch@bitblock.com) by bigass1.bitblock.com with esmtp; Fri, 30 Jul 2004 04:31:23 +0000 X-Abuse-Reports: Visit http://www.bitblock.com/abuse.php X-Abuse-Reports: and submit a copy of the message headers X-Abuse-Reports: or review our policies and procedures X-Abuse-Reports: ID= 4109CF1B.00005209.bigass1.bitblock.com,dns; a1200 ([70.69.125.122]),AUTH: LOGIN mitch@bitblock.com From: "Mitch (bitblock)" To: "Nickolay A. Kritsky" , freebsd-net@freebsd.org Date: Thu, 29 Jul 2004 21:31:23 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) Importance: Normal In-Reply-To: <652582171.20040730075831@star-sw.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: RE: ipsec packet filtering X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jul 2004 04:31:29 -0000 I don't know what the reasons are, but I know the result. After much frustrating reasearch I came to the conclusion that I can: a) use linux (not an option as far as I'm concerned) b) use openvpn I need to create a hub and spoke type of vpn arrangement - one spoke node needs to communicate with another through a central router (I can't change this, it's how the carrier network I need works!) This is completly impossible in FreeBSD as far as I can see. I don't know why though ;-) Thanks. m/ > -----Original Message----- > From: owner-freebsd-net@freebsd.org > [mailto:owner-freebsd-net@freebsd.org]On Behalf Of Nickolay A. Kritsky > Sent: Thursday, July 29, 2004 8:59 PM > To: freebsd-net@freebsd.org > Subject: ipsec packet filtering > > > Hello freebsd-net, > > From searching the archives this looks like an old issue, but I > still can't understand something. > AFAIU, now the ipfw + ipsec interoperation looks like this: > input: encrypted packet comes to system. It is not checked against > ipfw rules. Rules are applied to decrypted payload packet. > output: packet is going to leave the system encrypted by ipsec. The > packet itself is not checked by firewall, but, after encryption, the > resulting ESP packet is run against ipfw rules. > I am sorry, but I still cannot understand the reasons for such > strange, ugly behaviour. Does anybody knows the reasons for that and > what chances are that we ever get fully-functional ipfw code > checking _every_ packet on the stack. > > Thanks. > > -- > Best regards, > ; Nickolay A. Kritsky > ; SysAdmin STAR Software LLC > ; mailto:nkritsky@star-sw.com > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Fri Jul 30 05:05:22 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA24916A4CE for ; Fri, 30 Jul 2004 05:05:22 +0000 (GMT) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B1FE43D5D for ; Fri, 30 Jul 2004 05:05:22 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id AC74E1FFDD4; Fri, 30 Jul 2004 07:05:07 +0200 (CEST) Received: by transport.cksoft.de (Postfix, from userid 66) id B0B201FF9A6; Fri, 30 Jul 2004 07:05:05 +0200 (CEST) Received: by mail.int.zabbadoz.net (Postfix, from userid 1060) id 28C7815389; Fri, 30 Jul 2004 05:04:49 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.int.zabbadoz.net (Postfix) with ESMTP id 1DBB915384; Fri, 30 Jul 2004 05:04:50 +0000 (UTC) Date: Fri, 30 Jul 2004 05:04:49 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net To: "Nickolay A. Kritsky" In-Reply-To: <652582171.20040730075831@star-sw.com> Message-ID: References: <652582171.20040730075831@star-sw.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de cc: freebsd-net@freebsd.org Subject: Re: ipsec packet filtering X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jul 2004 05:05:22 -0000 On Fri, 30 Jul 2004, Nickolay A. Kritsky wrote: > Hello freebsd-net, > > From searching the archives this looks like an old issue, but I > still can't understand something. > AFAIU, now the ipfw + ipsec interoperation looks like this: > input: encrypted packet comes to system. It is not checked against > ipfw rules. Rules are applied to decrypted payload packet. > output: packet is going to leave the system encrypted by ipsec. The > packet itself is not checked by firewall, but, after encryption, the > resulting ESP packet is run against ipfw rules. > I am sorry, but I still cannot understand the reasons for such > strange, ugly behaviour. Does anybody knows the reasons for that and > what chances are that we ever get fully-functional ipfw code > checking _every_ packet on the stack. I do not understand what your are trying to do but filitering ipsec encrypted packets in ipfw is available for quite some time now. I can and do check packets that: - come in encrypted and leave unencrypted - come in encrypted and leave encrypted - come in encrypted and leave re-encrypted - come in unencrypted and go out encrypted - come in encrypted and do not leave the system please see the ipsec option in ipfw manpage if that is what you are searching for. What cannot be done with FreeBSD is ipsec NAT traversal. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT From owner-freebsd-net@FreeBSD.ORG Fri Jul 30 06:05:19 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 250C616A4D1 for ; Fri, 30 Jul 2004 06:05:19 +0000 (GMT) Received: from mail.star-sw.com (mail.star-sw.com [217.195.82.