From owner-freebsd-net@FreeBSD.ORG Sun Jan 30 04:56:19 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5DBE716A4CE for ; Sun, 30 Jan 2005 04:56:19 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0095043D1D for ; Sun, 30 Jan 2005 04:56:19 +0000 (GMT) (envelope-from dcornejo@gmail.com) Received: by rproxy.gmail.com with SMTP id f1so663754rne for ; Sat, 29 Jan 2005 20:56:18 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=m/d0yTxpZoNZ3HvCe0Sinl5IGXL3B/J/urbGphZSOChLO7si7YHJIeCt1MqKRIS++ZlKH+FgdD7WPAMx1hVfpxmEiatz4jUJ2eXGgkfohfiqtDdYELWnwJdhFiuAKyE1u9PoGA6miRsTX3sz+k7du2PxQxaC+LMw+bbv54wqsAM= Received: by 10.38.165.18 with SMTP id n18mr168298rne; Sat, 29 Jan 2005 20:56:18 -0800 (PST) Received: by 10.38.86.13 with HTTP; Sat, 29 Jan 2005 20:56:17 -0800 (PST) Message-ID: <6b8e8f4f05012920564ac72002@mail.gmail.com> Date: Sat, 29 Jan 2005 18:56:17 -1000 From: David Cornejo To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: bind() & how to receive broadcast packets? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: David Cornejo List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Jan 2005 04:56:19 -0000 I have a setup where an interface seems to lose broadcast packets somewhere and I'm hoping some kind soul couls lend a hand. This is on 6-CURRENT from within the last few days. One of my interfaces, sis1, is configured with an IP address of 10.0.2.1/24 I'm debugging some code, and in it's original form it binds a socket to 0.0.0.0 and it seems to get the broadcast packets fine. However, if I bind the socket to the actual address of the interface, i no longer receive broadcast packets. This makes some sense I guess, but is there a way to get one socket to receive only packets for its bound address *and* the broadcast address? A more in-depth explanation: A piece of code I am trying to port from Linux has several interfaces on the same box all in the same subnet, though not necessarily connected to each other in any fashion. The code creates a socket per interface and then bind()s them to 0.0.0.0. It then uses SO_BINDTODEVICE to sort out which socket serves which interface. In FreeBSD creating these sockets fail after the first one. My solution was to bind each socket to the IP address of the interface it serves. To direct the output broadcast packets I'm using libnet and this works ok. So I can get the packets out the correct interface, but a select fails to ever fire on broadcast packets received on the interface. I've checked that tcpdump (in non-promiscuous mode) sees them coming in. If anyone has any ideas, I'd appreciate it greatly. thanks, dave c From owner-freebsd-net@FreeBSD.ORG Sun Jan 30 14:40:25 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 32D1316A4DF for ; Sun, 30 Jan 2005 14:40:25 +0000 (GMT) Received: from postfix4-2.free.fr (postfix4-2.free.fr [213.228.0.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id A270243D4C for ; Sun, 30 Jan 2005 14:40:24 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix4-2.free.fr (Postfix) with ESMTP id B90A62BC310 for ; Sun, 30 Jan 2005 15:40:23 +0100 (CET) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id 451F2407C; Sun, 30 Jan 2005 15:40:06 +0100 (CET) Date: Sun, 30 Jan 2005 15:40:06 +0100 From: Jeremie Le Hen To: freebsd-net@freebsd.org Message-ID: <20050130144006.GA58883@obiwan.tataz.chchile.org> References: <20050128110731.GU59685@obiwan.tataz.chchile.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050128110731.GU59685@obiwan.tataz.chchile.org> User-Agent: Mutt/1.5.6i Subject: Re: dummynet and vr(4)/egress broken in 4.11 ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Jan 2005 14:40:25 -0000 > I didn't changed my kernel configuration file so much since my last > kernel upgrade, I juste added gif(4), IPSEC_FILTERGIF and vr(4). > I tested using this rule on ingress and egress of both my internal (sis0) > and external interface (vr0) - inverting IPs where needed :-) - here are > the results : > > | ingress | egress | > -----------+---------+---------+ > vr0 (ext) | OK | - | > -----------+---------+---------+ > sis0 (int) | OK | OK | > -----------+---------+---------+ > > I think that it is now very important to tell you that while upgrading > my box to FreeBSD 4.11, I also changed my external interface from a 10 > MBits ep(4) to a 100 MBits vr(4). > > I cannot switch back to ep(4) for the moment since it is not an option > to have downtime, but according to the privous results, I'm pretty > convinced there is a problem with the vr(4) driver (although I don't > know how it can impact DUMMYNET). Maybe the last commit on this > driver in RELENG_4 (sys/pci/if_vr.c, rev 1.26.2.14) is the culprit. Well, in fact I made further investigation : - Only TCP seems to be affected. UDP and ICMP appear to work without packet drop. - Switching back from my vr(4) to my ep(4) did not resolve the problem. Thus, it seems this problem is independant from the network driver (which makes more sense because AFAIK the latters are not involved in DUMMYNET, as they are in ALTQ for example). I can still use pipes on interface ingress, internal interface egress, but it fails when I use a pipe on egress on my external interface _for packet being forwarded and NATed only_. Weirdly I am still able to use a TCP stream from the router itself. I'll give a try to a 4.10 kernel ASAP. Regards, -- Jeremie Le Hen jeremie@le-hen.org From owner-freebsd-net@FreeBSD.ORG Sun Jan 30 23:54:00 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0AEDD16A4CE for ; Sun, 30 Jan 2005 23:54:00 +0000 (GMT) Received: from 153-bem-1.acn.waw.pl (153-bem-1.acn.waw.pl [62.121.80.153]) by mx1.FreeBSD.org (Postfix) with SMTP id 9D3DD43D2D for ; Sun, 30 Jan 2005 23:53:58 +0000 (GMT) (envelope-from lukasz.stelmach@k.telmark.waw.pl) Received: (qmail 73307 invoked by uid 1000); 30 Jan 2005 23:53:57 -0000 Date: Mon, 31 Jan 2005 00:53:57 +0100 From: Lukasz Stelmach To: freebsd-net@freebsd.org Message-ID: <20050130235357.GA72888@tygrys.k.telmark.waw.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="envbJBWh7q8WU6mo" Content-Disposition: inline User-Agent: Mutt/1.4.2.1i X-Mail-Editor: nvi X-GPG-Fingerprint: 68B8 6D4F 0C5E 291F C4E0 BBF4 35DC D8F2 C9BD 2BDC X-GPG-Key: http://www.ee.pw.edu.pl/~stelmacl/gpg_key.txt Subject: if_stf and rfc1918 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Lukasz Stelmach List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Jan 2005 23:54:00 -0000 --envbJBWh7q8WU6mo Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Greetings All. Once I've discussed this matter with Hajimu UMEMOTO and he posted a patch that made it possible to run 6to4 router behind a nat (FreeBSD 4.x). Soon I will probably be upgrading my old system to 5.x release so I checked if newer stf code allows such operation and to my disapointment I've found out that it doesn't (or at least it seems so). The comment in the code says that it is a requirement of RFC3056. I've check it and in fact it says that RFC1918 addresses MUST NOT be used as NLAs in 6to4 addresses. But IMHO it does not mean that I can't run my 6to4 router behind a NAT at all. In such a situation the IPv6 address contains valid public IPv4 address and the private one in the IPv4 header is substitutet by NAT. So after the packets leave my site they are completly valid 6to4 packets. Also when 6to4 packets come to me they are handeled properly. My question now is why FreeBSD is so restrictive about it. Best regards, =A3ukasz Stelmach. PS. Please cc: the answer, thank you. --=20 |/ |_, _ .- --, Ju=BF z ka=BFdej strony pe=B3zn=B1, potworne =BF= =B1dze |__ |_|. | \ |_|. ._' /_. B=EAd=EA uprawia=B3 nierz=B1d, za pieni= =B1dze --envbJBWh7q8WU6mo Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFB/XOVNdzY8sm9K9wRAo8dAKCBlISxioK4RPJKupFuR30jInyIfQCdGpQw c5wUTATZRrdD8lXPNjseT20= =N6fR -----END PGP SIGNATURE----- --envbJBWh7q8WU6mo-- From owner-freebsd-net@FreeBSD.ORG Mon Jan 31 09:44:36 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 21CAC16A4CE for ; Mon, 31 Jan 2005 09:44:36 +0000 (GMT) Received: from mailhost.catholic.org (mailhost.catholic.org [66.122.14.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id D7E1843D1F for ; Mon, 31 Jan 2005 09:44:35 +0000 (GMT) (envelope-from wsk@catholic.org) Received: from webmail.catholic.org (webmail.catholic.org [66.122.14.27]) by mailhost.catholic.org (8.12.11/8.12.11) with SMTP id j0V9jEJi001267 for ; Mon, 31 Jan 2005 01:45:14 -0800 Received: from 211.96.21.195 (SquirrelMail authenticated user wsk) by webmail.catholic.org with HTTP; Mon, 31 Jan 2005 09:44:35 -0000 (GMT) Message-ID: <59165.211.96.21.195.1107164675.squirrel@webmail.catholic.org> Date: Mon, 31 Jan 2005 09:44:35 -0000 (GMT) From: "wsk" To: net@freebsd.org User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: DSL problem:PPPoE Pap Input: FAILURE () X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jan 2005 09:44:36 -0000 hi,list: my ISP is China Telecom .but the ppp seems could ever dial up success for few times while a whole days!It's the ISP problems or ppp's problems?? here's the ppp's logs cut...: Feb 1 00:00:02 xct ppp[18254]: Phase: deflink: opening -> dial Feb 1 00:00:02 xct ppp[18254]: Phase: deflink: dial -> carrier Feb 1 00:00:03 xct ppp[18254]: Phase: Received NGM_PPPOE_ACNAME (hook "M-S-MA5200-LZ-XINCHENG-01") Feb 1 00:00:03 xct ppp[18254]: Phase: Received NGM_PPPOE_SESSIONID Feb 1 00:00:03 xct ppp[18254]: Phase: Received NGM_PPPOE_SUCCESS Feb 1 00:00:03 xct ppp[18254]: Phase: deflink: carrier -> login Feb 1 00:00:03 xct ppp[18254]: Phase: deflink: login -> lcp Feb 1 00:00:03 xct ppp[18254]: Phase: deflink: his = PAP, mine = none Feb 1 00:00:03 xct ppp[18254]: Phase: Pap Output: blz5511248 ******** Feb 1 00:00:04 xct ppp[18254]: Phase: Pap Input: FAILURE () Feb 1 00:00:04 xct ppp[18254]: Phase: deflink: Disconnected! Feb 1 00:00:04 xct ppp[18254]: Phase: deflink: lcp -> logout Feb 1 00:00:04 xct ppp[18254]: Phase: deflink: logout -> hangup Feb 1 00:00:04 xct ppp[18254]: Phase: deflink: Disconnected! Feb 1 00:00:04 xct ppp[18254]: Phase: deflink: Connect time: 2 secs: 81 octets in, 111 octets out Feb 1 00:00:04 xct ppp[18254]: Phase: deflink: 108 packets in, 108 packets out Feb 1 00:00:04 xct ppp[18254]: Phase: total 96 bytes/sec, peak 0 bytes/sec on Tue Feb 1 00:00:02 2005 Feb 1 00:00:04 xct ppp[18254]: Phase: deflink: hangup -> opening Feb 1 00:00:04 xct ppp[18254]: Phase: deflink: Enter pause (3) for redialing. Feb 1 00:00:07 xct ppp[18254]: Phase: deflink: Connected! Feb 1 00:00:07 xct ppp[18254]: Phase: deflink: opening -> dial Feb 1 00:00:07 xct ppp[18254]: Phase: deflink: dial -> carrier Feb 1 00:00:08 xct ppp[18254]: Phase: Received NGM_PPPOE_ACNAME (hook "M-S-MA5200-LZ-XINCHENG-01") Feb 1 00:00:08 xct ppp[18254]: Phase: Received NGM_PPPOE_SESSIONID Feb 1 00:00:08 xct ppp[18254]: Phase: Received NGM_PPPOE_SUCCESS Feb 1 00:00:08 xct ppp[18254]: Phase: deflink: carrier -> login Feb 1 00:00:08 xct ppp[18254]: Phase: deflink: login -> lcp Feb 1 00:00:08 xct ppp[18254]: Phase: deflink: his = PAP, mine = none Feb 1 00:00:08 xct ppp[18254]: Phase: Pap Output: blz5511248 ******** Feb 1 00:00:09 xct ppp[18254]: Phase: Connected to local client. Feb 1 00:00:09 xct ppp[18254]: Phase: /var/run/ADSL: Client connection dropped.Feb 1 00:00:09 xct ppp[18254]: Phase: Pap Input: FAILURE () Feb 1 00:00:09 xct ppp[18254]: Phase: deflink: Disconnected! Feb 1 00:00:09 xct ppp[18254]: Phase: deflink: lcp -> logout Feb 1 00:00:09 xct ppp[18254]: Phase: deflink: logout -> hangup Feb 1 00:00:09 xct ppp[18254]: Phase: deflink: Disconnected! Feb 1 00:00:09 xct ppp[18254]: Phase: deflink: Connect time: 2 secs: 81 octets in, 111 octets out Feb 1 00:00:09 xct ppp[18254]: Phase: deflink: 114 packets in, 114 packets out Feb 1 00:00:09 xct ppp[18254]: Phase: total 96 bytes/sec, peak 57 bytes/sec on Tue Feb 1 00:00:09 2005 Feb 1 00:00:09 xct ppp[18254]: Phase: deflink: hangup -> opening Feb 1 00:00:09 xct ppp[18254]: Phase: deflink: Enter pause (3) for redialing. ----------------------------------------- This email was sent using FREE Catholic Online Webmail! http://webmail.catholic.org/ From owner-freebsd-net@FreeBSD.ORG Mon Jan 31 10:37:39 2005 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 883C716A4CE; Mon, 31 Jan 2005 10:37:39 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 50FD743D2D; Mon, 31 Jan 2005 10:37:39 +0000 (GMT) (envelope-from yar@FreeBSD.org) Received: from freefall.freebsd.org (yar@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j0VAbdNZ046447; Mon, 31 Jan 2005 10:37:39 GMT (envelope-from yar@freefall.freebsd.org) Received: (from yar@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j0VAbcZr046442; Mon, 31 Jan 2005 10:37:38 GMT (envelope-from yar) Date: Mon, 31 Jan 2005 10:37:38 GMT From: Yar Tikhiy Message-Id: <200501311037.j0VAbcZr046442@freefall.freebsd.org> To: proks@odtel.net, yar@FreeBSD.org, freebsd-net@FreeBSD.org, yar@FreeBSD.org Subject: Re: kern/41007: overfull traffic on third and fourth adaptors at a promiscuous mode on FreeBSD 4.6-STABLE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jan 2005 10:37:39 -0000 Synopsis: overfull traffic on third and fourth adaptors at a promiscuous mode on FreeBSD 4.6-STABLE State-Changed-From-To: open->feedback State-Changed-By: yar State-Changed-When: Mon Jan 31 10:24:07 GMT 2005 State-Changed-Why: This problem really looks like a local setup issue. Sergey, are you still seeing it? Responsible-Changed-From-To: freebsd-net->yar Responsible-Changed-By: yar Responsible-Changed-When: Mon Jan 31 10:24:07 GMT 2005 Responsible-Changed-Why: I'll take this one. http://www.freebsd.org/cgi/query-pr.cgi?pr=41007 From owner-freebsd-net@FreeBSD.ORG Mon Jan 31 11:01:57 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 33CE116A4E6 for ; Mon, 31 Jan 2005 11:01:57 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0D36E43D41 for ; Mon, 31 Jan 2005 11:01:57 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j0VB1uDS048108 for ; Mon, 31 Jan 2005 11:01:56 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j0VB1uBf048102 for freebsd-net@freebsd.org; Mon, 31 Jan 2005 11:01:56 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 31 Jan 2005 11:01:56 GMT Message-Id: <200501311101.j0VB1uBf048102@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jan 2005 11:01:57 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/07/11] kern/54383 net [nfs] [patch] NFS root configurations wit 1 problem total. From owner-freebsd-net@FreeBSD.ORG Mon Jan 31 16:29:37 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A797C16A4CE for ; Mon, 31 Jan 2005 16:29:37 +0000 (GMT) Received: from mail.acquirer.com (mail.acquirer.com [213.94.200.