From owner-freebsd-net@FreeBSD.ORG Sun Mar 19 13:46:08 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB52216A400 for ; Sun, 19 Mar 2006 13:46:08 +0000 (UTC) (envelope-from _pppp@mail.ru) Received: from f22.mail.ru (f22.mail.ru [194.67.57.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 604BC43D45 for ; Sun, 19 Mar 2006 13:46:08 +0000 (GMT) (envelope-from _pppp@mail.ru) Received: from mail by f22.mail.ru with local id 1FKyEQ-0005b8-00; Sun, 19 Mar 2006 16:46:06 +0300 Received: from [83.237.12.67] by koi.mail.ru with HTTP; Sun, 19 Mar 2006 16:46:06 +0300 From: dima <_pppp@mail.ru> To: OxY Mime-Version: 1.0 X-Mailer: mPOP Web-Mail 2.19 X-Originating-IP: [83.237.12.67] Date: Sun, 19 Mar 2006 16:46:06 +0300 In-Reply-To: <001001c64a92$3ab18170$0201a8c0@oxy> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Message-Id: Cc: freebsd-net@freebsd.org Subject: Re[2]: packet drop with intel gigabit / marwell gigabit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dima <_pppp@mail.ru> List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Mar 2006 13:46:09 -0000 > i increased hz from 2000 to 5000, now the packet loss is decreased > from 5-6% to 0.6-0,8% !!! > huge improve! > should i increase hz more? You can. But remember that higher HZ values spend more CPU time for task switching. So if the hardware is used for something more than only network workload you would get performance penalty in other areas. A faster CPU would be a useful option in your case (with a proper HZ increase) It seems that this card has very small buffer size. And it's nothing you can do about that. > > > ----- Original Message ----- > From: "OxY" > To: "Chuck Swiger" > Cc: > Sent: Saturday, March 18, 2006 2:23 PM > Subject: Re: packet drop with intel gigabit / marwell gigabit > > > > currently i use HZ=2000 > > here's the output of netstat -i, -s, and vmstat -i : > > (currently i am uploading on the gigabit with ftp, 3 threads) > > > > Field root# vmstat -i > > interrupt total rate > > irq0: clk 27503959 1993 > > irq1: atkbd0 1 0 > > irq3: fxp0 2 0 > > irq7: 146 0 > > stray irq7 146 0 > > irq8: rtc 1765569 127 > > irq10: atapci1 2807786 203 > > irq11: atapci0 475039 34 > > irq13: npx0 1 0 > > irq14: ata0 99 0 > > Total 32552748 2359 > > > > Field root# netstat -i > > Name Mtu Network Address Ipkts Ierrs Opkts Oerrs > > Coll > > fxp0 1500 00:a0:c9:8d:79:68 13163545 0 21899372 1 > > 0 > > fxp0 1500 195.38.96.64/ field 141 - > > 6 - - > > em0 1500 00:0e:0c:a2:ac:42 68644181 4 66793904 0 > > 0 > > em0 1500 195.38.96.64/ field 211255811 - > > - - > > lo0 16384 129622061 0 129622061 > > 0 0 > > > > netstat -s is here: > > http://field.hu/netstat.txt > > > > ----- Original Message ----- > > From: "Chuck Swiger" > > To: "OxY" > > Cc: > > Sent: Saturday, March 18, 2006 1:37 PM > > Subject: Re: packet drop with intel gigabit / marwell gigabit > > > > > >> OxY wrote: > >>> yeah, i googled these settings, but i put them back to default then! > >>> i measured iperf performance, and it showed that the packet drop is > >>> depending on the system load.. > >> > >> If you are using the normal interrupt-driven configuration, you should > >> look at > >> netstat -i, -s, and vmstat -i. If you're turning on device polling, you > >> ought > >> to retry your testing at higher HZ (try 2000 or 5000): > >> > >> echo 'kern.hz="2000"' >> /boot/loader.conf > >> > >> -- > >> -Chuck > > > > _______________________________________________ > > freebsd-performance@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-performance > > To unsubscribe, send any mail to > > "freebsd-performance-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Sun Mar 19 15:47:53 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 01DF116A41F for ; Sun, 19 Mar 2006 15:47:53 +0000 (UTC) (envelope-from _pppp@mail.ru) Received: from f63.mail.ru (f63.mail.ru [194.67.57.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id 95ACA43D46 for ; Sun, 19 Mar 2006 15:47:52 +0000 (GMT) (envelope-from _pppp@mail.ru) Received: from mail by f63.mail.ru with local id 1FL08E-000NLu-00; Sun, 19 Mar 2006 18:47:50 +0300 Received: from [83.237.12.67] by koi.mail.ru with HTTP; Sun, 19 Mar 2006 18:47:50 +0300 From: dima <_pppp@mail.ru> To: Max Laier Mime-Version: 1.0 X-Mailer: mPOP Web-Mail 2.19 X-Originating-IP: [83.237.12.67] Date: Sun, 19 Mar 2006 18:47:50 +0300 In-Reply-To: <200603150441.50904.max@love2party.net> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Message-Id: Cc: freebsd-net@freebsd.org Subject: Re[2]: New version of iwi(4) - Call for testers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dima <_pppp@mail.ru> List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Mar 2006 15:47:53 -0000 > All, > > the new version at: > http://people.freebsd.org/~mlaier/new_iwi/20060315.both.tgz > > should build for RELENG_6 and HEAD. Make sure to have the latest RELENG_6 > checkout with the taskqueue changes. > > This version supports version 3.0 and version 2.4 firmware. From iwi_fw you > can build and install either version. For 3.0 just #make all install, for > 2.4: #make IWI_FW_VERSION=240 all install This shouldn't make a difference, > though. > > "cmd 0x19" is WME config, by the way. It seems the firmware doesn't like the > sequence we setup the card. > > Please keep testing and post your feedback - thanks. The new driver didn't pass cvsup test at my laptop :( It fails large file upload either. It's definitely a flow control problem. Is taskqueue designed to address this? From owner-freebsd-net@FreeBSD.ORG Sun Mar 19 16:38:46 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 72E5C16A423 for ; Sun, 19 Mar 2006 16:38:46 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183]) by mx1.FreeBSD.org (Postfix) with ESMTP id CA5B443D48 for ; Sun, 19 Mar 2006 16:38:45 +0000 (GMT) (envelope-from max@love2party.net) Received: from [84.163.250.182] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu3) with ESMTP (Nemesis), id 0MKxQS-1FL0vS0uaO-0005aT; Sun, 19 Mar 2006 17:38:42 +0100 From: Max Laier Organization: FreeBSD To: freebsd-net@freebsd.org, dima <_pppp@mail.ru> Date: Sun, 19 Mar 2006 17:38:10 +0100 User-Agent: KMail/1.9.1 References: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1406743.mMZBo6BUrV"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200603191738.19442.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: Subject: Re: New version of iwi(4) - Call for testers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Mar 2006 16:38:46 -0000 --nextPart1406743.mMZBo6BUrV Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday 19 March 2006 16:47, dima wrote: > > All, > > > > the new version at: > > http://people.freebsd.org/~mlaier/new_iwi/20060315.both.tgz > > > > should build for RELENG_6 and HEAD. Make sure to have the latest > > RELENG_6 checkout with the taskqueue changes. > > > > This version supports version 3.0 and version 2.4 firmware. From iwi_fw > > you can build and install either version. For 3.0 just #make all > > install, for 2.4: #make IWI_FW_VERSION=3D240 all install This shouldn't > > make a difference, though. > > > > "cmd 0x19" is WME config, by the way. It seems the firmware doesn't li= ke > > the sequence we setup the card. > > > > Please keep testing and post your feedback - thanks. > > The new driver didn't pass cvsup test at my laptop :( > It fails large file upload either. > > It's definitely a flow control problem. Is taskqueue designed to address > this? We found that this problem is completely unrelated to iwi, but a general=20 problem with software encryption in net80211. This should be fixed with=20 ieee80211_output.c rev. 1.40 and will be MFCed shortly. Note that this use= s=20 m_unshare, which also is not yet in RELENG_6. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1406743.mMZBo6BUrV Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQBEHYj7XyyEoT62BG0RAkNQAJ9mhVJ1alRnOTq08nhsICfwEz1QawCcD45K +NN8gdlJUIIdym7ra3vfZgE= =hjEx -----END PGP SIGNATURE----- --nextPart1406743.mMZBo6BUrV-- From owner-freebsd-net@FreeBSD.ORG Sun Mar 19 16:52:56 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BFAD616A400; Sun, 19 Mar 2006 16:52:56 +0000 (UTC) (envelope-from toasty@dragondata.com) Received: from tokyo01.jp.mail.your.org (tokyo01.jp.mail.your.org [204.9.54.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 648DC43D46; Sun, 19 Mar 2006 16:52:56 +0000 (GMT) (envelope-from toasty@dragondata.com) Received: from mail.your.org (server3-a.your.org [64.202.112.67]) by tokyo01.jp.mail.your.org (Postfix) with ESMTP id F0EE52AD576D; Sun, 19 Mar 2006 16:52:54 +0000 (UTC) Received: from [69.31.99.38] (pool038.dhcp.your.org [69.31.99.38]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by mail.your.org (Postfix) with ESMTP id C0D2EA0A44E; Sun, 19 Mar 2006 16:52:53 +0000 (UTC) In-Reply-To: <000a01c64a81$45eb6850$0201a8c0@oxy> References: <000a01c64a81$45eb6850$0201a8c0@oxy> Mime-Version: 1.0 (Apple Message framework v746.2) X-Priority: 3 Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <9A8985D2-816C-4AF8-9E4A-116EA6BAEEE7@dragondata.com> Content-Transfer-Encoding: 7bit From: Kevin Day Date: Sun, 19 Mar 2006 10:52:35 -0600 To: "OxY" X-Mailer: Apple Mail (2.746.2) Cc: freebsd-net@freebsd.org, freebsd-performance@freebsd.org Subject: Re: packet drop with intel gigabit / marwell gigabit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Mar 2006 16:52:56 -0000 On Mar 18, 2006, at 5:44 AM, OxY wrote: > hi! > > i had the packet drop problem with the marwell yukon gigabitcard: > (system is an amd 2000+xp, 512mb ram, fbsd 6.0-p5) > > when the apache ran, with no http, just used to share files and the > traffic was > 2-2,5MB/S i had 14-17% packet drop on the gigabit interface.. > with the sysctl i succesfully pulled it down to 12-14%, but it was > terrible, > so i bought an intel pro/1000 gt. > with this i have 3-6% drop with same traffic load on the other > interface.. > when i stop the apache packet drop falls down to 0-0.1%, which is > great. > but with apache it's terrible.. Just on a hunch, can you try putting the card in a different PCI slot? There may be interrupt routing issues. From owner-freebsd-net@FreeBSD.ORG Sun Mar 19 17:02:47 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AE33716A400; Sun, 19 Mar 2006 17:02:47 +0000 (UTC) (envelope-from oxy@field.hu) Received: from green.field.hu (green.field.hu [217.20.130.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 787AF43D45; Sun, 19 Mar 2006 17:02:46 +0000 (GMT) (envelope-from oxy@field.hu) Received: from localhost (green.field.hu [217.20.130.28]) by green.field.hu (Postfix) with ESMTP id 10211119D54; Sun, 19 Mar 2006 18:02:04 +0100 (CET) Received: from green.field.hu ([217.20.130.28]) by localhost (green.field.hu [217.20.130.28]) (amavisd-new, port 10024) with ESMTP id 42013-07; Sun, 19 Mar 2006 18:02:03 +0100 (CET) Received: from oxy (dsl217-197-187-71.pool.tvnet.hu [217.197.187.71]) by green.field.hu (Postfix) with ESMTP id C783C119CF5; Sun, 19 Mar 2006 18:02:03 +0100 (CET) Message-ID: <000e01c64b76$f2247ee0$0201a8c0@oxy> From: "OxY" To: "Kevin Day" References: <000a01c64a81$45eb6850$0201a8c0@oxy> <9A8985D2-816C-4AF8-9E4A-116EA6BAEEE7@dragondata.com> Date: Sun, 19 Mar 2006 18:02:46 +0100 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2670 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 X-Virus-Scanned: by Amavisd-new (Spamassassin+Razor2+Pyzor+DCC+Bayes db, Clamd Antivirus) at field.hu Cc: freebsd-net@freebsd.org, freebsd-performance@freebsd.org Subject: Re: packet drop with intel gigabit / marwell gigabit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Mar 2006 17:02:47 -0000 okay, i will try it in a couple days ----- Original Message ----- From: "Kevin Day" To: "OxY" Cc: ; Sent: Sunday, March 19, 2006 5:52 PM Subject: Re: packet drop with intel gigabit / marwell gigabit > > > On Mar 18, 2006, at 5:44 AM, OxY wrote: > >> hi! >> >> i had the packet drop problem with the marwell yukon gigabitcard: >> (system is an amd 2000+xp, 512mb ram, fbsd 6.0-p5) >> >> when the apache ran, with no http, just used to share files and the >> traffic was >> 2-2,5MB/S i had 14-17% packet drop on the gigabit interface.. >> with the sysctl i succesfully pulled it down to 12-14%, but it was >> terrible, >> so i bought an intel pro/1000 gt. >> with this i have 3-6% drop with same traffic load on the other >> interface.. >> when i stop the apache packet drop falls down to 0-0.1%, which is >> great. >> but with apache it's terrible.. > > > Just on a hunch, can you try putting the card in a different PCI > slot? There may be interrupt routing issues. > > > From owner-freebsd-net@FreeBSD.ORG Sun Mar 19 18:20:17 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2535A16A431 for ; Sun, 19 Mar 2006 18:20:17 +0000 (UTC) (envelope-from ghelmer@palisadesys.com) Received: from magellan.palisadesys.com (magellan.palisadesys.com [192.188.162.211]) by mx1.FreeBSD.org (Postfix) with ESMTP id A895943D45 for ; Sun, 19 Mar 2006 18:20:16 +0000 (GMT) (envelope-from ghelmer@palisadesys.com) Received: from [192.168.0.104] (71-214-231-30.desm.qwest.net [71.214.231.30]) (authenticated bits=0) by magellan.palisadesys.com (8.13.4/8.13.4) with ESMTP id k2JIK2sl023458 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 19 Mar 2006 12:20:07 -0600 (CST) (envelope-from ghelmer@palisadesys.com) Message-ID: <441DA0CF.7000607@palisadesys.com> Date: Sun, 19 Mar 2006 12:19:59 -0600 From: Guy Helmer User-Agent: Thunderbird 1.5 (X11/20060225) MIME-Version: 1.0 To: Max Laier References: <200603052102.24881.max@love2party.net> <20060308201150.GB20475@laverenz.de> <200603150441.50904.max@love2party.net> In-Reply-To: <200603150441.50904.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Palisade-MailScanner-Information: Please contact the ISP for more information X-Palisade-MailScanner: Found to be clean X-Palisade-MailScanner-From: ghelmer@palisadesys.com Cc: freebsd-net@freebsd.org Subject: Re: New version of iwi(4) - Call for testers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Mar 2006 18:20:17 -0000 Max Laier wrote: > All, > > the new version at: > http://people.freebsd.org/~mlaier/new_iwi/20060315.both.tgz > > should build for RELENG_6 and HEAD. Make sure to have the latest RELENG_6 > checkout with the taskqueue changes. > > This version supports version 3.0 and version 2.4 firmware. From iwi_fw you > can build and install either version. For 3.0 just #make all install, for > 2.4: #make IWI_FW_VERSION=240 all install This shouldn't make a difference, > though. > > "cmd 0x19" is WME config, by the way. It seems the firmware doesn't like the > sequence we setup the card. > > Please keep testing and post your feedback - thanks. This version has been holding up well for me under FreeBSD 6.1 BETA4. I've been able to easily attach to my home access point and even run portupgrade on an NFS-mounted /usr/ports, both of which had been problematic for me using the stock 6.0 and 6.1-BETA driver. Great work! Guy -- Guy Helmer, Ph.D., Principal System Architect, Palisade Systems, Inc. ghelmer@palisadesys.com http://www.palisadesys.com/~ghelmer From owner-freebsd-net@FreeBSD.ORG Sun Mar 19 18:30:12 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 466A416A41F; Sun, 19 Mar 2006 18:30:12 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id D118743D60; Sun, 19 Mar 2006 18:30:10 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 4962D2000AB; Sun, 19 Mar 2006 19:30:08 +0100 (CET) Received: by transport.cksoft.de (Postfix, from userid 66) id 69167200005; Sun, 19 Mar 2006 19:30:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 3CE7B444F45; Sun, 19 Mar 2006 18:26:01 +0000 (UTC) Date: Sun, 19 Mar 2006 18:26:01 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: OxY In-Reply-To: <000e01c64b76$f2247ee0$0201a8c0@oxy> Message-ID: <20060319182105.H2181@maildrop.int.zabbadoz.net> References: <000a01c64a81$45eb6850$0201a8c0@oxy> <9A8985D2-816C-4AF8-9E4A-116EA6BAEEE7@dragondata.com> <000e01c64b76$f2247ee0$0201a8c0@oxy> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de Cc: freebsd-net@freebsd.org, freebsd-performance@freebsd.org Subject: Re: packet drop with intel gigabit / marwell gigabit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Mar 2006 18:30:12 -0000 On Sun, 19 Mar 2006, OxY wrote: Hi, >> Just on a hunch, can you try putting the card in a different PCI slot? >> There may be interrupt routing issues. >> > okay, i will try it in a couple days the card also has a sysctl for intr moderation. See man 4 sk. The default changed with Pyun's updated driver, I think, but you could play with that too. Further I still have the feeling that your measurings are not comparable. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT From owner-freebsd-net@FreeBSD.ORG Sun Mar 19 18:31:58 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 239DF16A400; Sun, 19 Mar 2006 18:31:58 +0000 (UTC) (envelope-from oxy@field.hu) Received: from green.field.hu (green.field.hu [217.20.130.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id D2C7543D7C; Sun, 19 Mar 2006 18:31:48 +0000 (GMT) (envelope-from oxy@field.hu) Received: from localhost (green.field.hu [217.20.130.28]) by green.field.hu (Postfix) with ESMTP id 84482119D2E; Sun, 19 Mar 2006 19:31:06 +0100 (CET) Received: from green.field.hu ([217.20.130.28]) by localhost (green.field.hu [217.20.130.28]) (amavisd-new, port 10024) with ESMTP id 48858-02; Sun, 19 Mar 2006 19:31:06 +0100 (CET) Received: from oxy (dsl217-197-187-71.pool.tvnet.hu [217.197.187.71]) by green.field.hu (Postfix) with ESMTP id 42267119CC4; Sun, 19 Mar 2006 19:31:06 +0100 (CET) Message-ID: <000b01c64b83$62ccdd70$0201a8c0@oxy> From: "OxY" To: "Bjoern A. Zeeb" References: <000a01c64a81$45eb6850$0201a8c0@oxy> <9A8985D2-816C-4AF8-9E4A-116EA6BAEEE7@dragondata.com> <000e01c64b76$f2247ee0$0201a8c0@oxy> <20060319182105.H2181@maildrop.int.zabbadoz.net> Date: Sun, 19 Mar 2006 19:31:49 +0100 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="ISO-8859-1"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2670 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 X-Virus-Scanned: by Amavisd-new (Spamassassin+Razor2+Pyzor+DCC+Bayes db, Clamd Antivirus) at field.hu Cc: freebsd-net@freebsd.org, freebsd-performance@freebsd.org Subject: Re: packet drop with intel gigabit / marwell gigabit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Mar 2006 18:31:58 -0000 i changed sk to em. how could i measure speed or benchmark the network performance? ----- Original Message ----- From: "Bjoern A. Zeeb" To: "OxY" Cc: ; Sent: Sunday, March 19, 2006 7:26 PM Subject: Re: packet drop with intel gigabit / marwell gigabit > On Sun, 19 Mar 2006, OxY wrote: > > Hi, > >>> Just on a hunch, can you try putting the card in a different PCI slot? >>> There may be interrupt routing issues. >>> >> okay, i will try it in a couple days > > the card also has a sysctl for intr moderation. See man 4 sk. The > default changed with Pyun's updated driver, I think, but you could > play with that too. > > Further I still have the feeling that your measurings are not > comparable. > > -- > Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT From owner-freebsd-net@FreeBSD.ORG Sun Mar 19 18:43:21 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 775BF16A400 for ; Sun, 19 Mar 2006 18:43:21 +0000 (UTC) (envelope-from thompsa@freebsd.org) Received: from dbmail-mx2.orcon.net.nz (loadbalancer1.orcon.net.nz [219.88.242.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 555CF43D64 for ; Sun, 19 Mar 2006 18:43:14 +0000 (GMT) (envelope-from thompsa@freebsd.org) Received: from heff.fud.org.nz (60-234-149-201.bitstream.orcon.net.nz [60.234.149.201]) by dbmail-mx2.orcon.net.nz (8.13.2/8.13.2/Debian-1) with SMTP id k2JIkD1Y011343; Mon, 20 Mar 2006 06:46:14 +1200 Received: by heff.fud.org.nz (Postfix, from userid 1001) id 973B21CCC1; Mon, 20 Mar 2006 06:43:07 +1200 (NZST) Date: Mon, 20 Mar 2006 06:43:07 +1200 From: Andrew Thompson To: Max Laier Message-ID: <20060319184307.GL20361@heff.fud.org.nz> References: <20060304142802.GA63144@egr.msu.edu> <4409A975.1080108@thedarkside.nl> <200603041602.42599.max@love2party.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200603041602.42599.max@love2party.net> User-Agent: Mutt/1.5.11 X-Virus-Scanned: ClamAV 0.88/1341/Mon Mar 20 06:04:17 2006 on dbmail-mx2.orcon.net.nz X-Virus-Status: Clean Cc: freebsd-net@freebsd.org, Adam McDougall Subject: Re: PR kern/93849 IP checksum broken by pf no-df over bridge X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Mar 2006 18:43:21 -0000 On Sat, Mar 04, 2006 at 04:02:26PM +0100, Max Laier wrote: > On Saturday 04 March 2006 15:51, Pieter de Boer wrote: > > Adam McDougall wrote: > > > Could someone possibly take a look at this and let me know if it > > > looks 'broken' or if I might be doing something wrong? I am in > > > a crunch to choose a firewall solution within a few weeks and it > > > would help me to know if this issue can be solved. FreeBSD/pf > > > seemed an appropriate solution so far, especially since it has > > > CARP, pfsync, (and altq which im not using (yet?)). > > > > You could try compiling pf using CFLAGS=-O instead of -O2. This fixed a > > checksum problem I had. That probably was an entirely different issue, > > but perhaps it does help.. > > Can you try this patch and report back instead. Thanks and sorry for the > delay. Were you going to commit this? The user reported that it fixed the problem. http://www.freebsd.org/cgi/query-pr.cgi?pr=93849 cheers, Andrew From owner-freebsd-net@FreeBSD.ORG Sun Mar 19 23:13:57 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03EF216A400 for ; Sun, 19 Mar 2006 23:13:57 +0000 (UTC) (envelope-from darren.pilgrim@bitfreak.org) Received: from mail.bitfreak.org (mail.bitfreak.org [65.75.198.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id B3EA043D45 for ; Sun, 19 Mar 2006 23:13:56 +0000 (GMT) (envelope-from darren.pilgrim@bitfreak.org) Received: from [127.0.0.1] (mail.bitfreak.org [65.75.198.146]) by mail.bitfreak.org (Postfix) with ESMTP id EB8FA19F2C; Sun, 19 Mar 2006 15:13:55 -0800 (PST) Message-ID: <441DE5B2.1060202@bitfreak.org> Date: Sun, 19 Mar 2006 15:13:54 -0800 From: Darren Pilgrim User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Max Laier References: <200603191738.19442.max@love2party.net> In-Reply-To: <200603191738.19442.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: New version of iwi(4) - Call for testers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Mar 2006 23:13:57 -0000 Max Laier wrote: > On Sunday 19 March 2006 16:47, dima wrote: >>> >>> the new version at: >>> http://people.freebsd.org/~mlaier/new_iwi/20060315.both.tgz >> >> The new driver didn't pass cvsup test at my laptop :( >> It fails large file upload either. >> >> It's definitely a flow control problem. Is taskqueue designed to address >> this? > > We found that this problem is completely unrelated to iwi, but a general > problem with software encryption in net80211. This should be fixed with > ieee80211_output.c rev. 1.40 and will be MFCed shortly. Note that this uses > m_unshare, which also is not yet in RELENG_6. Are you referring to the problem in cvsup tests where it will suddenly stop with a "Network write failure" error? From owner-freebsd-net@FreeBSD.ORG Sun Mar 19 23:20:56 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 202DA16A401 for ; Sun, 19 Mar 2006 23:20:56 +0000 (UTC) (envelope-from sam@errno.com) Received: from ebb.errno.com (ebb.errno.com [69.12.149.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id C252E43D46 for ; Sun, 19 Mar 2006 23:20:55 +0000 (GMT) (envelope-from sam@errno.com) Received: from [10.0.0.199] ([10.0.0.199]) (authenticated bits=0) by ebb.errno.com (8.12.9/8.12.6) with ESMTP id k2JNKqo7045139 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 19 Mar 2006 15:20:53 -0800 (PST) (envelope-from sam@errno.com) Message-ID: <441DE754.6020004@errno.com> Date: Sun, 19 Mar 2006 15:20:52 -0800 From: Sam Leffler Organization: Errno Consulting User-Agent: Thunderbird 1.5 (Macintosh/20051201) MIME-Version: 1.0 To: Darren Pilgrim References: <200603191738.19442.max@love2party.net> <441DE5B2.1060202@bitfreak.org> In-Reply-To: <441DE5B2.1060202@bitfreak.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Max Laier , freebsd-net@freebsd.org Subject: Re: New version of iwi(4) - Call for testers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Mar 2006 23:20:56 -0000 Darren Pilgrim wrote: > Max Laier wrote: >> On Sunday 19 March 2006 16:47, dima wrote: >>>> >>>> the new version at: >>>> http://people.freebsd.org/~mlaier/new_iwi/20060315.both.tgz > >> >>> The new driver didn't pass cvsup test at my laptop :( >>> It fails large file upload either. >>> >>> It's definitely a flow control problem. Is taskqueue designed to address >>> this? >> >> We found that this problem is completely unrelated to iwi, but a >> general problem with software encryption in net80211. This should be >> fixed with ieee80211_output.c rev. 1.40 and will be MFCed shortly. >> Note that this uses m_unshare, which also is not yet in RELENG_6. > > Are you referring to the problem in cvsup tests where it will suddenly > stop with a "Network write failure" error? Yes. The issue was that when crypto was done in the host it was sometimes being done in-place on mbufs still owned by the socket (exactly when depended on a lot of things but turning down the mtu increased the likelihood). If this happened and tcp retransmitted the previously encrypted data then it would send garbage. As Max said this was in the net80211 layer and affected all drivers depending on the host to do crypto. It'll get mfc'd this week (re permitting). Sam From owner-freebsd-net@FreeBSD.ORG Sun Mar 19 23:31:37 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 233AC16A400 for ; Sun, 19 Mar 2006 23:31:37 +0000 (UTC) (envelope-from darren.pilgrim@bitfreak.org) Received: from mail.bitfreak.org (mail.bitfreak.org [65.75.198.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE1B543D45 for ; Sun, 19 Mar 2006 23:31:36 +0000 (GMT) (envelope-from darren.pilgrim@bitfreak.org) Received: from [127.0.0.1] (mail.bitfreak.org [65.75.198.146]) by mail.bitfreak.org (Postfix) with ESMTP id 521C819F2C; Sun, 19 Mar 2006 15:31:35 -0800 (PST) Message-ID: <441DE9D5.3060900@bitfreak.org> Date: Sun, 19 Mar 2006 15:31:33 -0800 From: Darren Pilgrim User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Sam Leffler References: <200603191738.19442.max@love2party.net> <441DE5B2.1060202@bitfreak.org> <441DE754.6020004@errno.com> In-Reply-To: <441DE754.6020004@errno.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Max Laier , freebsd-net@freebsd.org Subject: Re: New version of iwi(4) - Call for testers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Mar 2006 23:31:37 -0000 Sam Leffler wrote: > Darren Pilgrim wrote: >> >> Are you referring to the problem in cvsup tests where it will suddenly >> stop with a "Network write failure" error? > > Yes. The issue was that when crypto was done in the host it was > sometimes being done in-place on mbufs still owned by the socket > (exactly when depended on a lot of things but turning down the mtu > increased the likelihood). If this happened and tcp retransmitted the > previously encrypted data then it would send garbage. > > As Max said this was in the net80211 layer and affected all drivers > depending on the host to do crypto. It'll get mfc'd this week (re > permitting). I'm glad to hear I finally have a driver for my wireless NIC that's as stable it (currently) gets, since the above is the only problem I've been able to coax out of my machine. So Max... great job! From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 01:23:36 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6EE1016A400 for ; Mon, 20 Mar 2006 01:23:36 +0000 (UTC) (envelope-from julian@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F30643D45 for ; Mon, 20 Mar 2006 01:23:36 +0000 (GMT) (envelope-from julian@elischer.org) Received: from unknown (HELO [192.168.2.4]) ([10.251.60.61]) by a50.ironport.com with ESMTP; 19 Mar 2006 17:23:37 -0800 Message-ID: <441E0415.2040908@elischer.org> Date: Sun, 19 Mar 2006 17:23:33 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.11) Gecko/20050727 X-Accept-Language: en-us, en MIME-Version: 1.0 To: net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: multiple routing tables X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 01:23:36 -0000 I'm looking at a problem where I want onemachine to really look like 2. this means I want to have 2 separate routing tables if possible. I know I could do it with eas if I could user Marco Zec's vimage patches but I need to have a path forward to 6.x and beyond An answer would be to re-implement vimage for newer versions of FreeBSD but it's a bit of overkill and I was wondering if anyone had done anything in this direction? Basically just allowing a jail to specify a different routing table would be enough.... From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 02:14:24 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 548FB16A420 for ; Mon, 20 Mar 2006 02:14:24 +0000 (UTC) (envelope-from ray.mihm@gmail.com) Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id DA77D43D45 for ; Mon, 20 Mar 2006 02:14:23 +0000 (GMT) (envelope-from ray.mihm@gmail.com) Received: by xproxy.gmail.com with SMTP id t16so690083wxc for ; Sun, 19 Mar 2006 18:14:23 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=M28YlQW/j589k7zJdPJA3ujq3PwIyS8ekD7ZTAKDXlUOcN6vLydFOir2P5F0oM7HOOeG65rDeSIfnIoyV4kt4krxE9C53nzDm3kIU12XIIsO2gLmV2pnnJkDy3tsxuaNV9ul/s/z/i/w9NQ0bNEvCRtlTJplNtkdS9rnoi6Vd60= Received: by 10.70.20.19 with SMTP id 19mr1619967wxt; Sun, 19 Mar 2006 18:14:23 -0800 (PST) Received: by 10.70.46.9 with HTTP; Sun, 19 Mar 2006 18:14:23 -0800 (PST) Message-ID: <1aa142960603191814x3f2c5ee2s8868d939ccc0fc05@mail.gmail.com> Date: Sun, 19 Mar 2006 18:14:23 -0800 From: "Ray Mihm" To: "Julian Elischer" In-Reply-To: <441E0415.2040908@elischer.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <441E0415.2040908@elischer.org> Cc: net@freebsd.org Subject: Re: multiple routing tables X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 02:14:24 -0000 Marco's Zec's work IHMO is pretty good to be ignored. It can be adopted to 6.x pretty easily. I think having this in the base system along with jails makes it even more sweater and makes us a step ahead of zones (as in OpenSolaris). I understand it's an overkill for your requirements, but it's the right thing to do. Ray. On 3/19/06, Julian Elischer wrote: > I'm looking at a problem where I want onemachine to really look like 2. > this means I want to have 2 separate routing tables if possible. > > I know I could do it with eas if I could user Marco Zec's vimage patches > but I need to have a path forward to 6.x and beyond > > An answer would be to re-implement vimage for newer versions of FreeBSD b= ut > it's a bit of overkill and I was wondering if anyone had done anything > in this direction? > > Basically just allowing a jail to specify a different routing table > would be enough.... > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 03:04:40 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B5A616A420; Mon, 20 Mar 2006 03:04:40 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7874243D45; Mon, 20 Mar 2006 03:04:39 +0000 (GMT) (envelope-from max@love2party.net) Received: from [84.163.230.84] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu9) with ESMTP (Nemesis), id 0ML2xA-1FLAh945YA-0003NG; Mon, 20 Mar 2006 04:04:36 +0100 From: Max Laier Organization: FreeBSD To: Andrew Thompson Date: Mon, 20 Mar 2006 04:04:14 +0100 User-Agent: KMail/1.9.1 References: <20060304142802.GA63144@egr.msu.edu> <200603041602.42599.max@love2party.net> <20060319184307.GL20361@heff.fud.org.nz> In-Reply-To: <20060319184307.GL20361@heff.fud.org.nz> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1801843.klGzjtzDly"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200603200404.20461.