From owner-freebsd-net@FreeBSD.ORG Sun Jun 1 04:31:44 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A73737B401 for ; Sun, 1 Jun 2003 04:31:44 -0700 (PDT) Received: from silver.he.iki.fi (silver.he.iki.fi [193.64.42.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 83F8643FEA for ; Sun, 1 Jun 2003 04:30:22 -0700 (PDT) (envelope-from pete@he.iki.fi) Received: from PETEX31 (h81.vuokselantie10.fi [193.64.42.129]) by silver.he.iki.fi (8.12.9/8.11.4) with SMTP id h51BUKk8003710 for ; Sun, 1 Jun 2003 14:30:21 +0300 (EEST) (envelope-from pete@he.iki.fi) Message-ID: <001f01c32831$296b9210$812a40c1@PETEX31> From: "Petri Helenius" To: Date: Sun, 1 Jun 2003 14:30:10 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: ipfw and hostnames X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jun 2003 11:31:45 -0000 How do I compile/load ipfw kld so that it has "default to accept" which seems to be required to allow hostnames to be used in firewall configuration loaded at boot time. Even starting the firewall config with 65000 allow all from any to any does not seem to allow hostname resolution to work when starting with kld. Pete From owner-freebsd-net@FreeBSD.ORG Sun Jun 1 11:44:42 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2551A37B401 for ; Sun, 1 Jun 2003 11:44:42 -0700 (PDT) Received: from out004.verizon.net (out004pub.verizon.net [206.46.170.142]) by mx1.FreeBSD.org (Postfix) with ESMTP id 547D443FAF for ; Sun, 1 Jun 2003 11:44:41 -0700 (PDT) (envelope-from cswiger@mac.com) Received: from mac.com ([129.44.60.214]) by out004.verizon.net (InterMail vM.5.01.05.33 201-253-122-126-133-20030313) with ESMTP id <20030601184440.BEMX246.out004.verizon.net@mac.com>; Sun, 1 Jun 2003 13:44:40 -0500 Message-ID: <3EDA498D.3000307@mac.com> Date: Sun, 01 Jun 2003 14:44:29 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030507 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Petri Helenius References: <001f01c32831$296b9210$812a40c1@PETEX31> In-Reply-To: <001f01c32831$296b9210$812a40c1@PETEX31> X-Enigmail-Version: 0.75.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at out004.verizon.net from [129.44.60.214] at Sun, 1 Jun 2003 13:44:40 -0500 cc: freebsd-net@freebsd.org Subject: Re: ipfw and hostnames X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jun 2003 18:44:42 -0000 Petri Helenius wrote: > How do I compile/load ipfw kld so that it has "default to accept" which seems to be > required to allow hostnames to be used in firewall configuration loaded at boot time. You are strongly advised to use IP addresses instead of hostnames in firewall rulesets, to avoid DNS spoofing attacks subverting your firewall. Ideally, your firewall should function without depending on any external network resources. -- -Chuck From owner-freebsd-net@FreeBSD.ORG Sun Jun 1 12:41:25 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F0BA237B401 for ; Sun, 1 Jun 2003 12:41:25 -0700 (PDT) Received: from silver.he.iki.fi (silver.he.iki.fi [193.64.42.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF94543F75 for ; Sun, 1 Jun 2003 12:41:24 -0700 (PDT) (envelope-from pete@he.iki.fi) Received: from PETEX31 (h81.vuokselantie10.fi [193.64.42.129]) by silver.he.iki.fi (8.12.9/8.11.4) with SMTP id h51JfNk8006856; Sun, 1 Jun 2003 22:41:23 +0300 (EEST) (envelope-from pete@he.iki.fi) Message-ID: <008f01c32875$c210c730$812a40c1@PETEX31> From: "Petri Helenius" To: "Chuck Swiger" References: <001f01c32831$296b9210$812a40c1@PETEX31> <3EDA498D.3000307@mac.com> Date: Sun, 1 Jun 2003 22:41:12 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 cc: freebsd-net@freebsd.org Subject: Re: ipfw and hostnames X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jun 2003 19:41:26 -0000 > > You are strongly advised to use IP addresses instead of hostnames in firewall > rulesets, to avoid DNS spoofing attacks subverting your firewall. Ideally, your > firewall should function without depending on any external network resources. > I know that, I control the domains and additionally they are for non-critical resources like NTP access. Obviously all rules really important are based on IP addresses. Pete From owner-freebsd-net@FreeBSD.ORG Sun Jun 1 12:56:59 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D7DF37B401 for ; Sun, 1 Jun 2003 12:56:59 -0700 (PDT) Received: from out003.verizon.net (out003pub.verizon.net [206.46.170.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 86E1643FA3 for ; Sun, 1 Jun 2003 12:56:58 -0700 (PDT) (envelope-from cswiger@mac.com) Received: from mac.com ([129.44.60.214]) by out003.verizon.net (InterMail vM.5.01.05.33 201-253-122-126-133-20030313) with ESMTP id <20030601195657.RSGI4805.out003.verizon.net@mac.com> for ; Sun, 1 Jun 2003 14:56:57 -0500 Message-ID: <3EDA5A7F.6060204@mac.com> Date: Sun, 01 Jun 2003 15:56:47 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030507 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <001f01c32831$296b9210$812a40c1@PETEX31> <3EDA498D.3000307@mac.com> <008f01c32875$c210c730$812a40c1@PETEX31> In-Reply-To: <008f01c32875$c210c730$812a40c1@PETEX31> X-Enigmail-Version: 0.75.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at out003.verizon.net from [129.44.60.214] at Sun, 1 Jun 2003 14:56:57 -0500 Subject: Re: ipfw and hostnames X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jun 2003 19:56:59 -0000 Petri Helenius wrote: [ ...using DNS in firewall rules... ] > I know that, I control the domains and additionally they are for non-critical > resources like NTP access. OK: it's good to keep your firewall clocks syncronized. External NTP servers are best accessed by name, agreed. So run a NTP server on your local net, not on a firewall, which uses DNS to refer to higher-stratum NTP sources. Have your firewall refer to the local NTP server by IP. > Obviously all rules really important are based on IP addresses. If your firewall needs to perform *any* DNS queries, what happens if the DNS server(s) are down or unreachable when the firewall tries to restart? Does it fail in a way that you are happy with? -Chuck From owner-freebsd-net@FreeBSD.ORG Sun Jun 1 13:22:51 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1288F37B401 for ; Sun, 1 Jun 2003 13:22:51 -0700 (PDT) Received: from pixies.tirloni.org (pixies.tirloni.org [200.203.183.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id CAD3243FB1 for ; Sun, 1 Jun 2003 13:22:49 -0700 (PDT) (envelope-from tirloni@tirloni.org) Received: by pixies.tirloni.org (Postfix, from userid 1000) id 5FEC91E146C; Sun, 1 Jun 2003 17:22:48 -0300 (BRT) Date: Sun, 1 Jun 2003 17:22:47 -0300 From: "Giovanni P. Tirloni" To: freebsd-net@freebsd.org Message-ID: <20030601202247.GD70289@pixies.tirloni.org> Mail-Followup-To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable X-Info: http://www.bs2.com.br User-Agent: Mutt/1.5.3i Subject: Fw: Very weird network behaviour with 4.7-RELEASE-p10 (large) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jun 2003 20:22:51 -0000 I'm forwarding this here in case anyone wants to take a look. ----- Forwarded message from "Giovanni P. Tirloni" ----- Date: Sun, 1 Jun 2003 04:12:55 -0300 =46rom: "Giovanni P. Tirloni" To: freebsd-stable@freebsd.org User-Agent: Mutt/1.5.3i Subject: Very weird network behaviour with 4.7-RELEASE-p10 (large) Hi, I have been doing some tests using hping2 and TCP SYN pings targeting local and remote hosts from two FreeBSD 4.7-RELEASE-p10 and one Linux 2.4.18 host. =20 The three machines have the same hardware configuration and have been running for 6 months now. The average load isnt too high (usually 0.01 to 0.15) on the FreeBSD machines. Here is the output from hping2 (excuse me the line wrap), =20 root:~# hping -S -p 80 -c 6 www.freebsd.org HPING www.freebsd.org (fxp0 216.136.204.117): S set, 40 headers + 0 data b= ytes len=3D46 ip=3D216.136.204.117 ttl=3D50 DF id=3D20997 sport=3D80 flags=3DSA= seq=3D0 win=3D57344 rtt=3D212.6 ms len=3D46 ip=3D216.136.204.117 ttl=3D50 DF id=3D21140 sport=3D80 flags=3DSA= seq=3D1 win=3D57344 rtt=3D212.3 ms len=3D46 ip=3D216.136.204.117 ttl=3D50 DF id=3D21301 sport=3D80 flags=3DSA= seq=3D2 win=3D57344 rtt=3D212.3 ms DUP! len=3D46 ip=3D216.136.204.117 ttl=3D50 DF id=3D21494 sport=3D80 flags= =3DSA seq=3D0 win=3D57344 rtt=3D3207.3 ms len=3D46 ip=3D216.136.204.117 ttl=3D50 DF id=3D21498 sport=3D80 flags=3DSA= seq=3D3 win=3D57344 rtt=3D212.3 ms DUP! len=3D46 ip=3D216.136.204.117 ttl=3D50 DF id=3D21650 sport=3D80 flags= =3DSA seq=3D1 win=3D57344 rtt=3D3209.4 ms =20 --- www.freebsd.org hping statistic --- 5 packets tramitted, 6 packets received, -20% packet loss round-trip min/avg/max =3D 212.3/1211.0/3209.4 ms =20 And tcpdump confirms this and shows more packets after hping2 was stopped, =20 root@srv0-cta:~# tcpdump -n host 216.136.204.117 and port 80 tcpdump: listening on fxp0 03:55:07.989538 200.203.183.32.1288 > 216.136.204.117.80: S 852569665:8525= 69665(0) win 512 03:55:08.202061 216.136.204.117.80 > 200.203.183.32.1288: S 3771704683:377= 1704683(0) ack 85256966603:55:11.229621 216.136.204.117.80 > 200.203.183.32= =2E1291: S 2387314094:2387314094(0) ack 2741695 win 57344 (DF) 03:55:12.027408 200.203.183.32.1292 > 216.136.204.117.80: S 1532350261:153= 2350261(0) win 512 03:55:12.206721 216.136.204.117.80 > 200.203.183.32.1289: S 3305368856:330= 5368856(0) ack 1218353109 win 57344 (DF) 03:55:12.239377 216.136.204.117.80 > 200.203.183.32.1292: S 3378516967:337= 8516967(0) ack 1532350262 win 57344 (DF) 03:55:13.216677 216.136.204.117.80 > 200.203.183.32.1290: S 2652913389:265= 2913389(0) ack 422129860 win 57344 (DF) 03:55:14.226573 216.136.204.117.80 > 200.203.183.32.1291: S 2387314094:238= 7314094(0) ack 2741695 win 57344 (DF) 03:55:15.236648 216.136.204.117.80 > 200.203.183.32.1292: S 3378516967:337= 8516967(0) ack 1532350262 win 57344 (DF) 03:55:17.196452 216.136.204.117.80 > 200.203.183.32.1288: S 3771704683:377= 1704683(0) ack 852569666 win 57344 (DF) 03:55:18.206412 216.136.204.117.80 > 200.203.183.32.1289: S 3305368856:330= 5368856(0) ack 1218353109 win 57344 (DF) 03:55:19.216406 216.136.204.117.80 > 200.203.183.32.1290: S 2652913389:265= 2913389(0) ack 422129860 win 57344 (DF) 03:55:20.226331 216.136.204.117.80 > 200.203.183.32.1291: S 2387314094:238= 7314094(0) ack 2741695 win 57344 (DF) 03:55:21.236273 216.136.204.117.80 > 200.203.183.32.1292: S 3378516967:337= 8516967(0) ack 1532350262 win 57344 (DF) 03:55:29.195990 216.136.204.117.80 > 200.203.183.32.1288: S 3771704683:377= 1704683(0) ack 852569666 win 57344 (DF) 03:55:30.205987 216.136.204.117.80 > 200.203.183.32.1289: S 3305368856:330= 5368856(0) ack 1218353109 win 57344 (DF) 03:55:31.216041 216.136.204.117.80 > 200.203.183.32.1290: S 2652913389:265= 2913389(0) ack 422129860 win 57344 (DF) 03:55:32.225922 216.136.204.117.80 > 200.203.183.32.1291: S 2387314094:238= 7314094(0) ack 2741695 win 57344 (DF) 03:55:33.235869 216.136.204.117.80 > 200.203.183.32.1292: S 3378516967:337= 8516967(0) ack 1532350262 win 57344 (DF) Another different output from hping (strange rtt's), =20 root@srv0-cta:~# hping -S -p 80 -c 8 www.freebsd.org HPING www.freebsd.org (fxp0 216.136.204.117): S set, 40 headers + 0 data b= ytes len=3D46 ip=3D216.136.204.117 ttl=3D50 DF id=3D38289 sport=3D80 flags=3DSA= seq=3D0 win=3D57344 rtt=3D212.5 ms len=3D46 ip=3D216.136.204.117 ttl=3D50 DF id=3D38291 sport=3D80 flags=3DSA= seq=3D0 win=3D57344 rtt=3D0.0 ms len=3D46 ip=3D216.136.204.117 ttl=3D50 DF id=3D38371 sport=3D80 flags=3DSA= seq=3D1 win=3D57344 rtt=3D211.9 ms len=3D46 ip=3D216.136.204.117 ttl=3D50 DF id=3D38372 sport=3D80 flags=3DSA= seq=3D0 win=3D57344 rtt=3D0.0 ms len=3D46 ip=3D216.136.204.117 ttl=3D50 DF id=3D38404 sport=3D80 flags=3DSA= seq=3D2 win=3D57344 rtt=3D211.9 ms len=3D46 ip=3D216.136.204.117 ttl=3D50 DF id=3D38405 sport=3D80 flags=3DSA= seq=3D0 win=3D57344 rtt=3D0.0 ms DUP! len=3D46 ip=3D216.136.204.117 ttl=3D50 DF id=3D38687 sport=3D80 flags= =3DSA seq=3D0 win=3D57344 rtt=3D3207.3 ms len=3D46 ip=3D216.136.204.117 ttl=3D50 DF id=3D38702 sport=3D80 flags=3DSA= seq=3D3 win=3D57344 rtt=3D212.0 ms =20 --- www.freebsd.org hping statistic --- 4 packets tramitted, 8 packets received, -100% packet loss round-trip min/avg/max =3D 211.9/811.1/3207.3 ms =20 And the tcpdump output, =20 04:00:57.419466 216.136.204.117.80 > 200.203.183.32.2381: S 1076154568:107= 6154568(0) ack 1439276851 win 57344 (DF) 04:00:58.201940 200.203.183.32.1995 > 216.136.204.117.80: S 264430648:2644= 30648(0) win 512 04:00:58.414397 216.136.204.117.80 > 200.203.183.32.1995: S 2379854270:237= 9854270(0) ack 264430649 win 57344 (DF) 04:00:58.429518 216.136.204.117.80 > 200.203.183.32.2382: S 3830791941:383= 0791941(0) ack 451178042 win 57344 (DF) 04:00:59.206642 200.203.183.32.1996 > 216.136.204.117.80: S 1522574199:152= 2574199(0) win 512 04:00:59.418526 216.136.204.117.80 > 200.203.183.32.1996: S 3804689919:380= 4689919(0) ack 1522574200 win 57344 (DF) 04:00:59.439330 216.136.204.117.80 > 200.203.183.32.2383: S 1160193874:116= 0193874(0) ack 1028452909 win 57344 (DF) 04:01:00.216649 200.203.183.32.1997 > 216.136.204.117.80: S 442375938:4423= 75938(0) win 512 04:01:00.428557 216.136.204.117.80 > 200.203.183.32.1997: S 3901380776:390= 1380776(0) ack 442375939 win 57344 (DF) 04:01:00.449324 216.136.204.117.80 > 200.203.183.32.2384: S 3552821723:355= 2821723(0) ack 1069527292 win 57344 (DF) 04:01:01.226660 200.203.183.32.1998 > 216.136.204.117.80: S 240094281:2400= 94281(0) win 512 04:01:01.409234 216.136.204.117.80 > 200.203.183.32.1995: S 2379854270:237= 9854270(0) ack 264430649 win 57344 (DF) 04:01:01.438601 216.136.204.117.80 > 200.203.183.32.1998: S 4153685029:415= 3685029(0) ack 240094282 win 57344 (DF) 04:01:01.529193 216.136.204.117.80 > 200.203.183.32.2065: S 4017739092:401= 7739092(0) ack 1616120023 win 57344 (DF) 04:01:02.409213 216.136.204.117.80 > 200.203.183.32.1996: S 3804689919:380= 4689919(0) ack 1522574200 win 57344 (DF) 04:01:02.529165 216.136.204.117.80 > 200.203.183.32.2066: S 754183561:7541= 83561(0) ack 1231654702 win 57344 (DF) 04:01:03.419286 216.136.204.117.80 > 200.203.183.32.1997: S 3901380776:390= 1380776(0) ack 442375939 win 57344 (DF) 04:01:03.539156 216.136.204.117.80 > 200.203.183.32.2067: S 1059652438:105= 9652438(0) ack 2093248177 win 57344 (DF) 04:01:04.429131 216.136.204.117.80 > 200.203.183.32.1998: S 4153685029:415= 3685029(0) ack 240094282 win 57344 (DF) 04:01:04.549163 216.136.204.117.80 > 200.203.183.32.2068: S 3136323399:313= 6323399(0) ack 723495504 win 57344 (DF) 04:01:07.409090 216.136.204.117.80 > 200.203.183.32.1995: S 2379854270:237= 9854270(0) ack 264430649 win 57344 (DF) 04:01:08.408993 216.136.204.117.80 > 200.203.183.32.1996: S 3804689919:380= 4689919(0) ack 1522574200 win 57344 (DF) 04:01:09.418980 216.136.204.117.80 > 200.203.183.32.1997: S 3901380776:390= 1380776(0) ack 442375939 win 57344 (DF) 04:01:10.429020 216.136.204.117.80 > 200.203.183.32.1998: S 4153685029:415= 3685029(0) ack 240094282 win 57344 (DF) 04:01:19.408629 216.136.204.117.80 > 200.203.183.32.1995: S 2379854270:237= 9854270(0) ack 264430649 win 57344 (DF) 04:01:20.408544 216.136.204.117.80 > 200.203.183.32.1996: S 3804689919:380= 4689919(0) ack 1522574200 win 57344 (DF) 04:01:21.418566 216.136.204.117.80 > 200.203.183.32.1997: S 3901380776:390= 1380776(0) ack 442375939 win 57344 (DF) 04:01:22.428427 216.136.204.117.80 > 200.203.183.32.1998: S 4153685029:415= 3685029(0) ack 240094282 win 57344 (DF) =20 Some users have complaint about server timeouts since Monday (but I havent experienced the problems they seem to be having). At first=20 I thought it was the switch but I don't see errors from the Linux=20 machine. That happens when pinging (with hping -S -p 80), bsd1:fxp0 -> bsd2 bsd2:fxp0 -> bsd1 bsd1:lo0 -> bsd1:lo0 bsd2:lo0 -> bsd2:lo0 bsd1:fxp0 -> remote bsd2:fxp0 -> remote bsd1:fxp0 -> linux =20 Any help is welcome and sorry if this email doesn't have all the information needed to solve this problem. I'll be happy to provide more details and do more tests if needed. =20 Here is the output from ifconfig fxp0, =20 fxp0: flags=3D8843 mtu 1500 inet 200.203.183.32 netmask 0xffffffc0 broadcast 200.203.183.63 inet 200.203.183.33 netmask 0xffffffff broadcast 200.203.183.33 inet 200.203.183.37 netmask 0xffffffff broadcast 200.203.183.37 ether 00:07:e9:ad:2a:ab media: Ethernet autoselect (100baseTX ) status: active =20 Someone mentioned cvsup'ing to 4.8-STABLE but I'm afraid of doing so because those two boxes are very critical. =20 -- Giovanni P. Tirloni http://www.tirloni.org _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" ----- End forwarded message ----- From owner-freebsd-net@FreeBSD.ORG Sun Jun 1 16:43:44 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E19F37B401 for ; Sun, 1 Jun 2003 16:43:44 -0700 (PDT) Received: from arg1.demon.co.uk (arg1.demon.co.uk [62.49.12.213]) by mx1.FreeBSD.org (Postfix) with ESMTP id D0A7343F93 for ; Sun, 1 Jun 2003 16:43:40 -0700 (PDT) (envelope-from arg-bsd@arg.me.uk) Received: by arg1.demon.co.uk (Postfix, from userid 300) id 8AA3D9BAB; Mon, 2 Jun 2003 00:43:39 +0100 (BST) Received: from localhost (localhost [127.0.0.1]) by arg1.demon.co.uk (Postfix) with ESMTP id 