From owner-freebsd-net Sun Apr 2 4:41:10 2000 Delivered-To: freebsd-net@freebsd.org Received: from lanturn.express.ru (lanturn.kmost.express.ru [212.24.37.109]) by hub.freebsd.org (Postfix) with ESMTP id 9375337BBEB for ; Sun, 2 Apr 2000 04:41:03 -0700 (PDT) (envelope-from vova@express.ru) Received: from vova (helo=localhost) by lanturn.express.ru with local-esmtp (Exim 3.11 #1) id 12bike-0006SQ-00 for freebsd-net@FreeBSD.ORG; Sun, 02 Apr 2000 15:41:08 +0400 Date: Sun, 2 Apr 2000 15:41:08 +0400 (MSD) From: vova@express.ru X-Sender: vova@lanturn.kmost.express.ru To: freebsd-net@FreeBSD.ORG Subject: parralel routing tables Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi Is anybody thinks about multiple routing tables like in linux ? Is it concepual right/wrong, why ? -- TSB Russian Express, Moscow Vladimir B. Grebenschikov, vova@express.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Apr 2 7:51:36 2000 Delivered-To: freebsd-net@freebsd.org Received: from pooky.bmk.com.au (pooky.bmk.com.au [203.36.170.246]) by hub.freebsd.org (Postfix) with ESMTP id 752E837BD86 for ; Sun, 2 Apr 2000 07:51:30 -0700 (PDT) (envelope-from brendan@bmk.com.au) Received: from garfield (gateway.ozi.nu [203.36.170.241]) by pooky.bmk.com.au (8.8.7/8.8.7) with SMTP id AAA11414 for ; Mon, 3 Apr 2000 00:47:58 +1000 Date: Mon, 3 Apr 2000 00:52:04 +1000 (EST) From: Brendan Kosowski X-Sender: brendan@garfield Reply-To: Brendan Kosowski To: FreeBSD Networking Subject: natd problem Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I am running a NAT using natd and the standard OPEN firewall setting. The NAT has 2 ethernet cards, one to a PUBLIC ETHERNET and the other to our LOCAL ETHERNET (192.168.etc...) The natd has been setup with the "-redirect_port" option so that a certain port on the NAT PUBLIC INTERFACE gets redirected to a server on our LOCAL ETHERNET therefore giving our server a PUBLIC ADDRESS/PORT. The problem occurs when a P.C. on the LOCAL ETHERNET tries to access the SERVER on the LOCAL ETHERNET by way of its PUBLIC ADDRESS/PORT. The NAT seems to deny packets. It is absolutely necessary that I can get natd to do this. Accessing the SERVER via it's local address in an unacceptable solution. Can ANYONE help ??? ---------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Apr 2 23:24:19 2000 Delivered-To: freebsd-net@freebsd.org Received: from osku.suutari.iki.fi (osku.syncrontech.com [213.28.98.4]) by hub.freebsd.org (Postfix) with ESMTP id 67C0137BB73 for ; Sun, 2 Apr 2000 23:24:14 -0700 (PDT) (envelope-from ari@suutari.iki.fi) Received: from coffee (espresso-adsl.syncrontech.com [213.28.98.3]) by osku.suutari.iki.fi (8.9.3/8.9.3) with SMTP id JAA09981; Mon, 3 Apr 2000 09:24:03 +0300 (EEST) (envelope-from ari@suutari.iki.fi) Message-ID: <006401bf9d35$37bddb00$0e05a8c0@intranet.syncrontech.com> From: "Ari Suutari" To: "Arun Sharma" , References: <20000331234156.A28140@sharmas.dhs.org> Subject: Re: kernel vs user level implementation of NAT Date: Mon, 3 Apr 2000 09:24:02 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, > Can someone point me to some discussion or literature on why *BSDs chose > to implement natd as a daemon as opposed to a kernel service ? I'm > particularly interested in the performance (latency) aspects of the issue. > The history goes something like this: Some years ago I had a cable modem connection at home. I had internal network with some hosts and a FreeBSD server machine (running 2.x if I remember correctly). I was looking for solutions how to get my internal machines to access internet with similar manner as ip masquerading in Linux (Couldn't use Linux, I'v always been fond of *BSD). Well, I found that Darren Reed's ipfilter didn't work with 2.x so that was out. Porting of it looked like too much effort at that time. Then I found out from somewhere that user mode ppp had nat features and took a look at it. Surprisingly all the functions necessary to do it were packaged to a few source files which I took into natd. These sources were written by Charles Mott and eventually ended into libalias library. There was also another similar program in the beginning, Brian Somer's masqd. I don't remeber any more why I decided to go along with natd - maybe both were at very early stage of development and I just had more time to play with natd. Anyway, Brian also contributed to natd. What I found good about doing this in user process was the ease of debugging and testing of new versions. Ari S. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Apr 3 1:27:55 2000 Delivered-To: freebsd-net@freebsd.org Received: from storm.FreeBSD.org.uk (storm.freebsd.org.uk [194.242.139.170]) by hub.freebsd.org (Postfix) with ESMTP id 91C7037B67C for ; Mon, 3 Apr 2000 01:27:51 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (hak.nat.Awfulhak.org [172.31.0.12]) by storm.FreeBSD.org.uk (8.9.3/8.9.3) with ESMTP id JAA33746; Mon, 3 Apr 2000 09:27:45 +0100 (BST) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id IAA00468; Mon, 3 Apr 2000 08:23:26 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200004030723.IAA00468@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: Brendan Kosowski Cc: FreeBSD Networking , brian@hak.lan.Awfulhak.org Subject: Re: natd problem In-Reply-To: Message from Brendan Kosowski of "Mon, 03 Apr 2000 00:52:04 +1000." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 03 Apr 2000 08:23:26 +0100 From: Brian Somers Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The problem here is that the reply packets are going direct and aren't getting de-aliased by natd - natd doesn't even get to see them. I don't think there's any clean way of doing this - except maybe assigning a different real IP number to the target machine and letting everything else on the network know it's there via their routing tables. > I am running a NAT using natd and the standard OPEN firewall setting. > > The NAT has 2 ethernet cards, one to a PUBLIC ETHERNET and the other to > our LOCAL ETHERNET (192.168.etc...) > > The natd has been setup with the "-redirect_port" option so that a certain > port on the NAT PUBLIC INTERFACE gets redirected to a server on our LOCAL > ETHERNET therefore giving our server a PUBLIC ADDRESS/PORT. > > The problem occurs when a P.C. on the LOCAL ETHERNET tries to access the > SERVER on the LOCAL ETHERNET by way of its PUBLIC ADDRESS/PORT. The NAT > seems to deny packets. > > It is absolutely necessary that I can get natd to do this. Accessing the > SERVER via it's local address in an unacceptable solution. > > Can ANYONE help ??? -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Apr 3 1:41:32 2000 Delivered-To: freebsd-net@freebsd.org Received: from info.iet.unipi.it (info.iet.unipi.it [131.114.9.184]) by hub.freebsd.org (Postfix) with ESMTP id 4CAA237BC15 for ; Mon, 3 Apr 2000 01:41:19 -0700 (PDT) (envelope-from luigi@info.iet.unipi.it) Received: (from luigi@localhost) by info.iet.unipi.it (8.9.3/8.9.3) id KAA56450; Mon, 3 Apr 2000 10:38:40 +0200 (CEST) (envelope-from luigi) From: Luigi Rizzo Message-Id: <200004030838.KAA56450@info.iet.unipi.it> Subject: Re: natd problem In-Reply-To: <200004030723.IAA00468@hak.lan.Awfulhak.org> from Brian Somers at "Apr 3, 2000 08:23:26 am" To: Brian Somers Date: Mon, 3 Apr 2000 10:38:40 +0200 (CEST) Cc: Brendan Kosowski , FreeBSD Networking , brian@hak.lan.Awfulhak.org X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > The problem here is that the reply packets are going direct and > aren't getting de-aliased by natd - natd doesn't even get to see them. speaking of this... the usual suggestion for setting NATD is to config the firewall as ipfw -q flush ipfw add 100 divert natd ip from any to any via $natd_interface ipfw add 200 allow ip from any to any but this puts a lot of load on the machine acting as natd daemon, as all local traffic is also passed to the daemon where it is not subject to any translation. In some cases this is quite a problem e.g. when you put all sorts of services on the same machine doing natd. Does anyone have a more accurate way to pass interesting packets to the daemon ? I could probably come up with something but i'd rather avoid duplicating work already done. cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Apr 3 2:45: 6 2000 Delivered-To: freebsd-net@freebsd.org Received: from storm.FreeBSD.org.uk (storm.freebsd.org.uk [194.242.139.170]) by hub.freebsd.org (Postfix) with ESMTP id 7F4AF37B6CA for ; Mon, 3 Apr 2000 02:45:02 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (hak.nat.Awfulhak.org [172.31.0.12]) by storm.FreeBSD.org.uk (8.9.3/8.9.3) with ESMTP id KAA34128; Mon, 3 Apr 2000 10:44:52 +0100 (BST) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id KAA01499; Mon, 3 Apr 2000 10:44:18 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200004030944.KAA01499@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: Luigi Rizzo Cc: Brian Somers , Brendan Kosowski , FreeBSD Networking , brian@hak.lan.Awfulhak.org, brian@hak.lan.Awfulhak.org Subject: Re: natd problem In-Reply-To: Message from Luigi Rizzo of "Mon, 03 Apr 2000 10:38:40 +0200." <200004030838.KAA56450@info.iet.unipi.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 03 Apr 2000 10:44:18 +0100 From: Brian Somers Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org If you've got a spare IP number, I prefer this: $fwcmd add 101 divert natd all from 172.16.0.0/12 to any out via fxp0 $fwcmd add 102 divert natd all from any to $natd_interface in via fxp0 Here, natd_interface is my spare IP number (which has been ifconfig'd as an alias on fxp0) and 172.16.0.0/12 is my internal network. All connections going out get the default (first) IP number on fxp0 and natd doesn't even get to see them. You may also want to add $fwcmd add 101 divert natd all from $natd_interface to any out via fxp0 just in case someone wants to use something like datapipe (ports) to specifically make their from address the same as $natd_interface. > > The problem here is that the reply packets are going direct and > > aren't getting de-aliased by natd - natd doesn't even get to see them. > > speaking of this... the usual suggestion for setting NATD is to > config the firewall as > > ipfw -q flush > ipfw add 100 divert natd ip from any to any via $natd_interface > ipfw add 200 allow ip from any to any > > but this puts a lot of load on the machine acting as natd daemon, > as all local traffic is also passed to the daemon where it is not > subject to any translation. > In some cases this is quite a problem e.g. when you put > all sorts of services on the same machine doing natd. > > Does anyone have a more accurate way to pass interesting packets > to the daemon ? > > I could probably come up with something but i'd rather avoid > duplicating work already done. > > cheers > luigi > -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Apr 3 2:50:20 2000 Delivered-To: freebsd-net@freebsd.org Received: from storm.FreeBSD.org.uk (storm.freebsd.org.uk [194.242.139.170]) by hub.freebsd.org (Postfix) with ESMTP id A2DD537BD81 for ; Mon, 3 Apr 2000 02:50:13 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (hak.nat.Awfulhak.org [172.31.0.12]) by storm.FreeBSD.org.uk (8.9.3/8.9.3) with