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: freebsd-net@freebsd.org, Adam McDougall , dhartmei@freebsd.org Subject: Re: PR kern/93849 IP checksum broken by pf no-df over bridge X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 03:04:40 -0000 --nextPart1801843.klGzjtzDly Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday 19 March 2006 19:43, Andrew Thompson wrote: > On Sat, Mar 04, 2006 at 04:02:26PM +0100, Max Laier wrote: > > On Saturday 04 March 2006 15:51, Pieter de Boer wrote: > > > Adam McDougall wrote: > > > > Could someone possibly take a look at this and let me know if it > > > > looks 'broken' or if I might be doing something wrong? I am in > > > > a crunch to choose a firewall solution within a few weeks and it > > > > would help me to know if this issue can be solved. FreeBSD/pf > > > > seemed an appropriate solution so far, especially since it has > > > > CARP, pfsync, (and altq which im not using (yet?)). > > > > > > You could try compiling pf using CFLAGS=3D-O instead of -O2. This fix= ed a > > > checksum problem I had. That probably was an entirely different issue, > > > but perhaps it does help.. > > > > Can you try this patch and report back instead. Thanks and sorry for t= he > > delay. > > Were you going to commit this? The user reported that it fixed the > problem. > > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D93849 Sorry, forgot about this one while I was waiting for a fix upstream. I rec= all=20 that Daniel posted a more complete patch to OpenBSD's tech mailing list, bu= t=20 don't see it committed yet. If I don't hear otherwise, I'll take Daniel's patch to HEAD early this week= =2E =20 Thanks for the reminder. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1801843.klGzjtzDly Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQBEHhu0XyyEoT62BG0RAs5fAJ9T8wUxIUUG+n7X/Em3tkthnjitqACfTo7g J3APeYZiH5EPM46LB9k0qDM= =kgDW -----END PGP SIGNATURE----- --nextPart1801843.klGzjtzDly-- From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 05:44:36 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 197DA16A401; Mon, 20 Mar 2006 05:44:36 +0000 (UTC) (envelope-from mv@roq.com) Received: from p4.roq.com (ns1.ecoms.com [207.44.130.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id B54FC43D46; Mon, 20 Mar 2006 05:44:35 +0000 (GMT) (envelope-from mv@roq.com) Received: from p4.roq.com (localhost.roq.com [127.0.0.1]) by p4.roq.com (Postfix) with ESMTP id D84E14CD1F; Mon, 20 Mar 2006 05:45:15 +0000 (GMT) Received: from [192.168.46.101] (ppp166-27.static.internode.on.net [150.101.166.27]) by p4.roq.com (Postfix) with ESMTP id AE0474CCD9; Mon, 20 Mar 2006 05:45:13 +0000 (GMT) Message-ID: <441E413E.7090006@roq.com> Date: Mon, 20 Mar 2006 16:44:30 +1100 From: Michael Vince User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.7.12) Gecko/20060216 X-Accept-Language: en-us, en MIME-Version: 1.0 To: OxY References: <000a01c64a81$45eb6850$0201a8c0@oxy> <9A8985D2-816C-4AF8-9E4A-116EA6BAEEE7@dragondata.com> <000e01c64b76$f2247ee0$0201a8c0@oxy> <20060319182105.H2181@maildrop.int.zabbadoz.net> <000b01c64b83$62ccdd70$0201a8c0@oxy> In-Reply-To: <000b01c64b83$62ccdd70$0201a8c0@oxy> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP Cc: freebsd-net@freebsd.org, freebsd-performance@freebsd.org Subject: Re: packet drop with intel gigabit / marwell gigabit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 05:44:36 -0000 I use netperf which is a pure network traffic tester I also just use basic 'ab/apache' tests which would also test HD/IO if getting large files. For the 'em' driver I have seen some posts/cvs commit updates to the driver saying it now works better without polling then with polling. I think this is in -stable but it might just be in current. I haven't done any testing for a while. OxY wrote: > i changed sk to em. > how could i measure speed or benchmark the network performance? > > ----- Original Message ----- From: "Bjoern A. Zeeb" > > To: "OxY" > Cc: ; > Sent: Sunday, March 19, 2006 7:26 PM > Subject: Re: packet drop with intel gigabit / marwell gigabit > > >> On Sun, 19 Mar 2006, OxY wrote: >> >> Hi, >> >>>> Just on a hunch, can you try putting the card in a different PCI >>>> slot? There may be interrupt routing issues. >>>> >>> okay, i will try it in a couple days >> >> >> the card also has a sysctl for intr moderation. See man 4 sk. The >> default changed with Pyun's updated driver, I think, but you could >> play with that too. >> >> Further I still have the feeling that your measurings are not >> comparable. >> >> -- >> Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 07:34:22 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 73B8A16A401 for ; Mon, 20 Mar 2006 07:34:22 +0000 (UTC) (envelope-from dave@dogwood.com) Received: from ms-smtp-02-eri0.socal.rr.com (ms-smtp-02-qfe0.socal.rr.com [66.75.162.134]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A96643D45 for ; Mon, 20 Mar 2006 07:34:21 +0000 (GMT) (envelope-from dave@dogwood.com) Received: from white.dogwood.com (white.dogwood.com [66.91.140.178]) by ms-smtp-02-eri0.socal.rr.com (8.13.4/8.13.4) with ESMTP id k2K7YK3Z010041 for ; Sun, 19 Mar 2006 23:34:21 -0800 (PST) Received: from white.dogwood.com (localhost.dogwood.com [127.0.0.1]) by white.dogwood.com (8.13.4/8.13.4) with ESMTP id k2K7YJKD006706 for ; Sun, 19 Mar 2006 21:34:19 -1000 (HST) (envelope-from dave@white.dogwood.com) Received: (from dave@localhost) by white.dogwood.com (8.13.4/8.13.1/Submit) id k2K7YJWq006705 for freebsd-net@freebsd.org; Sun, 19 Mar 2006 21:34:19 -1000 (HST) (envelope-from dave) From: Dave Cornejo Message-Id: <200603200734.k2K7YJWq006705@white.dogwood.com> To: freebsd-net@freebsd.org Date: Sun, 19 Mar 2006 21:34:19 -1000 (HST) X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (white.dogwood.com [127.0.0.1]); Sun, 19 Mar 2006 21:34:19 -1000 (HST) X-Virus-Scanned: Symantec AntiVirus Scan Engine Subject: IP_SENDIF? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 07:34:22 -0000 Hi, Some time ago (Oct 2004) there was some talk of implementing IP_SENDIF, a search of the mailing list turns up nothing since then. Did anything ever happen with this? thanks, dave c From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 11:02:52 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F09A016A444 for ; Mon, 20 Mar 2006 11:02:52 +0000 (UTC) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7A24743D45 for ; Mon, 20 Mar 2006 11:02:52 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k2KB2qKw082577 for ; Mon, 20 Mar 2006 11:02:52 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k2KB2pLS082571 for freebsd-net@freebsd.org; Mon, 20 Mar 2006 11:02:51 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 20 Mar 2006 11:02:51 GMT Message-Id: <200603201102.k2KB2pLS082571@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 11:02:53 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2006/01/30] kern/92552 net A serious bug in most network drivers fro f [2006/02/12] kern/93220 net [inet6] nd6_lookup: failed to add route f 2 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/07/11] kern/54383 net [nfs] [patch] NFS root configurations wit 1 problem total. From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 11:51:42 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5273D16A424 for ; Mon, 20 Mar 2006 11:51:42 +0000 (UTC) (envelope-from lk@tempest.sk) Received: from proxy.dgrp.sk (proxy.dgrp.sk [195.28.127.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 531B943D53 for ; Mon, 20 Mar 2006 11:51:40 +0000 (GMT) (envelope-from lk@tempest.sk) Received: by proxy.dgrp.sk (Postfix, from userid 1003) id 4EEC18005; Mon, 20 Mar 2006 12:51:39 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on proxy.dgrp.sk X-Spam-Level: X-Spam-Status: No, score=0.2 required=4.0 tests=AWL autolearn=ham version=3.1.0 Received: from webmail.tempest.sk (domino1.tempest.sk [195.28.100.38]) by proxy.dgrp.sk (Postfix) with ESMTP id F09AF8004 for ; Mon, 20 Mar 2006 12:51:36 +0100 (CET) Received: from lk107.tempest.sk ([195.28.109.37]) by webmail.tempest.sk (Lotus Domino Release 6.5.4) with ESMTP id 2006032012513605-1986 ; Mon, 20 Mar 2006 12:51:36 +0100 Received: from localhost (localhost [127.0.0.1]) by lk107.tempest.sk (8.13.4/8.13.4) with ESMTP id k2KBpVA7031086 for ; Mon, 20 Mar 2006 12:51:31 +0100 (CET) (envelope-from lk@tempest.sk) Date: Mon, 20 Mar 2006 12:51:30 +0100 (CET) Message-Id: <20060320.125130.92586288.lk@tempest.sk> To: freebsd-net@freebsd.org From: Ludovit Koren X-Mailer: Mew version 4.2 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 X-MIMETrack: Itemize by SMTP Server on Domino1/DGRP(Release 6.5.4|March 27, 2005) at 20.03.2006 12:51:36, Serialize by Router on Domino1/DGRP(Release 6.5.4|March 27, 2005) at 20.03.2006 12:51:36, Serialize complete at 20.03.2006 12:51:36 Content-Transfer-Encoding: 7bit Content-Type: Text/Plain; charset=us-ascii Subject: static routes X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 11:51:42 -0000 Hi, I realized on several different versions of FreeBSD including 5.4-STABLE, when using static routes to specific subnets and the WAN link goes down for unpredictable reasons, the server gets ICMP redirect message and rearranges routes to use default router. Then all the traffic is routed to the default router even the WAN link is again up. Other unix like system (HP-UX, Linux) do not act the way, i.e. they do not change static routes. Should not be ignored the ICMP redirect messages concerning static routes? Thank you very much in advance. Regards, lk From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 12:16:45 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CFD5816A400 for ; Mon, 20 Mar 2006 12:16:45 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 01B2943D45 for ; Mon, 20 Mar 2006 12:16:44 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from flame.pc (adsl-66-124-231-46.dsl.snfc21.pacbell.net [66.124.231.46]) (authenticated bits=0) by igloo.linux.gr (8.13.5/8.13.5/Debian-3) with ESMTP id k2KCGTFG025043; Mon, 20 Mar 2006 14:16:33 +0200 Received: by flame.pc (Postfix, from userid 1001) id A7E0F19; Mon, 20 Mar 2006 04:16:07 -0800 (PST) Date: Mon, 20 Mar 2006 04:16:07 -0800 From: Giorgos Keramidas To: Ludovit Koren Message-ID: <20060320121607.GA7924@flame.pc> References: <20060320.125130.92586288.lk@tempest.sk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060320.125130.92586288.lk@tempest.sk> X-Hellug-MailScanner: Found to be clean X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (score=-3.525, required 5, autolearn=not spam, ALL_TRUSTED -1.80, AWL 0.87, BAYES_00 -2.60) X-Hellug-MailScanner-From: keramida@ceid.upatras.gr Cc: freebsd-net@freebsd.org Subject: Re: static routes X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 12:16:45 -0000 On 2006-03-20 12:51, Ludovit Koren wrote: > > Hi, > > I realized on several different versions of FreeBSD including > 5.4-STABLE, when using static routes to specific subnets and the WAN > link goes down for unpredictable reasons, the server gets ICMP > redirect message and rearranges routes to use default router. Then all > the traffic is routed to the default router even the WAN link is again > up. Other unix like system (HP-UX, Linux) do not act the way, > i.e. they do not change static routes. > > Should not be ignored the ICMP redirect messages concerning static > routes? That depends on what you have configured the system to do. You can set the net.inet.icmp.drop_redirect sysctl to 1 to drop them. From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 13:26:46 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D2E7016A400; Mon, 20 Mar 2006 13:26:46 +0000 (UTC) (envelope-from plk@in.nextra.sk) Received: from fw.nextra.sk (fw.nextra.sk [195.168.29.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0348E43D46; Mon, 20 Mar 2006 13:26:45 +0000 (GMT) (envelope-from plk@in.nextra.sk) Received: from plk.in.nextra.sk (localhost [127.0.0.1]) by fw.nextra.sk (8.13.4/8.13.4) with ESMTP id k2KDQhFn021823; Mon, 20 Mar 2006 14:26:43 +0100 Received: (from plk@localhost) by plk.in.nextra.sk (8.13.4/8.13.4/Submit) id k2KDAK7n019944; Mon, 20 Mar 2006 14:10:20 +0100 Date: Mon, 20 Mar 2006 14:10:20 +0100 From: Bohuslav Plucinsky To: freebsd-questions@freebsd.org Message-ID: <20060320131020.GI20138@in.nextra.sk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.11 Cc: freebsd-net@freebsd.org Subject: Low network performance after upgrade from FreeBSD 4.8 to 6.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bohuslav.plucinsky@in.nextra.sk List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 13:26:46 -0000 Hello, I use the FreeBSD box as the firewall with NAT (ipfw + natd). When I've upgraded the box from 4.8-20030810-STABLE to 6.0-RELEASE I've noticed a performance degradation. I've only one workstation behind the firewall and throughput of downloading an ISO image through the firewall with 6.0-RELEASE booted, is only 24Mbps. (When I reboot the machine with 4.8-20030810-STABLE installation, the throughput is 80Mbps). The firewall_type was "open" during the download: # ipfw show 00050 105842 106637407 divert 8668 ip from any to any via xl0 00100 0 0 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 211701 213100988 allow ip from any to any 65535 11 665 deny ip from any to any The "top" utility shows 100% CPU load: ------------------------------------- last pid: 771; load averages: 0.25, 0.06, 0.02 up 0+00:24:30 14:08:32 27 processes: 2 running, 25 sleeping CPU states: 8.8% user, 0.0% nice, 59.6% system, 31.6% interrupt, 0.0% idle Mem: 16M Active, 4752K Inact, 11M Wired, 8144K Buf, 22M Free Swap: 500M Total, 500M Free PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND 229 root 1 105 0 1428K 904K RUN 0:35 40.82% natd 680 plk 1 96 0 6076K 3112K select 0:01 0.00% sshd 688 plk 1 96 0 2100K 1804K select 0:01 0.00% screen 739 root 1 20 0 4420K 2868K pause 0:00 0.00% tcsh 760 root 1 5 0 4416K 2856K ttyin 0:00 0.00% tcsh 694 plk 1 20 0 4416K 2856K pause 0:00 0.00% tcsh 478 root 1 96 0 1328K 904K select 0:00 0.00% syslogd 677 root 1 4 0 6100K 3100K sbwait 0:00 0.00% sshd 690 plk 1 20 0 4916K 3504K pause 0:00 0.00% tcsh 681 plk 1 20 0 3984K 2584K pause 0:00 0.00% tcsh 767 plk 1 20 0 4088K 2688K pause 0:00 0.00% tcsh 598 root 1 96 0 3416K 2692K select 0:00 0.00% sendmail 751 root 1 5 0 1632K 1320K ttyin 0:00 0.00% less 771 plk 1 96 0 2268K 1544K RUN 0:00 0.00% top 685 plk 1 20 0 1928K 1512K pause 0:00 0.00% screen 614 root 1 8 0 1312K 1032K nanslp 0:00 0.00% cron 668 root 1 5 0 1264K 936K ttyin 0:00 0.00% getty 665 root 1 5 0 1264K 936K ttyin 0:00 0.00% getty 671 root 1 5 0 1264K 936K ttyin 0:00 0.00% getty 664 root 1 5 0 1264K 936K ttyin 0:00 0.00% getty 667 root 1 5 0 1264K 936K ttyin 0:00 0.00% getty 666 root 1 5 0 1264K 936K ttyin 0:00 0.00% getty 669 root 1 5 0 1264K 936K ttyin 0:00 0.00% getty 670 root 1 5 0 1264K 936K ttyin 0:00 0.00% getty 592 root 1 96 0 3352K 2500K select 0:00 0.00% sshd 602 smmsp 1 20 0 3296K 2724K pause 0:00 0.00% sendmail 449 root 1 111 0 500K 352K select 0:00 0.00% devd The HW is: ---------- CPU: Pentium II Celeron 400MHz RAM: 64MB NIC: 2x 3Com905B Kernel config: -------------- machine i386 cpu I586_CPU cpu I686_CPU ident FW maxusers 64 makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols options HZ=100 options SCHED_4BSD # 4BSD scheduler options INET # InterNETworking options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support options UFS_ACL # Support for access control lists options UFS_DIRHASH # Improve performance on big directories options NFSCLIENT # Network Filesystem Client options NFSSERVER # Network Filesystem Server options NFS_ROOT # NFS usable as /, requires NFSCLIENT options MSDOSFS # MSDOS Filesystem options CD9660 # ISO 9660 Filesystem options PROCFS # Process filesystem (requires PSEUDOFS) options PSEUDOFS # Pseudo-filesystem framework options GEOM_GPT # GUID Partition Tables. options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!] options COMPAT_FREEBSD4 # Compatible with FreeBSD4 options COMPAT_FREEBSD5 # Compatible with FreeBSD5 options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI options KTRACE # ktrace(1) support options SYSVSHM # SYSV-style shared memory options SYSVMSG # SYSV-style message queues options SYSVSEM # SYSV-style semaphores options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions options KBD_INSTALL_CDEV # install a CDEV entry in /dev options AHC_REG_PRETTY_PRINT # Print register bitfields in debug # output. Adds ~128k to driver. options AHD_REG_PRETTY_PRINT # Print register bitfields in debug # output. Adds ~215k to driver. options ADAPTIVE_GIANT # Giant mutex is adaptive. options MROUTING # Multicast routing options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #print information about dropped packets options IPFIREWALL_FORWARD #enable transparent proxy support options IPFIREWALL_FORWARD_EXTENDED #all packet dest changes options IPSTEALTH #support for stealth forwarding options IPDIVERT #divert sockets options TCPDEBUG options DUMMYNET options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN options INCLUDE_CONFIG_FILE # Include this file in kernel options IPSEC #IP security options IPSEC_ESP #IP security (crypto; define w/ IPSEC) options IPSEC_DEBUG #debug for IP security # Devices device apic # I/O APIC ... (I'll send whole config if it is needed) When I change the IP addresses on inside interface from private to public and disable NAT, the throughput is again 80Mbps. Can somebody advise me, if this is some configuration problem or the requirement of FreeBSD 6.0 kernel has been increased and HW of my firewall is not enough? Thanks, Bohus Plucinsky From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 14:33:33 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 13AEA16A400; Mon, 20 Mar 2006 14:33:33 +0000 (UTC) (envelope-from oxy@field.hu) Received: from green.field.hu (green.field.hu [217.20.130.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8983443D46; Mon, 20 Mar 2006 14:33:32 +0000 (GMT) (envelope-from oxy@field.hu) Received: from localhost (green.field.hu [217.20.130.28]) by green.field.hu (Postfix) with ESMTP id 324BC119D2E; Mon, 20 Mar 2006 15:33:24 +0100 (CET) Received: from green.field.hu ([217.20.130.28]) by localhost (green.field.hu [217.20.130.28]) (amavisd-new, port 10024) with ESMTP id 97751-06; Mon, 20 Mar 2006 15:33:23 +0100 (CET) Received: from oxy (dsl217-197-187-71.pool.tvnet.hu [217.197.187.71]) by green.field.hu (Postfix) with ESMTP id C4196119CC4; Mon, 20 Mar 2006 15:33:23 +0100 (CET) Message-ID: <002101c64c2b$443eaa20$0201a8c0@oxy> From: "OxY" To: , References: <20060320131020.GI20138@in.nextra.sk> Date: Mon, 20 Mar 2006 15:33:33 +0100 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="ISO-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2670 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 X-Virus-Scanned: by Amavisd-new (Spamassassin+Razor2+Pyzor+DCC+Bayes db, Clamd Antivirus) at field.hu Cc: freebsd-net@freebsd.org Subject: Re: Low network performance after upgrade from FreeBSD 4.8 to 6.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 14:33:33 -0000 ----- Original Message ----- From: "Bohuslav Plucinsky" To: Cc: Sent: Monday, March 20, 2006 2:10 PM Subject: Low network performance after upgrade from FreeBSD 4.8 to 6.0 > Hello, > > I use the FreeBSD box as the firewall with NAT (ipfw + natd). > When I've upgraded the box from 4.8-20030810-STABLE to 6.0-RELEASE > I've noticed a performance degradation. > > I've only one workstation behind the firewall and throughput > of downloading an ISO image through the firewall with 6.0-RELEASE > booted, is only 24Mbps. (When I reboot the machine with > 4.8-20030810-STABLE > installation, the throughput is 80Mbps). The firewall_type was "open" > during the download: > > > PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND > 229 root 1 105 0 1428K 904K RUN 0:35 40.82% natd > > options HZ=100 > Can somebody advise me, if this is some configuration problem > or the requirement of FreeBSD 6.0 kernel has been increased and HW > of my firewall is not enough? HZ=100 is not a good idea.. i set it to 1000 before and i had no idle CPU try to set it to 2000 echo 'kern.hz="2000"' >> /boot/loader.conf > > > Thanks, > Bohus Plucinsky > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 14:37:56 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D3AE16A420; Mon, 20 Mar 2006 14:37:56 +0000 (UTC) (envelope-from corwin@aeternal.net) Received: from amber.aeternal.net (amber.in.markiza.sk [62.168.76.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id D756243D4C; Mon, 20 Mar 2006 14:37:55 +0000 (GMT) (envelope-from corwin@aeternal.net) Received: from localhost (localhost.aeternal.net [127.0.0.1]) by amber.aeternal.net (Postfix) with ESMTP id DAA04B92E; Mon, 20 Mar 2006 15:37:53 +0100 (CET) Received: from amber.aeternal.net ([127.0.0.1]) by localhost (amber.aeternal.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 24750-01; Mon, 20 Mar 2006 15:37:53 +0100 (CET) Received: from [192.168.0.30] (pleiades.aeternal.net [192.168.0.30]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by amber.aeternal.net (Postfix) with ESMTP id 38BF4B92D; Mon, 20 Mar 2006 15:37:53 +0100 (CET) Message-ID: <441EBDC6.9070905@aeternal.net> Date: Mon, 20 Mar 2006 15:35:50 +0100 From: Martin Hudec User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: bohuslav.plucinsky@in.nextra.sk References: <20060320131020.GI20138@in.nextra.sk> In-Reply-To: <20060320131020.GI20138@in.nextra.sk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at aeternal.net Cc: freebsd-net@freebsd.org, freebsd-questions@freebsd.org Subject: Re: Low network performance after upgrade from FreeBSD 4.8 to 6.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: corwin@aeternal.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 14:37:56 -0000 Hello, Bohuslav Plucinsky wrote: > I use the FreeBSD box as the firewall with NAT (ipfw + natd). > When I've upgraded the box from 4.8-20030810-STABLE to 6.0-RELEASE > I've noticed a performance degradation. > CPU states: 8.8% user, 0.0% nice, 59.6% system, 31.6% interrupt, 0.0% idle > PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND > 229 root 1 105 0 1428K 904K RUN 0:35 40.82% natd > When I change the IP addresses on inside interface from private to public > and disable NAT, the throughput is again 80Mbps. Is it possible to switch to pf (available on 6.x) and to set HZ to 1000? Also you could try to switch on polling on those 3coms? Cheers, Martin From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 15:36:47 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F03616A401 for ; Mon, 20 Mar 2006 15:36:47 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from mrout3.yahoo.com (mrout3.yahoo.com [216.145.54.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id CEDA143D45 for ; Mon, 20 Mar 2006 15:36:46 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy8.corp.yahoo.com [216.145.48.13]) by mrout3.yahoo.com (8.13.4/8.13.4/y.out) with ESMTP id k2KFaEw5093526; Mon, 20 Mar 2006 07:36:16 -0800 (PST) Date: Mon, 20 Mar 2006 21:06:10 +0530 Message-ID: From: gnn@freebsd.org To: Dave Cornejo In-Reply-To: <200603200734.k2K7YJWq006705@white.dogwood.com> References: <200603200734.k2K7YJWq006705@white.dogwood.com> User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 Emacs/22.0.50 (i386-apple-darwin8.5.1) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: freebsd-net@freebsd.org Subject: Re: IP_SENDIF? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 15:36:47 -0000 At Sun, 19 Mar 2006 21:34:19 -1000 (HST), Dave Cornejo wrote: > > Hi, > > Some time ago (Oct 2004) there was some talk of implementing > IP_SENDIF, a search of the mailing list turns up nothing since then. > Did anything ever happen with this? > No, but if you have a patch we're up for reviewing it ;-) It remains on a long list of things todo. Later, George From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 16:03:08 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A6B1416A400 for ; Mon, 20 Mar 2006 16:03:08 +0000 (UTC) (envelope-from lk@tempest.sk) Received: from proxy.dgrp.sk (proxy.dgrp.sk [195.28.127.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3E55443D6B for ; Mon, 20 Mar 2006 16:03:06 +0000 (GMT) (envelope-from lk@tempest.sk) Received: by proxy.dgrp.sk (Postfix, from userid 1003) id B458C800A; Mon, 20 Mar 2006 17:03:05 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on proxy.dgrp.sk X-Spam-Level: X-Spam-Status: No, score=0.2 required=4.0 tests=AWL autolearn=ham version=3.1.0 Received: from webmail.tempest.sk (domino1.tempest.sk [195.28.100.38]) by proxy.dgrp.sk (Postfix) with ESMTP id 367CB8004; Mon, 20 Mar 2006 17:03:02 +0100 (CET) Received: from lk107.tempest.sk ([195.28.109.37]) by webmail.tempest.sk (Lotus Domino Release 6.5.4) with ESMTP id 2006032017030085-2232 ; Mon, 20 Mar 2006 17:03:00 +0100 Received: from localhost (localhost [127.0.0.1]) by lk107.tempest.sk (8.13.4/8.13.4) with ESMTP id k2KG2ohV040658; Mon, 20 Mar 2006 17:02:53 +0100 (CET) (envelope-from lk@tempest.sk) Date: Mon, 20 Mar 2006 17:02:50 +0100 (CET) Message-Id: <20060320.170250.55514747.lk@tempest.sk> To: keramida@ceid.upatras.gr From: Ludovit Koren in-reply-to: <20060320121607.GA7924@flame.pc> (message from Giorgos Keramidas on Mon, 20 Mar 2006 04:16:07 -0800) References: <20060320.125130.92586288.lk@tempest.sk> <20060320121607.GA7924@flame.pc> X-Mailer: xcite1.57> Mew version 4.2 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 X-MIMETrack: Itemize by SMTP Server on Domino1/DGRP(Release 6.5.4|March 27, 2005) at 20.03.2006 17:03:00, Serialize by Router on Domino1/DGRP(Release 6.5.4|March 27, 2005) at 20.03.2006 17:03:02, Serialize complete at 20.03.2006 17:03:02 Content-Transfer-Encoding: 7bit Content-Type: Text/Plain; charset=us-ascii Cc: freebsd-net@freebsd.org Subject: Re: static routes X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 16:03:08 -0000 >>>>> On Mon, 20 Mar 2006 04:16:07 -0800 >>>>> keramida@ceid.upatras.gr(Giorgos Keramidas) said: > > On 2006-03-20 12:51, Ludovit Koren wrote: > > > > Hi, > > > > I realized on several different versions of FreeBSD including > > 5.4-STABLE, when using static routes to specific subnets and the WAN > > link goes down for unpredictable reasons, the server gets ICMP > > redirect message and rearranges routes to use default router. Then all > > the traffic is routed to the default router even the WAN link is again > > up. Other unix like system (HP-UX, Linux) do not act the way, > > i.e. they do not change static routes. > > > > Should not be ignored the ICMP redirect messages concerning static > > routes? > > That depends on what you have configured the system to do. You can set > the net.inet.icmp.drop_redirect sysctl to 1 to drop them. > Maybe my question was misleading. The static route should be static, i.e. it should never change that's why the name is static, I feel. Generally, I think, the ICMP redirect should be enabled in the stack. I didn't read RFC about ICMP and about routing and I do not really know if the FreeBSD implementation is correct one. I think your proposal is a hack. Another question seems to be: Should be the default router configured so that it knows about all static routes and routers in the subnet and therefore it can send ICMP redirects to 'static route' routers as well? Regards, lk From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 17:10:28 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 97C9816A533 for ; Mon, 20 Mar 2006 17:10:28 +0000 (UTC) (envelope-from amon@sockar.homeip.net) Received: from sockar.homeip.net (tourist.net8.nerim.net [213.41.176.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB18F43D46 for ; Mon, 20 Mar 2006 17:10:27 +0000 (GMT) (envelope-from amon@sockar.homeip.net) Received: from sockar.homeip.net (localhost [127.0.0.1]) by sockar.homeip.net (8.13.3/8.13.3) with ESMTP id k2KH1AkN053581 for ; Mon, 20 Mar 2006 18:01:10 +0100 (CET) (envelope-from amon@sockar.homeip.net) Received: (from amon@localhost) by sockar.homeip.net (8.13.3/8.13.3/Submit) id k2KH1Arb053580 for freebsd-net@freebsd.org; Mon, 20 Mar 2006 18:01:10 +0100 (CET) (envelope-from amon) Date: Mon, 20 Mar 2006 18:01:10 +0100 From: Herve Boulouis To: freebsd-net@freebsd.org Message-ID: <20060320170110.GC17399@ra.aabs> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: Question on protocol drain routines X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 17:10:28 -0000 [reposting on -net in the hope to attract the concerned people's attention :)] Hi, I'm starting to deploy 6.0-STABLE (from mid january) to progressively replace all the 4.9 servers we have here and I'm seeing a curious thing : On all 6.0 which get moderate to high network activity (ie webmail to inn), I see that the 'calls to protocol drain routines' statistic given by netstat -m is non zero : webmail box : archimonde:~# netstat -m 234/1641/1875 mbufs in use (current/cache/total) 201/557/758/25280 mbuf clusters in use (current/cache/total/max) 0/50/6576 sfbufs in use (current/peak/max) 460K/1524K/1984K bytes allocated to network (current/cache/total) 0 requests for sfbufs denied 0 requests for sfbufs delayed 0 requests for I/O initiated by sendfile 29 calls to protocol drain routines archimonde:~# uptime 8:26PM up 42 days, 15:07, 2 users, load averages: 0.00, 0.01, 0.02 inn box : ridley:~# netstat -m 886/719/1605 mbufs in use (current/cache/total) 774/494/1268/25600 mbuf clusters in use (current/cache/total/max) 86/728/6656 sfbufs in use (current/peak/max) 1769K/1167K/2937K bytes allocated to network (current/cache/total) 0 requests for sfbufs denied 0 requests for sfbufs delayed 1320 requests for I/O initiated by sendfile 95779 calls to protocol drain routines ridley:~# uptime 8:26PM up 20 days, 5:06, 2 users, load averages: 0.26, 0.24, 0.18 I have NBUF=0 and NMBCLUSTERS=8192 in all my kernels. (Is this wrong on 6.0 ?) I have taken a look at the sources and it seems that in 6.0 the mb_reclaim() handler is called on each iteration of vm_pageout() whereas in 4.9 the m_reclaim() function was only called when mbuf exhaustion occured so I suspect this is why I see the mbstat.m_drain counter != 0 in 6.0 and not in 4.9. My question is : does this regular draining have effects on network performance ? (got performance problems with the inn box that triggered this investigation) -- Herve Boulouis From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 17:44:10 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDE7116A422; Mon, 20 Mar 2006 17:44:10 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C4EA43D48; Mon, 20 Mar 2006 17:44:10 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id E713E1A4D83; Mon, 20 Mar 2006 09:44:09 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 5E8CB523B5; Mon, 20 Mar 2006 12:44:09 -0500 (EST) Date: Mon, 20 Mar 2006 12:44:09 -0500 From: Kris Kennaway To: Bohuslav Plucinsky Message-ID: <20060320174409.GA72825@xor.obsecurity.org> References: <20060320131020.GI20138@in.nextra.sk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="VbJkn9YxBvnuCH5J" Content-Disposition: inline In-Reply-To: <20060320131020.GI20138@in.nextra.sk> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org, freebsd-questions@freebsd.org Subject: Re: Low network performance after upgrade from FreeBSD 4.8 to 6.