79C255D4C for ; Mon, 2 Jun 2003 00:43:39 +0100 (BST) Date: Mon, 2 Jun 2003 00:43:39 +0100 (BST) From: Andrew Gordon X-X-Sender: To: Message-ID: <20030601235753.C46670-200000@server.arg.sj.co.uk> MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-615467604-1054511019=:46670" Subject: if_dc - ADMTek AN983B problem (solution) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jun 2003 23:43:44 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-615467604-1054511019=:46670 Content-Type: TEXT/PLAIN; charset=US-ASCII Problem: if_dc driver fails to read MAC address from AN983B (on-board ethernet on MSI motherboard in this case). Not only does it get the wrong value of MAC address, but it permanently trashes the EEPROM contents, so that it is necessary to use the manufacturer's utility to re-set the MAC address in the EEPROM before it will work again in Windows. Analysis: if_dc only claims to support the AN985B, not the AN983B, though they appear from the datasheet to be the equivalent and have the same device ID ('985 is cardbus, '983 is ordinary PCI). If the EEPROM reading code in the driver is commented out, the driver works OK and the EEPROM is not corrupted. I had expected this to be the usual sort of problem with on-motherboard devices being configured in a non-standard way (and maybe storing the MAC address elsewhere), but in fact it seems to be a perfectly standard implementation with an EEPROM dedicated to the AN983B (adjacent to it on the PCB). Solution: For this device, the only thing that the driver attempts to read from the EEPROM is the MAC address. However, according to the datasheet (and confirmed by testing) the MAC address is automatically loaded into the PAR0/PAR1 registers after reset, so we can simply read it from those registers directly rather than doing the bit twiddling to access the EEPROM by brute force. The enclosed patch does this, and works well for me (I've minimised the changes, so only 3 lines of diff). I'm working in RELENG_4, but there have been no relevant changes to the driver and the patch applies unchanged to -current too. Caveats: I only have this one type of motherboard for testing; I don't have any AN985B cards to see if my patch upsets them. Also, the driver treats the "Accton EN2242" as equivalent to the AN985B - I'm guessing that this is just a card built from the AN983B but using different vendor/device Ids for branding purposes, so I've made my patch apply to these too, but again I can't test. The code that I've replaced looks a bit odd: it seems to read the MAC address from a copy of the EEPROM in the softc that it recorded earlier, then immediately over-writes that by reading it directly from the EEPROM again. Did this ever work? --0-615467604-1054511019=:46670 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="if_dc.patch" Content-Transfer-Encoding: BASE64 Content-ID: <20030602004339.H46670@server.arg.sj.co.uk> Content-Description: Content-Disposition: attachment; filename="if_dc.patch" SW5kZXg6IGlmX2RjLmMNCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0NClJDUyBm aWxlOiAvdXNyL2N2c2Jhc2UvcmVwb3NpdG9yeS9zcmMvc3lzL3BjaS9pZl9k Yy5jLHYNCnJldHJpZXZpbmcgcmV2aXNpb24gMS45LjIuNDENCmRpZmYgLXUg LXIxLjkuMi40MSBpZl9kYy5jDQotLS0gaWZfZGMuYwk1IE1hciAyMDAzIDE4 OjQyOjMzIC0wMDAwCTEuOS4yLjQxDQorKysgaWZfZGMuYwkxIEp1biAyMDAz IDIzOjM1OjE0IC0wMDAwDQpAQCAtMTg3MSw3ICsxODcxLDcgQEANCiAJCXNj LT5kY19mbGFncyB8PSBEQ19UWF9VU0VfVFhfSU5UUjsNCiAJCXNjLT5kY19m bGFncyB8PSBEQ19UWF9BRE1URUtfV0FSOw0KIAkJc2MtPmRjX3Btb2RlID0g RENfUE1PREVfTUlJOw0KLQkJZGNfcmVhZF9zcm9tKHNjLCBzYy0+ZGNfcm9t d2lkdGgpOw0KKwkJLyogRG9uJ3QgcmVhZCBTUk9NIGZvciAtIGF1dG8tbG9h ZGVkIG9uIHJlc2V0CSovDQogCQlicmVhazsNCiAJY2FzZSBEQ19ERVZJQ0VJ RF85ODcxMzoNCiAJY2FzZSBEQ19ERVZJQ0VJRF85ODcxM19DUDoNCkBAIC0x OTk0LDkgKzE5OTQsOCBAQA0KIAkJYnJlYWs7DQogCWNhc2UgRENfVFlQRV9B TDk4MToNCiAJY2FzZSBEQ19UWVBFX0FOOTg1Og0KLQkJYmNvcHkoJnNjLT5k Y19zcm9tW0RDX0FMX0VFX05PREVBRERSXSwgKGNhZGRyX3QpJmVhZGRyLA0K LQkJICAgIEVUSEVSX0FERFJfTEVOKTsNCi0JCWRjX3JlYWRfZWVwcm9tKHNj LCAoY2FkZHJfdCkmZWFkZHIsIERDX0FMX0VFX05PREVBRERSLCAzLCAwKTsN CisJCSoodV9pbnQzMl90ICopKCZlYWRkclswXSkgPSBDU1JfUkVBRF80KHNj LCBEQ19BTF9QQVIwKTsNCisJCSoodV9pbnQxNl90ICopKCZlYWRkcls0XSkg PSBDU1JfUkVBRF80KHNjLCBEQ19BTF9QQVIxKTsNCiAJCWJyZWFrOw0KIAlj YXNlIERDX1RZUEVfQ09ORVhBTlQ6DQogCQliY29weShzYy0+ZGNfc3JvbSAr IERDX0NPTkVYQU5UX0VFX05PREVBRERSLCAmZWFkZHIsIDYpOw0K --0-615467604-1054511019=:46670-- From owner-freebsd-net@FreeBSD.ORG Sun Jun 1 23:51:14 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 921F237B401 for ; Sun, 1 Jun 2003 23:51:14 -0700 (PDT) Received: from silver.he.iki.fi (silver.he.iki.fi [193.64.42.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5CB4E43F75 for ; Sun, 1 Jun 2003 23:51:13 -0700 (PDT) (envelope-from pete@he.iki.fi) Received: from PETEX31 (h81.vuokselantie10.fi [193.64.42.129]) by silver.he.iki.fi (8.12.9/8.11.4) with SMTP id h526pAk8011531; Mon, 2 Jun 2003 09:51:10 +0300 (EEST) (envelope-from pete@he.iki.fi) Message-ID: <00d701c328d3$54612910$812a40c1@PETEX31> From: "Petri Helenius" To: "Chuck Swiger" , References: <001f01c32831$296b9210$812a40c1@PETEX31><3EDA498D.3000307@mac.com> <008f01c32875$c210c730$812a40c1@PETEX31> <3EDA5A7F.6060204@mac.com> Date: Mon, 2 Jun 2003 09:50:59 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: ipfw and hostnames X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 06:51:14 -0000 > > If your firewall needs to perform *any* DNS queries, what happens if the DNS > server(s) are down or unreachable when the firewall tries to restart? Does it > fail in a way that you are happy with? > Thatīs an another defect in ipfw client utility, it stops processing rules if it fails to lookup something. There should at least be a switch to allow it to continue and ignore the lines it cannot do. And in case you were wondering, I donīt believe in perimeter security, so we run packet filters on all machines, not just on something some people call the magic-security-device-on-the-border alias "firewall". Pete From owner-freebsd-net@FreeBSD.ORG Mon Jun 2 04:48:34 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 90D1537B401 for ; Mon, 2 Jun 2003 04:48:34 -0700 (PDT) Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id E47EE43FA3 for ; Mon, 2 Jun 2003 04:48:33 -0700 (PDT) (envelope-from newbsdguy@attbi.com) Received: from australia (unknown[208.255.47.30]) by attbi.com (rwcrmhc51) with SMTP id <20030602114833051002pb2ge> (Authid: newbsdguy@attbi.com); Mon, 2 Jun 2003 11:48:33 +0000 From: "Jeff Opie" To: Date: Mon, 2 Jun 2003 06:48:12 -0500 Message-ID: <009301c328fc$d9340300$4d01a8c0@paynetonline.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Intel PRO/1000 and BRIDGE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 11:48:34 -0000 I have a Dell PE1650 server with dual on-board Intel 82544 NICs which is intended to be an external firewall using options BRIDGE, IPFIREWALL, etc. =A0 Packets are not being passed from em0 to em1. I have tried 4.7-Release (em driver 1.3.4), 4.8-Release (em driver 1.4.10) and the current 1.5.31 em driver, all with the same result.=20 =A0 Does anyone have BRIDGE support working with the em driver? =A0 Some diagnostic info: =A0 I have tcpdump output from em0 and em1. The configuration is as follows: =A0 external addresses 208.255.47.16 (255.255.255.240) internal addresses 192.168.1.1 (255.255.255.0) =A0 =95=A0=A0=A0=A0=A0=A0=A0=A0 Internet access to Cisco 2600 router at = address 208.255.47.17 (netmask 255.255.255.240). =95=A0=A0=A0=A0=A0=A0=A0=A0 Dell pe1650 (this is the BRIDGE box) o=A0=A0=A0=A0=A0=A0=A0 em0 at 208.255.47.29 - input from Cisco 2600=20 o=A0=A0=A0=A0=A0=A0=A0 em1 - no assigned address - output to Cisco 2900 switch(1)(Japan) =95=A0=A0=A0=A0=A0=A0=A0=A0 NAT box (FreeBSD) o=A0=A0=A0=A0=A0=A0=A0 208.255.47.30 (fxp0) input from Cisco 2900 = switch(1) o=A0=A0=A0=A0=A0=A0=A0 192.168.1.1 (fxp1) output to Cisco 2900 switch(2) o=A0=A0=A0=A0=A0=A0=A0 All internal users connected to 2900 switch(2) =95=A0=A0=A0=A0=A0=A0=A0=A0 Name servers 198.6.1.195, 198.6.1.122 =A0 Mail trying to get in from outside. Applications trying to get out:=20 =95=A0=A0=A0=A0=A0=A0=A0=A0 gotomypc =95=A0=A0=A0=A0=A0=A0=A0=A0 Browser to www.yahoo.com =A0tcpdump on em0: =A0 > tcpdump -r tcpem0.log 07:00:20.760264 802.1d config TOP_CHANGE 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:00:21.337076 208.255.47.30.17739 > paynetonline.com.pop3: S 2821828019:2821828019(0) win 64240 (DF) 07:00:22.762997 802.1d config TOP_CHANGE 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:00:24.326340 208.255.47.30.17739 > paynetonline.com.pop3: S 2821828019:2821828019(0) win 64240 (DF) 07:00:24.465501 208.255.47.30.17738 > paynetonline.com.pop3: S 2672892996:2672892996(0) win 16384 (DF) 07:00:24.765731 802.1d config TOP_CHANGE 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:00:26.768455 802.1d config TOP_CHANGE 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:00:28.771209 802.1d config TOP_CHANGE 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:00:30.335287 208.255.47.30.17739 > paynetonline.com.pop3: S 2821828019:2821828019(0) win 64240 (DF) 07:00:30.773946 802.1d config TOP_CHANGE 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:00:32.408094 CDP v2, ttl=3D180s DevID 'japan' Addr (1): IPv4 192.168.1.14 PortID 'FastEthernet0/4' CAP 0x0a[|cdp] 07:00:32.778826 802.1d config TOP_CHANGE 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:00:34.779675 802.1d config TOP_CHANGE 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:00:36.579422 208.255.47.30.17740 > mail.attbi.com.pop3s: S 2825668862:2825668862(0) win 64240 (DF) 07:00:36.782171 802.1d config TOP_CHANGE 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:00:38.784876 802.1d config TOP_CHANGE 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:00:39.548940 208.255.47.30.17740 > mail.attbi.com.pop3s: S 2825668862:2825668862(0) win 64240 (DF) 07:00:40.787711 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:00:42.371188 208.255.47.30.17741 > paynetonline.com.pop3: S 2827294789:2827294789(0) win 64240 (DF) 07:00:42.790396 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 > tcpdump on em1: =A0 > tcpdump -r tcpem1.log 07:00:59.716659 208.255.47.30.17746 > cache06.ns.uu.net.domain:=A0 2255 PTR? 1.0.0.127.in-addr.arpa. (40) 07:01:00.640335 208.255.47.30.17744 > cache05.ns.uu.net.domain:=A0 481+ = A? mail.attbi.com. (32) 07:01:00.717579 208.255.47.30.17746 > cache06.ns.uu.net.domain:=A0 2255 PTR? 1.0.0.127.in-addr.arpa. (40) 07:01:00.816704 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:00.845695 208.255.47.30.17745 > paynetonline.com.pop3: S 2974090183:2974090183(0) win 16384 (DF) 07:01:01.719021 208.255.47.30.17746 > cache06.ns.uu.net.domain:=A0 2255 PTR? 1.0.0.127.in-addr.arpa. (40) 07:01:02.643299 208.255.47.30.17744 > cache05.ns.uu.net.domain:=A0 481+ = A? mail.attbi.com. (32) 07:01:02.821114 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:03.401722 208.255.47.30.17747 > paynetonline.com.pop3: S 2832708953:2832708953(0) win 64240 (DF) 07:01:04.820883 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:06.388796 208.255.47.30.17747 > paynetonline.com.pop3: S 2832708953:2832708953(0) win 64240 (DF) 07:01:06.649256 208.255.47.30.17744 > cache05.ns.uu.net.domain:=A0 481+ = A? mail.attbi.com. (32) 07:01:06.823285 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:06.865166 208.255.47.30.17745 > paynetonline.com.pop3: S 2974090183:2974090183(0) win 16384 (DF) 07:01:08.826024 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:10.828782 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:12.397725 208.255.47.30.17747 > paynetonline.com.pop3: S 2832708953:2832708953(0) win 64240 (DF) 07:01:12.831525 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:14.683010 208.255.47.30.17748 > cache05.ns.uu.net.domain:=A0 482 PTR? 1.0.0.127.in-addr.arpa. (40) 07:01:14.834256 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:15.682707 208.255.47.30.17748 > cache05.ns.uu.net.domain:=A0 482 PTR? 1.0.0.127.in-addr.arpa. (40) 07:01:16.642873 208.255.47.30.17749 > cache05.ns.uu.net.domain:=A0 483+ = A? www.yahoo.com. (31) 07:01:16.684454 208.255.47.30.17748 > cache05.ns.uu.net.domain:=A0 482 PTR? 1.0.0.127.in-addr.arpa. (40) 07:01:16.839957 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:17.635682 208.255.47.30.17749 > cache05.ns.uu.net.domain:=A0 483+ = A? www.yahoo.com. (31) 07:01:18.839977 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:19.638545 208.255.47.30.17749 > cache05.ns.uu.net.domain:=A0 483+ = A? www.yahoo.com. (31) 07:01:20.842494 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:21.641621 208.255.47.30.17749 > cache05.ns.uu.net.domain:=A0 483+ = A? www.yahoo.com. (31) 07:01:22.845540 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:24.429478 208.255.47.30.17750 > paynetonline.com.pop3: S 2838098001:2838098001(0) win 64240 (DF) 07:01:24.847967 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:25.647467 208.255.47.30.17749 > cache05.ns.uu.net.domain:=A0 483+ = A? www.yahoo.com. (31) 07:01:26.850711 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:27.420073 208.255.47.30.17750 > paynetonline.com.pop3: S 2838098001:2838098001(0) win 64240 (DF) 07:01:28.853459 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:30.859518 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:32.427419 CDP v2, ttl=3D180s DevID 'japan' Addr (1): IPv4 192.168.1.14 PortID 'FastEthernet0/4' CAP 0x0a[|cdp] 07:01:32.858945 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:33.428935 208.255.47.30.17750 > paynetonline.com.pop3: S 2838098001:2838098001(0) win 64240 (DF) 07:01:33.430027 208.255.47.30.17751 > cache06.ns.uu.net.domain:=A0 2256+ A? poll.gotomypc.com. (35) 07:01:33.650000 208.255.47.30.17752 > cache05.ns.uu.net.domain:=A0 484 PTR? 1.0.0.127.in-addr.arpa. (40) 07:01:34.425832 208.255.47.30.17751 > cache06.ns.uu.net.domain:=A0 2256+ A? poll.gotomypc.com. (35) 07:01:34.651009 208.255.47.30.17752 > cache05.ns.uu.net.domain:=A0 484 PTR? 1.0.0.127.in-addr.arpa. (40) 07:01:34.861686 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:35.652482 208.255.47.30.17752 > cache05.ns.uu.net.domain:=A0 484 PTR? 1.0.0.127.in-addr.arpa. (40) 07:01:36.428712 208.255.47.30.17751 > cache06.ns.uu.net.domain:=A0 2256+ A? poll.gotomypc.com. (35) 07:01:36.864733 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:38.431708 208.255.47.30.17753 > cache05.ns.uu.net.domain:=A0 2256+ A? poll.gotomypc.com. (35) 07:01:38.431772 208.255.47.30.17751 > cache06.ns.uu.net.domain:=A0 2256+ A? poll.gotomypc.com. (35) 07:01:38.867169 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:40.869910 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:42.437329 208.255.47.30.17753 > cache05.ns.uu.net.domain:=A0 2256+ A? poll.gotomypc.com. (35) 07:01:42.437412 208.255.47.30.17751 > cache06.ns.uu.net.domain:=A0 2256+ A? poll.gotomypc.com. (35) 07:01:42.872647 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:44.878281 802.1d config 8000.00:05:32:98:35:80.8010 root 8000.00:05:32:98:35:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 07:01:45.461321 208.255.47.30.17754 > paynetonline.com.pop3: S 2843466202:2843466202(0) win 64240 (DF) > This looks a lot different than output from the current operational BRIDGE box (promiscuous mode on fxp0, fxp1) which I want to replace. Please let me know if I can supply more info. =A0 ]hanks in advance -=20 =A0 Jeff Opie newbsdguy@attbi.com =A0 =A0 =A0 =A0 =A0 From owner-freebsd-net@FreeBSD.ORG Mon Jun 2 09:01:39 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E6E0437B401 for ; Mon, 2 Jun 2003 09:01:39 -0700 (PDT) Received: from out001.verizon.net (out001pub.verizon.net [206.46.170.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2023743F3F for ; Mon, 2 Jun 2003 09:01:39 -0700 (PDT) (envelope-from cswiger@mac.com) Received: from mac.com ([129.44.60.214]) by out001.verizon.net (InterMail vM.5.01.05.33 201-253-122-126-133-20030313) with ESMTP id <20030602160138.ZRHB12592.out001.verizon.net@mac.com> for ; Mon, 2 Jun 2003 11:01:38 -0500 Message-ID: <3EDB74E8.8020406@mac.com> Date: Mon, 02 Jun 2003 12:01:44 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030507 X-Accept-Language: en-us, en MIME-Version: 1.0 Cc: freebsd-net@freebsd.org References: <001f01c32831$296b9210$812a40c1@PETEX31><3EDA498D.3000307@mac.com> <008f01c32875$c210c730$812a40c1@PETEX31> <3EDA5A7F.6060204@mac.com> <00d701c328d3$54612910$812a40c1@PETEX31> In-Reply-To: <00d701c328d3$54612910$812a40c1@PETEX31> X-Enigmail-Version: 0.75.