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id C578243D31 for ; Mon, 31 Jan 2005 16:29:35 +0000 (GMT) (envelope-from nick-list@netability.ie) X-Envelope-To: freebsd-net@freebsd.org Received: from pancake.ip6.netability.ie (pancake.ip6.netability.ie [IPv6:2001:bb0:ccc0:1::44]) by mail.acquirer.com (8.12.10/8.12.9) with ESMTP id j0VGTVtp016586; Mon, 31 Jan 2005 16:29:31 GMT (envelope-from nick-list@netability.ie) From: Nick Hilliard To: "Bjoern A. Zeeb" In-Reply-To: References: <1106914610.32953.12.camel@pancake.netability.ie> Content-Type: text/plain Date: Mon, 31 Jan 2005 16:29:30 +0000 Message-Id: <1107188970.82463.12.camel@pancake.netability.ie> Mime-Version: 1.0 X-Mailer: Evolution 2.0.3 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Marvell Yukon 88E8053 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jan 2005 16:29:37 -0000 >>integrated pci-e Marvell Yukon 88E8053 gig nic installed. By the looks > > is this another of the PCIe ones? yep, deviceid 0x4362 instead of 0x4361 for the regular 88E8050. > if it would work the patch doesn't cover everything. See > http://sources.zabbadoz.net/freebsd/patchset/EXPERIMENTAL/if_sk-marvell-88e8050-id.diff > what would need to be patched but be sure to read the disclaimer > at the beginning of this file! ach, I missed the statement where it sets sk->sk_type. > if it's one of the 88E8050s (and it seems to be) you will have to wait > for a new driver to come; I know someone is working on this but I don't > know when we might expect something released. I have tried installing if_sk.c 1.83.2.6 and have put in a variant of the patch above (with the sk->sk_type line included). It now fails with: > skc0: port 0xc800-0xc8ff mem 0xdfefc000-0xdfefffff irq 16 at device 0.0 on pci3 > skc0: bad VPD resource id: expected 82 got 0 > sk0: on skc0 > sk0: no memory for jumbo buffers! > sk0: jumbo buffer allocation failed > device_attach: sk0 attach returned 12 > sk1: on skc0 > sk1: no memory for jumbo buffers! > sk1: jumbo buffer allocation failed > device_attach: sk1 attach returned 12 That "at device 0.0" looks suboptimal. Nick From owner-freebsd-net@FreeBSD.ORG Mon Jan 31 19:34:54 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D40516A4CE for ; Mon, 31 Jan 2005 19:34:54 +0000 (GMT) Received: from cheer.mahoroba.org (gw4.mahoroba.org [218.45.22.175]) by mx1.FreeBSD.org (Postfix) with ESMTP id 079D243D46 for ; Mon, 31 Jan 2005 19:34:53 +0000 (GMT) (envelope-from ume@mahoroba.org) Received: from lyrics.mahoroba.org (IDENT:zUXZsNGHGNlu4zrFoJzY0TZ+8M1niPv/9tp5rbhTjrXOdKJO25PD52COCdK+42f0@lyrics.mahoroba.org [IPv6:3ffe:501:185b:8010:280:88ff:fe03:4841]) (user=ume mech=CRAM-MD5 bits=0)j0VJYesN059824 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 1 Feb 2005 04:34:41 +0900 (JST) (envelope-from ume@mahoroba.org) Date: Tue, 01 Feb 2005 04:34:40 +0900 Message-ID: From: Hajimu UMEMOTO To: Lukasz Stelmach In-Reply-To: <20050130235357.GA72888@tygrys.k.telmark.waw.pl> References: <20050130235357.GA72888@tygrys.k.telmark.waw.pl> User-Agent: xcite1.38> Wanderlust/2.13.1 (You Oughta Know) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (=?ISO-8859-4?Q?Sanj=F2?=) APEL/10.6 Emacs/21.3.50 (i386-unknown-freebsd5.3) MULE/5.0 (SAKAKI) X-Operating-System: FreeBSD 5.3-RELEASE-p3 MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII X-Virus-Scanned: by amavisd-new X-Virus-Status: Clean X-Spam-Status: No, score=-5.6 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.0.2 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on cheer.mahoroba.org cc: freebsd-net@freebsd.org Subject: Re: if_stf and rfc1918 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jan 2005 19:34:54 -0000 Hi, >>>>> On Mon, 31 Jan 2005 00:53:57 +0100 >>>>> Lukasz Stelmach said: Lukasz> Once I've discussed this matter with Hajimu UMEMOTO and he posted a patch Lukasz> that made it possible to run 6to4 router behind a nat (FreeBSD 4.x). Soon Lukasz> I will probably be upgrading my old system to 5.x release so I checked Lukasz> if newer stf code allows such operation and to my disapointment I've Lukasz> found out that it doesn't (or at least it seems so). The comment in the Lukasz> code says that it is a requirement of RFC3056. I've check it and in fact Lukasz> it says that RFC1918 addresses MUST NOT be used as NLAs in 6to4 addresses. Lukasz> But IMHO it does not mean that I can't run my 6to4 router behind a NAT Lukasz> at all. In such a situation the IPv6 address contains valid public IPv4 Lukasz> address and the private one in the IPv4 header is substitutet by NAT. So Lukasz> after the packets leave my site they are completly valid 6to4 packets. Lukasz> Also when 6to4 packets come to me they are handeled properly. Lukasz> My question now is why FreeBSD is so restrictive about it. Oops, I completely forget this issue. If there is no objection, I'll commit following patch into HEAD then MFC to RELENG_5. Index: share/man/man4/stf.4 diff -u share/man/man4/stf.4.orig share/man/man4/stf.4 --- share/man/man4/stf.4.orig Sat Jan 4 14:15:26 2003 +++ share/man/man4/stf.4 Tue Feb 1 02:05:05 2005 @@ -178,6 +178,17 @@ Note, however, there are other security risks exist. If you wish to use the configuration, you must not advertise your 6to4 address to others. +.Pp +You can configure to use 6to4 from behind NAT by setting the +.Xr sysctl 8 +variable +.Va net.link.stf.no_addr4check +to 1 with support of your NAT box. In this case, make sure to use a +6to4 address which is worked out from an IPv4 global address of your +NAT box. If you are directly connected to the Internet, you shouldn't +chenge the value of +.Va net.link.stf.no_addr4check . +This is only hack to use 6to4 from within a NAT. .\" .Sh EXAMPLES Note that Index: sys/net/if_stf.c diff -u -p sys/net/if_stf.c.orig sys/net/if_stf.c --- sys/net/if_stf.c.orig Thu Jan 13 00:47:31 2005 +++ sys/net/if_stf.c Tue Feb 1 04:00:34 2005 @@ -89,6 +89,7 @@ #include #include #include +#include #include #include @@ -183,6 +184,13 @@ static int stf_clone_destroy(struct if_c struct if_clone stf_cloner = IFC_CLONE_INITIALIZER(STFNAME, NULL, 0, NULL, stf_clone_match, stf_clone_create, stf_clone_destroy); +SYSCTL_DECL(_net_link); +SYSCTL_NODE(_net_link, IFT_STF, stf, CTLFLAG_RW, 0, "6to4 Interface"); + +static int no_addr4check = 0; +SYSCTL_INT(_net_link_stf, OID_AUTO, no_addr4check, CTLFLAG_RW, + &no_addr4check, 0, "Skip checking outer IPv4 address"); + static int stf_clone_match(struct if_clone *ifc, const char *name) { @@ -357,9 +365,17 @@ stf_encapcheck(m, off, proto, arg) * local 6to4 address. * success on: dst = 10.1.1.1, ia6->ia_addr = 2002:0a01:0101:... */ - if (bcmp(GET_V4(&ia6->ia_addr.sin6_addr), &ip.ip_dst, - sizeof(ip.ip_dst)) != 0) - return 0; + if (no_addr4check) { + struct ifnet *tif; + + INADDR_TO_IFP(ip.ip_dst, tif); + if (!tif) + return 0; + } else { + if (bcmp(GET_V4(&ia6->ia_addr.sin6_addr), &ip.ip_dst, + sizeof(ip.ip_dst)) != 0) + return 0; + } /* * check if IPv4 src matches the IPv4 address derived from the @@ -401,12 +417,14 @@ stf_getsrcifa6(ifp) if (!IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) continue; - bcopy(GET_V4(&sin6->sin6_addr), &in, sizeof(in)); - LIST_FOREACH(ia4, INADDR_HASH(in.s_addr), ia_hash) - if (ia4->ia_addr.sin_addr.s_addr == in.s_addr) - break; - if (ia4 == NULL) - continue; + if (!no_addr4check) { + bcopy(GET_V4(&sin6->sin6_addr), &in, sizeof(in)); + LIST_FOREACH(ia4, INADDR_HASH(in.s_addr), ia_hash) + if (ia4->ia_addr.sin_addr.s_addr == in.s_addr) + break; + if (ia4 == NULL) + continue; + } return (struct in6_ifaddr *)ia; } @@ -511,8 +529,10 @@ stf_output(ifp, m, dst, rt) bzero(ip, sizeof(*ip)); - bcopy(GET_V4(&((struct sockaddr_in6 *)&ia6->ia_addr)->sin6_addr), - &ip->ip_src, sizeof(ip->ip_src)); + if (!no_addr4check) + bcopy(GET_V4( + &((struct sockaddr_in6 *)&ia6->ia_addr)->sin6_addr), + &ip->ip_src, sizeof(ip->ip_src)); bcopy(&in4, &ip->ip_dst, sizeof(ip->ip_dst)); ip->ip_p = IPPROTO_IPV6; ip->ip_ttl = ip_stf_ttl; @@ -587,13 +607,6 @@ stf_checkaddr4(sc, in, inifp) } /* - * reject packets with private address range. - * (requirement from RFC3056 section 2 1st paragraph) - */ - if (isrfc1918addr(in)) - return -1; - - /* * reject packets with broadcast */ for (ia4 = TAILQ_FIRST(&in_ifaddrhead); @@ -645,7 +658,16 @@ stf_checkaddr6(sc, in6, inifp) */ if (IN6_IS_ADDR_6TO4(in6)) { struct in_addr in4; + bcopy(GET_V4(in6), &in4, sizeof(in4)); + + /* + * reject packets with private address range. + * (requirement from RFC3056 section 2 1st paragraph) + */ + if (isrfc1918addr(&in4)) + return -1; + return stf_checkaddr4(sc, &in4, inifp); } @@ -694,6 +716,18 @@ in_stf_input(m, off) #ifdef MAC mac_create_mbuf_from_ifnet(ifp, m); #endif + + /* + * Skip RFC1918 check against dest address to allow incoming + * packets with private address for dest. Though it may + * breasks the requirement from RFC3056 section 2 1st + * paragraph, it helps for 6to4 over NAT. + */ + if ((!no_addr4check && isrfc1918addr(&ip->ip_dst)) || + isrfc1918addr(&ip->ip_src)) { + m_freem(m); + return; + } /* * perform sanity check against outer src/dst. Sincerely, -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ From owner-freebsd-net@FreeBSD.ORG Mon Jan 31 20:56:17 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B76B016A4CE for ; Mon, 31 Jan 2005 20:56:17 +0000 (GMT) Received: from mailserv1.neuroflux.com (ns2.neuroflux.com [204.228.228.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3211343D1F for ; Mon, 31 Jan 2005 20:56:17 +0000 (GMT) (envelope-from ryans@gamersimpact.com) Received: (qmail 72985 invoked by uid 89); 31 Jan 2005 20:55:26 -0000 Received: from unknown (HELO www2.neuroflux.com) (127.0.0.1) by localhost with SMTP; 31 Jan 2005 20:55:26 -0000 Received: from 208.4.77.204 (SquirrelMail authenticated user ryans@gamersimpact.com); by www2.neuroflux.com with HTTP; Mon, 31 Jan 2005 13:55:26 -0700 (MST) Message-ID: <52510.208.4.77.204.1107204926.squirrel@208.4.77.204> Date: Mon, 31 Jan 2005 13:55:26 -0700 (MST) From: "Ryan Sommers" To: net@freebsd.org User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: RFC3442 & dhclient X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jan 2005 20:56:17 -0000 It looks like the ISC DHCP client doesn't support RFC3442 yet. Is there any way to get this to work easily? Any other DHCP client ported to FreeBSD that supports RFC3442 parameters? I'm able to send the parameters via a custom option code in the dhcpd config and the routes appear correctly on Windows boxes (yes, I'm assigning both the RFC3442 code of 121 and the Windows code of 249 for the responses). -- Ryan Sommers ryans@gamersimpact.com From owner-freebsd-net@FreeBSD.ORG Tue Feb 1 00:20:54 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EEF2C16A4CE for ; Tue, 1 Feb 2005 00:20:54 +0000 (GMT) Received: from postfix4-2.free.fr (postfix4-2.free.fr [213.228.0.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4EC1B43D45 for ; Tue, 1 Feb 2005 00:20:54 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix4-2.free.fr (Postfix) with ESMTP id 70F282BC33F for ; Tue, 1 Feb 2005 01:20:52 +0100 (CET) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id 7A9E0407C; Tue, 1 Feb 2005 01:20:34 +0100 (CET) Date: Tue, 1 Feb 2005 01:20:34 +0100 From: Jeremie Le Hen To: freebsd-net@freebsd.org Message-ID: <20050201002034.GF60177@obiwan.tataz.chchile.org> References: <20050128110731.GU59685@obiwan.tataz.chchile.org> <20050130144006.GA58883@obiwan.tataz.chchile.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050130144006.GA58883@obiwan.tataz.chchile.org> User-Agent: Mutt/1.5.6i Subject: Re: dummynet and vr(4)/egress broken in 4.11 ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Feb 2005 00:20:55 -0000 > I'll give a try to a 4.10 kernel ASAP. I compiled the lastest kernel from RELENG_4_10 CVS branch and DUMMYNET pipes works well. I am able to use one pipe on my external interface egress without breaking TCP streams. I'm now recompiling the lastest kernel from the RELENG_4 branch to test the same configuration but I'm pretty sure it won't work. Any ideas of what could break this ? -- Jeremie Le Hen jeremie@le-hen.org From owner-freebsd-net@FreeBSD.ORG Tue Feb 1 01:05:30 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4B1916A4CE for ; Tue, 1 Feb 2005 01:05:30 +0000 (GMT) Received: from postfix3-2.free.fr (postfix3-2.free.fr [213.228.0.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7760043D2D for ; Tue, 1 Feb 2005 01:05:30 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix3-2.free.fr (Postfix) with ESMTP id 9A115C07D for ; Tue, 1 Feb 2005 02:05:29 +0100 (CET) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id B0DCE407C; Tue, 1 Feb 2005 02:05:12 +0100 (CET) Date: Tue, 1 Feb 2005 02:05:12 +0100 From: Jeremie Le Hen To: freebsd-net@freebsd.org Message-ID: <20050201010512.GH60177@obiwan.tataz.chchile.org> References: <20050128110731.GU59685@obiwan.tataz.chchile.org> <20050130144006.GA58883@obiwan.tataz.chchile.org> <20050201002034.GF60177@obiwan.tataz.chchile.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050201002034.GF60177@obiwan.tataz.chchile.org> User-Agent: Mutt/1.5.6i Subject: DUMMYNET broken on 4.11 (was: dummynet and vr(4)/egress broken in 4.11 ?