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 654D543D5D for ; Fri, 30 Jul 2004 06:05:18 +0000 (GMT) (envelope-from nkritsky@star-sw.com) Received: from ARGON.star-sw.com (argon.star-sw.com [217.195.82.10]) by mail.star-sw.com (8.12.11/8.12.11) with ESMTP id i6U64h3b021414; Fri, 30 Jul 2004 10:04:43 +0400 (MSD) Received: from ibmka.star-sw.com ([192.168.32.130]) by ARGON.star-sw.com with Microsoft SMTPSVC(5.0.2195.5329); Fri, 30 Jul 2004 10:04:43 +0400 Date: Fri, 30 Jul 2004 10:04:43 +0400 From: "Nickolay A. Kritsky" X-Mailer: The Bat! (v1.49) Personal X-Priority: 3 (Normal) Message-ID: <12410155296.20040730100443@star-sw.com> To: "Bjoern A. Zeeb" In-reply-To: References: <652582171.20040730075831@star-sw.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 30 Jul 2004 06:04:43.0740 (UTC) FILETIME=[1BD4F9C0:01C475FB] cc: freebsd-net@freebsd.org Subject: Re[2]: ipsec packet filtering X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Nickolay A. Kritsky" List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jul 2004 06:05:19 -0000 Hello Bjoern, Friday, July 30, 2004, 9:04:49 AM, Bjoern A. Zeeb wrote: BAZ> I do not understand what your are trying to do but filitering ipsec BAZ> encrypted packets in ipfw is available for quite some time now. BAZ> I can and do check packets that: BAZ> - come in encrypted and leave unencrypted BAZ> - come in encrypted and leave encrypted BAZ> - come in encrypted and leave re-encrypted BAZ> - come in unencrypted and go out encrypted BAZ> - come in encrypted and do not leave the system OK. let's place a small demonstration. 217.195.82.43 <-->VPN_router1 <--> [---INTERNET---] | | 192.168.64.10 <---> VPN_router2 Traffic between 217.195.82.43 and 192.168.64.10 is encrypted by ipsec in esp/tunnel mode. Icmp is enabled, and pings go OK. Then I do (on VPN_router2): bash-2.05b# uname -sr FreeBSD 4.9-RELEASE bash-2.05b# ipfw add 1 count icmp from 192.168.64.10 to 217.195.82.43 in 00001 count icmp from 192.168.64.10 to 217.195.82.43 in bash-2.05b# ipfw add 1 count icmp from 192.168.64.10 to 217.195.82.43 out 00001 count icmp from 192.168.64.10 to 217.195.82.43 out bash-2.05b# ipfw sh 1 00001 0 0 count icmp from 192.168.64.10 to 217.195.82.43 in 00001 0 0 count icmp from 192.168.64.10 to 217.195.82.43 out after 4 pings from 217.195.82.43 to 192.168.64.10: bash-2.05b# ipfw sh 1 00001 4 240 count icmp from 192.168.64.10 to 217.195.82.43 in 00001 0 0 count icmp from 192.168.64.10 to 217.195.82.43 out while it obviously should be 4 of them in both rules. That is the problem that bothers me. To show that is not pure theoretical, here is the scenario: We need to establish VPN with our customer. They request us to NAT all our outgoing traffic, so that all packets will have the same src addr. natd translates rewrites src addr only on outgoing packets, but the outgoing packets never reach natd, because they don't make it thru ipfw rules. Tricky, eh? So I see 3 choices so far: 1. patch libalias 2. patch the kernel (ip_output.c ? ip_fw.c? ) 3. use two separate boxes for nating and ipsekking. so when you are saying: BAZ> - come in unencrypted and go out encrypted it is quite a surprise for me. What is your FreeBSD version? Can you confirm that with the test like above? -- Best regards, ; Nickolay A. Kritsky ; SysAdmin STAR Software LLC ; mailto:nkritsky@star-sw.com From owner-freebsd-net@FreeBSD.ORG Fri Jul 30 07:05:56 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C757C16A4CE for ; Fri, 30 Jul 2004 07:05:56 +0000 (GMT) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id E31F243D62 for ; Fri, 30 Jul 2004 07:05:55 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 54AAD1FFDD4; Fri, 30 Jul 2004 09:05:07 +0200 (CEST) Received: by transport.cksoft.de (Postfix, from userid 66) id 4DA1F1FF9A6; Fri, 30 Jul 2004 09:05:05 +0200 (CEST) Received: by mail.int.zabbadoz.net (Postfix, from userid 1060) id 940551539E; Fri, 30 Jul 2004 07:02:25 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.int.zabbadoz.net (Postfix) with ESMTP id 88DAC15384; Fri, 30 Jul 2004 07:02:26 +0000 (UTC) Date: Fri, 30 Jul 2004 07:02:26 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net To: "Nickolay A. Kritsky" In-Reply-To: <12410155296.20040730100443@star-sw.com> Message-ID: References: <652582171.20040730075831@star-sw.com> <12410155296.20040730100443@star-sw.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de cc: freebsd-net@freebsd.org Subject: Re[2]: ipsec packet filtering X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jul 2004 07:05:57 -0000 On Fri, 30 Jul 2004, Nickolay A. Kritsky wrote: > OK. let's place a small demonstration. > > 217.195.82.43 <-->VPN_router1 <--> [---INTERNET---] > | > | > 192.168.64.10 <---> VPN_router2 > > Traffic between 217.195.82.43 and 192.168.64.10 is encrypted by ipsec > in esp/tunnel mode. and this is done on the VPN_router{1,2} I guess. > Icmp is enabled, and pings go OK. > Then I do (on VPN_router2): > bash-2.05b# uname -sr > FreeBSD 4.9-RELEASE ok; for the 'ipsec' ipfw option this is too old. It's been functional in 5.x since 2003-12-02, that is 5.2, 5.2.1, HEAD and in RELENG_4 since 2004-01-22 that is 4.10 includes it but 4.9-RELEASE does not. > bash-2.05b# ipfw add 1 count icmp from 192.168.64.10 to 217.195.82.43 in > 00001 count icmp from 192.168.64.10 to 217.195.82.43 in > bash-2.05b# ipfw add 1 count icmp from 192.168.64.10 to 217.195.82.43 out > 00001 count icmp from 192.168.64.10 to 217.195.82.43 out > bash-2.05b# ipfw sh 1 > 00001 0 0 count icmp from 192.168.64.10 to 217.195.82.43 in > 00001 0 0 count icmp from 192.168.64.10 to 217.195.82.43 out ok; not how I would do it but ok. > after 4 pings from 217.195.82.43 to 192.168.64.10: > > bash-2.05b# ipfw sh 1 > 00001 