From owner-freebsd-net Sun Jan 27 1: 7:49 2002 Delivered-To: freebsd-net@freebsd.org Received: from mailout09.sul.t-online.com (mailout09.sul.t-online.com [194.25.134.84]) by hub.freebsd.org (Postfix) with ESMTP id 50B7437B402 for ; Sun, 27 Jan 2002 01:07:47 -0800 (PST) Received: from fwd03.sul.t-online.de by mailout09.sul.t-online.com with smtp id 16UlHr-0007PF-04; Sun, 27 Jan 2002 10:07:43 +0100 Received: from idefix.local (320080844193-0001@[62.225.210.200]) by fmrl03.sul.t-online.com with smtp id 16UlHr-1FpfH6C; Sun, 27 Jan 2002 10:07:43 +0100 Received: (nullmailer pid 319 invoked by uid 1000); Sun, 27 Jan 2002 09:07:46 -0000 Date: Sun, 27 Jan 2002 10:07:46 +0100 From: Clemens Hermann To: "Rogier R. Mulhuijzen" Cc: BSD NET-List Subject: Re: natd restart Message-ID: <20020127100745.A267@idefix.local> Mail-Followup-To: Clemens Hermann , "Rogier R. Mulhuijzen" , BSD NET-List References: <20020126234617.C267@idefix.local> <5.1.0.14.0.20020127002514.01d56978@mail.drwilco.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <5.1.0.14.0.20020127002514.01d56978@mail.drwilco.net> von Rogier R. Mulhuijzen am 27.Jan.2002 um 00:41:23 (+0100) X-Mailer: Mutt 1.2.5.1i (FreeBSD 4.4-RELEASE i386) X-Sender: 320080844193-0001@t-dialin.net Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Am 27.01.2002 um 00:41:23 schrieb Rogier R. Mulhuijzen: Hi Roger, > What sort of changes are you talking about here? Maybe there's a different > way of going about it. I want to move an existing network from 91.0.0.0/8 to 172.16.0.0/16. Furthermore name resolution changes from wins to dns and dhcp is no longer used. The whole story has to take place during normal operation and I can not enter a gateway on any machine. It will take ~2 weeks and there are ~100 computers. I thought of using FreeBSD/ipfw/natd and two nics. One nic is in the 91.0.0.0 and the other in 172.16.0.0. Whenever a computer moves from 91.0.0.0 to 172.16.0.0 I define his old IP as alias on the freebsd-box. Natd forwards packets to the new IP. In the same way I define any IP of not-yet changed computers as alias on the 172.16.0.0 nic of the FreeBSD box. Name-Resolution should not become a problem because in the "old" net, wins stays active and in the "new" net I setup the dns. So I must add/delete/change natd rules frequently. I did never do such a thing before and I did not find any information how it could be done. If there are any books/webpages/whatever which cover the issue I would be glad to know. tia /ch -- "Contrary to popular belief, Unix is user friendly. It just happens to be selective about who it makes friends with." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Jan 27 1:26:32 2002 Delivered-To: freebsd-net@freebsd.org Received: from mailout06.sul.t-online.com (mailout06.sul.t-online.com [194.25.134.19]) by hub.freebsd.org (Postfix) with ESMTP id 9F9E737B404 for ; Sun, 27 Jan 2002 01:26:30 -0800 (PST) Received: from fwd06.sul.t-online.de by mailout06.sul.t-online.com with smtp id 16UlSm-00088g-04; Sun, 27 Jan 2002 10:19:00 +0100 Received: from idefix.local (320080844193-0001@[62.225.210.200]) by fmrl06.sul.t-online.com with smtp id 16UlSd-1OTse0C; Sun, 27 Jan 2002 10:18:51 +0100 Received: (nullmailer pid 336 invoked by uid 1000); Sun, 27 Jan 2002 09:18:54 -0000 Date: Sun, 27 Jan 2002 10:18:54 +0100 From: Clemens Hermann To: Matthew Emmerton Cc: Nick Rogness , BSD NET-List Subject: Re: natd restart Message-ID: <20020127101854.B267@idefix.local> Mail-Followup-To: Clemens Hermann , Matthew Emmerton , Nick Rogness , BSD NET-List References: <003c01c1a701$da5209e0$1200a8c0@gsicomp.on.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <003c01c1a701$da5209e0$1200a8c0@gsicomp.on.ca> von Matthew Emmerton am 27.Jan.2002 um 02:11:30 (-0500) X-Mailer: Mutt 1.2.5.1i (FreeBSD 4.4-RELEASE i386) X-Sender: 320080844193-0001@t-dialin.net Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Am 27.01.2002 um 02:11:30 schrieb Matthew Emmerton: Hi Matt, > Here's the patch that I wrote some time ago. thanks a lot! Did you send-pr the patch? It seems quite necessary to be added. greetz /ch -- "Contrary to popular belief, Unix is user friendly. It just happens to be selective about who it makes friends with." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Jan 27 1:31:23 2002 Delivered-To: freebsd-net@freebsd.org Received: from sauber.net (adsl-66-120-9-102.dsl.sntc01.pacbell.net [66.120.9.102]) by hub.freebsd.org (Postfix) with ESMTP id CF00137B417 for ; Sun, 27 Jan 2002 01:31:21 -0800 (PST) Received: from ctj-139.1.1.10.in-addr.arpa (blue-edge125 [210.81.148.125]) by sauber.net (8.11.3/8.11.3) with ESMTP id g0R9VKO35981 for ; Sun, 27 Jan 2002 01:31:20 -0800 (PST) (envelope-from sauber@netcom.com) Date: Sun, 27 Jan 2002 18:31:05 +0900 (JST) From: Soren Dossing X-X-Sender: To: Subject: ipsec, racoon, win2000, certifications, how-to? Message-ID: <20020127182146.M18351-100000@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have posted a similar question a few days ago on freebsd-questions already but with no luck. I'm attempting to configure road-warrior win2000 laptops to access a ipsec server at the office. Since these win2000 laptops are dynamically assigned ip addresses, sometimes even behind nat, it seems like using certifications is the only possible option. But I can find very little documentation of how to do it. Does any of you know where to find documentation for how to create certifications, where to place them, how to use them, and how to configure ipsec, racoon and win2000 computers? I have attempted to use pre_shared keys, but it appear like they can only be used with fixed IP addresses in the psk.txt file. Or am I wrong? Soren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Jan 27 6:32:15 2002 Delivered-To: freebsd-net@freebsd.org Received: from daydreamer.dk (213.237.14.128.adsl.ho.worldonline.dk [213.237.14.128]) by hub.freebsd.org (Postfix) with SMTP id 00EC237B419 for ; Sun, 27 Jan 2002 06:32:11 -0800 (PST) Received: (qmail 8135 invoked from network); 27 Jan 2002 14:31:51 -0000 Received: from unknown (HELO dpws) (192.168.1.3) by 0 with SMTP; 27 Jan 2002 14:31:51 -0000 Message-ID: <006801c1a73f$ca34f110$0301a8c0@dpws> From: "Dennis Pedersen" To: References: <20020127182146.M18351-100000@localhost> Subject: Re: ipsec, racoon, win2000, certifications, how-to? Date: Sun, 27 Jan 2002 15:34:55 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Soren Dossing" To: Sent: Sunday, January 27, 2002 10:31 AM Subject: ipsec, racoon, win2000, certifications, how-to? > I have posted a similar question a few days ago on freebsd-questions > already but with no luck. > > I'm attempting to configure road-warrior win2000 laptops to access a ipsec > server at the office. Since these win2000 laptops are dynamically assigned > ip addresses, sometimes even behind nat, it seems like using > certifications is the only possible option. But I can find very little > documentation of how to do it. > > Does any of you know where to find documentation for how to create > certifications, where to place them, how to use them, and how to configure > ipsec, racoon and win2000 computers? > > I have attempted to use pre_shared keys, but it appear like they can only > be used with fixed IP addresses in the psk.txt file. Or am I wrong? Uhm, you can also use a email add and a password something@domain.com thekeything There are a bit about certificates in a kame newsletter, try looking on the site :) How did you solve the setkey setup if the ip adress is dynamic, do you have an example? /Dennis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Jan 27 6:55: 8 2002 Delivered-To: freebsd-net@freebsd.org Received: from tomts8-srv.bellnexxia.net (tomts8.bellnexxia.net [209.226.175.52]) by hub.freebsd.org (Postfix) with ESMTP id 51AC737B404 for ; Sun, 27 Jan 2002 06:55:06 -0800 (PST) Received: from xena.gsicomp.on.ca ([199.243.128.21]) by tomts8-srv.bellnexxia.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with ESMTP id <20020127145505.PDPQ16860.tomts8-srv.bellnexxia.net@xena.gsicomp.on.ca>; Sun, 27 Jan 2002 09:55:05 -0500 Received: from hermes (hermes.gsicomp.on.ca [192.168.0.18]) by xena.gsicomp.on.ca (8.11.1/8.11.1) with SMTP id g0REj4X40336; Sun, 27 Jan 2002 09:45:04 -0500 (EST) (envelope-from matt@gsicomp.on.ca) Message-ID: <00b501c1a742$9a89d950$1200a8c0@gsicomp.on.ca> From: "Matthew Emmerton" To: "Clemens Hermann" Cc: "BSD NET-List" References: <003c01c1a701$da5209e0$1200a8c0@gsicomp.on.ca> <20020127101854.B267@idefix.local> Subject: Re: natd restart Date: Sun, 27 Jan 2002 09:55:03 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Am 27.01.2002 um 02:11:30 schrieb Matthew Emmerton: > > Hi Matt, > > > Here's the patch that I wrote some time ago. > > thanks a lot! > Did you send-pr the patch? It seems quite necessary to be added. Not yet. One of the things that I don't like about this patch is that old rules still stay around (re-reading the configuration will only modify existing rules and add new rules.) I'm also taking a lot of flak on my side of the fence since NAT runs as a userland process, so every packet gets copied between the kernel and userland twice (once on the way in, once on the way out.) Apparently Linux doesn't do this. I'm looking at making natd into a kernel option ("options IPNAT") and using a combination of sysctls and a front-end program to manage how nat operates, much like "options IPFIREWALL" and ipfw works today. This (in my mind) should greatly enhance the throughput of FreeBSD's NAT and keep those Linux people from bashing us (or me, at least.) -- Matt Emmerton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Jan 27 6:59:18 2002 Delivered-To: freebsd-net@freebsd.org Received: from tomts19-srv.bellnexxia.net (tomts19.bellnexxia.net [209.226.175.73]) by hub.freebsd.org (Postfix) with ESMTP id F3D6F37B400 for ; Sun, 27 Jan 2002 06:59:15 -0800 (PST) Received: from xena.gsicomp.on.ca ([199.243.128.21]) by tomts19-srv.bellnexxia.