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Feb 2005 01:05:30 -0000 On Tue, Feb 01, 2005 at 01:20:34AM +0100, Jeremie Le Hen wrote: > > I'll give a try to a 4.10 kernel ASAP. > > I compiled the lastest kernel from RELENG_4_10 CVS branch and DUMMYNET > pipes works well. I am able to use one pipe on my external interface > egress without breaking TCP streams. > > I'm now recompiling the lastest kernel from the RELENG_4 branch to test > the same configuration but I'm pretty sure it won't work. > > Any ideas of what could break this ? I run the lastest 4.11 kernel and using exactly the same configuration breaks my TCP streams coming from my internal network. -- Jeremie Le Hen jeremie@le-hen.org From owner-freebsd-net@FreeBSD.ORG Tue Feb 1 01:33:29 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6ACC416A4CF; Tue, 1 Feb 2005 01:33:29 +0000 (GMT) Received: from postfix4-1.free.fr (postfix4-1.free.fr [213.228.0.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 274F743D55; Tue, 1 Feb 2005 01:33:29 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix4-1.free.fr (Postfix) with ESMTP id 8F96128B10F; Tue, 1 Feb 2005 02:33:27 +0100 (CET) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id EEDFF407C; Tue, 1 Feb 2005 02:33:10 +0100 (CET) Date: Tue, 1 Feb 2005 02:33:10 +0100 From: Jeremie Le Hen To: freebsd-net@freebsd.org Message-ID: <20050201013310.GI60177@obiwan.tataz.chchile.org> References: <20050128110731.GU59685@obiwan.tataz.chchile.org> <20050130144006.GA58883@obiwan.tataz.chchile.org> <20050201002034.GF60177@obiwan.tataz.chchile.org> <20050201010512.GH60177@obiwan.tataz.chchile.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050201010512.GH60177@obiwan.tataz.chchile.org> User-Agent: Mutt/1.5.6i cc: darrenr@FreeBSD.org Subject: Re: DUMMYNET broken on 4.11 (was: dummynet and vr(4)/egress broken in 4.11 ?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Feb 2005 01:33:29 -0000 On Tue, Feb 01, 2005 at 02:05:12AM +0100, Jeremie Le Hen wrote: > On Tue, Feb 01, 2005 at 01:20:34AM +0100, Jeremie Le Hen wrote: > > > I'll give a try to a 4.10 kernel ASAP. > > > > I compiled the lastest kernel from RELENG_4_10 CVS branch and DUMMYNET > > pipes works well. I am able to use one pipe on my external interface > > egress without breaking TCP streams. > > > > I'm now recompiling the lastest kernel from the RELENG_4 branch to test > > the same configuration but I'm pretty sure it won't work. > > > > Any ideas of what could break this ? > > I run the lastest 4.11 kernel and using exactly the same configuration > breaks my TCP streams coming from my internal network. As I said, I took the lastest kernel from RELENG_4. DUMMYNET pipes will break any TCP stream coming from my internal network (which are thus NATed by IPFilter), but not the ones originated from the router itself. I checked the differences between RELENG_4_10 and RELENG_4 : o netinet/ nothing relevant o net/ nothing relevant o contrib/ipfilter/ could be the point given that IPFilter was updated from 3.4.31 to 3.4.35 and problems occur only when packets are NATed So I did: %%% # cd /sys/contrib/ipfilter # cvs up -r RELENG_4_10 -dP # config; make depend; make; make install ... %%% And it works ! So changes in IPFilter between 4.10 and 4.11 obviously broke DUMMYNET pipes (see my^H^Hthe entire thread for more details). Good night. Best regards, -- Jeremie Le Hen jeremie@le-hen.org From owner-freebsd-net@FreeBSD.ORG Tue Feb 1 14:19:27 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB21616A4CE for ; Tue, 1 Feb 2005 14:19:27 +0000 (GMT) Received: from heisenberg.zen.co.uk (heisenberg.zen.co.uk [212.23.3.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F22E43D45 for ; Tue, 1 Feb 2005 14:19:27 +0000 (GMT) (envelope-from chris@wayforth.co.uk) Received: from [82.69.161.254] (helo=[192.168.168.119]) by heisenberg.zen.co.uk with esmtp (Exim 4.30) id 1CvysI-0005RA-7q for freebsd-net@freebsd.org; Tue, 01 Feb 2005 14:19:26 +0000 Message-ID: <41FF8FEA.9050102@wayforth.co.uk> Date: Tue, 01 Feb 2005 14:19:22 +0000 From: Chris Cowen User-Agent: Mozilla Thunderbird 0.9 (X11/20041124) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <41FA6E06.8040309@wayforth.co.uk> <5a500d3088229b5786cedbe82665ece5@meta-x.org> In-Reply-To: <5a500d3088229b5786cedbe82665ece5@meta-x.org> X-Enigmail-Version: 0.89.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Originating-Heisenberg-IP: [82.69.161.254] Subject: Re: racoon behaviour when SA expires X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Feb 2005 14:19:27 -0000 Alex wrote: > Hi Chris, > > SA in IPsec can expire really quick, it depends how often it is required > for SPD key negotiation. Once SPD is established, the SA will be > required only when a new tunnel key is needed. Try to put a really low > delay on both SAD & SPD and turn racoon debug on to see why your SA is > not renegotiated. > A bit more investigation reveals that the SA is re-established but the SPD entries at the remote get dropped. This would explain the half duplex communication I am seeing with tcpdump (ping repsonses get back as far as the remote racoon machine and the lack of SPD means the machine can't route the packet back through the tunnel). I have tried applying the suggested fix in fbsd4/530, which seems to be a similar problem, but this doesn't make any difference, unfortunately. Turning on debug messages seems to alter timings sufficiently that problems are harder to reproduce exactly and/or slightly different problems are encountered. Looks like I'm going to have to have a more detailed look at the source .... From owner-freebsd-net@FreeBSD.ORG Tue Feb 1 16:04:40 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 30EB216A4CE for ; Tue, 1 Feb 2005 16:04:40 +0000 (GMT) Received: from mail.astra-sw.com (mail.astra-sw.com [82.140.87.237]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E0AC43D60 for ; Tue, 1 Feb 2005 16:04:39 +0000 (GMT) (envelope-from Nickolay.Kritsky@astra-sw.com) Received: from exchange.stardevelopers4msi.com ([192.168.64.10]) by mail.astra-sw.com (8.12.11/8.12.11) with ESMTP id j11G4bft025153 for ; Tue, 1 Feb 2005 19:04:37 +0300 (MSK) X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable Date: Tue, 1 Feb 2005 19:06:50 +0300 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: dummynet and vr(4)/egress broken in 4.11 ? thread-index: AcUG2g1hCtI1mxaQT7eIeIenNQ0DDQBnZjHw From: "Nickolay Kritsky" To: "Jeremie Le Hen" , Subject: RE: dummynet and vr(4)/egress broken in 4.11 ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Feb 2005 16:04:40 -0000 Are you using ipnat for NAT'ing? If yes, can you post your ipnat rules? Nick -----Original Message----- From: Jeremie Le Hen [mailto:jeremie@le-hen.org] Sent: Sunday, January 30, 2005 5:40 PM To: freebsd-net@freebsd.org Subject: Re: dummynet and vr(4)/egress broken in 4.11 ? > I didn't changed my kernel configuration file so much since my last > kernel upgrade, I juste added gif(4), IPSEC_FILTERGIF and vr(4). > I tested using this rule on ingress and egress of both my internal = (sis0) > and external interface (vr0) - inverting IPs where needed :-) - here = are > the results : >=20 > | ingress | egress | > -----------+---------+---------+ > vr0 (ext) | OK | - | > -----------+---------+---------+ > sis0 (int) | OK | OK | > -----------+---------+---------+ >=20 > I think that it is now very important to tell you that while upgrading > my box to FreeBSD 4.11, I also changed my external interface from a 10 > MBits ep(4) to a 100 MBits vr(4). >=20 > I cannot switch back to ep(4) for the moment since it is not an option > to have downtime, but according to the privous results, I'm pretty > convinced there is a problem with the vr(4) driver (although I don't > know how it can impact DUMMYNET). Maybe the last commit on this > driver in RELENG_4 (sys/pci/if_vr.c, rev 1.26.2.14) is the culprit. Well, in fact I made further investigation : - Only TCP seems to be affected. UDP and ICMP appear to work without packet drop. - Switching back from my vr(4) to my ep(4) did not resolve the problem. Thus, it seems this problem is independant from the network driver (which makes more sense because AFAIK the latters are not involved in DUMMYNET, as they are in ALTQ for example). I can still use pipes on interface ingress, internal interface egress, but it fails when I use a pipe on egress on my external interface _for packet being forwarded and NATed only_. Weirdly I am still able to use a TCP stream from the router itself. I'll give a try to a 4.10 kernel ASAP. Regards, --=20 Jeremie Le Hen jeremie@le-hen.org _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Tue Feb 1 18:13:21 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF63316A4CE for ; Tue, 1 Feb 2005 18:13:21 +0000 (GMT) Received: from mail.freebsd.org.cn (dns3.freebsd.org.cn [61.129.66.75]) by mx1.FreeBSD.org (Postfix) with SMTP id 5F29843D2D for ; Tue, 1 Feb 2005 18:13:15 +0000 (GMT) (envelope-from delphij@frontfree.net) Received: (qmail 97416 invoked by uid 0); 1 Feb 2005 18:04:58 -0000 Received: from unknown (HELO beastie.frontfree.net) (219.239.99.7) by mail.freebsd.org.cn with SMTP; 1 Feb 2005 18:04:58 -0000 Received: from localhost (localhost.frontfree.net [127.0.0.1]) by beastie.frontfree.net (Postfix) with ESMTP id 3F2A8134138 for ; Wed, 2 Feb 2005 02:13:07 +0800 (CST) Received: from beastie.frontfree.net ([127.0.0.1]) by localhost (beastie.frontfree.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 52785-02 for ; Wed, 2 Feb 2005 02:12:53 +0800 (CST) Received: from localhost.localdomain (unknown [221.217.209.135]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by beastie.frontfree.net (Postfix) with ESMTP id D17281317BB for ; Wed, 2 Feb 2005 02:12:52 +0800 (CST) From: Xin LI To: freebsd-net@FreeBSD.org Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-W7l3o9fZV6LIkx5t6/5p" Organization: The FreeBSD Simplified Chinese Project Date: Wed, 02 Feb 2005 02:11:36 +0800 Message-Id: <1107281496.809.48.camel@spirit> Mime-Version: 1.0 X-Mailer: Evolution 2.0.3 FreeBSD GNOME Team Port X-Virus-Scanned: by amavisd-new at frontfree.net Subject: Two NIC's connected to same subnet: routing question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: delphij@delphij.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Feb 2005 18:13:21 -0000 --=-W7l3o9fZV6LIkx5t6/5p Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Dear folks, I think I got confused with the routing problem we will have when at least two NIC's are connected into the same subnet. The scenario: em0: 192.168.0.1/24 em1: 192.168.0.2/24 We can't simply configure like this, since 192.168.0.0/24 network route exists as soon as either em0 or em1 is up. A workaround for this is that we assign 192.168.0.2/32 for em1, but that has another issue that all traffics will go through em0 for "outgoing", say, outside the current network. A google of the issue has indicated that the "Move ARP out of routing table" work done last April should have resolved this, as "With this change it is possible to have more than one interface in the same IP subnet and layer 2 broadcast domain.". However, what I have found from our mailing list archive says only to assign /32 IP address, or remove routing item from route table, which is essentially identical to the /32 solution. So is there any way to utilize the both NIC's? I think I have been confused :-( Cheers, --=20 Xin LI http://www.delphij.net/ --=-W7l3o9fZV6LIkx5t6/5p Content-Type: application/pgp-signature; name=signature.asc Content-Description: =?UTF-8?Q?=E8=BF=99=E6=98=AF=E4=BF=A1=E4=BB=B6=E7=9A=84=E6=95=B0?= =?UTF-8?Q?=E5=AD=97=E7=AD=BE=E5=90=8D=E9=83=A8?= =?UTF-8?Q?=E5=88=86?= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBB/8ZY/cVsHxFZiIoRAh0EAJ9NpldQ4lZGZLosedCAMIiCpMTWiQCfdbN3 IfiBbJt/LTtTx+/qxlwdU90= =kk6O -----END PGP SIGNATURE----- --=-W7l3o9fZV6LIkx5t6/5p-- From owner-freebsd-net@FreeBSD.ORG Tue Feb 1 18:37:36 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C0F9C16A4CF for ; Tue, 1 Feb 2005 18:37:36 +0000 (GMT) Received: from mx0.nttmcl.com (MX0.nttmcl.com [216.69.68.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 827FC43D2F for ; Tue, 1 Feb 2005 18:37:36 +0000 (GMT) (envelope-from henrysu@nttmcl.com) Received: from nttmcljlsjk7s3 (dhcp227.nttmcl.com [216.69.69.227]) j11IbKtD007456; Tue, 1 Feb 2005 10:37:20 -0800 From: "Henry Su" To: , Date: Tue, 1 Feb 2005 10:37:20 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <1107281496.809.48.camel@spirit> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Subject: RE: Two NIC's connected to same subnet: routing question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: henrysu@nttmcl.