ESMTP id KAA34155; Mon, 3 Apr 2000 10:50:07 +0100 (BST) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id KAA01581; Mon, 3 Apr 2000 10:50:03 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200004030950.KAA01581@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: "Ari Suutari" Cc: "Arun Sharma" , freebsd-net@FreeBSD.ORG, brian@hak.lan.Awfulhak.org Subject: Re: kernel vs user level implementation of NAT In-Reply-To: Message from "Ari Suutari" of "Mon, 03 Apr 2000 09:24:02 +0300." <006401bf9d35$37bddb00$0e05a8c0@intranet.syncrontech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 03 Apr 2000 10:50:02 +0100 From: Brian Somers Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Hi, > > > > Can someone point me to some discussion or literature on why *BSDs chose > > to implement natd as a daemon as opposed to a kernel service ? I'm > > particularly interested in the performance (latency) aspects of the issue. > > > > The history goes something like this: > > Some years ago I had a cable modem connection at home. I had > internal network with some hosts and a FreeBSD server machine > (running 2.x if I remember correctly). I was looking for solutions how > to get my internal machines to access internet with similar > manner as ip masquerading in Linux (Couldn't use Linux, I'v > always been fond of *BSD). > > Well, I found that Darren Reed's ipfilter didn't work with 2.x so > that was out. Porting of it looked like too much effort at that time. > > Then I found out from somewhere that user mode ppp had > nat features and took a look at it. Surprisingly all the functions > necessary to do it were packaged to a few source files > which I took into natd. These sources were written by Charles > Mott and eventually ended into libalias library. > > There was also another similar program in the beginning, > Brian Somer's masqd. I don't remeber any more why I decided > to go along with natd - maybe both were at very early stage of > development > and I just had more time to play with natd. Anyway, Brian also > contributed to natd. I found out about natd around 2 days after starting masqd, so I dropped it :*] > What I found good about doing this in user process was the > ease of debugging and testing of new versions. > > Ari S. -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Apr 3 6:28:17 2000 Delivered-To: freebsd-net@freebsd.org Received: from pr.infosec.ru (pr.infosec.ru [194.135.141.98]) by hub.freebsd.org (Postfix) with ESMTP id 65A7437BC63; Mon, 3 Apr 2000 06:28:10 -0700 (PDT) (envelope-from blaze@infosec.ru) Received: from blaze (200.0.0.51 [200.0.0.51]) by pr.infosec.ru with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id H9Z764PT; Mon, 3 Apr 2000 17:28:37 +0400 Date: Mon, 3 Apr 2000 17:27:10 +0400 (MSD) From: Andrey Sverdlichenko X-Sender: blaze@blaze To: freebsd-net@freebsd.org, freebsd-current@freebsd.org Subject: hostcache Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Is net/hostcache.h interface obsoleted by other or developers just don't need them? There is no uses of them in kernel sources. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Apr 3 7: 5:56 2000 Delivered-To: freebsd-net@freebsd.org Received: from netcom.com (netcom2.netcom.com [199.183.9.102]) by hub.freebsd.org (Postfix) with ESMTP id D891437B59E for ; Mon, 3 Apr 2000 07:05:48 -0700 (PDT) (envelope-from stanb@netcom.com) Received: (from stanb@localhost) by netcom.com (8.9.3/8.9.3) id HAA05798 for freebsd-net@FreeBSD.ORG; Mon, 3 Apr 2000 07:05:12 -0700 (PDT) From: Stan Brown Message-Id: <200004031405.HAA05798@netcom.com> Subject: Help, I am being scanned! To: freebsd-net@FreeBSD.ORG (FreeBSD Networking) Date: Mon, 3 Apr 2000 10:05:12 -0400 (EDT) X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org My ISP seems to be saning my system. Look here: Apr 2 04:44:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:50869 24.6.61.166:119 in via ed1 Apr 2 04:44:52 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:51466 24.6.61.166:119 in via ed1 Apr 2 09:15:50 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:65458 24.6.61.166:119 in via ed1 Apr 2 09:15:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:33055 24.6.61.166:119 in via ed1 Apr 2 09:15:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:33274 24.6.61.166:119 in via ed1 Apr 2 09:15:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:33483 24.6.61.166:119 in via ed1 Apr 2 13:49:32 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:55198 24.6.61.166:119 in via ed1 Apr 2 13:49:33 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:55510 24.6.61.166:119 in via ed1 Apr 2 18:25:40 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:36998 24.6.61.166:119 in via ed1 Apr 2 18:25:41 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:37329 24.6.61.166:119 in via ed1 Apr 2 23:13:35 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:44432 24.6.61.166:119 in via ed1 Apr 2 23:13:36 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:45021 24.6.61.166:119 in via ed1 Apr 3 03:47:29 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:53917 24.6.61.166:119 in via ed1 That Ip translates to authorized-scan.security.home.ne. I don't recognize these ports, what are they? How can I protect myself against their ssaning? Thanks. -- Stan Brown stanb@netcom.com 404-996-6955 Factory Automation Systems Atlanta Ga. -- Look, look, see Windows 95. Buy, lemmings, buy! Pay no attention to that cliff ahead... Henry Spencer (c) 1998 Stan Brown. Redistribution via the Microsoft Network is prohibited. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Apr 3 7:25:14 2000 Delivered-To: freebsd-net@freebsd.org Received: from tilion.sgn.sca.se (tilion.sgn.sca.se [195.124.135.5]) by hub.freebsd.org (Postfix) with ESMTP id 1AE5D37B6DB for ; Mon, 3 Apr 2000 07:25:04 -0700 (PDT) (envelope-from johan.edstrom@hygiene.sca.se) Received: from hygiene.sca.se ([10.80.8.237]) by tilion.sgn.sca.se (8.10.0/8.10.0) with ESMTP id e33EOCU31652 for ; Mon, 3 Apr 2000 16:24:13 +0200 (CEST) Message-ID: <38E8A937.826AA159@hygiene.sca.se> Date: Mon, 03 Apr 2000 16:22:47 +0200 From: =?iso-8859-1?Q?Edstr=F6m?= Johan Reply-To: johan.edstrom@hygiene.sca.se Organization: SCA IT Services X-Mailer: Mozilla 4.72 [en] (Win98; U) X-Accept-Language: en,pdf MIME-Version: 1.0 Cc: FreeBSD Networking Subject: Re: Help, I am being scanned! References: <200004031405.HAA05798@netcom.com> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms6912F5CAFF51ADA2546ED9BA" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a cryptographically signed message in MIME format. --------------ms6912F5CAFF51ADA2546ED9BA Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit They are looking for open NNTP systems, search in the archives for more info. Stan Brown wrote: > > My ISP seems to be saning my system. Look here: > > Apr 2 04:44:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:50869 24.6.61.166:119 in via ed1 > Apr 2 04:44:52 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:51466 24.6.61.166:119 in via ed1 > Apr 2 09:15:50 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:65458 24.6.61.166:119 in via ed1 > Apr 2 09:15:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:33055 24.6.61.166:119 in via ed1 > Apr 2 09:15:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:33274 24.6.61.166:119 in via ed1 > Apr 2 09:15:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:33483 24.6.61.166:119 in via ed1 > Apr 2 13:49:32 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:55198 24.6.61.166:119 in via ed1 > Apr 2 13:49:33 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:55510 24.6.61.166:119 in via ed1 > Apr 2 18:25:40 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:36998 24.6.61.166:119 in via ed1 > Apr 2 18:25:41 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:37329 24.6.61.166:119 in via ed1 > Apr 2 23:13:35 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:44432 24.6.61.166:119 in via ed1 > Apr 2 23:13:36 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:45021 24.6.61.166:119 in via ed1 > Apr 3 03:47:29 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:53917 24.6.61.166:119 in via ed1 > > That Ip translates to authorized-scan.security.home.ne. I don't > recognize these ports, what are they? How can I protect myself against > their ssaning? > > Thanks. > -- > Stan Brown stanb@netcom.com 404-996-6955 > Factory Automation Systems > Atlanta Ga. > -- > Look, look, see Windows 95. Buy, lemmings, buy! > Pay no attention to that cliff ahead... Henry Spencer > (c) 1998 Stan Brown. Redistribution via the Microsoft Network is prohibited. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message -- Unix is like a wigwam - no gates, no windows, apache inside If windows is the answer, it must have been a stupid question. ################################# Johan Edström, SCA IT Services johan.edstrom@hygiene.sca.se Telephone : +49 8035 80676 Telefax : +49 8035 80610 Cellular : +49 172 8265375 ################################# --------------ms6912F5CAFF51ADA2546ED9BA Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIEFQYJKoZIhvcNAQcCoIIEBjCCBAICAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC AlIwggJOMIIB+KADAgECAgEKMA0GCSqGSIb3DQEBBAUAMCwxDDAKBgNVBAoTA1NHTjEcMBoG A1UEAxMTQ2VydGlmaWNhdGUgTWFuYWdlcjAeFw0wMDAyMTYxOTA5MzZaFw0wMTAyMTUxOTA5 MzZaMIGmMQwwCgYDVQQKEwNTR04xDDAKBgNVBAoTA1NDQTEZMBcGA1UECxMQSHlnaWVuZSBQ cm9kdWN0czEPMA0GA1UECxMGUGVvcGxlMRcwFQYKCZImiZPyLGQBARMHc2Vpam9lZDEWMBQG A1UEAxQNRWRzdHL2bSBKb2hhbjErMCkGCSqGSIb3DQEJARYcam9oYW4uZWRzdHJvbUBoeWdp ZW5lLnNjYS5zZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2DC2/fRtlVRxxlicldrg 7aySBnYzzX3jOD/aRYVe4nkvyfirOFLlrgWF1G1RBlb07aldiLsG236hdffhNBYqLO6mBnhF a2V84wYYS3+n9FW02t/+IEbaaUy8deXG1WBAGllNo7rjAbk2H+50Xu7P1f+2HMts+MWh2vTJ uAfQDL0CAwEAAaNGMEQwEQYJYIZIAYb4QgEBBAQDAgWgMA4GA1UdDwEB/wQEAwIF4DAfBgNV HSMEGDAWgBTeOZgRSghtGU+IHh7mxOHPlCbzsTANBgkqhkiG9w0BAQQFAANBAA9tpR9kvMX1 0okjETyH8FXCiyIZHInylxDKm9y1oCPD254M9oHrjG/q9icGmbihZIr7FVrYDmm4LThlpjqj r0gxggGLMIIBhwIBATAxMCwxDDAKBgNVBAoTA1NHTjEcMBoGA1UEAxMTQ2VydGlmaWNhdGUg TWFuYWdlcgIBCjAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJ KoZIhvcNAQkFMQ8XDTAwMDQwMzE0MjI0N1owIwYJKoZIhvcNAQkEMRYEFOjMYRCR3pjI0zUC CYuQmo4uv6NGMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCA MAcGBSsOAwIHMA0GCCqGSIb3DQMCAgFAMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUA BIGAXQDkFJtmEE+biz4NhFjIz2MKropFLXeHhZ512nHOPTpBeNi8fvCatdb0K7dVBX9O+Ies CQp3rNC1uoFOrxj+82wL4vEoRRwsnbHOux9TQ8vFjffTSX+tx53yX1EkbuQrmGinDypWZAjr 0Efo69MyQQnrkTyglDvhzO5IG5XVvX4= --------------ms6912F5CAFF51ADA2546ED9BA-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Apr 3 8:42: 2 2000 Delivered-To: freebsd-net@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id A9B9037B9D7 for ; Mon, 3 Apr 2000 08:41:56 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id LAA14408; Mon, 3 Apr 2000 11:41:33 -0400 (EDT) (envelope-from wollman) Date: Mon, 3 Apr 2000 11:41:33 -0400 (EDT) From: Garrett Wollman Message-Id: <200004031541.LAA14408@khavrinen.lcs.mit.edu> To: Andrey Sverdlichenko Cc: freebsd-net@FreeBSD.ORG Subject: hostcache In-Reply-To: References: Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [Please don't post to multiple mailing-lists.] < said: > Is net/hostcache.h interface obsoleted by other or developers just don't > need them? There is no uses of them in kernel sources. It was the beginning of an idea I had several years ago which was never brought to fruition. I would have removed it from the tree some time ago were it not for the fact that I can't seem to get Mark Murray to reestablish my identity on freefall. That's not to say it won't come back (probably in substantially different form) at some point in the future.... You'll probably find that there are important bits missing if you actually try to use it for anything real. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Apr 3 9: 2:13 2000 Delivered-To: freebsd-net@freebsd.org Received: from scientia.demon.co.uk (scientia.demon.co.uk [212.228.14.13]) by hub.freebsd.org (Postfix) with ESMTP id 116CF37BE01 for ; Mon, 3 Apr 2000 09:02:07 -0700 (PDT) (envelope-from ben@scientia.demon.co.uk) Received: from strontium.scientia.demon.co.uk ([192.168.91.36] ident=exim) by scientia.demon.co.uk with esmtp (Exim 3.12 #1) id 12c8fU-0001PN-00; Mon, 03 Apr 2000 16:21:32 +0100 Received: (from ben) by strontium.scientia.demon.co.uk (Exim 3.12 #7) id 12c8fU-000EKc-00; Mon, 03 Apr 2000 16:21:32 +0100 Date: Mon, 3 Apr 2000 16:21:32 +0100 From: Ben Smithurst To: Stan Brown Cc: FreeBSD Networking Subject: Re: Help, I am being scanned! Message-ID: <20000403162132.C85754@strontium.scientia.demon.co.uk> References: <200004031405.HAA05798@netcom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <200004031405.HAA05798@netcom.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Stan Brown wrote: > My ISP seems to be saning my system. Look here: > > > Apr 2 04:44:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:50869 24.6.61.166:119 in via ed1 > Apr 2 04:44:52 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:51466 24.6.61.166:119 in via ed1 > Apr 2 09:15:50 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:65458 24.6.61.166:119 in via ed1 > Apr 2 09:15:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:33055 24.6.61.166:119 in via ed1 > Apr 2 09:15:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:33274 24.6.61.166:119 in via ed1 > Apr 2 09:15:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:33483 24.6.61.166:119 in via ed1 > Apr 2 13:49:32 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:55198 24.6.61.166:119 in via ed1 > Apr 2 13:49:33 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:55510 24.6.61.166:119 in via ed1 > Apr 2 18:25:40 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:36998 24.6.61.166:119 in via ed1 > Apr 2 18:25:41 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:37329 24.6.61.166:119 in via ed1 > Apr 2 23:13:35 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:44432 24.6.61.166:119 in via ed1 > Apr 2 23:13:36 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:45021 24.6.61.166:119 in via ed1 > Apr 3 03:47:29 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:53917 24.6.61.166:119 in via ed1 > > That Ip translates to authorized-scan.security.home.ne. I don't > recognize these ports, what are they? How can I protect myself against > their ssaning? Why should you want to protect yourself? Your ISP is scanning it's customers to make sure their systems aren't misconfigured. Given that you're denying the packets anyway, I don't know what else you think you can do. As the the ports, try looking them up in /etc/services (actually there's only one destination port here, 119, and that's nntp, and the source ports are meaningless). -- Ben Smithurst / ben@scientia.demon.co.uk / PGP: 0x99392F7D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Apr 3 18:52:45 2000 Delivered-To: freebsd-net@freebsd.org Received: from wat-border.sentex.ca (waterloo-hespler.sentex.ca [199.212.135.66]) by hub.freebsd.org (Postfix) with ESMTP id 9D68F37B6BC for ; Mon, 3 Apr 2000 18:52:42 -0700 (PDT) (envelope-from mike@sentex.net) Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1]) by wat-border.sentex.ca (8.9.3/8.9.3) with ESMTP id VAA33800; Mon, 3 Apr 2000 21:52:41 -0400 (EDT) (envelope-from mike@sentex.net) Received: from chimp.simianscience.com (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id VAA14947; Mon, 3 Apr 2000 21:52:40 -0400 (EDT) From: mike@sentex.net (Mike Tancsa) To: stanb@netcom.com (Stan Brown) Cc: freebsd-net@FreeBSD.ORG Subject: Re: Help, I am being scanned! Date: Tue, 04 Apr 2000 01:50:06 GMT Message-ID: <38e949fe.348672764@mail.sentex.net> References: In-Reply-To: X-Mailer: Forte Agent .99e/32.227 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 3 Apr 2000 10:06:08 -0400, in sentex.lists.freebsd.net you wrote: > My ISP seems to be saning my system. Look here: > > >Apr 2 04:44:51 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:50869 24.6.61.166:119 in via ed1 > That Ip translates to authorized-scan.security.home.ne. I don't > recognize these ports, what are they? How can I protect myself against > their ssaning? Port 119 is the nntp or news port... grep 119 /etc/services nntp 119/tcp usenet #Network News Transfer Protocol nntp 119/udp usenet #Network News Transfer Protocol man ipfw e.g. ipfw add 5000 deny log ip from 24.0.94.130 to any ---Mike Mike Tancsa (mdtancsa@sentex.net) Sentex Communications Corp, Waterloo, Ontario, Canada "Given enough time, 100 monkeys on 100 routers could setup a national IP network." (KDW2) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Apr 3 18:57:21 2000 Delivered-To: freebsd-net@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 2030937B5D5 for ; Mon, 3 Apr 2000 18:57:17 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id VAA18098; Mon, 3 Apr 2000 21:57:07 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Mon, 3 Apr 2000 21:57:06 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Arun Sharma Cc: freebsd-net@freebsd.org Subject: Re: kernel vs user level implementation of NAT In-Reply-To: <20000331234156.A28140@sharmas.dhs.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org While passing all packets through userland can have a performance impact (especially in terms of latency on older machines), throughput is usually not a problem. It performs especially favorably compared to userland firewall proxies, which are notoriously poor in terms of performance impact as they typically run in seperate processes, requiring context switches. I've pushed 50+ mbps streams through userland in some of my own code on a 450mhz PIII, and the limiting factor has in this case been poor ethernet hardware and testing environment, rather than a maxed out box performing the userland filtering. Keeping code in userland makes it *substantially* easier to develop, debug, and maintain. It also makes the code far more portable, and avoids adding more baggage to the in-kernel IP stack, which would reduce our ability to modify the stack to reflect changing needs. I understand that the BSD/OS folks have extended BPF to allow it to modify packets on the fly, as well as do other spiffy things, which provides a nice stack expensibility mechanism while reducing the kernel/userland switches. It may be that as the BSD/OS+FreeBSD code bases draw closer together, we get to see more spiffy features such as that in the public FreeBSD source base. On Fri, 31 Mar 2000, Arun Sharma wrote: > Can someone point me to some discussion or literature on why *BSDs chose > to implement natd as a daemon as opposed to a kernel service ? I'm > particularly interested in the performance (latency) aspects of the issue. > > Thanks in advance, > > -Arun > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Apr 4 0:43:44 2000 Delivered-To: freebsd-net@freebsd.org Received: from pr.infosec.ru (pr.infosec.ru [194.135.141.98]) by hub.freebsd.org (Postfix) with ESMTP id EC6CE37B5CE for ; Tue, 4 Apr 2000 00:43:38 -0700 (PDT) (envelope-from blaze@infosec.ru) Received: from blaze (200.0.0.51 [200.0.0.51]) by pr.infosec.ru with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id H9Z76VB5; Tue, 4 Apr 2000 11:44:27 +0400 Date: Tue, 4 Apr 2000 11:42:55 +0400 (MSD) From: Andrey Sverdlichenko X-Sender: blaze@blaze To: Garrett Wollman Cc: freebsd-net@FreeBSD.ORG Subject: Re: hostcache In-Reply-To: <200004031541.LAA14408@khavrinen.lcs.mit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 3 Apr 2000, Garrett Wollman wrote: > > Is net/hostcache.h interface obsoleted by other or developers just don't > > need them? There is no uses of them in kernel sources. > > It was the beginning of an idea I had several years ago which was > never brought to fruition. I would have removed it from the tree some > time ago were it not for the fact that I can't seem to get Mark Murray > to reestablish my identity on freefall. That's not to say it won't > come back (probably in substantially different form) at some point in > the future.... I need to store some information in per-host basis (peer table for IP level encryption). Hostcache looks just what i need, so even if it not usable right now, it will be in a few days :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Apr 4 7:41:43 2000 Delivered-To: freebsd-net@freebsd.org Received: from smtprch1.nortel.com (smtprch1.nortelnetworks.com [192.135.215.14]) by hub.freebsd.org (Postfix) with ESMTP id C9C1A37B6AE for ; Tue, 4 Apr 2000 07:41:34 -0700 (PDT) (envelope-from jspiers@nortelnetworks.com) Received: from zrchb213.us.nortel.com (actually zrchb213) by smtprch1.nortel.com; Tue, 4 Apr 2000 08:45:47 -0500 Received: by zrchb213.us.nortel.com with Internet Mail Service (5.5.2650.21) id <2BF05H65>; Tue, 4 Apr 2000 08:44:07 -0500 Message-ID: <13E2EF604DE5D111B2E50000F80824E803CA80D8@zwdld001.ca.nortel.com> From: "Jeffrey Spiers" To: freebsd-net@freebsd.org Subject: Marking the TOS-byte of IP packets using setsockopt() calls Date: Tue, 4 Apr 2000 08:43:57 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01BF9E3B.D9202AAA" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01BF9E3B.D9202AAA Content-Type: text/plain; charset="iso-8859-1" > Hello all. > > I'm trying to get FreeBSD 3.3 to modify the IP Type-Of-Service field of IP > packets that match given criteria using ipfw rules. I've looked through > the source code for ipfw (ipfw.c and ip_fw.h) and there doesn' seem to be > any mention of TOS. I know it can be done using ipchains on Linux, using a > command like: > > ipchains blah blah -s 192.168.1.1 -d 192.168.1.2 -t 0x01 0x80 > > The two bytes following '-t' modify the TOS field. The first byte is > ANDed, and the second one is XORed with the TOS of every packet matching > the rule. > > Does anyone know the setsockopt() commands to activate TOS-field marking > on FreeBSD? Can it be done? > > Thanks a bunch, > _______________________________________________________________ > > Jeffrey Spiers Phone: (613) 765-5701 > Co-op Student Fax: (613) 763-2686 > Wireless IP Access Technologies ESN: 39-55701 > Nortel Networks Email: > jspiers@nortelnetworks.com > _______________________________________________________________ ------_=_NextPart_001_01BF9E3B.D9202AAA Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Marking the TOS-byte of IP packets using setsockopt() = calls

Hello all.