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Authentication-Info: Submitted using SMTP AUTH at out001.verizon.net from [129.44.60.214] at Mon, 2 Jun 2003 11:01:38 -0500 Subject: Re: ipfw and hostnames X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 16:01:40 -0000 Petri Helenius wrote: [ ... ] > Thatīs an another defect in ipfw client utility, it stops processing rules if > it fails to lookup something. There should at least be a switch to allow > it to continue and ignore the lines it cannot do. If you really want to use names instead of IP addresses, try somthing like the following from /etc/rc.conf: #firewall_type='/etc/MY_firewall' #firewall_flags='-p /usr/bin/cpp' ...and /etc/MY_firewall: #### # set these to your inside interface network and netmask and ip #define IIF sis0 #define INET 192.168.1.0/24 #define IIP 192.168.1.2 #define OIF fxp0 #define ONET xxx #define OIP xxx #define LOCALHOST 127.0.0.1 #define HOST1 1.2.3.4 # port number ranges #define LOPORTS 1-1023 #define HIPORTS 1024-65535 #### # Bandwidth limitation add 10 pipe 11 tcp from any to any in via IIF add pipe 11 udp from any to any in via IIF add pipe 11 ip from any to any in via IIF pipe 11 config queue 60 add pipe 12 tcp from any to any out via IIF add pipe 12 udp from any to any out via IIF add pipe 12 ip from any to any out via IIF pipe 12 config queue 60 # add rules here add 65000 allow ip from any to any > And in case you were wondering, I donīt believe in perimeter security, > so we run packet filters on all machines, not just on something some people > call the magic-security-device-on-the-border alias "firewall". It's certainly true that good security consists of more than just a magic box called a firewall. If you configure your hosts securely so that they are safe even without a "packet filtering router", you'll be doing much better than average. That being said, saying "I don't believe in perimeter security" is akin to saying "I don't see a difference between a network and a group of hosts". -- -Chuck From owner-freebsd-net@FreeBSD.ORG Mon Jun 2 12:23:56 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E793E37B401 for ; Mon, 2 Jun 2003 12:23:56 -0700 (PDT) Received: from web13906.mail.yahoo.com (web13906.mail.yahoo.com [216.136.175.69]) by mx1.FreeBSD.org (Postfix) with SMTP id A0F8D43F3F for ; Mon, 2 Jun 2003 12:23:56 -0700 (PDT) (envelope-from zam4ever@yahoo.com) Message-ID: <20030602192356.67975.qmail@web13906.mail.yahoo.com> Received: from [219.95.184.85] by web13906.mail.yahoo.com via HTTP; Mon, 02 Jun 2003 20:23:56 BST Date: Mon, 2 Jun 2003 20:23:56 +0100 (BST) From: =?iso-8859-1?q?zam?= To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: inconsistent downloading rate X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 19:23:57 -0000 this is my first post in this ML. i'm using d-link 538TX NIC and my freebsd recognize it as a rl0. when i'm downloading from my ftp server (other computer) with basic configuration maximum rate 200KBps, my freebsd box able to get only 80KBps max. the strange thing is when i using MS XP (don't hate it ^_^), i'm able to get 190-200KBPS, so i try to figure out why this thing happen. cheers, zam __________________________________________________ Yahoo! Plus - For a better Internet experience http://uk.promotions.yahoo.com/yplus/yoffer.html From owner-freebsd-net@FreeBSD.ORG Mon Jun 2 23:04:52 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2AB1837B401 for ; Mon, 2 Jun 2003 23:04:52 -0700 (PDT) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 5B5DE43FA3 for ; Mon, 2 Jun 2003 23:04:51 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 51360 invoked from network); 3 Jun 2003 06:04:50 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 3 Jun 2003 06:04:50 -0000 X-pair-Authenticated: 209.68.2.70 Date: Tue, 3 Jun 2003 01:03:46 -0500 (CDT) From: Mike Silbersack To: "Giovanni P. Tirloni" In-Reply-To: <20030601202247.GD70289@pixies.tirloni.org> Message-ID: <20030603010252.A26034@odysseus.silby.com> References: <20030601202247.GD70289@pixies.tirloni.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Fw: Very weird network behaviour with 4.7-RELEASE-p10 (large) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 06:04:52 -0000 On Sun, 1 Jun 2003, Giovanni P. Tirloni wrote: > I'm forwarding this here in case anyone wants to take a look. > > ----- Forwarded message from "Giovanni P. Tirloni" ----- > > Date: Sun, 1 Jun 2003 04:12:55 -0300 > From: "Giovanni P. Tirloni" > To: freebsd-stable@freebsd.org > User-Agent: Mutt/1.5.3i > Subject: Very weird network behaviour with 4.7-RELEASE-p10 (large) > > Hi, > > I have been doing some tests using hping2 and TCP SYN > pings targeting local and remote hosts from two FreeBSD > 4.7-RELEASE-p10 and one Linux 2.4.18 host. > > The three machines have the same hardware configuration > and have been running for 6 months now. The average load > isnt too high (usually 0.01 to 0.15) on the FreeBSD machines. I'm not sure I see anything strange here, could you be more specific? All the duplicate packets just look like syn-ack retransmissions. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Tue Jun 3 04:05:32 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA54337B401 for ; Tue, 3 Jun 2003 04:05:32 -0700 (PDT) Received: from pasmtp.tele.dk (pasmtp.tele.dk [193.162.159.95]) by mx1.FreeBSD.org (Postfix) with ESMTP id C681943FA3 for ; Tue, 3 Jun 2003 04:05:31 -0700 (PDT) (envelope-from krask@isupport.dk) Received: from pc100 (0x50a3814c.unknown.tele.dk [80.163.129.76]) by pasmtp.tele.dk (Postfix) with SMTP id 727581EC3B2 for ; Tue, 3 Jun 2003 13:05:30 +0200 (CEST) Message-ID: <008101c329bf$2a164220$0a01a8c0@example.org> From: "Kristian Rask" To: Date: Tue, 3 Jun 2003 12:59:06 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Subject: Problem w. DDOS and ipfw (5.0-R) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 11:05:33 -0000 Hi I have a machine running 5.0-R on a 1400 Celeron w. 256Megs=20 It has an em Intel gigabit interface and an xl 3com nic The machine is directly connected to a 100MBit internet link (Fiber w. = media converter) The machine act as a packetfilter and gateway for a /27 net. In the /27 net is two web servers running IIS-5 These web servers are subject to an ongoing denial of service attack. by logging and sorting the output according to SRC IP it becomes very = evident who attacks (large nr. of setups) and who doesnt.. (who are regular users) = apparently 100-400+ machines are=20 hammering at the site and they are occasinally replaced by new machines = (IP's). How should one go about automating the process of converting the gained = knowledge from the logfiles into ipfw rules ? if we use "limit-src" the machine dies within =BD a minute w. something = like "To many dynamic rules, rebooting in 10 seconds"=20 50-65% of the total load is interrupts... (according to top) Any recomendations for NIC's that produces less interrupts due to = caching etc ? Any other ideas as how to cope, overcome and prepare for massive DDOS = attacks are very welcome. regards & TIA Kristian =20 From owner-freebsd-net@FreeBSD.ORG Tue Jun 3 04:15:04 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2100637B401 for ; Tue, 3 Jun 2003 04:15:04 -0700 (PDT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id ECF6243FB1 for ; Tue, 3 Jun 2003 04:15:02 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.8p1/8.12.3) with ESMTP id h53BF1Qg049364; Tue, 3 Jun 2003 04:15:01 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.8p1/8.12.3/Submit) id h53BF1Co049363; Tue, 3 Jun 2003 04:15:01 -0700 (PDT) (envelope-from rizzo) Date: Tue, 3 Jun 2003 04:15:01 -0700 From: Luigi Rizzo To: Kristian Rask Message-ID: <20030603041501.B49218@xorpc.icir.org> References: <008101c329bf$2a164220$0a01a8c0@example.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5.1i In-Reply-To: <008101c329bf$2a164220$0a01a8c0@example.org>; from krask@isupport.dk on Tue, Jun 03, 2003 at 12:59:06PM +0200 cc: freebsd-net@freebsd.org Subject: Re: Problem w. DDOS and ipfw (5.0-R) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 11:15:04 -0000 certainly the box should not die, so there might be a bug in that part of the ipfw code. However, as a general principle, you should avoid to create a setup where dynamic rules are created by incoming traffic, as you are making yourself a victim for DoS attacks. Also, if you are having performance problems, perhaps you should run 4.8 instead of 5.0, and use polling on the "em" side ("xl" does not support it yet). cheers luigi On Tue, Jun 03, 2003 at 12:59:06PM +0200, Kristian Rask wrote: > Hi > > I have a machine running 5.0-R on a 1400 Celeron w. 256Megs > It has an em Intel gigabit interface and an xl 3com nic > > The machine is directly connected to a 100MBit internet link (Fiber w. media converter) > > The machine act as a packetfilter and gateway for a /27 net. > > In the /27 net is two web servers running IIS-5 > > These web servers are subject to an ongoing denial of service attack. > by logging and sorting the output according to SRC IP it becomes very evident who > attacks (large nr. of setups) and who doesnt.. (who are regular users) apparently 100-400+ machines are > hammering at the site and they are occasinally replaced by new machines (IP's). > > How should one go about automating the process of converting the gained knowledge from the logfiles into ipfw rules ? > > if we use "limit-src" the machine dies within ― a minute w. something like "To many dynamic rules, rebooting in 10 seconds" > > 50-65% of the total load is interrupts... (according to top) > > Any recomendations for NIC's that produces less interrupts due to caching etc ? > > Any other ideas as how to cope, overcome and prepare for massive DDOS attacks are very welcome. > > regards & TIA > > Kristian > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Tue Jun 3 05:08:44 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0093637B401 for ; Tue, 3 Jun 2003 05:08:44 -0700 (PDT) Received: from raven.ecs.soton.ac.uk (raven.ecs.soton.ac.uk [152.78.70.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id C448C43F93 for ; Tue, 3 Jun 2003 05:08:42 -0700 (PDT) (envelope-from kwl02r@ecs.soton.ac.uk) Received: from pigeon.ecs.soton.ac.uk (ns1 [152.78.68.1]) by raven.ecs.soton.ac.uk (8.9.3/8.9.3) with ESMTP id NAA27046 for ; Tue, 3 Jun 2003 13:08:41 +0100 (BST) Received: from kaiwen (kaiwen [152.78.66.89]) by pigeon.ecs.soton.ac.uk (8.9.3p2/8.9.3) with SMTP id NAA09366 for ; Tue, 3 Jun 2003 13:08:41 +0100 (BST) Message-ID: <012901c329c8$da7bcb90$59424e98@kaiwen> From: "Calvin Lien" To: Date: Tue, 3 Jun 2003 13:08:32 +0100 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: about sys/proc.h X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 12:08:44 -0000 I want to write some network programs on Redhat. But I have already = found a similar one on the BSD.=20 I want to use his idea on my program. But face some problems as follow: 1. What kind of structs are defined under sys/proc.h ? Is there any = similar header file defined under redhat (Because i cannot find on = redhat)? 2. What kind of structs are defined under sys/signalvar.h, sys/protosw.h = and sys/sysproto.h? Are there any similar headers defined under redhat? 3. Because I am running redhat now (for my program). Is there any websit = I can find source codes as described above? Thanks for your help. Kai-Wen, Lien Dep. of ECS 023 80592422 ext 22422 Email:- kwl02r@ecs.soton.ac.uk From owner-freebsd-net@FreeBSD.ORG Tue Jun 3 06:37:25 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 79F4B37B401; Tue, 3 Jun 2003 06:37:25 -0700 (PDT) Received: from amsfep14-int.chello.nl (amsfep14-int.chello.nl [213.46.243.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id DA2D843F3F; Tue, 3 Jun 2003 06:37:23 -0700 (PDT) (envelope-from girgen@pingpong.net) Received: from palle.girgensohn.se ([213.89.138.245]) by amsfep14-int.chello.nlESMTP <20030603133722.ZQLD17933.amsfep14-int.chello.nl@palle.girgensohn.se>; Tue, 3 Jun 2003 15:37:22 +0200 Received: from localhost (localhost [127.0.0.1]) by palle.girgensohn.se (8.12.9/8.12.9) with ESMTP id h53DbLsx026617; Tue, 3 Jun 2003 15:37:21 +0200 (CEST) (envelope-from girgen@pingpong.net) Date: Tue, 03 Jun 2003 15:37:21 +0200 From: Palle Girgensohn To: freebsd-net@freebsd.org, freebsd-hardware@freebsd.org Message-ID: <176830000.1054647441@palle.girgensohn.se> X-Mailer: Mulberry/3.0.3 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: fxp0: device timeout | SCB already complete. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 13:37:25 -0000 Hi! When I run network backups, one of our FreeBSD machines (backup client) get NIC timeouts and warnings from the scsi driver: Jun 3 14:50:12 melon /kernel: fxp0: device timeout Jun 3 14:50:36 melon /kernel: fxp0: device timeout Jun 3 14:51:03 melon /kernel: fxp0: device timeout Jun 3 14:51:38 melon /kernel: fxp0: device timeout Jun 3 14:52:41 melon /kernel: ahc0: Timedout SCB already complete. Interrupts may not be functioning. Jun 3 14:53:12 melon /kernel: fxp0: device timeout Both machines are on a hubbed 100 Mbit/s half duplex network. Looking at the traffic with netstat -d 1, I see that as soon as the traffic increases, there is a timeout and traffic stops, after with the net is reachable again. This goes on and on. It only happens when there is much traffic on both NIC and SCSI, it seems (alas when running backups...) Since there was a second NIC, it tried connecting it to the server using that NIC through a switch, on a private network, but then the machine nearly crashed, or at least came to a grinding halt. It seems, as soon as I pulled the ethernet cable it came back. This happened without any backup running... To me, this sounds like some odd interrupt problem? It is a PCI machine with an Intel ?x440 (if memory serves me right) and dual CPUs 400 Mhz, running freebsd-4.7p2. Any ideas where to look, how to debug or what to do? Thanks Palle From owner-freebsd-net@FreeBSD.ORG Tue Jun 3 08:03:17 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A9A7A37B401 for ; Tue, 3 Jun 2003 08:03:17 -0700 (PDT) Received: from mailhost.stack.nl (vaak.stack.nl [131.155.140.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id CA9EB43F75 for ; Tue, 3 Jun 2003 08:03:16 -0700 (PDT) (envelope-from marcolz@stack.nl) Received: by mailhost.stack.nl (Postfix, from userid 65534) id 1D89B1F003; Tue, 3 Jun 2003 17:03:16 +0200 (CEST) Received: from turtle.stack.nl (turtle.stack.nl [2001:610:1108:5010:2e0:81ff:fe22:51d8]) by mailhost.stack.nl (Postfix) with ESMTP id 017621F001; Tue, 3 Jun 2003 17:03:12 +0200 (CEST) Received: by turtle.stack.nl (Postfix, from userid 333) id E59141CC2E; Tue, 3 Jun 2003 17:03:11 +0200 (CEST) Date: Tue, 3 Jun 2003 17:03:11 +0200 From: Marc Olzheim To: Calvin Lien Message-ID: <20030603150311.GA36036@stack.nl> References: <012901c329c8$da7bcb90$59424e98@kaiwen> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <012901c329c8$da7bcb90$59424e98@kaiwen> X-Operating-System: FreeBSD turtle.stack.nl 5.1-BETA FreeBSD 5.1-BETA X-URL: http://www.stack.nl/~marcolz/ User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=-32.5 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES, REPLY_WITH_QUOTES,USER_AGENT_MUTT version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) cc: freebsd-net@freebsd.org Subject: Re: about sys/proc.h X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 15:03:18 -0000 On Tue, Jun 03, 2003 at 01:08:32PM +0100, Calvin Lien wrote: > I want to write some network programs on Redhat. But I have already found a similar one on the BSD. > I want to use his idea on my program. But face some problems as follow: > 1. What kind of structs are defined under sys/proc.h ? Is there any similar header file defined under redhat (Because i cannot find on redhat)? > 2. What kind of structs are defined under sys/signalvar.h, sys/protosw.h and sys/sysproto.h? Are there any similar headers defined under redhat? > 3. Because I am running redhat now (for my program). Is there any websit I can find source codes as described above? > Thanks for your help. You can find all sources in the CVS repository: For example: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/sys/proc.h Zlo From owner-freebsd-net@FreeBSD.ORG Tue Jun 3 08:21:33 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB98537B401; Tue, 3 Jun 2003 08:21:33 -0700 (PDT) Received: from vmx2.skoleetaten.oslo.no (vmx2.skoleetaten.oslo.no [193.156.192.