4 240 count icmp from 192.168.64.10 to 217.195.82.43 in > 00001 0 0 count icmp from 192.168.64.10 to 217.195.82.43 out > > while it obviously should be 4 of them in both rules. no. if you ping from 217.195.82.43 to 192.168.64.10 it should be like that on vpn_router2 (not ipsec option yet as you cannot use it): ipfw add 1 count icmp from 217.195.82.43 to 192.168.64.10 in recv $int_outside # expecting 0 matches ipfw add 1 count esp from 217.195.82.43 to 192.168.64.10 in recv $int_outside # expecting 4 amtches ipfw add 1 count icmp from 217.195.82.43 to 192.168.64.10 out xmit $int_inside # in recv $int_outside # expecting 4 matches ipfw add 1 count icmp from 192.168.64.10 to 217.195.82.43 in recv $int_inside # expecting 4 matches ipfw add 1 count icmp from 192.168.64.10 to 217.195.82.43 out xmit $int_outside # in recv $int_inside # expecting 0 matches ipfw add 1 count esp from 192.168.64.10 to 217.195.82.43 out xmit $int_outside # in recv $int_inside # expecting 4 matches > That is the problem that bothers me. > To show that is not pure theoretical, here is the scenario: > We need to establish VPN with our customer. They request us to NAT all > our outgoing traffic, so that all packets will have the same src addr. ok. > natd translates rewrites src addr only on outgoing packets, but the > outgoing packets never reach natd, because they don't make it thru > ipfw rules. Tricky, eh? So I see 3 choices so far: > 1. patch libalias > 2. patch the kernel (ip_output.c ? ip_fw.c? ) > 3. use two separate boxes for nating and ipsekking. no, no, no. filter on your inside interface and divert packets there; this way nat is done before reaching output and thus before ipsec. In the other direction packet are first run through ipsec getting you the IP packet (that then will have an ipsec history you can match with an up-to-date release) and when leaving the machine to your inside network will be natted back. The ruleset gets quite tricky then but it works here (HEAD from about 82 days ago according to uptime ;-) > so when you are saying: > BAZ> - come in unencrypted and go out encrypted > it is quite a surprise for me. > What is your FreeBSD version? Can you confirm that with the test like > above? with a newer version you should be able to do it. Expect to need 2 days to fully understand everything and get it setup. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT From owner-freebsd-net@FreeBSD.ORG Fri Jul 30 07:55:07 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D730616A4CE for ; Fri, 30 Jul 2004 07:55:07 +0000 (GMT) Received: from mail.star-sw.com (mail.star-sw.com [217.195.82.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F86D43D3F for ; Fri, 30 Jul 2004 07:55:07 +0000 (GMT) (envelope-from nkritsky@star-sw.com) Received: from ARGON.star-sw.com (argon.star-sw.com [217.195.82.10]) by mail.star-sw.com (8.12.11/8.12.11) with ESMTP id i6U7t0Nn088250; Fri, 30 Jul 2004 11:55:00 +0400 (MSD) Received: from ibmka.star-sw.com ([192.168.32.130]) by ARGON.star-sw.com with Microsoft SMTPSVC(5.0.2195.5329); Fri, 30 Jul 2004 11:55:00 +0400 Date: Fri, 30 Jul 2004 11:55:00 +0400 From: "Nickolay A. Kritsky" X-Mailer: The Bat! (v1.49) Personal X-Priority: 3 (Normal) Message-ID: <11116772218.20040730115500@star-sw.com> To: "Bjoern A. Zeeb" In-reply-To: References: <652582171.20040730075831@star-sw.com> <12410155296.20040730100443@star-sw.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 30 Jul 2004 07:55:00.0610 (UTC) FILETIME=[83CB3620:01C4760A] cc: freebsd-net@freebsd.org Subject: Re[3]: ipsec packet filtering X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Nickolay A. Kritsky" List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jul 2004 07:55:08 -0000 Hello Bjoern, Friday, July 30, 2004, 11:02:26 AM, Bjoern A. Zeeb wrote: >> Then I do (on VPN_router2): >> bash-2.05b# uname -sr >> FreeBSD 4.9-RELEASE BAZ> ok; for the 'ipsec' ipfw option this is too old. It's been functional BAZ> in 5.x since 2003-12-02, that is 5.2, 5.2.1, HEAD and in RELENG_4 since BAZ> 2004-01-22 that is 4.10 includes it but 4.9-RELEASE does not. any improvements in ipfw or ipfw2 don't really help, because the original (not encrypted) packet just doesnt reach ipfw on the second (output) pass. More on this below. >> after 4 pings from 217.195.82.43 to 192.168.64.10: >> >> bash-2.05b# ipfw sh 1 >> 00001 4 240 count icmp from 192.168.64.10 to 217.195.82.43 in >> 00001 0 0 count icmp from 192.168.64.10 to 217.195.82.43 out >> >> while it obviously should be 4 of them in both rules. BAZ> no. BAZ> if you ping from 217.195.82.43 to 192.168.64.10 it should be like BAZ> that on vpn_router2 (not ipsec option yet as you cannot use it): BAZ> ipfw add 1 count icmp from 217.195.82.43 to 192.168.64.10 in recv $int_outside BAZ> # expecting 0 matches BAZ> ipfw add 1 count esp from 217.195.82.43 to 192.168.64.10 in recv $int_outside BAZ> # expecting 4 amtches I think I have got your point here, but filtering esp in tunnel mode is of no use in many scenarios since higher protocol information (like ports for TCP/UDP) is hidden in encrypted payload. >> natd translates rewrites src addr only on outgoing packets, but the >> outgoing packets never reach natd, because they don't make it thru >> ipfw rules. Tricky, eh? So I see 3 choices so far: >> 1. patch libalias >> 2. patch the kernel (ip_output.c ? ip_fw.c? ) >> 3. use two separate boxes for nating and ipsekking. BAZ> no, no, no. BAZ> filter on your inside interface and divert packets there; this way BAZ> nat is done before reaching output and thus before ipsec. Correct me if I am wrong but diverting incoming packets wont help. Libalias will just pass them unNATed. Or has it been changed since 4.9? Let's see. alias.c, Revision 1.48(latest): static int TcpAliasIn(struct libalias *la, struct ip *pip) { struct tcphdr *tc; struct alias_link *lnk; tc = (struct tcphdr *)ip_next(pip); lnk = FindUdpTcpIn(la, pip->ip_src, pip->ip_dst, tc->th_sport, tc->th_dport, IPPROTO_TCP, !