From owner-freebsd-net Tue Aug 4 04:06:23 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id EAA05292 for freebsd-net-outgoing; Tue, 4 Aug 1998 04:06:23 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from ifi.uio.no (ifi.uio.no [129.240.64.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA05287 for ; Tue, 4 Aug 1998 04:06:21 -0700 (PDT) (envelope-from dag-erli@ifi.uio.no) Received: from hrotti.ifi.uio.no (2602@hrotti.ifi.uio.no [129.240.64.15]) by ifi.uio.no (8.8.8/8.8.7/ifi0.2) with ESMTP id NAA20113 for ; Tue, 4 Aug 1998 13:06:10 +0200 (MET DST) Received: (from dag-erli@localhost) by hrotti.ifi.uio.no ; Tue, 4 Aug 1998 13:06:09 +0200 (MET DST) Mime-Version: 1.0 To: net@FreeBSD.ORG Subject: FreeBSD vs. Cisco Organization: University of Oslo, Department of Informatics X-url: http://www.stud.ifi.uio.no/~dag-erli/ X-other-addresses: 'finger dag-erli@ifi.uio.no' for a list X-disclaimer-1: The views expressed in this article are mine alone, and do X-disclaimer-2: not necessarily coincide with those of any organisation or X-disclaimer-3: company with which am or have been affiliated. X-Stop-Spam: http://www.cauce.org/ From: dag-erli@ifi.uio.no (Dag-Erling Coidan =?iso-8859-1?Q?Sm=F8rgrav?= ) Date: 04 Aug 1998 13:06:09 +0200 Message-ID: Lines: 14 X-Mailer: Gnus v5.5/Emacs 19.34 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id EAA05288 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ISTR several reports of FreeBSD machines having seemingly unexplainable trouble talking to the outside world through a Cisco router, but can't seem to find anything of relevance in the list archives. Am I remembering correctly? The background for this question is that I have a FreeBSD box which seems to never respond to IGMP. I'd do a tcpdump, but I'm twenty-three hops away with a half-second round-trip time, which makes any interaction with that machine an exercise in patience (not to mention the interesting exponential feedback loop you get when you send the output of an unfiltered tcpdump over the interface which you're monitoring) DES -- Dag-Erling Smørgrav - dag-erli@ifi.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Aug 4 10:06:28 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA11802 for freebsd-net-outgoing; Tue, 4 Aug 1998 10:06:28 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from galois.boolean.net (galois.boolean.net [209.133.111.74]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA11756 for ; Tue, 4 Aug 1998 10:06:21 -0700 (PDT) (envelope-from Kurt@Boolean.Net) Received: from gypsy (galois.boolean.net [209.133.111.74]) by galois.boolean.net (8.8.8/8.8.8) with SMTP id RAA22358 for ; Tue, 4 Aug 1998 17:06:30 GMT (envelope-from Kurt@Boolean.Net) Message-Id: <3.0.5.32.19980804095330.00963790@127.0.0.1> X-Sender: guru@127.0.0.1 (Unverified) X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Tue, 04 Aug 1998 09:53:30 -0700 To: freebsd-net@FreeBSD.ORG From: "Kurt D. Zeilenga" Subject: monitoring aggregate traffic Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I was wonderring what others are using to monitor aggregate bandwidth. That is, by proto, by port, by dst, by src, etc. Whether the tool supports tracking of min/max/averages, control over aging of inactive entries, recording of top entires (regradless of their current activity), and integration with graphing tools (such as MTRG)? I am current hacking the hell out of trafshow to allow aggregation of entries. (trafshow is curses-based and runs well when logged in over small pipes). My first hack was simple, I added an option, -i which takes a string descibing what to ignore when recording entries. -i "sd" causes both source and dest ports to be ignored, aggregates hostA->hostB traffic. -i "Dsd" ignores dest address and ports and hence aggregates talkers. I also changed the sort function to compare current bytes instead of total bytes. To sort out my particular problem (occassional bcast spikes), I've been running: mytrafshow -p -i "Dsd" ether broadcast (bcast by dst) mytrafshow -p -i "SDs" ether broadcast (bcast by dport) This has allowed me to easily monitor the bandwidth utilization in realtime. Of course, I really don't want be setting in front of my terminal all week waiting for the next unexplained spike. I've started my second round of hacking to record min/max/avg for each entry and to make some display improvements (my first hack didn't make any display changes, see below), to allow control over aging of entries, and to have a history page of top/most spikers. The third round, I guess, would be to export the stats so they can integrated with MTRG or the like. Of course, I rather not have to reinvent this wheel... (this is a distraction from real work). I'd like to hear about what tools you use to monitor your networks. Here is an example of my current hack showing aggregated by port. >From Address To Address Proto Bytes CPS ============================================================================ ==== 0.0.0.0..netbios- 0.0.0.0..netbios- udp 1735074 226 0.0.0.0..router 0.0.0.0..router udp 985428 191 0.0.0.0..netbios- 0.0.0.0..netbios- udp 1345037 163 0.0.0.0..bootpc 0.0.0.0..bootps udp 335872 32 0.0.0.0..bootps 0.0.0.0..bootpc udp 155800 32 0.0.0.0..who 0.0.0.0..who udp 5480 3 0.0.0.0..2396 0.0.0.0..sunrpc udp 336 3 0.0.0.0..timed 0.0.0.0..timed udp 104 3 0.0.0.0 0.0.0.0 unkn 46 1 0.0.0.0 0.0.0.0 icmp 36 1 (fxp0) TCP pkts: 0 UDP pkts: 34341 KBytes: 4698 Page 1 of 1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Aug 4 18:47:31 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA10431 for freebsd-net-outgoing; Tue, 4 Aug 1998 18:47:31 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA10422 for ; Tue, 4 Aug 1998 18:47:17 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.8.8/8.8.8) id VAA05270; Tue, 4 Aug 1998 21:47:05 -0400 (EDT) (envelope-from wollman) Date: Tue, 4 Aug 1998 21:47:05 -0400 (EDT) From: Garrett Wollman Message-Id: <199808050147.VAA05270@khavrinen.lcs.mit.edu> To: net@FreeBSD.ORG Subject: Socket option processing changes Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Here's a patch I am presently developing. It works on my machine (or, rather, hasn't crashed yet). It does not include support for anything that isn't included in my laptop's config file. This is the last of the ``easy'' mbuf types to remove... The standard behavior of returning EINVAL when the provided option buffer is too short ought to be documented. If you have a patch for your favorite protocol or option set, please send it to me. Obviously, I'd like some other reports of success or failure. -GAWollman Index: kern/uipc_proto.c =================================================================== RCS file: /home/cvs/src/sys/kern/uipc_proto.c,v retrieving revision 1.16 diff -u -r1.16 uipc_proto.c --- uipc_proto.c 1998/06/21 14:53:18 1.16 +++ uipc_proto.c 1998/08/05 01:25:02 @@ -41,6 +41,7 @@ #include #include #include +#include #include Index: kern/uipc_socket.c =================================================================== RCS file: /home/cvs/src/sys/kern/uipc_socket.c,v retrieving revision 1.42 diff -u -r1.42 uipc_socket.c --- uipc_socket.c 1998/07/18 18:48:45 1.42 +++ uipc_socket.c 1998/08/05 01:25:02 @@ -898,31 +898,69 @@ sbrelease(&asb); } +/* + * Perhaps this routine, and sooptcopyout(), below, ought to come in + * an additional variant to handle the case where the option value needs + * to be some kind of integer, but not a specific size. + * In addition to their use here, these functions are also called by the + * protocol-level pr_ctloutput() routines. + */ int -sosetopt(so, level, optname, m0, p) - register struct socket *so; - int level, optname; - struct mbuf *m0; - struct proc *p; +sooptcopyin(sopt, buf, len, minlen) + struct sockopt *sopt; + void *buf; + size_t len; + size_t minlen; { - int error = 0; - register struct mbuf *m = m0; + size_t valsize; - if (level != SOL_SOCKET) { + /* + * If the user gives us more than we wanted, we ignore it, + * but if we don't get the minimum length the caller + * wants, we return EINVAL. On success, sopt->sopt_valsize + * is set to however much we actually retrieved. + */ + if ((valsize = sopt->sopt_valsize) < minlen) + return EINVAL; + if (valsize > len) + sopt->sopt_valsize = valsize = len; + + if (sopt->sopt_p != 0) + return (copyin(sopt->sopt_val, buf, valsize)); + + bcopy(sopt->sopt_val, buf, valsize); + return 0; +} + +int +sosetopt(so, sopt) + struct socket *so; + struct sockopt *sopt; +{ + int error, optval; + struct linger l; + struct timeval tv; + short val; + + error = 0; + if (sopt->sopt_level != SOL_SOCKET) { if (so->so_proto && so->so_proto->pr_ctloutput) return ((*so->so_proto->pr_ctloutput) - (PRCO_SETOPT, so, level, optname, &m0, p)); + (so, sopt)); error = ENOPROTOOPT; } else { - switch (optname) { - + switch (sopt->sopt_name) { case SO_LINGER: - if (m == NULL || m->m_len != sizeof (struct linger)) { - error = EINVAL; + error = sooptcopyin(sopt, &l, sizeof l, sizeof l); + if (error) goto bad; - } - so->so_linger = mtod(m, struct linger *)->l_linger; - /* fall thru... */ + + so->so_linger = l.l_linger; + if (l.l_onoff) + so->so_options |= SO_LINGER; + else + so->so_options &= ~SO_LINGER; + break; case SO_DEBUG: case SO_KEEPALIVE: @@ -933,45 +971,40 @@ case SO_REUSEPORT: case SO_OOBINLINE: case SO_TIMESTAMP: - if (m == NULL || m->m_len < sizeof (int)) { - error = EINVAL; + error = sooptcopyin(sopt, &optval, sizeof optval, + sizeof optval); + if (error) goto bad; - } - if (*mtod(m, int *)) - so->so_options |= optname; + if (optval) + so->so_options |= sopt->sopt_name; else - so->so_options &= ~optname; + so->so_options &= ~sopt->sopt_name; break; case SO_SNDBUF: case SO_RCVBUF: case SO_SNDLOWAT: case SO_RCVLOWAT: - { - int optval; - - if (m == NULL || m->m_len < sizeof (int)) { - error = EINVAL; + error = sooptcopyin(sopt, &optval, sizeof optval, + sizeof optval); + if (error) goto bad; - } /* * Values < 1 make no sense for any of these * options, so disallow them. */ - optval = *mtod(m, int *); if (optval < 1) { error = EINVAL; goto bad; } - switch (optname) { - + switch (sopt->sopt_name) { case SO_SNDBUF: case SO_RCVBUF: - if (sbreserve(optname == SO_SNDBUF ? - &so->so_snd : &so->so_rcv, - (u_long) optval) == 0) { + if (sbreserve(sopt->sopt_name == SO_SNDBUF ? + &so->so_snd : &so->so_rcv, + (u_long) optval) == 0) { error = ENOBUFS; goto bad; } @@ -993,27 +1026,21 @@ break; } break; - } case SO_SNDTIMEO: case SO_RCVTIMEO: - { - struct timeval *tv; - short val; - - if (m == NULL || m->m_len < sizeof (*tv)) { - error = EINVAL; + error = sooptcopyin(sopt, &tv, sizeof tv, + sizeof tv); + if (error) goto bad; - } - tv = mtod(m, struct timeval *); - if (tv->tv_sec > SHRT_MAX / hz - hz) { + + if (tv.tv_sec > SHRT_MAX / hz - hz) { error = EDOM; goto bad; } - val = tv->tv_sec * hz + tv->tv_usec / tick; - - switch (optname) { + val = tv.tv_sec * hz + tv.tv_usec / tick; + switch (sopt->sopt_name) { case SO_SNDTIMEO: so->so_snd.sb_timeo = val; break; @@ -1022,7 +1049,6 @@ break; } break; - } default: error = ENOPROTOOPT; @@ -1030,42 +1056,69 @@ } if (error == 0 && so->so_proto && so->so_proto->pr_ctloutput) { (void) ((*so->so_proto->pr_ctloutput) - (PRCO_SETOPT, so, level, optname, &m0, p)); - m = NULL; /* freed by protocol */ + (so, sopt)); } } bad: - if (m) - (void) m_free(m); return (error); } +/* Helper routine for getsockopt */ int -sogetopt(so, level, optname, mp, p) - register struct socket *so; - int level, optname; - struct mbuf **mp; - struct proc *p; +sooptcopyout(sopt, buf, len) + struct sockopt *sopt; + void *buf; + size_t len; { - register struct mbuf *m; + int error; + size_t valsize; + + error = 0; + + /* + * Documented get behavior is that we always return a value, + * possibly truncated to fit in the user's buffer. + * We leave the correct length in sopt->sopt_valsize, + * to be copied out in getsockopt(). Note that this + * interface is not idempotent; the entire answer must + * generated ahead of time. + */ + valsize = len; + if (sopt->sopt_valsize < valsize) { + valsize = sopt->sopt_valsize; + sopt->sopt_valsize = len; + } + if (sopt->sopt_val != 0) { + if (sopt->sopt_p != 0) + error = copyout(buf, sopt->sopt_val, valsize); + else + bcopy(buf, sopt->sopt_val, valsize); + } + return error; +} - if (level != SOL_SOCKET) { +int +sogetopt(so, sopt) + struct socket *so; + struct sockopt *sopt; +{ + int error, optval; + struct linger l; + struct timeval tv; + + error = 0; + if (sopt->sopt_level != SOL_SOCKET) { if (so->so_proto && so->so_proto->pr_ctloutput) { return ((*so->so_proto->pr_ctloutput) - (PRCO_GETOPT, so, level, optname, mp, p)); + (so, sopt)); } else return (ENOPROTOOPT); } else { - m = m_get(M_WAIT, MT_SOOPTS); - m->m_len = sizeof (int); - - switch (optname) { - + switch (sopt->sopt_name) { case SO_LINGER: - m->m_len = sizeof (struct linger); - mtod(m, struct linger *)->l_onoff = - so->so_options & SO_LINGER; - mtod(m, struct linger *)->l_linger = so->so_linger; + l.l_onoff = so->so_options & SO_LINGER; + l.l_linger = so->so_linger; + error = sooptcopyout(sopt, &l, sizeof l); break; case SO_USELOOPBACK: @@ -1077,53 +1130,51 @@ case SO_BROADCAST: case SO_OOBINLINE: case SO_TIMESTAMP: - *mtod(m, int *) = so->so_options & optname; + optval = so->so_options & sopt->sopt_name; +integer: + error = sooptcopyout(sopt, &optval, sizeof optval); break; case SO_TYPE: - *mtod(m, int *) = so->so_type; - break; + optval = so->so_type; + goto integer; case SO_ERROR: - *mtod(m, int *) = so->so_error; + optval = so->so_error; so->so_error = 0; - break; + goto integer; case SO_SNDBUF: - *mtod(m, int *) = so->so_snd.sb_hiwat; - break; + optval = so->so_snd.sb_hiwat; + goto integer; case SO_RCVBUF: - *mtod(m, int *) = so->so_rcv.sb_hiwat; - break; + optval = so->so_rcv.sb_hiwat; + goto integer; case SO_SNDLOWAT: - *mtod(m, int *) = so->so_snd.sb_lowat; - break; + optval = so->so_snd.sb_lowat; + goto integer; case SO_RCVLOWAT: - *mtod(m, int *) = so->so_rcv.sb_lowat; - break; + optval = so->so_rcv.sb_lowat; + goto integer; case SO_SNDTIMEO: case SO_RCVTIMEO: - { - int val = (optname == SO_SNDTIMEO ? - so->so_snd.sb_timeo : so->so_rcv.sb_timeo); - - m->m_len = sizeof(struct timeval); - mtod(m, struct timeval *)->tv_sec = val / hz; - mtod(m, struct timeval *)->tv_usec = - (val % hz) * tick; - break; - } + optval = (sopt->sopt_name == SO_SNDTIMEO ? + so->so_snd.sb_timeo : so->so_rcv.sb_timeo); + + tv.tv_sec = optval / hz; + tv.tv_usec = (optval % hz) * tick; + error = sooptcopyout(sopt, &tv, sizeof tv); + break; default: - (void)m_free(m); - return (ENOPROTOOPT); + error = ENOPROTOOPT; + break; } - *mp = m; - return (0); + return (error); } } Index: kern/uipc_syscalls.c =================================================================== RCS file: /home/cvs/src/sys/kern/uipc_syscalls.c,v retrieving revision 1.40 diff -u -r1.40 uipc_syscalls.c --- uipc_syscalls.c 1998/06/10 10:30:23 1.40 +++ uipc_syscalls.c 1998/08/05 01:25:02 @@ -981,34 +981,26 @@ } */ *uap; { struct file *fp; - struct mbuf *m = NULL; + struct sockopt sopt; int error; + if (uap->val == 0 && uap->valsize != 0) + return (EFAULT); + if (uap->valsize < 0) + return (EINVAL); + error = getsock(p->p_fd, uap->s, &fp); if (error) return (error); - if (uap->valsize > MCLBYTES) - return (EINVAL); - if (uap->val) { - m = m_get(M_WAIT, MT_SOOPTS); - if (m == NULL) - return (ENOBUFS); - if (uap->valsize > MLEN) { - MCLGET(m, M_WAIT); - if(!(m->m_flags & M_EXT)) { - m_free(m); - return (ENOBUFS); - } - } - error = copyin(uap->val, mtod(m, caddr_t), (u_int)uap->valsize); - if (error) { - (void) m_free(m); - return (error); - } - m->m_len = uap->valsize; - } - return (sosetopt((struct socket *)fp->f_data, uap->level, - uap->name, m, p)); + + sopt.sopt_dir = SOPT_SET; + sopt.sopt_level = uap->level; + sopt.sopt_name = uap->name; + sopt.sopt_val = uap->val; + sopt.sopt_valsize = uap->valsize; + sopt.sopt_p = p; + + return (sosetopt((struct socket *)fp->f_data, &sopt)); } /* ARGSUSED */ @@ -1023,9 +1015,9 @@ int *avalsize; } */ *uap; { - struct file *fp; - struct mbuf *m = NULL, *m0; - int op, i, valsize, error; + int valsize, error; + struct file *fp; + struct sockopt sopt; error = getsock(p->p_fd, uap->s, &fp); if (error) @@ -1035,26 +1027,24 @@ sizeof (valsize)); if (error) return (error); + if (valsize < 0) + return (EINVAL); } else valsize = 0; - if ((error = sogetopt((struct socket *)fp->f_data, uap->level, - uap->name, &m, p)) == 0 && uap->val && valsize && m != NULL) { - op = 0; - while (m && !error && op < valsize) { - i = min(m->m_len, (valsize - op)); - error = copyout(mtod(m, caddr_t), uap->val, (u_int)i); - op += i; - uap->val += i; - m0 = m; - MFREE(m0,m); - } - valsize = op; - if (error == 0) - error = copyout((caddr_t)&valsize, - (caddr_t)uap->avalsize, sizeof (valsize)); + + sopt.sopt_dir = SOPT_GET; + sopt.sopt_level = uap->level; + sopt.sopt_name = uap->name; + sopt.sopt_val = uap->val; + sopt.sopt_valsize = (size_t)valsize; /* checked non-negative above */ + sopt.sopt_p = p; + + error = sogetopt((struct socket *)fp->f_data, &sopt); + if (error == 0) { + valsize = sopt.sopt_valsize; + error = copyout((caddr_t)&valsize, + (caddr_t)uap->avalsize, sizeof (valsize)); } - if (m != NULL) - (void) m_free(m); return (error); } Index: net/if_vlan.c =================================================================== RCS file: /home/cvs/src/sys/net/if_vlan.c,v retrieving revision 1.2 diff -u -r1.2 if_vlan.c --- if_vlan.c 1998/05/15 20:02:47 1.2 +++ if_vlan.c 1998/08/05 01:25:06 @@ -80,7 +80,7 @@ static void vlan_start(struct ifnet *ifp); static void vlan_ifinit(void *foo); -static int vlan_ioctl(struct ifnet *ifp, int cmd, caddr_t addr); +static int vlan_ioctl(struct ifnet *ifp, u_long cmd, caddr_t addr); static void vlaninit(void *dummy) @@ -262,7 +262,7 @@ } static int -vlan_ioctl(struct ifnet *ifp, int cmd, caddr_t data) +vlan_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) { struct ifaddr *ifa; struct ifnet *p; Index: netinet/in.h =================================================================== RCS file: /home/cvs/src/sys/netinet/in.h,v retrieving revision 1.36 diff -u -r1.36 in.h --- in.h 1998/07/06 03:20:12 1.36 +++ in.h 1998/08/05 01:25:07 @@ -429,21 +429,6 @@ int in_localaddr __P((struct in_addr)); char *inet_ntoa __P((struct in_addr)); /* in libkern */ -/* Firewall hooks */ -struct ip; -typedef int ip_fw_chk_t __P((struct ip**, int, struct ifnet*, u_int16_t*, struct mbuf**, struct sockaddr_in**)); -typedef int ip_fw_ctl_t __P((int, struct mbuf**)); -extern ip_fw_chk_t *ip_fw_chk_ptr; -extern ip_fw_ctl_t *ip_fw_ctl_ptr; - -/* IP NAT hooks */ -typedef int ip_nat_t __P((struct ip**, struct mbuf**, struct ifnet*, int)); -typedef int ip_nat_ctl_t __P((int, struct mbuf**)); -extern ip_nat_t *ip_nat_ptr; -extern ip_nat_ctl_t *ip_nat_ctl_ptr; -#define IP_NAT_IN 0x00000001 -#define IP_NAT_OUT 0x00000002 - #endif /* KERNEL */ #endif Index: netinet/in_proto.c =================================================================== RCS file: /home/cvs/src/sys/netinet/in_proto.c,v retrieving revision 1.46 diff -u -r1.46 in_proto.c --- in_proto.c 1998/03/21 11:33:57 1.46 +++ in_proto.c 1998/08/05 01:25:07 @@ -71,15 +71,6 @@ #include #endif -#ifdef TPIP -void tpip_input(), tpip_ctlinput(), tp_init(), tp_slowtimo(), tp_drain(); -int tp_ctloutput(), tp_usrreq(); -#endif - -#ifdef EON -void eoninput(), eonctlinput(), eonprotoinit(); -#endif /* EON */ - extern struct domain inetdomain; static struct pr_usrreqs nousrreqs; Index: netinet/ip_fw.h =================================================================== RCS file: /home/cvs/src/sys/netinet/ip_fw.h,v retrieving revision 1.33 diff -u -r1.33 ip_fw.h --- ip_fw.h 1998/07/06 03:20:15 1.33 +++ ip_fw.h 1998/08/05 01:25:07 @@ -184,6 +184,23 @@ */ void ip_fw_init __P((void)); +/* Firewall hooks */ +struct ip; +struct sockopt; +typedef int ip_fw_chk_t __P((struct ip **, int, struct ifnet *, u_int16_t *, + struct mbuf **, struct sockaddr_in **)); +typedef int ip_fw_ctl_t __P((struct sockopt *)); +extern ip_fw_chk_t *ip_fw_chk_ptr; +extern ip_fw_ctl_t *ip_fw_ctl_ptr; + +/* IP NAT hooks */ +typedef int ip_nat_t __P((struct ip **, struct mbuf **, struct ifnet *, int)); +typedef int ip_nat_ctl_t __P((struct sockopt *)); +extern ip_nat_t *ip_nat_ptr; +extern ip_nat_ctl_t *ip_nat_ctl_ptr; +#define IP_NAT_IN 0x00000001 +#define IP_NAT_OUT 0x00000002 + #endif /* KERNEL */ #endif /* _IP_FW_H */ Index: netinet/ip_input.c =================================================================== RCS file: /home/cvs/src/sys/netinet/ip_input.c,v retrieving revision 1.97 diff -u -r1.97 ip_input.c --- ip_input.c 1998/07/13 12:12:24 1.97 +++ ip_input.c 1998/08/05 01:25:09 @@ -142,6 +142,9 @@ #endif #ifdef COMPAT_IPFW + +#include + /* Firewall hooks */ ip_fw_chk_t *ip_fw_chk_ptr; ip_fw_ctl_t *ip_fw_ctl_ptr; @@ -1234,7 +1237,7 @@ if (ip_nhops == 0) return ((struct mbuf *)0); - m = m_get(M_DONTWAIT, MT_SOOPTS); + m = m_get(M_DONTWAIT, MT_HEADER); if (m == 0) return ((struct mbuf *)0); Index: netinet/ip_mroute.c =================================================================== RCS file: /home/cvs/src/sys/netinet/ip_mroute.c,v retrieving revision 1.47 diff -u -r1.47 ip_mroute.c --- ip_mroute.c 1998/06/30 10:56:31 1.47 +++ ip_mroute.c 1998/08/05 01:25:14 @@ -54,10 +54,8 @@ extern int _ip_mforward __P((struct ip *ip, struct ifnet *ifp, struct mbuf *m, struct ip_moptions *imo)); extern int _ip_mrouter_done __P((void)); -extern int _ip_mrouter_get __P((int cmd, struct socket *so, - struct mbuf **m)); -extern int _ip_mrouter_set __P((int cmd, struct socket *so, - struct mbuf *m)); +extern int _ip_mrouter_get __P((struct socket *so, struct sockopt *sopt)); +extern int _ip_mrouter_set __P((struct socket *so, struct sockopt *sopt)); extern int _mrt_ioctl __P((int req, caddr_t data, struct proc *p)); /* @@ -70,27 +68,25 @@ u_int rsvpdebug = 0; int -_ip_mrouter_set(cmd, so, m) - int cmd; +_ip_mrouter_set(so, sopt) struct socket *so; - struct mbuf *m; + struct sockopt *sopt; { return(EOPNOTSUPP); } -int (*ip_mrouter_set)(int, struct socket *, struct mbuf *) = _ip_mrouter_set; +int (*ip_mrouter_set)(struct socket *, struct sockopt *) = _ip_mrouter_set; int -_ip_mrouter_get(cmd, so, m) - int cmd; +_ip_mrouter_get(so, sopt) struct socket *so; - struct mbuf **m; + struct sockopt *sopt; { return(EOPNOTSUPP); } -int (*ip_mrouter_get)(int, struct socket *, struct mbuf **) = _ip_mrouter_get; +int (*ip_mrouter_get)(struct socket *, struct sockopt *) = _ip_mrouter_get; int _ip_mrouter_done() @@ -161,17 +157,17 @@ u_long (*ip_mcast_src)(int) = _ip_mcast_src; int -ip_rsvp_vif_init(so, m) +ip_rsvp_vif_init(so, sopt) struct socket *so; - struct mbuf *m; + struct sockopt *sopt; { return(EINVAL); } int -ip_rsvp_vif_done(so, m) +ip_rsvp_vif_done(so, sopt) struct socket *so; - struct mbuf *m; + struct sockopt *sopt; { return(EINVAL); } Index: netinet/ip_mroute.h =================================================================== RCS file: /home/cvs/src/sys/netinet/ip_mroute.h,v retrieving revision 1.13 diff -u -r1.13 ip_mroute.h --- ip_mroute.h 1997/02/22 09:41:35 1.13 +++ ip_mroute.h 1998/08/05 01:25:15 @@ -248,8 +248,10 @@ #ifdef KERNEL -extern int (*ip_mrouter_set) __P((int, struct socket *, struct mbuf *)); -extern int (*ip_mrouter_get) __P((int, struct socket *, struct mbuf **)); +struct sockopt; + +extern int (*ip_mrouter_set) __P((struct socket *, struct sockopt *)); +extern int (*ip_mrouter_get) __P((struct socket *, struct sockopt *)); extern int (*ip_mrouter_done) __P((void)); #ifdef MROUTING extern int (*mrt_ioctl) __P((int, caddr_t)); Index: netinet/ip_output.c =================================================================== RCS file: /home/cvs/src/sys/netinet/ip_output.c,v retrieving revision 1.79 diff -u -r1.79 ip_output.c --- ip_output.c 1998/07/13 12:12:25 1.79 +++ ip_output.c 1998/08/05 01:25:19 @@ -72,6 +72,10 @@ #undef COMPAT_IPFW #endif +#ifdef COMPAT_IPFW +#include +#endif + #ifdef IPFIREWALL_FORWARD_DEBUG #define print_ip(a) printf("%ld.%ld.%ld.