I'm trying to get FreeBSD 3.3 to = modify the IP Type-Of-Service field of IP packets that match given = criteria using ipfw rules. I've looked through the source code for ipfw = (ipfw.c and ip_fw.h) and there doesn' seem to be any mention of TOS. I = know it can be done using ipchains on Linux, using a command = like:

ipchains blah blah -s 192.168.1.1 -d = 192.168.1.2 -t 0x01 0x80

The two bytes following '-t' modify = the TOS field. The first byte is ANDed, and the second one is XORed = with the TOS of every packet matching the rule.

Does anyone know the setsockopt() = commands to activate TOS-field marking on FreeBSD? Can it be = done?

Thanks a bunch,
________________________________________________________= _______

Jeffrey = Spiers           =             =             = Phone: (613) 765-5701
Co-op = Student           = ;            = ;           = Fax:     (613) 763-2686
Wireless IP Access = Technologies        = ESN:     39-55701
Nortel = Networks          &nbs= p;           &nbs= p;         Email:   = jspiers@nortelnetworks.com
________________________________________________________= _______

------_=_NextPart_001_01BF9E3B.D9202AAA-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Apr 4 7:56: 0 2000 Delivered-To: freebsd-net@freebsd.org Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 0C31437BA5D for ; Tue, 4 Apr 2000 07:55:58 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.com (Foolstrustidentd@obie.softweyr.com [204.68.178.33]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id IAA15809; Tue, 4 Apr 2000 08:55:40 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <38EA0277.42E7B788@softweyr.com> Date: Tue, 04 Apr 2000 08:55:51 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Robert Watson Cc: Arun Sharma , freebsd-net@FreeBSD.ORG Subject: Re: kernel vs user level implementation of NAT References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Robert Watson wrote: > > Keeping code in userland makes it *substantially* easier to develop, > debug, and maintain. It also makes the code far more portable, and > avoids adding more baggage to the in-kernel IP stack, which would reduce > our ability to modify the stack to reflect changing needs. > > I understand that the BSD/OS folks have extended BPF to allow it to modify > packets on the fly, as well as do other spiffy things, which provides a > nice stack expensibility mechanism while reducing the kernel/userland > switches. It may be that as the BSD/OS+FreeBSD code bases draw closer > together, we get to see more spiffy features such as that in the public > FreeBSD source base. You could also perform many of these tasks now with netgraph nodes in FreeBSD, allowing you to load modules for the specific processing task you have and attach them to specific stream(s) easily. This does not offer the ease of development and maintenance that user-mode daemons do. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Apr 4 9:50:48 2000 Delivered-To: freebsd-net@freebsd.org Received: from mrout2.yahoo.com (mrout2.yahoo.com [208.48.125.152]) by hub.freebsd.org (Postfix) with ESMTP id 3A4E637B67A for ; Tue, 4 Apr 2000 09:50:40 -0700 (PDT) (envelope-from jayanth@yahoo-inc.com) Received: from milk.yahoo.com (milk.yahoo.com [206.251.16.37]) by mrout2.yahoo.com (8.10.0/8.10.0/y.out) with ESMTP id e34GoJv81950 for ; Tue, 4 Apr 2000 09:50:19 -0700 (PDT) Received: (from root@localhost) by milk.yahoo.com (8.8.8/8.6.12) id JAA17068 for net@FreeBSD.ORG; Tue, 4 Apr 2000 09:50:18 -0700 (PDT) Date: Tue, 4 Apr 2000 09:50:18 -0700 From: jayanth To: net@FreeBSD.ORG Subject: Simultaneous close .... Message-ID: <20000404095017.B15820@yahoo-inc.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1us Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I was testing b/w two 4.0 boxes and saw the following scenario. Server side ----------- 10:14:41.260613 server.7000 > client.1136: P 1:101(100) ack 32001 win 65535 (DF) 10:14:41.260709 server.7000 > client.1136: F 101:101(0) ack 32001 win 65535 (DF) 10:14:41.652936 client.1136 > server.7000: F 32001:32001(0) ack 101 win 17520 (D F) 10:14:41.653075 server.7000 > client.1136: F 101:101(0) ack 32002 win 65535 (DF) 10:14:41.659388 client.1136 > server.7000: F 32001:32001(0) ack 102 win 17520 (D F) 10:14:41.659485 server.7000 > client.1136: . ack 32002 win 65535 (DF) 10:14:41.989824 client.1136 > server.7000: . ack 102 win 17520 (DF) Client side ----------- 18:10:18.484731 server.7000 > client.1136: P 1:101(100) ack 32001 win 65535 (DF ) 18:10:18.485193 client.1136 > server.7000: F 32001:32001(0) ack 101 win 17520 (D F) 18:10:18.490679 server.7000 > client.1136: F 101:101(0) ack 32001 win 65535 (DF) 18:10:18.490726 client.1136 > server.7000: F 32001:32001(0) ack 102 win 17520 (D F) 18:10:18.818621 server.7000 > client.1136: F 101:101(0) ack 32002 win 65535 (DF) 18:10:18.818626 server.7000 > client.1136: . ack 32002 win 65535 (DF) 18:10:18.818663 client.1136 > server.7000: . ack 102 win 17520 (DF) If I remember right the last two ACKS are not necessary during simultaneous close? jayanth To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Apr 4 15:43:58 2000 Delivered-To: freebsd-net@freebsd.org Received: from netcom.com (netcom15.netcom.com [199.183.9.115]) by hub.freebsd.org (Postfix) with ESMTP id 4333137B507 for ; Tue, 4 Apr 2000 15:43:55 -0700 (PDT) (envelope-from stanb@netcom.com) Received: (from stanb@localhost) by netcom.com (8.9.3/8.9.3) id PAA02469 for freebsd-net@FreeBSD.ORG; Tue, 4 Apr 2000 15:36:47 -0700 (PDT) From: Stan Brown Message-Id: <200004042236.PAA02469@netcom.com> Subject: I am being atacked! To: freebsd-net@FreeBSD.ORG (FreeBSD Networking) Date: Tue, 4 Apr 2000 18:36:47 -0400 (EDT) X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have started getting the following messages in /var/log/messages: Apr 4 02:55:10 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:42671 24.6.61.166:119 in via ed1 Apr 4 02:55:11 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:43376 24.6.61.166:119 in via ed1 Apr 4 02:58:21 koala portsentry[336]: attackalert: Connect from host: c453341-a.pinol1.sfba.home.com/24.6.255.50 to UDP port: 161 Apr 4 02:58:21 koala portsentry[336]: attackalert: Host 24.6.255.50 has been blocked via wrappers with string: "ALL: 24.6.255.50" Apr 4 02:58:21 koala portsentry[336]: attackalert: Host 24.6.255.50 has been blocked via dropped route using command: "/sbin/route add 24.6.255.50 333.444.555.666" Apr 4 02:58:21 koala /kernel: arplookup 0.0.0.0 failed: host is not on local network Apr 4 02:58:21 koala /kernel: arpresolve: can't allocate llinfo for 0.0.0.0rt Apr 4 02:58:21 koala portsentry[336]: attackalert: Connect from host: c453341-a.pinol1.sfba.home.com/24.6.255.50 to UDP port: 161 Apr 4 02:58:21 koala portsentry[336]: attackalert: Host: 24.6.255.50 is already blocked. Ignoring Apr 4 02:58:22 koala /kernel: arplookup 0.0.0.0 failed: host is not on local network Apr 4 02:58:22 koala /kernel: arpresolve: can't allocate llinfo for 0.0.0.0rt Apr 4 02:58:22 koala portsentry[336]: attackalert: Connect from host: c453341-a.pinol1.sfba.home.com/24.6.255.50 to UDP port: 161 Apr 4 02:58:22 koala portsentry[336]: attackalert: Host: 24.6.255.50 is already blocked. Ignoring What's going on? What corrective action should I take? Thanks. -- Stan Brown stanb@netcom.com 404-996-6955 Factory Automation Systems Atlanta Ga. -- Look, look, see Windows 95. Buy, lemmings, buy! Pay no attention to that cliff ahead... Henry Spencer (c) 1998 Stan Brown. Redistribution via the Microsoft Network is prohibited. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Apr 4 17:57: 7 2000 Delivered-To: freebsd-net@freebsd.org Received: from wat-border.sentex.ca (waterloo-hespler.sentex.ca [199.212.135.66]) by hub.freebsd.org (Postfix) with ESMTP id 4CE0537BB8F for ; Tue, 4 Apr 2000 17:57:05 -0700 (PDT) (envelope-from mike@sentex.net) Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1]) by wat-border.sentex.ca (8.9.3/8.9.3) with ESMTP id UAA74143; Tue, 4 Apr 2000 20:57:04 -0400 (EDT) (envelope-from mike@sentex.net) Received: from chimp.simianscience.com (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id UAA20411; Tue, 4 Apr 2000 20:57:03 -0400 (EDT) From: mike@sentex.net (Mike Tancsa) To: stanb@netcom.com (Stan Brown) Cc: freebsd-net@freebsd.org Subject: Re: I am being atacked! Date: Wed, 05 Apr 2000 00:54:33 GMT Message-ID: <38ea8d15.431384518@mail.sentex.net> References: In-Reply-To: X-Mailer: Forte Agent .99e/32.227 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 4 Apr 2000 18:44:09 -0400, in sentex.lists.freebsd.net you wrote: > I have started getting the following messages in /var/log/messages: > >Apr 4 02:55:10 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:42671 24.6.61.166:119 in via ed1 >Apr 4 02:55:11 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:43376 24.6.61.166:119 in via ed1 Thats authorized-scan.security.home.net looking at your machine for open news relays... >Apr 4 02:58:21 koala portsentry[336]: attackalert: Connect from host: c453341-a.pinol1.sfba.home.com/24.6.255.50 to UDP port: 161 Someone looking for SNMP. Pretty common. Actually, its one of the 'underrated' back doors IMHO... There are WAY too many devices that default to "public" and "private"... Can you imagine a UNIX box shipping with a default account named "guest" with the password "guest". Welcome to the world of SNMP :-( >Apr 4 02:58:21 koala /kernel: arplookup 0.0.0.0 failed: host is not on local network >Apr 4 02:58:21 koala /kernel: arpresolve: can't allocate llinfo for 0.0.0.0rt Did you give yourself a netmask of 0 or something ? > > What's going on? what does ifconfig -a and netstat -nra look like ? If you are worried about using your real IP addresses, translate them into 169.254.247.0-254, but be consistent. ---Mike Mike Tancsa (mdtancsa@sentex.net) Sentex Communications Corp, Waterloo, Ontario, Canada "Given enough time, 100 monkeys on 100 routers could setup a national IP network." (KDW2) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Apr 4 19: 9:12 2000 Delivered-To: freebsd-net@freebsd.org Received: from sofia.csl.sri.com (sofia.csl.sri.com [130.107.19.127]) by hub.freebsd.org (Postfix) with ESMTP id 51FBB37B742 for ; Tue, 4 Apr 2000 19:09:10 -0700 (PDT) (envelope-from molter@sofia.csl.sri.com) Received: (from molter@localhost) by sofia.csl.sri.com (8.9.3/8.9.3) id TAA00877 for freebsd-net@freebsd.org; Tue, 4 Apr 2000 19:09:10 -0700 (PDT) (envelope-from molter) From: Marco Molteni Date: Tue, 4 Apr 2000 19:09:09 -0700 To: freebsd-net@freebsd.org Subject: MPLS (Multiprotocol Label Switching) on FreeBSD? Message-ID: <20000404190909.A826@sofia.csl.sri.com> Mail-Followup-To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre4i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi all, I wanted to learn how to do kernel programming and so I thought of implementing a cooperative routing lookup technique, for example a very simplified version of MPLS (Multiprotocol Label Switching, see [1]), or Cisco's tag switching (see [2]). As always in these cases, it turned out that it is more difficult than it seemed :-) So I wanted to know if someone has worked on this stuff on a FreeBSD box or is interested in doing some experiments together. If you are wondering what is a cooperative routing lookup technique, here is a simplified introduction: Normally routers forward IP packets based on the destination IP address, looking up the interface to use in the kernel routing table. The routing table, at least in BSD kernels, is similar to a Patricia trie (which is a special binary tree). The lookup starts at the head of the trie and walks the trie until it finds a leaf that matches. If no match is found, we go up one level and try again, eventually backtracking till the head, which normally should contain the default route. With cooperative routing lookup, the previous-hop router "knows" the structure of my tree, and gives me an "hint" (an integer) that I can use to jump directly to a small subtree that should contain the routing entry I need. Then I will give a similar hint to the next-hop router. All this should allow a router to forward a lot more packets per unit of time, because it needs fewer accesses to the routing tree to find a match. [1] http://search.ietf.org/internet-drafts/draft-ietf-mpls-arch-06.txt [2] RFC 2105 Thanks Marco To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Apr 4 19:18:15 2000 Delivered-To: freebsd-net@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id D23BE37B88B for ; Tue, 4 Apr 2000 19:18:10 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id WAA21065; Tue, 4 Apr 2000 22:18:04 -0400 (EDT) (envelope-from wollman) Date: Tue, 4 Apr 2000 22:18:04 -0400 (EDT) From: Garrett Wollman Message-Id: <200004050218.WAA21065@khavrinen.lcs.mit.edu> To: Marco Molteni Cc: freebsd-net@FreeBSD.ORG Subject: MPLS (Multiprotocol Label Switching) on FreeBSD? In-Reply-To: <20000404190909.A826@sofia.csl.sri.com> References: <20000404190909.A826@sofia.csl.sri.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > So I wanted to know if someone has worked on this stuff on a FreeBSD > box Well, yes and no. The Ipsilon product (which through some twists and turns became the Nokia IP4000) was a PC running FreeBSD 2.x. (I think it may have been 2.1 or a very early 2.2 -- it's been too long since I looked at it.) [The people I was working for at the time were research partners of some of the technical principals at Ipsilon and got access to the source code. We tried to do something interesting with it but could not make it work properly on our COTS hardware.] -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Apr 4 20:27:32 2000 Delivered-To: freebsd-net@freebsd.org Received: from wat-border.sentex.ca (waterloo-hespler.sentex.ca [199.212.135.66]) by hub.freebsd.org (Postfix) with ESMTP id 0BEEE37B773 for ; Tue, 4 Apr 2000 20:27:28 -0700 (PDT) (envelope-from mike@sentex.net) Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1]) by wat-border.sentex.ca (8.9.3/8.9.3) with ESMTP id XAA90182; Tue, 4 Apr 2000 23:27:23 -0400 (EDT) (envelope-from mike@sentex.net) Received: from chimp.simianscience.com (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id XAA00120; Tue, 4 Apr 2000 23:27:22 -0400 (EDT) From: mike@sentex.net (Mike Tancsa) To: molter@sofia.csl.sri.com (Marco Molteni) Cc: freebsd-net@freebsd.org Subject: Re: MPLS (Multiprotocol Label Switching) on FreeBSD? Date: Wed, 05 Apr 2000 03:24:38 GMT Message-ID: <38eab1a4.6921472@mail.sentex.net> References: In-Reply-To: X-Mailer: Forte Agent .99e/32.227 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 4 Apr 2000 22:09:22 -0400, in sentex.lists.freebsd.misc you wrote: > >So I wanted to know if someone has worked on this stuff on a FreeBSD >box or is interested in doing some experiments together. You might want to take a look at http://www.zebra.org. Although not FreeBSD specific, it does run on FreeBSD and a few people on the list mentioned implementing MPLS though it. ---Mike Mike Tancsa (mdtancsa@sentex.net) Sentex Communications Corp, Waterloo, Ontario, Canada "Given enough time, 100 monkeys on 100 routers could setup a national IP network." (KDW2) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Apr 4 20:47:28 2000 Delivered-To: freebsd-net@freebsd.org Received: from whizzo.transsys.com (whizzo.TransSys.COM [144.202.42.10]) by hub.freebsd.org (Postfix) with ESMTP id 5103F37B732 for ; Tue, 4 Apr 2000 20:47:21 -0700 (PDT) (envelope-from louie@whizzo.transsys.com) Received: from whizzo.transsys.com (localhost.transsys.com [127.0.0.1]) by whizzo.transsys.com (8.9.3/8.9.1) with ESMTP id XAA77640; Tue, 4 Apr 2000 23:47:13 -0400 (EDT) (envelope-from louie@whizzo.transsys.com) Message-Id: <200004050347.XAA77640@whizzo.transsys.com> X-Mailer: exmh version 2.1.1 10/15/1999 To: Garrett Wollman Cc: Marco Molteni , freebsd-net@FreeBSD.ORG X-Image-URL: http://www.transsys.com/louie/images/louie-mail.jpg From: "Louis A. Mamakos" Subject: Re: MPLS (Multiprotocol Label Switching) on FreeBSD? References: <20000404190909.A826@sofia.csl.sri.com> <200004050218.WAA21065@khavrinen.lcs.mit.edu> In-reply-to: Your message of "Tue, 04 Apr 2000 22:18:04 EDT." <200004050218.WAA21065@khavrinen.lcs.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 04 Apr 2000 23:47:13 -0400 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > < said: > > > So I wanted to know if someone has worked on this stuff on a FreeBSD > > box > > Well, yes and no. The Ipsilon product (which through some twists and > turns became the Nokia IP4000) was a PC running FreeBSD 2.x. (I think > it may have been 2.1 or a very early 2.2 -- it's been too long since I > looked at it.) [The people I was working for at the time were > research partners of some of the technical principals at Ipsilon and > got access to the source code. We tried to do something interesting > with it but could not make it work properly on our COTS hardware.] And of course Juniper Networks implemented an MPLS signaling stack on FreeBSD, though the forwarding path is mostly implemented in their, ah, interesting custom ASIC hardware. As in the Ipsilon case, you probably can't get this code to look at, either. louie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Apr 4 22:45:41 2000 Delivered-To: freebsd-net@freebsd.org Received: from picalon.gun.de (picalon.gun.de [192.109.159.1]) by hub.freebsd.org (Postfix) with ESMTP id CA73337BB51 for ; Tue, 4 Apr 2000 22:45:32 -0700 (PDT) (envelope-from andreas@klemm.gtn.com) Received: (from uucp@localhost) by picalon.gun.de (8.9.3/8.9.3) id HAA13071 for freebsd-net@freebsd.org; Wed, 5 Apr 2000 07:45:16 +0200 (MET DST) >Received: (from andreas@localhost) by klemm.gtn.com (8.9.3/8.9.3) id WAA26397 for freebsd-net@freebsd.org; Tue, 4 Apr 2000 22:17:29 +0200 (CEST) (envelope-from andreas) Date: Tue, 4 Apr 2000 22:17:29 +0200 From: Andreas Klemm To: freebsd-net@freebsd.org Subject: natd (two times) && real audio is that possible ? Message-ID: <20000404221729.A25797@titan.klemm.gtn.com> Mime-Version: 1.0 X-Mailer: Mutt 1.0.1i X-Operating-System: FreeBSD 5.0-CURRENT SMP X-Disclaimer: A free society is one where it is safe to be unpopular Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi ! Need some help concerning natd on FreeBSD in conjunction with real audio. My wife wants to see/hear real audio. But it doesn't work. |------- 172.16.1.0/24 ---------------| her net | | ed0 - .1 | My FreeBSD machine (gateway, Firewall type open, divert sockets) | natd -interface xl0 -log -s -m | | xl0 - .1 | |------- 172.16.2.0/24 ---------------| my net | | e0 - .2 | cisco router (runs nat as well) | | ISDN (fix ip address) | Is it not possible to use nat 2 times ? Is it a problem with configuration ? When I disable routing on the FreeBSD gate with sysctl -w net.inet.ip.forwarding=1 my wife doesn't get any packets through. I would have expected, that at least natd takes care of forwarding packets ... These are the relevant parts of rc.conf: # network interface card configuration hostname="titan.klemm.gtn.com" network_interfaces="auto" # List of network interfaces (or "auto"). ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. ifconfig_xl0="inet 172.16.2.1 netmask 255.255.255.0" ifconfig_ed0="inet 172.16.1.1 netmask 255.255.255.0" # OSPF Routing defaultrouter="NO" router_enable="YES" router="/usr/local/sbin/zebractl" router_flags="start" # TCP/IP gateway_enable="YES" tcp_extensions="NO" # Set to YES to turn on RFC1323 extensions. # Security firewall_enable="YES" firewall_type="open" # NAT (Network Address Translation) natd_enable="YES" # Enable natd (if firewall_enable == YES). natd_program="/sbin/natd" # path to natd, if you want a different one. natd_flags="-log -s -m" # Additional flags for natd. natd_interface="xl0" # Public interface or IPaddress to use. # # Kernel Config File: TITAN # [...] options MROUTING # Multicast routing options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #print information about dropped packets options IPFIREWALL_FORWARD #enable xparent proxy support options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity options IPDIVERT #divert sockets options IPSTEALTH #support for stealth forwarding options ICMP_BANDLIM options DUMMYNET Cisco interface Ethernet0 description home backbone ip address 172.16.2.2 255.255.255.0 ip nat inside ! interface Dialer1 description ISP ip nat outside ! ! I use route map, since I have to use natd for multiple destinations ! ip nat inside source route-map dpn-map interface Dialer1 overload ip nat inside source route-map company-map interface Dialer2 overload ! access-list 1 permit 172.16.1.0 access-list 1 permit 172.16.2.0 ! route-map dpn-map permit 10 match ip address 1 match interface Dialer1 ! -- Andreas Klemm http://people.FreeBSD.ORG/~andreas http://www.freebsd.org/~fsmp/SMP/SMP.html powered by Symmetric MultiProcessor FreeBSD New APSFILTER 520 and songs from our band - http://people.freebsd.org/~andreas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Apr 5 1:52:10 2000 Delivered-To: freebsd-net@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 8E20737BC3D; Wed, 5 Apr 2000 01:52:08 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id BAA15452; Wed, 5 Apr 2000 01:52:08 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Wed, 5 Apr 2000 01:52:07 -0700 (PDT) From: Kris Kennaway To: Stan Brown Cc: FreeBSD Networking Subject: Re: I am being atacked! In-Reply-To: <200004042236.PAA02469@netcom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 4 Apr 2000, Stan Brown wrote: > Apr 4 02:58:21 koala portsentry[336]: attackalert: Connect from host: > c453341-a.pinol1.sfba.home.com/24.6.255.50 to UDP port: 161 > Apr 4 02:58:21 koala portsentry[336]: attackalert: Host 24.6.255.50 > has been blocked via wrappers with string: "ALL: 24.6.255.50" > Apr 4 02:58:21 koala portsentry[336]: attackalert: Host 24.6.255.50 > has been blocked via dropped route using command: "/sbin/route add > 24.6.255.50 333.444.555.666" This is just a run of the mill port scan for an SNMP server - if you're not running one you have nothing to worry about. If it bugs you that people are scanning your host for vulnerabilities then you need to talk to the admins of the originating server, in this case probably abuse@home.com would be a good place to start (provide as much information as you can including logs, of course). Unfortunately port scanning is a very common thing on the internet today - it's not directly a security risk, but it may show attackers where the possible vulnerabilities are on your system. Creating a "default to deny" packet filter with ipfw or ipfilter helps a lot here. For example, attackers can throw all the packets they want at my system and they won't get any information back except for connections on the SSH port, and certain other "honeypot" ports I have set up with fake but juicy-looking targets for them to try and exploit. On a related matter, I don't like the way portsentry responded to this probe. For one, it's not an "attack" in this case, just some door-rattling, and secondly, forcibly routing the apparent source host into /dev/null is the wrong thing to do: UDP packets are trivially spoofable, and so an actual attacker can easily prevent your machine from being able to communicate with any given host on the internet by spoofing an "attack" packet of the sort you logged above as if it came from that host. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Apr 5 6:19:39 2000 Delivered-To: freebsd-net@freebsd.org Received: from xmh01.scott.af.mil (vejxoislxmh01.scott.af.mil [140.175.214.28]) by hub.freebsd.org (Postfix) with ESMTP id 91BEF37B662 for ; Wed, 5 Apr 2000 06:19:36 -0700 (PDT) (envelope-from DARYL.CHANCE@SCOTT.AF.MIL) Received: from cornerback.scott.af.mil (cornerback.scott.af.mil [140.175.214.11]) by xmh01.scott.af.mil (8.9.3/8.9.3) with ESMTP id IAA29841 for ; Wed, 5 Apr 2000 08:23:35 -0500 Received: from cornerback.scott.af.mil (root@localhost) by cornerback.scott.af.mil with ESMTP id IAA07379 for ; Wed, 5 Apr 2000 08:19:34 -0500 (CDT) Received: from SMTP (vejxoisntav81.scott.af.mil [140.175.254.101]) by cornerback.scott.af.mil with SMTP id IAA07374 for ; Wed, 5 Apr 2000 08:19:34 -0500 (CDT) Received: from ksvejx02.SCOTT.AF.MIL ([140.175.192.102]) by 140.175.254.101 (Norton AntiVirus for Internet Email Gateways 1.0) ; Wed, 05 Apr 2000 13:19:32 0000 (GMT) Received: by ksvejx02.scott.af.mil with Internet Mail Service (5.5.2448.0) id ; Wed, 5 Apr 2000 08:19:34 -0500 Message-ID: From: Chance Daryl SrA AMC CSS/SAS To: "'FreeBSD Net'" Subject: Default firewall rules... Date: Wed, 5 Apr 2000 08:19:18 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I'm relatively new to FreeBSD and have started to explore into it and finally got around to compiling my own kernel. I have 2 windows machines atm that I use to access the 'net, via the FreeBSD box. Here's what I have running on the Gateway: apache w/ php mysql (client and server) named firewall this is all on a 56K dialup. anybody have any recommendations for default firewall rules? Currently the firewall defaults to open. Thanks, <---------------------------------------------------------------> <- SrA Daryl Chance - A programmer is someone who solves a -> <- USAF AMC CSS/SASR - problem you didn't know you had in a -> <- RAD Programmer - way you don't understand. -> <- (618) 256-5225 - - ????? -> <---------------------------------------------------------------> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Apr 5 6:28:54 2000 Delivered-To: freebsd-net@freebsd.org Received: from rerun.lucentctc.com (rerun.lucentctc.com [199.93.237.2]) by hub.freebsd.org (Postfix) with ESMTP id AEA6337B69F for ; Wed, 5 Apr 2000 06:28:49 -0700 (PDT) (envelope-from mcambria@lucent.com) Received: by rerun.lucentctc.com with Internet Mail Service (5.5.2448.0) id ; Wed, 5 Apr 2000 09:28:36 -0400 Message-ID: <75ADD7496F0BD211ADC000104B8846CF012CED4C@rerun.lucentctc.com> From: "Cambria, Mike" To: 'Marco Molteni' , freebsd-net@FreeBSD.ORG Subject: RE: MPLS (Multiprotocol Label Switching) on FreeBSD? Date: Wed, 5 Apr 2000 09:28:36 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Look at NIST http://www.antd.nist.gov/itg/nistswitch/ for MPLS on FreeBSD. Their page claims to have version 0.1 of MPLS on FreeBSD. Good luck, MikeC Michael C. Cambria Lucent Technologies Member of Technical Staff Bell Labs Innovations Voice: (978) 287 - 2807 300 Baker Avenue Fax: (978) 287 - 2810 Concord, Massachusetts 01742 Internet: mcambria@lucent.com -----Original Message----- From: Marco Molteni [mailto:molter@sofia.csl.sri.com] Sent: Tuesday, April 04, 2000 10:09 PM To: freebsd-net@FreeBSD.ORG Subject: MPLS (Multiprotocol Label Switching) on FreeBSD? Hi all, I wanted to learn how to do kernel programming and so I thought of implementing a cooperative routing lookup technique, for example a very simplified version of MPLS (Multiprotocol Label Switching, see [1]), or Cisco's tag switching (see [2]). As always in these cases, it turned out that it is more difficult than it seemed :-) So I wanted to know if someone has worked on this stuff on a FreeBSD box or is interested in doing some experiments together. If you are wondering what is a cooperative routing lookup technique, here is a simplified introduction: Normally routers forward IP packets based on the destination IP address, looking up the interface to use in the kernel routing table. The routing table, at least in BSD kernels, is similar to a Patricia trie (which is a special binary tree). The lookup starts at the head of the trie and walks the trie until it finds a leaf that matches. If no match is found, we go up one level and try again, eventually backtracking till the head, which normally should contain the default route. With cooperative routing lookup, the previous-hop router "knows" the structure of my tree, and gives me an "hint" (an integer) that I can use to jump directly to a small subtree that should contain the routing entry I need. Then I will give a similar hint to the next-hop router. All this should allow a router to forward a lot more packets per unit of time, because it needs fewer accesses to the routing tree to find a match. [1] http://search.ietf.org/internet-drafts/draft-ietf-mpls-arch-06.txt [2] RFC 2105 Thanks Marco To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Apr 5 12:34:56 2000 Delivered-To: freebsd-net@freebsd.org Received: from ausmail2.austin.ibm.com (ausmail2.austin.ibm.com [192.35.232.11]) by hub.freebsd.org (Postfix) with ESMTP id 6911F37BB76 for ; Wed, 5 Apr 2000 12:34:43 -0700 (PDT) (envelope-from venkats@austin.ibm.com) Received: from netmail1.austin.ibm.com (netmail1.austin.ibm.com [9.53.250.96]) by ausmail2.austin.ibm.com (8.9.1/8.8.5) with ESMTP id OAA23306 for ; Wed, 5 Apr 2000 14:32:12 -0500 Received: from austin.ibm.com (ambika.austin.ibm.com [9.53.150.77]) by netmail1.austin.ibm.com (8.8.5/8.8.5) with ESMTP id OAA09362; Wed, 5 Apr 2000 14:34:38 -0500 Message-ID: <38EB954E.80EBB6FE@austin.ibm.com> Date: Wed, 05 Apr 2000 14:34:38 -0500 From: venkat venkatsubra Organization: IBM X-Mailer: Mozilla 4.61 [en] (X11; U; AIX 4.3) X-Accept-Language: en MIME-Version: 1.0 To: jayanth Cc: net@FreeBSD.ORG Subject: Re: Simultaneous close .... References: <20000404095017.B15820@yahoo-inc.