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with ESMTP id <20020127145915.TOEL10563.tomts19-srv.bellnexxia.net@xena.gsicomp.on.ca>; Sun, 27 Jan 2002 09:59:15 -0500 Received: from hermes (hermes.gsicomp.on.ca [192.168.0.18]) by xena.gsicomp.on.ca (8.11.1/8.11.1) with SMTP id g0REnEX40347; Sun, 27 Jan 2002 09:49:14 -0500 (EST) (envelope-from matt@gsicomp.on.ca) Message-ID: <00c401c1a743$2f8f9170$1200a8c0@gsicomp.on.ca> From: "Matthew Emmerton" To: "Clemens Hermann" Cc: "BSD NET-List" References: <20020126234617.C267@idefix.local> <5.1.0.14.0.20020127002514.01d56978@mail.drwilco.net> <20020127100745.A267@idefix.local> Subject: Re: natd restart Date: Sun, 27 Jan 2002 09:59:14 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Am 27.01.2002 um 00:41:23 schrieb Rogier R. Mulhuijzen: > > Hi Roger, > > > What sort of changes are you talking about here? Maybe there's a different > > way of going about it. > > I want to move an existing network from 91.0.0.0/8 to 172.16.0.0/16. > Furthermore name resolution changes from wins to dns and dhcp is no longer > used. > The whole story has to take place during normal operation and I can not > enter a gateway on any machine. > It will take ~2 weeks and there are ~100 computers. Why not just add an IP alias for the "new" network on each machine? Each system will respond to packets directed to either network, but without the complexity of a NAT box in the middle. Once you've got everything switched, then you can remove the original IP addresses. I've used this method in the past to transition LANs between IP ranges and it works absolutely fine. -- Matt Emmerton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Jan 27 7:41:30 2002 Delivered-To: freebsd-net@freebsd.org Received: from artemis.drwilco.net (diana.drwilco.net [66.48.127.79]) by hub.freebsd.org (Postfix) with ESMTP id EB0A337B400 for ; Sun, 27 Jan 2002 07:41:22 -0800 (PST) Received: from ceres.drwilco.net (docwilco.xs4all.nl [213.84.68.230]) by artemis.drwilco.net (8.11.6/8.11.6) with ESMTP id g0RFfGw67547 (using TLSv1/SSLv3 with cipher DES-CBC3-SHA (168 bits) verified NO); Sun, 27 Jan 2002 10:41:18 -0500 (EST) (envelope-from drwilco@drwilco.net) Message-Id: <5.1.0.14.0.20020127163105.01e35eb0@mail.drwilco.net> X-Sender: lists@mail.drwilco.net X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sun, 27 Jan 2002 16:50:48 +0100 To: "Matthew Emmerton" From: "Rogier R. Mulhuijzen" Subject: Re: natd restart Cc: "BSD NET-List" In-Reply-To: <00b501c1a742$9a89d950$1200a8c0@gsicomp.on.ca> References: <003c01c1a701$da5209e0$1200a8c0@gsicomp.on.ca> <20020127101854.B267@idefix.local> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org (order of quoted mail slightly altered) >I'm looking at making natd into a kernel option ("options IPNAT") and using >a combination of sysctls and a front-end program to manage how nat operates, >much like "options IPFIREWALL" and ipfw works today. I've been kicking around the idea of making it a netgraph node. And I know several other people have too. >Not yet. One of the things that I don't like about this patch is that old >rules still stay around (re-reading the configuration will only modify >existing rules and add new rules.) I'm also taking a lot of flak on my side >of the fence since NAT runs as a userland process, so every packet gets >copied between the kernel and userland twice (once on the way in, once on >the way out.) Apparently Linux doesn't do this. libalias is very nice, natd to me has a hackey feeling to it. Try setting up a firewall that nats and uses dynamic rules.... I haven't been able to, have had to rely on natd to do my state checking, resulting in ipfw rule lists that are not easily read by the layman. So maybe that's another reason to re-evaluate our current NAT solution. Would it be hard to keep using libalias? I know we can't just link against userland libraries in kernel land, but would there be much difficulty in making use of the exact same code? Because the beauty of having libalias is of course the -nat switch on ppp for instance.... Then again, ppp already knows about Netgraph, so if it's done as a netgraph node, that might as well be converted =) Does anything but ppp and natd use libalias? >This (in my mind) should greatly enhance the throughput of FreeBSD's NAT and >keep those Linux people from bashing us (or me, at least.) Would be very nice indeed =) BTW, I hereby volunteer as junior kernel hacker to help on this project. To me NAT has been one of the strongpoints of FreeBSD (very nice features, works very well with FTP/DCC/PPTP) and making it even better would be a pleasure. >-- >Matt Emmerton Just my $0.02, Doc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Jan 27 9:44:27 2002 Delivered-To: freebsd-net@freebsd.org Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by hub.freebsd.org (Postfix) with SMTP id 9E59137B400 for ; Sun, 27 Jan 2002 09:44:20 -0800 (PST) Received: (qmail 61551 invoked from network); 27 Jan 2002 17:43:11 -0000 Received: from unknown (HELO pipeline.ch) ([62.48.21.104]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 27 Jan 2002 17:43:11 -0000 Message-ID: <3C543C2F.970F0375@pipeline.ch> Date: Sun, 27 Jan 2002 18:43:11 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Matthew Emmerton Cc: Clemens Hermann , BSD NET-List Subject: Re: natd restart References: <003c01c1a701$da5209e0$1200a8c0@gsicomp.on.ca> <20020127101854.B267@idefix.local> <00b501c1a742$9a89d950$1200a8c0@gsicomp.on.ca> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Matthew Emmerton wrote: > > > Am 27.01.2002 um 02:11:30 schrieb Matthew Emmerton: > > > > Hi Matt, > > > > > Here's the patch that I wrote some time ago. > > > > thanks a lot! > > Did you send-pr the patch? It seems quite necessary to be added. > > Not yet. One of the things that I don't like about this patch is that old > rules still stay around (re-reading the configuration will only modify > existing rules and add new rules.) I'm also taking a lot of flak on my side > of the fence since NAT runs as a userland process, so every packet gets > copied between the kernel and userland twice (once on the way in, once on > the way out.) Apparently Linux doesn't do this. > > I'm looking at making natd into a kernel option ("options IPNAT") and using > a combination of sysctls and a front-end program to manage how nat operates, > much like "options IPFIREWALL" and ipfw works today. Have a look at IPFILTER where IPNAT is part of. It does everything in the kernel. > This (in my mind) should greatly enhance the throughput of FreeBSD's NAT and > keep those Linux people from bashing us (or me, at least.) Profile, don't speculate. On today's machines you don't notice any difference between userland vs. kernel NAT. I've tested FreeBSD's userland natd and it could easily push 93Mbit/s through a Athlon- 1.4GHz (which is essentially wirespeed (FreeBSD 4.3)) with two fxp cards. -- Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Jan 27 10: 0:32 2002 Delivered-To: freebsd-net@freebsd.org Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by hub.freebsd.org (Postfix) with ESMTP id 5E16637B400 for ; Sun, 27 Jan 2002 10:00:10 -0800 (PST) Received: from InterJet.elischer.org ([12.232.206.8]) by rwcrmhc51.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020127180010.FUPS26243.rwcrmhc51.attbi.com@InterJet.elischer.org>; Sun, 27 Jan 2002 18:00:10 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id JAA42051; Sun, 27 Jan 2002 09:50:30 -0800 (PST) Date: Sun, 27 Jan 2002 09:50:29 -0800 (PST) From: Julian Elischer To: Andre Oppermann Cc: Matthew Emmerton , Clemens Hermann , BSD NET-List Subject: Re: natd restart In-Reply-To: <3C543C2F.970F0375@pipeline.ch> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You can also add rules that allow packets that are going over the INTERNAL interface to skip the NAT divert rules. then you'd only be doing it once. On Sun, 27 Jan 2002, Andre Oppermann wrote: > Matthew Emmerton wrote: > > > > > Am 27.01.2002 um 02:11:30 schrieb Matthew Emmerton: > > > > > > Hi Matt, > > > > > > > Here's the patch that I wrote some time ago. > > > > > > thanks a lot! > > > Did you send-pr the patch? It seems quite necessary to be added. > > > > Not yet. One of the things that I don't like about this patch is that old > > rules still stay around (re-reading the configuration will only modify > > existing rules and add new rules.) I'm also taking a lot of flak on my side > > of the fence since NAT runs as a userland process, so every packet gets > > copied between the kernel and userland twice (once on the way in, once on > > the way out.) Apparently Linux doesn't do this. > > > > I'm looking at making natd into a kernel option ("options IPNAT") and using > > a combination of sysctls and a front-end program to manage how nat operates, > > much like "options IPFIREWALL" and ipfw works today. > > Have a look at IPFILTER where IPNAT is part of. It does everything in > the kernel. > > > This (in my mind) should greatly enhance the throughput of FreeBSD's NAT and > > keep those Linux people from bashing us (or me, at least.) > > Profile, don't speculate. On today's machines you don't notice any > difference between userland vs. kernel NAT. I've tested FreeBSD's > userland natd and it could easily push 93Mbit/s through a Athlon- > 1.4GHz (which is essentially wirespeed (FreeBSD 4.3)) with two fxp > cards. > > -- > Andre > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Jan 27 10:17:41 2002 Delivered-To: freebsd-net@freebsd.org Received: from tomts10-srv.bellnexxia.net (tomts10.bellnexxia.net [209.226.175.54]) by hub.freebsd.org (Postfix) with ESMTP id 3379D37B41F for ; Sun, 27 Jan 2002 10:17:22 -0800 (PST) Received: from xena.gsicomp.on.ca ([199.243.128.21]) by tomts10-srv.bellnexxia.