%ld",(ntohl(a.s_addr)>>24)&0xFF,\ (ntohl(a.s_addr)>>16)&0xFF,\ @@ -85,10 +89,10 @@ static void ip_mloopback __P((struct ifnet *, struct mbuf *, struct sockaddr_in *, int)); static int ip_getmoptions - __P((int, struct ip_moptions *, struct mbuf **)); -static int ip_pcbopts __P((struct mbuf **, struct mbuf *)); + __P((struct sockopt *, struct ip_moptions *)); +static int ip_pcbopts __P((int, struct mbuf **, struct mbuf *)); static int ip_setmoptions - __P((int, struct ip_moptions **, struct mbuf *)); + __P((struct sockopt *, struct ip_moptions **)); #if defined(IPFILTER_LKM) || defined(IPFILTER) int ip_optcopy __P((struct ip *, struct ip *)); @@ -743,33 +747,43 @@ * IP socket option processing. */ int -ip_ctloutput(op, so, level, optname, mp, p) - int op; +ip_ctloutput(so, sopt) struct socket *so; - int level, optname; - struct mbuf **mp; - struct proc *p; + struct sockopt *sopt; { - register struct inpcb *inp = sotoinpcb(so); - register struct mbuf *m = *mp; - register int optval = 0; - int error = 0; + struct inpcb *inp = sotoinpcb(so); + int error, optval; - if (level != IPPROTO_IP) { - error = EINVAL; - if (op == PRCO_SETOPT && *mp) - (void) m_free(*mp); - } else switch (op) { + error = optval = 0; + if (sopt->sopt_level != IPPROTO_IP) { + return (EINVAL); + } - case PRCO_SETOPT: - switch (optname) { + switch (sopt->sopt_dir) { + case SOPT_SET: + switch (sopt->sopt_name) { case IP_OPTIONS: #ifdef notyet case IP_RETOPTS: - return (ip_pcbopts(optname, &inp->inp_options, m)); -#else - return (ip_pcbopts(&inp->inp_options, m)); #endif + { + struct mbuf *m; + if (sopt->sopt_valsize > MLEN) { + error = EMSGSIZE; + break; + } + MGET(m, sopt->sopt_p ? M_WAIT : M_DONTWAIT, MT_HEADER); + if (m == 0) { + error = ENOBUFS; + break; + } + m->m_len = sopt->sopt_valsize; + error = sooptcopyin(sopt, mtod(m, char *), m->m_len, + m->m_len); + + return (ip_pcbopts(sopt->sopt_name, &inp->inp_options, + m)); + } case IP_TOS: case IP_TTL: @@ -777,41 +791,40 @@ case IP_RECVRETOPTS: case IP_RECVDSTADDR: case IP_RECVIF: - if (m == 0 || m->m_len != sizeof(int)) - error = EINVAL; - else { - optval = *mtod(m, int *); - switch (optname) { + error = sooptcopyin(sopt, &optval, sizeof optval, + sizeof optval); + if (error) + break; - case IP_TOS: - inp->inp_ip_tos = optval; - break; + switch (sopt->sopt_name) { + case IP_TOS: + inp->inp_ip_tos = optval; + break; - case IP_TTL: - inp->inp_ip_ttl = optval; - break; + case IP_TTL: + inp->inp_ip_ttl = optval; + break; #define OPTSET(bit) \ if (optval) \ inp->inp_flags |= bit; \ else \ inp->inp_flags &= ~bit; - case IP_RECVOPTS: - OPTSET(INP_RECVOPTS); - break; + case IP_RECVOPTS: + OPTSET(INP_RECVOPTS); + break; - case IP_RECVRETOPTS: - OPTSET(INP_RECVRETOPTS); - break; + case IP_RECVRETOPTS: + OPTSET(INP_RECVRETOPTS); + break; - case IP_RECVDSTADDR: - OPTSET(INP_RECVDSTADDR); - break; + case IP_RECVDSTADDR: + OPTSET(INP_RECVDSTADDR); + break; - case IP_RECVIF: - OPTSET(INP_RECVIF); - break; - } + case IP_RECVIF: + OPTSET(INP_RECVIF); + break; } break; #undef OPTSET @@ -822,36 +835,34 @@ case IP_MULTICAST_LOOP: case IP_ADD_MEMBERSHIP: case IP_DROP_MEMBERSHIP: - error = ip_setmoptions(optname, &inp->inp_moptions, m); + error = ip_setmoptions(sopt, &inp->inp_moptions); break; case IP_PORTRANGE: - if (m == 0 || m->m_len != sizeof(int)) - error = EINVAL; - else { - optval = *mtod(m, int *); - - switch (optval) { + error = sooptcopyin(sopt, &optval, sizeof optval, + sizeof optval); + if (error) + break; - case IP_PORTRANGE_DEFAULT: - inp->inp_flags &= ~(INP_LOWPORT); - inp->inp_flags &= ~(INP_HIGHPORT); - break; + switch (optval) { + case IP_PORTRANGE_DEFAULT: + inp->inp_flags &= ~(INP_LOWPORT); + inp->inp_flags &= ~(INP_HIGHPORT); + break; - case IP_PORTRANGE_HIGH: - inp->inp_flags &= ~(INP_LOWPORT); - inp->inp_flags |= INP_HIGHPORT; - break; + case IP_PORTRANGE_HIGH: + inp->inp_flags &= ~(INP_LOWPORT); + inp->inp_flags |= INP_HIGHPORT; + break; - case IP_PORTRANGE_LOW: - inp->inp_flags &= ~(INP_HIGHPORT); - inp->inp_flags |= INP_LOWPORT; - break; + case IP_PORTRANGE_LOW: + inp->inp_flags &= ~(INP_HIGHPORT); + inp->inp_flags |= INP_LOWPORT; + break; - default: - error = EINVAL; - break; - } + default: + error = EINVAL; + break; } break; @@ -859,21 +870,19 @@ error = ENOPROTOOPT; break; } - if (m) - (void)m_free(m); break; - case PRCO_GETOPT: - switch (optname) { + case SOPT_GET: + switch (sopt->sopt_name) { case IP_OPTIONS: case IP_RETOPTS: - *mp = m = m_get(M_WAIT, MT_SOOPTS); - if (inp->inp_options) { - m->m_len = inp->inp_options->m_len; - bcopy(mtod(inp->inp_options, void *), - mtod(m, void *), m->m_len); - } else - m->m_len = 0; + if (inp->inp_options) + error = sooptcopyout(sopt, + mtod(inp->inp_options, + char *), + inp->inp_options->m_len); + else + sopt->sopt_valsize = 0; break; case IP_TOS: @@ -882,9 +891,8 @@ case IP_RECVRETOPTS: case IP_RECVDSTADDR: case IP_RECVIF: - *mp = m = m_get(M_WAIT, MT_SOOPTS); - m->m_len = sizeof(int); - switch (optname) { + case IP_PORTRANGE: + switch (sopt->sopt_name) { case IP_TOS: optval = inp->inp_ip_tos; @@ -911,8 +919,17 @@ case IP_RECVIF: optval = OPTBIT(INP_RECVIF); break; + + case IP_PORTRANGE: + if (inp->inp_flags & INP_HIGHPORT) + optval = IP_PORTRANGE_HIGH; + else if (inp->inp_flags & INP_LOWPORT) + optval = IP_PORTRANGE_LOW; + else + optval = 0; + break; } - *mtod(m, int *) = optval; + error = sooptcopyout(sopt, &optval, sizeof optval); break; case IP_MULTICAST_IF: @@ -921,21 +938,7 @@ case IP_MULTICAST_LOOP: case IP_ADD_MEMBERSHIP: case IP_DROP_MEMBERSHIP: - error = ip_getmoptions(optname, inp->inp_moptions, mp); - break; - - case IP_PORTRANGE: - *mp = m = m_get(M_WAIT, MT_SOOPTS); - m->m_len = sizeof(int); - - if (inp->inp_flags & INP_HIGHPORT) - optval = IP_PORTRANGE_HIGH; - else if (inp->inp_flags & INP_LOWPORT) - optval = IP_PORTRANGE_LOW; - else - optval = 0; - - *mtod(m, int *) = optval; + error = ip_getmoptions(sopt, inp->inp_moptions); break; default: @@ -953,12 +956,8 @@ * with destination address if source routed. */ static int -#ifdef notyet ip_pcbopts(optname, pcbopt, m) int optname; -#else -ip_pcbopts(pcbopt, m) -#endif struct mbuf **pcbopt; register struct mbuf *m; { @@ -1055,23 +1054,28 @@ } /* + * XXX + * The whole multicast option thing needs to be re-thought. + * Several of these options are equally applicable to non-multicast + * transmission, and one (IP_MULTICAST_TTL) totally duplicates a + * standard option (IP_TTL). + */ +/* * Set the IP multicast options in response to user setsockopt(). */ static int -ip_setmoptions(optname, imop, m) - int optname; +ip_setmoptions(sopt, imop) + struct sockopt *sopt; struct ip_moptions **imop; - struct mbuf *m; { - register int error = 0; - u_char loop; - register int i; + int error = 0; + int i; struct in_addr addr; - register struct ip_mreq *mreq; - register struct ifnet *ifp; - register struct ip_moptions *imo = *imop; + struct ip_mreq mreq; + struct ifnet *ifp; + struct ip_moptions *imo = *imop; struct route ro; - register struct sockaddr_in *dst; + struct sockaddr_in *dst; int s; if (imo == NULL) { @@ -1092,18 +1096,16 @@ imo->imo_num_memberships = 0; } - switch (optname) { + switch (sopt->sopt_name) { /* store an index number for the vif you wanna use in the send */ case IP_MULTICAST_VIF: - if (!legal_vif_num) { + if (legal_vif_num == 0) { error = EOPNOTSUPP; break; } - if (m == NULL || m->m_len != sizeof(int)) { - error = EINVAL; + error = sooptcopyin(sopt, &i, sizeof i, sizeof i); + if (error) break; - } - i = *(mtod(m, int *)); if (!legal_vif_num(i) && (i != -1)) { error = EINVAL; break; @@ -1115,11 +1117,9 @@ /* * Select the interface for outgoing multicast packets. */ - if (m == NULL || m->m_len != sizeof(struct in_addr)) { - error = EINVAL; + error = sooptcopyin(sopt, &addr, sizeof addr, sizeof addr); + if (error) break; - } - addr = *(mtod(m, struct in_addr *)); /* * INADDR_ANY is used to remove a previous selection. * When no interface is selected, a default one is @@ -1148,25 +1148,50 @@ case IP_MULTICAST_TTL: /* * Set the IP time-to-live for outgoing multicast packets. - */ - if (m == NULL || m->m_len != 1) { - error = EINVAL; - break; + * The original multicast API required a char argument, + * which is inconsistent with the rest of the socket API. + * We allow either a char or an int. + */ + if (sopt->sopt_valsize == 1) { + u_char ttl; + error = sooptcopyin(sopt, &ttl, 1, 1); + if (error) + break; + imo->imo_multicast_ttl = ttl; + } else { + u_int ttl; + error = sooptcopyin(sopt, &ttl, sizeof ttl, + sizeof ttl); + if (error) + break; + if (ttl > 255) + error = EINVAL; + else + imo->imo_multicast_ttl = ttl; } - imo->imo_multicast_ttl = *(mtod(m, u_char *)); break; case IP_MULTICAST_LOOP: /* * Set the loopback flag for outgoing multicast packets. - * Must be zero or one. - */ - if (m == NULL || m->m_len != 1 || - (loop = *(mtod(m, u_char *))) > 1) { - error = EINVAL; - break; + * Must be zero or one. The original multicast API required a + * char argument, which is inconsistent with the rest + * of the socket API. We allow either a char or an int. + */ + if (sopt->sopt_valsize == 1) { + u_char loop; + error = sooptcopyin(sopt, &loop, 1, 1); + if (error) + break; + imo->imo_multicast_loop = !!loop; + } else { + u_int loop; + error = sooptcopyin(sopt, &loop, sizeof loop, + sizeof loop); + if (error) + break; + imo->imo_multicast_loop = !!loop; } - imo->imo_multicast_loop = loop; break; case IP_ADD_MEMBERSHIP: @@ -1174,12 +1199,11 @@ * Add a multicast group membership. * Group must be a valid IP multicast address. */ - if (m == NULL || m->m_len != sizeof(struct ip_mreq)) { - error = EINVAL; + error = sooptcopyin(sopt, &mreq, sizeof mreq, sizeof mreq); + if (error) break; - } - mreq = mtod(m, struct ip_mreq *); - if (!IN_MULTICAST(ntohl(mreq->imr_multiaddr.s_addr))) { + + if (!IN_MULTICAST(ntohl(mreq.imr_multiaddr.s_addr))) { error = EINVAL; break; } @@ -1188,12 +1212,12 @@ * If no interface address was provided, use the interface of * the route to the given multicast address. */ - if (mreq->imr_interface.s_addr == INADDR_ANY) { + if (mreq.imr_interface.s_addr == INADDR_ANY) { bzero((caddr_t)&ro, sizeof(ro)); dst = (struct sockaddr_in *)&ro.ro_dst; dst->sin_len = sizeof(*dst); dst->sin_family = AF_INET; - dst->sin_addr = mreq->imr_multiaddr; + dst->sin_addr = mreq.imr_multiaddr; rtalloc(&ro); if (ro.ro_rt == NULL) { error = EADDRNOTAVAIL; @@ -1204,7 +1228,7 @@ rtfree(ro.ro_rt); } else { - INADDR_TO_IFP(mreq->imr_interface, ifp); + INADDR_TO_IFP(mreq.imr_interface, ifp); } /* @@ -1223,7 +1247,7 @@ for (i = 0; i < imo->imo_num_memberships; ++i) { if (imo->imo_membership[i]->inm_ifp == ifp && imo->imo_membership[i]->inm_addr.s_addr - == mreq->imr_multiaddr.s_addr) + == mreq.imr_multiaddr.s_addr) break; } if (i < imo->imo_num_memberships) { @@ -1241,7 +1265,7 @@ * address list for the given interface. */ if ((imo->imo_membership[i] = - in_addmulti(&mreq->imr_multiaddr, ifp)) == NULL) { + in_addmulti(&mreq.imr_multiaddr, ifp)) == NULL) { error = ENOBUFS; splx(s); break; @@ -1255,12 +1279,11 @@ * Drop a multicast group membership. * Group must be a valid IP multicast address. */ - if (m == NULL || m->m_len != sizeof(struct ip_mreq)) { - error = EINVAL; + error = sooptcopyin(sopt, &mreq, sizeof mreq, sizeof mreq); + if (error) break; - } - mreq = mtod(m, struct ip_mreq *); - if (!IN_MULTICAST(ntohl(mreq->imr_multiaddr.s_addr))) { + + if (!IN_MULTICAST(ntohl(mreq.imr_multiaddr.s_addr))) { error = EINVAL; break; } @@ -1270,10 +1293,10 @@ * If an interface address was specified, get a pointer * to its ifnet structure. */ - if (mreq->imr_interface.s_addr == INADDR_ANY) + if (mreq.imr_interface.s_addr == INADDR_ANY) ifp = NULL; else { - INADDR_TO_IFP(mreq->imr_interface, ifp); + INADDR_TO_IFP(mreq.imr_interface, ifp); if (ifp == NULL) { error = EADDRNOTAVAIL; splx(s); @@ -1287,7 +1310,7 @@ if ((ifp == NULL || imo->imo_membership[i]->inm_ifp == ifp) && imo->imo_membership[i]->inm_addr.s_addr == - mreq->imr_multiaddr.s_addr) + mreq.imr_multiaddr.s_addr) break; } if (i == imo->imo_num_memberships) { @@ -1333,57 +1356,63 @@ * Return the IP multicast options in response to user getsockopt(). */ static int -ip_getmoptions(optname, imo, mp) - int optname; +ip_getmoptions(sopt, imo) + struct sockopt *sopt; register struct ip_moptions *imo; - register struct mbuf **mp; { - u_char *ttl; - u_char *loop; - struct in_addr *addr; + struct in_addr addr; struct in_ifaddr *ia; + int error, optval; + u_char coptval; - *mp = m_get(M_WAIT, MT_SOOPTS); - - switch (optname) { - + error = 0; + switch (sopt->sopt_name) { case IP_MULTICAST_VIF: if (imo != NULL) - *(mtod(*mp, int *)) = imo->imo_multicast_vif; + optval = imo->imo_multicast_vif; else - *(mtod(*mp, int *)) = -1; - (*mp)->m_len = sizeof(int); - return(0); + optval = -1; + error = sooptcopyout(sopt, &optval, sizeof optval); + break; case IP_MULTICAST_IF: - addr = mtod(*mp, struct in_addr *); - (*mp)->m_len = sizeof(struct in_addr); if (imo == NULL || imo->imo_multicast_ifp == NULL) - addr->s_addr = INADDR_ANY; + addr.s_addr = INADDR_ANY; else { IFP_TO_IA(imo->imo_multicast_ifp, ia); - addr->s_addr = (ia == NULL) ? INADDR_ANY - : IA_SIN(ia)->sin_addr.s_addr; + addr.s_addr = (ia == NULL) ? INADDR_ANY + : IA_SIN(ia)->sin_addr.s_addr; } - return (0); + error = sooptcopyout(sopt, &addr, sizeof addr); + break; case IP_MULTICAST_TTL: - ttl = mtod(*mp, u_char *); - (*mp)->m_len = 1; - *ttl = (imo == NULL) ? IP_DEFAULT_MULTICAST_TTL - : imo->imo_multicast_ttl; - return (0); + if (imo == 0) + optval = coptval = IP_DEFAULT_MULTICAST_TTL; + else + optval = coptval = imo->imo_multicast_ttl; + if (sopt->sopt_valsize == 1) + error = sooptcopyout(sopt, &coptval, 1); + else + error = sooptcopyout(sopt, &optval, sizeof optval); + break; case IP_MULTICAST_LOOP: - loop = mtod(*mp, u_char *); - (*mp)->m_len = 1; - *loop = (imo == NULL) ? IP_DEFAULT_MULTICAST_LOOP - : imo->imo_multicast_loop; - return (0); + if (imo == 0) + optval = coptval = IP_DEFAULT_MULTICAST_LOOP; + else + optval = coptval = imo->imo_multicast_loop; + if (sopt->sopt_valsize == 1) + error = sooptcopyout(sopt, &coptval, 1); + else + error = sooptcopyout(sopt, &optval, sizeof optval); + break; default: - return (EOPNOTSUPP); + error = ENOPROTOOPT; + break; } + return (error); } /* Index: netinet/ip_var.h =================================================================== RCS file: /home/cvs/src/sys/netinet/ip_var.h,v retrieving revision 1.43 diff -u -r1.43 ip_var.h --- ip_var.h 1998/07/13 12:20:07 1.43 +++ ip_var.h 1998/08/05 01:25:19 @@ -160,6 +160,7 @@ #define IP_ROUTETOIF SO_DONTROUTE /* bypass routing tables */ #define IP_ALLOWBROADCAST SO_BROADCAST /* can send broadcast packets */ +struct ip; struct inpcb; struct route; @@ -175,8 +176,7 @@ extern int rsvp_on; extern struct pr_usrreqs rip_usrreqs; -int ip_ctloutput __P((int, struct socket *, int, int, struct mbuf **, - struct proc *)); +int ip_ctloutput __P((struct socket *, struct sockopt *sopt)); void ip_drain __P((void)); void ip_freemoptions __P((struct ip_moptions *)); void ip_init __P((void)); @@ -190,8 +190,7 @@ struct mbuf * ip_srcroute __P((void)); void ip_stripoptions __P((struct mbuf *, struct mbuf *)); -int rip_ctloutput __P((int, struct socket *, int, int, struct mbuf **, - struct proc *p)); +int rip_ctloutput __P((struct socket *, struct sockopt *)); void rip_ctlinput __P((int, struct sockaddr *, void *)); void rip_init __P((void)); void rip_input __P((struct mbuf *, int)); @@ -200,8 +199,8 @@ void rsvp_input __P((struct mbuf *, int)); int ip_rsvp_init __P((struct socket *)); int ip_rsvp_done __P((void)); -int ip_rsvp_vif_init __P((struct socket *, struct mbuf *)); -int ip_rsvp_vif_done __P((struct socket *, struct mbuf *)); +int ip_rsvp_vif_init __P((struct socket *, struct sockopt *)); +int ip_rsvp_vif_done __P((struct socket *, struct sockopt *)); void ip_rsvp_force_done __P((struct socket *)); #ifdef IPDIVERT Index: netinet/raw_ip.c =================================================================== RCS file: /home/cvs/src/sys/netinet/raw_ip.c,v retrieving revision 1.54 diff -u -r1.54 raw_ip.c --- raw_ip.c 1998/05/15 20:11:34 1.54 +++ raw_ip.c 1998/08/05 01:25:21 @@ -225,101 +225,127 @@ * Raw IP socket option processing. */ int -rip_ctloutput(op, so, level, optname, m, p) - int op; +rip_ctloutput(so, sopt) struct socket *so; - int level, optname; - struct mbuf **m; - struct proc *p; + struct sockopt *sopt; { - register struct inpcb *inp = sotoinpcb(so); - register int error; + struct inpcb *inp = sotoinpcb(so); + int error, optval; - if (level != IPPROTO_IP) { - if (op == PRCO_SETOPT && *m) - (void)m_free(*m); + if (sopt->sopt_level != IPPROTO_IP) return (EINVAL); - } - switch (optname) { + error = 0; - case IP_HDRINCL: - error = 0; - if (op == PRCO_SETOPT) { - if (m == 0 || *m == 0 || (*m)->m_len < sizeof (int)) - error = EINVAL; - else if (*mtod(*m, int *)) - inp->inp_flags |= INP_HDRINCL; - else - inp->inp_flags &= ~INP_HDRINCL; - if (*m) - (void)m_free(*m); - } else { - *m = m_get(M_WAIT, MT_SOOPTS); - (*m)->m_len = sizeof (int); - *mtod(*m, int *) = inp->inp_flags & INP_HDRINCL; - } - return (error); + switch (sopt->sopt_dir) { + case SOPT_GET: + switch (sopt->sopt_name) { + case IP_HDRINCL: + optval = inp->inp_flags & INP_HDRINCL; + error = sooptcopyout(sopt, &optval, sizeof optval); + break; #ifdef COMPAT_IPFW - case IP_FW_GET: - if (ip_fw_ctl_ptr == NULL || op == PRCO_SETOPT) { - if (*m) (void)m_free(*m); - return(EINVAL); - } - return (*ip_fw_ctl_ptr)(optname, m); - - case IP_FW_ADD: - case IP_FW_DEL: - case IP_FW_FLUSH: - case IP_FW_ZERO: - if (ip_fw_ctl_ptr == NULL || op != PRCO_SETOPT) { - if (*m) (void)m_free(*m); - return(EINVAL); - } - return (*ip_fw_ctl_ptr)(optname, m); + case IP_FW_GET: + if (ip_fw_ctl_ptr == 0) + error = ENOPROTOOPT; + else + error = ip_fw_ctl_ptr(sopt); + break; - case IP_NAT: - if (ip_nat_ctl_ptr == NULL) { - if (*m) (void)m_free(*m); - return(EINVAL); + case IP_NAT: + if (ip_nat_ctl_ptr == 0) + error = ENOPROTOOPT; + else + error = ip_nat_ctl_ptr(sopt); + break; +#endif /* COMPAT_IPFW */ + + case MRT_INIT: + case MRT_DONE: + case MRT_ADD_VIF: + case MRT_DEL_VIF: + case MRT_ADD_MFC: + case MRT_DEL_MFC: + case MRT_VERSION: + case MRT_ASSERT: + error = ip_mrouter_get(so, sopt); + break; + + default: + error = ip_ctloutput(so, sopt); + break; } - return (*ip_nat_ctl_ptr)(op, m); - -#endif - case IP_RSVP_ON: - return ip_rsvp_init(so); break; - case IP_RSVP_OFF: - return ip_rsvp_done(); - break; - - case IP_RSVP_VIF_ON: - return ip_rsvp_vif_init(so, *m); + case SOPT_SET: + switch (sopt->sopt_name) { + case IP_HDRINCL: + error = sooptcopyin(sopt, &optval, sizeof optval, + sizeof optval); + if (error) + break; + if (optval) + inp->inp_flags |= INP_HDRINCL; + else + inp->inp_flags &= ~INP_HDRINCL; + break; - case IP_RSVP_VIF_OFF: - return ip_rsvp_vif_done(so, *m); +#ifdef COMPAT_IPFW + case IP_FW_ADD: + case IP_FW_DEL: + case IP_FW_FLUSH: + case IP_FW_ZERO: + if (ip_fw_ctl_ptr == 0) + error = ENOPROTOOPT; + else + error = ip_fw_ctl_ptr(sopt); + break; - case MRT_INIT: - case MRT_DONE: - case MRT_ADD_VIF: - case MRT_DEL_VIF: - case MRT_ADD_MFC: - case MRT_DEL_MFC: - case MRT_VERSION: - case MRT_ASSERT: - if (op == PRCO_SETOPT) { - error = ip_mrouter_set(optname, so, *m); - if (*m) - (void)m_free(*m); - } else if (op == PRCO_GETOPT) { - error = ip_mrouter_get(optname, so, m); - } else - error = EINVAL; - return (error); + case IP_NAT: + if (ip_nat_ctl_ptr == 0) + error = ENOPROTOOPT; + else + error = ip_nat_ctl_ptr(sopt); + break; +#endif /* COMPAT_IPFW */ + + case IP_RSVP_ON: + error = ip_rsvp_init(so); + break; + + case IP_RSVP_OFF: + error = ip_rsvp_done(); + break; + + /* XXX - should be combined */ + case IP_RSVP_VIF_ON: + error = ip_rsvp_vif_init(so, sopt); + break; + + case IP_RSVP_VIF_OFF: + error = ip_rsvp_vif_done(so, sopt); + break; + + case MRT_INIT: + case MRT_DONE: + case MRT_ADD_VIF: + case MRT_DEL_VIF: + case MRT_ADD_MFC: + case MRT_DEL_MFC: + case MRT_VERSION: + case MRT_ASSERT: + error = ip_mrouter_set(so, sopt); + break; + + default: + error = ip_ctloutput(so, sopt); + break; + } + break; } - return (ip_ctloutput(op, so, level, optname, m, p)); + + return (error); } /* @@ -340,7 +366,7 @@ int err; int flags; - switch(cmd) { + switch (cmd) { case PRC_IFDOWN: for (ia = in_ifaddrhead.tqh_first; ia; ia = ia->ia_link.tqe_next) { Index: netinet/tcp_usrreq.c =================================================================== RCS file: /home/cvs/src/sys/netinet/tcp_usrreq.c,v retrieving revision 1.37 diff -u -r1.37 tcp_usrreq.c --- tcp_usrreq.c 1998/01/27 09:15:11 1.37 +++ tcp_usrreq.c 1998/08/05 01:25:23 @@ -560,104 +560,107 @@ return 0; } +/* + * The new sockopt interface makes it possible for us to block in the + * copyin/out step (if we take a page fault). Taking a page fault at + * splnet() is probably a Bad Thing. (Since sockets and pcbs both now + * use TSM, there probably isn't any need for this function to run at + * splnet() any more. This needs more examination.) + */ int -tcp_ctloutput(op, so, level, optname, mp, p) - int op; +tcp_ctloutput(so, sopt) struct socket *so; - int level, optname; - struct mbuf **mp; - struct proc *p; + struct sockopt *sopt; { - int error = 0, s; - struct inpcb *inp; - register struct tcpcb *tp; - register struct mbuf *m; - register int i; + int error, opt, optval, s; + struct inpcb *inp; + struct tcpcb *tp; + struct mbuf *m; - s = splnet(); + error = 0; + s = splnet(); /* XXX */ inp = sotoinpcb(so); if (inp == NULL) { splx(s); - if (op == PRCO_SETOPT && *mp) - (void) m_free(*mp); return (ECONNRESET); } - if (level != IPPROTO_TCP) { - error = ip_ctloutput(op, so, level, optname, mp, p); + if (sopt->sopt_level != IPPROTO_TCP) { + error = ip_ctloutput(so, sopt); splx(s); return (error); } tp = intotcpcb(inp); - switch (op) { - - case PRCO_SETOPT: - m = *mp; - switch (optname) { - + switch (sopt->sopt_dir) { + case SOPT_SET: + switch (sopt->sopt_name) { case TCP_NODELAY: - if (m == NULL || m->m_len < sizeof (int)) - error = EINVAL; - else if (*mtod(m, int *)) - tp->t_flags |= TF_NODELAY; + case TCP_NOOPT: + case TCP_NOPUSH: + error = sooptcopyin(sopt, &optval, sizeof optval, + sizeof optval); + if (error) + break; + + switch (sopt->sopt_name) { + case TCP_NODELAY: + opt = TF_NODELAY; + break; + case TCP_NOOPT: + opt = TF_NOOPT; + break; + case TCP_NOPUSH: + opt = TF_NOPUSH; + break; + default: + opt = 0; /* dead code to fool gcc */ + break; + } + + if (optval) + tp->t_flags |= opt; else - tp->t_flags &= ~TF_NODELAY; + tp->t_flags &= ~opt; break; case TCP_MAXSEG: - if (m && (i = *mtod(m, int *)) > 0 && i <= tp->t_maxseg) - tp->t_maxseg = i; - else - error = EINVAL; - break; + error = sooptcopyin(sopt, &optval, sizeof optval, + sizeof optval); + if (error) + break; - case TCP_NOOPT: - if (m == NULL || m->m_len < sizeof (int)) - error = EINVAL; - else if (*mtod(m, int *)) - tp->t_flags |= TF_NOOPT; + if (optval > 0 && optval <= tp->t_maxseg) + tp->t_maxseg = optval; else - tp->t_flags &= ~TF_NOOPT; - break; - - case TCP_NOPUSH: - if (m == NULL || m->m_len < sizeof (int)) error = EINVAL; - else if (*mtod(m, int *)) - tp->t_flags |= TF_NOPUSH; - else - tp->t_flags &= ~TF_NOPUSH; break; default: error = ENOPROTOOPT; break; } - if (m) - (void) m_free(m); break; - case PRCO_GETOPT: - *mp = m = m_get(M_WAIT, MT_SOOPTS); - m->m_len = sizeof(int); - - switch (optname) { + case SOPT_GET: + switch (sopt->sopt_name) { case TCP_NODELAY: - *mtod(m, int *) = tp->t_flags & TF_NODELAY; + optval = tp->t_flags & TF_NODELAY; break; case TCP_MAXSEG: - *mtod(m, int *) = tp->t_maxseg; + optval = tp->t_maxseg; break; case TCP_NOOPT: - *mtod(m, int *) = tp->t_flags & TF_NOOPT; + optval = tp->t_flags & TF_NOOPT; break; case TCP_NOPUSH: - *mtod(m, int *) = tp->t_flags & TF_NOPUSH; + optval = tp->t_flags & TF_NOPUSH; break; default: error = ENOPROTOOPT; break; } + if (error == 0) + error = sooptcopyout(sopt, &optval, sizeof optval); break; } splx(s); Index: netinet/tcp_var.h =================================================================== RCS file: /home/cvs/src/sys/netinet/tcp_var.h,v retrieving revision 1.46 diff -u -r1.46 tcp_var.h --- tcp_var.h 1998/07/13 11:09:52 1.46 +++ tcp_var.h 1998/08/05 01:25:24 @@ -344,8 +344,7 @@ struct tcpcb * tcp_close __P((struct tcpcb *)); void tcp_ctlinput __P((int, struct sockaddr *, void *)); -int tcp_ctloutput __P((int, struct socket *, int, int, struct mbuf **, - struct proc *)); +int tcp_ctloutput __P((struct socket *, struct sockopt *)); struct tcpcb * tcp_drop __P((struct tcpcb *, int)); void tcp_drain __P((void)); Index: nfs/nfs_socket.c =================================================================== RCS file: /home/cvs/src/sys/nfs/nfs_socket.c,v retrieving revision 1.42 diff -u -r1.42 nfs_socket.c --- nfs_socket.c 1998/07/15 02:32:24 1.42 +++ nfs_socket.c 1998/08/05 01:25:30 @@ -282,16 +282,28 @@ if (nmp->nm_sotype != SOCK_STREAM) panic("nfscon sotype"); if (so->so_proto->pr_flags & PR_CONNREQUIRED) { - MGET(m, M_WAIT, MT_SOOPTS); - *mtod(m, int32_t *) = 1; - m->m_len = sizeof(int32_t); - sosetopt(so, SOL_SOCKET, SO_KEEPALIVE, m, p); + struct sockopt sopt; + int val; + + bzero(&sopt, sizeof sopt); + sopt.sopt_level = SOL_SOCKET; + sopt.sopt_name = SO_KEEPALIVE; + sopt.sopt_val = &val; + sopt.sopt_valsize = sizeof val; + val = 1; + sosetopt(so, &sopt); } if (so->so_proto->pr_protocol == IPPROTO_TCP) { - MGET(m, M_WAIT, MT_SOOPTS); - *mtod(m, int32_t *) = 1; - m->m_len = sizeof(int32_t); - sosetopt(so, IPPROTO_TCP, TCP_NODELAY, m, p); + struct sockopt sopt; + int val; + + bzero(&sopt, sizeof sopt); + sopt.sopt_level = IPPROTO_TCP; + sopt.sopt_name = TCP_NODELAY; + sopt.sopt_val = &val; + sopt.sopt_valsize = sizeof val; + val = 1; + sosetopt(so, &sopt); } sndreserve = (nmp->nm_wsize + NFS_MAXPKTHDR + sizeof (u_int32_t)) * 2; Index: nfs/nfs_syscalls.c =================================================================== RCS file: /home/cvs/src/sys/nfs/nfs_syscalls.c,v retrieving revision 1.41 diff -u -r1.41 nfs_syscalls.c --- nfs_syscalls.c 1998/05/31 20:08:55 1.41 +++ nfs_syscalls.c 1998/08/05 01:25:33 @@ -400,17 +400,29 @@ * repeatedly for the same socket, but that isn't harmful. */ if (so->so_type == SOCK_STREAM) { - MGET(m, M_WAIT, MT_SOOPTS); - *mtod(m, int32_t *) = 1; - m->m_len = sizeof(int32_t); - sosetopt(so, SOL_SOCKET, SO_KEEPALIVE, m, p); + struct sockopt sopt; + int val; + + bzero(&sopt, sizeof sopt); + sopt.sopt_level = SOL_SOCKET; + sopt.sopt_name = SO_KEEPALIVE; + sopt.sopt_val = &val; + sopt.sopt_valsize = sizeof val; + val = 1; + sosetopt(so, &sopt); } if (so->so_proto->pr_domain->dom_family == AF_INET && so->so_proto->pr_protocol == IPPROTO_TCP) { - MGET(m, M_WAIT, MT_SOOPTS); - *mtod(m, int32_t *) = 1; - m->m_len = sizeof(int32_t); - sosetopt(so, IPPROTO_TCP, TCP_NODELAY, m, p); + struct sockopt sopt; + int val; + + bzero(&sopt, sizeof sopt); + sopt.sopt_level = IPPROTO_TCP; + sopt.sopt_name = TCP_NODELAY; + sopt.sopt_val = &val; + sopt.sopt_valsize = sizeof val; + val = 1; + sosetopt(so, &sopt); } so->so_rcv.sb_flags &= ~SB_NOINTR; so->so_rcv.sb_timeo = 0; Index: sys/mbuf.h =================================================================== RCS file: /home/cvs/src/sys/sys/mbuf.h,v retrieving revision 1.27 diff -u -r1.27 mbuf.h --- mbuf.h 1998/07/15 04:17:53 1.27 +++ mbuf.h 1998/08/05 01:25:37 @@ -138,7 +138,7 @@ /*efine MT_HTABLE 6*/ /* IMP host tables */ /*efine MT_ATABLE 7*/ /* address resolution tables */ #define MT_SONAME 8 /* socket name */ -#define MT_SOOPTS 10 /* socket options */ +/*efine MT_SOOPTS 10*/ /* socket options */ #define MT_FTABLE 11 /* fragment reassembly header */ /*efine MT_RIGHTS 12*/ /* access rights */ /*efine MT_IFADDR 13*/ /* interface address */ @@ -168,10 +168,10 @@ * drivers. */ #define MBUFLOCK(code) \ - { int ms = splimp(); \ + do { int ms = splimp(); \ { code } \ splx(ms); \ - } + } while(0) /* * mbuf allocation/deallocation macros: Index: sys/protosw.h =================================================================== RCS file: /home/cvs/src/sys/sys/protosw.h,v retrieving revision 1.24 diff -u -r1.24 protosw.h --- protosw.h 1998/06/07 17:13:03 1.24 +++ protosw.h 1998/08/05 01:25:37 @@ -42,6 +42,7 @@ struct proc; struct sockaddr; struct socket; +struct sockopt; /*#ifdef KERNEL*/ /* @@ -58,13 +59,13 @@ * * Protocols pass data between themselves as chains of mbufs using * the pr_input and pr_output hooks. Pr_input passes data up (towards - * UNIX) and pr_output passes it down (towards the imps); control + * the users) and pr_output passes it down (towards the interfaces); control * information passes up and down on pr_ctlinput and pr_ctloutput. * The protocol is responsible for the space occupied by any the * arguments to these entries and must dispose it. * - * The userreq routine interfaces protocols to the system and is - * described below. + * In retrospect, it would be a lot nicer to use an interface + * similar to the vnode VOP interface. */ struct protosw { short pr_type; /* socket type used for */ @@ -78,8 +79,7 @@ /* output to protocol (from above) */ void (*pr_ctlinput)__P((int, struct sockaddr *, void *)); /* control input (from below) */ - int (*pr_ctloutput)__P((int, struct socket *, int, int, - struct mbuf **, struct proc *)); + int (*pr_ctloutput)__P((struct socket *, struct sockopt *)); /* control output (from above) */ /* user-protocol hook */ void *pr_ousrreq; Index: sys/socketvar.h =================================================================== RCS file: /home/cvs/src/sys/sys/socketvar.h,v retrieving revision 1.28 diff -u -r1.28 socketvar.h --- socketvar.h 1998/06/07 17:13:03 1.28 +++ socketvar.h 1998/08/05 01:25:38 @@ -102,9 +102,10 @@ #define SB_UPCALL 0x20 /* someone wants an upcall */ #define SB_NOINTR 0x40 /* operations not interruptible */ - void (*so_upcall) __P((struct socket *so, caddr_t arg, int waitf)); - caddr_t so_upcallarg; /* Arg for above */ + void (*so_upcall) __P((struct socket *, void *, int)); + void *so_upcallarg; uid_t so_uid; /* who opened the socket */ + /* NB: generation count must not be first; easiest to make it last. */ so_gen_t so_gencnt; /* generation count */ }; @@ -119,7 +120,6 @@ #define SS_CANTRCVMORE 0x0020 /* can't receive more data from peer */ #define SS_RCVATMARK 0x0040 /* at mark on input */ -/*efine SS_PRIV 0x0080 privileged for broadcast, raw... */ #define SS_NBIO 0x0100 /* non-blocking ops */ #define SS_ASYNC 0x0200 /* async i/o notify */ #define SS_ISCONFIRMING 0x0400 /* deciding to accept connection req */ @@ -242,6 +242,20 @@ #ifdef KERNEL +/* + * Argument structure for sosetopt et seq. This is in the KERNEL + * section because it will never be visible to user code. + */ +enum sopt_dir { SOPT_GET, SOPT_SET }; +struct sockopt { + enum sopt_dir sopt_dir; /* is this a get or a set? */ + int sopt_level; /* second arg of [gs]etsockopt */ + int sopt_name; /* third arg of [gs]etsockopt */ + void *sopt_val; /* fourth arg of [gs]etsockopt */ + size_t sopt_valsize; /* (almost) fifth arg of [gs]etsockopt */ + struct proc *sopt_p; /* calling process or null if kernel */ +}; + #ifdef MALLOC_DECLARE MALLOC_DECLARE(M_PCB); MALLOC_DECLARE(M_SONAME); @@ -309,8 +323,7 @@ void sodealloc __P((struct socket *so)); int sodisconnect __P((struct socket *so)); void sofree __P((struct socket *so)); -int sogetopt __P((struct socket *so, int level, int optname, - struct mbuf **mp, struct proc *p)); +int sogetopt __P((struct socket *so, struct sockopt *sopt)); void sohasoutofband __P((struct socket *so)); void soisconnected __P((struct socket *so)); void soisconnecting __P((struct socket *so)); @@ -321,6 +334,9 @@ sodropablereq __P((struct socket *head)); struct socket * sonewconn __P((struct socket *head, int connstatus)); +int sooptcopyin __P((struct sockopt *sopt, void *buf, size_t len, + size_t minlen)); +int sooptcopyout __P((struct sockopt *sopt, void *buf, size_t len)); int sopoll __P((struct socket *so, int events, struct ucred *cred, struct proc *p)); int soreceive __P((struct socket *so, struct sockaddr **paddr, @@ -331,8 +347,7 @@ int sosend __P((struct socket *so, struct sockaddr *addr, struct uio *uio, struct mbuf *top, struct mbuf *control, int flags, struct proc *p)); -int sosetopt __P((struct socket *so, int level, int optname, - struct mbuf *m0, struct proc *p)); +int sosetopt __P((struct socket *so, struct sockopt *sopt)); int soshutdown __P((struct socket *so, int how)); void sotoxsocket __P((struct socket *so, struct xsocket *xso)); void sowakeup __P((struct socket *so, struct sockbuf *sb)); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Aug 4 22:42:44 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA14936 for freebsd-net-outgoing; Tue, 4 Aug 1998 22:42:44 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from ccvp.com ([207.66.28.145]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA14836 for ; Tue, 4 Aug 1998 22:42:21 -0700 (PDT) (envelope-from robert@usamd.com) Received: from usamd.com ([207.66.33.213]) by ccvp.com (8.8.3/8.8.3) with ESMTP id XAA13778 for ; Tue, 4 Aug 1998 23:42:38 -0600 (MDT) Message-ID: <35C84506.6931C2EE@usamd.com> Date: Wed, 05 Aug 1998 05:41:58 -0600 From: Robert X-Mailer: Mozilla 4.05 [en] (WinNT; I) MIME-Version: 1.0 To: freebsd-net@FreeBSD.ORG Subject: WatchGuard vs CISCO Pix? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Need to recommend firewall to government facility need to know pros and cons. WatchGuard vs CISCO Pix. Thanks R -- Download our price list at ftp://207.66.33.212/pub/readme/ Visit our web site at http://www.usamd.com Robert Clark USA Microdynamics PO Box 13569 Albuquerque, NM 87192-3569 Phone 505 275-0188 Fax 505 275-8708 sales@usamd.com info@usamd.com support@usamd.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Aug 5 02:34:29 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA15804 for freebsd-net-outgoing; Wed, 5 Aug 1998 02:34:29 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from arthur.axion.bt.co.uk (arthur.axion.bt.co.uk [132.146.5.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA15777 for ; Wed, 5 Aug 1998 02:34:23 -0700 (PDT) (envelope-from graeme.brown@bt-sys.bt.co.uk) Received: from rambo (actually rambo.futures.bt.co.uk) by arthur.axion.bt.co.uk (PP) with SMTP; Wed, 5 Aug 1998 10:23:36 +0100 Received: from maczebedee (actually macsmtp) by rambo with SMTP (PP); Wed, 5 Aug 1998 10:23:53 +0100 Message-ID: Date: 5 Aug 1998 10:17:22 +0100 From: Graeme Brown Subject: Source code for netstat To: "FreeBSD-Net (FreeBSD.Org) List" X-Mailer: Mail*Link SMTP for Quarterdeck Mail; Version 4.0.0 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear List where can I find source code for the netstat function within a FreeBSD distribution ? TIA Graeme N Brown BT labs, UK email: graeme.brown@bt-sys.bt.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Aug 5 09:13:23 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA09536 for freebsd-net-outgoing; Wed, 5 Aug 1998 09:13:23 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from merchant.tns.net (ns1.tns.net [204.216.142.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA09503 for ; Wed, 5 Aug 1998 09:13:18 -0700 (PDT) (envelope-from gvb@tns.net) Received: from gvb (gvb.tns.net [209.68.222.206]) by merchant.tns.net (8.9.1/Go away SPAMers. No relay allowed!) with SMTP id JAA16304 for ; Wed, 5 Aug 1998 09:15:07 -0700 (PDT) Message-Id: <199808051615.JAA16304@merchant.tns.net> X-Sender: gvb@mail.tns.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Wed, 05 Aug 1998 09:15:54 -0700 To: freebsd-net@FreeBSD.ORG From: GVB Subject: Mail server... Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Question, I have setup FreeBSD systems with sendmail and qpopper for use as small mail servers for small ISP's and such, but have never dealt with REAL hardware, and REAL loads. I am faced now wiht the following situation. I need to build a mail server that will accecpt mail for over 50,000 users, and theoretically about 500 users MAX at a time would be popping their email. I dont know the limitations of sendmail or qpopper and I dont know what kind of load this is going to be putting on a system. Can someone make some recomendations for me as far as hardware goes, and the software used. >From what I understand, sendmail will work for this kind of load, but qpopper isnt a wide choice for this much traffic? I will need HUGE amounts of hard drive space so any recomendations on RAID controllers and such is also appriciated. Also, does FreeBSD take advantage of dual processers? Is this going to be PC hardware that will be able to handle this load or am I talking some other hardware? Thanks.. gvb@tns.net GVB To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Aug 5 11:05:32 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA28522 for freebsd-net-outgoing; Wed, 5 Aug 1998 11:05:32 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from freefall.pipeline.ch (intranet.pipeline.ch [195.134.128.66]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA28492 for ; Wed, 5 Aug 1998 11:05:18 -0700 (PDT) (envelope-from andre@pipeline.ch) Received: from pipeline.ch ([195.134.128.41]) by freefall.pipeline.ch (Netscape Mail Server v2.02) with ESMTP id AAA102; Wed, 5 Aug 1998 20:04:08 +0200 Message-ID: <35C89E8F.EB696A97@pipeline.ch> Date: Wed, 05 Aug 1998 20:04:00 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.03 [en] (WinNT; U) MIME-Version: 1.0 To: GVB CC: freebsd-net@FreeBSD.ORG Subject: Re: Mail server... References: <199808051615.JAA16304@merchant.tns.