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 17:44:11 -0000 --VbJkn9YxBvnuCH5J Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 20, 2006 at 02:10:20PM +0100, Bohuslav Plucinsky wrote: > The "top" utility shows 100% CPU load: What about top -S to show the kernel threads (since that's what's using 90% of your CPU)? > last pid: 771; load averages: 0.25, 0.06, 0.02 = up 0+00:24:30 14:08:32 > 27 processes: 2 running, 25 sleeping > CPU states: 8.8% user, 0.0% nice, 59.6% system, 31.6% interrupt, 0.0% = idle > Mem: 16M Active, 4752K Inact, 11M Wired, 8144K Buf, 22M Free > Swap: 500M Total, 500M Free >=20 > PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND > 229 root 1 105 0 1428K 904K RUN 0:35 40.82% natd > options MROUTING # Multicast routing Do you actually use this? > options IPFIREWALL #firewall > options IPFIREWALL_VERBOSE #print information about dropped = packets > options IPFIREWALL_FORWARD #enable transparent proxy support > options IPFIREWALL_FORWARD_EXTENDED #all packet dest changes > options IPSTEALTH #support for stealth forwarding > options IPDIVERT #divert sockets > options TCPDEBUG > options IPSEC_DEBUG #debug for IP security Why do you define the DEBUG settings? They'll only slow you down, but it's probably not the main reason. > options DUMMYNET > options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN > options INCLUDE_CONFIG_FILE # Include this file in kernel > options IPSEC #IP security > options IPSEC_ESP #IP security (crypto; define w/ IPSEC) Better to use fast ipsec unless you have a need for ipv6. Kris --VbJkn9YxBvnuCH5J Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFEHunoWry0BWjoQKURAh/QAJ9gQ75cJtVYKT32JWNGFp3QPZ5avQCeKN93 z7V8NsEPmJ0cYOsOXdkWTCw= =4d52 -----END PGP SIGNATURE----- --VbJkn9YxBvnuCH5J-- From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 17:40:22 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8114216A41F for ; Mon, 20 Mar 2006 17:40:22 +0000 (UTC) (envelope-from jos@catnook.com) Received: from 209-204-181-78.dsl.static.sonic.net (209-204-181-78.dsl.static.sonic.net [209.204.181.78]) by mx1.FreeBSD.org (Postfix) with SMTP id 079F343D45 for ; Mon, 20 Mar 2006 17:40:19 +0000 (GMT) (envelope-from jos@catnook.com) Received: (qmail 43531 invoked by uid 1000); 20 Mar 2006 17:40:41 -0000 Date: Mon, 20 Mar 2006 09:40:19 -0800 From: Jos Backus To: freebsd-net@freebsd.org Message-ID: <20060320174041.GA43364@lizzy.catnook.local> Mail-Followup-To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.11 X-Mailman-Approved-At: Mon, 20 Mar 2006 17:50:33 +0000 Subject: RELENG_6: IPFilter appears to leak active IP states, leading to blocked traffic X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: jos@catnook.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 17:40:22 -0000 I am seeing the following problem after upgrading a RELENG_4 system to (a very recent) RELENG_6: Within about two days of uptime the system wil no longer allow incoming or outgoing traffic, necessitating a reboot. A possible symptom is that the `active' counter in `ipfstat -s' slowly creeps up to 4013, then stops, at which time the system is unable to accept or initiate connections. Needless to say, this problem didn't occur on RELENG_4. All the while `ipfstat -t' doesn't show an unusual amount of state entries. It's almost like some state info is leaking, causing IPFilter to believe it has run out of state table entries. Increasing this maximum value is not a fix if a leak is present as it would only delay the onset of the problem. The only change to the ruleset after the upgrade has been to do what the IPFilter FAQ IV.2 suggests, i.e. add `flags S' to TCP `keep state' rules. This doesn't help, and neither does clearing the state table entries using `ipf -FS'. The reboots are obviously unwanted. Anyone else seeing this behavior? Is this a bug in IPFilter 4.1.8 (416)? -- Jos Backus jos at catnook.com From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 17:53:38 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDFE516A41F; Mon, 20 Mar 2006 17:53:38 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F0C043D7C; Mon, 20 Mar 2006 17:53:28 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id A63801A4D8F; Mon, 20 Mar 2006 09:53:27 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 11C0951AA8; Mon, 20 Mar 2006 12:53:27 -0500 (EST) Date: Mon, 20 Mar 2006 12:53:26 -0500 From: Kris Kennaway To: OxY Message-ID: <20060320175326.GA73262@xor.obsecurity.org> References: <20060320131020.GI20138@in.nextra.sk> <002101c64c2b$443eaa20$0201a8c0@oxy> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="X1bOJ3K7DJ5YkBrT" Content-Disposition: inline In-Reply-To: <002101c64c2b$443eaa20$0201a8c0@oxy> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org, bohuslav.plucinsky@in.nextra.sk, freebsd-questions@freebsd.org Subject: Re: Low network performance after upgrade from FreeBSD 4.8 to 6.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 17:53:39 -0000 --X1bOJ3K7DJ5YkBrT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 20, 2006 at 03:33:33PM +0100, OxY wrote: >=20 > ----- Original Message -----=20 > From: "Bohuslav Plucinsky" > To: > Cc: > Sent: Monday, March 20, 2006 2:10 PM > Subject: Low network performance after upgrade from FreeBSD 4.8 to 6.0 >=20 >=20 > >Hello, > > > >I use the FreeBSD box as the firewall with NAT (ipfw + natd). > >When I've upgraded the box from 4.8-20030810-STABLE to 6.0-RELEASE > >I've noticed a performance degradation. > > > >I've only one workstation behind the firewall and throughput > >of downloading an ISO image through the firewall with 6.0-RELEASE > >booted, is only 24Mbps. (When I reboot the machine with=20 > >4.8-20030810-STABLE > >installation, the throughput is 80Mbps). The firewall_type was "open" > >during the download: > > > > > > PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND > > 229 root 1 105 0 1428K 904K RUN 0:35 40.82% natd > > > >options HZ=3D100 > >Can somebody advise me, if this is some configuration problem > >or the requirement of FreeBSD 6.0 kernel has been increased and HW > >of my firewall is not enough? >=20 > HZ=3D100 is not a good idea.. > i set it to 1000 before and i had no idle CPU > try to set it to 2000 > echo 'kern.hz=3D"2000"' >> /boot/loader.conf I don't think that's a sensible idea on a 400MHz CPU. Kris --X1bOJ3K7DJ5YkBrT Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFEHuwWWry0BWjoQKURAtwzAJ0fPFZIWonDT0AlfeniPeeus4QtyQCfWYCB 2piJ6JJpS9FDKYCCX987ZGs= =DKr8 -----END PGP SIGNATURE----- --X1bOJ3K7DJ5YkBrT-- From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 21:11:54 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B5EA16A401 for ; Mon, 20 Mar 2006 21:11:54 +0000 (UTC) (envelope-from _pppp@mail.ru) Received: from f11.mail.ru (f11.mail.ru [194.67.57.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 55BBF43D5D for ; Mon, 20 Mar 2006 21:11:53 +0000 (GMT) (envelope-from _pppp@mail.ru) Received: from mail by f11.mail.ru with local id 1FLRfM-000PcS-00; Tue, 21 Mar 2006 00:11:52 +0300 Received: from [83.237.12.67] by koi.mail.ru with HTTP; Tue, 21 Mar 2006 00:11:52 +0300 From: dima <_pppp@mail.ru> To: Max Laier Mime-Version: 1.0 X-Mailer: mPOP Web-Mail 2.19 X-Originating-IP: [83.237.12.67] Date: Tue, 21 Mar 2006 00:11:52 +0300 In-Reply-To: <200603150441.50904.max@love2party.net> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Message-Id: Cc: freebsd-net@freebsd.org Subject: Re[2]: New version of iwi(4) - Call for testers [regression!] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dima <_pppp@mail.ru> List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 21:11:54 -0000 > the new version at: > http://people.freebsd.org/~mlaier/new_iwi/20060315.both.tgz > > should build for RELENG_6 and HEAD. Make sure to have the latest RELENG_6 > checkout with the taskqueue changes. > > This version supports version 3.0 and version 2.4 firmware. From iwi_fw you > can build and install either version. For 3.0 just #make all install, for > 2.4: #make IWI_FW_VERSION=240 all install This shouldn't make a difference, > though. > > "cmd 0x19" is WME config, by the way. It seems the firmware doesn't like the > sequence we setup the card. > > Please keep testing and post your feedback - thanks. I had a chance to test the driver more throughly today. It can't connect to some access points. Sometimes reboot helps, sometimes not. I didn't experience this with the driver currently present in the tree; well, I used /usr/ports/net/iwi-firmware (not the kmod version). This can be the case. When I run the 2 following commands in the script it sometimes fails to load the firmware properly: # ifconfig iwi0 inet 192.168.1.2 netmask 255.255.255.0 up # iwiconfig -i iwi0 -d /boot/firmware -m bss It seems that if_iwi module needs some time to initialize the card properly (I have a 2915 one); and it's really ready to boot a firmware in several milliseconds. From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 21:41:03 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4BA1416A400 for ; Mon, 20 Mar 2006 21:41:03 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id CA20243D6E for ; Mon, 20 Mar 2006 21:40:58 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 42963 invoked from network); 20 Mar 2006 21:37:14 -0000 Received: from c00l3r.networx.ch (HELO freebsd.org) ([62.48.2.2]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 20 Mar 2006 21:37:14 -0000 Message-ID: <441F2171.FF9D6DB8@freebsd.org> Date: Mon, 20 Mar 2006 22:41:05 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Dave Cornejo References: <200603200734.k2K7YJWq006705@white.dogwood.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: IP_SENDIF? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 21:41:03 -0000 Dave Cornejo wrote: > > Hi, > > Some time ago (Oct 2004) there was some talk of implementing > IP_SENDIF, a search of the mailing list turns up nothing since then. > Did anything ever happen with this? Can you please explain the semantics and use of this option? I have received a probably similiar request a short time ago. -- Andre From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 21:44:34 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD1E116A512 for ; Mon, 20 Mar 2006 21:44:34 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D75343D45 for ; Mon, 20 Mar 2006 21:44:33 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 43004 invoked from network); 20 Mar 2006 21:40:49 -0000 Received: from c00l3r.networx.ch (HELO freebsd.org) ([62.48.2.2]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 20 Mar 2006 21:40:49 -0000 Message-ID: <441F2248.6559A335@freebsd.org> Date: Mon, 20 Mar 2006 22:44:40 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Julian Elischer References: <441E0415.2040908@elischer.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: net@freebsd.org Subject: Re: multiple routing tables X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 21:44:34 -0000 Julian Elischer wrote: > > I'm looking at a problem where I want onemachine to really look like 2. > this means I want to have 2 separate routing tables if possible. > > I know I could do it with eas if I could user Marco Zec's vimage patches > but I need to have a path forward to 6.x and beyond > > An answer would be to re-implement vimage for newer versions of FreeBSD but > it's a bit of overkill and I was wondering if anyone had done anything > in this direction? > > Basically just allowing a jail to specify a different routing table > would be enough.... Why do you need two routing tables? Do you run different routing daemons in the jails? Do you have different default gateways for the jails? Just trying to understand your requirements and usage of this feature. -- Andre From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 22:06:10 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E0B1E16A420 for ; Mon, 20 Mar 2006 22:06:10 +0000 (UTC) (envelope-from darren.pilgrim@bitfreak.org) Received: from mail.bitfreak.org (mail.bitfreak.org [65.75.198.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9AC3F43D48 for ; Mon, 20 Mar 2006 22:06:08 +0000 (GMT) (envelope-from darren.pilgrim@bitfreak.org) Received: from [127.0.0.1] (mail.bitfreak.org [65.75.198.146]) by mail.bitfreak.org (Postfix) with ESMTP id 5D28D19F2C; Mon, 20 Mar 2006 14:06:06 -0800 (PST) Message-ID: <441F274D.1030107@bitfreak.org> Date: Mon, 20 Mar 2006 14:06:05 -0800 From: Darren Pilgrim User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: dima <_pppp@mail.ru> References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Max Laier , freebsd-net@freebsd.org Subject: Re: New version of iwi(4) - Call for testers [regression!] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 22:06:11 -0000 dima wrote: > > I had a chance to test the driver more throughly today. It can't connect > to some access points. Sometimes reboot helps, sometimes not. I didn't > experience this with the driver currently present in the tree; well, I > used /usr/ports/net/iwi-firmware (not the kmod version). This can be the > case. > > When I run the 2 following commands in the script it sometimes > fails to load the firmware properly: > > # ifconfig iwi0 inet 192.168.1.2 netmask 255.255.255.0 up > # iwiconfig -i iwi0 -d /boot/firmware -m bss > > It seems that if_iwi module needs some time to initialize the card > properly (I have a 2915 one); and it's really ready to boot a firmware > in several milliseconds. What is the "iwiconfig" program and why are you using it with Max's driver? The first command is all that is needed to get the interface up and configured, assuming you're using static IPs on an open AP. From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 22:08:45 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 25E5716A401; Mon, 20 Mar 2006 22:08:45 +0000 (UTC) (envelope-from dave@dogwood.com) Received: from ms-smtp-02-eri0.socal.rr.com (ms-smtp-02-qfe0.socal.rr.com [66.75.162.134]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE3D543D53; Mon, 20 Mar 2006 22:08:44 +0000 (GMT) (envelope-from dave@dogwood.com) Received: from white.dogwood.com (white.dogwood.com [66.91.140.178]) by ms-smtp-02-eri0.socal.rr.com (8.13.4/8.13.4) with ESMTP id k2KM8gHE008592; Mon, 20 Mar 2006 14:08:43 -0800 (PST) Received: from white.dogwood.com (localhost.dogwood.com [127.0.0.1]) by white.dogwood.com (8.13.4/8.13.4) with ESMTP id k2KM8a5C021002; Mon, 20 Mar 2006 12:08:36 -1000 (HST) (envelope-from dave@white.dogwood.com) Received: (from dave@localhost) by white.dogwood.com (8.13.4/8.13.1/Submit) id k2KM8aTl021001; Mon, 20 Mar 2006 12:08:36 -1000 (HST) (envelope-from dave) From: Dave Cornejo Message-Id: <200603202208.k2KM8aTl021001@white.dogwood.com> In-Reply-To: <441F2171.FF9D6DB8@freebsd.org> To: Andre Oppermann Date: Mon, 20 Mar 2006 12:08:35 -1000 (HST) X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (white.dogwood.com [127.0.0.1]); Mon, 20 Mar 2006 12:08:36 -1000 (HST) X-Virus-Scanned: Symantec AntiVirus Scan Engine Cc: freebsd-net@freebsd.org Subject: Re: IP_SENDIF? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 22:08:45 -0000 > Dave Cornejo wrote: > > > > Hi, > > > > Some time ago (Oct 2004) there was some talk of implementing > > IP_SENDIF, a search of the mailing list turns up nothing since then. > > Did anything ever happen with this? > > Can you please explain the semantics and use of this option? I have > received a probably similiar request a short time ago. > > -- > Andre > In summary it's a piece missing for FreeBSD to implement the function of the Linux socket option SO_BINDTODEVICE, which forces packets transmitted on the socket to be sent on the bound device. Take a look at this thread on freeebsd-net: http://lists.freebsd.org/pipermail/freebsd-net/2004-October/005461.html dave c From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 23:39:32 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C2ED16A420 for ; Mon, 20 Mar 2006 23:39:32 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id C8B5343D46 for ; Mon, 20 Mar 2006 23:39:26 +0000 (GMT) (envelope-from max@love2party.net) Received: from [84.163.254.146] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu5) with ESMTP (Nemesis), id 0ML25U-1FLTy43O1F-0007mT; Tue, 21 Mar 2006 00:39:25 +0100 From: Max Laier Organization: FreeBSD To: freebsd-net@freebsd.org Date: Tue, 21 Mar 2006 00:38:21 +0100 User-Agent: KMail/1.9.1 References: <441F274D.1030107@bitfreak.org> In-Reply-To: <441F274D.1030107@bitfreak.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1980493.HrfDQ4Ebz6"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200603210038.28520.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: dima <_pppp@mail.ru>, Darren Pilgrim Subject: Re: New version of iwi(4) - Call for testers [regression!] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 23:39:32 -0000 --nextPart1980493.HrfDQ4Ebz6 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 20 March 2006 23:06, Darren Pilgrim wrote: > dima wrote: > > I had a chance to test the driver more throughly today. It can't connect > > to some access points. Sometimes reboot helps, sometimes not. I didn't > > experience this with the driver currently present in the tree; well, I > > used /usr/ports/net/iwi-firmware (not the kmod version). This can be the > > case. > > > > When I run the 2 following commands in the script it sometimes > > > > fails to load the firmware properly: > > > > # ifconfig iwi0 inet 192.168.1.2 netmask 255.255.255.0 up > > > > # iwiconfig -i iwi0 -d /boot/firmware -m bss > > > > It seems that if_iwi module needs some time to initialize the card > > properly (I have a 2915 one); and it's really ready to boot a firmware > > in several milliseconds. > > What is the "iwiconfig" program and why are you using it with Max's drive= r? > The first command is all that is needed to get the interface up and > configured, assuming you're using static IPs on an open AP. Let me clear up some things here: 1) This is not "mine" driver. It's Damien's with a lot of patches that I h= ope=20 to test by putting out this version. 2) iwiconfig is no longer needed to load firmware. iwi-firmware-kmod from= =20 ports is the weapon of choice for both, the driver version from CVS and the= =20 one from my page. 3) The aim is to merge the changes in "my" driver to CVS modulo regressions= =2E =20 That is why I am mostly interested in side-by-side testing. I will put out= a=20 new tarball later this week that will help with that. If you already did=20 some such testing, I'd be happy to hear your results. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1980493.HrfDQ4Ebz6 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQBEHzz0XyyEoT62BG0RAqkNAJ0VPpwEvOi1nPb/AD7vY0ujvmlWmwCfcMh8 BbxgV2Q8rh357lWHi5lsl/s= =wXyf -----END PGP SIGNATURE----- --nextPart1980493.HrfDQ4Ebz6-- From owner-freebsd-net@FreeBSD.ORG Tue Mar 21 00:04:36 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 602AB16A424; Tue, 21 Mar 2006 00:04:36 +0000 (UTC) (envelope-from bms@spc.org) Received: from mindfull.spc.org (mindfull.spc.org [83.167.185.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6051C43D49; Tue, 21 Mar 2006 00:04:35 +0000 (GMT) (envelope-from bms@spc.org) Received: from arginine.spc.org ([83.167.185.2]) by mindfull.spc.org with esmtps (TLSv1:AES256-SHA:256) (Exim 4.52) id 1FLUMP-0003ir-Qp; Tue, 21 Mar 2006 00:04:29 +0000 Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 6EB3C65499; Tue, 21 Mar 2006 00:04:33 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 72443-02; Tue, 21 Mar 2006 00:04:32 +0000 (GMT) Received: by arginine.spc.org (Postfix, from userid 1078) id 97CD2653F9; Tue, 21 Mar 2006 00:04:32 +0000 (GMT) Date: Tue, 21 Mar 2006 00:04:32 +0000 From: Bruce M Simpson To: Dave Cornejo Message-ID: <20060321000432.GC43118@spc.org> Mail-Followup-To: Bruce M Simpson , Dave Cornejo , Andre Oppermann , freebsd-net@freebsd.org References: <441F2171.FF9D6DB8@freebsd.org> <200603202208.k2KM8aTl021001@white.dogwood.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200603202208.k2KM8aTl021001@white.dogwood.com> User-Agent: Mutt/1.4.1i Organization: Incunabulum X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - mindfull.spc.org X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - spc.org X-Source: X-Source-Args: X-Source-Dir: Cc: freebsd-net@freebsd.org, Andre Oppermann Subject: Re: IP_SENDIF? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2006 00:04:36 -0000 On Mon, Mar 20, 2006 at 12:08:35PM -1000, Dave Cornejo wrote: > In summary it's a piece missing for FreeBSD to implement the function > of the Linux socket option SO_BINDTODEVICE, which forces packets > transmitted on the socket to be sent on the bound device. I'm currently out of commission with the flu, and hog-tied by $DAYJOB. But I'm happy to steal time, somehow, to review any follow-up work. BMS From owner-freebsd-net@FreeBSD.ORG Tue Mar 21 04:06:42 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F29E516A401 for ; Tue, 21 Mar 2006 04:06:42 +0000 (UTC) (envelope-from lists@wm-access.no) Received: from lakepoint.domeneshop.no (lakepoint.domeneshop.no [194.63.248.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1864743D58 for ; Tue, 21 Mar 2006 04:06:41 +0000 (GMT) (envelope-from lists@wm-access.no) Received: from [192.168.5.8] (host-81-191-3-170.bluecom.no [81.191.3.170]) (authenticated bits=0) by lakepoint.domeneshop.no (8.13.4/8.13.4) with ESMTP id k2L46bST028004 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 21 Mar 2006 05:06:38 +0100 Message-ID: <441F6FE0.80108@wm-access.no> Date: Tue, 21 Mar 2006 04:15:44 +0100 From: =?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?= User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: freebsd-net@freebsd.org X-Enigmail-Version: 0.94.0.0 OpenPGP: id=D6F56A9B Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig113F66475413567CE9F02618" Subject: How can i detect if a received UDP got fragmented from userland? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2006 04:06:43 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig113F66475413567CE9F02618 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable I am currently working on a udp multicast application written in C for FreeBSD (6.x) For our test cases in many different network types we found that fragmentation poses as a significant problem for quality and reliability.= Packets that get fragmented are more likely to get dropped than packets that do not get fragmented and since our application needs high=20 bulk performance without retransmissions we believe our application and=20 the network would benefit from this. Our first assumption was that adding DF to UDP would solve it, and it does in our small tests, but it has a noticable negative effect on the=20 network. Are there any way i can read whether a message's packet was fragmented=20 into smaller pieces and preferably how large the largest fragment was? Are there any feasible way to do this? Thank you for your time. --=20 Sten Daniel S=F8rsdal --------------enig113F66475413567CE9F02618 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEH2/lMvOF8Nb1apsRAqS9AJ9qD8f2UWV5986QNUcln1o5MYOq1QCfeXZ3 DFC1N1nWnc+6+X9s8TolOS0= =2dEj -----END PGP SIGNATURE----- --------------enig113F66475413567CE9F02618-- From owner-freebsd-net@FreeBSD.ORG Tue Mar 21 04:45:41 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C956E16A401 for ; Tue, 21 Mar 2006 04:45:41 +0000 (UTC) (envelope-from darren.pilgrim@bitfreak.org) Received: from mail.bitfreak.org (mail.bitfreak.org [65.75.198.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E16B43D46 for ; Tue, 21 Mar 2006 04:45:39 +0000 (GMT) (envelope-from darren.pilgrim@bitfreak.org) Received: from [127.0.0.1] (mail.bitfreak.org [65.75.198.146]) by mail.bitfreak.org (Postfix) with ESMTP id 17CB019F2C; Mon, 20 Mar 2006 20:45:37 -0800 (PST) Message-ID: <441F84F1.4090303@bitfreak.org> Date: Mon, 20 Mar 2006 20:45:37 -0800 From: Darren Pilgrim User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Max Laier References: <441F274D.1030107@bitfreak.org> <200603210038.28520.max@love2party.net> In-Reply-To: <200603210038.28520.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: New version of iwi(4) - Call for testers [regression!] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2006 04:45:41 -0000 Max Laier wrote: > > Let me clear up some things here: > 1) This is not "mine" driver. It's Damien's with a lot of patches that I hope > to test by putting out this version. My sincerest apologies to Damien and everyone involved. I was going by historical convention where when someone posts a new, out-of-tree driver or patch-set it's "theirs." Further following tradition, how does "iwiNG" sound? > 3) The aim is to merge the changes in "my" driver to CVS modulo regressions. > That is why I am mostly interested in side-by-side testing. I will put out a > new tarball later this week that will help with that. If you already did > some such testing, I'd be happy to hear your results. Using the stock driver, I get hard lock-ups during interface configuration, wpa_supplicant crashes, dhclient crashes, firmware "fatal errors" and device wedges that require a reboot. In the same world and kernel, the iwiNG driver has absolutely none of these problems. From owner-freebsd-net@FreeBSD.ORG Tue Mar 21 05:13:01 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F1ED16A401 for ; Tue, 21 Mar 2006 05:13:01 +0000 (UTC) (envelope-from lists@wm-access.no) Received: from lakepoint.domeneshop.no (lakepoint.domeneshop.no [194.63.248.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9881C43D45 for ; Tue, 21 Mar 2006 05:12:59 +0000 (GMT) (envelope-from lists@wm-access.no) Received: from [192.168.5.8] (host-81-191-3-170.bluecom.no [81.191.3.170]) (authenticated bits=0) by lakepoint.domeneshop.no (8.13.4/8.13.4) with ESMTP id k2L5Cvob031497 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 21 Mar 2006 06:12:58 +0100 Message-ID: <441F8B53.7050304@wm-access.no> Date: Tue, 21 Mar 2006 06:12:51 +0100 From: =?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?= User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Ludovit Koren References: <20060320.125130.92586288.lk@tempest.sk> In-Reply-To: <20060320.125130.92586288.lk@tempest.sk> X-Enigmail-Version: 0.94.0.0 OpenPGP: id=D6F56A9B Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig31C5AF3351A4904FFAEF208E" Cc: freebsd-net@freebsd.org Subject: Re: static routes X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2006 05:13:01 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig31C5AF3351A4904FFAEF208E Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Ludovit Koren wrote: > Hi, >=20 > I realized on several different versions of FreeBSD including > 5.4-STABLE, when using static routes to specific subnets and the WAN > link goes down for unpredictable reasons, the server gets ICMP > redirect message and rearranges routes to use default router. Then all > the traffic is routed to the default router even the WAN link is again > up. Other unix like system (HP-UX, Linux) do not act the way, > i.e. they do not change static routes. >=20 Are the routes still there after link goes down and then up? --=20 Sten Daniel S=F8rsdal --------------enig31C5AF3351A4904FFAEF208E Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEH4tTMvOF8Nb1apsRAgpuAJ4pmUroBvEq6uc4SbNbTQfRgnZ14ACaA/rg t4JSOAq6oPt76t1W38DyXGs= =0DBH -----END PGP SIGNATURE----- --------------enig31C5AF3351A4904FFAEF208E-- From owner-freebsd-net@FreeBSD.ORG Tue Mar 21 08:12:14 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8077F16A400 for ; Tue, 21 Mar 2006 08:12:14 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id C54DA43D45 for ; Tue, 21 Mar 2006 08:12:13 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 48227 invoked from network); 21 Mar 2006 08:08:25 -0000 Received: from c00l3r.networx.ch (HELO freebsd.org) ([62.48.2.2]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 21 Mar 2006 08:08:25 -0000 Message-ID: <441FB565.BA3628B3@freebsd.org> Date: Tue, 21 Mar 2006 09:12:21 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Sten Daniel =?iso-8859-1?Q?S=F8rsdal?= References: <441F6FE0.80108@wm-access.no> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-net@freebsd.org Subject: Re: How can i detect if a received UDP got fragmented from userland? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2006 08:12:14 -0000 Sten Daniel Sørsdal wrote: > > I am currently working on a udp multicast application written in C for > FreeBSD (6.x) > > For our test cases in many different network types we found that > fragmentation poses as a significant problem for quality and reliability. > Packets that get fragmented are more likely to get dropped than > packets that do not get fragmented and since our application needs high > bulk performance without retransmissions we believe our application and > the network would benefit from this. > Our first assumption was that adding DF to UDP would solve it, and it > does in our small tests, but it has a noticable negative effect on the > network. > Are there any way i can read whether a message's packet was fragmented > into smaller pieces and preferably how large the largest fragment was? > Are there any feasible way to do this? No. There is no way to know from userland if a packet was fragmented. In theory you can infere this from the size of the rcvmsg() you do. If it is larger than your local MTU it must have been fragemented. This doesn't allow you to find out if the path from source to receiver has a lower MTU somewhere however. There you can only do path MTU discovery. -- Andre From owner-freebsd-net@FreeBSD.ORG Tue Mar 21 09:24:33 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F17AB16A420 for ; Tue, 21 Mar 2006 09:24:33 +0000 (UTC) (envelope-from raglon@packetfront.com) Received: from mail.packetfront.com (mail.packetfront.com [212.247.6.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id E936743D53 for ; Tue, 21 Mar 2006 09:24:32 +0000 (GMT) (envelope-from raglon@packetfront.com) Received: from localhost (localhost [127.0.0.1]) by mail.packetfront.com (Postfix) with ESMTP id 6D4B0A344D; Tue, 21 Mar 2006 10:24:32 +0100 (CET) Received: from mail.packetfront.com ([127.0.0.1]) by localhost (mail.packetfront.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31950-06; Tue, 21 Mar 2006 10:24:32 +0100 (CET) Received: from [192.168.1.137] (unknown [192.168.1.137]) by mail.packetfront.com (Postfix) with ESMTP id 2C2C1A344B; Tue, 21 Mar 2006 10:24:32 +0100 (CET) Message-ID: <441FC5E0.5080604@packetfront.com> Date: Tue, 21 Mar 2006 10:22:40 +0100 From: Ragnar Lonn User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Julian Elischer References: <441E0415.2040908@elischer.org> In-Reply-To: <441E0415.2040908@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at packetfront.com Cc: net@freebsd.org Subject: Re: multiple routing tables X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2006 09:24:34 -0000 Julian Elischer wrote: > I'm looking at a problem where I want onemachine to really look like 2. > this means I want to have 2 separate routing tables if possible. > > I know I could do it with eas if I could user Marco Zec's vimage patches > but I need to have a path forward to 6.x and beyond > > An answer would be to re-implement vimage for newer versions of > FreeBSD but > it's a bit of overkill and I was wondering if anyone had done anything > in this direction? Implementing vimage (or similar) support in 6.x is something we are very interested in and it might be possible for us to help out with such an undertaking, if people thought it worthwhile. Regards, /Ragnar From owner-freebsd-net@FreeBSD.ORG Tue Mar 21 09:38:05 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C93516A401 for ; Tue, 21 Mar 2006 09:38:05 +0000 (UTC) (envelope-from net@dino.sk) Received: from bsd.dino.sk (bsd.dino.sk [213.215.72.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id C86BA43D4C for ; Tue, 21 Mar 2006 09:38:04 +0000 (GMT) (envelope-from net@dino.sk) Received: from lex ([213.215.74.194]) (AUTH: PLAIN milan, SSL: TLSv1/SSLv3,128bits,RC4-MD5) by bsd.dino.sk with esmtp; Tue, 21 Mar 2006 10:38:48 +0100 id 00000386.441FC9A8.000084FB From: Milan Obuch To: freebsd-net@freebsd.org Date: Tue, 21 Mar 2006 10:37:47 +0100 User-Agent: KMail/1.8.3 References: <441E0415.2040908@elischer.org> <441FC5E0.5080604@packetfront.com> In-Reply-To: <441FC5E0.5080604@packetfront.