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F6C943FAF; Tue, 3 Jun 2003 08:21:32 -0700 (PDT) (envelope-from shamz@nevada.skoleetaten.oslo.no) Received: from smtp.skoleetaten.oslo.no (localhost [127.0.0.1]) by vmx2.skoleetaten.oslo.no (Clean Mail System) with SMTP id BB83079390; Tue, 3 Jun 2003 17:21:30 +0200 (CEST) Received: from nevada.skoleetaten.oslo.no (nevada.skoleetaten.oslo.no [193.156.192.131]) by smtp.skoleetaten.oslo.no (Clean Mail System) with ESMTP id 93B46792DD; Tue, 3 Jun 2003 17:21:30 +0200 (CEST) Received: from nevada.skoleetaten.oslo.no (localhost [127.0.0.1]) h53FLUOU036784; Tue, 3 Jun 2003 17:21:30 +0200 (CEST) (envelope-from shamz@nevada.skoleetaten.oslo.no) Received: (from shamz@localhost)h53FLNIl036783; Tue, 3 Jun 2003 17:21:23 +0200 (CEST) Date: Tue, 3 Jun 2003 17:21:23 +0200 From: Shaun Jurrens To: freebsd-net@freebsd.org, freebsd-hardware@freebsd.org Message-ID: <20030603152123.GM98443@nevada.skoleetaten.oslo.no> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="9ToWwKEyhugL+MAz" Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Operating-System: FreeBSD 4.8-RELEASE Subject: fxp0: device timeout | SCB already complete (me too) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 15:21:34 -0000 --9ToWwKEyhugL+MAz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I hate to say it, but I've had these for months starting at 4.6-stable and continuing up to at least the latest 4.7-RRELEASE-p* . I have one=20 dual -current box that has exibited the same behaviour as well. The boxes work just fine with the xl0 driver. Lots of different motherboards and processors (all PIII) and a number of different Intel card revisions. I can't run my squid boxes on fxp cards _at all_ for example, the fxp driver will take the box down with it. On my firewalls it's locked up the=20 interfaces numerous times. The only suggestion I can offer at the moment is to try various card=20 placements over your PCI slots. I've found stability using one of the first two slots for my Adaptec controller (2940U[2]W, 29160[N]) and the rest for the Intel nics. This happens both with or without POLLING enabled. I've tried a number of combinations of POLLING enabled/disabled, not=20 compiled in and different HZ settings. Obviously no POLLING on my SMP=20 boxes. I know one or two others that have had problems with this too, but haven't= =20 had the time or equipment at hand to work with any developers on getting this fixed. I guess I got the equipment now (various PIII UP/SMP boards from Gigabyte, Asus) and a little time if anyone wants to bite. My guess is that the POLLING commits broke something, but that's just a=20 guess. I don't have any dc cards here, and no one has ever complained=20 about either them or the rl cards timing out. There also seems to be a definite correlation between the fxp problem and the ahc driver. Ok, the rest of the "me too's" should now chime in with a bit of time and energy. There's also a PR open on this: kern/45568 . --=20 Med vennlig hilsen/Sincerely, Shaun D. Jurrens Drift og Sikkerhetskonsulent IKT-Avdeling Oslo Skoleetaten gpg key fingerprint: 007A B6BD 8B1B BAB9 C583 2D19 3A7F 4A3E F83E 84AE --9ToWwKEyhugL+MAz Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+3LzzOn9KPvg+hK4RAv8hAKCHiW6Kc4bYNtXAe1oZ+wZxKnjXIgCeJv0m 68xuOi/dWy9FYXxoCALnJ/U= =Wr+2 -----END PGP SIGNATURE----- --9ToWwKEyhugL+MAz-- From owner-freebsd-net@FreeBSD.ORG Tue Jun 3 22:57:48 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1D08037B401 for ; Tue, 3 Jun 2003 22:57:48 -0700 (PDT) Received: from dartagnan.telusquebec.com (dartagnan.telusquebec.com [142.169.1.123]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F18543F75 for ; Tue, 3 Jun 2003 22:57:47 -0700 (PDT) (envelope-from max-l@globetrotter.net) Received: from localnetinfoz9 (client-66.110.148-129.globetrotter.net [66.110.148.129]) by smtp.globetrotter.net (iPlanet Messaging Server 5.2) freebsd-net@freebsd.org; Wed, 04 Jun 2003 01:57:46 -0400 (EDT) Date: Wed, 04 Jun 2003 01:57:10 -0400 From: Maxime Shatter To: freebsd-net@freebsd.org Message-id: <03d401c32a5e$23acb780$81946e42@localnetinfoz9> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-Priority: 3 X-MSMail-priority: Normal Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: help needed regarding named please X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Maxime Shatter List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 05:57:48 -0000 I got an error while adding a zone in my named configuration, the zone is properly setted and added in named.conf. Here is the error I got in /var/log/message: Jun 4 05:49:36 webhosting named[37915]: master zone "lamedomain.com" (IN) rejected due to errors (serial 2003040614) Jun 4 05:49:36 webhosting named[37915]: zones/lamedomain.com:12: Database error near (ns3.isp.com.) Jun 4 05:49:36 webhosting named[37915]: zones/lamedomain.com:13: Database error near (ns3.isp.com.) Jun 4 05:49:36 webhosting named[37915]: zones/lamedomain.com:15: Database error near (ns3.isp.com.) Can someone help me resolving this please ? Or is there a way that named don't care about that serial and take new zones in charge even if this serial is "not good" ? Thanks in advance for the answer! From owner-freebsd-net@FreeBSD.ORG Wed Jun 4 02:19:40 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1069437B401 for ; Wed, 4 Jun 2003 02:19:40 -0700 (PDT) Received: from majordomo.vol.cz (smtp4.vol.cz [195.250.128.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7011943F3F for ; Wed, 4 Jun 2003 02:19:38 -0700 (PDT) (envelope-from dan@obluda.cz) Received: from obluda.cz (xkulesh.vol.cz [195.250.154.106]) by majordomo.vol.cz (8.12.6p2/8.12.6) with ESMTP id h549JZjS006941 for ; Wed, 4 Jun 2003 11:19:36 +0200 (CEST) (envelope-from dan@obluda.cz) Message-ID: <3EDDA8BE.7000904@obluda.cz> Date: Wed, 04 Jun 2003 10:07:26 +0200 From: Dan Lukes User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4b) Gecko/20030529 X-Accept-Language: cs, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <20030602192356.67975.qmail_web13906.mail.yahoo.com@ns.sol.net> In-Reply-To: <20030602192356.67975.qmail_web13906.mail.yahoo.com@ns.sol.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: inconsistent downloading rate X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 09:19:40 -0000 zam4ever@yahoo.com napsal/wrote, On 06/02/03 21:26: > this is my first post in this ML. i'm using d-link > 538TX NIC and my freebsd recognize it as a rl0. when > i'm downloading from my ftp server (other computer) > with basic configuration maximum rate 200KBps, my > freebsd box able to get only 80KBps max. the strange > thing is when i using MS XP (don't hate it ^_^), i'm > able to get 190-200KBPS, so i try to figure out why > this thing happen. Inconsistent full-duplex/half-duplex setting on rl0. Don't trust 'auto' - set it manually. Dan -- Dan Lukes tel: +420 2 21914205, fax: +420 2 21914206 root of FIONet, KolejNET, webmaster of www.freebsd.cz AKA: dan@obluda.cz, dan@freebsd.cz,dan@kolej.mff.cuni.cz From owner-freebsd-net@FreeBSD.ORG Wed Jun 4 03:09:52 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C691E37B404 for ; Wed, 4 Jun 2003 03:09:52 -0700 (PDT) Received: from pasmtp.tele.dk (pasmtp.tele.dk [193.162.159.95]) by mx1.FreeBSD.org (Postfix) with ESMTP id C15A743FB1 for ; Wed, 4 Jun 2003 03:09:51 -0700 (PDT) (envelope-from krask@isupport.dk) Received: from pc100 (0x50a3814c.unknown.tele.dk [80.163.129.76]) by pasmtp.tele.dk (Postfix) with SMTP id 5F8671EC358 for ; Wed, 4 Jun 2003 12:09:50 +0200 (CEST) Message-ID: <002701c32a80$8dd2f8a0$0a01a8c0@example.org> From: "Kristian Rask" To: Date: Wed, 4 Jun 2003 12:03:26 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Subject: Gear for security (Shields up) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 10:09:53 -0000 Hi all I'm in the situation that i receive 3000+ setups pr. second (for https) = as a result of a DDOS against some webservers. The webservers (MS IIS) are behind a FreeBSD 5.0-R machine that = functions as a packet filter (ipfw) and gateway. The internet link is a 100MBit fiber w. a media converter connected = directly into the bsd box. At present we have a half automated process of looking at logfiles and = generating ipfw rules to deny the setups (SYN) for=20 The webservers. As of right now we have reduced the troughput to the servers from = approx. 3000 to approx. 400-600 pr. second, the problem rightnow is that = the DDOS attack is dynamic.. new src'es comes in and old ones dies. The = definiton of an attack is simply the number of setups made aginst the = server in a short interval.. humans produce maybe 20-80 setups.. so = anything above 200 is assumed to be part of the DDOS attack. And yes.. = We need to establish new rules very fast.. but this is actually slightly = offtopic..=20 The subject is gear =3D Hardware... we can se that the system (presently = a 1400 Celeron w. 256MB) spends approx. 50% of its time servicing = intrerrupts... from assorted places i have heard the following = statements: - Some fxp's can do "ifconfig fxp0 link0" wich should reduce the number = of interrupts - Gigabit adapters have larger onboard caches and more hardware support = to reduce the amount of interrupts I would very much like to hear ppl's recomendation regarding actual = NIC's that are "more ideal" than others and exactly why they are more = ideal. Also... our only way to know that something is an attack is to measure = the amount of setups pr. unit of time. Any ideas as to how one might measure setups/sec. the easiest way (easy = as in "low load on the machine") We are ofcourse aiming for a fully automated process w. real time = detection and ipfw rule insertion. regards and TIA Kristian From owner-freebsd-net@FreeBSD.ORG Wed Jun 4 04:24:03 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 46F9737B401 for ; Wed, 4 Jun 2003 04:24:03 -0700 (PDT) Received: from tomts8-srv.bellnexxia.net (tomts8.bellnexxia.net [209.226.175.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0EA3343FA3 for ; Wed, 4 Jun 2003 04:23:58 -0700 (PDT) (envelope-from matt@gsicomp.on.ca) Received: from gabby.gsicomp.on.ca ([65.95.185.239]) by tomts8-srv.bellnexxia.netESMTP <20030604112356.BZGT9225.tomts8-srv.bellnexxia.net@gabby.gsicomp.on.ca>; Wed, 4 Jun 2003 07:23:56 -0400 Received: from hermes (hermes.gsicomp.on.ca [192.168.0.18]) by gabby.gsicomp.on.ca (8.12.6/8.12.6) with SMTP id h54BJ2mK045191; Wed, 4 Jun 2003 07:19:03 -0400 (EDT) (envelope-from matt@gsicomp.on.ca) Message-ID: <002201c32a8b$b56bafa0$1200a8c0@gsicomp.on.ca> From: "Matthew Emmerton" To: "Maxime Shatter" , References: <03d401c32a5e$23acb780$81946e42@localnetinfoz9> Date: Wed, 4 Jun 2003 07:23:22 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: help needed regarding named please X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 11:24:03 -0000 > I got an error while adding a zone in my named configuration, the zone is properly setted and added in named.conf. Here is the error I got in /var/log/message: > > Jun 4 05:49:36 webhosting named[37915]: master zone "lamedomain.com" (IN) rejected due to errors (serial 2003040614) > Jun 4 05:49:36 webhosting named[37915]: zones/lamedomain.com:12: Database error near (ns3.isp.com.) > Jun 4 05:49:36 webhosting named[37915]: zones/lamedomain.com:13: Database error near (ns3.isp.com.) > Jun 4 05:49:36 webhosting named[37915]: zones/lamedomain.com:15: Database error near (ns3.isp.com.) > > Can someone help me resolving this please ? Or is there a way that named don't care about that serial and take new zones in charge even if this serial is "not good" ? > > Thanks in advance for the answer! The serial is not the problem (it's just telling you that so you know which version of the zone is causing problems) . The real problems are on line 12, 13 and 15 of your config file. -- Matt Emmerton From owner-freebsd-net@FreeBSD.ORG Wed Jun 4 05:33:15 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 14D7237B401 for ; Wed, 4 Jun 2003 05:33:15 -0700 (PDT) Received: from h230n1fls35o1000.telia.com (h230n1fls35o1000.telia.com [217.210.234.230]) by mx1.FreeBSD.org (Postfix) with ESMTP id 81BBE43FA3 for ; Wed, 4 Jun 2003 05:33:13 -0700 (PDT) (envelope-from john@veidit.net) Received: from veidit.net (20.130.88.213.host.tele1europe.se [213.88.130.20] (may be forged)) (authenticated bits=0)h54CX8Gc023896 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 4 Jun 2003 14:33:10 +0200 (CEST) Message-ID: <3EDDE6EC.9010504@veidit.net> Date: Wed, 04 Jun 2003 14:32:44 +0200 From: John Angelmo User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.4) Gecko/20030529 X-Accept-Language: en-us, en MIME-Version: 1.0 To: net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang) Subject: Vacation? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 12:33:15 -0000 OK I have a sendmail mail server and some users want to add vacation messages as they go on vacation, is there any EASY (web)gui that the users can use for this? Usermin requiers a file and well quite simply Usermin is to advanced for them ;) /John From owner-freebsd-net@FreeBSD.ORG Wed Jun 4 05:41:39 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C308B37B404 for ; Wed, 4 Jun 2003 05:41:39 -0700 (PDT) Received: from bilver.wjv.com (user38.net339.fl.sprint-hsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id B0B5A43F93 for ; Wed, 4 Jun 2003 05:41:38 -0700 (PDT) (envelope-from bv@wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by bilver.wjv.com (8.12.9/8.12.9) with ESMTP id h54CfRs3083442; Wed, 4 Jun 2003 08:41:27 -0400 (EDT) (envelope-from bv@wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.12.9/8.12.9/Submit) id h54CfLGR083436; Wed, 4 Jun 2003 08:41:21 -0400 (EDT) Date: Wed, 4 Jun 2003 08:41:21 -0400 From: Bill Vermillion To: Maxime Shatter Message-ID: <20030604124120.GA83311@wjv.com> References: <03d401c32a5e$23acb780$81946e42@localnetinfoz9> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <03d401c32a5e$23acb780$81946e42@localnetinfoz9> Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.1i X-Spam-Status: No, hits=-16.3 required=5.0 tests=IN_REP_TO,REFERENCES,USER_AGENT_MUTT version=2.53 X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp) cc: freebsd-net@freebsd.org Subject: Re: help needed regarding named please X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: bv@wjv.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 12:41:40 -0000 Earlier in the linear time track, on approximately Wed, Jun 04, 2003 at 01:57 , Maxime Shatterdivulged this public information: > I got an error while adding a zone in my named configuration, the zone is properly setted and added in named.conf. Here is the error I got in /var/log/message: > Jun 4 05:49:36 webhosting named[37915]: master zone "lamedomain.com" (IN) rejected due to errors (serial 2003040614) > Jun 4 05:49:36 webhosting named[37915]: zones/lamedomain.com:12: Database error near (ns3.isp.com.) > Jun 4 05:49:36 webhosting named[37915]: zones/lamedomain.com:13: Database error near (ns3.isp.com.) > Jun 4 05:49:36 webhosting named[37915]: zones/lamedomain.com:15: Database error near (ns3.isp.com.) > Can someone help me resolving this please ? Or is there a way that named don't care about that serial and take new zones in charge even if this serial is "not good" ? The other poster pointed out that your error is in lines 12, 13, and 15 of zone/lamddomain.com I've always used 'nslint' - in the ports tree - to check everything after I make any changes. It's a good tool to keep handy. Bill -- Bill Vermillion - bv @ wjv . com From owner-freebsd-net@FreeBSD.ORG Wed Jun 4 07:42:51 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A5B437B401 for ; Wed, 4 Jun 2003 07:42:51 -0700 (PDT) Received: from csmail.commserv.ucsb.edu (cspdc.commserv.ucsb.edu [128.111.251.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 573EB43FAF for ; Wed, 4 Jun 2003 07:42:50 -0700 (PDT) (envelope-from steve@expertcity.com) Received: from expertcity.com ([68.6.35.15]) by csmail.commserv.ucsb.edu (Netscape Messaging Server 3.62) with ESMTP id 544; Wed, 4 Jun 2003 07:42:47 -0700 Message-ID: <3EDE0567.1090200@expertcity.com> Date: Wed, 04 Jun 2003 07:42:47 -0700 From: Steve Francis User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4a) Gecko/20030401 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Kristian Rask References: <002701c32a80$8dd2f8a0$0a01a8c0@example.org> In-Reply-To: <002701c32a80$8dd2f8a0$0a01a8c0@example.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Gear for security (Shields up) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 14:42:51 -0000 As a different approach, you could try terminating the TCP connections on the BSD machine (using Squid or something else configured as a reverse proxy.) Then you'd have the advantage of FreeBSD's syn cookies, etc to defend against the attack. It should deal with 3000 syns/second easily. If they are not syn attacks, but complete TCP connections, then FreeBSD can be tuned to deal with them easily too. Set kern.ipc.maxsockets: 12328 -> 128000 net.inet.ip.intr_queue_maxlen: 50->1024 kern.ipc.somaxconn=128->4096 net.inet.tcp.tcbhashsize: 512->4096 net.inet.tcp.msl: 30000 -> 10000 Also need to increase kern.maxfiles But your original question - which NICs are optimal - still stands. Polling with the fxp driver will also greatly reduce interupt time. Kristian Rask wrote: > Hi all > > I'm in the situation that i receive 3000+ setups pr. second (for https) as a result of a DDOS against some webservers. > > The webservers (MS IIS) are behind a FreeBSD 5.0-R machine that functions as a packet filter (ipfw) and gateway. > > The internet link is a 100MBit fiber w. a media converter connected directly into the bsd box. > At present we have a half automated process of looking at logfiles and generating ipfw rules to deny the setups (SYN) for > The webservers. > As of right now we have reduced the troughput to the servers from approx. 3000 to approx. 400-600 pr. second, the problem rightnow is that the DDOS attack is dynamic.. new src'es comes in and old ones dies. The definiton of an attack is simply the number of setups made aginst the server in a short interval.. humans produce maybe 20-80 setups.. so anything above 200 is assumed to be part of the DDOS attack. And yes.. We need to establish new rules very fast.. but this is actually slightly offtopic.. > > The subject is gear = Hardware... we can se that the system (presently a 1400 Celeron w. 256MB) spends approx. 