(la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)); if (lnk != NULL) { //match found in table . . various checks and restoring src/dst address from table) . . } return (PKT_ALIAS_IGNORED); } see? if the incoming packet is not in table, _and_ natd is not running in proxy_only mode (which is not acceptable here) the packet flows by without any change. And that's what the `man natd' says. BAZ> In the other direction packet are first run through ipsec getting you BAZ> the IP packet (that then will have an ipsec history you can match with BAZ> an up-to-date release) and when leaving the machine to your inside BAZ> network will be natted back. Yes. This part works great :) BAZ> The ruleset gets quite tricky then but it works here (HEAD from about BAZ> 82 days ago according to uptime ;-) ? Do you mean you have the same scenario? And diverting on inside interface works for you? -- Best regards, ; Nickolay A. Kritsky ; SysAdmin STAR Software LLC ; mailto:nkritsky@star-sw.com From owner-freebsd-net@FreeBSD.ORG Fri Jul 30 08:07:06 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A437516A4CE for ; Fri, 30 Jul 2004 08:07:06 +0000 (GMT) Received: from gizmo07ps.bigpond.com (gizmo07ps.bigpond.com [144.140.71.42]) by mx1.FreeBSD.org (Postfix) with SMTP id EC22843D31 for ; Fri, 30 Jul 2004 08:07:03 +0000 (GMT) (envelope-from peter@sandilands.vu) Received: (qmail 12562 invoked from network); 30 Jul 2004 08:07:02 -0000 Received: from unknown (HELO psmam06.bigpond.com) (144.135.25.84) by gizmo07ps.bigpond.com with SMTP; 30 Jul 2004 08:07:02 -0000 Received: from cpe-144-136-114-229.nsw.bigpond.net.au ([144.136.114.229]) by psmam06.bigpond.com(MAM REL_3_4_2a 116/18174712) with SMTP id 18174712; Fri, 30 Jul 2004 18:07:02 +1000 From: "Peter Sandilands" To: "Nickolay A. Kritsky" , Date: Fri, 30 Jul 2004 18:06:45 +1000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 In-Reply-To: <652582171.20040730075831@star-sw.com> Subject: RE: ipsec packet filtering X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: peter@sandilands.vu List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jul 2004 08:07:06 -0000 > From searching the archives this looks like an old issue, but I > still can't understand something. > AFAIU, now the ipfw + ipsec interoperation looks like this: > input: encrypted packet comes to system. It is not checked against > ipfw rules. Rules are applied to decrypted payload packet. Not true. Encrypted packet is passed thru IPFW an an ESP packet. It is then not processed any further by IPFW > output: packet is going to leave the system encrypted by > ipsec. The > packet itself is not checked by firewall, but, after > encryption, the > resulting ESP packet is run against ipfw rules. Correct. But it can be checked on the way into the gateway - on the inbound i/f > I am sorry, but I still cannot understand the reasons for such > strange, ugly behaviour. Does anybody knows the reasons > for that and what chances are that we ever get fully-functional ipfw code > checking _every_ packet on the stack. The default action is to assume that packets arriving thru a tunnel are trusted. But by adding the following option to the kernel conf file you can get the processing path I think you are asking for?? options IPSEC_FILTERGIF (documented in LINT) This then causes the decrypted packet to be passed thru IPFW again. Be aware this has significant consequences for where you do NAT in the ruleset and requires very careful crafting of the IPFW rules Pete From owner-freebsd-net@FreeBSD.ORG Fri Jul 30 08:15:09 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CCCFC16A4CE for ; Fri, 30 Jul 2004 08:15:09 +0000 (GMT) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3EC5B43D2D for ; Fri, 30 Jul 2004 08:15:09 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 5D8991FFDD4; Fri, 30 Jul 2004 10:15:07 +0200 (CEST) Received: by transport.cksoft.de (Postfix, from userid 66) id 7CF2D1FF931; Fri, 30 Jul 2004 10:15:05 +0200 (CEST) Received: by mail.int.zabbadoz.net (Postfix, from userid 1060) id 585741539E; Fri, 30 Jul 2004 08:12:51 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.int.zabbadoz.net (Postfix) with ESMTP id 4D9BF15384; Fri, 30 Jul 2004 08:12:52 +0000 (UTC) Date: Fri, 30 Jul 2004 08:12:52 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net To: "Nickolay A. Kritsky" In-Reply-To: <11116772218.20040730115500@star-sw.com> Message-ID: References: <652582171.20040730075831@star-sw.com> <11116772218.20040730115500@star-sw.