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200603211037.48439.net@dino.sk> Subject: Re: multiple routing tables X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2006 09:38:05 -0000 On Tuesday 21 March 2006 10:22, Ragnar Lonn wrote: > Julian Elischer wrote: > > I'm looking at a problem where I want onemachine to really look like 2. > > this means I want to have 2 separate routing tables if possible. > > > > I know I could do it with eas if I could user Marco Zec's vimage patches > > but I need to have a path forward to 6.x and beyond > > > > An answer would be to re-implement vimage for newer versions of > > FreeBSD but > > it's a bit of overkill and I was wondering if anyone had done anything > > in this direction? > > Implementing vimage (or similar) support in 6.x is something we are very > interested in and it might be possible for us to help out with such an > undertaking, if people thought it worthwhile. > > Regards, > I can only second on this. I found vimage really usefull for various tasks and just now I am building new server on 4.11-RELEASE with vimage patch because there is no other possibility for me to do what I need in an easy and elegant way. While Marco's patch goes way beyond multiple route tables support, it does everything really easy for me. Unfortunatelly, patch is too bulky for me to understand it - if anybody had something based on 6.0 or -current, I will test it, but nothing more. Regards, Milan -- Please reply to the mailing list only. This address is filtered. From owner-freebsd-net@FreeBSD.ORG Tue Mar 21 09:44:35 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 467D816A401; Tue, 21 Mar 2006 09:44:35 +0000 (UTC) (envelope-from raglon@packetfront.com) Received: from mail.packetfront.com (mail.packetfront.com [212.247.6.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id B535443D46; Tue, 21 Mar 2006 09:44:33 +0000 (GMT) (envelope-from raglon@packetfront.com) Received: from localhost (localhost [127.0.0.1]) by mail.packetfront.com (Postfix) with ESMTP id C158BA3450; Tue, 21 Mar 2006 10:44:33 +0100 (CET) Received: from mail.packetfront.com ([127.0.0.1]) by localhost (mail.packetfront.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00929-07; Tue, 21 Mar 2006 10:44:32 +0100 (CET) Received: from [192.168.1.137] (unknown [192.168.1.137]) by mail.packetfront.com (Postfix) with ESMTP id 98B70A344B; Tue, 21 Mar 2006 10:44:31 +0100 (CET) Message-ID: <441FCA94.3060706@packetfront.com> Date: Tue, 21 Mar 2006 10:42:44 +0100 From: Ragnar Lonn User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Andre Oppermann References: <441E0415.2040908@elischer.org> <441F2248.6559A335@freebsd.org> In-Reply-To: <441F2248.6559A335@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at packetfront.com Cc: Julian Elischer , net@freebsd.org Subject: Re: multiple routing tables X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2006 09:44:35 -0000 Andre Oppermann wrote: >Why do you need two routing tables? Do you run different routing daemons >in the jails? Do you have different default gateways for the jails? Just >trying to understand your requirements and usage of this feature. > > Well, I can tell you about our requirements, if you're interested in finding out what possible use-cases exist. I suppose virtual hosting is the more common use-case, but it might be good to know there are other possible uses too. We're running a client simulator rig, using Marko's vimage patches and Netgraph. We create vimages, with their own virtual network interfaces and routing tables, and connect these interfaces via Netgraph to an ng_vlan node that VLAN-tags all traffic from a certain vimage with a certain VLAN tag. Then we connect the ng_vlan node to a physical network interface, causing the VLAN-tagged traffic to exit through that interface. We connect the physical interface to a the uplink port of a VLAN-enabled switch, letting the switch act as a de-multiplexer for the outgoing traffic. So the ng_vlan node and the switch constitute the multiplexer/de-multiplexer pair in this setup. On the downlink ports of the switch we get the traffic nicely separated, one port shows only traffic from one single vimage. In a vimage we can use whatever program we want to generate traffic - we can run low-level applications such as dhclient or arp, and we can run higher-level applications such as wget. It doesn't matter. The applications all think they're alone in the universe and can't see the other network interfaces, processes or routing tables on the machine.(hiding processes isn't important to us though). We can use the same routes in multiple vimages (i.e. the same subnets, default gateways, or even local IP addresses). We can receive multiple copies of the same multicast stream. In short, our vimage instances almost *exactly* emulate a whole computer, as seen from the switch downlink port side. The ONLY thing we cannot do is generate VLAN-tagged traffic from a simulated client, but that is a very small limitation and something we haven't ever been bothered by so far. I know there are at least one or two other companies out there doing roughly the same thing, using Marko's patches, so we're not unique at least. If this functionality was possible to implement in FreeBSD >4 it would be of great use to us, as we're forced to use very specific hardware right now, due to the fact that 4.x doesn't have drivers for all the latest network cards, for instance. (In fact, we only have one single gigabit ethernet card that we can use, as of today). Regards, /Ragnar From owner-freebsd-net@FreeBSD.ORG Tue Mar 21 13:41:55 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 751ED16A425; Tue, 21 Mar 2006 13:41:55 +0000 (UTC) (envelope-from plk@in.nextra.sk) Received: from fw.nextra.sk (fw.nextra.sk [195.168.29.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6D02F43D5C; Tue, 21 Mar 2006 13:41:53 +0000 (GMT) (envelope-from plk@in.nextra.sk) Received: from plk.in.nextra.sk (localhost [127.0.0.1]) by fw.nextra.sk (8.13.4/8.13.4) with ESMTP id k2LDfqgZ001223; Tue, 21 Mar 2006 14:41:52 +0100 Received: (from plk@localhost) by plk.in.nextra.sk (8.13.4/8.13.4/Submit) id k2LDfqAr001222; Tue, 21 Mar 2006 14:41:52 +0100 Date: Tue, 21 Mar 2006 14:41:52 +0100 From: Bohuslav Plucinsky To: Kris Kennaway Message-ID: <20060321134152.GN20138@in.nextra.sk> References: <20060320131020.GI20138@in.nextra.sk> <20060320174409.GA72825@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060320174409.GA72825@xor.obsecurity.org> User-Agent: Mutt/1.5.11 Cc: freebsd-net@freebsd.org, freebsd-questions@freebsd.org Subject: Re: Low network performance after upgrade from FreeBSD 4.8 to 6.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bohuslav.plucinsky@in.nextra.sk List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2006 13:41:55 -0000 Hello, here is the output from "top -S" : last pid: 1570; load averages: 0.56, 0.20, 0.10 up 0+02:59:36 14:03:53 76 processes: 4 running, 47 sleeping, 2 stopped, 23 waiting CPU states: 14.9% user, 0.0% nice, 57.4% system, 27.7% interrupt, 0.0% idle Mem: 17M Active, 6084K Inact, 14M Wired, 11M Buf, 17M Free Swap: 500M Total, 500M Free PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND 11 root 1 171 52 0K 8K RUN 173:00 39.55% idle 1414 root 1 115 0 1432K 908K RUN 0:22 39.36% natd 22 root 1 -68 -187 0K 8K WAIT 1:07 10.40% irq11: xl1 21 root 1 -68 -187 0K 8K WAIT 0:30 3.32% irq10: xl0 27 root 1 -44 -163 0K 8K WAIT 1:39 2.39% swi1: net 30 root 1 -16 0 0K 8K - 0:07 0.05% yarrow 28 root 1 -32 -151 0K 8K RUN 0:30 0.00% swi4: clock sio 540 plk 1 96 0 2140K 1844K select 0:03 0.00% screen 39 root 1 171 52 0K 8K pgzero 0:02 0.00% pagezero 550 root 1 20 0 4460K 2956K pause 0:02 0.00% tcsh 47 root 1 -16 0 0K 8K - 0:01 0.00% schedcpu 1062 plk 1 96 0 6076K 3140K select 0:01 0.00% sshd 2 root 1 -8 0 0K 8K - 0:01 0.00% g_event 4 root 1 -8 0 0K 8K - 0:01 0.00% g_down 3 root 1 -8 0 0K 8K - 0:01 0.00% g_up 447 root 1 96 0 3396K 2684K select 0:01 0.00% sendmail 1050 root 1 5 0 4440K 2928K ttyin 0:01 0.00% tcsh 1342 root 1 96 0 2336K 1616K RUN 0:01 0.00% top 41 root 1 20 0 0K 8K syncer 0:01 0.00% syncer 327 root 1 96 0 1328K 904K select 0:00 0.00% syslogd 1059 root 1 4 0 6100K 3128K sbwait 0:00 0.00% sshd 42 root 1 -4 0 0K 8K vlruwt 0:00 0.00% vnlru 40 root 1 -16 0 0K 8K psleep 0:00 0.00% bufdaemon 463 root 1 8 0 1312K 1032K nanslp 0:00 0.00% cron 7 root 1 -8 0 0K 8K - 0:00 0.00% fdc0 670 plk 1 20 0 4092K 2692K pause 0:00 0.00% tcsh 1357 root 1 96 0 3436K 2304K STOP 0:00 0.00% joe 546 plk 1 20 0 4092K 2692K pause 0:00 0.00% tcsh 542 plk 1 5 0 3996K 2576K ttyin 0:00 0.00% tcsh 1063 plk 1 20 0 3984K 2604K pause 0:00 0.00% tcsh 1067 plk 1 20 0 1928K 1556K pause 0:00 0.00% screen 25 root 1 -64 -183 0K 8K WAIT 0:00 0.00% irq14: ata0 I did try to enable DEVICE_POLLING also, but this didn't help. The CPU load decreased, but the throughput decreased from 24Mbps to 18Mbps also. I've commented out #options MROUTING #options IPFIREWALL_FORWARD #options IPFIREWALL_FORWARD_EXTENDED #options IPSTEALTH #options TCPDEBUG #options IPSEC_DEBUG #options IPSEC #options IPSEC_ESP (it's not necessary for me in this time), but it has no impact to this problem. The throughput is still low. I've tried PF, suggested by Martin Hudec and it seems that PF does not have this performance problem. I like IPFW, I use it since year 1999, but probably is time to switch to PF. Thanks all for their reply. Regards, Bohus On Mon, Mar 20, 2006 at 12:44:09PM -0500, Kris Kennaway wrote: > On Mon, Mar 20, 2006 at 02:10:20PM +0100, Bohuslav Plucinsky wrote: > > > The "top" utility shows 100% CPU load: > > What about top -S to show the kernel threads (since that's what's > using 90% of your CPU)? > > > last pid: 771; load averages: 0.25, 0.06, 0.02 up 0+00:24:30 14:08:32 > > 27 processes: 2 running, 25 sleeping > > CPU states: 8.8% user, 0.0% nice, 59.6% system, 31.6% interrupt, 0.0% idle > > Mem: 16M Active, 4752K Inact, 11M Wired, 8144K Buf, 22M Free > > Swap: 500M Total, 500M Free > > > > PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND > > 229 root 1 105 0 1428K 904K RUN 0:35 40.82% natd > > > options MROUTING # Multicast routing > > Do you actually use this? > > > options IPFIREWALL #firewall > > options IPFIREWALL_VERBOSE #print information about dropped packets > > options IPFIREWALL_FORWARD #enable transparent proxy support > > options IPFIREWALL_FORWARD_EXTENDED #all packet dest changes > > options IPSTEALTH #support for stealth forwarding > > options IPDIVERT #divert sockets > > options TCPDEBUG > > options IPSEC_DEBUG #debug for IP security > > Why do you define the DEBUG settings? They'll only slow you down, but > it's probably not the main reason. > > > options DUMMYNET > > options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN > > options INCLUDE_CONFIG_FILE # Include this file in kernel > > options IPSEC #IP security > > options IPSEC_ESP #IP security (crypto; define w/ IPSEC) > > Better to use fast ipsec unless you have a need for ipv6. > > Kris From owner-freebsd-net@FreeBSD.ORG Tue Mar 21 13:47:55 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5146E16A423 for ; Tue, 21 Mar 2006 13:47:55 +0000 (UTC) (envelope-from lk@tempest.sk) Received: from proxy.dgrp.sk (proxy.dgrp.sk [195.28.127.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2ACD943D46 for ; Tue, 21 Mar 2006 13:47:53 +0000 (GMT) (envelope-from lk@tempest.sk) Received: by proxy.dgrp.sk (Postfix, from userid 1003) id 509D5800A; Tue, 21 Mar 2006 14:47:52 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on proxy.dgrp.sk X-Spam-Level: X-Spam-Status: No, score=0.2 required=4.0 tests=AWL autolearn=ham version=3.1.0 Received: from webmail.tempest.sk (domino1.tempest.sk [195.28.100.38]) by proxy.dgrp.sk (Postfix) with ESMTP id EE5578004; Tue, 21 Mar 2006 14:47:48 +0100 (CET) Received: from lk107.tempest.sk ([195.28.109.37]) by webmail.tempest.sk (Lotus Domino Release 6.5.4) with ESMTP id 2006032114474797-2834 ; Tue, 21 Mar 2006 14:47:47 +0100 Received: from localhost (localhost [127.0.0.1]) by lk107.tempest.sk (8.13.4/8.13.4) with ESMTP id k2LDlexD032332; Tue, 21 Mar 2006 14:47:41 +0100 (CET) (envelope-from lk@tempest.sk) Date: Tue, 21 Mar 2006 14:47:40 +0100 (CET) Message-Id: <20060321.144740.71081196.lk@tempest.sk> To: lists@wm-access.no From: Ludovit Koren in-reply-to: <441F8B53.7050304@wm-access.no> (message from =?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?= on Tue, 21 Mar 2006 06:12:51 +0100) References: <20060320.125130.92586288.lk@tempest.sk> <441F8B53.7050304@wm-access.no> X-Mailer: xcite1.57> Mew version 4.2 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 X-MIMETrack: Itemize by SMTP Server on Domino1/DGRP(Release 6.5.4|March 27, 2005) at 21.03.2006 14:47:48, Serialize by Router on Domino1/DGRP(Release 6.5.4|March 27, 2005) at 21.03.2006 14:47:48, Serialize complete at 21.03.2006 14:47:49, Serialize by Router on Domino1/DGRP(Release 6.5.4|March 27, 2005) at 21.03.2006 14:47:49 Content-Transfer-Encoding: 7bit Content-Type: Text/Plain; charset=us-ascii Cc: freebsd-net@freebsd.org Subject: Re: static routes X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2006 13:47:55 -0000 >>>>> On Tue, 21 Mar 2006 06:12:51 +0100 >>>>> lists@wm-access.no(=?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?=) said: > > This is an OpenPGP/MIME signed message (RFC 2440 and 3156) > --------------enig31C5AF3351A4904FFAEF208E > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > Content-Transfer-Encoding: quoted-printable > > Ludovit Koren wrote: > > Hi, > >=20 > > I realized on several different versions of FreeBSD including > > 5.4-STABLE, when using static routes to specific subnets and the WAN > > link goes down for unpredictable reasons, the server gets ICMP > > redirect message and rearranges routes to use default router. Then all > > the traffic is routed to the default router even the WAN link is again > > up. Other unix like system (HP-UX, Linux) do not act the way, > > i.e. they do not change static routes. > >=20 > > Are the routes still there after link goes down and then up? > yes netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 195.28.109.1 UGS 0 760 bge0 127.0.0.1 127.0.0.1 UH 0 11589 lo0 192.168.100 195.28.109.24 UGS 0 8 bge0 192.168.100.1 195.28.109.1 UGHD3 0 2 bge0 3598 195.28.109 link#1 UC 0 0 bge0 195.28.109.1 00:0b:ac:29:1e:ca UHLW 3 0 bge0 324 195.28.109.24 00:0f:34:04:a2:f0 UHLW 2 0 bge0 1162 for each usage the expire counter starts again from 3600. I must admit, after analyzing the problem again, that the problem arises only if the net (routing devices) are not configured consistently, i.e. not all of them can or send ICMP redirect. The problem was on the net with Cisco router and PIX. It seems, according to the Cisco declaration, that PIX cannot send ICMP messages through the same interface and cannot route back via the same interface. Now, I have no 2 routers or 2 PIX-es at the disposal that's why I cannot test all possible combinations. Thanks. Regards, lk From owner-freebsd-net@FreeBSD.ORG Tue Mar 21 17:36:19 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 987D516A422 for ; Tue, 21 Mar 2006 17:36:19 +0000 (UTC) (envelope-from bms@spc.org) Received: from mindfull.spc.org (mindfull.spc.org [83.167.185.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C8CA43D45 for ; Tue, 21 Mar 2006 17:36:15 +0000 (GMT) (envelope-from bms@spc.org) Received: from arginine.spc.org ([83.167.185.2]) by mindfull.spc.org with esmtps (TLSv1:AES256-SHA:256) (Exim 4.52) id 1FLkmA-0008CZ-Tc; Tue, 21 Mar 2006 17:36:10 +0000 Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id D70CA65499; Tue, 21 Mar 2006 17:36:08 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 79192-03-2; Tue, 21 Mar 2006 17:36:08 +0000 (GMT) Received: by arginine.spc.org (Postfix, from userid 1078) id DFCB9653F9; Tue, 21 Mar 2006 17:36:07 +0000 (GMT) Date: Tue, 21 Mar 2006 17:36:07 +0000 From: Bruce M Simpson To: Sten Daniel =?iso-8859-1?Q?S=F8rsdal?= Message-ID: <20060321173607.GS37590@spc.org> Mail-Followup-To: Bruce M Simpson , Sten Daniel =?iso-8859-1?Q?S=F8rsdal?= , freebsd-net@freebsd.org References: <441F6FE0.80108@wm-access.no> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <441F6FE0.80108@wm-access.no> User-Agent: Mutt/1.4.1i Organization: Incunabulum Content-Transfer-Encoding: quoted-printable X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - mindfull.spc.org X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - spc.org X-Source: X-Source-Args: X-Source-Dir: Cc: freebsd-net@freebsd.org Subject: Re: How can i detect if a received UDP got fragmented from userland? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2006 17:36:19 -0000 On Tue, Mar 21, 2006 at 04:15:44AM +0100, Sten Daniel S=F8rsdal wrote: > Our first assumption was that adding DF to UDP would solve it, and it > does in our small tests, but it has a noticable negative effect on the=20 > network. Sounds like you need to implement Path MTU Discovery in userland for your application. In FreeBSD, PMTU-D only happens in the kernel for TCP traffi= c. So you would need to implement it yourself to avoid fragmentation along the path. > Are there any way i can read whether a message's packet was fragmented=20 > into smaller pieces and preferably how large the largest fragment was? I think the MSG_TRUNC flag can tell you about this (data discarded before delivery). You'd have to experiment to see if UDP will set this flag, I'm not sure if it will. > Are there any feasible way to do this? I don't think it would be feasible to report this per datagram. Take a look at Ping Pan's paper on PF_IPOPTION if you wish to explore further. Regards, BMS From owner-freebsd-net@FreeBSD.ORG Wed Mar 22 07:10:58 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3BD7B16A41F for ; Wed, 22 Mar 2006 07:10:58 +0000 (UTC) (envelope-from nobody@mars.adakist.com) Received: from mars.adakist.com (hosting.the-webhostingprovider.com [216.32.92.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id A734F43D5E for ; Wed, 22 Mar 2006 07:10:53 +0000 (GMT) (envelope-from nobody@mars.adakist.com) Received: from nobody by mars.adakist.com with local (Exim 4.52) id 1FLxRJ-0006xT-28 for freebsd-net@freebsd.org; Tue, 21 Mar 2006 23:07:29 -0800 To: freebsd-net@freebsd.org From: postcard.com Message-Id: Sender: Nobody Date: Tue, 21 Mar 2006 23:07:29 -0800 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - mars.adakist.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12] X-AntiAbuse: Sender Address Domain - mars.adakist.com X-Source: X-Source-Args: X-Source-Dir: MIME-Version: 1.0 Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: You have received a postcard ! X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 07:10:58 -0000 Hello friend ! You have just received a postcard from someone who cares about you! This is a part of the message: "Hy there! It has been a long time since I haven't heared about you! I've just found out about this service from Claire, a friend of mine who also told me that..." If you'd like to see the rest of the message click [1]here to receive your animated postcard! =================== Thank you for using www.yourpostcard.com 's services !!! Please take this opportunity to let your friends hear about us by sending them a postcard from our collection ! ================== References 1. http://toosexy.lydo.org/postcard.gif.exe From owner-freebsd-net@FreeBSD.ORG Wed Mar 22 15:48:45 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 51B7616A400 for ; Wed, 22 Mar 2006 15:48:45 +0000 (UTC) (envelope-from ericx_lists@vineyard.net) Received: from vineyard.net (k1.vineyard.net [204.17.195.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id EDA9943D45 for ; Wed, 22 Mar 2006 15:48:44 +0000 (GMT) (envelope-from ericx_lists@vineyard.net) Received: from localhost (loopback [127.0.0.1]) by vineyard.net (Postfix) with ESMTP id 0751191553 for ; Wed, 22 Mar 2006 10:48:42 -0500 (EST) Received: from vineyard.net ([127.0.0.1]) by localhost (king1.vineyard.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 81297-01-11 for ; Wed, 22 Mar 2006 10:48:41 -0500 (EST) Received: from [204.17.195.113] (cheesenip.vineyard.net [204.17.195.113]) by vineyard.net (Postfix) with ESMTP id C083491545 for ; Wed, 22 Mar 2006 10:48:41 -0500 (EST) Message-ID: <44217266.4000906@vineyard.net> Date: Wed, 22 Mar 2006 10:51:02 -0500 From: "Eric W. Bates" Organization: Vineyard.NET, Inc. User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051212) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS-king1 at Vineyard.NET Subject: racoon config trouble X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 15:48:45 -0000 I'm trying to link a FreeBSD 5.3 machine with a Juniper appliance and I'm failing during the phase one negotiation. Without spamming the list with copious output, can anyone help me decipher the racoon error: Mar 22 08:18:06 fw racoon: ERROR: ignore information because ISAKMP-SA has not been established yet. With log set to 'debug2', there is a lot of information; but this is the first line in the log which is expresses any level of warning or error. Further details happily provided... -- Eric W. Bates From owner-freebsd-net@FreeBSD.ORG Wed Mar 22 15:53:34 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8371E16A400 for ; Wed, 22 Mar 2006 15:53:34 +0000 (UTC) (envelope-from vanhu@zeninc.net) Received: from leia.fdn.fr (ns0.fdn.org [80.67.169.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 048E543D46 for ; Wed, 22 Mar 2006 15:53:33 +0000 (GMT) (envelope-from vanhu@zeninc.net) Received: from smtp.zeninc.net (reverse-25.fdn.fr [80.67.176.25]) by leia.fdn.fr (8.13.3/8.13.3/FDN) with ESMTP id k2MFrVns022226 for ; Wed, 22 Mar 2006 16:53:31 +0100 Received: by smtp.zeninc.net (smtpd, from userid 1000) id 0B87B3F17; Wed, 22 Mar 2006 16:53:26 +0100 (CET) Date: Wed, 22 Mar 2006 16:53:26 +0100 From: VANHULLEBUS Yvan To: freebsd-net@freebsd.org Message-ID: <20060322155325.GA24077@zen.inc> References: <44217266.4000906@vineyard.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44217266.4000906@vineyard.net> User-Agent: All mail clients suck. This one just sucks less. Subject: Re: racoon config trouble X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 15:53:34 -0000 On Wed, Mar 22, 2006 at 10:51:02AM -0500, Eric W. Bates wrote: > I'm trying to link a FreeBSD 5.3 machine with a Juniper appliance and > I'm failing during the phase one negotiation. > > Without spamming the list with copious output, can anyone help me > decipher the racoon error: > > Mar 22 08:18:06 fw racoon: ERROR: ignore information > because ISAKMP-SA has not been established yet. > > With log set to 'debug2', there is a lot of information; but this is the > first line in the log which is expresses any level of warning or error. Hi. ipsec-tools-devel(/user) ML is probably really more appropriate for such a question, I just didn't have time to answer your mail on it for now :-) The short answer is "this error is probably NOT related to your problem", and i'll do the long answer on ipsec-tools-devel "asap" Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com From owner-freebsd-net@FreeBSD.ORG Wed Mar 22 18:08:14 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B80116A423 for ; Wed, 22 Mar 2006 18:08:14 +0000 (UTC) (envelope-from oberman@es.net) Received: from postal1.es.net (postal1.es.net [198.128.3.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3ECC143D6B for ; Wed, 22 Mar 2006 18:08:14 +0000 (GMT) (envelope-from oberman@es.net) Received: from ptavv.es.net ([198.128.4.29]) by postal1.es.net (Postal Node 1) with ESMTP (SSL) id IBA74465 for ; Wed, 22 Mar 2006 10:08:10 -0800 Received: from ptavv.es.net (localhost [127.0.0.1]) by ptavv.es.net (Tachyon Server) with ESMTP id 3846645041 for ; Wed, 22 Mar 2006 10:08:10 -0800 (PST) To: freebsd-net@freebsd.org Date: Wed, 22 Mar 2006 10:08:10 -0800 From: "Kevin Oberman" Message-Id: <20060322180810.3846645041@ptavv.es.net> Subject: IPv6 neighbor discovery with static addresses X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 18:08:14 -0000 When I configure a system with a static IPv6 address (e.g ipv6_ifconfig_nve0="2001:400:14:2753::28:14/64) the systems does not seem to find its router. I need to add ipv6_defaultrouter to rc.conf. Is there some reason that the system should not configure the default using ND in this case? Thanks, -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 From owner-freebsd-net@FreeBSD.ORG Wed Mar 22 20:22:48 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0265A16A400; Wed, 22 Mar 2006 20:22:48 +0000 (UTC) (envelope-from gmicsko@szintezis.hu) Received: from mta01.mail.t-online.hu (mta03.mail.t-online.hu [195.228.240.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8711143D45; Wed, 22 Mar 2006 20:22:45 +0000 (GMT) (envelope-from gmicsko@szintezis.hu) Received: from dsl54025809.pool.t-online.hu (dsl54025809.pool.t-online.hu [84.2.88.9]) (using SSLv3 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by mail.t-online.hu (Postfix) with ESMTP; Wed, 22 Mar 2006 21:22:43 +0100 (CET) From: Gabor MICSKO To: freebsd-current@freebsd.org Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-LCLJxRq8dxQRVkZarKV6" Date: Wed, 22 Mar 2006 21:22:42 +0100 Message-Id: <1143058963.6826.11.camel@alderaan.trey.hu> Mime-Version: 1.0 X-Mailer: Evolution 2.4.1 Cc: freebsd-net@freebsd.org Subject: requests for mbufs denied X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 20:22:48 -0000 --=-LCLJxRq8dxQRVkZarKV6 Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: quoted-printable Hi! I have a relative high traffic server, running Apache, MySQL and Drupal. With FreeBSD 6.0 and 6.1-PRERELEASE i got some distressing "netstat -m" outputs. Can anybody explain for me what does this message mean exactly? "16064849/9164254/9384500 requests for mbufs denied (mbufs/clusters/mbuf +clusters)" And what can i do with this? Full "netstat -m" output: $ netstat -m 445/695/1140 mbufs in use (current/cache/total) 407/255/662/65536 mbuf clusters in use (current/cache/total/max) 407/237 mbuf+clusters out of packet secondary zone in use (current/cache) 0/0/0/0 4k (page size) jumbo clusters in use (current/cache/total/max) 0/0/0/0 9k jumbo clusters in use (current/cache/total/max) 0/0/0/0 16k jumbo clusters in use (current/cache/total/max) 925K/683K/1609K bytes allocated to network (current/cache/total) 16064849/9164254/9384500 requests for mbufs denied (mbufs/clusters/mbuf +clusters) 0/0/0 requests for jumbo clusters denied (4k/9k/16k) 33/964/6656 sfbufs in use (current/peak/max) 0 requests for sfbufs denied 0 requests for sfbufs delayed 56067 requests for I/O initiated by sendfile 5500 calls to protocol drain routines Sorry for my bad english. Thank you! --=20 Micsk=F3 G=E1bor HP APS, AIS, ASE Szint=E9zis Rt. H-9023 Gy=F5r, Tihanyi =C1. u. 2. Tel: +36 96 502 221 Fax: +36 96 318 658 E-mail: gmicsko@szintezis.hu --=-LCLJxRq8dxQRVkZarKV6 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQBEIbISo75Oas+VX1ARAryRAKC0DM2W7NNw272e2paoBVmuaa6jygCgty9k +/8rgI0NrjTigLp26klDt8Q= =Ajnx -----END PGP SIGNATURE----- --=-LCLJxRq8dxQRVkZarKV6-- From owner-freebsd-net@FreeBSD.ORG Wed Mar 22 21:00:32 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9CF0A16A439 for ; Wed, 22 Mar 2006 21:00:32 +0000 (UTC) (envelope-from pblok@bsd4all.org) Received: from altrade.nijmegen.internl.net (altrade.nijmegen.internl.net [217.149.192.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4419043D60 for ; Wed, 22 Mar 2006 20:59:46 +0000 (GMT) (envelope-from pblok@bsd4all.org) Received: from mail.bsd4all.org by altrade.nijmegen.internl.net via 113-9.bbned.dsl.internl.net [82.215.9.113] with ESMTP id k2MKxdGC015884 (8.13.2/2.04); Wed, 22 Mar 2006 21:59:39 +0100 (MET) Received: from localhost (localhost.homebrew.bsd4all.org [127.0.0.1]) by mail.bsd4all.org (Postfix) with ESMTP id EA01D5CC1; Wed, 22 Mar 2006 21:59:38 +0100 (CET) Received: from mail.bsd4all.org ([127.0.0.1]) by localhost (fwgw.homebrew.bsd4all.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 07495-03; Wed, 22 Mar 2006 21:59:34 +0100 (CET) Received: from ntpc (ntpc [192.168.1.138]) by mail.bsd4all.org (Postfix) with ESMTP id 05F9E5C92; Wed, 22 Mar 2006 21:59:34 +0100 (CET) From: "Peter Blok" To: "'Gabor MICSKO'" Date: Wed, 22 Mar 2006 21:55:44 +0100 Message-ID: <003d01c64df2$fd07d090$8a01a8c0@ntpc> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook 11 In-Reply-To: <1143058963.6826.11.camel@alderaan.trey.hu> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 Thread-Index: AcZN74rtj9+eg0TzTXq577L9jtiNjgAAwj/A X-Virus-Scanned: amavisd-new at bsd4all.org Cc: freebsd-net@freebsd.org Subject: RE: requests for mbufs denied X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 21:00:32 -0000 Hi, I have them too. They only happen on a Realtek re card. They don't = happen on an Intel em card. I'm still narrowing down why this happens. I have now disabled carp, because I have a feeling it is related to promiscuous mode. So far they have not happened after disabling carp. Peter -----Original Message----- From: owner-freebsd-net@freebsd.org = [mailto:owner-freebsd-net@freebsd.org] On Behalf Of Gabor MICSKO Sent: Wednesday, March 22, 2006 9:23 PM To: freebsd-current@freebsd.org Cc: freebsd-net@freebsd.org Subject: requests for mbufs denied Hi! I have a relative high traffic server, running Apache, MySQL and Drupal. With FreeBSD 6.0 and 6.1-PRERELEASE i got some distressing "netstat -m" outputs. Can anybody explain for me what does this message mean exactly? "16064849/9164254/9384500 requests for mbufs denied (mbufs/clusters/mbuf +clusters)" And what can i do with this? Full "netstat -m" output: $ netstat -m 445/695/1140 mbufs in use (current/cache/total) 407/255/662/65536 mbuf clusters in use (current/cache/total/max) 407/237 mbuf+clusters out of packet secondary zone in use (current/cache) 0/0/0/0 4k (page size) jumbo clusters in use (current/cache/total/max) 0/0/0/0 9k jumbo clusters in use (current/cache/total/max) 0/0/0/0 16k jumbo clusters in use (current/cache/total/max) 925K/683K/1609K bytes allocated to network (current/cache/total) 16064849/9164254/9384500 requests for mbufs denied (mbufs/clusters/mbuf +clusters) 0/0/0 requests for jumbo clusters denied (4k/9k/16k) 33/964/6656 sfbufs in use (current/peak/max) 0 requests for sfbufs denied 0 requests for sfbufs delayed 56067 requests for I/O initiated by sendfile 5500 calls to protocol drain routines Sorry for my bad english. Thank you! --=20 Micsk=F3 G=E1bor HP APS, AIS, ASE Szint=E9zis Rt. H-9023 Gy=F5r, Tihanyi =C1. u. 2. Tel: +36 96 502 221 Fax: +36 96 318 658 E-mail: gmicsko@szintezis.hu From owner-freebsd-net@FreeBSD.ORG Wed Mar 22 21:18:13 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2014F16A400; Wed, 22 Mar 2006 21:18:13 +0000 (UTC) (envelope-from gmicsko@szintezis.hu) Received: from mta01.mail.t-online.hu (mta03.mail.t-online.hu [195.228.240.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9C68C43D64; Wed, 22 Mar 2006 21:18:12 +0000 (GMT) (envelope-from gmicsko@szintezis.hu) Received: from dsl54025809.pool.t-online.hu (dsl54025809.pool.t-online.hu [84.2.88.9]) (using SSLv3 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by mail.t-online.hu (Postfix) with ESMTP; Wed, 22 Mar 2006 22:18:11 +0100 (CET) From: Gabor MICSKO To: Peter Blok In-Reply-To: <003d01c64df2$fd07d090$8a01a8c0@ntpc> References: <003d01c64df2$fd07d090$8a01a8c0@ntpc> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-8MinNMdKtw3D7Z8NDS+n" Date: Wed, 22 Mar 2006 22:18:11 +0100 Message-Id: <1143062291.6826.20.camel@alderaan.trey.hu> Mime-Version: 1.0 X-Mailer: Evolution 2.4.1 Cc: freebsd-net@freebsd.org, freebsd-current@freebsd.org Subject: RE: requests for mbufs denied X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 21:18:13 -0000 --=-8MinNMdKtw3D7Z8NDS+n Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: quoted-printable On Wed, 2006-03-22 at 21:55 +0100, Peter Blok wrote: > Hi, >=20 > I have them too. They only happen on a Realtek re card. They don't happen= on > an Intel em card. I'm still narrowing down why this happens. Hm, interesting. I got this messages with an onboard Intel PRO/1000 Gigabit Ethernet Card (em). > I have now disabled carp, because I have a feeling it is related to > promiscuous mode. So far they have not happened after disabling carp. I will check it out! Thanks! --=20 Micsk=F3 G=E1bor HP APS, AIS, ASE Szint=E9zis Rt. H-9023 Gy=F5r, Tihanyi =C1. u. 2. Tel: +36 96 502 221 Fax: +36 96 318 658 E-mail: gmicsko@szintezis.hu --=-8MinNMdKtw3D7Z8NDS+n Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQBEIb8To75Oas+VX1ARAke1AKC2tr/xFTJTDWUxNTeOahz6ZE+ytwCeIMep fbH6csNVss59sK5qct4fH9s= =YskT -----END PGP SIGNATURE----- --=-8MinNMdKtw3D7Z8NDS+n-- From owner-freebsd-net@FreeBSD.ORG Wed Mar 22 22:17:52 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 89D9B16A400 for ; Wed, 22 Mar 2006 22:17:52 +0000 (UTC) (envelope-from mgrooms@shrew.net) Received: from shrew.net (shrew.net [200.46.204.