50% of its time servicing intrerrupts... from assorted places i have heard the following statements: > > - Some fxp's can do "ifconfig fxp0 link0" wich should reduce the number of interrupts > - Gigabit adapters have larger onboard caches and more hardware support to reduce the amount of interrupts > > I would very much like to hear ppl's recomendation regarding actual NIC's that are "more ideal" than others and exactly why they are more ideal. > > Also... our only way to know that something is an attack is to measure the amount of setups pr. unit of time. > Any ideas as to how one might measure setups/sec. the easiest way (easy as in "low load on the machine") > We are ofcourse aiming for a fully automated process w. real time detection and ipfw rule insertion. > > > regards and TIA > > Kristian > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Wed Jun 4 09:05:25 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E0EA37B401 for ; Wed, 4 Jun 2003 09:05:25 -0700 (PDT) Received: from eurus.primus.ca (mail.tor.primus.ca [216.254.136.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6D34B43FB1 for ; Wed, 4 Jun 2003 09:05:24 -0700 (PDT) (envelope-from leth@lethargic.dyndns.org) Received: from dialin-131-52.hamilton.primus.ca ([209.90.131.52] helo=lethargic.dyndns.org) by eurus.primus.ca with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 3.36 #3) id 19NalK-0003Z6-0A; Wed, 04 Jun 2003 12:05:19 -0400 Received: from lethargic.dyndns.org (localhost [127.0.0.1]) by lethargic.dyndns.org (8.12.9/8.12.9) with ESMTP id h54G5NU2060905; Wed, 4 Jun 2003 12:05:24 -0400 (EDT) (envelope-from leth@lethargic.dyndns.org) Received: (from leth@localhost) by lethargic.dyndns.org (8.12.9/8.12.9/Submit) id h54G5MJY060904; Wed, 4 Jun 2003 12:05:22 -0400 (EDT) Date: Wed, 4 Jun 2003 12:05:22 -0400 From: Jason Hunt To: John Angelmo Message-ID: <20030604160522.GA60807@lethargic.dyndns.org> References: <3EDDE6EC.9010504@veidit.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3EDDE6EC.9010504@veidit.net> User-Agent: Mutt/1.4.1i cc: net@freebsd.org Subject: Re: Vacation? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 16:05:25 -0000 On Wed, Jun 04, 2003 at 02:32:44PM +0200, John Angelmo wrote: > I have a sendmail mail server and some users want to add vacation > messages as they go on vacation, is there any EASY (web)gui that the > users can use for this? Usermin requiers a file and well quite simply > Usermin is to advanced for them ;) You can do this with procmail. At an ISP I used to work for, we had a perl CGI script that would allow the user to type in their vacation message, and the script would set up the .procmailrc in their home directory. The script also allowed them to modify or remove their message as well. It is actually quite simple if you know perl or PHP. I do not have this script available any longer. From owner-freebsd-net@FreeBSD.ORG Wed Jun 4 09:32:33 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E23FA37B40D; Wed, 4 Jun 2003 09:32:33 -0700 (PDT) Received: from rambutan.pingpong.net (81.milagro.bahnhof.net [195.178.168.81]) by mx1.FreeBSD.org (Postfix) with ESMTP id 119BA43FA3; Wed, 4 Jun 2003 09:32:32 -0700 (PDT) (envelope-from girgen@pingpong.net) Received: from localhost (localhost [127.0.0.1])h54GWka6046570; Wed, 4 Jun 2003 18:32:46 +0200 (CEST) (envelope-from girgen@pingpong.net) Date: Wed, 04 Jun 2003 18:32:46 +0200 From: Palle Girgensohn To: Shaun Jurrens , freebsd-net@freebsd.org, freebsd-hardware@freebsd.org Message-ID: <46490000.1054744366@rambutan.pingpong.net> In-Reply-To: <20030603152123.GM98443@nevada.skoleetaten.oslo.no> References: <20030603152123.GM98443@nevada.skoleetaten.oslo.no> X-Mailer: Mulberry/3.0.3 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Re: fxp0: device timeout | SCB already complete (me too) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 16:32:34 -0000 Hi Shaun, Thanks for the input! Glad to hear I'm not the only one In my case, both the SCSI and NIC are integrated on the motherboard, so I cannot really move them around... :) Also, as I mentioned, I tried a de0 (PCI card, not onboard, and it literally stopped the machine). Is the de0 driver also a problem? /Palle --On tisdag, juni 03, 2003 17.21.23 +0200 Shaun Jurrens wrote: > I hate to say it, but I've had these for months starting at 4.6-stable > and continuing up to at least the latest 4.7-RRELEASE-p* . I have one > dual -current box that has exibited the same behaviour as well. > > The boxes work just fine with the xl0 driver. Lots of different > motherboards and processors (all PIII) and a number of different Intel > card revisions. I can't run my squid boxes on fxp cards _at all_ for > example, the fxp driver will take the box down with it. On my firewalls > it's locked up the interfaces numerous times. > > The only suggestion I can offer at the moment is to try various card > placements over your PCI slots. I've found stability using one of the > first two slots for my Adaptec controller (2940U[2]W, 29160[N]) and the > rest for the Intel nics. This happens both with or without POLLING > enabled. I've tried a number of combinations of POLLING enabled/disabled, > not compiled in and different HZ settings. Obviously no POLLING on my > SMP boxes. > > I know one or two others that have had problems with this too, but > haven't had the time or equipment at hand to work with any developers on > getting this fixed. I guess I got the equipment now (various PIII UP/SMP > boards from Gigabyte, Asus) and a little time if anyone wants to bite. > > My guess is that the POLLING commits broke something, but that's just a > guess. I don't have any dc cards here, and no one has ever complained > about either them or the rl cards timing out. There also seems to be > a definite correlation between the fxp problem and the ahc driver. > > Ok, the rest of the "me too's" should now chime in with a bit of time > and energy. There's also a PR open on this: kern/45568 . > > > > -- > Med vennlig hilsen/Sincerely, > > Shaun D. Jurrens > Drift og Sikkerhetskonsulent > IKT-Avdeling > Oslo Skoleetaten > > gpg key fingerprint: 007A B6BD 8B1B BAB9 C583 2D19 3A7F 4A3E F83E 84AE From owner-freebsd-net@FreeBSD.ORG Wed Jun 4 14:34:46 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 36AB337B401 for ; Wed, 4 Jun 2003 14:34:46 -0700 (PDT) Received: from mwinf0203.wanadoo.fr (smtp7.wanadoo.fr [193.252.22.29]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6D4AA43FBF for ; Wed, 4 Jun 2003 14:34:45 -0700 (PDT) (envelope-from vjardin@wanadoo.fr) Received: from venus.vincentjardin.net (unknown [217.128.206.102]) by mwinf0203.wanadoo.fr (SMTP Server) with ESMTP id 0D26C10001DD for ; Wed, 4 Jun 2003 23:34:44 +0200 (CEST) Content-Type: text/plain; charset="us-ascii" From: Vincent Jardin To: net@freebsd.org Date: Wed, 4 Jun 2003 23:35:08 +0200 User-Agent: KMail/1.4.3 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200306042335.08541.vjardin@wanadoo.fr> Subject: [netgraph] NGF_RESP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 21:34:46 -0000 Hi, I'm trying to understand how does NGF_RESP work and how can it be used ? According to ng_message.h, it is a flag that describes a response message= ,=20 however are all the response messages synchronous to a request or could s= ome=20 messages be asynchronous ? If some messages could be asynchronous, what d= oes=20 receive these messages ? Thanks, Vincent From owner-freebsd-net@FreeBSD.ORG Wed Jun 4 14:52:03 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC7C537B401 for ; Wed, 4 Jun 2003 14:52:03 -0700 (PDT) Received: from pyroxene.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A6CC43F85 for ; Wed, 4 Jun 2003 14:52:03 -0700 (PDT) (envelope-from damian@sentex.net) Received: from pegmatite.sentex.ca (pegmatite.sentex.ca [192.168.42.92]) by pyroxene.sentex.ca (8.12.9/8.12.8) with ESMTP id h54Lq28C033598 for ; Wed, 4 Jun 2003 17:52:02 -0400 (EDT) (envelope-from damian@sentex.net) Received: by pegmatite.sentex.ca (Postfix, from userid 1001) id 1662B17077; Wed, 4 Jun 2003 17:52:02 -0400 (EDT) Date: Wed, 4 Jun 2003 17:52:01 -0400 From: Damian Gerow To: net@freebsd.org Message-ID: <20030604215201.GH727@sentex.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-GPG-Key-Id: 0xB841F142 X-GPG-Fingerprint: C7C1 E1D1 EC06 7C86 AF7C 57E6 173D 9CF6 B841 F142 X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . User-Agent: Mutt/1.5.4i X-Virus-Scanned: By Sentex Communications (lava/20020517) Subject: polling in 5.1-RC1 causes 100% CPU usage X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 21:52:04 -0000 I just upgraded a home firewall from 4.8-STABLE to 5.1-RC1. In the process of updating, I also brought in a new motherboard, CPU, and memory. However, all the NICs in the box are the same. The problem is that with polling turned on, CPU usage sits at 100%. As soon as I turn /off/ polling, it drops. This is very easily reproducible: # sysctl -w kern.polling.enable=1 Then do a 'systat -vm', and watch as the interrupt load jumps from about 0.5% to 18-19%. From owner-freebsd-net@FreeBSD.ORG Thu Jun 5 00:42:55 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4267D37B401 for ; Thu, 5 Jun 2003 00:42:55 -0700 (PDT) Received: from mailhub.fokus.fraunhofer.de (mailhub.fokus.fraunhofer.de [193.174.154.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 15E3A43FD7 for ; Thu, 5 Jun 2003 00:42:54 -0700 (PDT) (envelope-from brandt@fokus.fraunhofer.de) Received: from beagle (beagle [193.175.132.100])h557gqv14424; Thu, 5 Jun 2003 09:42:52 +0200 (MEST) Date: Thu, 5 Jun 2003 09:42:52 +0200 (CEST) From: Harti Brandt To: Vincent Jardin In-Reply-To: <200306042335.08541.vjardin@wanadoo.fr> Message-ID: <20030605093540.F4422@beagle.fokus.fraunhofer.de> References: <200306042335.08541.vjardin@wanadoo.fr> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: net@freebsd.org Subject: Re: [netgraph] NGF_RESP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 07:42:55 -0000 On Wed, 4 Jun 2003, Vincent Jardin wrote: VJ>Hi, VJ> VJ>I'm trying to understand how does NGF_RESP work and how can it be used ? VJ> VJ>According to ng_message.h, it is a flag that describes a response message, VJ>however are all the response messages synchronous to a request or could some VJ>messages be asynchronous ? If some messages could be asynchronous, what does VJ>receive these messages ? If you look at the NG_MKRESPONSE macro you'll see that a response has the same cookie, token and cmd code as the original command. The difference is, that the response flag is set. There is no need to send a response immediately, you can do it anytime later. I use asynchronuous messages in my ng_atm node for things like carrier change and PVC changes. I have defined a message code for this just like other message codes for the node (just with command codes above 10000). The node defines a special hook 'manage'. If this hook is connected, these messages are sent to the node at the other end of the hook. The SNMP daemon connects this hook when it starts to manage the interface and so receives these asynchronuous messages. Another possibility is to configure a node number or path into the node, where it should send messages to. This technique, however, may be subject to races when nodes are created/destroyed. harti -- harti brandt, http://www.fokus.fraunhofer.de/research/cc/cats/employees/hartmut.brandt/private brandt@fokus.fraunhofer.de, harti@freebsd.org From owner-freebsd-net@FreeBSD.ORG Thu Jun 5 02:15:49 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ADA7E37B401; Thu, 5 Jun 2003 02:15:49 -0700 (PDT) Received: from vmx1.skoleetaten.oslo.no (vmx1.skoleetaten.oslo.no [193.156.192.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 14DE143F93; Thu, 5 Jun 2003 02:15:48 -0700 (PDT) (envelope-from shamz@nevada.skoleetaten.oslo.no) Received: from smtp.skoleetaten.oslo.no (localhost [127.0.0.1]) by vmx1.skoleetaten.oslo.no (Clean Mail System) with SMTP id B69EA7D4C5; Thu, 5 Jun 2003 11:15:43 +0200 (CEST) Received: from nevada.skoleetaten.oslo.no (nevada.skoleetaten.oslo.no [193.156.192.131]) by smtp.skoleetaten.oslo.no (Clean Mail System) with ESMTP id 836587D470; Thu, 5 Jun 2003 11:15:43 +0200 (CEST) Received: from nevada.skoleetaten.oslo.no (localhost [127.0.0.1]) h559FcOU055116; Thu, 5 Jun 2003 11:15:38 +0200 (CEST) (envelope-from shamz@nevada.skoleetaten.oslo.no) Received: (from shamz@localhost)h559FWe1055115; Thu, 5 Jun 2003 11:15:32 +0200 (CEST) Date: Thu, 5 Jun 2003 11:15:32 +0200 From: Shaun Jurrens To: Palle Girgensohn Message-ID: <20030605091532.GO98443@nevada.skoleetaten.oslo.no> References: <20030603152123.GM98443@nevada.skoleetaten.oslo.no> <46490000.1054744366@rambutan.pingpong.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="djJN5oi3zFpblwUd" Content-Disposition: inline In-Reply-To: <46490000.1054744366@rambutan.pingpong.net> User-Agent: Mutt/1.4.1i X-Operating-System: FreeBSD 4.8-RELEASE cc: freebsd-net@freebsd.org cc: freebsd-scsi@freebsd.org Subject: Re: fxp0: device timeout | SCB already complete (me too) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 09:15:50 -0000 --djJN5oi3zFpblwUd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 04, 2003 at 06:32:46PM +0200, Palle Girgensohn wrote: #> Hi Shaun, #>=20 #> Thanks for the input! Glad to hear I'm not the only one #>=20 #> In my case, both the SCSI and NIC are integrated on the motherboard, so = I=20 #> cannot really move them around... :) #>=20 #> Also, as I mentioned, I tried a de0 (PCI card, not onboard, and it=20 #> literally stopped the machine). Is the de0 driver also a problem? #>=20 #> /Palle I'm beginning to think it's a scsi problem of sorts as well so I clipped -hardware and Cc'd -scsi on this. I just happed to=20 (unfortunately) run into this on another box yesterday after four months of relative quiet. I happened to be moving an=20 interface over from some crap Nortel switch to a nice Cisco switch and promptly a different interface began to do it's dance. It's the same interface each time (and I've changed cards...) Anyway, for the record, a little from messages: Jun 2 18:48:43 nol33n0x /kernel: fxp0: Microcode loaded, int_delay: 1000 u= sec =20 bundle_max: 6 Jun 4 16:57:50 nol33n0x /kernel: fxp1: SCB timeout: 0x80 0xe0 0x50 0x0 Jun 4 16:57:51 nol33n0x last message repeated 4 times Jun 4 16:57:51 nol33n0x /kernel: fxp1: SCB timeout: 0x80 0xe0 0x50 0x400 Jun 4 16:57:58 nol33n0x /kernel: fxp1: SCB timeout: 0x80 0xe0 0x50 0x0 Jun 4 16:57:58 nol33n0x last message repeated 3 times Jun 4 16:57:58 nol33n0x /kernel: fxp1: SCB timeout: 0x80 0xe0 0x50 0x400 Jun 4 16:57:58 nol33n0x last message repeated 110 times Jun 4 16:58:17 nol33n0x /kernel: fxp1: SCB timeout: 0x80 0xe0 0x90 0x400 Jun 4 16:58:20 nol33n0x last message repeated 17 times Jun 4 17:09:04 nol33n0x /kernel: fxp1: SCB timeout: 0x80 0xe0 0x90 0x400 Jun 4 17:09:09 nol33n0x last message repeated 2 times Jun 4 17:09:09 nol33n0x /kernel: fxp1: SCB timeout: 0x80 0xe0 0x90 0x0 Jun 4 17:09:12 nol33n0x last message repeated 3 times Jun 4 17:09:12 nol33n0x /kernel: fxp1: SCB timeout: 0x80 0xe0 0x90 0x400 Jun 4 17:09:39 nol33n0x last message repeated 22 times Jun 4 17:18:18 nol33n0x login: ROOT LOGIN (root) ON ttyv0 Jun 4 17:19:21 nol33n0x /kernel: fxp1: DMA timeout Jun 4 17:19:21 nol33n0x /kernel: fxp1: Microcode loaded, int_delay: 1000 u= sec =20 bundle_max: 6 Jun 4 17:19:21 nol33n0x /kernel: fxp1: DMA timeout Jun 4 17:19:21 nol33n0x /kernel: fxp1: SCB timeout: 0x10 0x0 0x80 0x0 Jun 4 17:19:21 nol33n0x /kernel: fxp1: DMA timeout Jun 4 17:19:21 nol33n0x /kernel: fxp1: SCB timeout: 0x10 0x0 0x80 0x0 Jun 4 17:19:21 nol33n0x /kernel: fxp1: DMA timeout Jun 4 17:19:21 nol33n0x /kernel: fxp1: SCB timeout: 0x10 0x0 0x80 0x0 Jun 4 17:19:21 nol33n0x /kernel: fxp1: SCB timeout: 0x10 0x0 0x80 0x0 Jun 4 17:19:37 nol33n0x /kernel: fxp1: command queue timeout Jun 4 17:19:46 nol33n0x /kernel: fxp1: SCB timeout: 0x1 0x0 0x80 0x400 Jun 4 17:19:46 nol33n0x /kernel: fxp1: SCB timeout: 0x81 0x0 0x80 0x400 Jun 4 17:19:58 nol33n0x last message repeated 37 times =2E.. Jun 4 17:24:21 nol33n0x /kernel: fxp1: SCB timeout: 0x80 0xe0 0x90 0x0 Jun 4 17:24:21 nol33n0x last message repeated 8 times Jun 4 17:24:21 nol33n0x /kernel: fxp1: SCB timeout: 0x80 0xe0 0x90 0x400 Jun 4 17:24:37 nol33n0x last message repeated 115 times After that the box didn't find 3 of the 5 fxp nic's until a new boot and a cleared ESCD. Not sure why an fxp card should bitch=20 about SCB's anyway. I'd be grateful for any pointers here.