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Feb 2005 18:37:36 -0000 You can configure both NIC as /32. You also need proxy arp installed and listen on both NIC. Then the traffic should be able to follow between two NICs. Since Proxy ARP always answers its MAC to clients, so the clients can always send traffic to em1 or em0. Based on client's mac entry in the ARP table, client to client traffic is easily transferred. Other traffic should be able to direct to default gateway. If you know other options, I am interested to hear. Thanks. -----Original Message----- From: owner-freebsd-net@freebsd.org [mailto:owner-freebsd-net@freebsd.org]On Behalf Of Xin LI Sent: Tuesday, February 01, 2005 10:12 AM To: freebsd-net@freebsd.org Subject: Two NIC's connected to same subnet: routing question Dear folks, I think I got confused with the routing problem we will have when at least two NIC's are connected into the same subnet. The scenario: em0: 192.168.0.1/24 em1: 192.168.0.2/24 We can't simply configure like this, since 192.168.0.0/24 network route exists as soon as either em0 or em1 is up. A workaround for this is that we assign 192.168.0.2/32 for em1, but that has another issue that all traffics will go through em0 for "outgoing", say, outside the current network. A google of the issue has indicated that the "Move ARP out of routing table" work done last April should have resolved this, as "With this change it is possible to have more than one interface in the same IP subnet and layer 2 broadcast domain.". However, what I have found from our mailing list archive says only to assign /32 IP address, or remove routing item from route table, which is essentially identical to the /32 solution. So is there any way to utilize the both NIC's? I think I have been confused :-( Cheers, -- Xin LI http://www.delphij.net/ From owner-freebsd-net@FreeBSD.ORG Wed Feb 2 02:11:42 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1814116A4CF for ; Wed, 2 Feb 2005 02:11:42 +0000 (GMT) Received: from ssigc.net (h001217371998.ne.client2.attbi.com [24.147.227.219]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6263143D46 for ; Wed, 2 Feb 2005 02:11:41 +0000 (GMT) (envelope-from tom@mvcg.net) Received: from ssigc.net (localhost [192.168.1.102] (may be forged)) by ssigc.net (8.13.1/8.13.1) with ESMTP id j123A65s089950 for ; Tue, 1 Feb 2005 22:10:07 -0500 (EST) Received: from ([192.168.1.101]) by ssigc.net (MailMonitor for SMTP v1.2.2 ) ; Tue, 1 Feb 2005 22:10:06 -0500 (EST) Message-ID: <000801c508d4$aa7dd770$6501a8c0@neonduron> From: "Tom Farrell" To: Date: Tue, 1 Feb 2005 22:09:48 -0500 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: multihome routing help X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Feb 2005 02:11:42 -0000 BSD 5.0 3 Nic cards. Card 1 connects to DSL network and assigned route able IP from the =20 ISP Card 2 connects to a private frame-relay network and is assigned=20 192.168.66.2/22 directly connected interface is = 192.168.66.1/22 Card 3 connects lan is assigned 192.168.67.0/24 I have enabled Nat & ipfw on card1 and clients on Lan can use the DSL = connection perfectly. =20 I can source traceroute the directly connected 192.168.66.1 sourcing = 192.168.66.2 interface. I cannot source traceroute to 192.168.66.1 = when sourcing from 192.168.67.1. Based on this it does not appear that forwarding is happening between = the two networks, 192.168.66.0/24 & 192.168.67.0/24 ? Seems the only = reason that the traffic is passing through is because of the Natd & ipfw = divert statments...=20 Can this be done with routing or do I have to use ipfw to forward = between both networks? I would prefer just to run the nat & ipfw = instance on the DSL interface and run pure routing between the lan = interface & the interface which connects to the frame-relay network.. thnx in advance From owner-freebsd-net@FreeBSD.ORG Wed Feb 2 03:05:31 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 90BAA16A4CE for ; Wed, 2 Feb 2005 03:05:31 +0000 (GMT) Received: from mail.utcorp.net (mail.utcorp.net [146.145.135.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C15343D48 for ; Wed, 2 Feb 2005 03:05:31 +0000 (GMT) (envelope-from lister@primetime.com) Received: from [10.200.1.90] (helo=[10.200.1.90]) by mail.utcorp.net with esmtp (Exim 4.30; FreeBSD) id 1CwB7Q-0004Yw-Sx for freebsd-net@freebsd.org; Tue, 01 Feb 2005 22:23:53 -0500 Message-ID: <42006E43.2090801@primetime.com> Date: Tue, 01 Feb 2005 22:08:03 -0800 From: Lister User-Agent: Mozilla Thunderbird 1.0 (X11/20050116) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-yoursite-MailScanner-Information: Please contact the ISP for more information X-yoursite-MailScanner: Found to be clean Subject: gigabit nic recommendations X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Feb 2005 03:05:32 -0000 What is a good Gb nic for these criterion : * FBSD 4.11 now, 5.X later * prefer 64 bit, 32 bit slots all full. Is there any other advantage to 64 bit? e.g. speed? system load? * I would like not to spend a king's ransom :) * RJ-45 (Cisco 29XX w/ RJ-45 GBIC) If it helps, this is the motherboard : http://www.tyan.com/products/html/tigermpx.html TIA From owner-freebsd-net@FreeBSD.ORG Wed Feb 2 06:50:49 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C4D8F16A4CE for ; Wed, 2 Feb 2005 06:50:49 +0000 (GMT) Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 86C1843D31 for ; Wed, 2 Feb 2005 06:50:49 +0000 (GMT) (envelope-from cristjc@comcast.net) Received: from goku.cjclark.org (c-24-6-187-112.client.comcast.net[24.6.187.112]) by comcast.net (rwcrmhc13) with ESMTP id <20050202065044015009jii0e>; Wed, 2 Feb 2005 06:50:45 +0000 Received: from goku.cjclark.org (localhost. [127.0.0.1]) by goku.cjclark.org (8.12.11/8.12.8) with ESMTP id j126oMk2014732; Tue, 1 Feb 2005 22:50:23 -0800 (PST) (envelope-from cristjc@comcast.net) Received: (from cjc@localhost) by goku.cjclark.org (8.12.11/8.12.11/Submit) id j126o76B014731; Tue, 1 Feb 2005 22:50:07 -0800 (PST) (envelope-from cristjc@comcast.net) X-Authentication-Warning: goku.cjclark.org: cjc set sender to cristjc@comcast.net using -f Date: Tue, 1 Feb 2005 22:50:06 -0800 From: "Crist J. Clark" To: Chris Cowen Message-ID: <20050202065006.GA14664@goku.cjclark.org> References: <41FA6E06.8040309@wayforth.co.uk> <5a500d3088229b5786cedbe82665ece5@meta-x.org> <41FF8FEA.9050102@wayforth.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <41FF8FEA.9050102@wayforth.co.uk> User-Agent: Mutt/1.4.2.1i X-URL: http://people.freebsd.org/~cjc/ cc: freebsd-net@freebsd.org Subject: Re: racoon behaviour when SA expires X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Crist J. Clark" List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Feb 2005 06:50:49 -0000 On Tue, Feb 01, 2005 at 02:19:22PM +0000, Chris Cowen wrote: > Alex wrote: > >Hi Chris, > > > >SA in IPsec can expire really quick, it depends how often it is required > >for SPD key negotiation. Once SPD is established, the SA will be > >required only when a new tunnel key is needed. Try to put a really low > >delay on both SAD & SPD and turn racoon debug on to see why your SA is > >not renegotiated. > > > > A bit more investigation reveals that the SA is re-established but the > SPD entries at the remote get dropped. This would explain the half duplex > communication I am seeing with tcpdump (ping repsonses get back as far > as the remote racoon machine and the lack of SPD means the machine can't > route the packet back through the tunnel). IIRC, the problem occurs when racoon(8) is set to "create policy" on the fly. What happens is that when the SA gets stale, but before it expires, racoon(8) creates a new SA. But since there is an existing entry in the SPD, a new one is cannot made. When the old SA times out, the its accompanying SPD entry is killed, leaving no SPD entry at all. -- Crist J. Clark | cjclark@alum.mit.edu From owner-freebsd-net@FreeBSD.ORG Wed Feb 2 07:20:51 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B81516A4CE for ; Wed, 2 Feb 2005 07:20:51 +0000 (GMT) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 25DD443D4C for ; Wed, 2 Feb 2005 07:20:51 +0000 (GMT) (envelope-from cristjc@comcast.net) Received: from goku.cjclark.org (c-24-6-187-112.client.comcast.net[24.6.187.112]) by comcast.net (rwcrmhc11) with ESMTP id <2005020207204801300k7sbne>; Wed, 2 Feb 2005 07:20:48 +0000 Received: from goku.cjclark.org (localhost. [127.0.0.1]) by goku.cjclark.org (8.12.11/8.12.8) with ESMTP id j127KZdK017074 for ; Tue, 1 Feb 2005 23:20:36 -0800 (PST) (envelope-from cristjc@comcast.net) Received: (from cjc@localhost) by goku.cjclark.org (8.12.11/8.12.11/Submit) id j127KQgj017073 for net@freebsd.org; Tue, 1 Feb 2005 23:20:26 -0800 (PST) (envelope-from cristjc@comcast.net) X-Authentication-Warning: goku.cjclark.org: cjc set sender to cristjc@comcast.net using -f Date: Tue, 1 Feb 2005 23:20:25 -0800 From: "Crist J. Clark" To: net@freebsd.org Message-ID: <20050202072025.GB14664@goku.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i X-URL: http://people.freebsd.org/~cjc/ Subject: NAT-T Implementation X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Crist J. Clark" List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Feb 2005 07:20:51 -0000 Now that NAT-T has moved on from Internet Draft to RFC, does anyone out there know if anyone is working on an implementation for FAST_IPSEC or KAME? I believe the isakmpd(8) daemon in ports supports it, but AFAIK, the kernel does not. Short of some really ugly divert(4) or netgraph(4) kludges (that is not a totally idle threat either), are we going to see in-kernel support for that anytime soon? Or is this code out there and I just haven't seen it? -- Crist J. Clark | cjclark@alum.mit.edu From owner-freebsd-net@FreeBSD.ORG Wed Feb 2 09:09:40 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8184B16A4CE for ; Wed, 2 Feb 2005 09:09:40 +0000 (GMT) Received: from mizar.origin-it.net (mizar.origin-it.net [194.8.96.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id CB83F43D45 for ; Wed, 2 Feb 2005 09:09:39 +0000 (GMT) (envelope-from helge.oldach@atosorigin.com) Received: from matar.hbg.de.int.atosorigin.com (dehsfw3e.origin-it.net [194.8.96.68])j1299blH037501 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 2 Feb 2005 10:09:38 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: from galaxy.hbg.de.ao-srv.com (galaxy.hbg.de.ao-srv.com [161.89.20.4])ESMTP id j1299b4e034247; Wed, 2 Feb 2005 10:09:37 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: (from hmo@localhost) by galaxy.hbg.de.ao-srv.com (8.9.3p2/8.9.3/hmo30mar03) id KAA17067; Wed, 2 Feb 2005 10:09:36 +0100 (MET) Message-Id: <200502020909.KAA17067@galaxy.hbg.de.ao-srv.com> In-Reply-To: <41FF8FEA.9050102@wayforth.co.uk> from Chris Cowen at "Feb 1, 2005 3:19:22 pm" To: chris@wayforth.co.uk (Chris Cowen) Date: Wed, 2 Feb 2005 10:09:36 +0100 (MET) From: Helge Oldach X-Address: Atos Origin GmbH, Friesenstraße 13, D-20097 Hamburg, Germany X-Phone: +49 40 7886 7464, Fax: +49 40 7886 9464, Mobile: +49 160 4782077 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: racoon behaviour when SA expires X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Feb 2005 09:09:40 -0000 Chris Cowen: >A bit more investigation reveals that the SA is re-established but the >SPD entries at the remote get dropped. This would explain the half duplex >communication I am seeing with tcpdump (ping repsonses get back as far >as the remote racoon machine and the lack of SPD means the machine can't >route the packet back through the tunnel). > >I have tried applying the suggested fix in fbsd4/530, which seems to be >a similar problem, but this doesn't make any difference, unfortunately. The fix in that PR is incomplete. This one works for me: --- isakmp_quick.c.orig Tue Oct 21 09:18:03 2003 +++ isakmp_quick.c Mon Apr 12 19:55:27 2004 @@ -2012,7 +2012,7 @@ /* get inbound policy */ sp_in = getsp_r(&spidx); - if (sp_in == NULL) { + /* if (sp_in == NULL) */ { if (iph2->ph1->rmconf->gen_policy) { plog(LLV_INFO, LOCATION, NULL, "no policy found, " @@ -2027,9 +2027,11 @@ memcpy(iph2->spidx_gen, &spidx, sizeof(spidx)); return -2; /* special value */ } + else if (sp_in == NULL) { plog(LLV_ERROR, LOCATION, NULL, "no policy found: %s\n", spidx2str(&spidx)); return ISAKMP_INTERNAL_ERROR; + } } /* get outbound policy */ Helge From owner-freebsd-net@FreeBSD.ORG Wed Feb 2 11:05:32 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A8C7716A4CE; Wed, 2 Feb 2005 11:05:32 +0000 (GMT) Received: from postfix3-2.free.fr (postfix3-2.free.fr [213.228.0.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1C0D143D31; Wed, 2 Feb 2005 11:05:32 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix3-2.free.fr (Postfix) with ESMTP id EB334C0BA; Wed, 2 Feb 2005 12:05:30 +0100 (CET) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id 425BD407C; Wed, 2 Feb 2005 12:05:11 +0100 (CET) Date: Wed, 2 Feb 2005 12:05:11 +0100 From: Jeremie Le Hen To: Nickolay Kritsky Message-ID: <20050202110511.GN60177@obiwan.tataz.chchile.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.6i cc: freebsd-net@FreeBSD.org cc: andre@FreeBSD.org cc: Jeremie Le Hen Subject: Re: dummynet and vr(4)/egress broken in 4.11 ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Feb 2005 11:05:32 -0000 > Take a look at PRs 61685 and 76539. Hope that helps. Well, I was aware of the first one (I'm doing shaping on my internal interface as a workaround), but not the second one. The second one is very new and this could indeed be the same problem I encountered. It seems that the import of IPFilter 3.4.35 in the middle of 2004 is the source of the problem because when I switch back to 3.4.31 on 4.11, everything works. I Cc'ed andre@ since he had not took over 76539, maybe he's not aware of it. Andre, what can you tell us about the drawbacks of the proposed patches ? I think there must be some as they would have been merged if this was not the case. Are there any change to have this fixed in RELENG_4 ? I know that no more releases are scheduled in this branch, but there is no obvious reason to let a bug live there IMHO. -- Jeremie Le Hen jeremie@le-hen.org From owner-freebsd-net@FreeBSD.ORG Wed Feb 2 12:16:52 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C58216A4CE; Wed, 2 Feb 2005 12:16:52 +0000 (GMT) Received: from mallaury.noc.nerim.net (smtp-103-wednesday.noc.nerim.net [62.4.17.