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de cc: freebsd-net@freebsd.org Subject: Re[3]: ipsec packet filtering X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jul 2004 08:15:09 -0000 On Fri, 30 Jul 2004, Nickolay A. Kritsky wrote: Hi, > I think I have got your point here, but filtering esp in tunnel mode > is of no use in many scenarios since higher protocol information (like > ports for TCP/UDP) is hidden in encrypted payload. at first it helps you to accept (only) encrypted traffic from your peers. > Correct me if I am wrong but diverting incoming packets wont help. > Libalias will just pass them unNATed. Or has it been changed since > 4.9? Let's see. ... > see? if the incoming packet is not in table, _and_ natd is not running > in proxy_only mode (which is not acceptable here) the packet flows by > without any change. And that's what the `man natd' says. please type man natd /reverse n this should be available in 4.9 too. > BAZ> The ruleset gets quite tricky then but it works here (HEAD from about > BAZ> 82 days ago according to uptime ;-) > > ? Do you mean you have the same scenario? And diverting on inside > interface works for you? yes of course and a lot more on my three inside and two outside interfaces. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT From owner-freebsd-net@FreeBSD.ORG Fri Jul 30 08:47:23 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0201816A4CF for ; Fri, 30 Jul 2004 08:47:23 +0000 (GMT) Received: from mail.star-sw.com (mail.star-sw.com [217.195.82.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1FF8643D48 for ; Fri, 30 Jul 2004 08:47:22 +0000 (GMT) (envelope-from nkritsky@star-sw.com) Received: from ARGON.star-sw.com (argon.star-sw.com [217.195.82.10]) by mail.star-sw.com (8.12.11/8.12.11) with ESMTP id i6U8lLls021020; Fri, 30 Jul 2004 12:47:21 +0400 (MSD) Received: from ibmka.star-sw.com ([192.168.32.130]) by ARGON.star-sw.com with Microsoft SMTPSVC(5.0.2195.5329); Fri, 30 Jul 2004 12:47:21 +0400 Date: Fri, 30 Jul 2004 12:47:20 +0400 From: "Nickolay A. Kritsky" X-Mailer: The Bat! (v1.49) Personal X-Priority: 3 (Normal) Message-ID: <11319912718.20040730124720@star-sw.com> To: "Bjoern A. Zeeb" In-reply-To: References: <652582171.20040730075831@star-sw.com> <12410155296.20040730100443@star-sw.com> <11116772218.20040730115500@star-sw.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 30 Jul 2004 08:47:21.0005 (UTC) FILETIME=[D39D75D0:01C47611] cc: freebsd-net@freebsd.org Subject: Re[4]: ipsec packet filtering X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Nickolay A. Kritsky" List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jul 2004 08:47:23 -0000 Hello Bjoern, Friday, July 30, 2004, 12:12:52 PM, Bjoern A. Zeeb wrote: >> see? if the incoming packet is not in table, _and_ natd is not running >> in proxy_only mode (which is not acceptable here) the packet flows by >> without any change. And that's what the `man natd' says. BAZ> please type BAZ> man natd BAZ> /reverse BAZ> n BAZ> this should be available in 4.9 too. It's there. Oh my god! RTFM forever. Well, thanks a lot, and sorry for time/traffic consumption. I still don't like current situation with the way ipsec is processed by ipfw, but -reverse will help me for now. -- Best regards, ; Nickolay A. Kritsky ; SysAdmin STAR Software LLC ; mailto:nkritsky@star-sw.com From owner-freebsd-net@FreeBSD.ORG Fri Jul 30 09:31:47 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A8A216A4CF for ; Fri, 30 Jul 2004 09:31:47 +0000 (GMT) Received: from mail.star-sw.com (mail.star-sw.com [217.195.82.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 38CD143D2F for ; Fri, 30 Jul 2004 09:31:46 +0000 (GMT) (envelope-from nkritsky@star-sw.com) Received: from ARGON.star-sw.com (argon.star-sw.com [217.195.82.10]) by mail.star-sw.com (8.12.11/8.12.11) with ESMTP id i6U9ViTa049809 for ; Fri, 30 Jul 2004 13:31:45 +0400 (MSD) Received: from ibmka.star-sw.com ([192.168.32.130]) by ARGON.star-sw.com with Microsoft SMTPSVC(5.0.2195.5329); Fri, 30 Jul 2004 13:31:44 +0400 Date: Fri, 30 Jul 2004 13:31:44 +0400 From: "Nickolay A. Kritsky" X-Mailer: The Bat! (v1.49) Personal X-Priority: 3 (Normal) Message-ID: <18822576687.20040730133144@star-sw.com> To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 30 Jul 2004 09:31:44.0913 (UTC) FILETIME=[076D9010:01C47618] Subject: ethernet over ip X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Nickolay A. Kritsky" List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jul 2004 09:31:47 -0000 Hello freebsd-net, How can a body do ethernet over ip on FreeBSD? I have heard that with netgraph you can do that. Has anybody tried this or maybe some other way? The goal is to connect two L2 networks on remote sites. Thanks. -- Best regards, ; Nickolay A. Kritsky ; SysAdmin STAR Software LLC ; mailto:nkritsky@star-sw.com From owner-freebsd-net@FreeBSD.ORG Fri Jul 30 11:22:41 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 905D116A4CF for ; Fri, 30 Jul 2004 11:22:41 +0000 (GMT) Received: from tigra.ip.net.ua (tigra.ip.net.ua [82.193.96.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id A1E0143D55 for ; Fri, 30 Jul 2004 11:22:40 +0000 (GMT) (envelope-from ru@ip.net.ua) Received: from heffalump.ip.net.ua (heffalump.ip.net.ua [82.193.96.213]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id i6UBMTdw004593 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 30 Jul 2004 14:22:30 +0300 (EEST) (envelope-from ru@ip.net.ua) Received: (from ru@localhost) by heffalump.ip.net.ua (8.12.11/8.12.11) id i6UBMLQ3039693; Fri, 30 Jul 2004 14:22:21 +0300 (EEST) (envelope-from ru) Date: Fri, 30 Jul 2004 14:22:21 +0300 From: Ruslan Ermilov To: "Nickolay A. Kritsky" Message-ID: <20040730112221.GB39558@ip.net.ua> References: <18822576687.20040730133144@star-sw.