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org GVB wrote: > > Question, I have setup FreeBSD systems with sendmail and qpopper for use as > small mail servers for small ISP's and such, but have never dealt with REAL > hardware, and REAL loads. I am faced now wiht the following situation. I > need to build a mail server that will accecpt mail for over 50,000 users, > and theoretically about 500 users MAX at a time would be popping their Neat. > email. I dont know the limitations of sendmail or qpopper and I dont know > what kind of load this is going to be putting on a system. Can someone make > some recomendations for me as far as hardware goes, and the software used. Of course, see below. > >From what I understand, sendmail will work for this kind of load, but Sendmail can't cope well with such loads (especially if it's queue gets bigger and bigger and some remote sites are down). I'd suggest qmail or Vmailer for that task. I recommend qmail because it's on the market for three years now and rock solid, it's reliability is also outstanding. It guarantees that you wont loose any message once it entered your system even in case of a crash (except physical harddisk failure). Qmail has also very good anti-SPAM patches. Another argument for qmail is it's maildir mailbox structure, it does one file for every message and this works without any locking hassles that are needed for sendmail mboxes. Vmailer is still in beta and I wouldn't run it on such a site for the first time. We are doing a qmail-LDAP integration to ease the management of user accounts. In my current test suite the LDAP lookups take only 2-3% of the performance. The qmail homepage is here: http://www.qmail.org To get the 'big picture' of how qmail works (done by me, I have to fix some typos): http://www.nrg4u.com > qpopper isnt a wide choice for this much traffic? I will need HUGE amounts > of hard drive space so any recomendations on RAID controllers and such is I would suggest something like this: 1x NetApp Filer for maildir storage (does RAID5 and backup) 1x FreeBSD box for POP3, mounts the Filer storage (PII-3xx/256MB/BootHD) 1x FreeBSD box for incoming SMTP, mounts the Filer storage (PII-3xx/128MB/SCSI HD 4-8G for incoming queue, must be fast) 1x FreeBSD box for outgoing SMTP, has it's own queue storage (PII-3xx/128MB/SCSI HD 4-8G for outgoing queue, must be fast) This configuration would be capable to handle a number of messages in the mid two digit million range. Keep in mind: qmail is extremly I/O intensive, CPU is rarely used. > also appriciated. Also, does FreeBSD take advantage of dual processers? Is FreeBSD won't take advantage of two processors until release 3.0 which due in october. > this going to be PC hardware that will be able to handle this load or am I > talking some other hardware? Thanks.. PC hardware is capable of handling such a load. -- Andre Oppermann CEO / Geschaeftsfuehrer Internet Business Solutions Ltd. (AG) Hardstrasse 235, 8005 Zurich, Switzerland Fon +41 1 277 75 75 / Fax +41 1 277 75 77 http://www.pipeline.ch ibs@pipeline.ch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Aug 6 02:06:17 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA28978 for freebsd-net-outgoing; Thu, 6 Aug 1998 02:06:17 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from ifi.uio.no (ifi.uio.no [129.240.64.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA28912 for ; Thu, 6 Aug 1998 02:06:09 -0700 (PDT) (envelope-from dag-erli@ifi.uio.no) Received: from hrotti.ifi.uio.no (2602@hrotti.ifi.uio.no [129.240.64.15]) by ifi.uio.no (8.8.8/8.8.7/ifi0.2) with ESMTP id LAA11008 for ; Thu, 6 Aug 1998 11:05:54 +0200 (MET DST) Received: (from dag-erli@localhost) by hrotti.ifi.uio.no ; Thu, 6 Aug 1998 11:05:53 +0200 (MET DST) Mime-Version: 1.0 To: net@FreeBSD.ORG Subject: ipfw logging Organization: University of Oslo, Department of Informatics X-url: http://www.stud.ifi.uio.no/~dag-erli/ X-other-addresses: 'finger dag-erli@ifi.uio.no' for a list X-disclaimer-1: The views expressed in this article are mine alone, and do X-disclaimer-2: not necessarily coincide with those of any organisation or X-disclaimer-3: company with which am or have been affiliated. X-Stop-Spam: http://www.cauce.org/ From: dag-erli@ifi.uio.no (Dag-Erling Coidan =?iso-8859-1?Q?Sm=F8rgrav?= ) Date: 06 Aug 1998 11:05:52 +0200 Message-ID: Lines: 7 X-Mailer: Gnus v5.5/Emacs 19.34 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id CAA28934 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Which syslog facility does the firewall code use? To be more precise, what pattern should I use in /etc/syslog.conf to divert all ipfw log messages to a separate file? DES -- Dag-Erling Smørgrav - dag-erli@ifi.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Aug 6 02:45:35 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA04555 for freebsd-net-outgoing; Thu, 6 Aug 1998 02:45:35 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from ifi.uio.no (ifi.uio.no [129.240.64.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA04526 for ; Thu, 6 Aug 1998 02:45:17 -0700 (PDT) (envelope-from dag-erli@ifi.uio.no) Received: from hrotti.ifi.uio.no (2602@hrotti.ifi.uio.no [129.240.64.15]) by ifi.uio.no (8.8.8/8.8.7/ifi0.2) with ESMTP id LAA15759; Thu, 6 Aug 1998 11:45:02 +0200 (MET DST) Received: (from dag-erli@localhost) by hrotti.ifi.uio.no ; Thu, 6 Aug 1998 11:45:01 +0200 (MET DST) Mime-Version: 1.0 To: GVB Cc: freebsd-net@FreeBSD.ORG Subject: Re: Mail server... References: <199808051615.JAA16304@merchant.tns.net> Organization: University of Oslo, Department of Informatics X-url: http://www.stud.ifi.uio.no/~dag-erli/ X-other-addresses: 'finger dag-erli@ifi.uio.no' for a list X-disclaimer-1: The views expressed in this article are mine alone, and do X-disclaimer-2: not necessarily coincide with those of any organisation or X-disclaimer-3: company with which am or have been affiliated. X-Stop-Spam: http://www.cauce.org/ From: dag-erli@ifi.uio.no (Dag-Erling Coidan =?iso-8859-1?Q?Sm=F8rgrav?= ) Date: 06 Aug 1998 11:45:00 +0200 In-Reply-To: GVB's message of "Wed, 05 Aug 1998 09:15:54 -0700" Message-ID: Lines: 10 X-Mailer: Gnus v5.5/Emacs 19.34 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id CAA04549 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org GVB writes: > Question, I have setup FreeBSD systems with sendmail and qpopper for use as Don't *whack* use *whack* qpopper *whack* *whack* Oh, and keep an eye on BUGTRAQ. DES -- Dag-Erling Smørgrav - dag-erli@ifi.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Aug 6 14:30:59 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA09971 for freebsd-net-outgoing; Thu, 6 Aug 1998 14:30:59 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA09767 for ; Thu, 6 Aug 1998 14:30:07 -0700 (PDT) (envelope-from jkb@best.com) Received: from localhost (jkb@localhost) by shell6.ba.best.com (8.9.0/8.9.0/best.sh) with SMTP id OAA17979; Thu, 6 Aug 1998 14:29:47 -0700 (PDT) X-Authentication-Warning: shell6.ba.best.com: jkb owned process doing -bs Date: Thu, 6 Aug 1998 14:29:47 -0700 (PDT) From: "Jan B. Koum " X-Sender: jkb@shell6.ba.best.com To: Dag-Erling Coidan =?iso-8859-1?Q?Sm=F8rgrav?= cc: net@FreeBSD.ORG Subject: Re: ipfw logging In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by hub.freebsd.org id OAA09798 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Here is an old eMail. I don't think this patch was applied to syslogd.c though. Date: Wed, 25 Mar 1998 11:54:57 -0800 (PST) From: Archie Cobbs To: Studded Cc: isp@freebsd.org Subject: Re: ipfw logging... Studded writes: > Archie Cobbs wrote: > > Try adding this to /etc/syslog.conf: > > > > !ipfw > > *.* /var/log/ipfw > > This doesn't work. IPFW logs to the kernel facility, although I > wouldn't mind seeing an option to change that. :) Yeah.. we do this on the InterJet and I forgot it was a custom hack. Try the following patch to syslogd.c and see if that helps. If so, I'll file the patch in a send-pr bug. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com *** syslogd.c Mon Mar 9 05:56:07 1998 --- /usr/prod/ia/whistle/bin/syslogd/syslogd.c Wed Nov 26 15:37:39 1997 *************** *** 537,544 **** int c, pri, flags; char *lp, *p, *q, line[MAXLINE + 1]; ! (void)strcpy(line, bootfile); ! (void)strcat(line, ": "); lp = line + strlen(line); for (p = msg; *p != '\0'; ) { flags = SYNC_FILE | ADDDATE; /* fsync file after write */ --- 464,477 ---- int c, pri, flags; char *lp, *p, *q, line[MAXLINE + 1]; ! /* See if kernel has provided a "program" prefix already */ ! for (p = msg; *p && isalnum(*p); p++); ! if (*p == ':' && (p - msg) < MAXLINE) { ! *line = 0; /* Use kernel's prefix */ ! } else { ! (void)strcpy(line, bootfile); /* Prefix with bootfile name */ ! (void)strcat(line, ": "); ! } lp = line + strlen(line); for (p = msg; *p != '\0'; ) { flags = SYNC_FILE | ADDDATE; /* fsync file after write */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message On 6 Aug 1998, Dag-Erling Coidan [iso-8859-1] Smørgrav wrote: >Which syslog facility does the firewall code use? To be more precise, >what pattern should I use in /etc/syslog.conf to divert all ipfw log >messages to a separate file? > >DES >-- >Dag-Erling Smørgrav - dag-erli@ifi.uio.no > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Aug 6 18:05:58 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA20704 for freebsd-net-outgoing; Thu, 6 Aug 1998 18:05:58 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from whistle.com (s205m131.whistle.com [207.76.205.131]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA20691 for ; Thu, 6 Aug 1998 18:05:52 -0700 (PDT) (envelope-from archie@whistle.com) Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id SAA27365; Thu, 6 Aug 1998 18:05:37 -0700 (PDT) Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3) id sma027361; Thu Aug 6 18:05:36 1998 Received: (from archie@localhost) by bubba.whistle.com (8.8.7/8.6.12) id SAA26667; Thu, 6 Aug 1998 18:05:35 -0700 (PDT) From: Archie Cobbs Message-Id: <199808070105.SAA26667@bubba.whistle.com> Subject: Re: ipfw logging In-Reply-To: from "Jan B. Koum" at "Aug 6, 98 02:29:47 pm" To: jkb@best.com (Jan B. Koum) Date: Thu, 6 Aug 1998 18:05:35 -0700 (PDT) Cc: dag-erli@ifi.uio.no, net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jan B. Koum writes: > Here is an old eMail. I don't think this patch was applied to > syslogd.c though. > > Date: Wed, 25 Mar 1998 11:54:57 -0800 (PST) > From: Archie Cobbs > To: Studded > Cc: isp@freebsd.org > Subject: Re: ipfw logging... > > Studded writes: > > Archie Cobbs wrote: > > > Try adding this to /etc/syslog.conf: > > > > > > !ipfw > > > *.* /var/log/ipfw > > > > This doesn't work. IPFW logs to the kernel facility, although I > > wouldn't mind seeing an option to change that. :) > > Yeah.. we do this on the InterJet and I forgot it was a custom hack. > Try the following patch to syslogd.c and see if that helps. If so, > I'll file the patch in a send-pr bug. I was committed (after some improvements). It's in both 2.2.7 and -current, so give it a whirl :-) -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Aug 6 18:35:13 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA24611 for freebsd-net-outgoing; Thu, 6 Aug 1998 18:35:13 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA24595 for ; Thu, 6 Aug 1998 18:35:04 -0700 (PDT) (envelope-from jkb@best.com) Received: from localhost (jkb@localhost) by shell6.ba.best.com (8.9.0/8.9.0/best.sh) with SMTP id SAA06836; Thu, 6 Aug 1998 18:34:46 -0700 (PDT) X-Authentication-Warning: shell6.ba.best.com: jkb owned process doing -bs Date: Thu, 6 Aug 1998 18:34:46 -0700 (PDT) From: "Jan B. Koum " X-Sender: jkb@shell6.ba.best.com To: Archie Cobbs cc: dag-erli@ifi.uio.no, net@FreeBSD.ORG Subject: Re: ipfw logging In-Reply-To: <199808070105.SAA26667@bubba.whistle.