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A48543D1D; Wed, 2 Feb 2005 12:16:51 +0000 (GMT) (envelope-from e-masson@kisoft-services.com) Received: from srvbsdnanssv.interne.kisoft-services.com (kisoft.net1.nerim.net [62.212.107.51]) by mallaury.noc.nerim.net (Postfix) with ESMTP id CD81662D51; Wed, 2 Feb 2005 13:16:47 +0100 (CET) Received: from localhost (localhost [127.0.0.1])C9054C497; Wed, 2 Feb 2005 13:16:45 +0100 (CET) Received: from srvbsdnanssv.interne.kisoft-services.com ([127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02414-01; Wed, 2 Feb 2005 13:16:35 +0100 (CET) Received: by srvbsdnanssv.interne.kisoft-services.com (Postfix, from userid 1001) id 7309FC446; Wed, 2 Feb 2005 13:16:35 +0100 (CET) To: "Crist J. Clark" From: Eric Masson In-Reply-To: <20050202072025.GB14664@goku.cjclark.org> (Crist J. Clark's message of "Tue, 1 Feb 2005 23:20:25 -0800") References: <20050202072025.GB14664@goku.cjclark.org> X-Operating-System: FreeBSD 5.3-STABLE i386 Date: Wed, 02 Feb 2005 13:16:35 +0100 Message-ID: <86d5vjyx5o.fsf@srvbsdnanssv.interne.kisoft-services.com> User-Agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Security Through Obscurity, berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 8bit X-Virus-Scanned: amavisd-new at interne.kisoft-services.com cc: net@freebsd.org Subject: Re: NAT-T Implementation X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Feb 2005 12:16:52 -0000 >>>>> "Crist" == Crist J Clark writes: Hi, Crist> Now that NAT-T has moved on from Internet Draft to RFC, does Crist> anyone out there know if anyone is working on an implementation Crist> for FAST_IPSEC or KAME? I believe the isakmpd(8) daemon in ports Crist> supports it, but AFAIK, the kernel does not. Yvan Vanhullebus is working on patchset for both 4.11 & 5.3, work has been done on USAGI racoon to make it support NAT-T. Don't know if IP rights issues have been solved, if not, official NAT-T support from the project could lead to legal problems. Eric Masson -- J'ai téléchargé des fichiers musiques avec les terminaisons .DOC, .ZIP, SWL, PDF, CLASS, XLS, etc Il parait qu'il existe un logiciel qui permet de les renommer en mp3. Lequel? Comment peut-on résoudre ce problème? -+- in : En avant la musique -+- From owner-freebsd-net@FreeBSD.ORG Wed Feb 2 13:08:40 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 399AC16A4CE; Wed, 2 Feb 2005 13:08:40 +0000 (GMT) Received: from heisenberg.zen.co.uk (heisenberg.zen.co.uk [212.23.3.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id C0C1D43D1D; Wed, 2 Feb 2005 13:08:39 +0000 (GMT) (envelope-from chris@wayforth.co.uk) Received: from [82.69.161.254] (helo=[192.168.168.119]) by heisenberg.zen.co.uk with esmtp (Exim 4.30) id 1CwKFK-0001OV-TT; Wed, 02 Feb 2005 13:08:38 +0000 Message-ID: <4200D0D0.3090308@wayforth.co.uk> Date: Wed, 02 Feb 2005 13:08:32 +0000 From: Chris Cowen User-Agent: Mozilla Thunderbird 0.9 (X11/20041124) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Crist J. Clark" References: <41FA6E06.8040309@wayforth.co.uk> <5a500d3088229b5786cedbe82665ece5@meta-x.org> <41FF8FEA.9050102@wayforth.co.uk> <20050202065006.GA14664@goku.cjclark.org> In-Reply-To: <20050202065006.GA14664@goku.cjclark.org> X-Enigmail-Version: 0.89.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Originating-Heisenberg-IP: [82.69.161.254] cc: freebsd-net@freebsd.org Subject: Re: racoon behaviour when SA expires X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Feb 2005 13:08:40 -0000 > IIRC, the problem occurs when racoon(8) is set to "create policy" on the > fly. What happens is that when the SA gets stale, but before it expires, > racoon(8) creates a new SA. But since there is an existing entry in the > SPD, a new one is cannot made. When the old SA times out, the its > accompanying SPD entry is killed, leaving no SPD entry at all. Yes, that would appear to describe exactly the behaviour we are seeing. Would it be better to turn off policy generation and manually add the SPD entries at the remote end? We have also had one or two other intermittent niggles which would appear to be caused by one or other of the racoon daemons entering a state from which it cannot gracefully recover (i.e. trying to remove something which is no longer there etc). This bears the all hallmarks of a program whose internal state is not explicitly controlled by a FSM, and is this supposition is further supported by the fact that the timing and behaviour appears to be affected by turning on debugging. I do however, like racoon's configuration syntax and the fact we got it up and running very quickly, so we may well come back to racoon again, and try the more comprehensive fix that Helge suggested but in the meantime we are also going to spend a couple of days evaluating OpenS/WAN to see how it compares. Thanks Chris From owner-freebsd-net@FreeBSD.ORG Wed Feb 2 14:55:25 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDDE816A4CE for ; Wed, 2 Feb 2005 14:55:25 +0000 (GMT) Received: from thor-new.fsklaw.com (adsl-64-174-116-34.dsl.lsan03.pacbell.net [64.174.116.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 787C043D2F for ; Wed, 2 Feb 2005 14:55:25 +0000 (GMT) (envelope-from tms3@fsklaw.com) Received: from lildude.fsklaw.net [192.168.62.67] by thor-new.fsklaw.com (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.6.0)); Wed, 2 Feb 2005 06:56:32 -0800 Message-ID: <4200E9BD.1020008@fsklaw.com> Date: Wed, 02 Feb 2005 06:54:53 -0800 From: Tom Skeren User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.2) Gecko/20041103 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tom Farrell References: <000801c508d4$aa7dd770$6501a8c0@neonduron> In-Reply-To: <000801c508d4$aa7dd770$6501a8c0@neonduron> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-ArGoMail-Authenticated: tms3 cc: freebsd-net@freebsd.org Subject: Re: multihome routing help X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Feb 2005 14:55:26 -0000 Tom Farrell wrote: >BSD 5.0 3 Nic cards. > >Card 1 connects to DSL network and assigned route able IP from the > ISP > >Card 2 connects to a private frame-relay network and is assigned > 192.168.66.2/22 directly connected interface is 192.168.66.1/22 > >Card 3 connects lan is assigned 192.168.67.0/24 > >I have enabled Nat & ipfw on card1 and clients on Lan can use the DSL connection perfectly. > >I can source traceroute the directly connected 192.168.66.1 sourcing 192.168.66.2 interface. I cannot source traceroute to 192.168.66.1 when sourcing from 192.168.67.1. > >Based on this it does not appear that forwarding is happening between the two networks, 192.168.66.0/24 & 192.168.67.0/24 ? Seems the only reason that the traffic is passing through is because of the Natd & ipfw divert statments... > > add a static route on the Nat machine. route add 192.168.66.0 192.168.66.1/24 >Can this be done with routing or do I have to use ipfw to forward between both networks? I would prefer just to run the nat & ipfw instance on the DSL interface and run pure routing between the lan interface & the interface which connects to the frame-relay network.. > >thnx in advance > > > >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > From owner-freebsd-net@FreeBSD.ORG Thu Feb 3 04:34:19 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9CCF816A4CE for ; Thu, 3 Feb 2005 04:34:19 +0000 (GMT) Received: from web53303.mail.yahoo.com (web53303.mail.yahoo.com [206.190.39.232]) by mx1.FreeBSD.org (Postfix) with SMTP id 2134B43D1F for ; Thu, 3 Feb 2005 04:34:17 +0000 (GMT) (envelope-from non_secure@yahoo.com) Received: (qmail 64067 invoked by uid 60001); 3 Feb 2005 04:34:16 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=vwmYsSfSQ2WhgGTJUNF3cgMbeCWEa/3jzqXOQ0hndiJ9qRn+Ek25kEdGzPOBod0T2zhVDrKlifsNDidrd+Y+5vQZDTY2//w27/o6Bf/EoX4Ykd7RuRIsFgflSQs6KJetW+1IuYgKlHDxkmtrsR6r/8ylmGB2SLYNtuo57PaTIXg= ; Message-ID: <20050203043416.64065.qmail@web53303.mail.yahoo.com> Received: from [24.9.132.53] by web53303.mail.yahoo.com via HTTP; Wed, 02 Feb 2005 20:34:16 PST Date: Wed, 2 Feb 2005 20:34:16 -0800 (PST) From: Joe Schmoe To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: aggregating a piece of three network connections into one ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Feb 2005 04:34:19 -0000 Hello, I have three totally distinct network connections at my office. We have an ISDN line, a T1, and a DSL connection. I do not need to worry about the particulars of each connection, because I actually have an ethernet drop for each of them - someone else does the routing/csu-dsu/etc. - I just get a usable ethernet drop that supports DHCP (a distinct DHCP service on each port - they aren't related). What I would like to do is build a PC with three network cards in it, connect each card to each of those three network drops, and use 10% of the total bandwidth of each connection - somehow turning that into one single network connection that that PC would use. BUT I do not want some kind of round-robin scheme wherein TCP session X uses the fraction of the ISDN, and TCP session Y uses the fraction of the T1, etc. - I want the end result to be one single connection that behaves just like any other single connection. Is this possible ? Is netgraph one2many the correct mechanism to be looking at ? Basically I want a connection that, at the end, presents itself to the system as one single connection with one single IP, and gives effective bandwidth of (percentage-ISDN) + (percentage-T1) + (percentage-DSL). Thanks. __________________________________ Do you Yahoo!? All your favorites on one personal page – Try My Yahoo! http://my.yahoo.com From owner-freebsd-net@FreeBSD.ORG Thu Feb 3 09:52:07 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE30A16A4CE for ; Thu, 3 Feb 2005 09:52:07 +0000 (GMT) Received: from smtp.openaccess.org (smtp.openaccess.org [216.57.214.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8A8EC43D2F for ; Thu, 3 Feb 2005 09:52:07 +0000 (GMT) (envelope-from michael@staff.openaccess.org) Received: from [216.57.214.90] (unknown [216.57.214.90]) by smtp.openaccess.org (Postfix) with ESMTP id C64B84147 for ; Thu, 3 Feb 2005 01:52:05 -0800 (PST) Mime-Version: 1.0 (Apple Message framework v619.2) Content-Transfer-Encoding: 7bit Message-Id: Content-Type: text/plain; charset=US-ASCII; format=flowed To: freebsd-net@FreeBSD.org From: Michael DeMan Date: Thu, 3 Feb 2005 01:52:04 -0800 X-Mailer: Apple Mail (2.619.2) Subject: MIBs X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Feb 2005 09:52:07 -0000 Hey, Probably a dumb question, but are their any MIBs or any kind of SNMP support for jail environments on BSD 5.3? Thanks, - mike Michael F. DeMan Director of Technology OpenAccess Network Services Bellingham, WA 98225 michael@staff.openaccess.org 360-647-0785 From owner-freebsd-net@FreeBSD.ORG Thu Feb 3 11:57:48 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F1EE16A4CE for ; Thu, 3 Feb 2005 11:57:48 +0000 (GMT) Received: from web60404.mail.yahoo.com (web60404.mail.yahoo.com [216.109.118.187]) by mx1.FreeBSD.org (Postfix) with SMTP id C9AE443D46 for ; Thu, 3 Feb 2005 11:57:47 +0000 (GMT) (envelope-from hexploder@yahoo.it) Received: (qmail 4155 invoked by uid 60001); 3 Feb 2005 11:57:47 -0000 Message-ID: <20050203115747.4153.qmail@web60404.mail.yahoo.com> Received: from [217.199.28.249] by web60404.mail.yahoo.com via HTTP; Thu, 03 Feb 2005 12:57:46 CET Date: Thu, 3 Feb 2005 12:57:46 +0100 (CET) From: hexplodr To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: mount_smbfs: strange behavior X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Feb 2005 11:57:48 -0000 FreeBSD 5.3-RELEASE #0 (i386) Hi all! strange problem with mount_smbfs command, happens when I try to connect to a FreeBSD server with samba 3.0.7. I create a file in the shared directory, then I'm not able anymore to delete it till I close the session and re-mount the shared dir. # mount_smbfs //myuser@samba/share /mnt # echo Hello > /mnt/file # ls /mnt/file /mnt/file # rm /mnt/file remove /mnt/file? y rm: /mnt/file: Operation not permitted # umount /mnt umount: unmount of /mnt failed: Device busy # +D and logon again # umount /mnt # mount_smbfs //myuser@samba/share /mnt # rm /mnt/file remove /mnt/file? y # ls /mnt/file No such file or directory Do you have suggestions to find and correct the problem? Thanks! ___________________________________ Nuovo Yahoo! Messenger: E' molto più divertente: Audibles, Avatar, Webcam, Giochi, Rubrica… Scaricalo ora! http://it.messenger.yahoo.it From owner-freebsd-net@FreeBSD.ORG Thu Feb 3 14:22:28 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D27816A4CE for ; Thu, 3 Feb 2005 14:22:28 +0000 (GMT) Received: from web60408.mail.yahoo.com (web60408.mail.yahoo.com [216.109.118.191]) by mx1.FreeBSD.org (Postfix) with SMTP id 8608E43D39 for ; Thu, 3 Feb 2005 14:22:27 +0000 (GMT) (envelope-from hexploder@yahoo.it) Received: (qmail 83631 invoked by uid 60001); 3 Feb 2005 14:22:26 -0000 Message-ID: <20050203142226.83629.qmail@web60408.mail.yahoo.com> Received: from [217.199.28.249] by web60408.mail.yahoo.com via HTTP; Thu, 03 Feb 2005 15:22:26 CET Date: Thu, 3 Feb 2005 15:22:26 +0100 (CET) From: hexplodr To: freebsdnet MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: mount_smbfs: strange behavior X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Feb 2005 14:22:28 -0000 Thanks Thomas. Did you try that with the 5.3kernel? in /var/log/dmesg.today I found: smb_maperror: Unmapped error 1:158 Trying a grep in /usr/src/sys/netsmb I found: /usr/src/sys/netsmb/smb_rq.c: rperror = smb_maperror(rqp->sr_errclass, rqp->sr_serror); smb_maperror defined in: /usr/src/sys/netsmb/smb_subr.c: smb_maperror(int eclass, int eno); smb_subr.c, line 317: SMBERROR("Unmapped error %d:%d\n", eclass, eno); return EBADRPC; The error is mapped eclass:1 eno:158; eclass:1 means eclass=ERRDOS from smb.h: #define ERRDOS 0x01 Now my abilities can't go further without an help :-( ___________________________________ Nuovo Yahoo! Messenger: E' molto più divertente: Audibles, Avatar, Webcam, Giochi, Rubrica… Scaricalo ora! http://it.messenger.yahoo.it From owner-freebsd-net@FreeBSD.ORG Thu Feb 3 17:18:10 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 56B7F16A4CF for ; Thu, 3 Feb 2005 17:18:10 +0000 (GMT) Received: from phoenix.gargantuan.com (phoenix.gargantuan.com [24.73.171.238]) by mx1.FreeBSD.org (Postfix) with ESMTP id E7F0C43D41 for ; Thu, 3 Feb 2005 17:18:09 +0000 (GMT) (envelope-from michael@gargantuan.com) Received: from localhost (localhost.gargantuan.com [127.0.0.1]) by spamassassin-injector (Postfix) with SMTP id 1D1944CB for ; Thu, 3 Feb 2005 12:18:09 -0500 (EST) Received: by phoenix.gargantuan.com (Postfix, from userid 1001) id 27833133; Thu, 3 Feb 2005 12:18:05 -0500 (EST) Date: Thu, 3 Feb 2005 12:18:05 -0500 From: "Michael W. Oliver" To: freebsd-net@freebsd.org Message-ID: <20050203171805.GA83416@gargantuan.com> Mail-Followup-To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="HcAYCG3uE/tztfnV" Content-Disposition: inline X-WWW-URL: http://michael.gargantuan.com X-GPG-PGP-Public-Key: $X-WWW-URL/gnupg/pubkey.asc X-GPG-PGP-Fingerprint: 2694 0179 AE3F BFAE 0916 0BF5 B16B FBAB C5FA A3C9 X-Home-Phone: +1-863-816-8091 X-Mobile-Phone: +1-863-738-2334 X-Mailing-Address0: 8008 Apache Lane X-Mailing-Address1: Lakeland, FL X-Mailing-Address2: 33810-2172 X-Mailing-Address3: United States of America X-Guide-Questions: http://www.catb.org/~esr/faqs/smart-questions.html X-Guide-Netiquette: http://www.ietf.org/rfc/rfc1855.txt User-Agent: Mutt/1.5.6i X-Spam-DCC: sonic.net: phoenix.gargantuan.com 1156; Body=1 Fuz1=1 Fuz2=1 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on phoenix.gargantuan.com X-Spam-Level: X-Spam-Status: No, score=-105.