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="CdrF4e02JqNVZeln" Content-Disposition: inline In-Reply-To: <18822576687.20040730133144@star-sw.com> User-Agent: Mutt/1.5.6i X-Virus-Scanned: by amavisd-new cc: freebsd-net@freebsd.org Subject: Re: ethernet over ip X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jul 2004 11:22:41 -0000 --CdrF4e02JqNVZeln Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jul 30, 2004 at 01:31:44PM +0400, Nickolay A. Kritsky wrote: > Hello freebsd-net, >=20 > How can a body do ethernet over ip on FreeBSD? I have heard that > with netgraph you can do that. Has anybody tried this or maybe some > other way? The goal is to connect two L2 networks on remote sites. >=20 This is trivial with Netgraph. Basically, you bridge (ng_bridge(4)) an Ethernet node (ng_ether(4)) with a UDP socket (ng_ksocket(4)) representing your tunnel, on each side of a tunnel. Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --CdrF4e02JqNVZeln Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFBCi9tqRfpzJluFF4RAl4uAJ9GcSabpxCgUHhe469M7vPfQenVbACfRgI2 8+/ETyhGEZXeWQ09jAW4dqI= =HE3Z -----END PGP SIGNATURE----- --CdrF4e02JqNVZeln-- From owner-freebsd-net@FreeBSD.ORG Fri Jul 30 11:30:00 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 548FE16A4CE for ; Fri, 30 Jul 2004 11:30:00 +0000 (GMT) Received: from ns2.alphaque.com (ns2.alphaque.com [202.75.47.153]) by mx1.FreeBSD.org (Postfix) with SMTP id 000F943D4C for ; Fri, 30 Jul 2004 11:29:58 +0000 (GMT) (envelope-from dinesh@alphaque.com) Received: (qmail 3463 invoked by uid 0); 30 Jul 2004 11:29:56 -0000 Received: from lucifer.net-gw.com (HELO prophet.alphaque.com) (202.75.47.153) by lucifer.net-gw.com with SMTP; 30 Jul 2004 11:29:56 -0000 Received: from localhost (localhost.alphaque.com [127.0.0.1]) by prophet.alphaque.com (8.12.11/8.12.9) with ESMTP id i6UBECWg070036; Fri, 30 Jul 2004 19:14:12 +0800 (MYT) (envelope-from dinesh@alphaque.com) Date: Fri, 30 Jul 2004 19:14:12 +0800 (MYT) From: Dinesh Nair To: Jeremie Le Hen In-Reply-To: <20040728232352.GB8838@tuileries.epita.fr> Message-ID: <20040730191015.W483-100000@prophet.alphaque.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org cc: Charlie Schluting cc: jeremie@foobar.com Subject: Re: packet order, ipf or ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jul 2004 11:30:00 -0000 On Thu, 29 Jul 2004, Jeremie Le Hen wrote: > Hello Charlie, > > > I'm running ipf because I like it ...but now I need to use ipfw's pipe > > feature. I was thinking that I could just run both, and keep all my > > rules in ipf, then in ipfw: limit bandwidth for a few vlans, then allow all. > > > > It didn't work (no rate-limiting happened).. and I'm thinking that ipf > > is passing the packets and bypassing ipfw? Or something.. > > > > So, what is the order, if I'm running ipf AND ipfw at the same time? > > Will it work at all in this manner? > > But you should be warned that using ipnat(8) in conjunction to ipfw > pipes may lead to an incorrect behaviour : > http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/61685 in addition, http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/46564 reverses the order in which ipfw/ipfilter/ipnat processes packets in ip_output.c to make it consistent if both are used. by default the flow is: wire -> ipnat -> ipfilter -> ipfw -> kernel -> ipfilter -> ipnat ->ipfw the patch in the above PR changes it to: wire -> ipnat -> ipfilter -> ipfw -> kernel -> ipfw -> ipfilter -> ipnat personally, i prefer the patch to ip_output as it makes it cleaner when you're separating between using ipfw/dummynet for shaping and ipfilter/ipnat for firewalling. Regards, /\_/\ "All dogs go to heaven." dinesh@alphaque.com (0 0) http://www.alphaque.com/ +==========================----oOO--(_)--OOo----==========================+ | for a in past present future; do | | for b in clients employers associates relatives neighbours pets; do | | echo "The opinions here in no way reflect the opinions of my $a $b." | | done; done | +=========================================================================+ From owner-freebsd-net@FreeBSD.ORG Fri Jul 30 17:34:14 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF25416A4CE for ; Fri, 30 Jul 2004 17:34:14 +0000 (GMT) Received: from mailhost.schluting.com (schluting.com [131.252.214.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id 91ADF43D4C for ; Fri, 30 Jul 2004 17:34:14 +0000 (GMT) (envelope-from charlie@schluting.com) Received: from localhost (localhost [127.0.0.1]) by mailhost.schluting.com (Postfix) with ESMTP id 8F3892179 for ; Fri, 30 Jul 2004 10:33:52 -0700 (PDT) Received: from mailhost.schluting.com ([127.0.0.1]) by localhost (schluting.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 64928-07 for ; Fri, 30 Jul 2004 10:33:47 -0700 (PDT) Received: from [131.252.209.122] (smelly.cat.pdx.edu [131.252.209.122]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailhost.schluting.com (Postfix) with ESMTP id DE6F22172 for ; Fri, 30 Jul 2004 10:33:46 -0700 (PDT) Message-ID: <410A867A.6000707@schluting.com> Date: Fri, 30 Jul 2004 10:33:46 -0700 From: Charlie Schluting User-Agent: Mozilla Thunderbird 0.6 (X11/20040519) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <20040730191015.W483-100000@prophet.alphaque.com> In-Reply-To: <20040730191015.W483-100000@prophet.alphaque.