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jayanth, This case is discussed in Wright & Stevens Vol.2 of TCP/IP Illustrated - Excercise 29.5. The suggested fix in the book is to remove the TH_FIN flag in tcp_outflags[] for the tcp CLOSING state. Because, the problem here was the retransmission of the FINs from both ends after receiving the other end's FIN. Venkat jayanth wrote: > I was testing b/w two 4.0 boxes and saw the following scenario. > > Server side > ----------- > 10:14:41.260613 server.7000 > client.1136: P 1:101(100) ack 32001 win 65535 (DF) > 10:14:41.260709 server.7000 > client.1136: F 101:101(0) ack 32001 win 65535 (DF) > 10:14:41.652936 client.1136 > server.7000: F 32001:32001(0) ack 101 win 17520 (D > F) > 10:14:41.653075 server.7000 > client.1136: F 101:101(0) ack 32002 win 65535 (DF) > 10:14:41.659388 client.1136 > server.7000: F 32001:32001(0) ack 102 win 17520 (D > F) > 10:14:41.659485 server.7000 > client.1136: . ack 32002 win 65535 (DF) > 10:14:41.989824 client.1136 > server.7000: . ack 102 win 17520 (DF) > > Client side > ----------- > 18:10:18.484731 server.7000 > client.1136: P 1:101(100) ack 32001 win 65535 (DF > ) > 18:10:18.485193 client.1136 > server.7000: F 32001:32001(0) ack 101 win 17520 (D > F) > 18:10:18.490679 server.7000 > client.1136: F 101:101(0) ack 32001 win 65535 (DF) > 18:10:18.490726 client.1136 > server.7000: F 32001:32001(0) ack 102 win 17520 (D > F) > 18:10:18.818621 server.7000 > client.1136: F 101:101(0) ack 32002 win 65535 (DF) > 18:10:18.818626 server.7000 > client.1136: . ack 32002 win 65535 (DF) > 18:10:18.818663 client.1136 > server.7000: . ack 102 win 17520 (DF) > > If I remember right the last two ACKS are not necessary during > simultaneous close? > > jayanth > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Apr 6 14:57: 9 2000 Delivered-To: freebsd-net@freebsd.org Received: from bubba.whistle.com (bubba.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id D3CC137B515 for ; Thu, 6 Apr 2000 14:57:03 -0700 (PDT) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.3/8.9.2) id OAA76934; Thu, 6 Apr 2000 14:56:26 -0700 (PDT) From: Archie Cobbs Message-Id: <200004062156.OAA76934@bubba.whistle.com> Subject: Re: kernel vs user level implementation of NAT In-Reply-To: <006401bf9d35$37bddb00$0e05a8c0@intranet.syncrontech.com> from Ari Suutari at "Apr 3, 2000 09:24:02 am" To: ari@suutari.iki.fi (Ari Suutari) Date: Thu, 6 Apr 2000 14:56:26 -0700 (PDT) Cc: adsharma@sharmas.dhs.org (Arun Sharma), freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ari Suutari writes: > > Can someone point me to some discussion or literature on why *BSDs chose > > to implement natd as a daemon as opposed to a kernel service ? I'm > > particularly interested in the performance (latency) aspects of the issue. > > > > The history goes something like this: > > Some years ago I had a cable modem connection at home. I had > internal network with some hosts and a FreeBSD server machine > (running 2.x if I remember correctly). I was looking for solutions how > to get my internal machines to access internet with similar > manner as ip masquerading in Linux (Couldn't use Linux, I'v > always been fond of *BSD). > > Well, I found that Darren Reed's ipfilter didn't work with 2.x so > that was out. Porting of it looked like too much effort at that time. > > Then I found out from somewhere that user mode ppp had > nat features and took a look at it. Surprisingly all the functions > necessary to do it were packaged to a few source files > which I took into natd. These sources were written by Charles > Mott and eventually ended into libalias library. > > There was also another similar program in the beginning, > Brian Somer's masqd. I don't remeber any more why I decided > to go along with natd - maybe both were at very early stage of > development > and I just had more time to play with natd. Anyway, Brian also > contributed to natd. > > What I found good about doing this in user process was the > ease of debugging and testing of new versions. Some even earlier history.. Whistle started working on NAT way back in 1995 for the InterJet. We needed an easy way to develop the code, so we invented divert(4) sockets, which make it easy to do NAT in userland. Our product was I/O limited rather than CPU limited so performance was not an issue. We wrote our own proprietary NAT daemon but 'natd' appeared shortly after divert sockets were added anyway (as we figured it would). -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Apr 7 6:33:11 2000 Delivered-To: freebsd-net@freebsd.org Received: from em.njupt.edu.cn (dns.njupt.edu.cn [202.119.230.8]) by hub.freebsd.org (Postfix) with ESMTP id E802137BE96 for ; Fri, 7 Apr 2000 06:32:51 -0700 (PDT) (envelope-from b964529@njupt.edu.cn) Received: from lgz ([10.10.205.243]) by em.njupt.edu.cn (Post.Office MTA v3.5.3 release 223 ID# 0-60998U8000L20S100V35) with SMTP id cn for ; Fri, 7 Apr 2000 21:31:55 +0800 Message-ID: <000801bf8839$a6eb11c0$0fa8a8c0@echo> From: "Boby.qi" To: Subject: do you have NE2000? Date: Tue, 7 Mar 2000 21:32:57 +0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01BF887C.B467FFA0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0005_01BF887C.B467FFA0 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 RG8geW91IGhhdmUgdGhlIGRyaXZlcnMgb2YgdGhlIElTQSBuZXR3b3JrY2FyZD8NCml0YHMgTkUy MDAwLg0KSWYgeW91IGhhdmUgLHRoZW4gc2VuZCBpdCB0byBteSBlbWFpbCBib3guDQpscF9oeUB5 YWhvby5jb20uY24NCnRoYW5rcyENCg== ------=_NextPart_000_0005_01BF887C.B467FFA0 Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: base64 PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PWdi MjMxMiIgaHR0cC1lcXVpdj1Db250ZW50LVR5cGU+DQo8TUVUQSBjb250ZW50PSJNU0hUTUwgNS4w MC4yMzE0LjEwMDAiIG5hbWU9R0VORVJBVE9SPg0KPFNUWUxFPjwvU1RZTEU+DQo8L0hFQUQ+DQo8 Qk9EWSBiZ0NvbG9yPSNmZmZmZmY+DQo8RElWPjxGT05UIHNpemU9Mj5EbyB5b3UgaGF2ZSB0aGUg ZHJpdmVycyBvZiB0aGUgSVNBIG5ldHdvcmtjYXJkPzwvRk9OVD48L0RJVj4NCjxESVY+PEZPTlQg c2l6ZT0yPml0YHMgTkUyMDAwLjwvRk9OVD48L0RJVj4NCjxESVY+PEZPTlQgc2l6ZT0yPklmIHlv dSBoYXZlICx0aGVuIHNlbmQgaXQgdG8gbXkgZW1haWwgYm94LjwvRk9OVD48L0RJVj4NCjxESVY+ PEZPTlQgc2l6ZT0yPjxBIA0KaHJlZj0ibWFpbHRvOmxwX2h5QHlhaG9vLmNvbS5jbiI+bHBfaHlA eWFob28uY29tLmNuPC9BPjwvRk9OVD48L0RJVj4NCjxESVY+PEZPTlQgc2l6ZT0yPnRoYW5rcyE8 L0ZPTlQ+PC9ESVY+PC9CT0RZPjwvSFRNTD4NCg== ------=_NextPart_000_0005_01BF887C.B467FFA0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Apr 7 11:11:14 2000 Delivered-To: freebsd-net@freebsd.org Received: from Proxy.wertep.com (relay2.wertep.com [194.44.90.130]) by hub.freebsd.org (Postfix) with ESMTP id 35A7837BE3B for ; Fri, 7 Apr 2000 11:11:09 -0700 (PDT) (envelope-from petro@She.wertep.com) Received: from She.wertep.com (she-tun-proxy [192.168.252.2]) by Proxy.wertep.com (8.9.3/8.9.3) with ESMTP id VAA09934 for ; Fri, 7 Apr 2000 21:11:04 +0300 (EEST) (envelope-from petro@She.wertep.com) Received: from localhost (petro@localhost) by She.wertep.com (8.9.3/8.9.3) with ESMTP id VAA82569 for ; Fri, 7 Apr 2000 21:11:45 +0300 (EEST) (envelope-from petro@She.wertep.com) Date: Fri, 7 Apr 2000 21:11:43 +0300 (EEST) From: petro To: freebsd-net@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org My name is Pelekh Petro. I am the second year student.I am from Ukraine. I would like to ask where I can read about installing modems on the server (all about using,configuration,filters in ppp configuration) with examples. Thanks in advance! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Apr 7 19: 3:56 2000 Delivered-To: freebsd-net@freebsd.org Received: from mailrelay.ywcn.or.id (ip51-globalinfo.indosat.net.id [202.155.5.51]) by hub.freebsd.org (Postfix) with SMTP id 63A3737BC29 for ; Fri, 7 Apr 2000 19:02:45 -0700 (PDT) (envelope-from naim@mlg.globalinfo.net) Received: (qmail 92804 invoked by uid 502); 9 Apr 2000 01:57:22 -0000 Received: from pop.mlg.globalinfo.net (167.205.168.135) by 167.205.169.9 with SMTP; 9 Apr 2000 01:57:22 -0000 Date: Sat, 8 Apr 2000 09:07:10 PDT Message-Id: <200004080907.AA1507604@pop.mlg.globalinfo.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii From: "naim" Reply-To: X-Sender: To: freebsd-net@freebsd.org Subject: test X-Mailer: Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org test ... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Apr 7 19:41: 5 2000 Delivered-To: freebsd-net@freebsd.org Received: from mail.rdc1.sfba.home.com (ha1.rdc1.sfba.home.com [24.0.0.66]) by hub.freebsd.org (Postfix) with ESMTP id 155A137BB2B for ; Fri, 7 Apr 2000 19:41:03 -0700 (PDT) (envelope-from boshea@ricochet.net) Received: from beastie.localdomain ([24.19.158.41]) by mail.rdc1.sfba.home.com (InterMail v4.01.01.00 201-229-111) with ESMTP id <20000408024102.YOUQ27789.mail.rdc1.sfba.home.com@beastie.localdomain> for ; Fri, 7 Apr 2000 19:41:02 -0700 Received: (from brian@localhost) by beastie.localdomain (8.9.3/8.8.7) id TAA47523 for freebsd-net@freebsd.org; Fri, 7 Apr 2000 19:50:32 -0700 (PDT) (envelope-from brian) Date: Fri, 7 Apr 2000 19:50:32 -0700 From: "Brian O'Shea" To: freebsd-net@freebsd.org Subject: Linking OpenSSH against libsocks5 Message-ID: <20000407195032.C330@beastie.localdomain> Mail-Followup-To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, I am using FreeBSD 4.0-RELEASE. OpenSSH has been integrated into the base system in 4.0, and I am attempting to use it in place of the ssh port. My question is, what is the "proper" way to link OpenSSH against libsocks5 (from the socks5 port in /usr/ports/net/socks5)? It is a configure script option in the ssh port (/usr/ports/security/ssh), which is convenient. However, I can't find a similarly clean way to do this in the OpenSSH build procedure. Thanks, -brian -- Brian O'Shea boshea@ricochet.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Apr 7 20:10:58 2000 Delivered-To: freebsd-net@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 2CE3337B9AC; Fri, 7 Apr 2000 20:10:49 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id UAA26390; Fri, 7 Apr 2000 20:10:49 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Fri, 7 Apr 2000 20:10:48 -0700 (PDT) From: Kris Kennaway To: "Brian O'Shea" Cc: freebsd-net@freebsd.org Subject: Re: Linking OpenSSH against libsocks5 In-Reply-To: <20000407195032.C330@beastie.localdomain> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Warner Losh (imp@freebsd.org) submitted patches to -current a month or so ago which did this..when I get the time to look at them again I'll commit them. Kris On Fri, 7 Apr 2000, Brian O'Shea wrote: > Hello, > > I am using FreeBSD 4.0-RELEASE. OpenSSH has been integrated into > the base system in 4.0, and I am attempting to use it in place of > the ssh port. > > My question is, what is the "proper" way to link OpenSSH against > libsocks5 (from the socks5 port in /usr/ports/net/socks5)? It is > a configure script option in the ssh port (/usr/ports/security/ssh), > which is convenient. However, I can't find a similarly clean way > to do this in the OpenSSH build procedure. > > Thanks, > -brian > > -- > Brian O'Shea > boshea@ricochet.net > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Apr 8 9:50:11 2000 Delivered-To: freebsd-net@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id B854737BB77 for ; Sat, 8 Apr 2000 09:50:05 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id MAA01608; Sat, 8 Apr 2000 12:50:01 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Sat, 8 Apr 2000 12:50:00 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: thierry.herbelot@alcatel.fr Cc: net@freebsd.org Subject: Re: [long] test report for 4.0 and dc(4) In-Reply-To: <38D786E0.15EC21BC@telspace.alcatel.fr> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi there -- I've been doing some performance tests using if_dc with the kernel-based bridging in 4.0-RELEASE of FreeBSD. I was able to bridge at a rate of 55+Mbps, and source/sink without bridging at over 70Mbps on relatively old and slow Pentiums. This is with half-duplex hubs, so in the same collision domain for ACKs and so on. That said, I heard a report from a coworker that he was observing the following: he was using IPDIVERT to create a packet stream at the fastest rate possible (while(1) sendmsg();) and noticed that when a collision occurred on the ethernet segment, he would get a stream of buffer size errors from sendmsg, and no traffic would be sent out on the interface for about a second following the collision. He suggested this was a result of the interface reseting and dropping its queue following a collision, I have not had the opportunity to do any further testing--we switched to using the Intel-based PCI ethernet cards for further work for other reasons. If anyone else has seen this, we should take a look and see if it's an issue with our driver, or a function of the cards backoff mechanism. Without further testing, I'm reluctant to claim there is a problem, but figured I'd pass this on and see if anyone else had seen it. On Tue, 21 Mar 2000, Thierry Herbelot wrote: > Hello, > > I have a "SmartBits" test equipment on lease and I've played a little > with it and a Compaq PC with a 4-port 100Mbit NIC (DLINK DFE-570) > > The result is quite interesting : I've been able to route 4 full duplex > 50 Mbps flows with large frames (1500 bytes) with a negligible trafic > loss (see enclosed test_600x4.csv - comma-separated values) > > The first test bombed (this was with the GENERIC kernel), but everything > went fine with an "adapted" kernel config. > > the second test was a bit more difficult : the SmartBits was only > sending one flow of small Ethernet frames (64 bytes) at up to 36 Mbps > for the Compaq to route them from one port to another (the IP addresses > were fixed and the same for all frames) > > In this test, there is an interesting pattern : > - for less than 28 Mbps, the packet loss is acceptable (12 out of 386892 > for example), > - for 28,30 and 32 Mbps, the packet loss is very high (up to 80 % loss, > for example) > - for 34 and 36, the loss is back to normal (16 packets lost over 25 > secs) > (full results in test_25Mx64x1.csv, enclosed) > > when routing high numbers of small frames, the interrupt processing time > ends up taking all available ressource (according to systat -vmstat 1) > > All of the tests have been run without any "ipfw" processing. > > In fact, my test was to know wether a "normal" PC could do > some traffic shaping on a full 100 Mbps link. It seems the > answer is "maybe", but not with a standard PC (let's go > to PCI 64bits - 66MHz and a fast FSB ?) > > TfH > > here is the dmesg : > Copyright (c) 1992-2000 The FreeBSD Project. > Copyright (c) 1982, 1986, 1989, 1991, 1993 > The Regents of the University of California. All rights > reserved. > FreeBSD 4.0-20000314-CURRENT #0: Mon Mar 20 18:22:33 CET 2000 > > herbelot@pc-bsd28.val9900.telspace.alcatel.fr:/usr/src/sys/compile/P6-dc > Timecounter "i8254" frequency 1193182 Hz > Timecounter "TSC" frequency 448054389 Hz > CPU: Pentium III/Pentium III Xeon (448.05-MHz 686-class CPU) > Origin = "GenuineIntel" Id = 0x673 Stepping = 3 > > Features=0x383f9ff T,PSE36,MMX,FXSR,XMM> > real memory = 67108864 (65536K bytes) > config> q > avail memory = 62193664 (60736K bytes) > Preloaded elf kernel "kernel" at 0xc02bd000. > Preloaded userconfig_script "/boot/kernel.conf" at 0xc02bd09c. > Pentium Pro MTRR support enabled > md0: Malloc disk > npx0: on motherboard > npx0: INT 16 interface > pcib0: on motherboard > pci0: on pcib0 > pcib1: at device 1.0 on > pci0 > pci0: on pcib0 > pcib1: at device 1.0 on > pci0 > pci1: on pcib1 > pci1: at 0.0 irq 11 > xl0: <3Com 3c900B-TPO Etherlink XL> port 0x2000-0x207f mem > 0x42000000-0x4200007f > irq 11 at device 14.0 on pci0 > xl0: Ethernet address: 00:50:04:3f:09:0b > xl0: selecting 10baseT transceiver, half duplex > pcib2: at device 15.0 on pci0 > pci2: on pcib2 > dc0: port 0x1000-0x107f mem > 0x40000000-0x400003ff irq > 11 at device 4.0 on pci2 > dc0: Ethernet address: 00:80:c8:c9:88:bc > miibus0: on dc0 > ukphy0: on miibus0 > ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto > ... other dc ports > isab0: at device 20.0 on pci0 > isa0: on isab0 > atapci0: port 0x20a0-0x20af at device > 20.1 on pci > 0 > ata0: at 0x1f0 irq 14 on atapci0 > ata1: at 0x170 irq 15 on atapci0 > pci0: at 20.2 irq 11 > chip1: port 0xfc00-0xfc0f at > device > 20.3 on pci0 > > fdc0: at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on > isa0 > fdc0: FIFO enabled, 8 bytes threshold > fd0: <1440-KB 3.5" drive> on fdc0 drive 0 > atkbdc0: at port 0x60-0x6f on isa0 > atkbd0: irq 1 on atkbdc0 > psm0: irq 12 on atkbdc0 > psm0: model Generic PS/2 mouse, device ID 0 > vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on > isa0 > sc0: on isa0 > sc0: VGA <16 virtual consoles, flags=0x200> > sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 > sio0: type 16550A > sio1 at port 0x2f8-0x2ff irq 3 on isa0 > sio1: type 16550A > ppc0: at port 0x378-0x37f irq 7 on isa0 > ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode > ppc0: FIFO with 16/16/8 bytes threshold > ppi0: on ppbus0 > lpt0: on ppbus0 > lpt0: Interrupt-driven port > plip0: on ppbus0 > ata1-slave: ata_command: timeout waiting for intr > ata1-slave: identify failed > ad0: 6149MB [13328/15/63] at ata0-master using UDMA33 > acd0: CDROM at ata1-master using PIO4 > Mounting root from ufs:/dev/ad0s2a > dc1: TX underrun -- increasing TX threshold > dc0: TX underrun -- increasing TX threshold > dc2: TX underrun -- increasing TX threshold > dc3: TX underrun -- increasing TX threshold > dc2: TX underrun -- increasing TX threshold > dc3: TX underrun -- increasing TX threshold > dc0: TX underrun -- increasing TX threshold > dc1: TX underrun -- increasing TX threshold > > -- > Thierry Herbelot > (+33) 1 46 52 47 23 Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message