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with ESMTP id <20020127181721.TJVQ3328.tomts10-srv.bellnexxia.net@xena.gsicomp.on.ca>; Sun, 27 Jan 2002 13:17:21 -0500 Received: from hermes (hermes.gsicomp.on.ca [192.168.0.18]) by xena.gsicomp.on.ca (8.11.1/8.11.1) with SMTP id g0RI7HX41071; Sun, 27 Jan 2002 13:07:21 -0500 (EST) (envelope-from matt@gsicomp.on.ca) Message-ID: <002001c1a75e$dca52760$1200a8c0@gsicomp.on.ca> From: "Matthew Emmerton" To: "Rogier R. Mulhuijzen" Cc: "BSD NET-List" References: <003c01c1a701$da5209e0$1200a8c0@gsicomp.on.ca> <20020127101854.B267@idefix.local> <5.1.0.14.0.20020127163105.01e35eb0@mail.drwilco.net> Subject: Re: natd restart Date: Sun, 27 Jan 2002 13:17:17 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-Mimeole: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > (order of quoted mail slightly altered) > > >I'm looking at making natd into a kernel option ("options IPNAT") and using > >a combination of sysctls and a front-end program to manage how nat operates, > >much like "options IPFIREWALL" and ipfw works today. I've been told that 'options IPFILTER' with ipf(8) and ipnat(8) does NAT in the kernel, whereas 'options IPDIVERT' and ipfw(8) and natd(8) is a userland solution. > I've been kicking around the idea of making it a netgraph node. And I know > several other people have too. This is probably the easiest starting point. > libalias is very nice, natd to me has a hackey feeling to it. Try setting > up a firewall that nats and uses dynamic rules.... I haven't been able to, > have had to rely on natd to do my state checking, resulting in ipfw rule > lists that are not easily read by the layman. So maybe that's another > reason to re-evaluate our current NAT solution. See the alternatives above. Perhaps ipf might handle dynamic rules better? ( I don't know, since I've used ipfw since I started using FreeBSD.) > Would it be hard to keep using libalias? I know we can't just link against > userland libraries in kernel land, but would there be much difficulty in > making use of the exact same code? Because the beauty of having libalias is > of course the -nat switch on ppp for instance.... It would be nice to keep libalias functionality, since it is a very easy interface to use. > Does anything but ppp and natd use libalias? A quick check of the sources says no. -- Matt Emmerton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Jan 27 10:54:14 2002 Delivered-To: freebsd-net@freebsd.org Received: from c7.campus.utcluj.ro (c7.campus.utcluj.ro [193.226.6.226]) by hub.freebsd.org (Postfix) with SMTP id E49FE37B423 for ; Sun, 27 Jan 2002 10:54:03 -0800 (PST) Received: (qmail 29040 invoked by uid 1008); 27 Jan 2002 18:53:47 -0000 Date: Sun, 27 Jan 2002 20:53:47 +0200 From: veedee@c7.campus.utcluj.ro To: Matthew Emmerton Cc: Clemens Hermann , BSD NET-List Subject: Re: natd restart Message-ID: <20020127205347.C28961@c7.campus.utcluj.ro> References: <003c01c1a701$da5209e0$1200a8c0@gsicomp.on.ca> <20020127101854.B267@idefix.local> <00b501c1a742$9a89d950$1200a8c0@gsicomp.on.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <00b501c1a742$9a89d950$1200a8c0@gsicomp.on.ca>; from matt@gsicomp.on.ca on Sun, Jan 27, 2002 at 09:55:03AM -0500 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, Jan 27, 2002 at 09:55:03AM -0500, Matthew Emmerton wrote: > > Am 27.01.2002 um 02:11:30 schrieb Matthew Emmerton: > > > > Hi Matt, > > > > > Here's the patch that I wrote some time ago. > > > > thanks a lot! > > Did you send-pr the patch? It seems quite necessary to be added. > > Not yet. One of the things that I don't like about this patch is that old > rules still stay around (re-reading the configuration will only modify > existing rules and add new rules.) I'm also taking a lot of flak on my side > of the fence since NAT runs as a userland process, so every packet gets > copied between the kernel and userland twice (once on the way in, once on > the way out.) Apparently Linux doesn't do this. > > I'm looking at making natd into a kernel option ("options IPNAT") and using > a combination of sysctls and a front-end program to manage how nat operates, > much like "options IPFIREWALL" and ipfw works today. That would be just great. A lot of people would benefit from this. I had to switch to IPF/IPNAT because of the cpu load NATD had. But for some reason, I find NATD to be a bit "better" than IPNAT (I'm having a lot of problems with Audiogalaxy's satellite service running with ftp). > This (in my mind) should greatly enhance the throughput of FreeBSD's NAT and > keep those Linux people from bashing us (or me, at least.) Sorry, I *was* one of them :) veedee. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Jan 27 11:29:38 2002 Delivered-To: freebsd-net@freebsd.org Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by hub.freebsd.org (Postfix) with ESMTP id B690C37B417 for ; Sun, 27 Jan 2002 11:29:17 -0800 (PST) Received: from arch20m.dellroad.org (arch20m.dellroad.org [10.1.1.20]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id MAA17357; Sat, 26 Jan 2002 12:38:43 -0800 (PST) Received: (from archie@localhost) by arch20m.dellroad.org (8.11.6/8.11.6) id g0QKchm35896; Sat, 26 Jan 2002 12:38:43 -0800 (PST) (envelope-from archie) From: Archie Cobbs Message-Id: <200201262038.g0QKchm35896@arch20m.dellroad.org> Subject: Re: Netgraph In-Reply-To: "from Julian Elischer at Jan 25, 2002 11:57:28 am" To: Julian Elischer Date: Sat, 26 Jan 2002 12:38:43 -0800 (PST) Cc: ome ome , freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL88 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Julian Elischer writes: > you need to attach the tty node to a tty using the regular > terminal "line disciplin" methods. > (similar to the way the ppp protocol handler is attached to a tty > for kernel ppp) Right.. you can only create an ng_tty node by installing it as a line discipline, e.g., something like this: #include int fd, disc; fd = open("/dev/cuaa0", O_RDWR); disc = NETGRAPHDISC; ioctl(fd, TIOCSETD, &disc); ... -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Jan 27 12:54:11 2002 Delivered-To: freebsd-net@freebsd.org Received: from mailout09.sul.t-online.com (mailout09.sul.t-online.com [194.25.134.84]) by hub.freebsd.org (Postfix) with ESMTP id 3680737B402 for ; Sun, 27 Jan 2002 12:54:09 -0800 (PST) Received: from fwd01.sul.t-online.de by mailout09.sul.t-online.com with smtp id 16UwJP-00085v-08; Sun, 27 Jan 2002 21:54:03 +0100 Received: from idefix.local (320080844193-0001@[62.225.210.153]) by fmrl01.sul.t-online.com with smtp id 16UwJG-24daVcC; Sun, 27 Jan 2002 21:53:54 +0100 Received: (nullmailer pid 321 invoked by uid 1000); Sun, 27 Jan 2002 20:53:56 -0000 Date: Sun, 27 Jan 2002 21:53:56 +0100 From: Clemens Hermann To: Andre Oppermann Cc: Matthew Emmerton , BSD NET-List Subject: Re: natd restart Message-ID: <20020127215355.B267@idefix.local> Mail-Followup-To: Clemens Hermann , Andre Oppermann , Matthew Emmerton , BSD NET-List References: <003c01c1a701$da5209e0$1200a8c0@gsicomp.on.ca> <20020127101854.B267@idefix.local> <00b501c1a742$9a89d950$1200a8c0@gsicomp.on.ca> <3C543C2F.970F0375@pipeline.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3C543C2F.970F0375@pipeline.ch> von Andre Oppermann am 27.Jan.2002 um 18:43:11 (+0100) X-Mailer: Mutt 1.2.5.1i (FreeBSD 4.4-RELEASE i386) X-Sender: 320080844193-0001@t-dialin.net Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Am 27.01.2002 um 18:43:11 schrieb Andre Oppermann: Hi Andre, > Have a look at IPFILTER where IPNAT is part of. It does everything in > the kernel. to come back to my initial question: is there a way to modify ipnat rules without breaking existing connections? tia /ch -- "Contrary to popular belief, Unix is user friendly. It just happens to be selective about who it makes friends with." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Jan 27 12:54:45 2002 Delivered-To: freebsd-net@freebsd.org Received: from mailout07.sul.t-online.com (mailout07.sul.t-online.com [194.25.134.83]) by hub.freebsd.org (Postfix) with ESMTP id 35ACA37B400 for ; Sun, 27 Jan 2002 12:54:39 -0800 (PST) Received: from fwd08.sul.t-online.de by mailout07.sul.t-online.com with smtp id 16UwCQ-0006QE-04; Sun, 27 Jan 2002 21:46:50 +0100 Received: from idefix.local (320080844193-0001@[62.225.210.153]) by fmrl08.sul.t-online.com with smtp id 16UwCC-1AZGDoC; Sun, 27 Jan 2002 21:46:36 +0100 Received: (nullmailer pid 307 invoked by uid 1000); Sun, 27 Jan 2002 20:46:38 -0000 Date: Sun, 27 Jan 2002 21:46:38 +0100 From: Clemens Hermann To: Matthew Emmerton Cc: BSD NET-List Subject: Re: natd restart Message-ID: <20020127214638.A267@idefix.local> Mail-Followup-To: Clemens Hermann , Matthew Emmerton , BSD NET-List References: <20020126234617.C267@idefix.local> <5.1.0.14.0.20020127002514.01d56978@mail.drwilco.net> <20020127100745.A267@idefix.local> <00c401c1a743$2f8f9170$1200a8c0@gsicomp.on.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <00c401c1a743$2f8f9170$1200a8c0@gsicomp.on.ca> von Matthew Emmerton am 27.Jan.2002 um 09:59:14 (-0500) X-Mailer: Mutt 1.2.5.1i (FreeBSD 4.4-RELEASE i386) X-Sender: 320080844193-0001@t-dialin.net Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Am 27.01.2002 um 09:59:14 schrieb Matthew Emmerton: Hi Matthew, > Why not just add an IP alias for the "new" network on each machine? Each > system will respond to packets directed to either network, but without the > complexity of a NAT box in the middle. Once you've got everything switched, > then you can remove the original IP addresses. Sounds like a way better solution as the one I thought of. Thanks a lot for this hint! > I've used this method in the > past to transition LANs between IP ranges and it works absolutely fine. Did you use Windows machines in this setup? There are many NT4 Boxes, Win2k, some 98 and 95 computers here. tia /ch -- "Contrary to popular belief, Unix is user friendly. It just happens to be selective about who it makes friends with." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Jan 27 13:36:21 2002 Delivered-To: freebsd-net@freebsd.org Received: from tomts9-srv.bellnexxia.net (tomts9.bellnexxia.net [209.226.175.53]) by hub.freebsd.org (Postfix) with ESMTP id 17DBA37B417 for ; Sun, 27 Jan 2002 13:36:19 -0800 (PST) Received: from xena.gsicomp.on.ca ([199.243.128.21]) by tomts9-srv.bellnexxia.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with ESMTP id <20020127213618.ZBET26820.tomts9-srv.bellnexxia.net@xena.gsicomp.on.ca>; Sun, 27 Jan 2002 16:36:18 -0500 Received: from hermes (hermes.gsicomp.on.ca [192.168.0.18]) by xena.gsicomp.on.ca (8.11.1/8.11.1) with SMTP id g0RLQHX41904; Sun, 27 Jan 2002 16:26:17 -0500 (EST) (envelope-from matt@gsicomp.on.ca) Message-ID: <002901c1a77a$a7027790$1200a8c0@gsicomp.on.ca> From: "Matthew Emmerton" To: "Clemens Hermann" Cc: "BSD NET-List" References: <20020126234617.C267@idefix.local> <5.1.0.14.0.20020127002514.01d56978@mail.drwilco.net> <20020127100745.A267@idefix.local> <00c401c1a743$2f8f9170$1200a8c0@gsicomp.on.ca> <20020127214638.A267@idefix.local> Subject: Re: natd restart Date: Sun, 27 Jan 2002 16:36:16 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Am 27.01.2002 um 09:59:14 schrieb Matthew Emmerton: > > Hi Matthew, > > > Why not just add an IP alias for the "new" network on each machine? Each > > system will respond to packets directed to either network, but without the > > complexity of a NAT box in the middle. Once you've got everything switched, > > then you can remove the original IP addresses. > > Sounds like a way better solution as the one I thought of. > Thanks a lot for this hint! > > > I've used this method in the > > past to transition LANs between IP ranges and it works absolutely fine. > > Did you use Windows machines in this setup? > There are many NT4 Boxes, Win2k, some 98 and 95 computers here. No, I used the alias trick on a bunch of UNIX and NT4 servers. All of the desktops on the LAN used DHCP so it was easy to change them. -- Matt Emmerton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Jan 27 17:49:20 2002 Delivered-To: freebsd-net@freebsd.org Received: from swan.prod.itd.earthlink.net (swan.mail.pas.earthlink.net [207.217.120.123]) by hub.freebsd.org (Postfix) with ESMTP id 8AB4937B400 for ; Sun, 27 Jan 2002 17:49:17 -0800 (PST) Received: from dialup-209.245.129.180.dial1.sanjose1.level3.net ([209.245.129.180] helo=blossom.cjclark.org) by swan.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 16V0v5-0006eK-00; Sun, 27 Jan 2002 17:49:16 -0800 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.3) id g0S1mw427513; Sun, 27 Jan 2002 17:48:58 -0800 (PST) (envelope-from cjc) Date: Sun, 27 Jan 2002 17:48:49 -0800 From: "Crist J. Clark" To: Clemens Hermann Cc: Andre Oppermann , Matthew Emmerton , BSD NET-List Subject: Re: natd restart Message-ID: <20020127174849.B27080@blossom.cjclark.org> References: <003c01c1a701$da5209e0$1200a8c0@gsicomp.on.ca> <20020127101854.B267@idefix.local> <00b501c1a742$9a89d950$1200a8c0@gsicomp.on.ca> <3C543C2F.970F0375@pipeline.ch> <20020127215355.B267@idefix.local> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020127215355.B267@idefix.local>; from haribeau@gmx.de on Sun, Jan 27, 2002 at 09:53:56PM +0100 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, Jan 27, 2002 at 09:53:56PM +0100, Clemens Hermann wrote: > Am 27.01.2002 um 18:43:11 schrieb Andre Oppermann: > > Hi Andre, > > > Have a look at IPFILTER where IPNAT is part of. It does everything in > > the kernel. > > to come back to my initial question: is there a way to modify ipnat > rules without breaking existing connections? With ipnat(1)? Yes. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Jan 27 23:31:35 2002 Delivered-To: freebsd-net@freebsd.org Received: from mta7.pltn13.pbi.net (mta7.pltn13.pbi.net [64.164.98.8]) by hub.freebsd.org (Postfix) with ESMTP id 9B36B37B426 for ; Sun, 27 Jan 2002 23:31:20 -0800 (PST) Received: from elischer.org ([64.164.10.232]) by mta7.pltn13.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with ESMTP id <0GQN00DX10W70G@mta7.pltn13.pbi.net> for freebsd-net@FreeBSD.ORG; Sun, 27 Jan 2002 23:31:20 -0800 (PST) Date: Sun, 27 Jan 2002 23:31:20 -0800 From: Julian Elischer Subject: Re: netgraph: how to setsockopt on ksocket node ? To: Florent Parent Cc: Archie Cobbs , freebsd-net@FreeBSD.ORG Message-id: <3C54FE47.81C90C55@elischer.org> MIME-version: 1.0 X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 5.0-CURRENT i386) Content-type: text/plain; charset=iso-8859-2 Content-transfer-encoding: 8BIT X-Accept-Language: en, hu References: <200201190530.g0J5U0T27493@arch20m.dellroad.org> <5390000.1011459455@blues.viagenie.qc.ca> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Archie do you want to check this in, or shall I? Florent Parent wrote: > > --On 2002-01-18 21:30:00 -0800 archie@dellroad.org wrote: > >> netgraph: sendto(.dummy): Bad address > > > > Hmm.. I wonder if the problem is that this has never worked :-) > > That would explain why I couldn't find any examples on using this ;-) > > > That is, maybe setsockopt() is expecting the value pointer to point > > into user memory, while ng_ksocket is using a pointer that points > > into kernel memory? > > > > In which case, I don't know how to go about fixing it.. Julian? > > This is what I did to make it work for me. A better fix would probably be > around the struct proc definition. If fact, you had noted "broken" > probably as a memo to fix something here... > > struct proc *p = curproc ? curproc : &proc0; /* XXX broken */ > > *** ng_ksocket.c.orig Sat Jan 19 11:05:28 2002 > --- ng_ksocket.c Sat Jan 19 11:45:23 2002 > *************** > *** 759,765 **** > sopt.sopt_name = ksopt->name; > sopt.sopt_val = ksopt->value; > sopt.sopt_valsize = valsize; > ! sopt.sopt_p = p; > error = sosetopt(so, &sopt); > break; > } > --- 759,765 ---- > sopt.sopt_name = ksopt->name; > sopt.sopt_val = ksopt->value; > sopt.sopt_valsize = valsize; > ! sopt.sopt_p = 0; > error = sosetopt(so, &sopt); > break; > } > > Florent. > -- > Florent Parent > Viagénie http://www.viagenie.qc.ca -- +------------------------------------+ ______ _ __ | __--_|\ Julian Elischer | \ U \/ / hard at work in | / \ julian@elischer.org +------>x USA \ a very strange | ( OZ ) \___ ___ | country ! +- X_.---._/ presently in San Francisco \_/ \\ v To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Jan 28 0:49:47 2002 Delivered-To: freebsd-net@freebsd.org Received: from web20108.mail.yahoo.com (web20108.mail.yahoo.com [216.136.226.45]) by hub.freebsd.org (Postfix) with SMTP id 69D2637B417 for ; Mon, 28 Jan 2002 00:49:45 -0800 (PST) Message-ID: <20020128084944.54387.qmail@web20108.mail.yahoo.com> Received: from [212.234.238.114] by web20108.mail.yahoo.com via HTTP; Mon, 28 Jan 2002 00:49:44 PST Date: Mon, 28 Jan 2002 00:49:44 -0800 (PST) From: ome ome Subject: Sangoma WAN card To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I'm trying to use a Sangoma WAN card in raw mode to use pppd (from freeBSD 3.5) and not the PPP which is on the WAN Card. For this, I tried netgraph, but I don't know which type of node to use for the wan card. Thanks __________________________________________________ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Jan 28 9:40:19 2002 Delivered-To: freebsd-net@freebsd.org Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by hub.freebsd.org (Postfix) with ESMTP id 05A8037B400 for ; Mon, 28 Jan 2002 09:40:17 -0800 (PST) Received: from InterJet.elischer.org ([12.232.206.8]) by rwcrmhc51.