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, USER_IN_WHITELIST autolearn=ham version=3.0.2 X-Spam-Pyzor: Reported 0 times. Subject: quad port fast ethernet card recommendations X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Feb 2005 17:18:10 -0000 --HcAYCG3uE/tztfnV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable subject sums it up. will be used in small firewall boxes with WAN, LAN, DMZ, and WLAN (via x-over to AP) connections. older hardware, so please, no fancy super-duper mega-bandwidth PCI cards that I won't have slots for. I only have one PCI slot to play with, else I would use single-port cards. the case is kinda small, too, so I don't think that full-length cards will fit. Yeah, I know... not asking for much. :) what do you recommend? --=20 Mike Oliver [see complete headers for contact information] --HcAYCG3uE/tztfnV Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCAlzNsWv7q8X6o8kRAgaRAJ9Sk/IKMyYY8PxU9QD9nTYyK5D6hgCfeuBh rnO4y7m8WWd4b4KCMsQStBY= =C4KP -----END PGP SIGNATURE----- --HcAYCG3uE/tztfnV-- From owner-freebsd-net@FreeBSD.ORG Thu Feb 3 18:01:08 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4522E16A4CE for ; Thu, 3 Feb 2005 18:01:08 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5FFDA43D3F for ; Thu, 3 Feb 2005 18:01:06 +0000 (GMT) (envelope-from jsimola@gmail.com) Received: by wproxy.gmail.com with SMTP id 58so272002wri for ; Thu, 03 Feb 2005 10:01:05 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=R5FWDesy4jo+QC4sihYQTWfYpZsNAfs1S/fdk2VWg2feSY0DF71satkwSMtNVU+thmu/UkHAMPrFLsaQGy1XrkGqlTaF0wpvKxnTJBcELwCefuZx9yIV/go/dySZ0JbggXovnEC2A8uku7KvHYrp5rrkAPHjK9W2QIY2fdPv1kU= Received: by 10.54.28.63 with SMTP id b63mr51732wrb; Thu, 03 Feb 2005 09:54:24 -0800 (PST) Received: by 10.54.39.34 with HTTP; Thu, 3 Feb 2005 09:53:54 -0800 (PST) Message-ID: <8eea0408050203095376da2a8f@mail.gmail.com> Date: Thu, 3 Feb 2005 09:53:54 -0800 From: Jon Simola To: freebsd-net@freebsd.org In-Reply-To: <20050203171805.GA83416@gargantuan.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <20050203171805.GA83416@gargantuan.com> Subject: Re: quad port fast ethernet card recommendations X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jon@abccomm.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Feb 2005 18:01:08 -0000 On Thu, 3 Feb 2005 12:18:05 -0500, Michael W. Oliver wrote: > subject sums it up. will be used in small firewall boxes with WAN, LAN, > DMZ, and WLAN (via x-over to AP) connections. older hardware, so > please, no fancy super-duper mega-bandwidth PCI cards that I won't have > slots for. I only have one PCI slot to play with, else I would use > single-port cards. the case is kinda small, too, so I don't think that > full-length cards will fit. Yeah, I know... not asking for much. :) > > what do you recommend? Not a recommendation: D-Link DFE-580TX For $100CAD, it's a quad ste() card and didn't wow me with performace. I ran into a few issues related to trying to burst 30Mbps over it's PCI bridge and the motherboard's PCI bridge (which I know is pushing a standard PCI implementation). My next suggestion (haven't actually used one but have heard great things about them) for a plain, functional quad NIC would be Soekris Engineering's lan1641, for $89USD http://www.soekris.com/ You may even want to investigate their boards, I've been eyeing the 4801 + 1621 bundle for $309USD, which gets you 5 ethernet interfaces on a bootable board in a case. From owner-freebsd-net@FreeBSD.ORG Thu Feb 3 18:21:23 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CDB1816A4CF for ; Thu, 3 Feb 2005 18:21:23 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2DFBB43D1D for ; Thu, 3 Feb 2005 18:21:23 +0000 (GMT) (envelope-from jsimola@gmail.com) Received: by wproxy.gmail.com with SMTP id 58so276807wri for ; Thu, 03 Feb 2005 10:21:19 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=MHKaUKzUmIxCtQldnmBKpab0qwj6nItY9IZtXtjyZePiTeBQXS8kN86YM7w8InQg0aijvEF862Ww/pk6NddZfT1USD6nMuXd63BkkUmlI2G6sgz2PU5iEs+Am3wAblf/kMiYv+Zs7SRF0ilpuynnY5Ap3Vnr3ixb1hUpVTGC33M= Received: by 10.54.42.9 with SMTP id p9mr127903wrp; Thu, 03 Feb 2005 09:54:39 -0800 (PST) Received: by 10.54.39.34 with HTTP; Thu, 3 Feb 2005 09:53:54 -0800 (PST) Message-ID: <8eea0408050203095376da2a8f@mail.gmail.com> Date: Thu, 3 Feb 2005 09:53:54 -0800 From: Jon Simola To: freebsd-net@freebsd.org In-Reply-To: <20050203171805.GA83416@gargantuan.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <20050203171805.GA83416@gargantuan.com> Subject: Re: quad port fast ethernet card recommendations X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jon@abccomm.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Feb 2005 18:21:23 -0000 On Thu, 3 Feb 2005 12:18:05 -0500, Michael W. Oliver wrote: > subject sums it up. will be used in small firewall boxes with WAN, LAN, > DMZ, and WLAN (via x-over to AP) connections. older hardware, so > please, no fancy super-duper mega-bandwidth PCI cards that I won't have > slots for. I only have one PCI slot to play with, else I would use > single-port cards. the case is kinda small, too, so I don't think that > full-length cards will fit. Yeah, I know... not asking for much. :) > > what do you recommend? Not a recommendation: D-Link DFE-580TX For $100CAD, it's a quad ste() card and didn't wow me with performace. I ran into a few issues related to trying to burst 30Mbps over it's PCI bridge and the motherboard's PCI bridge (which I know is pushing a standard PCI implementation). My next suggestion (haven't actually used one but have heard great things about them) for a plain, functional quad NIC would be Soekris Engineering's lan1641, for $89USD http://www.soekris.com/ You may even want to investigate their boards, I've been eyeing the 4801 + 1621 bundle for $309USD, which gets you 5 ethernet interfaces on a bootable board in a case. From owner-freebsd-net@FreeBSD.ORG Thu Feb 3 23:34:26 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 07E5916A4CE for ; Thu, 3 Feb 2005 23:34:25 +0000 (GMT) Received: from lariat.org (lariat.net [65.122.236.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4564343D41 for ; Thu, 3 Feb 2005 23:34:25 +0000 (GMT) (envelope-from brett@lariat.org) Received: from runaround.lariat.org (cache.lariat.net [65.122.236.253]) by lariat.org (8.9.3/8.9.3) with ESMTP id QAA03670 for ; Thu, 3 Feb 2005 16:34:22 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <6.2.1.2.2.20050203162558.086feaa8@localhost> X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2 Date: Thu, 03 Feb 2005 16:33:48 -0700 To: net@freebsd.org From: Brett Glass Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: Does the Cisco PIX have an equivalent of the IPFW "fwd" action? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Feb 2005 23:34:26 -0000 I'm setting up a FreeBSD transparent Web proxy for a client which has an old (vintage 1998) Cisco PIX firewall router. I know how to make the proxy accept packets forwarded to it (even though the destination IP addresses of those packets will not be that of the proxy machine itself) and do transparent caching. However, to complete the puzzle, I need to make the client's PIX firewall forward outbound packets destined for port 80 (regardless of IP address) to the proxy. I can't seen to find the magic incantation in Cisco's online docs. Does anyone here know the Cisco equivalent of the IPFW "fwd" action, (which changes the "next hop" MAC address of a packet if it meets the criteria specified in a rule) and how to write a rule for the PIX to forward the packets? Help would be much appreciated. --Brett Glass From owner-freebsd-net@FreeBSD.ORG Fri Feb 4 07:14:20 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7429F16A4CE for ; Fri, 4 Feb 2005 07:14:20 +0000 (GMT) Received: from mail.astra-sw.com (mail.astra-sw.com [82.140.87.237]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4BD4343D49 for ; Fri, 4 Feb 2005 07:14:19 +0000 (GMT) (envelope-from Nickolay.Kritsky@astra-sw.com) Received: from exchange.stardevelopers4msi.com ([192.168.64.10]) by mail.astra-sw.com (8.12.11/8.12.11) with ESMTP id j147EDC3042413 for ; Fri, 4 Feb 2005 10:14:14 +0300 (MSK) X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable Date: Fri, 4 Feb 2005 10:16:31 +0300 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Does the Cisco PIX have an equivalent of the IPFW "fwd" action? thread-index: AcUKSUceR/vWxqFXRaWxcg2HiQf8sgAPr6pw From: "Nickolay Kritsky" To: "Brett Glass" , Subject: RE: Does the Cisco PIX have an equivalent of the IPFW "fwd" action? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Feb 2005 07:14:20 -0000 Brett, I do not think that PIX has an equivalent of ipfw 'fwd' command. = The fastest way, IMHO would be just set up your transparent web proxy as = a default gateway for PIX. You can also try policy routing as described = in this Usenet article: = http://groups-beta.google.com/group/comp.dcom.sys.cisco/browse_frm/thread= /e131e32e97e4566/ee37814ac6c6c658?q=3Dpix+transparent&_done=3D%2Fgroups%3= Fq%3Dpix+transparent%26hl%3Den%26lr%3D%26sa%3DN%26tab%3Dwg%26&_doneTitle=3D= Back+to+Search&&d#ee37814ac6c6c658 But I wouldn't try this if I were you. PIX is not IOS, and AFAIK it was = not designed for complex network solutions. Firewall - yes. Filtering, = security features, advanced VPN support - yes. But not routing tricks. Hope that helps Nick -----Original Message----- From: Brett Glass [mailto:brett@lariat.org] Sent: Friday, February 04, 2005 2:34 AM To: net@freebsd.org Subject: Does the Cisco PIX have an equivalent of the IPFW "fwd" action? I'm setting up a FreeBSD transparent Web proxy for a client which has an = old=20 (vintage 1998) Cisco PIX firewall router. I know how to make the proxy = accept=20 packets forwarded to it (even though the destination IP addresses of = those packets will not be that of the proxy machine itself) and do transparent = caching.=20 However, to complete the puzzle, I need to make the client's PIX = firewall forward=20 outbound packets destined for port 80 (regardless of IP address) to the = proxy. I=20 can't seen to find the magic incantation in Cisco's online docs. Does = anyone here=20 know the Cisco equivalent of the IPFW "fwd" action, (which changes the = "next hop"=20 MAC address of a packet if it meets the criteria specified in a rule) = and how to=20 write a rule for the PIX to forward the packets? Help would be much = appreciated. --Brett Glass _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Fri Feb 4 10:53:50 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8225A16A4CE for ; Fri, 4 Feb 2005 10:53:50 +0000 (GMT) Received: from lariat.org (lariat.net [65.122.236.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 785BD43D41 for ; Fri, 4 Feb 2005 10:53:49 +0000 (GMT) (envelope-from brett@lariat.org) Received: from runaround.lariat.org (IDENT:ppp1000.lariat.org@lariat.net [65.122.236.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id DAA09063; Fri, 4 Feb 2005 03:53:33 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <6.2.1.2.2.20050204035223.08592710@localhost> X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2 Date: Fri, 04 Feb 2005 03:53:31 -0700 To: "Nickolay Kritsky" , From: Brett Glass In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: Does the Cisco PIX have an equivalent of the IPFW "fwd" action? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Feb 2005 10:53:50 -0000 The PIX is already doing NAT, so I'd have to put a NAT router in front of another NAT router (how inefficient!) to do that. But it might well be the only option if the PIX is that limited. --Brett At 12:16 AM 2/4/2005, Nickolay Kritsky wrote: >Brett, I do not think that PIX has an equivalent of ipfw 'fwd' command. The fastest way, IMHO would be just set up your transparent web proxy as a default gateway for PIX. You can also try policy routing as described in this Usenet article: http://groups-beta.google.com/group/comp.dcom.sys.cisco/browse_frm/thread/e131e32e97e4566/ee37814ac6c6c658?q=pix+transparent&_done=%2Fgroups%3Fq%3Dpix+transparent%26hl%3Den%26lr%3D%26sa%3DN%26tab%3Dwg%26&_doneTitle=Back+to+Search&&d#ee37814ac6c6c658 > >But I wouldn't try this if I were you. PIX is not IOS, and AFAIK it was not designed for complex network solutions. Firewall - yes. Filtering, security features, advanced VPN support - yes. But not routing tricks. >Hope that helps > >Nick > >-----Original Message----- >From: Brett Glass [mailto:brett@lariat.org] >Sent: Friday, February 04, 2005 2:34 AM >To: net@freebsd.org >Subject: Does the Cisco PIX have an equivalent of the IPFW "fwd" action? > > >I'm setting up a FreeBSD transparent Web proxy for a client which has an old >(vintage 1998) Cisco PIX firewall router. I know how to make the proxy accept >packets forwarded to it (even though the destination IP addresses of those >packets will not be that of the proxy machine itself) and do transparent caching. >However, to complete the puzzle, I need to make the client's PIX firewall forward >outbound packets destined for port 80 (regardless of IP address) to the proxy. I >can't seen to find the magic incantation in Cisco's online docs. Does anyone here >know the Cisco equivalent of the IPFW "fwd" action, (which changes the "next hop" >MAC address of a packet if it meets the criteria specified in a rule) and how to >write a rule for the PIX to forward the packets? Help would be much appreciated. > >--Brett Glass > >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Fri Feb 4 17:03:27 