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by your mom at schluting.com Subject: Re: packet order, ipf or ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jul 2004 17:34:14 -0000 Dinesh Nair wrote: > by default the flow is: > > wire -> ipnat -> ipfilter -> ipfw -> kernel -> ipfilter -> ipnat ->ipfw > > the patch in the above PR changes it to: > > wire -> ipnat -> ipfilter -> ipfw -> kernel -> ipfw -> ipfilter -> ipnat Interesting! Thanks for all the great info guys. I don't really need to use the patch, since I simply want to limit my outbound bandwidth usage. The problem with my rules before was a result of not understanding that nat translation had already taken place (I think). I'll test this weekend. Thanks; -Charlie From owner-freebsd-net@FreeBSD.ORG Fri Jul 30 17:35:32 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7040F16A4D2 for ; Fri, 30 Jul 2004 17:35:32 +0000 (GMT) Received: from bigass1.bitblock.com (ns1.bitblock.com [66.199.170.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 193FB43D39 for ; Fri, 30 Jul 2004 17:35:32 +0000 (GMT) (envelope-from mitch@bitblock.com) Received: from a1200 ([70.69.125.122]) (AUTH: LOGIN mitch@bitblock.com) by bigass1.bitblock.com with esmtp; Fri, 30 Jul 2004 17:34:59 +0000 X-Abuse-Reports: Visit http://www.bitblock.com/abuse.php X-Abuse-Reports: and submit a copy of the message headers X-Abuse-Reports: or review our policies and procedures X-Abuse-Reports: ID= 410A86C3.0000CF1B.bigass1.bitblock.com,dns; a1200 ([70.69.125.122]),AUTH: LOGIN mitch@bitblock.com From: "Mitch (bitblock)" To: peter@sandilands.vu, freebsd-net@freebsd.org Date: Fri, 30 Jul 2004 10:34:58 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) Importance: Normal In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: RE: ipsec packet filtering X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jul 2004 17:35:32 -0000 > But by adding the following option to the kernel conf file you can get > the processing path I think you are asking for?? > > options IPSEC_FILTERGIF (documented in LINT) > > This then causes the decrypted packet to be passed thru IPFW again. > > Be aware this has significant consequences for where you do NAT in the > ruleset and requires very careful crafting of the IPFW rules > > Pete ok. Will this allow me to do the following: Client 1 <--\ FREEBSD ROUTER <----> Internet Client 2 <--/ Client 1, although on the same subnet as client 2, can not directly connect to Client 2. This is an underlying restriction of the ATM transport of the telco we deal with. No option. I want to connect client 1, and client 2. I can create a VPN from client 1 to central router, and client 2 to central router. In the past, I could not route this traffic. Are you saying this should be possible now? Thanks. m/ From owner-freebsd-net@FreeBSD.ORG Sat Jul 31 02:36:38 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F2F7016A4CE; Sat, 31 Jul 2004 02:36:37 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.191]) by mx1.FreeBSD.org (Postfix) with ESMTP id B94C643D6B; Sat, 31 Jul 2004 02:36:37 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1BqjjM-0008Fv-00; Sat, 31 Jul 2004 04:36:16 +0200 Received: from [217.227.157.228] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1BqjjL-0007pU-00; Sat, 31 Jul 2004 04:36:16 +0200 From: Max Laier To: freebsd-current@freebsd.org Date: Sat, 31 Jul 2004 04:34:09 +0200 User-Agent: KMail/1.6.2 MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_pUwCBDibKSZqMEx"; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200407310434.17166.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: freebsd-net@freebsd.org cc: pf4freebsd@freelists.org Subject: ALTQ driver: an(4), ath(4), hme(4), ndis(4), vr(4) and wi(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Jul 2004 02:36:38 -0000 --Boundary-02=_pUwCBDibKSZqMEx Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi, patch at: http://people.freebsd.org/~mlaier/altq_driver2.diff If you are maintaining any of the above, please take a look and tell me if = you=20 object. ndis(4) maintains code portability to 5.2.1 as requested. All drivers were tested as described on: http://people.freebsd.org/~mlaier/ALTQ_driver/ After this we have ALTQ support for the following NICs: an(4), ath(4), bfe(4), de(4), em(4), fxp(4), hme(4), lnc(4), ndis(4), rl(= 4),=20 sis(4), tun(4), vr(4), wi(4) and xl(4). I'll happily add *your* driver to the list if you can do some basic tests a= s=20 described on above URL. Please let me know if you want to try a driver not= =20 yet patched on the page (or if you run into problems with any patch from=20 there). TIA! =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --Boundary-02=_pUwCBDibKSZqMEx Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBBCwUpXyyEoT62BG0RAoaSAJ9mx3atZhJuEw6guY76uOVfl+yHBwCfdCBf dro2J4jW5qlRcHbnpCSO3KA= =/+3D -----END PGP SIGNATURE----- --Boundary-02=_pUwCBDibKSZqMEx-- From owner-freebsd-net@FreeBSD.ORG Sat Jul 31 06:51:18 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from green.homeunix.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id E9A9316A4CE; Sat, 31 Jul 2004 06:51:05 +0000 (GMT) Received: from green.homeunix.org (green@localhost [127.0.0.1]) by green.homeunix.org (8.12.11/8.12.11) with ESMTP id i6V6ovd2085939; Sat, 31 Jul 2004 02:50:57 -0400 (EDT) (envelope-from green@green.homeunix.org) Received: (from green@localhost) by green.homeunix.org (8.12.11/8.12.11/Submit) id i6V6oeXq085938; Sat, 31 Jul 2004 02:50:40 -0400 (EDT) (envelope-from green) Date: Sat, 31 Jul 2004 02:50:39 -0400 From: Brian Fundakowski Feldman To: Max Laier Message-ID: <20040731065039.GF33220@green.homeunix.org> References: <200407310434.17166.max@love2party.