=20 FreeBSD is on it's way out on firewalls here otherwise because=20 I'm catching a good deal of heat about it. More info is available=20 on request. #>=20 #>=20 #>=20 #> --On tisdag, juni 03, 2003 17.21.23 +0200 Shaun Jurrens=20 #> wrote: #>=20 #> >I hate to say it, but I've had these for months starting at 4.6-stable #> >and continuing up to at least the latest 4.7-RRELEASE-p* . I have one #> >dual -current box that has exibited the same behaviour as well. #> > #> >The boxes work just fine with the xl0 driver. Lots of different #> >motherboards and processors (all PIII) and a number of different Intel #> >card revisions. I can't run my squid boxes on fxp cards _at all_ for #> >example, the fxp driver will take the box down with it. On my firewalls #> >it's locked up the interfaces numerous times. #> > #> >The only suggestion I can offer at the moment is to try various card #> >placements over your PCI slots. I've found stability using one of the #> >first two slots for my Adaptec controller (2940U[2]W, 29160[N]) and the #> >rest for the Intel nics. This happens both with or without POLLING #> >enabled. I've tried a number of combinations of POLLING enabled/disable= d, #> >not compiled in and different HZ settings. Obviously no POLLING on my #> >SMP boxes. #> > #> >I know one or two others that have had problems with this too, but #> >haven't had the time or equipment at hand to work with any developers = on #> >getting this fixed. I guess I got the equipment now (various PIII UP/SMP #> >boards from Gigabyte, Asus) and a little time if anyone wants to bite. #> > #> >My guess is that the POLLING commits broke something, but that's just a #> >guess. I don't have any dc cards here, and no one has ever complained #> >about either them or the rl cards timing out. There also seems to be #> >a definite correlation between the fxp problem and the ahc driver. #> > #> >Ok, the rest of the "me too's" should now chime in with a bit of time #> >and energy. There's also a PR open on this: kern/45568 . #> > #> > #> > #> >-- #>=20 --=20 Med vennlig hilsen/Sincerely, Shaun D. Jurrens Drift og Sikkerhetskonsulent IKT-Avdeling Oslo Skoleetaten gpg key fingerprint: 007A B6BD 8B1B BAB9 C583 2D19 3A7F 4A3E F83E 84AE --djJN5oi3zFpblwUd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+3wo0On9KPvg+hK4RAgPDAJwJiZvozhTU/NxI1Q8f0wGb3rQZZgCdHXrJ EhsABUwk5AhmLrZ5vCITwjw= =G1EC -----END PGP SIGNATURE----- --djJN5oi3zFpblwUd-- From owner-freebsd-net@FreeBSD.ORG Thu Jun 5 03:19:32 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B398A37B401 for ; Thu, 5 Jun 2003 03:19:32 -0700 (PDT) Received: from mailer.cat.co.za (pop.cat.co.za [196.33.33.51]) by mx1.FreeBSD.org (Postfix) with SMTP id 49D6543F85 for ; Thu, 5 Jun 2003 03:19:27 -0700 (PDT) (envelope-from bradd@cat.co.za) Received: (qmail 11490 invoked from network); 5 Jun 2003 09:33:48 -0000 Received: from unknown (HELO 161?DEMO?400) (196.33.33.52) by mail.cat.co.za with SMTP; 5 Jun 2003 09:33:48 -0000 Content-Type: text/plain; charset="iso-8859-1" From: Brad du Plessis To: net@freebsd.org Date: Thu, 5 Jun 2003 12:12:33 +0200 User-Agent: KMail/1.4.3 References: <200305281743.56089.bradd@cat.co.za> <200305291510.59938.bradd@cat.co.za> <200305291607.h4TG7sPK061944@khavrinen.lcs.mit.edu> In-Reply-To: <200305291607.h4TG7sPK061944@khavrinen.lcs.mit.edu> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200306051212.33903.bradd@cat.co.za> Subject: Re: USB Modem support X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 10:19:33 -0000 Hi, I've looked high and low and the only USB ISDN TA's I've found that work = under=20 BSD are the 3Com ISDN Pro TA's. All the others I've tried are software TA= 's=20 and don't work.=20 Could someone please give me advice on what will work under BSD, I've run= out=20 of ideas completely. Thanks, Brad From owner-freebsd-net@FreeBSD.ORG Thu Jun 5 03:56:59 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C59C137B401 for ; Thu, 5 Jun 2003 03:56:59 -0700 (PDT) Received: from smtp01.net-yan.com (smtp01.net-yan.com [210.0.255.210]) by mx1.FreeBSD.org (Postfix) with SMTP id 176E043FAF for ; Thu, 5 Jun 2003 03:56:57 -0700 (PDT) (envelope-from mshiu@net-yan.com) Received: (qmail 84548 invoked from network); 5 Jun 2003 10:56:54 -0000 Received: from unknown (HELO athena) ([203.184.192.193]) (envelope-sender ) by localhost (qmail-ldap-1.03) with SMTP for ; 5 Jun 2003 10:56:54 -0000 Message-ID: <012701c32b51$20068770$650019ac@athena> From: "Michael Shiu" To: Date: Thu, 5 Jun 2003 18:55:33 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="big5" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Does Netgraph in FBSD 5.x SMP requires GIANT lock? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 10:57:00 -0000 Dear all, Just like to know if the netgraph code running 5.x SMP kernel requires the GIANT lock? I have the netgraph doing bridging right now but the performance is limited by the CPU (right now, it is something around 100k pkt/s in 4-STABLE). Does adding another CPU together with upgrading to 5.x be of any help? I guess the bottleneck right now is only one thread is executing in interrupt context with GIANT being held. Am I right? _Michael From owner-freebsd-net@FreeBSD.ORG Thu Jun 5 04:38:52 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 727E737B401 for ; Thu, 5 Jun 2003 04:38:52 -0700 (PDT) Received: from sccrmhc01.attbi.com (sccrmhc01.attbi.com [204.127.202.61]) by mx1.FreeBSD.org (Postfix) with ESMTP id B92B743F93 for ; Thu, 5 Jun 2003 04:38:51 -0700 (PDT) (envelope-from julian@elischer.org) Received: from interjet.elischer.org (12-232-168-4.client.attbi.com[12.232.168.4]) by attbi.com (sccrmhc01) with ESMTP id <2003060511385000100hqg62e>; Thu, 5 Jun 2003 11:38:50 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id EAA09438; Thu, 5 Jun 2003 04:38:50 -0700 (PDT) Date: Thu, 5 Jun 2003 04:38:48 -0700 (PDT) From: Julian Elischer To: Michael Shiu In-Reply-To: <012701c32b51$20068770$650019ac@athena> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Does Netgraph in FBSD 5.x SMP requires GIANT lock? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 11:38:52 -0000 On Thu, 5 Jun 2003, Michael Shiu wrote: > Dear all, > > Just like to know if the netgraph code running 5.x SMP kernel requires the > GIANT lock? Netgraph has lovking built into it but I have not had teh time yet to "thrown the switch" and run it without giant. (actually it would only have giant if the edge node that introduces the packet has giant, or if it's running as a net thread.) What is your graph like? > > I have the netgraph doing bridging right now but the performance is limited > by the CPU (right now, it is something around 100k pkt/s in 4-STABLE). > Does adding another CPU together with upgrading to 5.x be of any help? I > guess the bottleneck right now is only one thread is executing in interrupt > context with GIANT being held. Am I right? > > _Michael > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Thu Jun 5 08:18:12 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 257F637B401 for ; Thu, 5 Jun 2003 08:18:12 -0700 (PDT) Received: from pyroxene.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id BFD4E43F93 for ; Thu, 5 Jun 2003 08:18:10 -0700 (PDT) (envelope-from damian@sentex.net) Received: from pegmatite.sentex.ca (pegmatite.sentex.ca [192.168.42.92]) by pyroxene.sentex.ca (8.12.9/8.12.8) with ESMTP id h55FIA8C036805 for ; Thu, 5 Jun 2003 11:18:10 -0400 (EDT) (envelope-from damian@sentex.net) Received: by pegmatite.sentex.ca (Postfix, from userid 1001) id CBA8E1706B; Thu, 5 Jun 2003 11:18:08 -0400 (EDT) Date: Thu, 5 Jun 2003 11:18:08 -0400 From: Damian Gerow To: net@freebsd.org Message-ID: <20030605151808.GJ727@sentex.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-GPG-Key-Id: 0xB841F142 X-GPG-Fingerprint: C7C1 E1D1 EC06 7C86 AF7C 57E6 173D 9CF6 B841 F142 X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . User-Agent: Mutt/1.5.4i X-Virus-Scanned: By Sentex Communications (lava/20020517) Subject: Re: polling in 5.1-RC1 causes 100% CPU usage X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 15:18:12 -0000 Thus spake Damian Gerow (damian@sentex.net) [04/06/03 17:52]: > I just upgraded a home firewall from 4.8-STABLE to 5.1-RC1. In the process > of updating, I also brought in a new motherboard, CPU, and memory. However, > all the NICs in the box are the same. > > The problem is that with polling turned on, CPU usage sits at 100%. As soon > as I turn /off/ polling, it drops. This is very easily reproducible: > > # sysctl -w kern.polling.enable=1 > > Then do a 'systat -vm', and watch as the interrupt load jumps from about > 0.5% to 18-19%. Hmmmm.. Perhaps I could have included more details? The system /was/ a P100S, and is now a Via C3. The three network cards are one rl and two fxp. From owner-freebsd-net@FreeBSD.ORG Thu Jun 5 09:53:37 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 11ED637B401; Thu, 5 Jun 2003 09:53:37 -0700 (PDT) Received: from magic.adaptec.com (magic-mail.adaptec.com [208.236.45.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F82643F75; Thu, 5 Jun 2003 09:53:36 -0700 (PDT) (envelope-from gibbs@scsiguy.com) Received: from redfish.adaptec.com (redfish.adaptec.com [162.62.50.11]) by magic.adaptec.com (8.11.6/8.11.6) with ESMTP id h55GmPP20473; Thu, 5 Jun 2003 09:48:25 -0700 Received: from [10.100.253.70] (aslan.btc.adaptec.com [10.100.253.70]) by redfish.adaptec.com (8.8.8p2+Sun/8.8.8) with ESMTP id JAA25099; Thu, 5 Jun 2003 09:53:33 -0700 (PDT) Date: Thu, 05 Jun 2003 10:54:14 -0600 From: "Justin T. Gibbs" To: Shaun Jurrens , Palle Girgensohn Message-ID: <1607630000.1054832053@aslan.btc.adaptec.com> In-Reply-To: <20030605091532.GO98443@nevada.skoleetaten.oslo.no> References: <20030603152123.GM98443@nevada.skoleetaten.oslo.no> <46490000.1054744366@rambutan.pingpong.net> <20030605091532.GO98443@nevada.skoleetaten.oslo.no> X-Mailer: Mulberry/3.0.3 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline cc: freebsd-net@freebsd.org cc: freebsd-scsi@freebsd.org Subject: Re: fxp0: device timeout | SCB already complete (me too) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Justin T. Gibbs" List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 16:53:37 -0000 After that the box didn't find 3 of the 5 fxp nic's until a new > boot and a cleared ESCD. Not sure why an fxp card should bitch > about SCB's anyway. Perhaps because fxp devices have SCBs too? Not the same SCBs that the Adaptec SCSI controllers have, but a different data structure that happens to have the same acronym. -- Justin From owner-freebsd-net@FreeBSD.ORG Thu Jun 5 09:56:28 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 13BA537B401 for ; Thu, 5 Jun 2003 09:56:28 -0700 (PDT) Received: from rootlabs.com (root.org [67.118.192.226]) by mx1.FreeBSD.org (Postfix) with SMTP id 09FA343FA3 for ; Thu, 5 Jun 2003 09:56:27 -0700 (PDT) (envelope-from nate@rootlabs.com) Received: (qmail 27713 invoked by uid 1000); 5 Jun 2003 16:56:27 -0000 Date: Thu, 5 Jun 2003 09:56:27 -0700 (PDT) From: Nate Lawson To: Shaun Jurrens In-Reply-To: <20030605091532.GO98443@nevada.skoleetaten.oslo.no> Message-ID: <20030605095126.B27684@root.org> References: <20030603152123.GM98443@nevada.skoleetaten.oslo.no> <20030605091532.GO98443@nevada.skoleetaten.oslo.no> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mailman-Approved-At: Thu, 05 Jun 2003 10:05:58 -0700 cc: stable@freebsd.org cc: Palle Girgensohn Subject: Re: fxp0: device timeout | SCB already complete (me too) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 16:56:28 -0000 On Thu, 5 Jun 2003, Shaun Jurrens wrote: > On Wed, Jun 04, 2003 at 06:32:46PM +0200, Palle Girgensohn wrote: > #> Hi Shaun, > #> > #> Thanks for the input! Glad to hear I'm not the only one > #> > #> In my case, both the SCSI and NIC are integrated on the motherboard, so I > #> cannot really move them around... :) > #> > #> Also, as I mentioned, I tried a de0 (PCI card, not onboard, and it > #> literally stopped the machine). Is the de0 driver also a problem? > > I'm beginning to think it's a scsi problem of sorts as well so > I clipped -hardware and Cc'd -scsi on this. I just happed to > (unfortunately) run into this on another box yesterday after > four months of relative quiet. I happened to be moving an > interface over from some crap Nortel switch to a nice Cisco > switch and promptly a different interface began to do it's dance. > It's the same interface each time (and I've changed cards...) > Anyway, for the record, a little from messages: > > Jun 2 18:48:43 nol33n0x /kernel: fxp0: Microcode loaded, int_delay: 1000 usec > bundle_max: 6 > Jun 4 16:57:50 nol33n0x /kernel: fxp1: SCB timeout: 0x80 0xe0 0x50 0x0 > Jun 4 16:57:51 nol33n0x last message repeated 4 times > Jun 4 16:57:51 nol33n0x /kernel: fxp1: SCB timeout: 0x80 0xe0 0x50 0x400 > Jun 4 16:57:58 nol33n0x /kernel: fxp1: SCB timeout: 0x80 0xe0 0x50 0x0 > Jun 4 16:57:58 nol33n0x last message repeated 3 times This doesn't mention SCSI anywhere. Your problem is almost certainly a PCI/interrupt problem. I'm redirecting this thread to -stable. > #> >The only suggestion I can offer at the moment is to try various card > #> >placements over your PCI slots. I've found stability using one of the > #> >first two slots for my Adaptec controller (2940U[2]W, 29160[N]) and the > #> >rest for the Intel nics. I got panics on boot with my BP6 (SMP) when I had an ahc controller in a PCI slot that didn't support bus mastering. I suggest you do what the above message says and try different combinations of cards in slots (i.e. keep removing one until you no longer get the messages and move around which slot is free). This will help people track down the problem. Also get your mobo manual and check if any slots force interrupt sharing or don't support bus mastering. -Nate From owner-freebsd-net@FreeBSD.ORG Thu Jun 5 13:13:11 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 11D0037B401 for ; Thu, 5 Jun 2003 13:13:11 -0700 (PDT) Received: from mwinf0604.wanadoo.fr (smtp3.wanadoo.fr [193.252.22.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id ED2AC43FA3 for ; Thu, 5 Jun 2003 13:13:09 -0700 (PDT) (envelope-from vjardin@wanadoo.fr) Received: from venus.vincentjardin.net (unknown [193.253.255.175]) by mwinf0604.wanadoo.fr (SMTP Server) with ESMTP id 831D22800146; Thu, 5 Jun 2003 22:13:08 +0200 (CEST) Content-Type: text/plain; charset="iso-8859-1" From: Vincent Jardin To: Julian Elischer , Michael Shiu Date: Thu, 5 Jun 2003 22:13:35 +0200 User-Agent: KMail/1.4.3 References: In-Reply-To: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200306052213.35422.vjardin@wanadoo.fr> cc: freebsd-net@freebsd.org Subject: Re: Does Netgraph in FBSD 5.x SMP requires GIANT lock? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 20:13:11 -0000 Maybe one giant2thread node could be introduced into the graphs. It could= put=20 the messages and the mbufs into a queue from a giant context, then they c= ould=20 be processed from a thread. Is it a possible architecture or do I forget something ? Regards, Vincent Le Jeudi 5 Juin 2003 13:38, Julian Elischer a =E9crit : > On Thu, 5 Jun 2003, Michael Shiu wrote: > > Dear all, > > > > Just like to know if the netgraph code running 5.x SMP kernel require= s > > the GIANT lock? > > Netgraph has lovking built into it but I have not > had teh time yet to "thrown the switch" and run it without > giant. (actually it would only have giant if the edge node that > introduces the packet has giant, or if it's running > as a net thread.) > > What is your graph like? > > > I have the netgraph doing bridging right now but the performance is > > limited by the CPU (right now, it is something around 100k pkt/s in > > 4-STABLE). Does adding another CPU together with upgrading to 5.x be = of > > any help? I guess the bottleneck right now is only one thread is > > executing in interrupt context with GIANT being held. Am I right? > > > > _Michael > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org= " > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Thu Jun 5 13:38:07 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 474A937B401; Thu, 5 Jun 2003 13:38:07 -0700 (PDT) Received: from vmx1.skoleetaten.oslo.no (vmx1.skoleetaten.oslo.no [193.156.192.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3485743F93; Thu, 5 Jun 2003 13:38:06 -0700 (PDT) (envelope-from shamz@nevada.skoleetaten.oslo.no) Received: from smtp.skoleetaten.oslo.no (localhost [127.0.0.1]) by vmx1.skoleetaten.oslo.no (Clean Mail System) with SMTP id 881047D554; Thu, 5 Jun 2003 22:35:45 +0200 (CEST) Received: from nevada.skoleetaten.oslo.no (nevada.skoleetaten.oslo.no [193.156.192.131]) by smtp.skoleetaten.oslo.no (Clean Mail System) with ESMTP id 55E067D379; Thu, 5 Jun 2003 22:35:45 +0200 (CEST) Received: from nevada.skoleetaten.oslo.no (localhost [127.0.0.1]) h55KZjOU055966; Thu, 5 Jun 2003 22:35:45 +0200 (CEST) (envelope-from shamz@nevada.skoleetaten.oslo.no) Received: (from shamz@localhost)h55KZZJh055965; Thu, 5 Jun 2003 22:35:35 +0200 (CEST) Date: Thu, 5 Jun 2003 22:35:35 +0200 From: Shaun Jurrens To: "Justin T. Gibbs" Message-ID: <20030605203535.GP98443@nevada.skoleetaten.oslo.no> References: <20030603152123.GM98443@nevada.skoleetaten.oslo.no> <46490000.1054744366@rambutan.pingpong.net> <20030605091532.GO98443@nevada.skoleetaten.oslo.no> <1607630000.1054832053@aslan.btc.adaptec.