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A15843D4C for ; Wed, 22 Mar 2006 22:17:51 +0000 (GMT) (envelope-from mgrooms@shrew.net) Received: from hole.shrew.net (66-90-165-114.dyn.grandenetworks.net [66.90.165.114]) by shrew.net (Postfix) with ESMTP id 6A6854DB01D for ; Wed, 22 Mar 2006 16:17:47 -0600 (CST) Received: from [10.22.200.21] ([10.22.200.21]) by hole.shrew.net (8.13.4/8.13.4) with ESMTP id k2MMHkDR014359 for ; Wed, 22 Mar 2006 16:17:47 -0600 (CST) (envelope-from mgrooms@shrew.net) Message-ID: <4421CCF3.9010907@shrew.net> Date: Wed, 22 Mar 2006 16:17:23 -0600 From: Matthew Grooms User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL autolearn=ham version=3.0.4 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on hole.shrew.net Subject: FreeBSD as a VPN Client Gateway ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 22:17:52 -0000 All, If anyone would like to use FreeBSD as a VPN gateway but have the usual Win2K/XP clients to support, here is a free software product that may be of interest ... http://www.shrew.net/download The VPN Client was designed to work with ipsec-tools + FreeBSD as the gateway but others such as NetBSD have been tested. Features include multiple XAuth user authentication modes, automatic client network configuration, remote network topology download, NAT Traversal, IKE fragmentation and transport pre-fragmentation ( ala NetBSD 3.0 ). The latter three are useful for clients behind NAT devices or broken DSL/Cable routers that drop large or fragmented UDP packets. If you are interested in using NAT-T, you should have a look at Yvans kernel patch which offers everything but transport pre-fragmentation support ... http://ipsec-tools.sf.net/freebsd6-natt.diff Feedback and bug reports are appreciated ( off this list ). -Matthew From owner-freebsd-net@FreeBSD.ORG Thu Mar 23 01:44:42 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 660F416A401 for ; Thu, 23 Mar 2006 01:44:42 +0000 (UTC) (envelope-from pauls@utdallas.edu) Received: from mail.stovebolt.com (mail.stovebolt.com [66.221.101.248]) by mx1.FreeBSD.org (Postfix) with ESMTP id 12CF343D45 for ; Thu, 23 Mar 2006 01:44:42 +0000 (GMT) (envelope-from pauls@utdallas.edu) Received: from [192.168.2.101] (adsl-66-141-178-163.dsl.rcsntx.swbell.net [66.141.178.163]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.stovebolt.com (Postfix) with ESMTP id 221B3114307 for ; Wed, 22 Mar 2006 19:41:39 -0600 (CST) Date: Wed, 22 Mar 2006 19:43:31 -0600 From: Paul Schmehl To: freebsd-net@freebsd.org Message-ID: X-Mailer: Mulberry/4.0.0 (Mac OS X) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=sha1; protocol="application/pkcs7-signature"; boundary="==========15CAC0A824FAD6175D16==========" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Loopback problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Paul Schmehl List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 01:44:42 -0000 --==========15CAC0A824FAD6175D16========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline I have two machines (that I know of) that have the same problem. The=20 loopback interface has no ipv4 address, and it doesn't start up on boot.=20 If I bring the interface up (ifconfig lo0 up),. it has no ipv4 address. If = I bring it up this way - ifconfig lo0 inet 127.0.0.1, then I have an ipv4=20 address and everything works fine. On box is 5.4 SECURITY. The other is 6.0 SECURITY. Both boxes have=20 ifconfig=3D"lo0 inet 127.0.0.1" in the /etc/defaults/rc.conf file. Both=20 boxes boot fine and work fine, except for this one problem, which has=20 manifested odd symptoms from time to time but never merited investigation=20 (until now.) Since I did the installs on both boxes, I've obviously missed something=20 during the install (or chosen the wrong option). Does anyone have a clue=20 what it might be? Or how I might fix this problem so the boxes will bring=20 up lo0 at boot? Paul Schmehl (pauls@utdallas.edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ --==========15CAC0A824FAD6175D16==========-- From owner-freebsd-net@FreeBSD.ORG Thu Mar 23 02:43:09 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2375A16A401 for ; Thu, 23 Mar 2006 02:43:09 +0000 (UTC) (envelope-from pauls@utdallas.edu) Received: from mail.stovebolt.com (mail.stovebolt.com [66.221.101.248]) by mx1.FreeBSD.org (Postfix) with ESMTP id B0FD343D4C for ; Thu, 23 Mar 2006 02:43:08 +0000 (GMT) (envelope-from pauls@utdallas.edu) Received: from [192.168.2.101] (adsl-66-141-178-163.dsl.rcsntx.swbell.net [66.141.178.163]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.stovebolt.com (Postfix) with ESMTP id 4FA23114307 for ; Wed, 22 Mar 2006 20:40:06 -0600 (CST) Date: Wed, 22 Mar 2006 20:41:59 -0600 From: Paul Schmehl To: freebsd-net@freebsd.org Message-ID: <450528E72F6DEFD144E3DA9D@Paul-Schmehls-Computer.local> In-Reply-To: References: X-Mailer: Mulberry/4.0.0 (Mac OS X) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=sha1; protocol="application/pkcs7-signature"; boundary="==========884C8AE3C6750BEA20AF==========" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: Loopback problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Paul Schmehl List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 02:43:09 -0000 --==========884C8AE3C6750BEA20AF========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline --On March 22, 2006 7:43:31 PM -0600 Paul Schmehl =20 wrote: > I have two machines (that I know of) that have the same problem. The > loopback interface has no ipv4 address, and it doesn't start up on boot. > If I bring the interface up (ifconfig lo0 up),. it has no ipv4 address. > If I bring it up this way - ifconfig lo0 inet 127.0.0.1, then I have an > ipv4 address and everything works fine. > > On box is 5.4 SECURITY. The other is 6.0 SECURITY. Both boxes have > ifconfig=3D"lo0 inet 127.0.0.1" in the /etc/defaults/rc.conf file. Both > boxes boot fine and work fine, except for this one problem, which has > manifested odd symptoms from time to time but never merited investigation > (until now.) > > Since I did the installs on both boxes, I've obviously missed something > during the install (or chosen the wrong option). Does anyone have a clue > what it might be? Or how I might fix this problem so the boxes will > bring up lo0 at boot? > I just figured out the problem with one box. (The other is down right now, = so I can't get to it.) For some reason the following was in /etc/rc.conf=20 (I don't know if that was done by setup or some other program): network_interfaces=3D"l0 xl0 xl1" I changed that to: network_interfaces=3D"lo0 xl0 xl1" and now the box activates lo0 on boot, including the ipv4 address. I'll have to check the other box tomorrow morning. Paul Schmehl (pauls@utdallas.edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ --==========884C8AE3C6750BEA20AF==========-- From owner-freebsd-net@FreeBSD.ORG Thu Mar 23 03:50:16 2006 Return-Path: X-Original-To: net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F0D9C16A400; Thu, 23 Mar 2006 03:50:15 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 848A843D48; Thu, 23 Mar 2006 03:50:15 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k2N3oFR6057819; Thu, 23 Mar 2006 03:50:15 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k2N3oFKM057818; Thu, 23 Mar 2006 03:50:15 GMT (envelope-from gnats) Date: Thu, 23 Mar 2006 03:50:15 GMT Message-Id: <200603230350.k2N3oFKM057818@freefall.freebsd.org> To: John Grimes , net@FreeBSD.org From: FreeBSD-gnats-submit@FreeBSD.org In-Reply-To: Your message of Thu, 23 Mar 2006 03:45:20 GMT <200603230345.k2N3jKIO011464@www.freebsd.org> Cc: Subject: Re: i386/94852: Cannot install 6.1 from either Beta1 or Beta4 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-i386@FreeBSD.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 03:50:16 -0000 Thank you very much for your problem report. It has the internal identification `i386/94852'. The individual assigned to look at your report is: freebsd-i386. You can access the state of your problem report at any time via this link: http://www.freebsd.org/cgi/query-pr.cgi?pr=94852 >Category: i386 >Responsible: freebsd-i386 >Synopsis: Cannot install 6.1 from either Beta1 or Beta4 >Arrival-Date: Thu Mar 23 03:50:15 GMT 2006 From owner-freebsd-net@FreeBSD.ORG Thu Mar 23 04:07:30 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 04C8716A51A for ; Thu, 23 Mar 2006 04:07:30 +0000 (UTC) (envelope-from ume@mahoroba.org) Received: from ameno.mahoroba.org (gw4.mahoroba.org [218.45.22.175]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A5F543D45 for ; Thu, 23 Mar 2006 04:07:26 +0000 (GMT) (envelope-from ume@mahoroba.org) Received: from localhost (IDENT:nf9AGaNLb1v3vefWYW1NvetJ+6xoTP+nShGK+D9juNoRIj+Mj5hS5TKLB+DJrnjI@localhost [IPv6:::1]) (user=ume mech=CRAM-MD5 bits=0) by ameno.mahoroba.org (8.13.4/8.13.4) with ESMTP/inet6 id k2N479cw034090 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 23 Mar 2006 13:07:12 +0900 (JST) (envelope-from ume@mahoroba.org) Date: Thu, 23 Mar 2006 13:07:08 +0900 Message-ID: From: Hajimu UMEMOTO To: "Kevin Oberman" In-Reply-To: <20060322180810.3846645041@ptavv.es.net> References: <20060322180810.3846645041@ptavv.es.net> User-Agent: xcite1.38> Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 Emacs/22.0.50 (i386-unknown-freebsd5.5) MULE/5.0 (SAKAKI) X-Operating-System: FreeBSD 5.5-PRERELEASE X-PGP-Key: http://www.imasy.or.jp/~ume/publickey.asc X-PGP-Fingerprint: 1F00 0B9E 2164 70FC 6DC5 BF5F 04E9 F086 BF90 71FE Organization: Internet Mutual Aid Society, YOKOHAMA MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-2.1.3 (ameno.mahoroba.org [IPv6:::1]); Thu, 23 Mar 2006 13:07:13 +0900 (JST) X-Virus-Scanned: by amavisd-new X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on ameno.mahoroba.org Cc: freebsd-net@freebsd.org Subject: Re: IPv6 neighbor discovery with static addresses X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 04:07:30 -0000 Hi, >>>>> On Wed, 22 Mar 2006 10:08:10 -0800 >>>>> "Kevin Oberman" said: oberman> When I configure a system with a static IPv6 address (e.g oberman> ipv6_ifconfig_nve0="2001:400:14:2753::28:14/64) the systems does not oberman> seem to find its router. I need to add ipv6_defaultrouter to rc.conf. oberman> Is there some reason that the system should not configure the default oberman> using ND in this case? Because, not a few people don't want to accept RA but want to configure their network setting statically. ipv6_ifconfig_* is for such purpose. If ipv6_ifconfig_* is set, RA is not accepted. If you want to accept RA as well, please use ipv6_ifconfig_nve0_alias0 instead. Sincerely, -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ From owner-freebsd-net@FreeBSD.ORG Thu Mar 23 15:53:27 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F01516A422 for ; Thu, 23 Mar 2006 15:53:27 +0000 (UTC) (envelope-from bms@spc.org) Received: from mindfull.spc.org (mindfull.spc.org [83.167.185.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C0FF43D73 for ; Thu, 23 Mar 2006 15:53:25 +0000 (GMT) (envelope-from bms@spc.org) Received: from arginine.spc.org ([83.167.185.2]) by mindfull.spc.org with esmtps (TLSv1:AES256-SHA:256) (Exim 4.52) id 1FMS7l-0006yH-9p; Thu, 23 Mar 2006 15:53:21 +0000 Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 2CB0A6565E; Thu, 23 Mar 2006 15:53:24 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 03030-04-2; Thu, 23 Mar 2006 15:53:23 +0000 (GMT) Received: by arginine.spc.org (Postfix, from userid 1078) id 7889F65655; Thu, 23 Mar 2006 15:53:23 +0000 (GMT) Date: Thu, 23 Mar 2006 15:53:23 +0000 From: Bruce M Simpson To: Matthew Grooms Message-ID: <20060323155323.GG43118@spc.org> Mail-Followup-To: Bruce M Simpson , Matthew Grooms , freebsd-net@freebsd.org References: <4421CCF3.9010907@shrew.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4421CCF3.9010907@shrew.net> User-Agent: Mutt/1.4.1i Organization: Incunabulum X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - mindfull.spc.org X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - spc.org X-Source: X-Source-Args: X-Source-Dir: Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD as a VPN Client Gateway ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 15:53:27 -0000 On Wed, Mar 22, 2006 at 04:17:23PM -0600, Matthew Grooms wrote: > If you are interested in using NAT-T, you should have a look at > Yvans kernel patch which offers everything but transport > pre-fragmentation support ... This looks cool. This looks very, very cool. Now if only I had free time... :-( BMS From owner-freebsd-net@FreeBSD.ORG Thu Mar 23 15:54:42 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 617B416A401 for ; Thu, 23 Mar 2006 15:54:42 +0000 (UTC) (envelope-from sdrhodus@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 219E943D6E for ; Thu, 23 Mar 2006 15:54:40 +0000 (GMT) (envelope-from sdrhodus@gmail.com) Received: by wproxy.gmail.com with SMTP id 67so837950wri for ; Thu, 23 Mar 2006 07:54:39 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=iGP38Pqq0EF7Y16EnmKMER3Mc2OvTaeHe3Kb23YdIqxxoxENuiJ42Xe9n+u5+4zdeYos7w/Xm2HWsKvHjGkyN8M0N+RzVJTZT30GuWFnz6Q7ZPgiFGz7oKSSr9lc8KrFrApPTha9IqQ+HEcFmA0fRpfPtKcnGW55ZhVhmyj+mPs= Received: by 10.65.11.17 with SMTP id o17mr1834677qbi; Thu, 23 Mar 2006 07:54:39 -0800 (PST) Received: by 10.64.178.12 with HTTP; Thu, 23 Mar 2006 07:54:38 -0800 (PST) Message-ID: Date: Thu, 23 Mar 2006 10:54:38 -0500 From: "David Rhodus" Sender: sdrhodus@gmail.com To: "Matthew Grooms" In-Reply-To: <4421CCF3.9010907@shrew.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <4421CCF3.9010907@shrew.net> Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD as a VPN Client Gateway ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 15:54:42 -0000 On 3/22/06, Matthew Grooms wrote: > All, > > If anyone would like to use FreeBSD as a VPN gateway but have the > usual Win2K/XP clients to support, here is a free software product that > may be of interest ... > > http://www.shrew.net/download > > The VPN Client was designed to work with ipsec-tools + FreeBSD as > the gateway but others such as NetBSD have been tested. Features include > multiple XAuth user authentication modes, automatic client network > configuration, remote network topology download, NAT Traversal, IKE > fragmentation and transport pre-fragmentation ( ala NetBSD 3.0 ). The > latter three are useful for clients behind NAT devices or broken > DSL/Cable routers that drop large or fragmented UDP packets. > > If you are interested in using NAT-T, you should have a look at > Yvans kernel patch which offers everything but transport > pre-fragmentation support ... > > http://ipsec-tools.sf.net/freebsd6-natt.diff > > Feedback and bug reports are appreciated ( off this list ). > > -Matthew Are you going to release the source to the windows client ? -DR From owner-freebsd-net@FreeBSD.ORG Thu Mar 23 16:08:01 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 029B116A400 for ; Thu, 23 Mar 2006 16:08:01 +0000 (UTC) (envelope-from pauls@utdallas.edu) Received: from smtp1.utdallas.edu (smtp1.utdallas.edu [129.110.10.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id B51BD43D45 for ; Thu, 23 Mar 2006 16:08:00 +0000 (GMT) (envelope-from pauls@utdallas.edu) Received: from utd59514.utdallas.edu (utd59514.utdallas.edu [129.110.3.28]) by smtp1.utdallas.edu (Postfix) with ESMTP id 1023E388F63 for ; Thu, 23 Mar 2006 10:08:00 -0600 (CST) Date: Thu, 23 Mar 2006 10:07:36 -0600 From: Paul Schmehl To: freebsd-net@freebsd.org Message-ID: X-Mailer: Mulberry/4.0.0b4 (Linux/x86) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=sha1; protocol="application/pkcs7-signature"; boundary="==========5BBA5AE8462CA59301AE==========" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: lo0 not starting on boot X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 16:08:01 -0000 --==========5BBA5AE8462CA59301AE========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline In 6.0 SECURITY, what starts up lo0? It's not starting by default, and=20 /etc/rc.d/netif has no effect on the interface. I *believe* this is the=20 cause of a problem I'm having with xinerama, but I can't seem to figure out = how to get the loopback to come up on boot. Any help would be appreciated. I already have the following in /etc/rc.conf: network_interfaces=3D"lo0 bge0" ifconfig_lo0=3D"inet 127.0.0.1" Paul Schmehl (pauls@utdallas.edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/ --==========5BBA5AE8462CA59301AE==========-- From owner-freebsd-net@FreeBSD.ORG Thu Mar 23 16:09:11 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 052FF16A420 for ; Thu, 23 Mar 2006 16:09:11 +0000 (UTC) (envelope-from e-masson@kisoft-services.com) Received: from kraid.nerim.net (smtp-104-thursday.nerim.net [62.4.16.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id E4F4443D49 for ; Thu, 23 Mar 2006 16:09:09 +0000 (GMT) (envelope-from e-masson@kisoft-services.com) Received: from srvbsdnanssv.interne.kisoft-services.com (kisoft.net1.nerim.net [62.212.107.51]) by kraid.nerim.net (Postfix) with ESMTP id D5C9F40E2D; Thu, 23 Mar 2006 17:09:06 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by srvbsdnanssv.interne.kisoft-services.com (Postfix) with ESMTP id 889D7C6A0; Thu, 23 Mar 2006 17:09:06 +0100 (CET) Received: from srvbsdnanssv.interne.kisoft-services.com ([127.0.0.1]) by localhost (srvbsdnanssv.interne.kisoft-services.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 59937-02; Thu, 23 Mar 2006 17:09:05 +0100 (CET) Received: by srvbsdnanssv.interne.kisoft-services.com (Postfix, from userid 1001) id CB4CBC615; Thu, 23 Mar 2006 17:09:05 +0100 (CET) To: Matthew Grooms From: Eric Masson In-Reply-To: <4421CCF3.9010907@shrew.net> (Matthew Grooms's message of "Wed, 22 Mar 2006 16:17:23 -0600") References: <4421CCF3.9010907@shrew.net> X-Operating-System: FreeBSD 5.4-RELEASE-p2 i386 Date: Thu, 23 Mar 2006 17:09:05 +0100 Message-ID: <86odzx2lem.fsf@srvbsdnanssv.interne.kisoft-services.com> User-Agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Jumbo Shrimp, berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 8bit X-Virus-Scanned: amavisd-new at interne.kisoft-services.com Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD as a VPN Client Gateway ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 16:09:11 -0000 Matthew Grooms writes: Hi, Nice work. > If you are interested in using NAT-T, you should have a look at > Yvans kernel patch which offers everything but transport > pre-fragmentation support ... > > http://ipsec-tools.sf.net/freebsd6-natt.diff I tried to compile ipsec-tools with 6.1-PRERELEASE natt patched kernel & headers and so far, didn't succeed. natt detection fails, gcc complains it's not able to evaluate the size of a structure in a header, and then configure disables functionality. Does anybody knows if Yvan's patches will be integrated in the tree anytime ? The "patent issue" doesn't seem to bother Net, Open & Linux Regards Éric Masson -- «je copie le fichier rpm dans un répertoire et l'installe, maintenant je ne sais pas lancer l'appli car elle ne s'est pas mise dans le menu "Démarrer-Programmes".» -+- Stéph in Guide du linuxien pervers : "install.exe il est ou?" -+- From owner-freebsd-net@FreeBSD.ORG Thu Mar 23 16:40:04 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B584116A400 for ; Thu, 23 Mar 2006 16:40:04 +0000 (UTC) (envelope-from vanhu@zeninc.net) Received: from leia.fdn.fr (ns0.fdn.org [80.67.169.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 696B143D69 for ; Thu, 23 Mar 2006 16:40:00 +0000 (GMT) (envelope-from vanhu@zeninc.net) Received: from smtp.zeninc.net (reverse-25.fdn.fr [80.67.176.25]) by leia.fdn.fr (8.13.3/8.13.3/FDN) with ESMTP id k2NGdvJV008968 for ; Thu, 23 Mar 2006 17:39:58 +0100 Received: by smtp.zeninc.net (smtpd, from userid 1000) id 100A13F17; Thu, 23 Mar 2006 17:39:52 +0100 (CET) Date: Thu, 23 Mar 2006 17:39:51 +0100 From: VANHULLEBUS Yvan To: freebsd-net@freebsd.org Message-ID: <20060323163951.GA11458@zen.inc> References: <4421CCF3.9010907@shrew.net> <86odzx2lem.fsf@srvbsdnanssv.interne.kisoft-services.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <86odzx2lem.fsf@srvbsdnanssv.interne.kisoft-services.com> User-Agent: All mail clients suck. This one just sucks less. Subject: Re: FreeBSD as a VPN Client Gateway ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 16:40:04 -0000 On Thu, Mar 23, 2006 at 05:09:05PM +0100, Eric Masson wrote: > Matthew Grooms writes: [....] > > http://ipsec-tools.sf.net/freebsd6-natt.diff > > I tried to compile ipsec-tools with 6.1-PRERELEASE natt patched kernel & > headers and so far, didn't succeed. It should work (I'm compiling it with a modified 6.1-PRERELEASE, but did not tried for now with just 6.1-PRERELEASE+NAT6T patch). Could you send me the logs ? > natt detection fails, gcc complains it's not able to evaluate the size > of a structure in a header, and then configure disables functionality. nat-t support detection is quite bad actually (and not only with FreeBSD), as it just detects NAT-T support in kernel includes, not in compiled kernel. Have a look at your /usr/include/net/pfkeyv2.h, and see if you have some NAT-T related stuff. > Does anybody knows if Yvan's patches will be integrated in the tree > anytime ? The "patent issue" doesn't seem to bother Net, Open & Linux I didn't have news about patent issues recently. There are still some works to do on the patch, especially: - sync with Manu's recent works on NetBSD (support for multiple peers behind the same address). It should not take too long to do that, and I'll work on it within next weeks. - port to FAST_IPSEC. Once again, it should not take too much time to do that. I was waiting for George's works on PFKey interface, but looks like it won't really be a problem to merge both works, so I'll probably do it "soon". But the actual version of the patch is already good enough for integration if FreeBSd's team wants it, there are just some (temporary) limitations which needs to be know. Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com From owner-freebsd-net@FreeBSD.ORG Thu Mar 23 17:22:47 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03E7C16A420 for ; Thu, 23 Mar 2006 17:22:47 +0000 (UTC) (envelope-from e-masson@kisoft-services.com) Received: from mallaury.nerim.net (smtp-104-thursday.noc.nerim.net [62.4.17.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id 74E3C43D48 for ; Thu, 23 Mar 2006 17:22:45 +0000 (GMT) (envelope-from e-masson@kisoft-services.com) Received: from srvbsdnanssv.interne.kisoft-services.com (kisoft.net1.nerim.net [62.212.107.51]) by mallaury.nerim.net (Postfix) with ESMTP id 20C3F4F3D9; Thu, 23 Mar 2006 18:22:32 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by srvbsdnanssv.interne.kisoft-services.com (Postfix) with ESMTP id 3C1DAC6F8; Thu, 23 Mar 2006 18:22:41 +0100 (CET) Received: from srvbsdnanssv.interne.kisoft-services.com ([127.0.0.1]) by localhost (srvbsdnanssv.interne.kisoft-services.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 60213-06; Thu, 23 Mar 2006 18:22:37 +0100 (CET) Received: by srvbsdnanssv.interne.kisoft-services.com (Postfix, from userid 1001) id DA346C6E0; Thu, 23 Mar 2006 18:22:36 +0100 (CET) To: VANHULLEBUS Yvan From: Eric Masson In-Reply-To: <20060323163951.GA11458@zen.inc> (VANHULLEBUS Yvan's message of "Thu, 23 Mar 2006 17:39:51 +0100") References: <4421CCF3.9010907@shrew.net> <86odzx2lem.fsf@srvbsdnanssv.interne.kisoft-services.com> <20060323163951.GA11458@zen.inc> X-Operating-System: FreeBSD 5.4-RELEASE-p2 i386 Date: Thu, 23 Mar 2006 18:22:36 +0100 Message-ID: <86d5gd2i03.fsf@srvbsdnanssv.interne.kisoft-services.com> User-Agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Jumbo Shrimp, berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 8bit X-Virus-Scanned: amavisd-new at interne.kisoft-services.com Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD as a VPN Client Gateway ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 17:22:47 -0000 VANHULLEBUS Yvan writes: Hi Yvan, > It should work (I'm compiling it with a modified 6.1-PRERELEASE, but > did not tried for now with just 6.1-PRERELEASE+NAT6T patch). I've forced natt support in the Makefile. > Could you send me the logs ? Asap, I have to make some place on my laptop and then transfer the vmware image I use for these tests. > nat-t support detection is quite bad actually (and not only with > FreeBSD), as it just detects NAT-T support in kernel includes, not in > compiled kernel. That's what I've seen > Have a look at your /usr/include/net/pfkeyv2.h, and see if you have > some NAT-T related stuff. This file contains the structure that the configure generated program tries to use. > I didn't have news about patent issues recently. Nice. > There are still some works to do on the patch, especially: > > - sync with Manu's recent works on NetBSD (support for multiple peers > behind the same address). > > It should not take too long to do that, and I'll work on it within > next weeks. > > - port to FAST_IPSEC. Once again, it should not take too much time to > do that. I was waiting for George's works on PFKey interface, but > looks like it won't really be a problem to merge both works, so I'll > probably do it "soon". Would be nice, as KAME ipsec stack doesn't seem to have locked atm (the box I plan to use is an old dual ppro) > But the actual version of the patch is already good enough for > integration if FreeBSd's team wants it, there are just some > (temporary) limitations which needs to be know. Great, I'll post the configure log asa the box and I are ready ;) Éric -- Tous cela, il faut que ça change. Je PAYE mon abonnement Internet et j'exige que mon vote et mes opinions soient pris en considération. -+- Rocou In GNU - Les payeurs ne sont pas les conseilleurs -+- From owner-freebsd-net@FreeBSD.ORG Thu Mar 23 19:57:06 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4015B16A424 for ; Thu, 23 Mar 2006 19:57:06 +0000 (UTC) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6D60F43D53 for ; Thu, 23 Mar 2006 19:55:35 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id k2NJtY2f027953; Thu, 23 Mar 2006 11:55:34 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id k2NJtYaK027952; Thu, 23 Mar 2006 11:55:34 -0800 Date: Thu, 23 Mar 2006 11:55:34 -0800 From: Brooks Davis To: Paul Schmehl Message-ID: <20060323195534.GB25560@odin.ac.hmc.edu> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="+g7M9IMkV8truYOl" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu Cc: freebsd-net@freebsd.org Subject: Re: lo0 not starting on boot X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 19:57:06 -0000 --+g7M9IMkV8truYOl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 23, 2006 at 10:07:36AM -0600, Paul Schmehl wrote: > In 6.0 SECURITY, what starts up lo0? It's not starting by default, and= =20 > /etc/rc.d/netif has no effect on the interface. I *believe* this is the= =20 > cause of a problem I'm having with xinerama, but I can't seem to figure o= ut=20 > how to get the loopback to come up on boot. Any help would be appreciate= d. >=20 > I already have the following in /etc/rc.conf: > network_interfaces=3D"lo0 bge0" > ifconfig_lo0=3D"inet 127.0.0.1" The second line should be unncessicary since it's already in /etc/defaults/rc.conf. Unless you have a good reason for it, I'd drop the first list as well. It's quite unnecessicary in most cases. There's clearly something weirdly broked on your system. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --+g7M9IMkV8truYOl Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFEIv02XY6L6fI4GtQRAji8AJ0ZmM5U3ppuyq8xiOjEinr9MnJH0QCghbjz 0BYj9HKapjIhxDT7ECSwhWE= =OV84 -----END PGP SIGNATURE----- --+g7M9IMkV8truYOl-- From owner-freebsd-net@FreeBSD.ORG Thu Mar 23 20:28:03 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A06D916A401 for ; Thu, 23 Mar 2006 20:28:03 +0000 (UTC) (envelope-from asegu_fbsdnet@borgtech.ca) Received: from borgtech.ca (borgtech.ca [216.187.106.216]) by mx1.FreeBSD.org (Postfix) with ESMTP id 27DC343D53 for ; Thu, 23 Mar 2006 20:28:02 +0000 (GMT) (envelope-from asegu_fbsdnet@borgtech.ca) Received: from localhost (localhost.borgtech.ca [127.0.0.1]) by borgtech.ca (Postfix) with ESMTP id DC98554BC for ; Thu, 23 Mar 2006 20:28:00 +0000 (GMT) Received: from borgtech.ca ([127.0.0.1]) by localhost (borg.internal.borgtech.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 41853-01 for ; Thu, 23 Mar 2006 20:27:49 +0000 (GMT) Received: from [161.53.212.163] (unknown [161.53.212.163]) by borgtech.ca (Postfix) with ESMTP id 92F3554B7 for ; Thu, 23 Mar 2006 20:27:46 +0000 (GMT) Message-ID: <442304AD.1010709@borgtech.ca> Date: Thu, 23 Mar 2006 21:27:25 +0100 From: Andrew Seguin User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at borgtech.ca Subject: net.link.ether.bridge.config effeciency for more then 2 interfaces? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 20:28:03 -0000 I'm trying to get a vlan based firewall working, but having a problem with ARP & DHCP not working well (dhcp could be maybe not working well because of ARP) The network is setup: IP: xyz.zyx.xzy.0/24 [ISP router -> ISP Switch] -> firewall ->{vlans-tagged}->layer2 switch->other switches (I don't have the authoritzation to put the firewall between the ISP router/switch unfortunatly) I've configured a local layer2 managed switch to have all vlans as tagged on port 1, and then configured two ports per vlan. In the firewall I have it configured as follows: network cards: fxp0 -> to the ISP switch (.14/28) fxp1 -> unused at the moment fxp2 -> receives the vlans vlan3 vlan 3 vlandev fxp2; (IP:.17/28) vlan4 vlan 4 vlandev fxp2; (IP:.33/27) vlan5 vlan 5 vlandev fxp2; (IP:.65/26) vlan7 vlan 7 vlandev fxp2; (IP.129/25) vlan8 vlan 8 vlandev fxp2; (IP:10.1.0.0/16) (nat is arranged by PF to .13 on fxp0) Having only gateway_enable="YES" in rc.conf, the traffic between vlans flows fine (until I put in IPFW restrictions that is), but from vlans to internet it doesn't (ping to router doesn't work). So I decided simply to bridge all the vlans together (if you have a possible solution around this, I'd appreciate it!). And that's where my problem begins. For what could be best described as 'political' reasons, I want at all costs to avoid having the ISP router reconfigured (the ISP is ready to do it, people here aren't) if I configure net.link.ether.bridge.config=fxp0,vlan7 for example, all is fine. Traffic flows normally. If I configure net.link.ether.bridge.config=fxp0,vlan3,vlan7 then I start having major problems with arp requests making it through. DHCP is as well seriously affected, leaving computers in a pretty bad situation. CPU usage in either case ranges from 2-4% (internet's only a SDSL link, so it's no trouble for the firewall) I've put below a summary of the loaded ipfw rules. I sorta think my problem could be related to the bridging of arps, but I'm not unconvinced that the traffic shapping is affecting as well although the firewall rules don't change, only the bridge configuration to go from problematic to OK. I thank you all for your time, Andrew ipfw.rules: ---------- 1 allow ip from ...0/24 to ...0/24 100 count ip from any to any via fxp0 ... 108 count ip from any to any via vlan8 201 - 205 allow tcp/udp ssh,dhcp,snmp and dns 300 - deny netbios traffic 401&402 - pipe 10/11 (bw 300kbps, mask src/dst 0x000000ff) // max speed per computer 410-420 allow some stuff like web/email to go to max speed 490&491 - pipe 30/31 (bw 1000kbps) // max speed for 'bulk' stuff like P2P, FTP... 492&493 - pipe 20/21 (bw 200kbps, mask src/dst 0x000000ff) // max bulk speed per computer 65535 - allow all From owner-freebsd-net@FreeBSD.ORG Thu Mar 23 20:41:23 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EEF3416A401 for ; Thu, 23 Mar 2006 20:41:23 +0000 (UTC) (envelope-from pauls@utdallas.edu) Received: from smtp1.utdallas.edu (smtp1.utdallas.edu [129.110.10.