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200407310434.17166.max@love2party.net> User-Agent: Mutt/1.5.6i cc: freebsd-net@freebsd.org cc: freebsd-current@freebsd.org cc: pf4freebsd@freelists.org Subject: Re: ALTQ driver: an(4), ath(4), hme(4), ndis(4), vr(4) and wi(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Jul 2004 06:51:18 -0000 On Sat, Jul 31, 2004 at 04:34:09AM +0200, Max Laier wrote: > Hi, > > patch at: > http://people.freebsd.org/~mlaier/altq_driver2.diff > > If you are maintaining any of the above, please take a look and tell me if you > object. ndis(4) maintains code portability to 5.2.1 as requested. > > All drivers were tested as described on: > http://people.freebsd.org/~mlaier/ALTQ_driver/ > > After this we have ALTQ support for the following NICs: > an(4), ath(4), bfe(4), de(4), em(4), fxp(4), hme(4), lnc(4), ndis(4), rl(4), > sis(4), tun(4), vr(4), wi(4) and xl(4). > > I'll happily add *your* driver to the list if you can do some basic tests as > described on above URL. Please let me know if you want to try a driver not > yet patched on the page (or if you run into problems with any patch from > there). TIA! Is there anything non-obvious that needs to be done for the driver at http://green.homeunix.org/~green/prism54-driver/pff/if_pff.c? TIA^2. -- Brian Fundakowski Feldman \'[ FreeBSD ]''''''''''\ <> green@FreeBSD.org \ The Power to Serve! \ Opinions expressed are my own. \,,,,,,,,,,,,,,,,,,,,,,\ From owner-freebsd-net@FreeBSD.ORG Sat Jul 31 09:28:24 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 33C8F16A4CE; Sat, 31 Jul 2004 09:28:24 +0000 (GMT) Received: from mailhub.intercaf.ru (mailhub.intercaf.ru [195.96.167.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3827443D39; Sat, 31 Jul 2004 09:28:23 +0000 (GMT) (envelope-from lesha@intercaf.ru) Received: from webmail.intercaf.ru (mail.intercaf.ru [195.96.167.50]) (authenticated bits=0) by mailhub.intercaf.ru (8.12.10/8.12.10) with ESMTP id i6V9S9XG009772; Sat, 31 Jul 2004 13:28:10 +0400 (MSD) (envelope-from lesha@intercaf.ru) Received: from 192.169.41.44 (proxying for 210.24.210.212) (SquirrelMail authenticated user lesha) by webmail.intercaf.ru with HTTP; Sat, 31 Jul 2004 13:28:10 +0400 (MSD) Message-ID: <51001.192.169.41.44.1091266090.squirrel@webmail.intercaf.ru> Date: Sat, 31 Jul 2004 13:28:10 +0400 (MSD) From: lesha@intercaf.ru To: freebsd-mobile@freebsd.org User-Agent: SquirrelMail/1.4.1 MIME-Version: 1.0 Content-Type: text/plain;charset=koi8-r Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal X-Virus-Scanned: ClamAV version 'clamd / ClamAV version 0.65', clamav-milter version '0.60p' cc: freebsd-net@freebsd.org Subject: Proxim WiFi cards anyone? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Jul 2004 09:28:24 -0000 Hello, all! Today I have bought myself new Proxim Orinoco Gold b/g card to replace my old Lucent Orinoco b one. New card is working fine with the ath driver, but... Signal strength and radio perfomance are very nasty. Where my old card gave me signal strength of 106 new one gives only 51. (that is 5m away from AP) (same AP, same channels, same everything) It is not working even in next room to the AP. What can be the problem, or just Proxim got lame engineers? (behavior is same under "the Other OS" Transmit power is set to "Maximum" in supplied configuration utility. Cheers, AL. p.s. pls CC, so I will not loose your reply. From owner-freebsd-net@FreeBSD.ORG Sat Jul 31 23:12:19 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D797416A4CE; Sat, 31 Jul 2004 23:12:19 +0000 (GMT) Received: from harmony.village.org (rover.village.org [168.103.84.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5908043D1F; Sat, 31 Jul 2004 23:12:17 +0000 (GMT) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.11/8.12.11) with ESMTP id i6VNC2hm002578; Sat, 31 Jul 2004 17:12:02 -0600 (MDT) (envelope-from imp@bsdimp.com) Date: Sat, 31 Jul 2004 17:12:29 -0600 (MDT) Message-Id: <20040731.171229.29785775.imp@bsdimp.com> To: lesha@intercaf.ru From: "M. Warner Losh" In-Reply-To: <51001.192.169.41.44.1091266090.squirrel@webmail.intercaf.ru> References: <51001.192.169.41.44.1091266090.squirrel@webmail.intercaf.ru> X-Mailer: Mew version 3.3 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: freebsd-mobile@freebsd.org Subject: Re: Proxim WiFi cards anyone? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Jul 2004 23:12:20 -0000 In message: <51001.192.169.41.44.1091266090.squirrel@webmail.intercaf.ru> lesha@intercaf.ru writes: : Hello, all! : : : Today I have bought myself new Proxim Orinoco Gold b/g card : to replace my old Lucent Orinoco b one. : : New card is working fine with the ath driver, but... : Signal strength and radio perfomance are very nasty. : : Where my old card gave me signal strength of 106 : new one gives only 51. (that is 5m away from AP) : (same AP, same channels, same everything) : : It is not working even in next room to the AP. : : What can be the problem, or just Proxim got lame engineers? Lame antenna. Also, the signal strength, as reported by FreeBSD, can be radically different when the RF levels are exactly the same. Different firmware has different formulas to convert the values that are reported. Also, different antennas have different gains. Warner