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org My bad. I was looking at 2.2.6-R .. :( -- Yan Jan Koum www.best.com/~jkb jkb@best.com | "Turn up the lights; I don't want www.FreeBSD.org -- The Power to Serve | to go home in the dark." "Write longer sentences - they are paying us a lot of money" On Thu, 6 Aug 1998, Archie Cobbs wrote: >Jan B. Koum writes: >> Here is an old eMail. I don't think this patch was applied to >> syslogd.c though. >> >> Date: Wed, 25 Mar 1998 11:54:57 -0800 (PST) >> From: Archie Cobbs >> To: Studded >> Cc: isp@freebsd.org >> Subject: Re: ipfw logging... >> >> Studded writes: >> > Archie Cobbs wrote: >> > > Try adding this to /etc/syslog.conf: >> > > >> > > !ipfw >> > > *.* /var/log/ipfw >> > >> > This doesn't work. IPFW logs to the kernel facility, although I >> > wouldn't mind seeing an option to change that. :) >> >> Yeah.. we do this on the InterJet and I forgot it was a custom hack. >> Try the following patch to syslogd.c and see if that helps. If so, >> I'll file the patch in a send-pr bug. > >I was committed (after some improvements). It's in both 2.2.7 and >-current, so give it a whirl :-) > >-Archie > >___________________________________________________________________________ >Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Aug 6 23:40:59 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA07279 for freebsd-net-outgoing; Thu, 6 Aug 1998 23:40:59 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from ifi.uio.no (ifi.uio.no [129.240.64.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA07274 for ; Thu, 6 Aug 1998 23:40:57 -0700 (PDT) (envelope-from dag-erli@ifi.uio.no) Received: from hrotti.ifi.uio.no (2602@hrotti.ifi.uio.no [129.240.64.15]) by ifi.uio.no (8.8.8/8.8.7/ifi0.2) with ESMTP id IAA03257; Fri, 7 Aug 1998 08:40:38 +0200 (MET DST) Received: (from dag-erli@localhost) by hrotti.ifi.uio.no ; Fri, 7 Aug 1998 08:40:38 +0200 (MET DST) Mime-Version: 1.0 To: Archie Cobbs Cc: jkb@best.com (Jan B. Koum), net@FreeBSD.ORG Subject: Re: ipfw logging References: <199808070105.SAA26667@bubba.whistle.com> Organization: University of Oslo, Department of Informatics X-url: http://www.stud.ifi.uio.no/~dag-erli/ X-other-addresses: 'finger dag-erli@ifi.uio.no' for a list X-disclaimer-1: The views expressed in this article are mine alone, and do X-disclaimer-2: not necessarily coincide with those of any organisation or X-disclaimer-3: company with which am or have been affiliated. X-Stop-Spam: http://www.cauce.org/ From: dag-erli@ifi.uio.no (Dag-Erling Coidan =?iso-8859-1?Q?Sm=F8rgrav?= ) Date: 07 Aug 1998 08:40:37 +0200 In-Reply-To: Archie Cobbs's message of "Thu, 6 Aug 1998 18:05:35 -0700 (PDT)" Message-ID: Lines: 20 X-Mailer: Gnus v5.5/Emacs 19.34 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id XAA07275 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Archie Cobbs writes: > Jan B. Koum writes: > > Try the following patch to syslogd.c and see if that helps. If so, > > I'll file the patch in a send-pr bug. > I was committed (after some improvements). It's in both 2.2.7 and > -current, so give it a whirl :-) Umm, exactly how should I give it a whirl? If I understand the patch correctly, it's intended to make the following to work: !ipfw *.* /var/log/ipfw But it doesn't. Did I misunderstand something? BTW, the machine in question runs -stable, last make world on Sunday. DES -- Dag-Erling Smørgrav - dag-erli@ifi.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Aug 7 09:38:29 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA03685 for freebsd-net-outgoing; Fri, 7 Aug 1998 09:38:29 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from whistle.com (s205m131.whistle.com [207.76.205.131]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA03680 for ; Fri, 7 Aug 1998 09:38:28 -0700 (PDT) (envelope-from archie@whistle.com) Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id JAA05180; Fri, 7 Aug 1998 09:38:13 -0700 (PDT) Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3) id sma005178; Fri Aug 7 09:37:47 1998 Received: (from archie@localhost) by bubba.whistle.com (8.8.7/8.6.12) id JAA29457; Fri, 7 Aug 1998 09:37:47 -0700 (PDT) From: Archie Cobbs Message-Id: <199808071637.JAA29457@bubba.whistle.com> Subject: Re: ipfw logging In-Reply-To: from =?ISO-8859-1?Q?Dag=2DErling_Coidan_Sm=F8rgrav?= at "Aug 7, 98 08:40:37 am" To: dag-erli@ifi.uio.no (Dag-Erling Coidan =?iso-8859-1?Q?Sm=F8rgrav?=) Date: Fri, 7 Aug 1998 09:37:47 -0700 (PDT) Cc: jkb@best.com, net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 X-MIME-Autoconverted: from 8bit to quoted-printable by bubba.whistle.com id JAA29457 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id JAA03681 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dag-Erling Coidan Smørgrav writes: > Archie Cobbs writes: > > Jan B. Koum writes: > > > Try the following patch to syslogd.c and see if that helps. If so, > > > I'll file the patch in a send-pr bug. > > I was committed (after some improvements). It's in both 2.2.7 and ^^^^^^^^^^^^^^^ Um, not yet, actually :-) IT was committed. > > -current, so give it a whirl :-) > > Umm, exactly how should I give it a whirl? If I understand the patch > correctly, it's intended to make the following to work: > > !ipfw > *.* /var/log/ipfw > > But it doesn't. Did I misunderstand something? Yes this is supposed to work. You have to manually create /var/log/ipfw and restart syslogd of course. If it doesn't work then it's probably broken, in which case it needs to be fixed :-) Please send-pr a bug if so.. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Aug 7 09:55:49 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA06581 for freebsd-net-outgoing; Fri, 7 Aug 1998 09:55:49 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from ifi.uio.no (ifi.uio.no [129.240.64.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA06558 for ; Fri, 7 Aug 1998 09:55:35 -0700 (PDT) (envelope-from dag-erli@ifi.uio.no) Received: from hrotti.ifi.uio.no (2602@hrotti.ifi.uio.no [129.240.64.15]) by ifi.uio.no (8.8.8/8.8.7/ifi0.2) with ESMTP id SAA03970; Fri, 7 Aug 1998 18:54:48 +0200 (MET DST) Received: (from dag-erli@localhost) by hrotti.ifi.uio.no ; Fri, 7 Aug 1998 18:54:48 +0200 (MET DST) Mime-Version: 1.0 To: Archie Cobbs Cc: jkb@best.com, net@FreeBSD.ORG Subject: Re: ipfw logging References: <199808071637.JAA29457@bubba.whistle.com> Organization: University of Oslo, Department of Informatics X-url: http://www.stud.ifi.uio.no/~dag-erli/ X-other-addresses: 'finger dag-erli@ifi.uio.no' for a list X-disclaimer-1: The views expressed in this article are mine alone, and do X-disclaimer-2: not necessarily coincide with those of any organisation or X-disclaimer-3: company with which am or have been affiliated. X-Stop-Spam: http://www.cauce.org/ From: dag-erli@ifi.uio.no (Dag-Erling Coidan =?iso-8859-1?Q?Sm=F8rgrav?= ) Date: 07 Aug 1998 18:54:47 +0200 In-Reply-To: Archie Cobbs's message of "Fri, 7 Aug 1998 09:37:47 -0700 (PDT)" Message-ID: Lines: 19 X-Mailer: Gnus v5.5/Emacs 19.34 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id JAA06565 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Archie Cobbs writes: > Dag-Erling Coidan Smørgrav writes: > > Umm, exactly how should I give it a whirl? If I understand the patch > > correctly, it's intended to make the following to work: > > > > !ipfw > > *.* /var/log/ipfw > > > > But it doesn't. Did I misunderstand something? > Yes this is supposed to work. You have to manually create /var/log/ipfw > and restart syslogd of course. That was my first instinct, and I did it again just now - and it worked the second time. I guess I must have gotten something mixed up the first time. Thanks for your help! DES -- Dag-Erling Smørgrav - dag-erli@ifi.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Aug 7 10:18:56 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA11160 for freebsd-net-outgoing; Fri, 7 Aug 1998 10:18:56 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id KAA11155 for ; Fri, 7 Aug 1998 10:18:53 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id RAA15460; Fri, 7 Aug 1998 17:29:30 +0200 From: Luigi Rizzo Message-Id: <199808071529.RAA15460@labinfo.iet.unipi.it> Subject: optimizing ipfw... To: net@FreeBSD.ORG Date: Fri, 7 Aug 1998 17:29:30 +0200 (MET DST) X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, i was looking at if there is a need to optimize ipfw code, and tried to instrument the code a little bit. It turns out that on a P90, starting from the main loop to the exit point: for (; chain; chain = chain->chain.le_next) { ... } the code takes about 7us on a one-rule (accept) database (including two calls to microtime). Adding 3 not-matching rules (matching src/dst/interface, failing on port number) to the database before the matching one, brings the check time to about 16us per pass, or 3us per rule. Just a data point i guess... i am not so sure on what to optimize, suggestions ? luigi -----------------------------+-------------------------------------- Luigi Rizzo | Dip. di Ingegneria dell'Informazione email: luigi@iet.unipi.it | Universita' di Pisa tel: +39-50-568533 | via Diotisalvi 2, 56126 PISA (Italy) fax: +39-50-568522 | http://www.iet.unipi.it/~luigi/ _____________________________|______________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Aug 7 11:31:30 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA24049 for freebsd-net-outgoing; Fri, 7 Aug 1998 11:31:30 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA24023 for ; Fri, 7 Aug 1998 11:31:12 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.8.8/8.8.8) id OAA21011; Fri, 7 Aug 1998 14:30:47 -0400 (EDT) (envelope-from wollman) Date: Fri, 7 Aug 1998 14:30:47 -0400 (EDT) From: Garrett Wollman Message-Id: <199808071830.OAA21011@khavrinen.lcs.mit.edu> To: Luigi Rizzo Cc: net@FreeBSD.ORG Subject: optimizing ipfw... In-Reply-To: <199808071529.RAA15460@labinfo.iet.unipi.it> References: <199808071529.RAA15460@labinfo.iet.unipi.it> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > Just a data point i guess... i am not so sure on what to optimize, > suggestions ? Translate all the rules into a superset of BPF, and use the BPF optimizer. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Aug 7 11:59:11 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA27488 for freebsd-net-outgoing; Fri, 7 Aug 1998 11:59:11 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from roma.coe.ufrj.br (roma.coe.ufrj.br [146.164.53.65]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA27483 for ; Fri, 7 Aug 1998 11:58:58 -0700 (PDT) (envelope-from jonny@jonny.eng.br) Received: (from jonny@localhost) by roma.coe.ufrj.br (8.8.8/8.8.8) id PAA29967; Fri, 7 Aug 1998 15:54:59 -0300 (EST) (envelope-from jonny) From: Joao Carlos Mendes Luis Message-Id: <199808071854.PAA29967@roma.coe.ufrj.br> Subject: Re: ipfw logging In-Reply-To: from =?ISO-8859-1?Q?Dag=2DErling_Coidan_Sm=F8rgrav?= at "Aug 7, 98 08:40:37 am" To: dag-erli@ifi.uio.no (Dag-Erling Coidan =?iso-8859-1?Q?Sm=F8rgrav?=) Date: Fri, 7 Aug 1998 15:54:59 -0300 (EST) Cc: archie@whistle.com, jkb@best.com, net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org #define quoting(Dag-Erling Coidan Smørgrav) // Archie Cobbs writes: // > Jan B. Koum writes: // > > Try the following patch to syslogd.c and see if that helps. If so, // > > I'll file the patch in a send-pr bug. // > I was committed (after some improvements). It's in both 2.2.7 and // > -current, so give it a whirl :-) // // Umm, exactly how should I give it a whirl? If I understand the patch // correctly, it's intended to make the following to work: // // !ipfw // *.