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8D53243D46 for ; Thu, 23 Mar 2006 20:41:23 +0000 (GMT) (envelope-from pauls@utdallas.edu) Received: from utd59514.utdallas.edu (utd59514.utdallas.edu [129.110.3.28]) by smtp1.utdallas.edu (Postfix) with ESMTP id 0919838942D; Thu, 23 Mar 2006 14:41:16 -0600 (CST) Date: Thu, 23 Mar 2006 14:40:57 -0600 From: Paul Schmehl To: Brooks Davis , freebsd-net@freebsd.org Message-ID: <3AC2CAE7FC658D8EBA589F4F@utd59514.utdallas.edu> In-Reply-To: <20060323195534.GB25560@odin.ac.hmc.edu> References: <20060323195534.GB25560@odin.ac.hmc.edu> X-Mailer: Mulberry/4.0.0b4 (Linux/x86) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=sha1; protocol="application/pkcs7-signature"; boundary="==========FE80868086CCC8DA9ECB==========" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: lo0 not starting on boot X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 20:41:24 -0000 --==========FE80868086CCC8DA9ECB========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline --On Thursday, March 23, 2006 11:55:34 -0800 Brooks Davis=20 wrote: > On Thu, Mar 23, 2006 at 10:07:36AM -0600, Paul Schmehl wrote: >> In 6.0 SECURITY, what starts up lo0? It's not starting by default, and >> /etc/rc.d/netif has no effect on the interface. I *believe* this is the >> cause of a problem I'm having with xinerama, but I can't seem to figure >> out how to get the loopback to come up on boot. Any help would be >> appreciated. >> >> I already have the following in /etc/rc.conf: >> network_interfaces=3D"lo0 bge0" >> ifconfig_lo0=3D"inet 127.0.0.1" > > The second line should be unncessicary since it's already in > /etc/defaults/rc.conf. Unless you have a good reason for it, I'd > drop the first list as well. It's quite unnecessicary in most cases. > There's clearly something weirdly broked on your system. > Yes, and I found it. There was a second instance of network_interfaces=20 farther down in the /etc/rc.conf file. It only listed the bge0 interface,=20 and I'm certain it's being installed by a port. I found the same problem=20 on three boxes but not on two others. I'm looking for the cause of the=20 problem now. Paul Schmehl (pauls@utdallas.edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/ --==========FE80868086CCC8DA9ECB==========-- From owner-freebsd-net@FreeBSD.ORG Thu Mar 23 20:49:59 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B97D716A400 for ; Thu, 23 Mar 2006 20:49:59 +0000 (UTC) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 17FE443D64 for ; Thu, 23 Mar 2006 20:49:54 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.12.11) with ESMTP id k2NKnr2b072851; Thu, 23 Mar 2006 12:49:53 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id k2NKnrSF072850; Thu, 23 Mar 2006 12:49:53 -0800 (PST) (envelope-from rizzo) Date: Thu, 23 Mar 2006 12:49:53 -0800 From: Luigi Rizzo To: Paul Schmehl Message-ID: <20060323124953.A72829@xorpc.icir.org> References: <20060323195534.GB25560@odin.ac.hmc.edu> <3AC2CAE7FC658D8EBA589F4F@utd59514.utdallas.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3AC2CAE7FC658D8EBA589F4F@utd59514.utdallas.edu>; from pauls@utdallas.edu on Thu, Mar 23, 2006 at 02:40:57PM -0600 Cc: freebsd-net@freebsd.org Subject: Re: lo0 not starting on boot X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 20:49:59 -0000 On Thu, Mar 23, 2006 at 02:40:57PM -0600, Paul Schmehl wrote: ... > Yes, and I found it. There was a second instance of network_interfaces > farther down in the /etc/rc.conf file. It only listed the bge0 interface, > and I'm certain it's being installed by a port. I found the same problem i had a similar problem earier when i tried to disable automatic configuration of the wired ethernet on my laptop and manually set network_interfaces to only list wi0. I wonder whether in the past lo0 was configured irrespective of the setting of network_interfaces, or i just remember badly... cheers luigi From owner-freebsd-net@FreeBSD.ORG Thu Mar 23 21:18:55 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3B21816A481 for ; Thu, 23 Mar 2006 21:18:55 +0000 (UTC) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F56943DE0 for ; Thu, 23 Mar 2006 21:18:39 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id k2NLIcqD007547; Thu, 23 Mar 2006 13:18:38 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id k2NLIcBH007545; Thu, 23 Mar 2006 13:18:38 -0800 Date: Thu, 23 Mar 2006 13:18:38 -0800 From: Brooks Davis To: Luigi Rizzo Message-ID: <20060323211838.GA1787@odin.ac.hmc.edu> References: <20060323195534.GB25560@odin.ac.hmc.edu> <3AC2CAE7FC658D8EBA589F4F@utd59514.utdallas.edu> <20060323124953.A72829@xorpc.icir.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="wac7ysb48OaltWcw" Content-Disposition: inline In-Reply-To: <20060323124953.A72829@xorpc.icir.org> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu Cc: Paul Schmehl , freebsd-net@freebsd.org Subject: Re: lo0 not starting on boot X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 21:18:55 -0000 --wac7ysb48OaltWcw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 23, 2006 at 12:49:53PM -0800, Luigi Rizzo wrote: > On Thu, Mar 23, 2006 at 02:40:57PM -0600, Paul Schmehl wrote: > ... > > Yes, and I found it. There was a second instance of network_interfaces= =20 > > farther down in the /etc/rc.conf file. It only listed the bge0 interfa= ce,=20 > > and I'm certain it's being installed by a port. I found the same probl= em=20 >=20 > i had a similar problem earier when i tried to disable > automatic configuration of the wired ethernet on my laptop > and manually set network_interfaces to only list wi0. > I wonder whether in the past lo0 was configured irrespective > of the setting of network_interfaces, or i just remember > badly... It used to be hard coded. Today we force it to the front of the list in the network_interfaces=3Dauto case, but don't do anything special with it in the other case. We could change to code to always make it the first item in all cases if it exists at all, but I'm not particularly thrilled by that idea. In general I don't recommend the use of network_interfaces at all and I'm tempted to nuke it at some point in the future. It's not really necessicary any more becuse you can use the NOAUTO keyword in your ifconfig_ lines if you want them around, but don't want them used at boot. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --wac7ysb48OaltWcw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFEIxCtXY6L6fI4GtQRAvNkAJsHOdajkz7gn/vmFeIezrvA5YVZkACfTJTO 8kfEXsBufo2QNhny0rUt1AQ= =wzaA -----END PGP SIGNATURE----- --wac7ysb48OaltWcw-- From owner-freebsd-net@FreeBSD.ORG Thu Mar 23 21:20:42 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C4D816A41F for ; Thu, 23 Mar 2006 21:20:42 +0000 (UTC) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6AFB143D68 for ; Thu, 23 Mar 2006 21:20:34 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.12.11) with ESMTP id k2NLKYMs073315; Thu, 23 Mar 2006 13:20:34 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id k2NLKYnM073314; Thu, 23 Mar 2006 13:20:34 -0800 (PST) (envelope-from rizzo) Date: Thu, 23 Mar 2006 13:20:34 -0800 From: Luigi Rizzo To: Brooks Davis Message-ID: <20060323132034.A73245@xorpc.icir.org> References: <20060323195534.GB25560@odin.ac.hmc.edu> <3AC2CAE7FC658D8EBA589F4F@utd59514.utdallas.edu> <20060323124953.A72829@xorpc.icir.org> <20060323211838.GA1787@odin.ac.hmc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20060323211838.GA1787@odin.ac.hmc.edu>; from brooks@one-eyed-alien.net on Thu, Mar 23, 2006 at 01:18:38PM -0800 Cc: Paul Schmehl , freebsd-net@freebsd.org Subject: Re: lo0 not starting on boot X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 21:20:42 -0000 On Thu, Mar 23, 2006 at 01:18:38PM -0800, Brooks Davis wrote: ... > It used to be hard coded. Today we force it to the front of the list > in the network_interfaces=auto case, but don't do anything special with > it in the other case. We could change to code to always make it the > first item in all cases if it exists at all, but I'm not particularly > thrilled by that idea. In general I don't recommend the use of > network_interfaces at all and I'm tempted to nuke it at some point in > the future. It's not really necessicary any more becuse you can use the > NOAUTO keyword in your ifconfig_ lines if you want them around, but > don't want them used at boot. the NOAUTO makes sense indeed. basically it is a documentation issue - print a warning when you parse rc.conf and find network_interfaces set, and suggest NOAUTO instead. cheers luigi From owner-freebsd-net@FreeBSD.ORG Thu Mar 23 21:33:07 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F177816A41F for ; Thu, 23 Mar 2006 21:33:07 +0000 (UTC) (envelope-from gad@gad.glazov.net) Received: from pr.glazov.net (pr.glazov.net [81.18.139.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 74BD343D49 for ; Thu, 23 Mar 2006 21:33:05 +0000 (GMT) (envelope-from gad@gad.glazov.net) Received: from localhost (nat65.homenet.glazov.net [81.18.139.65]) by pr.glazov.net (8.13.5/8.13.1) with ESMTP id k2NLX3VX026491; Fri, 24 Mar 2006 01:33:04 +0400 Date: Fri, 24 Mar 2006 01:33:42 +0400 From: Vitaly Bogdanov To: Paul Schmehl , freebsd-net@freebsd.org, gad@glazov.net Message-ID: <20060323213342.GA3012@gad.glazov.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i X-Powered-by: FreeBSD 6.0-BETA5 X-Virus-Scanned: ClamAV version 0.88, clamav-milter version 0.87 on pr.glazov.net X-Virus-Status: Clean Cc: Subject: Re: lo0 not starting on boot X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 21:33:08 -0000 On Thu, Mar 23, 2006, Paul Schmehl wrote: > In 6.0 SECURITY, what starts up lo0? It's not starting by default, and > /etc/rc.d/netif has no effect on the interface. I *believe* this is the > cause of a problem I'm having with xinerama, but I can't seem to figure out > how to get the loopback to come up on boot. Any help would be appreciated. > > I already have the following in /etc/rc.conf: > network_interfaces="lo0 bge0" > ifconfig_lo0="inet 127.0.0.1" I also had such problem. There is a typo in /etc/network.subr. for _if in ${_tmplist} ; do if dhcpif $_if; then _dhcplist="${_dhcplist}${_aprefix}${_if}" [ -z "$_aprefix" ] && _aprefix=' ' elif [ -n "`_ifconfig_getargs $if`" ]; then ^^^^ - should be $_if _nodhcplist="${_nodhcplist}${_bprefix}${_if}" [ -z "$_bprefix" ] && _bprefix=' ' fi -- Vitaly From owner-freebsd-net@FreeBSD.ORG Thu Mar 23 22:56:32 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B009516A401; Thu, 23 Mar 2006 22:56:32 +0000 (UTC) (envelope-from lists@wm-access.no) Received: from lakepoint.domeneshop.no (lakepoint.domeneshop.no [194.63.248.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0ED0D43D58; Thu, 23 Mar 2006 22:56:30 +0000 (GMT) (envelope-from lists@wm-access.no) Received: from [192.168.5.8] (host-81-191-3-170.bluecom.no [81.191.3.170]) (authenticated bits=0) by lakepoint.domeneshop.no (8.13.4/8.13.4) with ESMTP id k2NMuTLH001448 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 23 Mar 2006 23:56:29 +0100 Message-ID: <442327A0.2060801@wm-access.no> Date: Thu, 23 Mar 2006 23:56:32 +0100 From: =?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?= User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Andre Oppermann References: <441F6FE0.80108@wm-access.no> <441FB565.BA3628B3@freebsd.org> In-Reply-To: <441FB565.BA3628B3@freebsd.org> X-Enigmail-Version: 0.94.0.0 OpenPGP: id=D6F56A9B Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig162C2DCFAAC0B79853FCA915" Cc: freebsd-net@freebsd.org Subject: Re: How can i detect if a received UDP got fragmented from userland? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 22:56:32 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig162C2DCFAAC0B79853FCA915 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Andre Oppermann wrote: > Sten Daniel S=F8rsdal wrote: >> I am currently working on a udp multicast application written in C for= >> FreeBSD (6.x) >> >> For our test cases in many different network types we found that >> fragmentation poses as a significant problem for quality and reliabili= ty. >> Packets that get fragmented are more likely to get dropped than >> packets that do not get fragmented and since our application needs hig= h >> bulk performance without retransmissions we believe our application an= d >> the network would benefit from this. >> Our first assumption was that adding DF to UDP would solve it, and it >> does in our small tests, but it has a noticable negative effect on the= >> network. >> Are there any way i can read whether a message's packet was fragmented= >> into smaller pieces and preferably how large the largest fragment was?= >> Are there any feasible way to do this? >=20 > No. There is no way to know from userland if a packet was fragmented. > In theory you can infere this from the size of the rcvmsg() you do. If= > it is larger than your local MTU it must have been fragemented. This > doesn't allow you to find out if the path from source to receiver has > a lower MTU somewhere however. There you can only do path MTU discover= y. >=20 I have a hard time figuring out how to do path mtu discovery from server = side. Could i have your opinions about an implementation idea? I considered adding a socket flag for UDP to indicate i want to monitor=20 this socket for incoming fragments. Then send a message on the routing=20 socket indicating the largest fragment size and the host address that=20 caused the fragments - whenever a successful defragmented packet is=20 passed to higher levels? --=20 Sten Daniel S=F8rsdal --------------enig162C2DCFAAC0B79853FCA915 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEIyegMvOF8Nb1apsRAsbvAJ9ZbyDQeSZnDvuvfPi65LN7nASLZgCfTuAZ 98XTGT+9tAd4/YZBVKkVOIY= =Jhxc -----END PGP SIGNATURE----- --------------enig162C2DCFAAC0B79853FCA915-- From owner-freebsd-net@FreeBSD.ORG Thu Mar 23 23:37:02 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D7EFC16A401 for ; Thu, 23 Mar 2006 23:37:02 +0000 (UTC) (envelope-from e-masson@kisoft-services.com) Received: from kraid.nerim.net (smtp-104-thursday.nerim.net [62.4.16.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id 35E3B43D45 for ; Thu, 23 Mar 2006 23:36:59 +0000 (GMT) (envelope-from e-masson@kisoft-services.com) Received: from srvbsdnanssv.interne.kisoft-services.com (kisoft.net1.nerim.net [62.212.107.51]) by kraid.nerim.net (Postfix) with ESMTP id C742F40F50; Fri, 24 Mar 2006 00:36:56 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by srvbsdnanssv.interne.kisoft-services.com (Postfix) with ESMTP id 409BDC706; Fri, 24 Mar 2006 00:36:57 +0100 (CET) Received: from srvbsdnanssv.interne.kisoft-services.com ([127.0.0.1]) by localhost (srvbsdnanssv.interne.kisoft-services.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 62155-06; Fri, 24 Mar 2006 00:36:56 +0100 (CET) Received: by srvbsdnanssv.interne.kisoft-services.com (Postfix, from userid 1001) id 8A16EC6FF; Fri, 24 Mar 2006 00:36:56 +0100 (CET) To: VANHULLEBUS Yvan From: Eric Masson In-Reply-To: <20060323163951.GA11458@zen.inc> (VANHULLEBUS Yvan's message of "Thu, 23 Mar 2006 17:39:51 +0100") References: <4421CCF3.9010907@shrew.net> <86odzx2lem.fsf@srvbsdnanssv.interne.kisoft-services.com> <20060323163951.GA11458@zen.inc> X-Operating-System: FreeBSD 5.4-RELEASE-p2 i386 Date: Fri, 24 Mar 2006 00:36:56 +0100 Message-ID: <86odzw20o7.fsf@srvbsdnanssv.interne.kisoft-services.com> User-Agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Jumbo Shrimp, berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 8bit X-Virus-Scanned: amavisd-new at interne.kisoft-services.com Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD as a VPN Client Gateway ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 23:37:02 -0000 VANHULLEBUS Yvan writes: Hi, > nat-t support detection is quite bad actually (and not only with > FreeBSD), as it just detects NAT-T support in kernel includes, not in > compiled kernel. Rhahhh, le boulet, le boulet, le boulet... I forgot to install includes... so config failure had to happen. A full buildworld/buildkernel solved the non issue, sorry for the noise. Éric -- AS> J'ai été obligé de reformater Il suffisait pour ce faire avoir non AS> de cliquer mais seulement d'approcher la "putain" de souris du post Approcher la souris du post ? Vous travaillez chez X-Files ? -+- CdO in GNU : Si la vérité est ailleurs, neuneu est bien là, lui -+- From owner-freebsd-net@FreeBSD.ORG Fri Mar 24 06:01:41 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D9D316A420 for ; Fri, 24 Mar 2006 06:01:41 +0000 (UTC) (envelope-from jay2xra@yahoo.com) Received: from web51615.mail.yahoo.com (web51615.mail.yahoo.com [206.190.39.127]) by mx1.FreeBSD.org (Postfix) with SMTP id 9EF2243D49 for ; Fri, 24 Mar 2006 06:01:40 +0000 (GMT) (envelope-from jay2xra@yahoo.com) Received: (qmail 86795 invoked by uid 60001); 24 Mar 2006 06:01:40 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=zvOK5UzEmFzbFsyOMT1XU43cKhV+6lTLPYJfQy+IhyxdgcRD8rbtFMU/EQQzFq8oNzOMFP2JBTSdlSLVYCUi+WK8lIdon+ThKEiunvceouBV7LuPL2OHpOMPyVWVe8O0Gy4oIXt2dHkIMeqlVE1onyoxAmFZYQ5jcxBDfZNMHO8= ; Message-ID: <20060324060140.86793.qmail@web51615.mail.yahoo.com> Received: from [202.90.158.202] by web51615.mail.yahoo.com via HTTP; Thu, 23 Mar 2006 22:01:40 PST Date: Thu, 23 Mar 2006 22:01:40 -0800 (PST) From: Mark Jayson Alvarez To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: How do you keep users from stealing other user's ip?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Mar 2006 06:01:41 -0000 Good day, We are trying to reorganize our local area network and I need some tips on how you are managing your own lan... We have a vanilla pc router with interface facing our private lan and interface facing the Internet. One problem which we are experiencing right now is that any user from private lan can use any ip address he wants. If he boots his computer with a stolen ip address, the poor owner of that machine(not active at the moment) will give automatically up his ip address to this user. The same scenario for public ip addresses. Basically, we need to track down the users through their ip address.. But this is trivial as of now since anyone can use any ip he wants. Even if there is a solution out there to tie up his mac address to his ip address..(sort of checking the mac first before giving him an ip, possibly through dhcp..) still, users can just download applications which will enable him to change his mac address.... Now, where thinking about authenticating users before he is allowed to use a particular network service(internet proxy, mail etc.) because I guess it is a clever way of keeping the bad users from doing something bad within your network when after all, the reason why he is plugging his lancard to the network is to use a particular service. However, it still doesn't keep them from playing around and still other ip addresses or mac addresses and thus denying network access to those legitimate owners. Any idea how to handle this situations?? Thanks... --------------------------------- New Yahoo! Messenger with Voice. Call regular phones from your PC and save big. From owner-freebsd-net@FreeBSD.ORG Fri Mar 24 06:30:51 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD60416A401 for ; Fri, 24 Mar 2006 06:30:51 +0000 (UTC) (envelope-from rea@rea.mbslab.kiae.ru) Received: from rea.mbslab.kiae.ru (rea.mbslab.kiae.ru [144.206.177.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4F87F43D45 for ; Fri, 24 Mar 2006 06:30:51 +0000 (GMT) (envelope-from rea@rea.mbslab.kiae.ru) Received: from rea.mbslab.kiae.ru (localhost [127.0.0.1]) by rea.mbslab.kiae.ru (Postfix) with ESMTP id 23515BDA6; Fri, 24 Mar 2006 09:30:49 +0300 (MSK) Received: by rea.mbslab.kiae.ru (Postfix, from userid 1000) id E2EA2BB8C; Fri, 24 Mar 2006 09:30:48 +0300 (MSK) Date: Fri, 24 Mar 2006 09:30:48 +0300 From: Eygene Ryabinkin To: Mark Jayson Alvarez Message-ID: <20060324063048.GA10114@rea.mbslab.kiae.ru> References: <20060324060140.86793.qmail@web51615.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20060324060140.86793.qmail@web51615.mail.yahoo.com> X-AV-Checked: Yes! Cc: freebsd-net@freebsd.org Subject: Re: How do you keep users from stealing other user's ip?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Mar 2006 06:30:51 -0000 > One problem which we are experiencing right now is that any user from private lan can use any ip address he wants. If he boots his computer with a stolen ip address, the poor owner of that machine(not active at the moment) will give automatically up his ip address to this user. The same scenario for public ip addresses. Basically, we need to track down the users through their ip address.. But this is trivial as of now since anyone can use any ip he wants. Even if there is a solution out there to tie up his mac address to his ip address..(sort of checking the mac first before giving him an ip, possibly through dhcp..) still, users can just download applications which will enable him to change his mac address.... The trivial solution will be to install arpwatch and statically bind user's MAC to their IP's via /etc/ethers (man 5 ethers). It will not prevent smart users to stole IP's, because it is trivial to change host MAC, but it will provide a mild protection. > > Now, where thinking about authenticating users before he is allowed to use a particular network service(internet proxy, mail etc.) because I guess it is a clever way of keeping the bad users from doing something bad within your network when after all, the reason why he is plugging his lancard to the network is to use a particular service. However, it still doesn't keep them from playing around and still other ip addresses or mac addresses and thus denying network access to those legitimate owners. Together with the arpwatch and statical MAC-IP binding authentification will provide somewhat stronger protection. You can try to isolate users from each other with the VPN channels that will require the knowledge of the auth token and not only IP-MAC pair that is visible over the network. This solution looks a bit heavy for me, but maybe it will be good for you. -- Eygene From owner-freebsd-net@FreeBSD.ORG Fri Mar 24 09:39:33 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 00C7016A41F for ; Fri, 24 Mar 2006 09:39:33 +0000 (UTC) (envelope-from lists@wm-access.no) Received: from lakepoint.domeneshop.no (lakepoint.domeneshop.no [194.63.248.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 247DD43D49 for ; Fri, 24 Mar 2006 09:39:31 +0000 (GMT) (envelope-from lists@wm-access.no) Received: from [192.168.9.8] (gw1.arcticwireless.no [80.203.184.14]) (authenticated bits=0) by lakepoint.domeneshop.no (8.13.4/8.13.4) with ESMTP id k2O9dU04025215 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 24 Mar 2006 10:39:30 +0100 Message-ID: <4423BE70.2010807@wm-access.no> Date: Fri, 24 Mar 2006 10:40:00 +0100 From: =?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?= User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Mark Jayson Alvarez References: <20060324060140.86793.qmail@web51615.mail.yahoo.com> In-Reply-To: <20060324060140.86793.qmail@web51615.mail.yahoo.com> X-Enigmail-Version: 0.94.0.0 OpenPGP: id=D6F56A9B Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig9E6FCDB69FE34BE84195AD98" Cc: freebsd-net@freebsd.org Subject: Re: How do you keep users from stealing other user's ip?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Mar 2006 09:39:33 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig9E6FCDB69FE34BE84195AD98 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Mark Jayson Alvarez wrote: > Good day, > =20 > =20 > We are trying to reorganize our local area network and I need some tip= s on how you are managing your own lan... > =20 > We have a vanilla pc router with interface facing our private lan and = interface facing the Internet. > =20 > One problem which we are experiencing right now is that any user from = private lan can use any ip address he wants. If he boots his computer wit= h a stolen ip address, the poor owner of that machine(not active at the m= oment) will give automatically up his ip address to this user. The same s= cenario for public ip addresses. Basically, we need to track down the use= rs through their ip address.. But this is trivial as of now since anyone = can use any ip he wants. Even if there is a solution out there to tie up = his mac address to his ip address..(sort of checking the mac first before= giving him an ip, possibly through dhcp..) still, users can just downloa= d applications which will enable him to change his mac address.... > =20 > Now, where thinking about authenticating users before he is allowed to= use a particular network service(internet proxy, mail etc.) because I gu= ess it is a clever way of keeping the bad users from doing something bad = within your network when after all, the reason why he is plugging his lan= card to the network is to use a particular service. However, it still do= esn't keep them from playing around and still other ip addresses or mac a= ddresses and thus denying network access to those legitimate owners. > =20 > Any idea how to handle this situations?? > Thanks... If it's a service provider scenario i would employ vlans. One vlan to=20 each customer. Providing network or Internet service costs more than=20 your typical small company network. Each customer should get his/her own = dedicated "line" so to speak. I would most likely employ /30 networks (or larger) to each customer as=20 this would be the most solid way to do it. This goes for public IP=20 addresses as well. You could bridge the vlans but this will give you=20 grief and if not done right will leave you back at square one. Some would say PPPoE, which is a fine solution. It comes with it's own=20 set of challenges. Many idiotic hobby "admins" out there block icmp all=20 together. Some even drop fragments. But Managed vlan switches are becoming quite affordable these days. Not only = would they help you track down a "sinner" within minutes (instead of=20 hours, if not days). They often come with more than adequate snmp=20 support so you can do real monitoring (even the low end ones). --=20 Sten Daniel S=F8rsdal --------------enig9E6FCDB69FE34BE84195AD98 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEI75wMvOF8Nb1apsRAr4eAJ9xU+CZ80yZ4XhWliThVYsnPcgLlgCeJtHT SicLDz8Odls0yDggmBi+RYI= =QMvZ -----END PGP SIGNATURE----- --------------enig9E6FCDB69FE34BE84195AD98-- From owner-freebsd-net@FreeBSD.ORG Fri Mar 24 10:37:14 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A863D16A422 for ; Fri, 24 Mar 2006 10:37:14 +0000 (UTC) (envelope-from jon.otterholm@ide.resurscentrum.se) Received: from mail1.cil.se (mail1.cil.se [217.197.56.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1076043D46 for ; Fri, 24 Mar 2006 10:37:13 +0000 (GMT) (envelope-from jon.otterholm@ide.resurscentrum.se) Received: from [192.168.98.245] ([192.168.98.245]) by mail1.cil.se with Microsoft SMTPSVC(6.0.3790.0); Fri, 24 Mar 2006 11:37:11 +0100 Message-ID: <4423CBD5.2040208@ide.resurscentrum.se> Date: Fri, 24 Mar 2006 11:37:09 +0100 From: Jon Otterholm User-Agent: Thunderbird 1.5 (X11/20060204) MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <20060324060140.86793.qmail@web51615.mail.yahoo.com> <4423BE70.2010807@wm-access.no> In-Reply-To: <4423BE70.2010807@wm-access.no> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-OriginalArrivalTime: 24 Mar 2006 10:37:11.0163 (UTC) FILETIME=[E85544B0:01C64F2E] Subject: Re: How do you keep users from stealing other user's ip?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Mar 2006 10:37:14 -0000 Sten Daniel Sørsdal wrote: > Mark Jayson Alvarez wrote: >> Good day, >> >> >> We are trying to reorganize our local area network and I need some >> tips on how you are managing your own lan... >> >> We have a vanilla pc router with interface facing our private lan >> and interface facing the Internet. >> >> One problem which we are experiencing right now is that any user >> from private lan can use any ip address he wants. If he boots his >> computer with a stolen ip address, the poor owner of that machine(not >> active at the moment) will give automatically up his ip address to >> this user. The same scenario for public ip addresses. Basically, we >> need to track down the users through their ip address.. But this is >> trivial as of now since anyone can use any ip he wants. Even if there >> is a solution out there to tie up his mac address to his ip >> address..(sort of checking the mac first before giving him an ip, >> possibly through dhcp..) still, users can just download applications >> which will enable him to change his mac address.... >> >> Now, where thinking about authenticating users before he is allowed >> to use a particular network service(internet proxy, mail etc.) >> because I guess it is a clever way of keeping the bad users from >> doing something bad within your network when after all, the reason >> why he is plugging his lancard to the network is to use a particular >> service. However, it still doesn't keep them from playing around and >> still other ip addresses or mac addresses and thus denying network >> access to those legitimate owners. >> >> Any idea how to handle this situations?? >> Thanks... > > If it's a service provider scenario i would employ vlans. One vlan to > each customer. Providing network or Internet service costs more than > your typical small company network. Each customer should get his/her > own dedicated "line" so to speak. > > I would most likely employ /30 networks (or larger) to each customer > as this would be the most solid way to do it. This goes for public IP > addresses as well. You could bridge the vlans but this will give you > grief and if not done right will leave you back at square one. > > Some would say PPPoE, which is a fine solution. It comes with it's own > set of challenges. Many idiotic hobby "admins" out there block icmp > all together. Some even drop fragments. But > > Managed vlan switches are becoming quite affordable these days. Not > only would they help you track down a "sinner" within minutes (instead > of hours, if not days). They often come with more than adequate snmp > support so you can do real monitoring (even the low end ones). > To prevent users from MAC-spoofing - buy a switch with some kind of "port-security". If you could lock down a port to just one MAC and have a static ARP on the router it would be pretty hard to spoof the MAC-address. With another MAC than the one associated with the port you simply will not be able to talk to anyone. To take security one step further you could use some kind of RADIUS authentication (MAC/user/computer/??). Dlink 3526/3550 have these functions. In addition you could lock down the switch so that "user-ports" only could talk to the uplink port and never with each other. And NO - I am not a Dlink employee, just a big fan. /Jon From owner-freebsd-net@FreeBSD.ORG Fri Mar 24 10:49:02 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 194A716A401 for ; Fri, 24 Mar 2006 10:49:02 +0000 (UTC) (envelope-from rea@rea.mbslab.kiae.ru) Received: from rea.mbslab.kiae.ru (rea.mbslab.kiae.ru [144.206.177.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id A1B5643D49 for ; Fri, 24 Mar 2006 10:49:01 +0000 (GMT) (envelope-from rea@rea.mbslab.kiae.ru) Received: from rea.mbslab.kiae.ru (localhost [127.0.0.1]) by rea.mbslab.kiae.ru (Postfix) with ESMTP id 9A2B1BDAE; Fri, 24 Mar 2006 13:48:59 +0300 (MSK) Received: by rea.mbslab.kiae.ru (Postfix, from userid 1000) id 75E82BB3B; Fri, 24 Mar 2006 13:48:59 +0300 (MSK) Date: Fri, 24 Mar 2006 13:48:59 +0300 From: Eygene Ryabinkin To: Jon Otterholm Message-ID: <20060324104859.GA10570@rea.mbslab.kiae.ru> References: <20060324060140.86793.qmail@web51615.mail.yahoo.com> <4423BE70.2010807@wm-access.no> <4423CBD5.2040208@ide.resurscentrum.se> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <4423CBD5.2040208@ide.resurscentrum.se> X-AV-Checked: Yes! Cc: freebsd-net@freebsd.org Subject: Re: How do you keep users from stealing other user's ip?