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CAB9716A4CE for ; Fri, 4 Feb 2005 17:03:27 +0000 (GMT) Received: from magellan.palisadesys.com (magellan.palisadesys.com [192.188.162.211]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6D11B43D58 for ; Fri, 4 Feb 2005 17:03:27 +0000 (GMT) (envelope-from ghelmer@palisadesys.com) Received: from [172.16.1.108] (cetus.palisadesys.com [192.188.162.7]) (authenticated bits=0)j14H3NXR012656 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 4 Feb 2005 11:03:24 -0600 (CST) (envelope-from ghelmer@palisadesys.com) Message-ID: <4203AAE3.4090906@palisadesys.com> Date: Fri, 04 Feb 2005 11:03:31 -0600 From: Guy Helmer User-Agent: Mozilla Thunderbird 1.0RC1 (Windows/20041201) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Palisade-MailScanner-Information: Please contact the ISP for more information X-Palisade-MailScanner: Found to be clean X-MailScanner-From: ghelmer@palisadesys.com Subject: Netgraph performance question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Feb 2005 17:03:27 -0000 A while back, Maxim Konovalov made a commit to usr.sbin/ngctl/main.c to increase its socket receive buffer size to help 'ngctl list' deal with a big number of nodes, and Ruslan Ermilov responded that setting sysctls net.graph.recvspace=200000 and net.graph.maxdgram=200000 was a good idea on a system with a large number of nodes. I'm getting what I consider to be sub-par performance under FreeBSD 5.3 from a userland program using ngsockets connected into ng_tee to play with packets that are traversing a ng_bridge, and I finally have an opportunity to look into this. I say "sub-par" because when we've tested this configuration using three 2.8GHz Xeon machines with Gigabit Ethernet interfaces at 1000Mbps full-duplex, we obtained peak performance of a single TCP stream of about 12MB/sec through the bridging machine as measured by NetPIPE and netperf. I'm wondering if bumping the recvspace should help, if changing the ngsocket hook to queue incoming data should help, if it would be best to replace ngsocket with a memory-mapped interface, or if anyone has any other ideas that would help performance. Thanks in advance for any advice, Guy Helmer -- Guy Helmer, Ph.D. Principal System Architect Palisade Systems, Inc. From owner-freebsd-net@FreeBSD.ORG Fri Feb 4 19:31:00 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B9BDF16A4CE for ; Fri, 4 Feb 2005 19:31:00 +0000 (GMT) Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6441A43D39 for ; Fri, 4 Feb 2005 19:30:59 +0000 (GMT) (envelope-from julian@elischer.org) Received: from elischer.org (julian.vicor-nb.com [208.206.78.97]) by mail.vicor-nb.com (Postfix) with ESMTP id 248207A41E; Fri, 4 Feb 2005 11:30:59 -0800 (PST) Message-ID: <4203CD73.2070603@elischer.org> Date: Fri, 04 Feb 2005 11:30:59 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3.1) Gecko/20030516 X-Accept-Language: en, hu MIME-Version: 1.0 To: Joe Schmoe References: <20050204011641.81820.qmail@web53309.mail.yahoo.com> In-Reply-To: <20050204011641.81820.qmail@web53309.mail.yahoo.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: aggregating a bit of three different network connections into one ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Feb 2005 19:31:00 -0000 Joe Schmoe wrote: >Hello, > >I have three totally distinct network connections at >my office. We have an ISDN line, a T1, and a DSL >connection. I do not need to worry about the >particulars of each connection, because I actually >have an ethernet drop for each of them - someone else >does the routing/csu-dsu/etc. - I just get a usable >ethernet drop that supports DHCP (a distinct DHCP >service on each port - they aren't related). > >I _also_ have a FreeBSD server sitting in a datacenter >many miles away, with its own single, dedicated >network connection out to the real world. > >What I would like to do is build a PC with three >network cards in it, connect each card to each of >those three network drops, and use 10% of the total >bandwidth of each connection - somehow turning that >into one single network connection that that PC would >use. > >BUT I do not want some kind of round-robin scheme >wherein TCP session X uses the fraction of the ISDN, >and TCP session Y uses the fraction of the T1, etc. - >I want the end result to be one single connection that >behaves just like any other single connection. > >What I want is to create a virtual tunnel from this PC >to the server in the datacenter - so all packets from >the PC go out, equally, on the three disparate >connections, and they all are pointed to the hosted >server. The hosted server then pieces everything back >together and creates useful connections to the outside >internet, which it then passes back over the three-way >tunnel to the PC. > > > /--- 10% of this connection ---\ >PC----- 10% of this connection ---- server -> Internet > \---- 10% of this connection ---/ > >Is this possible ? > >Is netgraph one2many the correct mechanism to be >looking at ? > >Basically I want a connection that, at the end, >presents itself to the system as one single connection >with one single IP, and gives effective bandwidth of >(percentage-ISDN) + (percentage-T1) + >(percentage-DSL). > I do this.. thoug with only 2 connections. BTW you probably don't need 3 interfaces... the 3 nets can coexist on one ethernet segment if yuo are careful. I use mpd (from ports) Mpd allows you to use udp sockets as a link layer connection in a multilink bundle. In your case I would make 3 sockets and bind each to an address on a different ISP's range. Then make the remote end of each be a udp address on your server. Make a multilink bundle with 3 link layer connections and each of your UDP link connections is one of them.. then do NOT turn on roundrobin. Do the inverse on your server. Packets to your server's real address must still go to the interfaces as the UDP pacakets need that, but you should be able to set up a 10.x.x.x address on the server as well, that you can route to via the vpn you are setting up. Use ipfw dummynet on the udp packets to limit the throughput for each link. you should also set the capacity for each link in mpd to the correct value so that mpd can assign the correct amount of work to each link. For extra points, encrypt the UDP packets with ipsec with racoon doing key exchange. here are somethign that looks lile my mpd setups (IP addreses obscured etc.) %cat mpd.links site1-ISP1: set link type udp set udp self xx.xx.ab.cd 4029 set udp peer xx.xx.ef.gh 4029 site1-ISP2: set link type udp set udp self yy.yy.ij.kl 4029 set udp peer yy.yy.mn.op 4029 site2-ISP1: set link type udp set udp self xx.xx.ab.cd 4028 set udp peer xx.xx.qr.st 4028 site2-ISP2: set link type udp set udp self yy.yy.ij.kl 4028 set udp peer yy.yy.uv.wx 4028 %cat mpd.conf default: set login ConsoleLogin log -console load vpn-site1 load vpn-site2 vpn_standard: set iface disable on-demand set iface idle 0 set iface mtu 1500 set ipcp yes vjcomp set bundle enable multilink # set bundle enable round-robin tun_standard: set link yes acfcomp protocomp set link no pap set link no chap set link keep-alive 2 15 set link mru 900 set link mtu 900 # set link bandwidth 1440000 ############### per-link settings ################# vpn-site1: new -i ng0 vpn-site1 site1-ISP1 site1-ISP2 set iface addrs 10.12.1.24 10.12.1.10 set iface route 192.168.10.0/24 set ipcp ranges 10.12.1.24/32 10.12.1.10/32 load vpn_standard link site1-ISP1 load tun_standard # set bandwidth 64000 link site1-ISP2 load tun_standard # set bandwidth 720000 open vpn-site2: new -i ng1 vpn-site2 site2-ISP1 site2-ISP2 set iface addrs 10.12.1.24 10.12.1.20 set iface route 192.168.20.0/24 set ipcp ranges 10.12.1.24/32 10.12.1.20/32 load vpn_standard link site2-ISP1 load tun_standard # set bandwidth 64000 link site2-ISP2 load tun_standard # set bandwidth 720000 open These config files define links to 2 such machines at site1 and site2. each machine is actually a gateway to an entire network with a number of 192.168.10.x or 192.168.20.x if you are only doing one machine, and it is not a gateway to an entire machine, then teh following simplified config would do: %cat mpd.links site1-ISP1: set link type udp set udp self xx.xx.ab.cd 4029 set udp peer xx.xx.ef.gh 4029 site1-ISP2: set link type udp set udp self yy.yy.ij.kl 4029 set udp peer yy.yy.mn.op 4029 %cat mpd.conf default: set login ConsoleLogin log -console load vpn-site1 vpn_standard: set iface disable on-demand set iface idle 0 set iface mtu 1500 set ipcp yes vjcomp set bundle enable multilink # set bundle enable round-robin tun_standard: set link yes acfcomp protocomp set link no pap set link no chap set link keep-alive 2 15 set link mru 900 set link mtu 900 ############### per-link settings ################# vpn-site1: new -i ng0 vpn-site1 site1-ISP1 site1-ISP2 set iface addrs 10.12.1.24 10.12.1.10 set ipcp ranges 10.12.1.24/32 10.12.1.10/32 load vpn_standard link site1-ISP1 load tun_standard # set bandwidth 64000 link site1-ISP2 load tun_standard # set bandwidth 720000 open Note the bandwidth commands are commented out. on some versions of mpd they caused a segv.in mpd. the remote site has the complementary config files.. >Thanks. > > > > >__________________________________ >Do you Yahoo!? >Take Yahoo! Mail with you! Get it on your mobile phone. >http://mobile.yahoo.com/maildemo >_______________________________________________ >freebsd-hackers@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-hackers >To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Fri Feb 4 20:48:07 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BCF0E16A4CE for ; Fri, 4 Feb 2005 20:48:07 +0000 (GMT) Received: from tigra.ip.net.ua (tigra.ip.net.ua [82.193.96.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id D9D4543D1F for ; Fri, 4 Feb 2005 20:48:06 +0000 (GMT) (envelope-from ru@ip.net.ua) Received: from localhost (rocky.ip.net.ua [82.193.96.2]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id j14Km5Mr045283; Fri, 4 Feb 2005 22:48:05 +0200 (EET) (envelope-from ru@ip.net.ua) Received: from tigra.ip.net.ua ([82.193.96.10]) by localhost (rocky.ipnet [82.193.96.2]) (amavisd-new, port 10024) with LMTP id 13080-15; Fri, 4 Feb 2005 22:48:04 +0200 (EET) Received: from heffalump.ip.net.ua (heffalump.ip.net.ua [82.193.96.213]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id j14Km4vC045280 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 4 Feb 2005 22:48:04 +0200 (EET) (envelope-from ru@ip.net.ua) Received: (from ru@localhost) by heffalump.ip.net.ua (8.13.1/8.13.1) id j14Km4BU033901; Fri, 4 Feb 2005 22:48:04 +0200 (EET) (envelope-from ru) Date: Fri, 4 Feb 2005 22:48:04 +0200 From: Ruslan Ermilov To: Guy Helmer Message-ID: <20050204204804.GC71363@ip.net.ua> References: <4203AAE3.4090906@palisadesys.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="JgQwtEuHJzHdouWu" Content-Disposition: inline In-Reply-To: <4203AAE3.4090906@palisadesys.com> User-Agent: Mutt/1.5.6i X-Virus-Scanned: by amavisd-new at ip.net.ua cc: freebsd-net@FreeBSD.org Subject: Re: Netgraph performance question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Feb 2005 20:48:07 -0000 --JgQwtEuHJzHdouWu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Guy, On Fri, Feb 04, 2005 at 11:03:31AM -0600, Guy Helmer wrote: > A while back, Maxim Konovalov made a commit to usr.sbin/ngctl/main.c to= =20 > increase its socket receive buffer size to help 'ngctl list' deal with a= =20 > big number of nodes, and Ruslan Ermilov responded that setting sysctls=20 > net.graph.recvspace=3D200000 and net.graph.maxdgram=3D200000 was a good i= dea=20 > on a system with a large number of nodes. >=20 > I'm getting what I consider to be sub-par performance under FreeBSD 5.3= =20 > from a userland program using ngsockets connected into ng_tee to play=20 > with packets that are traversing a ng_bridge, and I finally have an=20 > opportunity to look into this. I say "sub-par" because when we've=20 > tested this configuration using three 2.8GHz Xeon machines with Gigabit= =20 > Ethernet interfaces at 1000Mbps full-duplex, we obtained peak=20 > performance of a single TCP stream of about 12MB/sec through the=20 > bridging machine as measured by NetPIPE and netperf. >=20 The bottleneck must be in ng_tee(4) -- the latter uses m_dup(9) when a duplicate is needed, which is very expensive as it has to create a writable copy of the entire mbuf chain (the original chain is DMA'ed into the host memory by the network card). > I'm wondering if bumping the recvspace should help, if changing the=20 > ngsocket hook to queue incoming data should help, if it would be best to= =20 > replace ngsocket with a memory-mapped interface, or if anyone has any=20 > other ideas that would help performance. >=20 If you absolutely need to see *all* GigE traffic in userland, then it's going to be troublesome. If not, filter it with ng_bpf(4). Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --JgQwtEuHJzHdouWu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFCA9+EqRfpzJluFF4RAsT/AJ9iyLMh/ktOtfb8Ko1qt/ApT0oFBQCgiwAZ hoJcv9Tew4LbQtX3zaMdVBo= =q5r3 -----END PGP SIGNATURE----- --JgQwtEuHJzHdouWu-- From owner-freebsd-net@FreeBSD.ORG Fri Feb 4 21:43:39 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D7F716A4CE; Fri, 4 Feb 2005 21:43:39 +0000 (GMT) Received: from magellan.palisadesys.com (magellan.palisadesys.com [192.188.162.211]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA9A443D49; Fri, 4 Feb 2005 21:43:38 +0000 (GMT) (envelope-from ghelmer@palisadesys.com) Received: from [192.168.0.101] (63-227-65-16.desm.qwest.net [63.227.65.16]) (authenticated bits=0)j14LhaaA018216 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 4 Feb 2005 15:43:36 -0600 (CST) (envelope-from ghelmer@palisadesys.com) Message-ID: <4203EC87.3070504@palisadesys.com> Date: Fri, 04 Feb 2005 15:43:35 -0600 From: Guy Helmer User-Agent: Mozilla Thunderbird 1.0RC1 (Windows/20041201) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ruslan Ermilov References: <4203AAE3.4090906@palisadesys.com> <20050204204804.GC71363@ip.net.ua> In-Reply-To: <20050204204804.GC71363@ip.net.ua> X-Palisade-MailScanner-Information: Please contact the ISP for more information X-Palisade-MailScanner: Found to be clean X-MailScanner-From: ghelmer@palisadesys.com Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: freebsd-net@FreeBSD.org Subject: Re: Netgraph performance question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Feb 2005 21:43:39 -0000 Ruslan Ermilov wrote: >Hi Guy, > >On Fri, Feb 04, 2005 at 11:03:31AM -0600, Guy Helmer wrote: > > >>A while back, Maxim Konovalov made a commit to usr.sbin/ngctl/main.c to >>increase its socket receive buffer size to help 'ngctl list' deal with a >>big number of nodes, and Ruslan Ermilov responded that setting sysctls >>net.graph.recvspace=200000 and net.graph.maxdgram=200000 was a good idea >>on a system with a large number of nodes. >> >>I'm getting what I consider to be sub-par performance under FreeBSD 5.3 >>from a userland program using ngsockets connected into ng_tee to play >>with packets that are traversing a ng_bridge, and I finally have an >>opportunity to look into this. I say "sub-par" because when we've >>tested this configuration using three 2.8GHz Xeon machines with Gigabit >>Ethernet interfaces at 1000Mbps full-duplex, we obtained peak >>performance of a single TCP stream of about 12MB/sec through the >>bridging machine as measured by NetPIPE and netperf. >> >The bottleneck must be in ng_tee(4) -- the latter uses m_dup(9) when >a duplicate is needed, which is very expensive as it has to create a >writable copy of the entire mbuf chain (the original chain is DMA'ed >into the host memory by the network card). > > I'm sorry, I mis-wrote. My ng_tee is actually modified to only passes packets to the r2l/l2r hooks if they are connected, otherwise packets are passed directly to the left/right hooks (so it's an optional divert), so there is no m_dup anymore in my modified ng_tee. >>I'm wondering if bumping the recvspace should help, if changing the >>ngsocket hook to queue incoming data should help, if it would be best to >>replace ngsocket with a memory-mapped interface, or if anyone has any >>other ideas that would help performance. >> >If you absolutely need to see *all* GigE traffic in userland, then >it's going to be troublesome. If not, filter it with ng_bpf(4). > > Thanks, Ruslan. Yes, I do need to pass all the traffic down through my userland daemon. Since I'm just beginning to work with Netgraph, I was wondering if there was something simple or obvious that I was missing, or if there was a known performance issue with one of the nodes I'm using (as you pointed out with ng_tee). I assumed that the bridging and trip through userland would only add latency to the connection, but the result of the performance test seemed to indicate that there is either a bottleneck I need to solve or my testing methodology was flawed. Thanks again, Guy From owner-freebsd-net@FreeBSD.ORG Fri Feb 4 23:53:57 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D2C6016A4CE for ; Fri, 4 Feb 2005 23:53:57 +0000 (GMT) Received: from tigra.ip.net.ua (tigra.ip.net.ua [82.193.96.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C9FD43D5C for ; Fri, 4 Feb 2005 23:53:57 +0000 (GMT) (envelope-from ru@ip.net.ua) Received: from localhost (rocky.ip.net.ua [82.193.96.2]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id j14NruH0058080; Sat, 5 Feb 2005 01:53:56 +0200 (EET) (envelope-from ru@ip.net.ua) Received: from tigra.ip.net.ua ([82.193.96.10]) by localhost (rocky.ipnet [82.193.96.2]) (amavisd-new, port 10024) with LMTP id 19431-01; Sat, 5 Feb 2005 01:53:55 +0200 (EET) Received: from heffalump.ip.net.ua (heffalump.ip.net.ua [82.193.96.213]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id j14NrsdX058077 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 5 Feb 2005 01:53:55 +0200 (EET) (envelope-from ru@ip.net.ua) Received: (from ru@localhost) by heffalump.ip.net.ua (8.13.1/8.13.1) id j14NrtW0001836; Sat, 5 Feb 2005 01:53:55 +0200 (EET) (envelope-from ru) Date: Sat, 5 Feb 2005 01:53:54 +0200 From: Ruslan Ermilov To: Guy Helmer Message-ID: <20050204235354.GB95344@ip.net.ua> References: <4203AAE3.4090906@palisadesys.com> <20050204204804.GC71363@ip.net.ua> <4203EC87.3070504@palisadesys.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="oC1+HKm2/end4ao3" Content-Disposition: inline In-Reply-To: <4203EC87.3070504@palisadesys.com> User-Agent: Mutt/1.5.6i X-Virus-Scanned: by amavisd-new at ip.net.ua cc: freebsd-net@freebsd.org Subject: Re: Netgraph performance question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Feb 2005 23:53:57 -0000 --oC1+HKm2/end4ao3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 04, 2005 at 03:43:35PM -0600, Guy Helmer wrote: >=20 > I'm sorry, I mis-wrote. My ng_tee is actually modified to only passes > packets to the r2l/l2r hooks if they are connected, otherwise packets = are > passed directly to the left/right hooks (so it's an optional divert), = so > there is no m_dup anymore in my modified ng_tee. >=20 > I assumed that the bridging and trip through userland would only add > latency to the connection, but the result of the performance test seem= ed > to indicate that there is either a bottleneck I need to solve or my > testing methodology was flawed. >=20 If you pass packets through userland, then it is even more performance penalty, as it involves userspace<->kernel copying, twice for each packet. Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --oC1+HKm2/end4ao3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFCBAsSqRfpzJluFF4RAqcOAJ92ljJSEZuaCfl/8ctSiwHDYPtSjwCfR2iy LcGhfyrptuZdWkskbonwoDo= =YWuj -----END PGP SIGNATURE----- --oC1+HKm2/end4ao3-- From owner-freebsd-net@FreeBSD.ORG Sat Feb 5 00:32:31 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 97E6116A4CE for ; Sat, 5 Feb 2005 00:32:31 +0000 (GMT) Received: from out014.verizon.net (out014pub.verizon.net [206.46.170.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3B80743D49 for ; Sat, 5 Feb 2005 00:32:30 +0000 (GMT) (envelope-from jetman@mycbc.com) Received: from EAGLE ([70.18.42.10]) by out014.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20050205003229.MZLW28388.out014.verizon.net@EAGLE> for ; Fri, 4 Feb 2005 18:32:29 -0600 Message-ID: <006e01c50b1a$23e01370$c600a8c0@EAGLE> From: "The Jetman" To: "FreeBSD Net" Date: Fri, 4 Feb 2005 19:31:50 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Authentication-Info: Submitted using SMTP AUTH at out014.verizon.net from [70.18.42.10] at Fri, 4 Feb 2005 18:32:25 -0600 Subject: [4.10-R]Getting A Particular BRIDGE Setup Working X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Feb 2005 00:32:31 -0000 I've made a nbr of BRIDGE boxes w/ various revs of FBSD, but I always get stuck w/ one configuration. Currently, I have a firewall/gateway box (also FBSD) which connects to the 'Net via a DSL modem. If I place my BRIDGE on the exterior leg (bet the gateway and the DSL modem), it works perfectly. That is, traffic passes thru the BRIDGE as expected. Unfortunately, I can't get detailed traffic stats, since the internal workstations'traffic have been NAT'd into a single traffic stream by the firewall. FWIW, I use two IP-less Ethernet cards for the BRIDGE itself and another Ethernet w/ an IP, plugged into my switch, to control the BRIDGE box itself and to look at the traffic stats. BTW, the traffic stats app (NTOP) works perfectly, under this arrangement. The problem manifests itself if I connect the BRIDGE box to the interior Ethernet leg of the firewall/gateway, thereby connecting it to the switch, along w/ the BRIDGE's control port. The BRIDGE fails and I always get spurious error messages from ARP, indicating one of my IP-less Ethernet cards is using the IP address of my control port. If I lose the control port (disconnect it), the BRIDGE works fine, but I can't see any traffic stats, the principal purpose of the BRIDGE. Is there a SYSCTL variable to control this behavior or perhaps something else I'm not aware of ? TIA. Later....Jet =============== From the desk of Jethro Wright, III ================ + Beer is proof that God loves us and wants us to be happy. - === jetman516 at hotmail.com =============== Benjamin Franklin === From owner-freebsd-net@FreeBSD.ORG Sat Feb 5 00:42:46 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 183D116A4CE for ; Sat, 5 Feb 2005 00:42:46 +0000 (GMT) Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id C3D7343D39 for ; Sat, 5 Feb 2005 00:42:45 +0000 (GMT) (envelope-from julian@elischer.org) Received: from elischer.org (julian.vicor-nb.com [208.206.78.97]) by mail.vicor-nb.com (Postfix) with ESMTP id A02E87A403; Fri, 4 Feb 2005 16:42:45 -0800 (PST) Message-ID: <42041685.6030805@elischer.org> Date: Fri, 04 Feb 2005 16:42:45 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3.1) Gecko/20030516 X-Accept-Language: en, hu MIME-Version: 1.0 To: Guy Helmer References: <4203AAE3.4090906@palisadesys.com> In-Reply-To: <4203AAE3.4090906@palisadesys.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Netgraph performance question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Feb 2005 00:42:46 -0000 Guy Helmer wrote: > A while back, Maxim Konovalov made a commit to usr.sbin/ngctl/main.c > to increase its socket receive buffer size to help 'ngctl list' deal > with a big number of nodes, and Ruslan Ermilov responded that setting > sysctls net.graph.recvspace=200000 and net.graph.maxdgram=200000 was > a good idea on a system with a large number of nodes. > > I'm getting what I consider to be sub-par performance under FreeBSD > 5.3 from a userland program using ngsockets connected into ng_tee to > play with packets that are traversing a ng_bridge, and I finally have > an opportunity to look into this. I say "sub-par" because when we've > tested this configuration using three 2.8GHz Xeon machines with > Gigabit Ethernet interfaces at 1000Mbps full-duplex, we obtained peak > performance of a single TCP stream of about 12MB/sec through the > bridging machine as measured by NetPIPE and netperf. that's not bad if you are pushing everything through userland.. That's quite expensive, and the scheduling overheads need to be taken into account too. > > > I'm wondering if bumping the recvspace should help, if changing the > ngsocket hook to queue incoming data should help, if it would be best > to replace ngsocket with a memory-mapped interface, or if anyone has > any other ideas that would help performance. Netgraph was designed to be a "lego for link layer stuff" where link laer stuff was considered to be WAN protocols etc. In particualr the userland interface was written with an eye to prototyping and debugging and doesn't take any special care to be fast. (though I don;t know how you could be faster going to userland). Since then people have broadenned its use considerably, and questionns of its performance have become quite regular. It wasn't designed to be super fast, though it is not bad considerring what it does. There is however a push to look at performance so it would eb interresting to see in more detail what you are doing. in particular, what are you doing in userland? might it make sense to make your own custom netgraph node that does exaclty what you want in the kernel? > > Thanks in advance for any advice, Guy Helmer > I have considderred a memory mapper interface that would bold onto ng_dev. I have done an almost identical interface once before (1986->1992) There would have to be several commands supported. define bufferspace size (ioctl/message) mmap buffer space (mmap) allocate bufferspace to user (size) (returns buffer ID) free bufferspace (ID) getoffset (ID) (returns offset in bufferspace) writebuffer(ID, hook, maxmbufsize) pick up the buffer, put it into mbufs (maybe as external pointers) and send out hook in question. Incoming data would be written into buffers (a cpu copy would be needed) and the ID added to a list of arrived IDs. In addition you need a way to notify a listenning thread/process of arrived IDs. In my original system the listenning process had a socket open with a particular protocol family and waited for N bytes. when the data arrived, the socket returned the buffer ID, followed by N-sizeof(ID) bytes from th header of the packet so that the app could check a header and see if it was interrested. In later version s it used a recvmesg() call and the metadata was in the form of a protocol specific structure received in parallel to the actual data copied. Arrived IDs/buffers were 'owned' by N owners where N was the number of open listenner sockets. each listenner had to respond to the message by 'freeing' the ID if it wan't interrested.. closing the socket freed all IDs still owned by it. closing the file did the same... I forget some of the details. I guess in this version, instead of sockets we could use hooks on the mmap node and we could use ng sockets to connect to them.. The external data 'free' method in th embuf could decrement teh ID reference count and actually free it if it reached 0 (when all parts ahd been transmitted?) The userland process woudl free it immediatly after doing the 'send this' command. the reference counts owned by the mbuffs would stop it from being freed until the packets were sent. In our previous version, we ahd a disk/vfs interface too and there was a "write this to filedescriptor N" and "write this to raw disk X at offset Y" command too.. the disk would own a reference until the data was written of course.. There was also a "read from raw disk X at offsett Y into buffer ID" command. you had to own the buffer already for it to work.. in 1987 we were saturating several ethernets off disk with this with 5% cpu load :-) disk->[dma]->mem->[dma]->ethernet Since machines are now hundreds of times faster (30MHz 68010 with 32 bit mem bus vs 3GHz 64bit bus machine) some of this doesn't make sense any more, but it was an achievement at the time. just an idea.