* /var/log/ipfw // // But it doesn't. Did I misunderstand something? It works here ! Great ! I was in need of such a thing... :) Just another question related: Is it possible to avoid copies of ipfw log going to /var/log/messages ? Jonny -- Joao Carlos Mendes Luis M.Sc. Student jonny@jonny.eng.br Universidade Federal do Rio de Janeiro "There are two major products that come out of Berkeley: LSD and Unix. We don't believe this to be a coincidence." -- Jeremy S. Anderson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Aug 7 12:34:40 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA04441 for freebsd-net-outgoing; Fri, 7 Aug 1998 12:34:40 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from whistle.com (s205m131.whistle.com [207.76.205.131]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA04434 for ; Fri, 7 Aug 1998 12:34:39 -0700 (PDT) (envelope-from archie@whistle.com) Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id MAA07474; Fri, 7 Aug 1998 12:34:23 -0700 (PDT) Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3) id sma007472; Fri Aug 7 12:34:12 1998 Received: (from archie@localhost) by bubba.whistle.com (8.8.7/8.6.12) id MAA04419; Fri, 7 Aug 1998 12:34:12 -0700 (PDT) From: Archie Cobbs Message-Id: <199808071934.MAA04419@bubba.whistle.com> Subject: Re: ipfw logging In-Reply-To: <199808071854.PAA29967@roma.coe.ufrj.br> from Joao Carlos Mendes Luis at "Aug 7, 98 03:54:59 pm" To: jonny@jonny.eng.br (Joao Carlos Mendes Luis) Date: Fri, 7 Aug 1998 12:34:12 -0700 (PDT) Cc: dag-erli@ifi.uio.no, jkb@best.com, net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Joao Carlos Mendes Luis writes: > // !ipfw > // *.* /var/log/ipfw > > It works here ! Great ! I was in need of such a thing... :) > > Just another question related: Is it possible to avoid copies of > ipfw log going to /var/log/messages ? Well, if you have this in /etc/syslogd.conf: *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages Then syslogd is doing what you tell it. I'm not sure if there's a way to "exclude" a program's output a la "facility.none" .. does anyone know? -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Aug 8 08:32:44 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA23680 for freebsd-net-outgoing; Sat, 8 Aug 1998 08:32:44 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from david.siemens.de (david.siemens.de [192.35.17.14]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA23674 for ; Sat, 8 Aug 1998 08:32:42 -0700 (PDT) (envelope-from andre.albsmeier@mchp.siemens.de) X-Envelope-Sender-Is: andre.albsmeier@mchp.siemens.de (at relayer david.siemens.de) Received: from mail.siemens.de (salomon.siemens.de [139.23.33.13]) by david.siemens.de (8.9.1/8.9.1) with ESMTP id RAA04663 for ; Sat, 8 Aug 1998 17:32:22 +0200 (MET DST) Received: from curry.mchp.siemens.de (daemon@curry.mchp.siemens.de [146.180.31.23]) by mail.siemens.de (8.9.1/8.9.1) with ESMTP id RAA25427 for ; Sat, 8 Aug 1998 17:32:23 +0200 (MET DST) Received: (from daemon@localhost) by curry.mchp.siemens.de (8.8.8/8.8.8) id RAA22488 for ; Sat, 8 Aug 1998 17:32:24 +0200 (CEST) From: Andre Albsmeier Message-Id: <199808081532.RAA18920@internal> Subject: Does this impose a high load on a system? To: freebsd-net@FreeBSD.ORG Date: Sat, 8 Aug 1998 17:32:17 +0200 (CEST) Cc: freebsd-questions@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, I am running a nice little program named arpwatch. It collects information about new machines being attached to a network. I do this because I can monitor if someone links a new machine to our nets. For this operation, the network interface is put into promiscuous mode. IIRC, this means that all packets are passed to the kernel and maybe even all to the running program (arpwatch). I wonder if this causes a high load on the machine since I think it might have to process a lot of packages which normally would have thrown away. When looking at the arpwatch process, the time consumed is rather low but I don't know what's going on in a different place maybe... Thanks, -Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Aug 8 08:52:41 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA25225 for freebsd-net-outgoing; Sat, 8 Aug 1998 08:52:41 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id IAA25206; Sat, 8 Aug 1998 08:52:38 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id QAA16403; Sat, 8 Aug 1998 16:02:17 +0200 From: Luigi Rizzo Message-Id: <199808081402.QAA16403@labinfo.iet.unipi.it> Subject: Re: Does this impose a high load on a system? To: andre.albsmeier@mchp.siemens.de (Andre Albsmeier) Date: Sat, 8 Aug 1998 16:02:17 +0200 (MET DST) Cc: freebsd-net@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG In-Reply-To: <199808081532.RAA18920@internal> from "Andre Albsmeier" at Aug 8, 98 05:31:58 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Hello, > > I am running a nice little program named arpwatch. It collects > information about new machines being attached to a network. > I do this because I can monitor if someone links a new > machine to our nets. > > For this operation, the network interface is put into promiscuous mode. > IIRC, this means that all packets are passed to the kernel and maybe > even all to the running program (arpwatch). I wonder if this causes > a high load on the machine since I think it might have to process it depends on how much data it copies from the packet up to user space. To see if there is really a performance problem you should probably try to flood the local network segment with a separate machine and see how much load this causes. If you are concerned about performance maybe you can hack the network driver to grab the info you need, store in a table, and access them via some separate interface. (i am thinking of a similar approach in an attempt to implement bridging in freebsd). cheers luigi -----------------------------+-------------------------------------- Luigi Rizzo | Dip. di Ingegneria dell'Informazione email: luigi@iet.unipi.it | Universita' di Pisa tel: +39-50-568533 | via Diotisalvi 2, 56126 PISA (Italy) fax: +39-50-568522 | http://www.iet.unipi.it/~luigi/ _____________________________|______________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Aug 8 09:09:41 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA26466 for freebsd-net-outgoing; Sat, 8 Aug 1998 09:09:41 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from david.siemens.de (david.siemens.de [192.35.17.14]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA26452 for ; Sat, 8 Aug 1998 09:09:38 -0700 (PDT) (envelope-from andre.albsmeier@mchp.siemens.de) X-Envelope-Sender-Is: andre.albsmeier@mchp.siemens.de (at relayer david.siemens.de) Received: from mail.siemens.de (salomon.siemens.de [139.23.33.13]) by david.siemens.de (8.9.1/8.9.1) with ESMTP id SAA07236 for ; Sat, 8 Aug 1998 18:09:14 +0200 (MET DST) Received: from curry.mchp.siemens.de (daemon@curry.mchp.siemens.de [146.180.31.23]) by mail.siemens.de (8.9.1/8.9.1) with ESMTP id SAA28420 for ; Sat, 8 Aug 1998 18:09:15 +0200 (MET DST) Received: (from daemon@localhost) by curry.mchp.siemens.de (8.8.8/8.8.8) id SAA22844 for ; Sat, 8 Aug 1998 18:09:17 +0200 (CEST) From: Andre Albsmeier Message-Id: <199808081609.SAA24892@internal> Subject: Re: Does this impose a high load on a system? In-Reply-To: <199808081402.QAA16403@labinfo.iet.unipi.it> from Luigi Rizzo at "Aug 8, 98 04:02:17 pm" To: luigi@labinfo.iet.unipi.it (Luigi Rizzo) Date: Sat, 8 Aug 1998 18:09:14 +0200 (CEST) Cc: andre.albsmeier@mchp.siemens.de, freebsd-net@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Hello, > > > > I am running a nice little program named arpwatch. It collects > > information about new machines being attached to a network. > > I do this because I can monitor if someone links a new > > machine to our nets. > > > > For this operation, the network interface is put into promiscuous mode. > > IIRC, this means that all packets are passed to the kernel and maybe > > even all to the running program (arpwatch). I wonder if this causes > > a high load on the machine since I think it might have to process > > it depends on how much data it copies from the packet up to user space. > To see if there is really a performance problem you should probably try > to flood the local network segment with a separate machine and see how > much load this causes. Just have done that and noticed nothing. The program uses bpf and the line which configures it is here: if (pcap_compile(pd, &code, "arp or rarp", 1, netmask) < 0) So I assume that all packets that are no (r)arp packtes are already rejected in the kernel and this is why I don't see anything. > > If you are concerned about performance maybe you can hack the network > driver to grab the info you need, store in a table, and access them via > some separate interface. > > (i am thinking of a similar approach in an attempt to implement bridging > in freebsd). > > cheers > luigi That might be the best idea but at the moment I have a lack of time for doing this. (And the moment seems to last forever :-)) Thanks, -Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Aug 8 11:54:14 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA12518 for freebsd-net-outgoing; Sat, 8 Aug 1998 11:54:14 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from widefw.csl.sony.co.jp (widefw.csl.sony.co.jp [133.138.1.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA12512 for ; Sat, 8 Aug 1998 11:54:09 -0700 (PDT) (envelope-from kjc@csl.sony.co.jp) Received: from hotaka.csl.sony.co.jp (root@hotaka.csl.sony.co.jp [43.27.98.57]) by widefw.csl.sony.co.jp (8.8.8/3.6W) with ESMTP id DAA04064 for ; Sun, 9 Aug 1998 03:53:47 +0900 (JST) Received: from localhost (kjc@[127.0.0.1]) by hotaka.csl.sony.co.jp (8.8.8/3.6W/hotaka/98021914) with ESMTP id DAA18600 for ; Sun, 9 Aug 1998 03:53:45 +0900 (JST) Message-Id: <199808081853.DAA18600@hotaka.csl.sony.co.jp> To: net@FreeBSD.ORG Subject: altq-1.1.1 release Date: Sun, 09 Aug 1998 03:53:45 +0900 From: Kenjiro Cho Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org A new release of ALTQ (version 1.1.1) is now available from http://www.csl.sony.co.jp/person/kjc/software.html This version merges Julian's port to FreeBSD-current and works for both 2.2.x and -current. I haven't tested it much on -current, though. What's New since version 1.0.1: - FreeBSD-2.2.7 based. (altq major/minor device numbers changed!) FreeBSD-current support. - merge cbq2.0g (mostly copyright notices). Finally, Sun loosened its license term on the CBQ related files. Many Thanks to Michael Speer ! - improved CBQ config file parser. filter-rule checker is added. config file syntax changed! (but still backward compatible) "borrow" no longer reqires "borrow_name" arg. - RIO dropper and traffic meter/tagger (diffserv model) integration of RIO dropper into CBQ. - RED parameters are more configurable. - ECN support update TCP ECN uses the CWR bit (defined in draft-kksjf-ecn-01.txt). - slip driver support. - usable over IPv6 (still experimental). - other bug fixes. - another diffserv implementation "adserv" is contributed by Octavio Medina ALTQ has two independent diffserv implementations. You can get the latest ALTQ release from or The kernel update-kit from the altq-1.0.1 kernel and for the FreeBSD-current kernel is also available from the above site. --- Kenjiro Cho Sony Computer Science Laboratories, Inc. ------------------------------------------------------------------ This is a release of Alternate Queueing for BSD Unix. The idea behind this package is to provide better queueing schemes required to realize resource-sharing and quality of service. Currently, the only queueing scheme implemented in BSD Unix is the simple tail-drop FIFO queueing. The BSD Unix systems have no general method to implement alternate queueing schemes, which is the main obstacle to implement a new queueing scheme to BSD Unix. We have designed and implemented a generic alternate queueing framework for the BSD Unix systems, and ported Sun's CBQ onto this framework. The system can be used for resource reservation with the RSVP implementation from ISI. The goals of this project are three-fold: - to provide a framework to implement better queueing schemes. - to provide a link-sharing test-bed for network operators. - to provide a traffic control kernel to the RSVP community. The release has become fairly stable but still it is a research prototype. So use it at your own risk! All interfaces are likely to change in the future release. The release includes: alternate queueing support for FreeBSD-2.2.[12567]R kernel. CBQ, WFQ, RED, RIO and FIFOQ implementations tools for CBQ RSVP stubs for CBQ ECN support in RED and TCP diffserv model using the RIO dropper and traffic meter/tagger but lacks some of necessary documentation and functions. Some functions are implemented poorly. ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message