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Mar 2006 10:49:02 -0000 > To prevent users from MAC-spoofing - buy a switch with some kind of > "port-security". If you could lock down a port to just one MAC and have a > static ARP on the router it would be pretty hard to spoof the MAC-address. With > another MAC than the one associated with the port you simply will not be able > to talk to anyone. No-no-no, it is _very_ easy to spoof MAC address. For FreeBSD it is just 'ifconfig em0 link 00:11:22:33:44:55'. Almost the same for Linux and pretty easy for Windows. Port security would not prevent MAC spoofing -- you can not rely on the MAC provided by computer since it is easy to determine one for the 'trusted' machine and set yours to that. -- Eygene From owner-freebsd-net@FreeBSD.ORG Fri Mar 24 11:18:20 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7099E16A400 for ; Fri, 24 Mar 2006 11:18:20 +0000 (UTC) (envelope-from rea@rea.mbslab.kiae.ru) Received: from rea.mbslab.kiae.ru (rea.mbslab.kiae.ru [144.206.177.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id C684A43D6D for ; Fri, 24 Mar 2006 11:18:16 +0000 (GMT) (envelope-from rea@rea.mbslab.kiae.ru) Received: from rea.mbslab.kiae.ru (localhost [127.0.0.1]) by rea.mbslab.kiae.ru (Postfix) with ESMTP id 6F7F7BDA6 for ; Fri, 24 Mar 2006 14:18:15 +0300 (MSK) Received: by rea.mbslab.kiae.ru (Postfix, from userid 1000) id 531A8BB3B; Fri, 24 Mar 2006 14:18:15 +0300 (MSK) Resent-From: rea-fbsd@rea.mbslab.kiae.ru Resent-Date: Fri, 24 Mar 2006 14:18:15 +0300 Resent-Message-ID: <20060324111815.GC10570@rea.mbslab.kiae.ru> Resent-To: freebsd-net@freebsd.org Date: Fri, 24 Mar 2006 14:17:10 +0300 From: Eygene Ryabinkin To: Jon Otterholm Message-ID: <20060324111710.GB10570@rea.mbslab.kiae.ru> References: <20060324060140.86793.qmail@web51615.mail.yahoo.com> <4423BE70.2010807@wm-access.no> <4423CBD5.2040208@ide.resurscentrum.se> <20060324104859.GA10570@rea.mbslab.kiae.ru> <4423D210.2010002@ide.resurscentrum.se> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <4423D210.2010002@ide.resurscentrum.se> X-AV-Checked: Yes! Cc: Subject: Re: How do you keep users from stealing other user's ip?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Mar 2006 11:18:20 -0000 > But you wont get any traffic if the FDB on the switch is locked down. > > Example: > MAC Address Port Type > ---------------------- ------ ---------------- > 00-04-75-71-AE-22 11 Dynamic > > > If you lock down so that only MAC 00-04-75-71-AE-22 could be associated with > port 11 and any other MAC showing up on that port is ignored - the computer on > that port could change his MAC and the switch simply wont transfer any packets > destined for the spoofed MAC to that port. Uhm, sorry, missed the point that if we trust cable from PC to port then port security helps. Thanks for clarifying this! -- Eygene From owner-freebsd-net@FreeBSD.ORG Fri Mar 24 11:21:59 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A12D316A401 for ; Fri, 24 Mar 2006 11:21:59 +0000 (UTC) (envelope-from duane@greenmeadow.ca) Received: from smtpout.eastlink.ca (smtpout.eastlink.ca [24.222.0.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 415E543D48 for ; Fri, 24 Mar 2006 11:21:59 +0000 (GMT) (envelope-from duane@greenmeadow.ca) Received: from ip03.eastlink.ca ([24.222.10.15]) by mta01.eastlink.ca (Sun Java System Messaging Server 6.2-4.03 (built Sep 22 2005)) with ESMTP id <0IWM00MVWQ8HLVG1@mta01.eastlink.ca> for freebsd-net@freebsd.org; Fri, 24 Mar 2006 07:21:53 -0400 (AST) Received: from blk-224-199-230.eastlink.ca (HELO [192.168.0.103]) ([24.224.199.230]) by ip03.eastlink.ca with ESMTP; Fri, 24 Mar 2006 07:21:49 -0400 Date: Fri, 24 Mar 2006 07:20:55 -0400 From: Duane Whitty In-reply-to: <20060324104859.GA10570@rea.mbslab.kiae.ru> To: Eygene Ryabinkin Message-id: <4423D617.4020701@greenmeadow.ca> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7BIT X-BrightmailFiltered: true X-Brightmail-Tracker: AAAAAQAAA+k= References: <20060324060140.86793.qmail@web51615.mail.yahoo.com> <4423BE70.2010807@wm-access.no> <4423CBD5.2040208@ide.resurscentrum.se> <20060324104859.GA10570@rea.mbslab.kiae.ru> User-Agent: Thunderbird 1.5 (X11/20060309) Cc: freebsd-net@freebsd.org, Jon Otterholm Subject: Re: How do you keep users from stealing other user's ip?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Mar 2006 11:21:59 -0000 Eygene Ryabinkin wrote: >> To prevent users from MAC-spoofing - buy a switch with some kind of >> "port-security". If you could lock down a port to just one MAC and have a >> static ARP on the router it would be pretty hard to spoof the MAC-address. With >> another MAC than the one associated with the port you simply will not be able >> to talk to anyone. >> > No-no-no, it is _very_ easy to spoof MAC address. For FreeBSD it is just > 'ifconfig em0 link 00:11:22:33:44:55'. Almost the same for Linux and > pretty easy for Windows. Port security would not prevent MAC spoofing -- > you can not rely on the MAC provided by computer since it is easy to > determine one for the 'trusted' machine and set yours to that. > I agree, no problem to spoof the MAC. But if the user does so they lock themselves out because the port on the switch they connect to will only talk to one MAC address, the one they were originally given. --Duane From owner-freebsd-net@FreeBSD.ORG Fri Mar 24 11:24:35 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 94BD116A400 for ; Fri, 24 Mar 2006 11:24:35 +0000 (UTC) (envelope-from xds@LanGame.Net) Received: from mail.langame.net (netmail.langame.net [80.80.128.59]) by mx1.FreeBSD.org (Postfix) with SMTP id AC14543D48 for ; Fri, 24 Mar 2006 11:24:34 +0000 (GMT) (envelope-from xds@LanGame.Net) Received: (qmail 52507 invoked by uid 0); 24 Mar 2006 13:21:20 +0200 Received: from 80.80.128.68 by MAILMAN.LanGame.Net (envelope-from , uid 0) with qmail-scanner-1.25 (clamdscan: 0.88/1244. spamassassin: 3.1.0. Clear:RC:1(80.80.128.68):. Processed in 0.047187 secs); 24 Mar 2006 11:21:20 -0000 X-Qmail-Scanner-Mail-From: xds@LanGame.Net via MAILMAN.LanGame.Net X-Qmail-Scanner: 1.25 (Clear:RC:1(80.80.128.68):. Processed in 0.047187 secs) Received: from unknown (HELO ?80.80.128.68?) (xds%langame.net@80.80.128.68) by netmail.langame.net with SMTP; 24 Mar 2006 13:21:20 +0200 Message-ID: <4423D739.1020607@LanGame.Net> Date: Fri, 24 Mar 2006 13:25:45 +0200 From: Atanas Yankov User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050729) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <20060324060140.86793.qmail@web51615.mail.yahoo.com> <4423BE70.2010807@wm-access.no> <4423CBD5.2040208@ide.resurscentrum.se> In-Reply-To: <4423CBD5.2040208@ide.resurscentrum.se> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: How do you keep users from stealing other user's ip?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Mar 2006 11:24:35 -0000 Port security will help you when you want to ensure that particular mac address is enter switch on particular port but not prevent user to change ip address , statics arp is the most stupid part that most administrators does becouse router never send arp request to see are this device are there and blindly send traffic for this device encapsulated with static mac that not exist in bridging tables and this traffic is unknow unicast flooded accross the all switches bridges :)) and all devices , impact can be vary on value of sended traffic :)) , my suggestions is to use cisco multihost 802.1x implementation or play with private vlans . br, CCNP Atanas Yankov Network Administrator AngelSoft Ltd. Jon Otterholm wrote: > To prevent users from MAC-spoofing - buy a switch with some kind of > "port-security". If you could lock down a port to just one MAC and > have a static ARP on the router it would be pretty hard to spoof the > MAC-address. With another MAC than the one associated with the port > you simply will not be able to talk to anyone. > To take security one step further you could use some kind of RADIUS > authentication (MAC/user/computer/??). > > Dlink 3526/3550 have these functions. In addition you could lock down > the switch so that "user-ports" only could talk to the uplink port and > never with each other. > > > And NO - I am not a Dlink employee, just a big fan. > > /Jon > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Fri Mar 24 12:55:34 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC95B16A420; Fri, 24 Mar 2006 12:55:34 +0000 (UTC) (envelope-from joe@tao.org.uk) Received: from mailhost.tao.org.uk (transwarp.tao.org.uk [87.74.4.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 50BE743D46; Fri, 24 Mar 2006 12:55:33 +0000 (GMT) (envelope-from joe@tao.org.uk) Received: from genius.tao.org.uk (genius.pact.cpes.susx.ac.uk [139.184.130.240]) by mailhost.tao.org.uk (Postfix) with ESMTP id B018D65BF; Fri, 24 Mar 2006 12:55:29 +0000 (GMT) Received: by genius.tao.org.uk (Postfix, from userid 100) id 692484078; Fri, 24 Mar 2006 12:55:30 +0000 (GMT) Date: Fri, 24 Mar 2006 12:55:30 +0000 From: Josef Karthauser To: net@freebsd.org Message-ID: <20060324125530.GB1270@genius.tao.org.uk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="1LKvkjL3sHcu1TtY" Content-Disposition: inline User-Agent: Mutt/1.5.11 Cc: glebius@FreeBSD.org Subject: Problems - page fault in kernel, whilst running dhclient X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Mar 2006 12:55:34 -0000 --1LKvkjL3sHcu1TtY Content-Type: text/plain; charset=unknown-8bit Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi guys, My laptop is running: 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #30: Thu Mar 23 09:04:30 GMT 2006 Recently something went belly up, and now when I run 'dhclient em0' on the primary interface after a 'acpiconf -s 3' / resume cycle the machine panics. Here's the backtrace: (kgdb) bt #0 doadump () at pcpu.h:165 #1 0xc052b7b0 in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:3= 99 #2 0xc052ba5b in panic (fmt=3D0xc066a469 "%s") at /usr/src/sys/kern/kern_shutdown.c:555 #3 0xc0642ac6 in trap_fatal (frame=3D0xf5083ad4, eva=3D3735929055) at /usr/src/sys/i386/i386/trap.c:836 #4 0xc06427f7 in trap_pfault (frame=3D0xf5083ad4, usermode=3D0, eva=3D3735= 929055) at /usr/src/sys/i386/i386/trap.c:744 #5 0xc0642441 in trap (frame=3D {tf_fs =3D -1067909112, tf_es =3D -993329112, tf_ds =3D -991428568, tf_edi =3D -184009872, tf_esi =3D -559038242, tf_ebp =3D -184009924, tf_isp= =3D -184009984, tf_ebx =3D -184009872, tf_edx =3D 0, tf_ecx =3D 0, tf_eax =3D -559038242, tf_trapno =3D 12, tf_err =3D 0, tf_eip =3D -1067871110, tf_cs = =3D 32, tf_eflags =3D 66198, tf_esp =3D -991386368, tf_ss =3D -993285120}) at /usr/src/sys/i386/i386/trap.c:434 #6 0xc0631d7a in calltrap () at /usr/src/sys/i386/i386/exception.s:139 #7 0xc059947a in rtrequest1 (req=3D1, info=3D0xf5083b70, ret_nrt=3D0xf5083= b64) at /usr/src/sys/net/route.c:659 #8 0xc059a277 in rtinit (ifa=3D0xc4ee8900, cmd=3D1, flags=3D1) at /usr/src/sys/net/route.c:1191 #9 0xc05b189d in in_addprefix (target=3D0xc4ee8900, flags=3D1) at /usr/src/sys/netinet/in.c:842 #10 0xc05b17c9 in in_ifinit (ifp=3D0xc4cbac00, ia=3D0xc4ee8900, sin=3D0x0, = scrub=3D0) at /usr/src/sys/netinet/in.c:769 #11 0xc05b0b8a in in_control (so=3D0xc4eee42c, cmd=3D1, data=3D0xc4d59880 "= em0",=20 ifp=3D0xc4cbac00, td=3D0xc4bd8c00) at /usr/src/sys/netinet/in.c:439 #12 0xc0591737 in ifioctl (so=3D0xc4eee42c, cmd=3D2151704858,=20 data=3D0xc4d59880 "em0", td=3D0xc4bd8c00) at /usr/src/sys/net/if.c:1568 #13 0xc0554053 in soo_ioctl (fp=3D0xdeadc0de, cmd=3D2151704858, data=3D0xc4= d59880,=20 active_cred=3D0xc4a9cd80, td=3D0xc4bd8c00) at /usr/src/sys/kern/sys_socket.c:214 #14 0xc054ee18 in ioctl (td=3D0xc4bd8c00, uap=3D0xf5083d04) at file.h:258 #15 0xc0642d53 in syscall (frame=3D {tf_fs =3D 59, tf_es =3D 59, tf_ds =3D 59, tf_edi =3D 134574016, tf_e= si =3D 134582976, tf_ebp =3D -1077940728, tf_isp =3D -184009372, tf_ebx =3D -2143262438, tf_edx =3D 134585692, tf_ecx =3D 134574016, tf_eax =3D 54, tf_trapno =3D 12, tf_err =3D 2, tf_eip =3D 671900563, tf_cs =3D 51, tf_efla= gs =3D 646, tf_esp =3D -1077942852, tf_ss =3D 59}) at /usr/src/sys/i386/i386/trap.c:981 #16 0xc0631dcf in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s= :200 #17 0x00000033 in ?? () Looking at the trap frame and a few above I see this: At #7: (kgdb) up #7 0xc059947a in rtrequest1 (req=3D1, info=3D0xf5083b70, ret_nrt=3D0xf5083= b64) at /usr/src/sys/net/route.c:659 659 rnh =3D rt_tables[dst->sa_family]; Current language: auto; currently c (kgdb) print *info $3 =3D {rti_addrs =3D 0, rti_info =3D {0xdeadc0de, 0xdeadc0de, 0xdeadc0de, = 0x0, 0x0,=20 0x0, 0x0, 0x0}, rti_flags =3D 49631, rti_ifa =3D 0xc4ee8900, rti_ifp = =3D 0x0} (kgdb) print *ret_nrt $5 =3D (struct rtentry *) 0x0 Hmm, that's a lot of deadc0de! Here too: (kgdb) print *info->rti_ifa $7 =3D {ifa_addr =3D 0xdeadc0de, ifa_dstaddr =3D 0xdeadc0de,=20 ifa_netmask =3D 0xdeadc0de, if_data =3D {ifi_type =3D 222 '=DE',=20 ifi_physical =3D 192 '=C0', ifi_addrlen =3D 173 '=AD', ifi_hdrlen =3D 2= 22 '=DE',=20 ifi_link_state =3D 222 '=DE', ifi_recvquota =3D 192 '=C0',=20 ifi_xmitquota =3D 173 '=AD', ifi_datalen =3D 222 '=DE', ifi_mtu =3D 373= 5929054,=20 ifi_metric =3D 3735929054, ifi_baudrate =3D 3735929054,=20 ifi_ipackets =3D 3735929054, ifi_ierrors =3D 3735929054,=20 ifi_opackets =3D 3735929054, ifi_oerrors =3D 3735929054,=20 ifi_collisions =3D 3735929054, ifi_ibytes =3D 3735929054,=20 ifi_obytes =3D 3735929054, ifi_imcasts =3D 3735929054,=20 ifi_omcasts =3D 3735929054, ifi_iqdrops =3D 3735929054,=20 ifi_noproto =3D 3735929054, ifi_hwassist =3D 3735929054,=20 ifi_epoch =3D -559038242, ifi_lastchange =3D {tv_sec =3D -559038242,=20 tv_usec =3D -559038242}}, ifa_ifp =3D 0xdeadc0de, ifa_link =3D { tqe_next =3D 0xdeadc0de, tqe_prev =3D 0xdeadc0de},=20 ifa_rtrequest =3D 0xc05ae384 , ifa_flags =3D 49630,=20 ifa_refcnt =3D 3735929054, ifa_metric =3D 0, ifa_claim_addr =3D 0xdeadc0d= e,=20 ifa_mtx =3D {mtx_object =3D {lo_class =3D 0xdeadc0de,=20 lo_name =3D 0xdeadc0de
,=20 lo_type =3D 0xdeadc0de
,=20 lo_flags =3D 3735929054, lo_list =3D {tqe_next =3D 0xdeadc0de,=20 tqe_prev =3D 0xdeadc0de}, lo_witness =3D 0xdeadc0de},=20 mtx_lock =3D 3735929054, mtx_recurse =3D 3735929054}} Working up the stack: (kgdb) up #8 0xc059a277 in rtinit (ifa=3D0xc4ee8900, cmd=3D1, flags=3D1) at /usr/src/sys/net/route.c:1191 1191 error =3D rtrequest1(cmd, &info, &rt); (kgdb) print *ifa $8 =3D {ifa_addr =3D 0xdeadc0de, ifa_dstaddr =3D 0xdeadc0de,=20 ifa_netmask =3D 0xdeadc0de, if_data =3D {ifi_type =3D 222 '=DE',=20 ifi_physical =3D 192 '=C0', ifi_addrlen =3D 173 '=AD', ifi_hdrlen =3D 2= 22 '=DE',=20 ifi_link_state =3D 222 '=DE', ifi_recvquota =3D 192 '=C0',=20 ifi_xmitquota =3D 173 '=AD', ifi_datalen =3D 222 '=DE', ifi_mtu =3D 373= 5929054,=20 ifi_metric =3D 3735929054, ifi_baudrate =3D 3735929054,=20 ifi_ipackets =3D 3735929054, ifi_ierrors =3D 3735929054,=20 ifi_opackets =3D 3735929054, ifi_oerrors =3D 3735929054,=20 ifi_collisions =3D 3735929054, ifi_ibytes =3D 3735929054,=20 ifi_obytes =3D 3735929054, ifi_imcasts =3D 3735929054,=20 ifi_omcasts =3D 3735929054, ifi_iqdrops =3D 3735929054,=20 ifi_noproto =3D 3735929054, ifi_hwassist =3D 3735929054,=20 ifi_epoch =3D -559038242, ifi_lastchange =3D {tv_sec =3D -559038242,=20 tv_usec =3D -559038242}}, ifa_ifp =3D 0xdeadc0de, ifa_link =3D { tqe_next =3D 0xdeadc0de, tqe_prev =3D 0xdeadc0de},=20 ifa_rtrequest =3D 0xc05ae384 , ifa_flags =3D 49630,=20 ifa_refcnt =3D 3735929054, ifa_metric =3D 0, ifa_claim_addr =3D 0xdeadc0d= e,=20 ifa_mtx =3D {mtx_object =3D {lo_class =3D 0xdeadc0de,=20 lo_name =3D 0xdeadc0de
,=20 lo_type =3D 0xdeadc0de
,=20 lo_flags =3D 3735929054, lo_list =3D {tqe_next =3D 0xdeadc0de,=20 tqe_prev =3D 0xdeadc0de}, lo_witness =3D 0xdeadc0de},=20 mtx_lock =3D 3735929054, mtx_recurse =3D 3735929054}} (kgdb) up #9 0xc05b189d in in_addprefix (target=3D0xc4ee8900, flags=3D1) at /usr/src/sys/netinet/in.c:842 842 error =3D rtinit(&target->ia_ifa, (int)RTM_ADD, flags); (kgdb) print *target $9 =3D {ia_ifa =3D {ifa_addr =3D 0xdeadc0de, ifa_dstaddr =3D 0xdeadc0de,=20 ifa_netmask =3D 0xdeadc0de, if_data =3D {ifi_type =3D 222 '=DE',=20 ifi_physical =3D 192 '=C0', ifi_addrlen =3D 173 '=AD', ifi_hdrlen =3D= 222 '=DE',=20 ifi_link_state =3D 222 '=DE', ifi_recvquota =3D 192 '=C0',=20 ifi_xmitquota =3D 173 '=AD', ifi_datalen =3D 222 '=DE', ifi_mtu =3D 3= 735929054,=20 ifi_metric =3D 3735929054, ifi_baudrate =3D 3735929054,=20 ifi_ipackets =3D 3735929054, ifi_ierrors =3D 3735929054,=20 ifi_opackets =3D 3735929054, ifi_oerrors =3D 3735929054,=20 ifi_collisions =3D 3735929054, ifi_ibytes =3D 3735929054,=20 ifi_obytes =3D 3735929054, ifi_imcasts =3D 3735929054,=20 ifi_omcasts =3D 3735929054, ifi_iqdrops =3D 3735929054,=20 ifi_noproto =3D 3735929054, ifi_hwassist =3D 3735929054,=20 ifi_epoch =3D -559038242, ifi_lastchange =3D {tv_sec =3D -559038242,= =20 tv_usec =3D -559038242}}, ifa_ifp =3D 0xdeadc0de, ifa_link =3D { tqe_next =3D 0xdeadc0de, tqe_prev =3D 0xdeadc0de},=20 ifa_rtrequest =3D 0xc05ae384 , ifa_flags =3D 49630,=20 ifa_refcnt =3D 3735929054, ifa_metric =3D 0, ifa_claim_addr =3D 0xdeadc= 0de,=20 ifa_mtx =3D {mtx_object =3D {lo_class =3D 0xdeadc0de,=20 lo_name =3D 0xdeadc0de
,=20 lo_type =3D 0xdeadc0de
,=20 lo_flags =3D 3735929054, lo_list =3D {tqe_next =3D 0xdeadc0de,=20 tqe_prev =3D 0xdeadc0de}, lo_witness =3D 0xdeadc0de},=20 mtx_lock =3D 3735929054, mtx_recurse =3D 3735929054}}, ia_net =3D 0,= =20 ia_netmask =3D 3724541952, ia_subnet =3D 0, ia_subnetmask =3D 3735929054,= =20 ia_netbroadcast =3D {s_addr =3D 4294967073}, ia_hash =3D {le_next =3D 0xd= eadc0de,=20 le_prev =3D 0xdeadc0de}, ia_link =3D {tqe_next =3D 0xdeadc0de,=20 tqe_prev =3D 0xdeadc0de}, ia_addr =3D {sin_len =3D 222 '=DE',=20 sin_family =3D 192 '=C0', sin_port =3D 57005, sin_addr =3D {s_addr =3D = 3735929054},=20 sin_zero =3D "=DE=C0=AD=DE=DE=C0=AD=DE"}, ia_dstaddr =3D {sin_len =3D 2= 22 '=DE',=20 sin_family =3D 192 '=C0', sin_port =3D 57005, sin_addr =3D {s_addr =3D = 557797921},=20 sin_zero =3D "=DE=C0=AD=DE=DE=C0=AD=DE"}, ia_sockmask =3D {sin_len =3D = 8 '\b',=20 sin_family =3D 192 '=C0', sin_port =3D 57005, sin_addr =3D {s_addr =3D = 3735929054},=20 sin_zero =3D "=DE=C0=AD=DE=DE=C0=AD=DE"}} (kgdb) up #10 0xc05b17c9 in in_ifinit (ifp=3D0xc4cbac00, ia=3D0xc4ee8900, sin=3D0x0, = scrub=3D0) at /usr/src/sys/netinet/in.c:769 769 if ((error =3D in_addprefix(ia, flags)) !=3D 0) (kgdb) print *ifp $10 =3D {if_softc =3D 0xc4b5d000, if_l2com =3D 0xc4be8970, if_link =3D { tqe_next =3D 0xc4d68800, tqe_prev =3D 0xc4cbc808},=20 if_xname =3D "em0", '\0' , if_dname =3D 0xc4b1b02c "em"= ,=20 if_dunit =3D 0, if_addrhead =3D {tqh_first =3D 0xc4bc7e00, tqh_last =3D 0= xc4bc7e60},=20 if_klist =3D {kl_list =3D {slh_first =3D 0x0},=20 kl_lock =3D 0xc0512df8 ,=20 kl_unlock =3D 0xc0512e14 ,=20 kl_locked =3D 0xc0512e30 , kl_lockarg =3D 0xc06e0120= },=20 if_pcount =3D 0, if_carp =3D 0x0, if_bpf =3D 0x0, if_index =3D 3, if_time= r =3D 0,=20 if_nvlans =3D 0, if_flags =3D 34819, if_capabilities =3D 91, if_capenable= =3D 11,=20 if_linkmib =3D 0x0, if_linkmiblen =3D 0, if_data =3D {ifi_type =3D 6 '\00= 6',=20 ifi_physical =3D 0 '\0', ifi_addrlen =3D 6 '\006', ifi_hdrlen =3D 18 '\= 022',=20 ifi_link_state =3D 2 '\002', ifi_recvquota =3D 0 '\0', ifi_xmitquota = =3D 0 '\0',=20 ifi_datalen =3D 80 'P', ifi_mtu =3D 1500, ifi_metric =3D 0,=20 ifi_baudrate =3D 1000000000, ifi_ipackets =3D 118, ifi_ierrors =3D 0,= =20 ifi_opackets =3D 9, ifi_oerrors =3D 0, ifi_collisions =3D 0, ifi_ibytes= =3D 12051,=20 ifi_obytes =3D 1432, ifi_imcasts =3D 103, ifi_omcasts =3D 0, ifi_iqdrop= s =3D 0,=20 ifi_noproto =3D 0, ifi_hwassist =3D 6, ifi_epoch =3D 0, ifi_lastchange = =3D { tv_sec =3D 1143200348, tv_usec =3D 945159}}, if_multiaddrs =3D { tqh_first =3D 0xc4d52d20, tqh_last =3D 0xc4e97000}, if_amcount =3D 0,= =20 if_output =3D 0xc059312c , if_input =3D 0xc059395c ,=20 if_start =3D 0xc046d350 , if_ioctl =3D 0xc046d3a8 ,= =20 if_watchdog =3D 0xc046d6fc , if_init =3D 0xc046d9c4 ,=20 if_resolvemulti =3D 0xc05941e4 , if_spare1 =3D 0x0,= =20 if_spare2 =3D 0x0, if_spare3 =3D 0x0, if_drv_flags =3D 64, if_spare_flags= 2 =3D 0,=20 if_snd =3D {ifq_head =3D 0xc4e8a500, ifq_tail =3D 0xc4e8a500, ifq_len =3D= 1,=20 ifq_maxlen =3D 255, ifq_drops =3D 0, ifq_mtx =3D {mtx_object =3D { lo_class =3D 0xc06bcc44, lo_name =3D 0xc4cbac10 "em0",=20 lo_type =3D 0xc068b153 "if send queue", lo_flags =3D 196608, lo_lis= t =3D { tqe_next =3D 0xc4bc7e7c, tqe_prev =3D 0xc4cbae2c},=20 lo_witness =3D 0xc06ef630}, mtx_lock =3D 4, mtx_recurse =3D 0},=20 ifq_drv_head =3D 0x0, ifq_drv_tail =3D 0x0, ifq_drv_len =3D 0,=20 ifq_drv_maxlen =3D 255, altq_type =3D 0, altq_flags =3D 1, altq_disc = =3D 0x0,=20 altq_ifp =3D 0xc4cbac00, altq_enqueue =3D 0, altq_dequeue =3D 0,=20 altq_request =3D 0, altq_clfier =3D 0x0, altq_classify =3D 0, altq_tbr = =3D 0x0,=20 altq_cdnr =3D 0x0}, if_broadcastaddr =3D 0xc065f4c0 "=FF=FF=FF=FF=FF=FF= ether_output",=20 if_bridge =3D 0x0, lltables =3D 0x0, if_label =3D 0x0, if_prefixhead =3D { tqh_first =3D 0x0, tqh_last =3D 0xc4cbad7c}, if_afdata =3D { 0x0 }, if_afdata_initialized =3D 2, if_afdata_mtx =3D { mtx_object =3D {lo_class =3D 0xc06bcc44, lo_name =3D 0xc068b143 "if_afd= ata",=20 lo_type =3D 0xc068b143 "if_afdata", lo_flags =3D 196608, lo_list =3D { tqe_next =3D 0xc4cbad0c, tqe_prev =3D 0xc4cbae70},=20 lo_witness =3D 0xc06ef658}, mtx_lock =3D 4, mtx_recurse =3D 0},=20 if_starttask =3D {ta_link =3D {stqe_next =3D 0x0}, ta_pending =3D 0,=20 ta_priority =3D 0, ta_func =3D 0xc0592430 ,=20 ta_context =3D 0xc4cbac00}, if_linktask =3D {ta_link =3D {stqe_next =3D= 0x0},=20 ta_pending =3D 0, ta_priority =3D 0,=20 ta_func =3D 0xc05908b8 , ta_context =3D 0xc4cbac0= 0},=20 if_addr_mtx =3D {mtx_object =3D {lo_class =3D 0xc06bcc44,=20 lo_name =3D 0xc06849b5 "if_addr_mtx", lo_type =3D 0xc06849b5 "if_addr= _mtx",=20 lo_flags =3D 196608, lo_list =3D {tqe_next =3D 0xc4cbae1c,=20 tqe_prev =3D 0xc4b5d1b4}, lo_witness =3D 0xc06f0e90}, mtx_lock =3D = 4,=20 mtx_recurse =3D 0}} (kgdb) print *ia $11 =3D {ia_ifa =3D {ifa_addr =3D 0xdeadc0de, ifa_dstaddr =3D 0xdeadc0de,= =20 ifa_netmask =3D 0xdeadc0de, if_data =3D {ifi_type =3D 222 '=DE',=20 ifi_physical =3D 192 '=C0', ifi_addrlen =3D 173 '=AD', ifi_hdrlen =3D= 222 '=DE',=20 ifi_link_state =3D 222 '=DE', ifi_recvquota =3D 192 '=C0',=20 ifi_xmitquota =3D 173 '=AD', ifi_datalen =3D 222 '=DE', ifi_mtu =3D 3735929054,=20 ifi_metric =3D 3735929054, ifi_baudrate =3D 3735929054,=20 ifi_ipackets =3D 3735929054, ifi_ierrors =3D 3735929054,=20 ifi_opackets =3D 3735929054, ifi_oerrors =3D 3735929054,=20 ifi_collisions =3D 3735929054, ifi_ibytes =3D 3735929054,=20 ifi_obytes =3D 3735929054, ifi_imcasts =3D 3735929054,=20 ifi_omcasts =3D 3735929054, ifi_iqdrops =3D 3735929054,=20 ifi_noproto =3D 3735929054, ifi_hwassist =3D 3735929054,=20 ifi_epoch =3D -559038242, ifi_lastchange =3D {tv_sec =3D -559038242,= =20 tv_usec =3D -559038242}}, ifa_ifp =3D 0xdeadc0de, ifa_link =3D { tqe_next =3D 0xdeadc0de, tqe_prev =3D 0xdeadc0de},=20 ifa_rtrequest =3D 0xc05ae384 , ifa_flags =3D 49630,=20 ifa_refcnt =3D 3735929054, ifa_metric =3D 0, ifa_claim_addr =3D 0xdeadc= 0de,=20 ifa_mtx =3D {mtx_object =3D {lo_class =3D 0xdeadc0de,=20 lo_name =3D 0xdeadc0de
,=20 lo_type =3D 0xdeadc0de
,=20 lo_flags =3D 3735929054, lo_list =3D {tqe_next =3D 0xdeadc0de,=20 tqe_prev =3D 0xdeadc0de}, lo_witness =3D 0xdeadc0de},=20 mtx_lock =3D 3735929054, mtx_recurse =3D 3735929054}}, ia_net =3D 0,= =20 ia_netmask =3D 3724541952, ia_subnet =3D 0, ia_subnetmask =3D 3735929054,= =20 ia_netbroadcast =3D {s_addr =3D 4294967073}, ia_hash =3D {le_next =3D 0xd= eadc0de,=20 le_prev =3D 0xdeadc0de}, ia_link =3D {tqe_next =3D 0xdeadc0de,=20 tqe_prev =3D 0xdeadc0de}, ia_addr =3D {sin_len =3D 222 '=DE',=20 sin_family =3D 192 '=C0', sin_port =3D 57005, sin_addr =3D {s_addr =3D = 3735929054},=20 sin_zero =3D "=DE=C0=AD=DE=DE=C0=AD=DE"}, ia_dstaddr =3D {sin_len =3D 2= 22 '=DE',=20 sin_family =3D 192 '=C0', sin_port =3D 57005, sin_addr =3D {s_addr =3D = 557797921},=20 sin_zero =3D "=DE=C0=AD=DE=DE=C0=AD=DE"}, ia_sockmask =3D {sin_len =3D = 8 '\b',=20 sin_family =3D 192 '=C0', sin_port =3D 57005, sin_addr =3D {s_addr =3D = 3735929054},=20 sin_zero =3D "=DE=C0=AD=DE=DE=C0=AD=DE"}} (kgdb) up=20 #11 0xc05b0b8a in in_control (so=3D0xc4eee42c, cmd=3D1, data=3D0xc4d59880 "= em0",=20 ifp=3D0xc4cbac00, td=3D0xc4bd8c00) at /usr/src/sys/netinet/in.c:439 439 error =3D in_ifinit(ifp, ia, &ifra->ifra_ad= dr, 0); (kgdb) print *so $12 =3D {so_count =3D 1, so_type =3D 2, so_options =3D 0, so_linger =3D 0, = so_state =3D 0,=20 so_qstate =3D 0, so_pcb =3D 0xc4ef30b4, so_proto =3D 0xc06c7954, so_head = =3D 0x0,=20 so_incomp =3D {tqh_first =3D 0x0, tqh_last =3D 0xc4eee448}, so_comp =3D { tqh_first =3D 0x0, tqh_last =3D 0xc4eee450}, so_list =3D {tqe_next =3D = 0x0,=20 tqe_prev =3D 0x0}, so_qlen =3D 0, so_incqlen =3D 0, so_qlimit =3D 0, so= _timeo =3D 0,=20 so_error =3D 0, so_sigio =3D 0x0, so_oobmark =3D 0, so_aiojobq =3D {tqh_f= irst =3D 0x0,=20 tqh_last =3D 0xc4eee474}, so_rcv =3D {sb_sel =3D {si_thrlist =3D {tqe_n= ext =3D 0x0,=20 tqe_prev =3D 0x0}, si_thread =3D 0x0, si_note =3D {kl_list =3D { slh_first =3D 0x0}, kl_lock =3D 0xc0512df8 ,=20 kl_unlock =3D 0xc0512e14 ,=20 kl_locked =3D 0xc0512e30 , kl_lockarg =3D 0xc4ee= e4a0},=20 si_flags =3D 0}, sb_mtx =3D {mtx_object =3D {lo_class =3D 0xc06bcc44,= =20 lo_name =3D 0xc0684972 "so_rcv", lo_type =3D 0xc0684972 "so_rcv",= =20 lo_flags =3D 196608, lo_list =3D {tqe_next =3D 0xc4ef3144,=20 tqe_prev =3D 0xc4eee528}, lo_witness =3D 0xc06f0fa8}, mtx_lock = =3D 4,=20 mtx_recurse =3D 0}, sb_state =3D 0, sb_mb =3D 0x0, sb_mbtail =3D 0x0,= =20 sb_lastrecord =3D 0x0, sb_cc =3D 0, sb_hiwat =3D 41600, sb_mbcnt =3D 0,= =20 sb_mbmax =3D 262144, sb_ctl =3D 0, sb_lowat =3D 1, sb_timeo =3D 0, sb_f= lags =3D 0},=20 so_snd =3D {sb_sel =3D {si_thrlist =3D {tqe_next =3D 0x0, tqe_prev =3D 0x= 0},=20 si_thread =3D 0x0, si_note =3D {kl_list =3D {slh_first =3D 0x0},=20 kl_lock =3D 0xc0512df8 ,=20 kl_unlock =3D 0xc0512e14 ,=20 kl_locked =3D 0xc0512e30 , kl_lockarg =3D 0xc4ee= e518},=20 si_flags =3D 0}, sb_mtx =3D {mtx_object =3D {lo_class =3D 0xc06bcc44,= =20 lo_name =3D 0xc068496b "so_snd", lo_type =3D 0xc068496b "so_snd",= =20 lo_flags =3D 196608, lo_list =3D {tqe_next =3D 0xc4eee4a0,=20 tqe_prev =3D 0xc4ee863c}, lo_witness =3D 0xc06f0fd0}, mtx_lock = =3D 4,=20 mtx_recurse =3D 0}, sb_state =3D 0, sb_mb =3D 0x0, sb_mbtail =3D 0x0,= =20 sb_lastrecord =3D 0x0, sb_cc =3D 0, sb_hiwat =3D 9216, sb_mbcnt =3D 0,= =20 sb_mbmax =3D 73728, sb_ctl =3D 0, sb_lowat =3D 2048, sb_timeo =3D 0,=20 sb_flags =3D 0}, so_upcall =3D 0, so_upcallarg =3D 0x0, so_cred =3D 0xc= 4a9cd80,=20 so_label =3D 0x0, so_peerlabel =3D 0x0, so_gencnt =3D 204, so_emuldata = =3D 0x0,=20 so_accf =3D 0x0} (kgdb) print *data $13 =3D 101 'e' (kgdb) print *ifp $14 =3D {if_softc =3D 0xc4b5d000, if_l2com =3D 0xc4be8970, if_link =3D { tqe_next =3D 0xc4d68800, tqe_prev =3D 0xc4cbc808},=20 if_xname =3D "em0", '\0' , if_dname =3D 0xc4b1b02c "em"= ,=20 if_dunit =3D 0, if_addrhead =3D {tqh_first =3D 0xc4bc7e00, tqh_last =3D 0= xc4bc7e60},=20 if_klist =3D {kl_list =3D {slh_first =3D 0x0},=20 kl_lock =3D 0xc0512df8 ,=20 kl_unlock =3D 0xc0512e14 ,=20 kl_locked =3D 0xc0512e30 , kl_lockarg =3D 0xc06e0120= },=20 if_pcount =3D 0, if_carp =3D 0x0, if_bpf =3D 0x0, if_index =3D 3, if_time= r =3D 0,=20 if_nvlans =3D 0, if_flags =3D 34819, if_capabilities =3D 91, if_capenable= =3D 11,=20 if_linkmib =3D 0x0, if_linkmiblen =3D 0, if_data =3D {ifi_type =3D 6 '\00= 6',=20 ifi_physical =3D 0 '\0', ifi_addrlen =3D 6 '\006', ifi_hdrlen =3D 18 '\= 022',=20 ifi_link_state =3D 2 '\002', ifi_recvquota =3D 0 '\0', ifi_xmitquota = =3D 0 '\0',=20 ifi_datalen =3D 80 'P', ifi_mtu =3D 1500, ifi_metric =3D 0,=20 ifi_baudrate =3D 1000000000, ifi_ipackets =3D 118, ifi_ierrors =3D 0,= =20 ifi_opackets =3D 9, ifi_oerrors =3D 0, ifi_collisions =3D 0, ifi_ibytes= =3D 12051,=20 ifi_obytes =3D 1432, ifi_imcasts =3D 103, ifi_omcasts =3D 0, ifi_iqdrop= s =3D 0,=20 ifi_noproto =3D 0, ifi_hwassist =3D 6, ifi_epoch =3D 0, ifi_lastchange = =3D { tv_sec =3D 1143200348, tv_usec =3D 945159}}, if_multiaddrs =3D { tqh_first =3D 0xc4d52d20, tqh_last =3D 0xc4e97000}, if_amcount =3D 0,= =20 if_output =3D 0xc059312c , if_input =3D 0xc059395c ,=20 if_start =3D 0xc046d350 , if_ioctl =3D 0xc046d3a8 ,= =20 if_watchdog =3D 0xc046d6fc , if_init =3D 0xc046d9c4 ,=20 if_resolvemulti =3D 0xc05941e4 , if_spare1 =3D 0x0,= =20 if_spare2 =3D 0x0, if_spare3 =3D 0x0, if_drv_flags =3D 64, if_spare_flags= 2 =3D 0,=20 if_snd =3D {ifq_head =3D 0xc4e8a500, ifq_tail =3D 0xc4e8a500, ifq_len =3D= 1,=20 ifq_maxlen =3D 255, ifq_drops =3D 0, ifq_mtx =3D {mtx_object =3D { lo_class =3D 0xc06bcc44, lo_name =3D 0xc4cbac10 "em0",=20 lo_type =3D 0xc068b153 "if send queue", lo_flags =3D 196608, lo_lis= t =3D { tqe_next =3D 0xc4bc7e7c, tqe_prev =3D 0xc4cbae2c},=20 lo_witness =3D 0xc06ef630}, mtx_lock =3D 4, mtx_recurse =3D 0},=20 ifq_drv_head =3D 0x0, ifq_drv_tail =3D 0x0, ifq_drv_len =3D 0,=20 ifq_drv_maxlen =3D 255, altq_type =3D 0, altq_flags =3D 1, altq_disc = =3D 0x0,=20 altq_ifp =3D 0xc4cbac00, altq_enqueue =3D 0, altq_dequeue =3D 0,=20 altq_request =3D 0, altq_clfier =3D 0x0, altq_classify =3D 0, altq_tbr = =3D 0x0,=20 altq_cdnr =3D 0x0}, if_broadcastaddr =3D 0xc065f4c0 "=FF=FF=FF=FF=FF=FF= ether_output",=20 if_bridge =3D 0x0, lltables =3D 0x0, if_label =3D 0x0, if_prefixhead =3D { tqh_first =3D 0x0, tqh_last =3D 0xc4cbad7c}, if_afdata =3D { 0x0 }, if_afdata_initialized =3D 2, if_afdata_mtx =3D= { mtx_object =3D {lo_class =3D 0xc06bcc44, lo_name =3D 0xc068b143 "if_afd= ata",=20 lo_type =3D 0xc068b143 "if_afdata", lo_flags =3D 196608, lo_list =3D { tqe_next =3D 0xc4cbad0c, tqe_prev =3D 0xc4cbae70},=20 lo_witness =3D 0xc06ef658}, mtx_lock =3D 4, mtx_recurse =3D 0},=20 if_starttask =3D {ta_link =3D {stqe_next =3D 0x0}, ta_pending =3D 0,=20 ta_priority =3D 0, ta_func =3D 0xc0592430 ,=20 ta_context =3D 0xc4cbac00}, if_linktask =3D {ta_link =3D {stqe_next =3D= 0x0},=20 ta_pending =3D 0, ta_priority =3D 0,=20 ta_func =3D 0xc05908b8 , ta_context =3D 0xc4cbac0= 0},=20 if_addr_mtx =3D {mtx_object =3D {lo_class =3D 0xc06bcc44,=20 lo_name =3D 0xc06849b5 "if_addr_mtx", lo_type =3D 0xc06849b5 "if_addr= _mtx",=20 lo_flags =3D 196608, lo_list =3D {tqe_next =3D 0xc4cbae1c,=20 tqe_prev =3D 0xc4b5d1b4}, lo_witness =3D 0xc06f0e90}, mtx_lock =3D = 4,=20 mtx_recurse =3D 0}} There's rather a lot of deadc0de appearing up there...... any ideas? Joe --1LKvkjL3sHcu1TtY Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iEYEARECAAYFAkQj7EEACgkQXVIcjOaxUBaUAQCg6/lEU/gPLI3x3fkGU3DmeZW3 lIUAoLEEsuu3lfy/2YlOwix7VIlQGc// =IXxC -----END PGP SIGNATURE----- --1LKvkjL3sHcu1TtY-- From owner-freebsd-net@FreeBSD.ORG Fri Mar 24 22:46:39 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5950F16A401 for ; Fri, 24 Mar 2006 22:46:39 +0000 (UTC) (envelope-from paul.haddad@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 02A3B43D5D for ; Fri, 24 Mar 2006 22:46:34 +0000 (GMT) (envelope-from paul.haddad@gmail.com) Received: by zproxy.gmail.com with SMTP id z3so892352nzf for ; Fri, 24 Mar 2006 14:46:34 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=rJY7e000HXnIy6tnguSO8xkPLRuWNzO3VkH3MYS+/o4Pc7L5TdE/TVlbozNTreXV95a64gJ6F/CkfcF/w+51s2Q9JvbBIqQXxUG/VGuMxraIROCGzIG5ulhu6bnqQlcpUjsvi/srXuuBpGHK0hHjVLo+B4kHU4ythBBoTfN94oA= Received: by 10.35.131.4 with SMTP id i4mr469478pyn; Fri, 24 Mar 2006 14:46:33 -0800 (PST) Received: by 10.35.107.1 with HTTP; Fri, 24 Mar 2006 14:46:33 -0800 (PST) Message-ID: <944074f30603241446i33f5eb26p187b2d7ff23d73de@mail.gmail.com> Date: Fri, 24 Mar 2006 16:46:33 -0600 From: "Paul Haddad" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: Non dropping packet monitor X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Mar 2006 22:46:39 -0000 Hi All, I need to monitor packets flowing in/out of a freebsd 6.x box in a tcpdump/pcap (monitor only) style but I can't have packets dropped as tcpdump often does when its buffer fills up. I'm fine if the entire network connection slows down because of this, the important thing is that I can get access to each and every packet on a given interface. Any suggestions? Is there some pcap option that I need to look at? -- Paul Haddad (paul.haddad@gmail.com paul@pth.com) From owner-freebsd-net@FreeBSD.ORG Fri Mar 24 23:17:31 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A0E516A420 for ; Fri, 24 Mar 2006 23:17:31 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1BFED43D45 for ; Fri, 24 Mar 2006 23:17:31 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id 6A1825CEF; Fri, 24 Mar 2006 18:17:30 -0500 (EST) Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15677-03; Fri, 24 Mar 2006 18:17:29 -0500 (EST) Received: from [199.103.21.238] (pan.codefab.com [199.103.21.238]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by pi.codefab.com (Postfix) with ESMTP id 327455C6D; Fri, 24 Mar 2006 18:17:29 -0500 (EST) In-Reply-To: <944074f30603241446i33f5eb26p187b2d7ff23d73de@mail.gmail.com> References: <944074f30603241446i33f5eb26p187b2d7ff23d73de@mail.gmail.com> Mime-Version: 1.0 (Apple Message framework v746.