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="7PAM/4G1BR2SfWzg" Content-Disposition: inline In-Reply-To: <1607630000.1054832053@aslan.btc.adaptec.com> User-Agent: Mutt/1.4.1i X-Operating-System: FreeBSD 4.8-RELEASE cc: freebsd-net@freebsd.org cc: Palle Girgensohn cc: freebsd-scsi@freebsd.org Subject: Re: fxp0: device timeout | SCB already complete (me too) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 20:38:07 -0000 --7PAM/4G1BR2SfWzg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 05, 2003 at 10:54:14AM -0600, Justin T. Gibbs wrote: #> After that the box didn't find 3 of the 5 fxp nic's until a new #> > boot and a cleared ESCD. Not sure why an fxp card should bitch=20 #> > about SCB's anyway. #>=20 #> Perhaps because fxp devices have SCBs too? Not the same SCBs that #> the Adaptec SCSI controllers have, but a different data structure #> that happens to have the same acronym. A bit confusing, I'll admit, and not documented. A more careful grep would have found it in /usr/src/sys/dev/fxp/if_fxp.c (and=20 related files...) Thanx for the clue bat anyway... #>=20 #> -- #> Justin --=20 Med vennlig hilsen/Sincerely, Shaun D. Jurrens Drift og Sikkerhetskonsulent IKT-Avdeling Oslo Skoleetaten gpg key fingerprint: 007A B6BD 8B1B BAB9 C583 2D19 3A7F 4A3E F83E 84AE --7PAM/4G1BR2SfWzg Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+36mXOn9KPvg+hK4RAqtPAJ9Z4vmerpivSlSO3Wv7jFqWXmAc+gCfZHCr TkFhfsZZ9qJkU9Zjnk+sYZc= =5j1v -----END PGP SIGNATURE----- --7PAM/4G1BR2SfWzg-- From owner-freebsd-net@FreeBSD.ORG Thu Jun 5 13:49:19 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5FD8237B401 for ; Thu, 5 Jun 2003 13:49:19 -0700 (PDT) Received: from fubar.adept.org (fubar.adept.org [63.147.172.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id EDE2D43F85 for ; Thu, 5 Jun 2003 13:49:18 -0700 (PDT) (envelope-from mike@adept.org) Received: by fubar.adept.org (Postfix, from userid 1001) id 5E9411524B; Thu, 5 Jun 2003 13:44:19 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by fubar.adept.org (Postfix) with ESMTP id 5B25C15247 for ; Thu, 5 Jun 2003 13:44:19 -0700 (PDT) Date: Thu, 5 Jun 2003 13:44:19 -0700 (PDT) From: Mike Hoskins To: net@freebsd.org In-Reply-To: <20030603152123.GM98443@nevada.skoleetaten.oslo.no> Message-ID: <20030605134122.Y88021@fubar.adept.org> References: <20030603152123.GM98443@nevada.skoleetaten.oslo.no> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: fxp0: device timeout | SCB already complete (me too) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 20:49:19 -0000 On Tue, 3 Jun 2003, Shaun Jurrens wrote: > I hate to say it, but I've had these for months starting at 4.6-stable > and continuing up to at least the latest 4.7-RRELEASE-p* . I have one > dual -current box that has exibited the same behaviour as well. FWIW, I had similar issues (similar messages, which ultimately resulted in a hang that required manual reboot) starting around late 4.7 or early 4.8-stable. The box was a Dell 1550 with fxp NICs and ahc/amr. At the suggestion of others on the list, I updated my BIOS. Although it was only a single revision out of date (A06 -> A07), the update did seem to fix my problem. This may be unrelated to the problem you are seeing, but the messages entries caught my eye. -mrh -- From: "Spam Catcher" To: spam-catcher@adept.org Do NOT send email to the address listed above or you will be added to a blacklist! From owner-freebsd-net@FreeBSD.ORG Thu Jun 5 16:05:27 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C27E37B404 for ; Thu, 5 Jun 2003 16:05:27 -0700 (PDT) Received: from handler11.mail.rice.edu (handler11.mail.rice.edu [128.42.58.211]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8223143FA3 for ; Thu, 5 Jun 2003 16:05:26 -0700 (PDT) (envelope-from takhoa@rice.edu) Received: from localhost (localhost [127.0.0.1]) by handler11.mail.rice.edu (Postfix) with SMTP id 07BBD1DBC6 for ; Thu, 5 Jun 2003 18:05:26 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by handler11.mail.rice.edu (Postfix) with ESMTP id C9DE91DBC4 for ; Thu, 5 Jun 2003 18:05:25 -0500 (CDT) Received: from ece4 (ece-4.ece.rice.edu [128.42.4.36]) by handler11.mail.rice.edu (Postfix) with SMTP id DD87C1DBC1 for ; Thu, 5 Jun 2003 18:05:24 -0500 (CDT) From: "Khoa To" To: Date: Thu, 5 Jun 2003 18:10:45 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal X-Virus-Scanned: by AMaViS snapshot-20020300 X-DCC--Metrics: handler11.mail.rice.edu 1066; Body=1 Fuz1=1 Fuz2=1 Subject: netgraph hook for iface node X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 23:05:27 -0000 Hello, I need to implement a routing protocol on top of IP (i.e. the packet is encapsulated within an IP packet). I'm new to network programming, and from searching the web, it looks like netgraph can help me a lot. But I have some problems with applying netgraph to my implementation, and I am wondering if someone can help me or give me some pointers. (I would like to implement the code in user space as much as possible) I think I should use an iface node if I want to get an IP packet. I tried and successfully get IP packets printed out on the console when I: - Configure the iface node with the command "ifconfig ng0 1.1.1.1 2.2.2.2" - Used "nghook -a ng0: inet" to connect to the inet hook from the user space - Ping 2.2.2.2 But how do I connect this iface node to the regular ethernet interface so that I can capture IP packets coming from the wire to my regular ethernet card? I can get raw ethernet packets by hooking to the "lower" hook of eth0, but I want the Ethernet codes to do the parsing for me and give me a clean IP packet. I tried to connect the upper hook of eth0 to the inet hook (it probably the wrong way to do it anyway), but I couldn't because I already connected the inet hook to my user level program via nghook. Also, on the way down (i.e. from the application layer), after I assemble my protocol-specific packet, is there a hook in netgraph that I can pass the packet to that would do all the IP encapsulation and generate checksums, etc. and send it down to the network interface for transmission? (Or what type of node that I should create that would allow me to do that?) I really appreciate any hints/help that you guys can provide. Thank you very much, Khoa. From owner-freebsd-net@FreeBSD.ORG Thu Jun 5 18:17:12 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 84DC137B401 for ; Thu, 5 Jun 2003 18:17:12 -0700 (PDT) Received: from smtp01.net-yan.com (smtp01.net-yan.com [210.0.255.210]) by mx1.FreeBSD.org (Postfix) with SMTP id 6A80D43F85 for ; Thu, 5 Jun 2003 18:17:11 -0700 (PDT) (envelope-from mshiu@net-yan.com) Received: (qmail 9184 invoked from network); 6 Jun 2003 01:17:10 -0000 Received: from unknown (HELO athena) ([203.184.192.193]) (envelope-sender ) by localhost (qmail-ldap-1.03) with SMTP for ; 6 Jun 2003 01:17:10 -0000 Message-ID: <014901c32bc9$4c7a9a30$650019ac@athena> From: "Michael Shiu" To: "Vincent Jardin" , "Julian Elischer" References: <200306052213.35422.vjardin@wanadoo.fr> Date: Fri, 6 Jun 2003 09:16:45 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 cc: freebsd-net@freebsd.org Subject: Re: Does Netgraph in FBSD 5.x SMP requires GIANT lock? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 01:17:12 -0000 I am using DEVICE_POLLING by Lugzi Rizzo and connecting 2 em devices using NG_ETHER with NG_BRIDGE. Actually, I am planning to make a netgraph node to do some filtering but as a performance prototype, I am getting those results mentioned. i.e. em0 - NG_ETHER - NG_BRIDGE - NG_ETHER - em1 The polling code currently does not work in SMP environments but with some patchwork, I probably can make it work. But I am not clear if the netgraph framework has other limitations. rgds, _Michael ----- Original Message ----- From: "Vincent Jardin" To: "Julian Elischer" ; "Michael Shiu" Cc: Sent: Friday, June 06, 2003 4:13 AM Subject: Re: Does Netgraph in FBSD 5.x SMP requires GIANT lock? Maybe one giant2thread node could be introduced into the graphs. It could put the messages and the mbufs into a queue from a giant context, then they could be processed from a thread. Is it a possible architecture or do I forget something ? Regards, Vincent Le Jeudi 5 Juin 2003 13:38, Julian Elischer a écrit : > On Thu, 5 Jun 2003, Michael Shiu wrote: > > Dear all, > > > > Just like to know if the netgraph code running 5.x SMP kernel requires > > the GIANT lock? > > Netgraph has lovking built into it but I have not > had teh time yet to "thrown the switch" and run it without > giant. (actually it would only have giant if the edge node that > introduces the packet has giant, or if it's running > as a net thread.) > > What is your graph like? > > > I have the netgraph doing bridging right now but the performance is > > limited by the CPU (right now, it is something around 100k pkt/s in > > 4-STABLE). Does adding another CPU together with upgrading to 5.x be of > > any help? I guess the bottleneck right now is only one thread is > > executing in interrupt context with GIANT being held. Am I right? > > > > _Michael > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Thu Jun 5 23:22:16 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 01BF937B404 for ; Thu, 5 Jun 2003 23:22:16 -0700 (PDT) Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4827A43FBD for ; Thu, 5 Jun 2003 23:22:15 -0700 (PDT) (envelope-from julian@elischer.org) Received: from interjet.elischer.org (12-232-168-4.client.attbi.com[12.232.168.4]) by attbi.com (rwcrmhc52) with ESMTP id <2003060606221405200mtqi4e>; Fri, 6 Jun 2003 06:22:14 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id XAA16593; Thu, 5 Jun 2003 23:22:13 -0700 (PDT) Date: Thu, 5 Jun 2003 23:22:12 -0700 (PDT) From: Julian Elischer To: Vincent Jardin In-Reply-To: <200306052213.35422.vjardin@wanadoo.fr> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE cc: Michael Shiu cc: freebsd-net@freebsd.org Subject: Re: Does Netgraph in FBSD 5.x SMP requires GIANT lock? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 06:22:16 -0000 On Thu, 5 Jun 2003, Vincent Jardin wrote: > Maybe one giant2thread node could be introduced into the graphs. It could= put=20 > the messages and the mbufs into a queue from a giant context, then they c= ould=20 > be processed from a thread. there is alreadya lock per node, with read/write/try semantics If you cannot get the lock you queue your data for processing by whoever has the lock.. usually there si no collision, especially since most processing only needs a reader lock, of which there may be more than one. >=20 > Is it a possible architecture or do I forget something ? >=20 > Regards, > Vincent >=20 > Le Jeudi 5 Juin 2003 13:38, Julian Elischer a =E9crit : > > On Thu, 5 Jun 2003, Michael Shiu wrote: > > > Dear all, > > > > > > Just like to know if the netgraph code running 5.x SMP kernel require= s > > > the GIANT lock? > > > > Netgraph has lovking built into it but I have not > > had teh time yet to "thrown the switch" and run it without > > giant. (actually it would only have giant if the edge node that > > introduces the packet has giant, or if it's running > > as a net thread.) > > > > What is your graph like? > > > > > I have the netgraph doing bridging right now but the performance is > > > limited by the CPU (right now, it is something around 100k pkt/s in > > > 4-STABLE). Does adding another CPU together with upgrading to 5.x be = of > > > any help? I guess the bottleneck right now is only one thread is > > > executing in interrupt context with GIANT being held. Am I right? > > > > > > _Michael > > > > > > _______________________________________________ > > > freebsd-net@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org= " > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >=20 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >=20 From owner-freebsd-net@FreeBSD.ORG Thu Jun 5 23:33:05 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E3AC37B401 for ; Thu, 5 Jun 2003 23:33:05 -0700 (PDT) Received: from rwcrmhc12.attbi.com (rwcrmhc12.attbi.com [216.148.227.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id AAC2043F3F for ; Thu, 5 Jun 2003 23:33:04 -0700 (PDT) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([12.232.168.4]) by attbi.com (rwcrmhc12) with ESMTP id <2003060606330401400abr2ve>; Fri, 6 Jun 2003 06:33:04 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id XAA16659; Thu, 5 Jun 2003 23:33:03 -0700 (PDT) Date: Thu, 5 Jun 2003 23:33:02 -0700 (PDT) From: Julian Elischer To: Michael Shiu In-Reply-To: <014901c32bc9$4c7a9a30$650019ac@athena> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE cc: freebsd-net@freebsd.org Subject: Re: Does Netgraph in FBSD 5.x SMP requires GIANT lock? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 06:33:05 -0000 On Fri, 6 Jun 2003, Michael Shiu wrote: > I am using DEVICE_POLLING by Lugzi Rizzo and connecting 2 em devices usin= g > NG_ETHER with NG_BRIDGE. Actually, I am planning to make a netgraph node = to > do some filtering but as a performance prototype, I am getting those resu= lts > mentioned. i.e. >=20 > em0 - NG_ETHER - NG_BRIDGE - NG_ETHER - em1 >=20 > The polling code currently does not work in SMP environments but with som= e > patchwork, I probably can make it work. But I am not clear if the netgrap= h > framework has other limitations. >=20 > rgds, > _Michael >=20 >=20 > ----- Original Message -----=20 > From: "Vincent Jardin" > To: "Julian Elischer" ; "Michael Shiu" > > Cc: > Sent: Friday, June 06, 2003 4:13 AM > Subject: Re: Does Netgraph in FBSD 5.x SMP requires GIANT lock? it should not require Giant. However there are some locking 'holes' that come when locked resources are accessed by external code that is executed from other contexts.. e.g. many drivers do not know about the locks in their netgraph half, and just 'do' what they want. Also there are instances of callout (timeout) code doing things to a node without getting teh node's lock. >=20 >=20 > Maybe one giant2thread node could be introduced into the graphs. It could > put > the messages and the mbufs into a queue from a giant context, then they > could > be processed from a thread. >=20 > Is it a possible architecture or do I forget something ? >=20 > Regards, > Vincent >=20 > Le Jeudi 5 Juin 2003 13:38, Julian Elischer a =E9crit : > > On Thu, 5 Jun 2003, Michael Shiu wrote: > > > Dear all, > > > > > > Just like to know if the netgraph code running 5.x SMP kernel require= s > > > the GIANT lock? > > > > Netgraph has lovking built into it but I have not > > had teh time yet to "thrown the switch" and run it without > > giant. (actually it would only have giant if the edge node that > > introduces the packet has giant, or if it's running > > as a net thread.) > > > > What is your graph like? > > > > > I have the netgraph doing bridging right now but the performance is > > > limited by the CPU (right now, it is something around 100k pkt/s in > > > 4-STABLE). Does adding another CPU together with upgrading to 5.x be = of > > > any help? I guess the bottleneck right now is only one thread is > > > executing in interrupt context with GIANT being held. Am I right? > > > > > > _Michael > > > > > > _______________________________________________ > > > freebsd-net@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org= " > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >=20 >=20 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >=20 From owner-freebsd-net@FreeBSD.ORG Thu Jun 5 23:51:05 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8065937B401 for ; Thu, 5 Jun 2003 23:51:05 -0700 (PDT) Received: from mwinf0204.wanadoo.fr (smtp7.wanadoo.fr [193.252.22.29]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7491543F75 for ; Thu, 5 Jun 2003 23:51:04 -0700 (PDT) (envelope-from vjardin@wanadoo.fr) Received: from venus.vincentjardin.net (unknown [193.253.255.167]) by mwinf0204.wanadoo.fr (SMTP Server) with ESMTP id DB859A00006B; Fri, 6 Jun 2003 08:51:02 +0200 (CEST) Content-Type: text/plain; charset="iso-8859-1" From: Vincent Jardin To: Julian Elischer , Michael Shiu Date: Fri, 6 Jun 2003 08:51:30 +0200 User-Agent: KMail/1.4.3 References: In-Reply-To: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200306060851.30777.vjardin@wanadoo.fr> cc: freebsd-net@freebsd.org Subject: Re: Does Netgraph in FBSD 5.x SMP requires GIANT lock? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 06:51:05 -0000 > > it should not require Giant. > However there are some locking 'holes' that come when locked resources > are accessed by external code that is executed from other contexts.. > e.g. many drivers do not know about the locks in their netgraph half, > and just 'do' what they want. Also there are instances of callout > (timeout) code doing things to a node without getting teh node's lock. > What's about ng_l2tp ? The BSD's callout functions are used instead of the Netgraph's=20 ng_[un]timeout functions.=20 Vincent From owner-freebsd-net@FreeBSD.ORG Fri Jun 6 00:17:24 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2213937B401 for ; Fri, 6 Jun 2003 00:17:24 -0700 (PDT) Received: from sccrmhc12.attbi.com (sccrmhc12.attbi.com [204.127.202.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E61643F75 for ; Fri, 6 Jun 2003 00:17:23 -0700 (PDT) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([12.232.168.4]) by attbi.com (sccrmhc12) with ESMTP id <200306060717220120097diee>; Fri, 6 Jun 2003 07:17:22 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id AAA16991; Fri, 6 Jun 2003 00:17:21 -0700 (PDT) Date: Fri, 6 Jun 2003 00:17:20 -0700 (PDT) From: Julian Elischer To: Vincent Jardin In-Reply-To: <200306060851.30777.vjardin@wanadoo.fr> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Michael Shiu cc: freebsd-net@freebsd.org Subject: Re: Does Netgraph in FBSD 5.x SMP requires GIANT lock? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 07:17:24 -0000 On Fri, 6 Jun 2003, Vincent Jardin wrote: > > > > it should not require Giant. > > However there are some locking 'holes' that come when locked resources > > are accessed by external code that is executed from other contexts.. > > e.g. many drivers do not know about the locks in their netgraph half, > > and just 'do' what they want. Also there are instances of callout > > (timeout) code doing things to a node without getting teh node's lock. > > > > What's about ng_l2tp ? > The BSD's callout functions are used instead of the Netgraph's > ng_[un]timeout functions. Basically they and others.. but the ng_timeout() functions are still not the complete solution (yet). they are not even used yet. From owner-freebsd-net@FreeBSD.ORG Fri Jun 6 01:42:04 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F7D837B401 for ; Fri, 6 Jun 2003 01:42:04 -0700 (PDT) Received: from pasmtp.tele.dk (pasmtp.tele.dk [193.162.159.95]) by mx1.FreeBSD.org (Postfix) with ESMTP id B41B443F3F for ; Fri, 6 Jun 2003 01:42:03 -0700 (PDT) (envelope-from krask@isupport.dk) Received: from pc100 (0x50a3814c.unknown.tele.dk [80.163.129.76]) by pasmtp.tele.dk (Postfix) with SMTP id 38A7C1EC4B4 for ; Fri, 6 Jun 2003 10:42:02 +0200 (CEST) Message-ID: <007601c32c06$9e242260$0a01a8c0@example.lan> From: "Kristian Rask" To: Date: Fri, 6 Jun 2003 10:34:19 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Subject: Choices for security X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 08:42:04 -0000 Hi In the ongoing saga a new question arises... Presently the system is configured as follows 100 MBit WAN <--> FreeBSD Gateway <--> /28 DMZ-Net incl. 2 MS-IIS ipfw is used to make basic protection for the Windows 2000 / IIS servers ipfw is used kill setups from certain IP's to DMZ/28 80,443 snort is listening for 80,443 setups on DMZ and logging to a MySQL = server A script at regular intervals asks MySql for identical src-ip's that = returns more than LIMIT records.=20 The script then produces ipfw rules and inserts them. After this the = script removes all previously registered records from the database (so that the DB = doesnt keep growing) The script does a "ipfw show" and looks at the relevant records for nr = of attempt and traffic amount. Based on this the script removes records = from the rulesets when traffic drops to a certain level.=20 ipfw zeroes the relevant blocking rules so that a new period of traffic = measuring and blocking can start All of the above is being done at the moment and most of it is automatic = by now. However it seems to me to be overkill ....=20 Does anyone have an idea as to how one measures the IP traffic types in = realtime ?=20 Another thing that has me wondering is something that would look kinda = like route aggregation... like... if i have more than X registrations of certified bad boys pr. Y = bits of network.. i would like to detect this and recreate a network rule instead of a handfull of host = rules.. eg.: If i detect say 16+ rules belonging to the same /24 then i would like to = detect this and replace the 16+ rules with 1 rule for the entire /26. = The basic idea is to reduce the number of rules in the firewall for = performance reasons. Reviewing the last 3 days log files of ipfw rules shows a lot of cases = where 10 - 20 machines came from a very narrow range of IP's. I'm not asking anyone to invent the above... but if somebody has = pointers to algorithms that will work well in the above scenario, i = would be gratefull to know about them. any and all input on the problem much appreciated.. Regards & TIA Kristian From owner-freebsd-net@FreeBSD.ORG Fri Jun 6 04:29:22 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AFC4037B401; Fri, 6 Jun 2003 04:29:22 -0700 (PDT) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6741843F85; Fri, 6 Jun 2003 04:29:21 -0700 (PDT) (envelope-from bzeeb-lists@zabbadoz.net) Received: from localhost (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 5A8691FFF23; Fri, 6 Jun 2003 13:29:19 +0200 (CEST) Received: by transport.cksoft.de (Postfix, from userid 66) id 2B0871FFBD3; Fri, 6 Jun 2003 13:29:18 +0200 (CEST) Received: by mail.int.zabbadoz.net (Postfix, from userid 1060) id 89BC215380; Fri, 6 Jun 2003 11:28:51 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.int.zabbadoz.net (Postfix) with ESMTP id 7ED5715329; Fri, 6 Jun 2003 11:28:52 +0000 (UTC) Date: Fri, 6 Jun 2003 11:28:52 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net To: freebsd-net@freebsd.org, freebsd-hackers@freebsd.org, freebsd-security@freebsd.org, freebsd-doc@FreeBSD.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS snapshot-20020300 Subject: Request for documenting IPSec, NAT/divert, ipfw, ipfilter ... in kernel flow ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-net@freebsd.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 11:29:23 -0000 Hi, sorry for cross-mailing. Reply-to: set to freebsd-net. I have seen some discussion on freebsd-security etc. about some parts of the subject. I have seen older messages in archives. Regularly the same questions seem to come up. I have not found an all-including description of the answer to s.th. like: "Can anybody tell me the order packets get processed in kernel related to IPSec, NAT/divert, ipfw, ipfilter, ... for incoming, outgoing, forwarding... ?". What about bpf, ... ? Is there any chance that some of the gurus can draw one or more ascii arts or xfig or whatever images that show the in kernel packet flow/processing ? Perhaps the doc project would also be happy to include it in the handbook or somewhere else. Would make life much more easier for many people. TIA -- Greetings Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT 56 69 73 69 74 http://www.zabbadoz.net/ From owner-freebsd-net@FreeBSD.ORG Fri Jun 6 08:42:26 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F12E37B401; Fri, 6 Jun 2003 08:42:26 -0700 (PDT) Received: from mail.litech.net (mail.litech.net [193.232.65.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5404143FB1; Fri, 6 Jun 2003 08:42:22 -0700 (PDT) (envelope-from mike@LITech.lviv.ua) Received: from ah.litech.net (ah.litech.net [193.232.65.1]) by mail.litech.net (Postfix) with ESMTP id F20DC46D54; Fri, 6 Jun 2003 18:42:15 +0300 (EET DST) (envelope-from mike@LITech.lviv.ua) Date: Fri, 6 Jun 2003 18:42:15 +0300 (EEST) From: Mike Futerko X-X-Sender: mike@ah.litech.net To: freebsd-questions@freebsd.org, Message-ID: <20030606182845.R24492-100000@ah.litech.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: IPSec + gre X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 15:42:26 -0000 Hi, This is bug or feature that gre tunnel doesn't work under IPSec? I use gif tunnels for the following circuit - they do works just fine, except that I can't filter (ipfw) incoming packets that comes from gif. So I tried gre without IPSec and it works OK - I can filter incoming and outgoing packets in ipfw. But when I try to establish IPSec between tunnel routers - gre stop working. Note that IPSec works as I can ping tunnel routers between each other. LAN1 - TunnelRouter1 (IPSec) -- Internet -- TunnelRouter2 (IPSec) -- LAN2 | | +------------ gif or gre tunnel ------+ Now going to try 'options IPSEC_FILTERGIF' in the kernel config file. Maybe I do something wrong with configuration? Thanks, Mike. From owner-freebsd-net@FreeBSD.ORG Fri Jun 6 08:49:51 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C47537B401 for ; Fri, 6 Jun 2003 08:49:51 -0700 (PDT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6CDC243FDD for ; Fri, 6 Jun 2003 08:49:49 -0700 (PDT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.9/8.12.9) with ESMTP id h56FnmIm072878; Fri, 6 Jun 2003 11:49:48 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9/8.12.9/Submit) id h56FnlIT072877; Fri, 6 Jun 2003 11:49:47 -0400 (EDT) Date: Fri, 6 Jun 2003 11:49:47 -0400 From: Barney Wolff To: Kristian Rask Message-ID: <20030606154947.GA72695@pit.databus.com> References: <007601c32c06$9e242260$0a01a8c0@example.lan> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <007601c32c06$9e242260$0a01a8c0@example.lan> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang) cc: FreeBSD-net@freebsd.org Subject: Re: Choices for security X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 15:49:51 -0000 On Fri, Jun 06, 2003 at 10:34:19AM +0200, Kristian Rask wrote: > > snort is listening for 80,443 setups on DMZ and logging to a MySQL server Since the database is deliberately ephemeral, I would keep it in an in-core hash table. > Another thing that has me wondering is something that would look kinda like route aggregation... > like... if i have more than X registrations of certified bad boys pr. Y bits of network.. i would like > to detect this and recreate a network rule instead of a handfull of host rules.. eg.: > If i detect say 16+ rules belonging to the same /24 then i would like to detect this and replace the 16+ rules with 1 rule for the entire /26. The basic idea is to reduce the number of rules in the firewall for performance reasons. > Reviewing the last 3 days log files of ipfw rules shows a lot of cases where 10 - 20 machines came from a very narrow range of IP's. > I'm not asking anyone to invent the above... but if somebody has pointers to algorithms that will work well in the above scenario, i would be gratefull to know about them. If performance is good without this added complexity, there is no reason to add it. If not, I would look at doing a binary search with skipto rules, rather than trying to discern aggregates. Or just block a /26 or /27 automatically when you detect abuse from any host in it. How often do you get abuse and legitimate requests from adjacent hosts? Finally, if the problem is strictly http(s) requests, you can put an allow tcp established rule before the blocking rules, and take the hit only on setup packets. That doesn't stop an attacker using hping or equivalent, but does stop request bots. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Fri Jun 6 19:49:27 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB19037B401 for ; Fri, 6 Jun 2003 19:49:27 -0700 (PDT) Received: from ip68-14-60-78.no.no.cox.net (ip68-14-60-78.no.no.cox.net [68.14.60.78]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC65743F3F for ; Fri, 6 Jun 2003 19:49:26 -0700 (PDT) (envelope-from conrads@ip68-14-60-78.no.no.cox.net) Received: from ip68-14-60-78.no.no.cox.net (conrads@localhost [127.0.0.1]) h572nQ8E009713 for ; Fri, 6 Jun 2003 21:49:26 -0500 (CDT) (envelope-from conrads@ip68-14-60-78.no.no.cox.net) Received: (from conrads@localhost)h572nPaA009712 for freebsd-net@FreeBSD.ORG; Fri, 6 Jun 2003 21:49:25 -0500 (CDT) (envelope-from conrads) Message-ID: X-Mailer: XFMail 1.5.4 on FreeBSD X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="_=XFMail.1.5.4.FreeBSD:20030606214925:9276=_"; micalg=pgp-md5; protocol="application/pgp-signature" Date: Fri, 06 Jun 2003 21:49:25 -0500 (CDT) Organization: A Rag-Tag Band of Drug-Crazed Hippies From: Conrad Sabatier To: freebsd-net@FreeBSD.ORG Subject: accf_{data,http} defaults? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 02:49:28 -0000 This message is in MIME format --_=XFMail.1.5.4.FreeBSD:20030606214925:9276=_ Content-Type: text/plain; charset=us-ascii Perusing the accf_* man pages, I'm left with the impression that there's little use in loading these modules unless one explicitly modifies the code that creates new sockets in a given application, as well as, perhaps, writing one's own filters. Is this impression correct, or will accf_data and accf_http actually have any effect if simply loaded? -- Conrad Sabatier - "In Unix veritas" --_=XFMail.1.5.4.FreeBSD:20030606214925:9276=_ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE+4VK0r8RegkxqgIgRAtBgAJ4+udQxk2D/BZWZn9aBXpo5QS9YNQCg+6n9 JaK2s+WK7WeufWdUN44rQzQ= =+XD0 -----END PGP SIGNATURE----- --_=XFMail.1.5.4.FreeBSD:20030606214925:9276=_-- End of MIME message From owner-freebsd-net@FreeBSD.ORG Sat Jun 7 05:27:50 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2CAA437B401; Sat, 7 Jun 2003 05:27:50 -0700 (PDT) Received: from silver.he.iki.fi (silver.he.iki.fi [193.64.42.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE77543F3F; Sat, 7 Jun 2003 05:27:48 -0700 (PDT) (envelope-from pete@he.iki.fi) Received: from PETEX31 (h81.vuokselantie10.fi [193.64.42.129]) by silver.he.iki.fi (8.12.9/8.11.4) with SMTP id h57CRkDX080679; Sat, 7 Jun 2003 15:27:46 +0300 (EEST) (envelope-from pete@he.iki.fi) Message-ID: <029601c32cf0$32d021e0$812a40c1@PETEX31> From: "Petri Helenius" To: "Robert Watson" References: Date: Sat, 7 Jun 2003 15:27:44 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 cc: freebsd-net@freebsd.org cc: freebsd-current@freebsd.org Subject: Re: 5.1-BETA em X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 12:27:50 -0000 There... http://www.freebsd.org/cgi/query-pr.cgi?pr=i386/52835 Pete ----- Original Message ----- From: "Robert Watson" To: "Petri Helenius" Cc: ; Sent: Thursday, May 15, 2003 9:54 PM Subject: Re: 5.1-BETA em > Could you file a PR for this, if it hasn't already been resolved? > > Robert N M Watson FreeBSD Core Team, TrustedBSD Projects > robert@fledge.watson.org Network Associates Laboratories > > On Fri, 9 May 2003, Petri Helenius wrote: > > > > > I installed 5.0-RELEASE on an X31 IBM laptop and em0 worked. (1.4.x > > driver) Then > > I cvsupped -CURRENT two days ago and now the em0 probe only displays: > > em0: port > > 0x8000-0x803f > > mem 0xc0200000-0xc020ffff, 0xc0220000-0xc023ffff irq 11 at device 1.0 on > > pci2 > > em0: The EEPROM Checksum Is Not Valid > > em0: Unable to initialize the hardware > > > > The chip is supposedly Intel mobile GE, and the machine has Win XP as > > dual booth with FreeBSD. > > > > Pete > > > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > > From owner-freebsd-net@FreeBSD.ORG Sat Jun 7 22:01:39 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7EF0137B404 for ; Sat, 7 Jun 2003 22:01:39 -0700 (PDT) Received: from web13506.mail.yahoo.com (web13506.mail.yahoo.com [216.136.175.85]) by mx1.FreeBSD.org (Postfix) with SMTP id DB01243FDD for ; Sat, 7 Jun 2003 22:01:38 -0700 (PDT) (envelope-from dyeske@yahoo.com) Message-ID: <20030608050138.82947.qmail@web13506.mail.yahoo.com> Received: from [68.114.30.244] by web13506.mail.yahoo.com via HTTP; Sat, 07 Jun 2003 22:01:38 PDT Date: Sat, 7 Jun 2003 22:01:38 -0700 (PDT) From: David Yeske To: current@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: net@freebsd.org Subject: sendmail starts before rpc.statd and rpc.lockd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Jun 2003 05:01:39 -0000 Jun 8 00:52:33 photon sendmail[293]: h584pRfm000293: SYSERR(root): cannot flock(./tfh584pRfm000293, fd=5, type=6, omode=40001, euid=25^C. NFS access cache time=2 Starting statd. Starting lockd. It looks like sendmail starts before rpc.lockd and rpc.statd? This will cause diskless clients to hang? This is a nfs server and diskless client running 5.1-RELEASE. I'm running rpc.lockd and rpc.statd on the server and the client. Should rpc.lockd and rpc.statd be started before sendmail starts? Regards, David Yeske __________________________________ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com From owner-freebsd-net@FreeBSD.ORG Sat Jun 7 22:27:15 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7CEC437B401 for ; Sat, 7 Jun 2003 22:27:15 -0700 (PDT) Received: from web13506.mail.yahoo.com (web13506.mail.yahoo.com [216.136.175.85]) by mx1.FreeBSD.org (Postfix) with SMTP id 015E743FA3 for ; Sat, 7 Jun 2003 22:27:15 -0700 (PDT) (envelope-from dyeske@yahoo.com) Message-ID: <20030608052714.85468.qmail@web13506.mail.yahoo.com> Received: from [68.114.30.244] by web13506.mail.yahoo.com via HTTP; Sat, 07 Jun 2003 22:27:14 PDT Date: Sat, 7 Jun 2003 22:27:14 -0700 (PDT) From: David Yeske To: current@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: net@freebsd.org Subject: Re: sendmail starts before rpc.statd and rpc.lockd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Jun 2003 05:27:15 -0000 Jun 8 00:52:33 photon sendmail[293]: h584pRfm000293: SYSERR(root): cannot flock(./tfh584pRfm000293, fd=5, type=6, omode=40001, euid=25^C. NFS access cache time=2 Starting statd. Starting lockd. I should clarify that /etc/rc.d/virecover is calling sendmail. Does virecover need to be called this early on? Regards, David Yeske __________________________________ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com