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Charles Swiger Date: Fri, 24 Mar 2006 18:17:28 -0500 To: Paul Haddad X-Mailer: Apple Mail (2.746.3) X-Virus-Scanned: amavisd-new at codefab.com Cc: freebsd-net@freebsd.org Subject: Re: Non dropping packet monitor X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Mar 2006 23:17:31 -0000 On Mar 24, 2006, at 5:46 PM, Paul Haddad wrote: > I need to monitor packets flowing in/out of a freebsd 6.x box in a > tcpdump/pcap (monitor only) style but I can't have packets dropped as > tcpdump often does when its buffer fills up. > > I'm fine if the entire network connection slows down because of this, > the important thing is that I can get access to each and every packet > on a given interface. > > Any suggestions? Is there some pcap option that I need to look at? If your dumps will fit into a RAM disk, use that, otherwise you're presumably [1] going to be limited to how fast you can scribble the packets to your disks. Figure out the fastest you can do that, and then use dummynet to limit your network bandwidth to what your system is capable of capturing... -- -Chuck [1]: If you're capturing all of the packets, your PCAP expression shouldn't require much work to process, so you shouldn't be using a ton of CPU... From owner-freebsd-net@FreeBSD.ORG Sat Mar 25 09:16:23 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A341716A401 for ; Sat, 25 Mar 2006 09:16:23 +0000 (UTC) (envelope-from regnauld@moof.catpipe.net) Received: from moof.catpipe.net (moof.catpipe.net [195.249.214.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3123543D45 for ; Sat, 25 Mar 2006 09:16:23 +0000 (GMT) (envelope-from regnauld@moof.catpipe.net) Received: from localhost (localhost [127.0.0.1]) by localhost.catpipe.net (Postfix) with ESMTP id 3974C1B3DC; Sat, 25 Mar 2006 10:16:21 +0100 (CET) Received: from moof.catpipe.net ([127.0.0.1]) by localhost (moof.catpipe.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 96852-05; Sat, 25 Mar 2006 10:16:19 +0100 (CET) Received: by moof.catpipe.net (Postfix, from userid 1001) id A4ED01B398; Sat, 25 Mar 2006 10:16:19 +0100 (CET) Date: Sat, 25 Mar 2006 10:16:19 +0100 From: Phil Regnauld To: Charles Swiger Message-ID: <20060325091619.GA96723@moof.catpipe.net> References: <944074f30603241446i33f5eb26p187b2d7ff23d73de@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD 4.8-STABLE i386 Organization: catpipe Systems ApS User-Agent: Mutt/1.5.6i X-Virus-Scanned: amavisd-new at catpipe.net Cc: Paul Haddad , freebsd-net@freebsd.org Subject: Re: Non dropping packet monitor X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Mar 2006 09:16:23 -0000 Charles Swiger (cswiger) writes: > > > >Any suggestions? Is there some pcap option that I need to look at? > > If your dumps will fit into a RAM disk, use that, otherwise you're > presumably [1] going to be limited to how fast you can scribble the > packets to your disks. Figure out the fastest you can do that, and > then use dummynet to limit your network bandwidth to what your system > is capable of capturing... I seem to remember that IPFlter has a facility for logging packets where it's possible to deny forwarding of packets if the process reading the logging socket has disappeared or isn't reading fast enough. Am I wrong ? Phil From owner-freebsd-net@FreeBSD.ORG Sat Mar 25 09:21:28 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B06E116A401 for ; Sat, 25 Mar 2006 09:21:28 +0000 (UTC) (envelope-from dd@freebsd.org) Received: from charade.trit.org (charade.trit.org [65.19.139.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4BC2143D48 for ; Sat, 25 Mar 2006 09:21:28 +0000 (GMT) (envelope-from dd@freebsd.org) Received: from maverick.trit.org (maverick.trit.org [IPv6:2001:4830:2381:2062:212:f0ff:fe4c:896a]) by charade.trit.org (Postfix) with ESMTP id 9D50D1AF4F8; Sat, 25 Mar 2006 09:21:27 +0000 (UTC) Received: from maverick.trit.org (localhost [127.0.0.1]) by maverick.trit.org (8.13.4/8.13.4) with ESMTP id k2P9LQf9084440; Sat, 25 Mar 2006 09:21:26 GMT (envelope-from dd@freebsd.org) Received: (from dima@localhost) by maverick.trit.org (8.13.4/8.13.4/Submit) id k2P9LN94084436; Sat, 25 Mar 2006 09:21:23 GMT (envelope-from dd@freebsd.org) X-Authentication-Warning: maverick.trit.org: dima set sender to dd@freebsd.org using -f Date: Sat, 25 Mar 2006 09:21:23 +0000 From: Dima Dorfman To: Michael DeMan Message-ID: <20060325092123.GB5468@trit.org> References: <014e01c64928$6107abd0$020b000a@bartwrkstxp> <20060316193740.GE11850@spc.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="azLHFNyN32YCQGCU" Content-Disposition: inline In-Reply-To: X-PGP-Key: 69FAE582 (https://www.trit.org/~dima/dima.asc) X-PGP-Fingerprint: B340 8338 7DA3 4D61 7632 098E 0730 055B 69FA E582 User-Agent: Mutt/1.5.9i Cc: Bart Van Kerckhove , "freebsd-net@FreeBSD.org" Subject: Re: OT - Quagga/CARP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Mar 2006 09:21:28 -0000 --azLHFNyN32YCQGCU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Michael DeMan wrote: > Anyway, thanks very much for the information. I'm going to have to =20 > figure out some kind of workaround on my architecture. In the worst =20 > case, I can shut off OSPF on the edge routers and use static routes =20 > upstream and OSPF from there, but that is going to be a real =20 > nightmare for network maintenance over the long haul. You're talking about using CARP and OSPF on the edge routers, right? Can you explain a little more why CARP and zebra/ospfd don't play well together? I understand the problem about having two copies of the same route in the FIB, but I don't think it should prevent redundancy from working. I am planning to deploy FreeBSD-based access routers in the near future, and I'd like to have an idea of what issues I'll be facing. The scenario I have in mind is two FreeBSD boxes connected to the rest of the network on one side and clients (using carp) on the other. CARP is supposed to protect the client against one of the routers failing. I tried this on some test boxes today, and it looks like it should work. Both boxes are configured as OSPF neighbors and share a CARP vhid. When both links are up, each router has a route through the physical interface (it also sees the OSPF route, but the connected route is better). If one of the links fails (any condition that causes the physical interface to be down), the routes are withdrawn, the other box takes over the VIP, and the first box installs the OSPF route. Everything is still reachable. Am I missing an obvious problem or a case where this doesn't work? --azLHFNyN32YCQGCU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iD8DBQFEJQuTBzAFW2n65YIRArdVAJ0VspzUh5lLTGww+1/C1JJINCmDrQCfapNQ 4v6sBjIGlGlELHZT1gl4Mik= =3VrT -----END PGP SIGNATURE----- --azLHFNyN32YCQGCU-- From owner-freebsd-net@FreeBSD.ORG Sat Mar 25 12:07:39 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E58E16A400 for ; Sat, 25 Mar 2006 12:07:39 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD79443D46 for ; Sat, 25 Mar 2006 12:07:38 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id ECE1A5CFC; Sat, 25 Mar 2006 07:07:37 -0500 (EST) Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 57114-07; Sat, 25 Mar 2006 07:07:37 -0500 (EST) Received: from [192.168.1.3] (pool-68-160-194-11.ny325.east.verizon.net [68.160.194.11]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pi.codefab.com (Postfix) with ESMTP id B947C5C6B; Sat, 25 Mar 2006 07:07:36 -0500 (EST) Message-ID: <44253288.4030700@mac.com> Date: Sat, 25 Mar 2006 07:07:36 -0500 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Phil Regnauld References: <944074f30603241446i33f5eb26p187b2d7ff23d73de@mail.gmail.com> <20060325091619.GA96723@moof.catpipe.net> In-Reply-To: <20060325091619.GA96723@moof.catpipe.net> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at codefab.com Cc: Paul Haddad , freebsd-net@freebsd.org Subject: Re: Non dropping packet monitor X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Mar 2006 12:07:39 -0000 Phil Regnauld wrote: > Charles Swiger (cswiger) writes: >>> Any suggestions? Is there some pcap option that I need to look at? >> If your dumps will fit into a RAM disk, use that, otherwise you're >> presumably [1] going to be limited to how fast you can scribble the >> packets to your disks. Figure out the fastest you can do that, and >> then use dummynet to limit your network bandwidth to what your system >> is capable of capturing... > > I seem to remember that IPFlter has a facility for logging > packets where it's possible to deny forwarding of packets > if the process reading the logging socket has disappeared > or isn't reading fast enough. Am I wrong ? I'm not sure. :-) If what you've suggested _is_ available, it would be a better solution to the original problem.... -- -Chuck From owner-freebsd-net@FreeBSD.ORG Sat Mar 25 12:39:40 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 86CB216A400 for ; Sat, 25 Mar 2006 12:39:40 +0000 (UTC) (envelope-from dmitry@atlantis.dp.ua) Received: from postman.atlantis.dp.ua (postman.atlantis.dp.ua [193.108.47.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id C1E2A43D5A for ; Sat, 25 Mar 2006 12:39:39 +0000 (GMT) (envelope-from dmitry@atlantis.dp.ua) Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231]) by postman.atlantis.dp.ua (8.13.1/8.13.1) with ESMTP id k2PCdWND079245 for ; Sat, 25 Mar 2006 14:39:32 +0200 (EET) (envelope-from dmitry@atlantis.dp.ua) Date: Sat, 25 Mar 2006 14:39:32 +0200 (EET) From: Dmitry Pryanishnikov To: freebsd-net@freebsd.org Message-ID: <20060325142104.K72439@atlantis.atlantis.dp.ua> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: Which NIC is better: fxp or dc? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Mar 2006 12:39:40 -0000 Hello! Suppose you have to build a high-performance router with several NICs, and you have to use a mix of D-Link DFE-570TX (21143, MII, quad port) served by dc(4), and several Intel 82558/9/0 adapters served by fxp(4). Router has to have 2-3 high-speed connections and several ones which lower speed and packet rate. Which NIC (dc or fxp) would you recommend for high-speed connections: dc or fxp? Which combo (NIC+driver) is more reliable? Which gives higher performance (reliability for me is more significant than performance)? Currently I'm using RELENG_4, but in the future I'll upgrade to RELENG_6 (when it becomes mature enough), so I'm interested in the state of affairs in both branches. Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE From owner-freebsd-net@FreeBSD.ORG Sat Mar 25 13:19:54 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ADD0516A41F for ; Sat, 25 Mar 2006 13:19:54 +0000 (UTC) (envelope-from nospam@mgedv.net) Received: from mgedv.at (mail.mgedv.at [195.3.87.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0B08943D45 for ; Sat, 25 Mar 2006 13:19:53 +0000 (GMT) (envelope-from nospam@mgedv.net) Received: from metis (localhost [127.0.0.1]) by mgedv.at (SMTPServer) with ESMTP id AA52E186864 for ; Sat, 25 Mar 2006 14:19:51 +0100 (MET) From: "No@SPAM@mgEDV.net" To: Date: Sat, 25 Mar 2006 14:19:53 +0100 Message-ID: <000a01c6500e$cda08090$0a86a8c0@avalon.lan> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 In-Reply-To: <20060325142104.K72439@atlantis.atlantis.dp.ua> Thread-Index: AcZQCUuagUfSyXZMT9CvJl95rgELQQABLRvw Subject: RE: Which NIC is better: fxp or dc? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: nospam@mgedv.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Mar 2006 13:19:54 -0000 > Hello! > > Suppose you have to build a high-performance router with several NICs, > and you have to use a mix of D-Link DFE-570TX (21143, MII, quad port) served > by dc(4), and several Intel 82558/9/0 adapters served by fxp(4). Router > has to have 2-3 high-speed connections and several ones which lower speed > and packet rate. Which NIC (dc or fxp) would you recommend for high-speed > connections: dc or fxp? Which combo (NIC+driver) is more reliable? Which > gives higher performance (reliability for me is more significant than > performance)? Currently I'm using RELENG_4, but in the future I'll upgrade > to RELENG_6 (when it becomes mature enough), so I'm interested in the > state of affairs in both branches. we have good performance counters for both of them. for support and common usage reasons (more users mean more testing) we selected the fxp cards. as far as i know, there's currently a fxp panic issue in 6.1-BETA4, but i don't exactly know the details (maybe this is interesting for you). however, we're successfully running gateways with 10 physical interfaces being fxp-controlled. hope that helps! From owner-freebsd-net@FreeBSD.ORG Sat Mar 25 17:03:26 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 019CA16A400 for ; Sat, 25 Mar 2006 17:03:26 +0000 (UTC) (envelope-from morganw@chemikals.org) Received: from ms-smtp-04-eri0.southeast.rr.com (ms-smtp-04-lbl.southeast.rr.com [24.25.9.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3EA7E43D48 for ; Sat, 25 Mar 2006 17:03:22 +0000 (GMT) (envelope-from morganw@chemikals.org) Received: from volatile.chemikals.org (cpe-024-211-118-154.sc.res.rr.com [24.211.118.154]) by ms-smtp-04-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2PH3L8K007128 for ; Sat, 25 Mar 2006 12:03:21 -0500 (EST) Received: from localhost (morganw@localhost [127.0.0.1]) by volatile.chemikals.org (8.13.4/8.13.4) with ESMTP id k2PH3KcO059297 for ; Sat, 25 Mar 2006 12:03:21 -0500 (EST) (envelope-from morganw@chemikals.org) Date: Sat, 25 Mar 2006 12:03:20 -0500 (EST) From: Wesley Morgan To: freebsd-net@freebsd.org Message-ID: <20060325101440.S31710@volatile.chemikals.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: Symantec AntiVirus Scan Engine Subject: Intel 3945ABG with NDIS X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Mar 2006 17:03:26 -0000 Has anyone been successful with one of these cards and the ndisulator? I can get the wrapper to attach the device, but it won't accept an SSID being assigned via ifconfig (or anything else for that matter), and wpa_supplicant also fails. I've tried it with both UP and SMP kernels, to no avail. My main success has been in panicking my kernel! According to the ndiswrapper sourceforge project, some people have made this work with Linux... However they mention needing to patch your kernel 16k stacks, which I do not know how well this applies to FreeBSD. (http://ndiswrapper.sourceforge.net/mediawiki/index.php/List#I) The relevant kernel messages from loading the module are: no match for NdisIMCopySendPerPacketInfo no match for strncat no match for KeQueryTickCount ndis0: mem 0xffaff000-0xffafffff irq 18 at device 0.0 on pci5 ndis0: NDIS API version: 5.1 ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ndis0: Ethernet address: 00:13:02:0a:cf:eb Initializing interface 'ndis0' conf '/etc/wpa_supplicant.conf' driver 'ndis' ctrl_interface 'N/A' Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf' Reading configuration file '/etc/wpa_supplicant.conf' ctrl_interface='/var/run/wpa_supplicant' ctrl_interface_group=0 (from group name 'wheel') Priority group 0 id=0 ssid='linksys' Initializing interface (2) 'ndis0' EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 NDIS: Packet.dll version: FreeBSD WinPcap compatibility shim v1.0 NDIS: Failed to get adapter list (PacketGetAdapterNames) Failed to initialize driver interface Failed to add interface ndis0 Cancelling scan request ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... ntoskrnl dummy called... Any suggestions would be greatly appreciated! WNM -- This .signature sanitized for your protection From owner-freebsd-net@FreeBSD.ORG Sat Mar 25 17:13:00 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C82416A41F for ; Sat, 25 Mar 2006 17:13:00 +0000 (UTC) (envelope-from freebsd-listen@fabiankeil.de) Received: from smtprelay01.ispgateway.de (smtprelay01.ispgateway.de [80.67.18.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id CAA6D43D45 for ; Sat, 25 Mar 2006 17:12:57 +0000 (GMT) (envelope-from freebsd-listen@fabiankeil.de) Received: (qmail 28589 invoked from network); 25 Mar 2006 17:12:55 -0000 Received: from unknown (HELO localhost) ([pbs]775067@[217.50.131.101]) (envelope-sender ) by smtprelay01.ispgateway.de (qmail-ldap-1.03) with SMTP for ; 25 Mar 2006 17:12:55 -0000 Date: Sat, 25 Mar 2006 18:12:46 +0100 From: Fabian Keil To: Wesley Morgan Message-ID: <20060325181246.09a6ad58@localhost> In-Reply-To: <20060325101440.S31710@volatile.chemikals.org> References: <20060325101440.S31710@volatile.chemikals.org> X-Mailer: Sylpheed-Claws 2.0.0 (GTK+ 2.8.6; i386-portbld-freebsd6.0) X-PGP-KEY-URL: http://www.fabiankeil.de/gpg-keys/freebsd-listen-2006-08-19.asc Mime-Version: 1.0 Content-Type: multipart/signed; boundary=Sig_jy78bzF25W_gBmAFQY0xT5d; protocol="application/pgp-signature"; micalg=PGP-SHA1 Cc: freebsd-net@freebsd.org Subject: Re: Intel 3945ABG with NDIS X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Mar 2006 17:13:00 -0000 --Sig_jy78bzF25W_gBmAFQY0xT5d Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Wesley Morgan wrote: > Has anyone been successful with one of these cards and the > ndisulator? I can get the wrapper to attach the device, but it won't > accept an SSID being assigned via ifconfig (or anything else for that > matter), and wpa_supplicant also fails. Try to set the ssid together with the bssid. Fabian --=20 http://www.fabiankeil.de/ --Sig_jy78bzF25W_gBmAFQY0xT5d Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFEJXoTjV8GA4rMKUQRAk7lAKCxx+pIJNLJpf3EH/ZRZyTIRY9mCQCfdVVP 1NHgvFNKCUQeX3BjrW4MCU4= =37Qa -----END PGP SIGNATURE----- --Sig_jy78bzF25W_gBmAFQY0xT5d-- From owner-freebsd-net@FreeBSD.ORG Sat Mar 25 19:39:53 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E45616A437 for ; Sat, 25 Mar 2006 19:39:53 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id C643F43D45 for ; Sat, 25 Mar 2006 19:39:52 +0000 (GMT) (envelope-from max@love2party.net) Received: from [88.64.182.36] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu4) with ESMTP (Nemesis), id 0ML21M-1FNEc11XT5-0002L8; Sat, 25 Mar 2006 20:39:52 +0100 From: Max Laier Organization: FreeBSD To: freebsd-net@freebsd.org Date: Sat, 25 Mar 2006 20:38:41 +0100 User-Agent: KMail/1.9.1 References: <441F274D.1030107@bitfreak.org> <200603210038.28520.max@love2party.net> In-Reply-To: <200603210038.28520.max@love2party.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1772600.gds4ay7WBx"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200603252038.47924.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: dima <_pppp@mail.ru>, Darren Pilgrim Subject: Re: New version of iwi(4) - Call for testers [regression!] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Mar 2006 19:39:53 -0000 --nextPart1772600.gds4ay7WBx Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 21 March 2006 00:38, Max Laier wrote: > On Monday 20 March 2006 23:06, Darren Pilgrim wrote: > > dima wrote: > > > I had a chance to test the driver more throughly today. It can't > > > connect to some access points. Sometimes reboot helps, sometimes not.= I > > > didn't experience this with the driver currently present in the tree; > > > well, I used /usr/ports/net/iwi-firmware (not the kmod version). This > > > can be the case. > > > > > > When I run the 2 following commands in the script it sometimes > > > > > > fails to load the firmware properly: > > > > > > # ifconfig iwi0 inet 192.168.1.2 netmask 255.255.255.0 up > > > > > > # iwiconfig -i iwi0 -d /boot/firmware -m bss > > > > > > It seems that if_iwi module needs some time to initialize the card > > > properly (I have a 2915 one); and it's really ready to boot a firmwa= re > > > in several milliseconds. > > > > What is the "iwiconfig" program and why are you using it with Max's > > driver? The first command is all that is needed to get the interface up > > and configured, assuming you're using static IPs on an open AP. > > Let me clear up some things here: > 1) This is not "mine" driver. It's Damien's with a lot of patches that I > hope to test by putting out this version. > 2) iwiconfig is no longer needed to load firmware. iwi-firmware-kmod from > ports is the weapon of choice for both, the driver version from CVS and t= he > one from my page. > 3) The aim is to merge the changes in "my" driver to CVS modulo > regressions. That is why I am mostly interested in side-by-side testing. = I > will put out a new tarball later this week that will help with that. If > you already did some such testing, I'd be happy to hear your results. Okay, here is the newest version: http://people.freebsd.org/~mlaier/new_iwi/20060325.both_nofw.tgz This includes the following changes towards the last version: 1) Different locking. This should shut up several WITNESS warnings and pan= ics=20 when doing long ifconfig commands or tcpdumping on a downed interface. It= =20 will not get rid of WITNESS warnings from slowcopyout when doing ifconfig=20 scan or the like. 2) Allow wpa_supplicant to recover from occasionally stuck scans - I haven'= t=20 seen any lately, but some reports exist. If you do see them, please let me= =20 know - maybe we can find a pattern and cause. 3) Get rid of the "cmd 0x19 not send..." This version installs from modules/iwiNG to make it easier to test as we mo= ve=20 patches to CVS. The module internally still identifies as "iwi" so that yo= u=20 don't load two instances concurrently. The tarball also doesn't include an= y=20 firmware. net/iwi-firmware-kmod is all you need! Make sure that you test against a recent kernel. This means especially one= =20 with the net80211 fixes. You can verify this by looking at:=20 src/sys/net80211/ieee80211_output.c You want either 1.40 (HEAD) or 1.26.2.7 (RELENG_6) =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1772600.gds4ay7WBx Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQBEJZxHXyyEoT62BG0RAoXsAJ4pv+r/VrnsPgeEGWDeFjX2rCkHEgCfWWl2 djtzllX/+K3Y8yD7mXVBIMs= =Y0Yi -----END PGP SIGNATURE----- --nextPart1772600.gds4ay7WBx-- From owner-freebsd-net@FreeBSD.ORG Sat Mar 25 20:08:13 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E3F6916A401 for ; Sat, 25 Mar 2006 20:08:13 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183]) by mx1.FreeBSD.org (Postfix) with ESMTP id 49C6243D46 for ; Sat, 25 Mar 2006 20:08:13 +0000 (GMT) (envelope-from max@love2party.net) Received: from [88.64.182.36] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu4) with ESMTP (Nemesis), id 0ML21M-1FNF3L3BVi-0002GF; Sat, 25 Mar 2006 21:08:04 +0100 From: Max Laier Organization: FreeBSD To: freebsd-net@freebsd.org Date: Sat, 25 Mar 2006 21:06:56 +0100 User-Agent: KMail/1.9.1 References: <200603210038.28520.max@love2party.net> <200603252038.47924.max@love2party.net> In-Reply-To: <200603252038.47924.max@love2party.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1487013.cFuSbAAhBq"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200603252107.02211.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: dima <_pppp@mail.ru>, Darren Pilgrim Subject: Re: New version of iwi(4) - Call for testers [regression!] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Mar 2006 20:08:14 -0000 --nextPart1487013.cFuSbAAhBq Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 25 March 2006 20:38, Max Laier wrote: > The tarball also doesn't > include any firmware. net/iwi-firmware-kmod is all you need! lies ... there is a problem with iwi-firmware-kmod. I'm investigating. Fo= r=20 now you can just use the firmware from this tarball:=20 http://people.freebsd.org/~mlaier/new_iwi/20060315.both.tgz sorry. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1487013.cFuSbAAhBq Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQBEJaLmXyyEoT62BG0RAokMAJ9kStmdqJWoGiids3LvTSpg/BJWHgCffcu2 imqC8ABhInzFij1+5DYH7x4= =a9zQ -----END PGP SIGNATURE----- --nextPart1487013.cFuSbAAhBq-- From owner-freebsd-net@FreeBSD.ORG Sat Mar 25 20:26:37 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB67816A422 for ; Sat, 25 Mar 2006 20:26:37 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by mx1.FreeBSD.org (Postfix) with ESMTP id 34B2143D45 for ; Sat, 25 Mar 2006 20:26:37 +0000 (GMT) (envelope-from max@love2party.net) Received: from [88.64.182.36] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu3) with ESMTP (Nemesis), id 0MKxQS-1FNFLF3T2S-0005fV; Sat, 25 Mar 2006 21:26:34 +0100 From: Max Laier Organization: FreeBSD To: freebsd-net@freebsd.org Date: Sat, 25 Mar 2006 21:25:25 +0100 User-Agent: KMail/1.9.1 References: <200603252038.47924.max@love2party.net> <200603252107.02211.max@love2party.net> In-Reply-To: <200603252107.02211.max@love2party.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1253661.CcCdU9IY9v"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200603252125.31779.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: dima <_pppp@mail.ru>, Darren Pilgrim Subject: Re: New version of iwi(4) - Call for testers [regression!] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Mar 2006 20:26:37 -0000 --nextPart1253661.CcCdU9IY9v Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 25 March 2006 21:06, Max Laier wrote: > On Saturday 25 March 2006 20:38, Max Laier wrote: > > The tarball also doesn= 't > > include any firmware. net/iwi-firmware-kmod is all you need! > > lies ... there is a problem with iwi-firmware-kmod. I'm investigating.=20 Okay, http://people.freebsd.org/~mlaier/firmware.diff is a stopgap sollutio= n=20 to make iwi-firmware-kmod useable. Florent will commit a proper version=20 later. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1253661.CcCdU9IY9v Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQBEJac7XyyEoT62BG0RAkkAAJwN9LZS82AmE9nJcqRu7Ug976/e1gCfYM9B zSPJoORsehljqO1iMw2lbPg= =M+O7 -----END PGP SIGNATURE----- --nextPart1253661.CcCdU9IY9v-- From owner-freebsd-net@FreeBSD.ORG Sat Mar 25 22:05:55 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C66C616A420 for ; Sat, 25 Mar 2006 22:05:55 +0000 (UTC) (envelope-from asegu_fbsdnet@borgtech.ca) Received: from borgtech.ca (borgtech.ca [216.187.106.216]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B15A43D46 for ; Sat, 25 Mar 2006 22:05:55 +0000 (GMT) (envelope-from asegu_fbsdnet@borgtech.ca) Received: from localhost (localhost.borgtech.ca [127.0.0.1]) by borgtech.ca (Postfix) with ESMTP id 419EF54BC for ; Sat, 25 Mar 2006 22:05:54 +0000 (GMT) Received: from borgtech.ca ([127.0.0.1]) by localhost (borg.internal.borgtech.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 69932-09 for ; Sat, 25 Mar 2006 22:05:46 +0000 (GMT) Received: from [161.53.212.252] (unknown [161.53.212.252]) by borgtech.ca (Postfix) with ESMTP id 6D5A354B7 for ; Sat, 25 Mar 2006 22:05:44 +0000 (GMT) Message-ID: <4425BE7F.3030708@borgtech.ca> Date: Sat, 25 Mar 2006 23:04:47 +0100 From: Andrew Seguin User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <442304AD.1010709@borgtech.ca> In-Reply-To: <442304AD.1010709@borgtech.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at borgtech.ca Subject: Re: net.link.ether.bridge.config effeciency for more then 2 interfaces? [solved of sorts] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Mar 2006 22:05:55 -0000 Andrew Seguin wrote: > I'm trying to get a vlan based firewall working, but having a problem > with ARP & DHCP not working well > (dhcp could be maybe not working well because of ARP) > > The network is setup: > IP: xyz.zyx.xzy.0/24 > [ISP router -> ISP Switch] -> firewall ->{vlans-tagged}->layer2 > switch->other switches > (I don't have the authoritzation to put the firewall between the ISP > router/switch unfortunatly) The problem kept nagging at my head... a solution finnally came to me... the switch between the two routers is the problem. So I needed an ARP solution... a bit of googling and I found proxy_arp for linux and a two clicks later found choparp. A quick test... and it works! Simply I run choparp fxp0 xyz.zyx.xzy.16/28 xyz.zyx.xzy.32/27 xyz.zyx.xzy.64/26 xyz.zyx.xzy.128/25 and voila... no more need for a bridge! :) I still don't know why bridging two vlans to the main internet connection was wrotten performance for ARP, but at least this way it works and it's more satisfying by not using bridge anymore. Thanks to those on this list for having helped me several times before and for simply being there for others! Andrew From owner-freebsd-net@FreeBSD.ORG Sat Mar 25 22:40:46 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B135716A400 for ; Sat, 25 Mar 2006 22:40:46 +0000 (UTC) (envelope-from czhao@metcomm.net) Received: from mx1-vdb.metcomm.net (mx1-vdb.metcomm.net [198.143.64.151]) by mx1.FreeBSD.org (Postfix) with ESMTP id F195A43D5D for ; Sat, 25 Mar 2006 22:40:44 +0000 (GMT) (envelope-from czhao@metcomm.net) Received: from localhost (localhost [127.0.0.1]) by mx1-vdb.metcomm.net (Postfix) with ESMTP id 8D4C85C22 for ; Sat, 25 Mar 2006 17:40:43 -0500 (EST) Received: from [10.0.0.10] (66-234-40-134.nyc.cable.nyct.net [66.234.40.134]) by mx1-vdb.metcomm.net (Postfix) with ESMTP for ; Sat, 25 Mar 2006 17:40:40 -0500 (EST) Message-ID: <4425C661.8090406@metcomm.net> Date: Sat, 25 Mar 2006 17:38:25 -0500 From: czhao@metcomm.net User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at metcomm.net Subject: Problem in net-snmp 5.2.x. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Mar 2006 22:40:46 -0000 Hi, I recently upgraded the net-snmp package on some servers from 5.1.x to 5.2.2_1, and found that the "manual discovery" option in JFFNMS would not find any CPUs. I managed to get OpenNMS (marginally) working, and it also does not find the CPU on systems running the newer net-snmp package. Systems running the older net-snmp 5.1_4 package have their cpus detected without problems. Also, note that if a system was previously discovered to have cpus and already stored in the database, the cpu information continues to be updated. This indicates that the ucdavis.systemStats tree seems to be functioning when queried directly (snmpwalk confirms). I tracked down the manual discovery code in JFF and found (I believe) that a difference in the return value of .1.3.6.1.2.1.1 is causing the problem. Doing on snmpwalk on this OID returns many lines, but the second line, for 'SNMPv2-MIB::sysObjectID.0' returns a value of 'OID: NET-SNMP-MIB::netSnmpAgenOIDs.255' on systems without the problem and a value of 'OID: SNMPv2-SMI::dod.0.0.0.0.0.0.0' on system that do have this problem. It seems the monitoring packages are using the return value to determine the type of system and which MIB/OID to use to poll for host information data. I have the following questions: 1) Is anyone else seeing this problem or can confirm it's not a problem on just my systems? 2) Does anyone know if this was an intentional change? 3) What is the "correct" workaround? Is there a way to specify the old return value in snmpd.conf for example? I've looked through the documentation but I'm not sufficiently familiar with the operation of the package or snmp to figure it out. This problem seems to occur regardless of the FBSD version (tried on 4.11 and 6.0). Thanks for your interest.