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020128174016.KFBF26243.rwcrmhc51.attbi.com@InterJet.elischer.org>; Mon, 28 Jan 2002 17:40:16 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id JAA46839; Mon, 28 Jan 2002 09:24:47 -0800 (PST) Date: Mon, 28 Jan 2002 09:24:46 -0800 (PST) From: Julian Elischer To: ome ome Cc: freebsd-net@freebsd.org Subject: Re: Sangoma WAN card In-Reply-To: <20020128084944.54387.qmail@web20108.mail.yahoo.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ahhhhh does teh card provide a /dev/tty type interface? if not then you may be out of luck because it doesn't have a netgraph interface. The hardware has to be able to connect with netgraph in some way. I gather the driver is binary? On Mon, 28 Jan 2002, ome ome wrote: > Hi, > > I'm trying to use a Sangoma WAN card in raw mode > to use pppd (from freeBSD 3.5) and not the PPP which > is on the WAN Card. > For this, I tried netgraph, but I don't know which > type of node to use for the wan card. > > Thanks > > __________________________________________________ > Do You Yahoo!? > Great stuff seeking new owners in Yahoo! Auctions! > http://auctions.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Jan 29 2:43:39 2002 Delivered-To: freebsd-net@freebsd.org Received: from web20108.mail.yahoo.com (web20108.mail.yahoo.com [216.136.226.45]) by hub.freebsd.org (Postfix) with SMTP id 0DF4D37B404 for ; Tue, 29 Jan 2002 02:43:37 -0800 (PST) Message-ID: <20020129104336.85859.qmail@web20108.mail.yahoo.com> Received: from [212.234.238.114] by web20108.mail.yahoo.com via HTTP; Tue, 29 Jan 2002 02:43:36 PST Date: Tue, 29 Jan 2002 02:43:36 -0800 (PST) From: ome ome Subject: WANic and Netgraph To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org First of all, thanks for your help !! My WAN card is set as follow : wpa_chdlc0: flags=51 mtu 1500 inet 10.1.1.1 --> 10.2.1.1 netmask 0xff000000 So, here is what I'm trying to do : I would like to make a link between the wpa_chdlc0 and the ppp0, to make a connection between Cisco and pppd. So, I prefer to use Netgraph for the independancy with the hardware. I make two Iface nodes connected on Inet hook (ng0:inet <---> ng1:inet) then, I want to bind my nodes on the devices wpa_chdlc0 and ppp0 My problems are : - When I try to bind my devices, I've got the following message : ngctl: send msg: Function not implemented Could you tell me how to use the bind function (i.e. bind arg1 arg2 ...)? - Do you think I'm on the right way?? Thanks, Olivier __________________________________________________ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 30 0:23:37 2002 Delivered-To: freebsd-net@freebsd.org Received: from smtp018.mail.yahoo.com (smtp018.mail.yahoo.com [216.136.174.115]) by hub.freebsd.org (Postfix) with SMTP id 8123437B41A for ; Wed, 30 Jan 2002 00:23:27 -0800 (PST) Received: from unknown (HELO kshitij) (203.124.128.243) by smtp.mail.vip.sc5.yahoo.com with SMTP; 30 Jan 2002 08:23:21 -0000 From: "Kshitij Gunjikar" To: Subject: mtod function Date: Wed, 30 Jan 2002 14:03:21 +0530 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Importance: Normal Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi All, I'm new to FreeBSD code. Does mtod function leave 16 bytes required by the hardware in the mbuf and point to IP header? or It points to the hardware area? Regards Kshitij _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 30 1:56:17 2002 Delivered-To: freebsd-net@freebsd.org Received: from zibbi.icomtek.csir.co.za (zibbi.icomtek.csir.co.za [146.64.24.58]) by hub.freebsd.org (Postfix) with ESMTP id 2A15D37B416; Wed, 30 Jan 2002 01:55:54 -0800 (PST) Received: (from jhay@localhost) by zibbi.icomtek.csir.co.za (8.11.6/8.11.6) id g0U9saA66379; Wed, 30 Jan 2002 11:54:36 +0200 (SAT) (envelope-from jhay) From: John Hay Message-Id: <200201300954.g0U9saA66379@zibbi.icomtek.csir.co.za> Subject: Re: IPXIP In-Reply-To: <20020124231006.T93791-100000@blade.elitsat.net> from Alexander at "Jan 24, 2002 11:58:21 pm" To: amour@blade.elitsat.net (Alexander) Date: Wed, 30 Jan 2002 11:54:36 +0200 (SAT) Cc: freebsd-net@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I have a serious question to ask. > > I have 2 gamehalls. Both of them are on masq. networks. > And I need to make them to play games over IPX. > for linux there are a lot of demons for ipx routing, but I don't know what > are for freebsd. > So here is what I did: > > 1. on both routers I compiled: > options IPTUNNEL IPXIP and IPX > > 2. added the following lines in /etc/rc.conf: > ifconfig_rl0_ipx="ipx 0x00000000" # Sample IPX address family entry. ^^^^^^^^^ > ipxgateway_enable="YES" # Set to YES to enable IPX routing. > ipxrouted_enable="YES" # Set to YES to run the IPX routing daemon. > ipxrouted_flags="" # Flags for IPX routing daemon. This should be enough to get IPXrouted running. You can also check the routing table with "netstat -rnf ipx". > > 3. did a tunnel over the both routers. > on router1: > nos-tun -t /dev/tun0 -s 172.100.100.1 -d 172.100.100.2 209.1.1.2 > on router2: > nos-tun -t /dev/tun0 -s 172.100.100.2 -d 172.100.100.1 209.1.1.1 > > 4. did: > on router1: > ifconfig rl0 ipx 0x0 ipdst 172.100.100.1 ^^^^^ > > on router2: > ifconfig rl0 ipx 0x0 ipdst 172.100.100.2 ^^^^^ > > and the results: > on both sides I had interface: > > ipxip0: flags=11 mtu 1536 > ipx 0.XXXXXXXXXX --> 0 ^^^ IPX networking is similar to ipv4 networking in some respects. It also needs unique network numbers for the different "subnets" to work, so you need to use different network numbers and not 0x0 everywhere. What is different is that the network number is a 32 bit number and not shared with the host part as on ipv4. > > > but when a user on the one gamehall creates a game (using Starcraft (LAN)) > the other gamehall couldn't join. > > So this means that my configurations didn't work. > I tried to change ipdst on both sides to point not to source but dest > but this didn't help. > > If you know how can I make this, please tell me. > I've tried to find some documentations about IPXIP or IPXrouted but I > found nothing. Look in the old mail archives because I did explain it (IPXIP usage) a loooong time ago. IPXrouted should be straight forward it does have a man page and normally does not need configuration. You just start it and it does its thing, much like routed. John -- John Hay -- John.Hay@icomtek.csir.co.za / jhay@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 30 3:22: 6 2002 Delivered-To: freebsd-net@freebsd.org Received: from straylight.ringlet.net (discworld.nanolink.com [217.75.135.248]) by hub.freebsd.org (Postfix) with SMTP id 2927D37B404 for ; Wed, 30 Jan 2002 03:21:59 -0800 (PST) Received: (qmail 10252 invoked by uid 1000); 30 Jan 2002 11:21:11 -0000 Date: Wed, 30 Jan 2002 13:21:11 +0200 From: Peter Pentchev To: net@FreeBSD.org Subject: Re: misc/34390: incorrect error with getaddrinfo with hostname+AI_NUMERICHOST Message-ID: <20020130132111.E4374@straylight.oblivion.bg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Does anybody see any possible problems stemming from the patch in the following reply to PR misc/34390? G'luck, Peter -- This sentence was in the past tense. ----- Forwarded message from Peter Pentchev ----- Date: Wed, 30 Jan 2002 13:19:35 +0200 From: Peter Pentchev To: Serge van den Boom Cc: FreeBSD-gnats-submit@freebsd.org Subject: Re: misc/34390: incorrect error with getaddrinfo with hostname+AI_NUMERICHOST On Tue, Jan 29, 2002 at 12:06:36AM +0100, Serge van den Boom wrote: > > >Number: 34390 > >Category: misc > >Synopsis: incorrect error with getaddrinfo with hostname+AI_NUMERICHOST > >Originator: Serge van den Boom > >Release: FreeBSD 4.5-RC i386 > >Description: > When using getaddrinfo with AI_NUMERICHOST set in the options field of > the hints structure, and passing a non-numeric host name, EAI_NODATA is > returned. RFC 2553 requires an error code of EAI_NONAME in that case though, > and this is what the getaddrinfo man page also says (in fact it's the same > text). Can you try the following patch? It seems to fix the problem for me. It is made against RELENG_4 sources, but applies cleanly to -CURRENT, too. G'luck, Peter Index: src/lib/libc/net/getaddrinfo.c =================================================================== RCS file: /home/ncvs/src/lib/libc/net/getaddrinfo.c,v retrieving revision 1.9.2.8 diff -u -r1.9.2.8 getaddrinfo.c --- src/lib/libc/net/getaddrinfo.c 15 Jun 2001 22:08:28 -0000 1.9.2.8 +++ src/lib/libc/net/getaddrinfo.c 30 Jan 2002 10:50:07 -0000 @@ -529,7 +529,7 @@ goto good; if (pai->ai_flags & AI_NUMERICHOST) - ERR(EAI_NODATA); + ERR(EAI_NONAME); if (hostname == NULL) ERR(EAI_NODATA); ----- End forwarded message ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 30 7:46:59 2002 Delivered-To: freebsd-net@freebsd.org Received: from vinyl.catpipe.net (vinyl.catpipe.net [195.249.214.189]) by hub.freebsd.org (Postfix) with ESMTP id 5E19437B400 for ; Wed, 30 Jan 2002 07:46:50 -0800 (PST) Received: by vinyl.catpipe.net (Postfix, from userid 1006) id F3FDD18F4; Wed, 30 Jan 2002 16:48:13 +0100 (CET) Date: Wed, 30 Jan 2002 16:48:13 +0100 From: Phil Regnauld To: Dennis Pedersen Cc: freebsd-net@FreeBSD.ORG Subject: Re: ipsec, racoon, win2000, certifications, how-to? Message-ID: <20020130164813.N13412@vinyl.catpipe.net> References: <20020127182146.M18351-100000@localhost> <006801c1a73f$ca34f110$0301a8c0@dpws> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <006801c1a73f$ca34f110$0301a8c0@dpws>; from trm@daydreamer.dk on Sun, Jan 27, 2002 at 03:34:55PM +0100 X-Operating-System: FreeBSD 4.4-STABLE i386 Organization: catpipe Systems ApS Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dennis Pedersen (trm) writes: > > Uhm, you can also use a email add and a password > something@domain.com thekeything > There are a bit about certificates in a kame newsletter, try looking on the > site :) > > How did you solve the setkey setup if the ip adress is dynamic, do you have > an example? That's the problem. See: http://www.google.com/url?sa=U&start=1&q=http://archives.neohapsis.com/archives/freebsd/2000-12/0009.html&e=922 Normally, you use SPDUPDATE messages to the kernel to update the security policy. o Client side -- normally you would use this in the CLIENT racoon.conf: -----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<----- remote IP.OF.MY.OFFICE-GW { [...] my_identifier address; -----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<----- ... to identify yourself using your IP address. Since it's dynamic, we use this instead: my_identifier user_fqdn "userxyz@company.com" ; (could also be an X.509 ASN.1 identifier with a certificate payload -- haven't tried it yet with racoon...) o On the office GW: In psk.txt, you add: userxyz@company.com MyPreSharedKeySecret Then in the racoon.conf, you define a remote anonymous as follows: -----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<----- remote anonymous { [...] passive on; generate_policy on; my_identifier address; -----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<----- Idea: the passive on tells the office GW to listen to requests and never initiate negotiation. Perfect since you don't know the IP address in advance. generate_policy is there to fix that: it will generate a policy (SP) in the SPD dynamically if it the authentication info + PSK (pre shared key) or cert ID matches -- as racoon.conf(5) says: generate_policy (on | off); This directive is for the responder. Therefore you should set passive on in order that racoon(8) only becomes a responder. If the responder does not have any policy in SPD during phase 2 negotiation, and the direc- tive is set on, then racoon(8) will choice the first pro- posal in the SA payload from the initiator, and generate policy entries from the proposal. It is useful to nego- tiate with the client which is allocated IP address dynamically. Unfortunately, this doesn't work. Running racoon -F you will see the server (GW) side complain with something in the form (don't have it in front of me): X_SPDUPDATE: no such file or directory ... and after a short while the phase 1 will time out, with no phase 2 negotiated. And that's it :( So it looks like KAME either doesn't fully implement this or racoon doesn't -- I'm not really sure which, and haven't had time to try with isakmpd yet (ports/net/isakmpd). Any ideas ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 30 11:42:49 2002 Delivered-To: freebsd-net@freebsd.org Received: from web20110.mail.yahoo.com (web20110.mail.yahoo.com [216.136.226.47]) by hub.freebsd.org (Postfix) with SMTP id F1C4737B416 for ; Wed, 30 Jan 2002 11:42:41 -0800 (PST) Message-ID: <20020130194241.90275.qmail@web20110.mail.yahoo.com> Received: from [212.83.168.51] by web20110.mail.yahoo.com via HTTP; Wed, 30 Jan 2002 11:42:41 PST Date: Wed, 30 Jan 2002 11:42:41 -0800 (PST) From: ome ome To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Sorry to bore you again, But I'm so good in C than in english. I don't understand how to connect a ppp node to pppd? Shall I do something particular or is it done automatically? Could you, please, send me some examples? Thanks Olivier __________________________________________________ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 30 12:40:24 2002 Delivered-To: freebsd-net@freebsd.org Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by hub.freebsd.org (Postfix) with ESMTP id 5FA2C37B417 for ; Wed, 30 Jan 2002 12:40:09 -0800 (PST) Received: from InterJet.elischer.org ([12.232.206.8]) by rwcrmhc53.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020130204009.BSOE10199.rwcrmhc53.attbi.com@InterJet.elischer.org>; Wed, 30 Jan 2002 20:40:09 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id MAA57615; Wed, 30 Jan 2002 12:37:18 -0800 (PST) Date: Wed, 30 Jan 2002 12:37:18 -0800 (PST) From: Julian Elischer To: ome ome Cc: freebsd-net@freebsd.org Subject: Re: your mail In-Reply-To: <20020130194241.90275.qmail@web20110.mail.yahoo.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 30 Jan 2002, ome ome wrote: > Sorry to bore you again, > But I'm so good in C than in english. > > I don't understand how to connect a ppp node to pppd? > Shall I do something particular or is it done > automatically? > > Could you, please, send me some examples? > > Thanks > > Olivier there are 4 DIFFERENT ppps in the freebsd system netgraph ppp modules --used by mpd kernel async ppp --used by pppd kernel sync ppp (sppp) used by isdn and other sync stuff. USERLAND ppp (/usr/sbin/ppp) -- does it all outside the kernel. they do not attach to each other. they are duplicated code. The netgraph one might be used to replace all the others if we had the time to do so. If you have a question please give more information. (p.s. what language do you speak? maybe we have a developer that speaks that language that can help yuo better) > > > __________________________________________________ > Do You Yahoo!? > Great stuff seeking new owners in Yahoo! Auctions! > http://auctions.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 30 16:42:31 2002 Delivered-To: freebsd-net@freebsd.org Received: from cody.jharris.com (cody.jharris.com [205.238.128.83]) by hub.freebsd.org (Postfix) with ESMTP id 220E037B445 for ; Wed, 30 Jan 2002 16:42:20 -0800 (PST) Received: from localhost (nick@localhost) by cody.jharris.com (8.11.1/8.9.3) with ESMTP id g0V0kPw35963 for ; Wed, 30 Jan 2002 18:46:26 -0600 (CST) (envelope-from nick@rogness.net) Date: Wed, 30 Jan 2002 18:46:25 -0600 (CST) From: Nick Rogness X-Sender: nick@cody.jharris.com To: net@freebsd.org Subject: Need Help ASAP: Out of UDP space? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Our Radius server seems to stop functioning after a while. netstat -an reports: Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) [SNIP] udp4 0 0 *.1646 *.* udp4 32310 0 *.1645 *.* netstat -mb reports: 275/640/18368 mbufs in use (current/peak/max): 171 mbufs allocated to data 1 mbufs allocated to packet headers 103 mbufs allocated to socket names and addresses 168/316/4592 mbuf clusters in use (current/peak/max) 792 Kbytes allocated to network (5% of mb_map in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines I tried Increasing net.inet.udp.recvspace with no luck. WHat is going on? The Radius server receives the UDP packets but never seems to send the back. Nick Rogness - Don't mind me...I'm just sniffing your packets To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 30 17:37: 7 2002 Delivered-To: freebsd-net@freebsd.org Received: from cody.jharris.com (cody.jharris.com [205.238.128.83]) by hub.freebsd.org (Postfix) with ESMTP id 27DF937B416 for ; Wed, 30 Jan 2002 17:37:03 -0800 (PST) Received: from localhost (nick@localhost) by cody.jharris.com (8.11.1/8.9.3) with ESMTP id g0V1f9236327 for ; Wed, 30 Jan 2002 19:41:09 -0600 (CST) (envelope-from nick@rogness.net) Date: Wed, 30 Jan 2002 19:41:09 -0600 (CST) From: Nick Rogness X-Sender: nick@cody.jharris.com To: net@FreeBSD.ORG Subject: Re: Need Help ASAP: Out of UDP space? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 30 Jan 2002, Nick Rogness wrote: > > Our Radius server seems to stop functioning after a while. netstat > -an reports: > > Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) > > [SNIP] > udp4 0 0 *.1646 *.* > udp4 32310 0 *.1645 *.* > > netstat -mb reports: > > 275/640/18368 mbufs in use (current/peak/max): > 171 mbufs allocated to data > 1 mbufs allocated to packet headers > 103 mbufs allocated to socket names and addresses > 168/316/4592 mbuf clusters in use (current/peak/max) > 792 Kbytes allocated to network (5% of mb_map in use) > 0 requests for memory denied > 0 requests for memory delayed > 0 calls to protocol drain routines > > I tried Increasing net.inet.udp.recvspace with no luck. WHat is going > on? > > The Radius server receives the UDP packets but never seems to send the > back. I misspoke here. According to tcpdump it is sending the response back to the NAS. I need to get a packet sniffer between the NAS and the BSD machine to determine if it is actually getting transmitted across the wire or not. This problem is happening on both fBSD based Radius servers at about the same time. Maybe load related? Only other thing in common between the 2 is that they both have fxp ethernet cards. Nick Rogness - Don't mind me...I'm just sniffing your packets To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 31 2:58:22 2002 Delivered-To: freebsd-net@freebsd.org Received: from smtp6.mindspring.com (smtp6.mindspring.com [207.69.200.110]) by hub.freebsd.org (Postfix) with ESMTP id 2CC5037B402 for ; Thu, 31 Jan 2002 02:58:20 -0800 (PST) Received: from user-11202ko.dsl.mindspring.com ([66.32.10.152] helo=mindspring.com) by smtp6.mindspring.com with esmtp (Exim 3.33 #1) id 16WEv4-0002VM-00; Thu, 31 Jan 2002 05:58:18 -0500 Message-ID: <3C5879D2.DE7AEF56@mindspring.com> Date: Wed, 30 Jan 2002 17:55:15 -0500 From: Naga R Narayanaswamy X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.4-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Nick Rogness Cc: net@FreeBSD.ORG Subject: Re: Need Help ASAP: Out of UDP space? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Nick Rogness wrote: Which radius server package are you using. Because I know there are different port packages for radius server. After how long (days or hours) did you encounter this problem? Don't you have some sort of logging on the server. I usually turn on some level of debug, which gives a better picture in case of errors. (btw, i use the radius server from freeradius.org) > > I misspoke here. According to tcpdump it is sending the > response back to the NAS. I need to get a packet sniffer between > the NAS and the BSD machine to determine if it is actually getting > transmitted across the wire or not. This problem is happening on > both fBSD based Radius servers at about the same time. Maybe load > related? Only other thing in common between the 2 is that they > both have fxp ethernet cards. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 31 8:54:47 2002 Delivered-To: freebsd-net@freebsd.org Received: from web20110.mail.yahoo.com (web20110.mail.yahoo.com [216.136.226.47]) by hub.freebsd.org (Postfix) with SMTP id DA2F537B41A for ; Thu, 31 Jan 2002 08:54:39 -0800 (PST) Message-ID: <20020131165439.88852.qmail@web20110.mail.yahoo.com> Received: from [212.234.238.114] by web20110.mail.yahoo.com via HTTP; Thu, 31 Jan 2002 08:54:39 PST Date: Thu, 31 Jan 2002 08:54:39 -0800 (PST) From: ome ome Subject: Re: your mail To: julian@elischer.org Cc: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ok ! - I speak french. - I use FreeBSD 3.5 - I try to use protocol PPP (I want to use it in the kernel) for establishing a (ppp) connection with a cisco 4500. The cisco is connected trought the serial interface to a WANnic (Sangoma S5141). - I tried many things with Netgraph (with ngctl) I have made a "graph", but I don't understand how to connect a device to a node? for example: to link /dev/ppp0 to a node (Shall I need a C prog or is it possible with ngctl?) how I can see that the node is well-connected ? to the device (The cisco node always send packets and ngctl diplays it) >Julian Elischer a écrit : > > On Wed, 30 Jan 2002, ome ome wrote: > > > Sorry to bore you again, > > But I'm so good in C than in english. > > > > I don't understand how to connect a ppp node to >pppd? > > Shall I do something particular or is it done > > automatically? > > > > Could you, please, send me some examples? > > > > Thanks > > > > Olivier > > there are 4 DIFFERENT ppps in the freebsd system > netgraph ppp modules --used by mpd > kernel async ppp --used by pppd > kernel sync ppp (sppp) used by isdn and other sync >stuff. > USERLAND ppp (/usr/sbin/ppp) -- does it all outside >the kernel. > > they do not attach to each other. > they are duplicated code. > The netgraph one might be used to replace all the >others if we had the > time to do so. > > If you have a question please give more >information. > (p.s. what language do you speak? maybe we have a > developer that speaks that language that can help >yuo better) __________________________________________________ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 31 9:23:13 2002 Delivered-To: freebsd-net@freebsd.org Received: from cody.jharris.com (cody.jharris.com [205.238.128.83]) by hub.freebsd.org (Postfix) with ESMTP id 9631A37B405 for ; Thu, 31 Jan 2002 09:23:03 -0800 (PST) Received: from localhost (nick@localhost) by cody.jharris.com (8.11.1/8.9.3) with ESMTP id g0VHRIG41480; Thu, 31 Jan 2002 11:27:19 -0600 (CST) (envelope-from nick@rogness.net) Date: Thu, 31 Jan 2002 11:27:18 -0600 (CST) From: Nick Rogness X-Sender: nick@cody.jharris.com To: Naga R Narayanaswamy Cc: net@FreeBSD.ORG Subject: Re: Need Help ASAP: Out of UDP space? In-Reply-To: <3C5879D2.DE7AEF56@mindspring.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 30 Jan 2002, Naga R Narayanaswamy wrote: > Nick Rogness wrote: > Which radius server package are you using. Because I know there are > different > port packages for radius server. Radiator. > After how long (days or hours) did you encounter this problem? > It's random... usually stays up until the peak times. It stayed up from 8AM-4:53PM. At this time it dropped (On both RAD Servers) and the Recv-Q stays pinned out around 31000. > Don't you have some sort of logging on the server. I usually turn on > some level of debug, which gives a better picture in case of errors. > (btw, i use the radius server from freeradius.org) > logging is turned on. It thinks everything is fine. It's sending Auth-Accept back to NAS. > > > > I misspoke here. According to tcpdump it is sending the > > response back to the NAS. I need to get a packet sniffer between > > the NAS and the BSD machine to determine if it is actually getting > > transmitted across the wire or not. This problem is happening on > > both fBSD based Radius servers at about the same time. Maybe load > > related? Only other thing in common between the 2 is that they > > both have fxp ethernet cards. > Nick Rogness - Don't mind me...I'm just sniffing your packets To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 31 9:40:15 2002 Delivered-To: freebsd-net@freebsd.org Received: from aurora.sol.net (aurora.sol.net [206.55.65.76]) by hub.freebsd.org (Postfix) with ESMTP id 467AE37B425 for ; Thu, 31 Jan 2002 09:40:01 -0800 (PST) Received: (from jgreco@localhost) by aurora.sol.net (8.9.3/8.9.2/SNNS-1.02) id LAA64358 for freebsd-net@freebsd.org; Thu, 31 Jan 2002 11:39:59 -0600 (CST) From: Joe Greco Message-Id: <200201311739.LAA64358@aurora.sol.net> Subject: Luigi's polling code and 4.5R To: freebsd-net@freebsd.org Date: Thu, 31 Jan 2002 11:39:59 -0600 (CST) X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Has anybody made this work? I just installed a FreeBSD 4.5R router yesterday, and wanted to play with the polling stuff. A nice 16-port router with 4 x DFE 570 cards in it... The fxp file didn't patch cleanly, but I don't use fxp, and it looked like I could safely just move the original file back in place. I compiled, installed, rebooted. Upon setting kern.polling.enable to 1, the system went net-deaf, with a bunch of dc0: watchdog timeout dc4: watchdog timeout dc5: watchdog timeout every few seconds. I did it when the system was under load (~100 mbits) but it happens when the system isn't, too. Am I doing something stupid? Any suggestions appreciated. -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 31 9:45: 3 2002 Delivered-To: freebsd-net@freebsd.org Received: from iguana.icir.org (iguana.icir.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id C69D137B419 for ; Thu, 31 Jan 2002 09:44:58 -0800 (PST) Received: (from rizzo@localhost) by iguana.icir.org (8.11.3/8.11.3) id g0VHihJ44057; Thu, 31 Jan 2002 09:44:43 -0800 (PST) (envelope-from rizzo) Date: Thu, 31 Jan 2002 09:44:43 -0800 From: Luigi Rizzo To: Joe Greco Cc: freebsd-net@FreeBSD.ORG Subject: Re: Luigi's polling code and 4.5R Message-ID: <20020131094443.A44015@iguana.icir.org> References: <200201311739.LAA64358@aurora.sol.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200201311739.LAA64358@aurora.sol.net> User-Agent: Mutt/1.3.23i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Wait a bit -- next week iam going to review the code and MFC (with the structure that is in -current ie. the new code in a separate file, kern_poll.c). cheers luigi On Thu, Jan 31, 2002 at 11:39:59AM -0600, Joe Greco wrote: > Has anybody made this work? > > I just installed a FreeBSD 4.5R router yesterday, and wanted to play with > the polling stuff. A nice 16-port router with 4 x DFE 570 cards in it... > > The fxp file didn't patch cleanly, but I don't use fxp, and it looked like > I could safely just move the original file back in place. > > I compiled, installed, rebooted. Upon setting kern.polling.enable to 1, > the system went net-deaf, with a bunch of > > dc0: watchdog timeout > dc4: watchdog timeout > dc5: watchdog timeout > > every few seconds. > > I did it when the system was under load (~100 mbits) but it happens when > the system isn't, too. > > Am I doing something stupid? > > Any suggestions appreciated. > -- > Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net > "We call it the 'one bite at the apple' rule. Give me one chance [and] then I > won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) > With 24 million small businesses in the US alone, that's way too many apples. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 31 12:37:21 2002 Delivered-To: freebsd-net@freebsd.org Received: from sonic.kks.net (sonic.kks.net [213.161.0.18]) by hub.freebsd.org (Postfix) with ESMTP id 227DE37B400; Thu, 31 Jan 2002 12:37:17 -0800 (PST) Received: from voyager.kksonline.com (5-51.ro.cable.kks.net [213.161.5.51]) by sonic.kks.net (Postfix) with ESMTP id 630FB20D; Thu, 31 Jan 2002 21:37:25 +0100 (CET) Message-Id: <5.0.2.1.0.20020131212800.02756b20@164.8.8.5> X-Sender: rozmanal@164.8.8.5 X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Thu, 31 Jan 2002 21:34:58 +0100 To: freebsd-net@freebsd.org, freebsd-hackers@FreeBSD.ORG From: Aleksander Rozman - Andy Subject: ARP and AX.25 (help needed) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello Everybody ! I am working on implementation of AX.25 protocol. My code also needs ARP and I was wondering if there is a way to use existing ARP code, or do I need to duplicate code and use my arp structure instead original one? I need arp to resolve HAM addresses to IP addresses. HAM address has seven u_chars (6 for callsign one one for SSID). Now if anyone has any idea how could I solve this without duplicating same code, I would be very thankful. You can also contact me off-list. Andy ************************************************************************** * Aleksander Rozman - Andy * Fandoms: E2:EA, SAABer, Trekkie, Earthie * * andy@kksonline.com * Sentinel, BH 90210, True's Trooper, * * andy@atechnet.dhs.org * Heller's Angel, Questie, Legacy, PO5, * * Maribor, Slovenia (Europe) * Profiler, Buffy (Slayerete), Pretender * * ICQ-UIC: 4911125 ********************************************* * PGP key available * http://www.atechnet.dhs.org/~andy/ * ************************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 31 13:50:44 2002 Delivered-To: freebsd-net@freebsd.org Received: from mta6.snfc21.pbi.net (mta6.snfc21.pbi.net [206.13.28.240]) by hub.freebsd.org (Postfix) with ESMTP id F318F37B400 for ; Thu, 31 Jan 2002 13:50:42 -0800 (PST) Received: from FreeBSD.org ([63.193.112.125]) by mta6.snfc21.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with ESMTP id <0GQT00LWFOOIO0@mta6.snfc21.pbi.net> for net@FreeBSD.ORG; Thu, 31 Jan 2002 13:50:42 -0800 (PST) Date: Thu, 31 Jan 2002 13:51:26 -0800 From: Jeffrey Hsu Subject: Re: Need Help ASAP: Out of UDP space? In-reply-to: Message from Nick Rogness "of Thu, 31 Jan 2002 11:27:18 CST." To: Nick Rogness Cc: net@FreeBSD.ORG Message-id: <0GQT00LWHOOIO0@mta6.snfc21.pbi.net> MIME-version: 1.0 X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org What does netstat -s say? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 31 16:49: 3 2002 Delivered-To: freebsd-net@freebsd.org Received: from cluttered.com (w024.z064002058.sjc-ca.dsl.cnc.net [64.2.58.24]) by hub.freebsd.org (Postfix) with ESMTP id 1E1F237B416 for ; Thu, 31 Jan 2002 16:48:56 -0800 (PST) Received: from orgasmotron.cluttered.com (jsd [10.10.10.3]) by cluttered.com (Postfix) with ESMTP id 58781C983A for ; Thu, 31 Jan 2002 16:49:00 -0800 (PST) Message-Id: <4.3.2.7.2.20020131164433.00c62678@10.10.10.1> X-Sender: jsd@10.10.10.1 X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 31 Jan 2002 16:48:56 -0800 To: freebsd-net@freebsd.org From: Jon Drukman Subject: pptp + mschap Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org my company recently switched from a nortel vpn system to a radius based scheme that is very windows-centric. i had no problems connecting to the nortel using pptpclient (from the ports). now it seems i'm being thrown by ms-chap authentication. i don't really know how to set this up. as far as i can see from reading the documentation that comes with pptpclient, this should suffice: cnet: set authname cnet\\jdrukman set authkey xxxxx set timeout 0 set login enable chap set log LCP i type "pptp vpn-sf.cnet.com cnet" to initiate the connection. the log file shows: Jan 31 16:19:22 cluttered ppp[32201]: Phase: Using interface: tun0 Jan 31 16:19:22 cluttered ppp[32201]: Phase: deflink: Created in closed state Jan 31 16:19:23 cluttered ppp[32201]: LCP: FSM: Using "deflink" as a transport Jan 31 16:19:23 cluttered ppp[32201]: LCP: deflink: State change Initial --> Closed Jan 31 16:19:23 cluttered ppp[32201]: LCP: deflink: State change Closed --> Stopped Jan 31 16:19:24 cluttered ppp[32201]: LCP: deflink: LayerStart Jan 31 16:19:24 cluttered ppp[32201]: LCP: deflink: SendConfigReq(1) state = Stopped Jan 31 16:19:24 cluttered ppp[32201]: LCP: ACFCOMP[2] Jan 31 16:19:24 cluttered ppp[32201]: LCP: PROTOCOMP[2] Jan 31 16:19:24 cluttered ppp[32201]: LCP: ACCMAP[6] 0x00000000 Jan 31 16:19:24 cluttered ppp[32201]: LCP: MRU[4] 1500 Jan 31 16:19:24 cluttered ppp[32201]: LCP: MAGICNUM[6] 0x451f9b67 Jan 31 16:19:24 cluttered ppp[32201]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Jan 31 16:19:24 cluttered ppp[32201]: LCP: deflink: State change Stopped --> Req-Sent Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: RecvConfigReq(77) state = Req-Sent Jan 31 16:19:25 cluttered ppp[32201]: LCP: MRU[4] 1500 Jan 31 16:19:25 cluttered ppp[32201]: LCP: ACCMAP[6] 0x000a0000 Jan 31 16:19:25 cluttered ppp[32201]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x81) Jan 31 16:19:25 cluttered ppp[32201]: Warning: CHAP 0x81 not supported Jan 31 16:19:25 cluttered ppp[32201]: LCP: MAGICNUM[6] 0x2567e117 Jan 31 16:19:25 cluttered ppp[32201]: LCP: PROTOCOMP[2] Jan 31 16:19:25 cluttered ppp[32201]: LCP: ACFCOMP[2] Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: SendConfigNak(77) state = Req-Sent Jan 31 16:19:25 cluttered ppp[32201]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: SendTerminateReq(1) state = Req-Sent Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: State change Req-Sent --> Closing Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: LayerFinish Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: State change Closing --> Initial and i'm not connected. the tech support people at my company are not very helpful. they said, use windows. i can get it to work fine from windows but it's so annoying (it interrupts existing connections and forces everything to go through the vpn regardless of whether it makes any sense). it used to work great with freebsd... any help appreciated!! thanks -jsd- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 31 17:45:16 2002 Delivered-To: freebsd-net@freebsd.org Received: from spitfire.velocet.net (spitfire.velocet.net [216.138.223.227]) by hub.freebsd.org (Postfix) with ESMTP id DF94737B400; Thu, 31 Jan 2002 17:45:11 -0800 (PST) Received: from office.tor.velocet.net (trooper.velocet.net [216.138.242.2]) by spitfire.velocet.net (Postfix) with ESMTP id 219D7FB4503; Thu, 31 Jan 2002 20:45:11 -0500 (EST) Received: (from dgilbert@localhost) by office.tor.velocet.net (8.11.6/8.9.3) id g111j7263206; Thu, 31 Jan 2002 20:45:07 -0500 (EST) (envelope-from dgilbert) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15449.62243.298239.408537@trooper.velocet.net> Date: Thu, 31 Jan 2002 20:45:07 -0500 To: freebsd-stable@freebsd.org, freebsd-net@freebsd.org Subject: mpd-netgraph problem. X-Mailer: VM 6.96 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm using mpd-netgraph to attempt to connect an encrypted tunnel. It appears to connect (according to the messages), but the following is spit out for most packets I try to put down the tunnel: [vpn] LCP: rec'd Protocol Reject #1 link 0 (Opened) [vpn] LCP: protocol 0x0029 was rejected [vpn] LCP: rec'd Protocol Reject #2 link 0 (Opened) [vpn] LCP: protocol 0x00a1 was rejected (on the one end) [strikeppp] rec'd unexpected protocol 0x0029 on link -1, rejecting [strikeppp] rec'd unexpected protocol 0x00a1 on link -1, rejecting [strikeppp] rec'd unexpected protocol 0x0001 on link -1, rejecting (on the other) The second log also contains lines of the form: [strikeppp] rec'd proto 0xee53 on MP link! (ignoring) [strikeppp] rec'd proto 0xcc0d on MP link! (ignoring) ... any ideas? Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://daveg.ca | are precisely opposite. | =========================================================GLO================ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 31 17:51:55 2002 Delivered-To: freebsd-net@freebsd.org Received: from Awfulhak.org (gw.Awfulhak.org [217.204.245.18]) by hub.freebsd.org (Postfix) with ESMTP id C499137B400 for ; Thu, 31 Jan 2002 17:51:43 -0800 (PST) Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [fec0::1:12]) by Awfulhak.org (8.11.6/8.11.6) with ESMTP id g111peN14905; Fri, 1 Feb 2002 01:51:40 GMT (envelope-from brian@freebsd-services.com) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.6/8.11.6) with ESMTP id g111pbJ06655; Fri, 1 Feb 2002 01:51:37 GMT (envelope-from brian@freebsd-services.com) Message-Id: <200202010151.g111pbJ06655@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Jon Drukman Cc: freebsd-net@FreeBSD.ORG, brian@freebsd-services.com Subject: Re: pptp + mschap In-Reply-To: Message from Jon Drukman of "Thu, 31 Jan 2002 16:48:56 PST." <4.3.2.7.2.20020131164433.00c62678@10.10.10.1> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 01 Feb 2002 01:51:37 +0000 From: Brian Somers Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I don't know a great deal about PPTP, but as it happens, I recently looked for a radius server that'd talk MSCHAPv2 - so that I could teach ppp to do it. I couldn't find any support in the ports, and then our [potential] client backed out, so I never got any further. If you could find a spec on how to talk MSCHAP & MSCHAPv2 to a radius server, I'd certainly be happy to add support to ppp. You never know - the client may come back :*) Cheers. > my company recently switched from a nortel vpn system to a radius based > scheme that is very windows-centric. i had no problems connecting to the > nortel using pptpclient (from the ports). > > now it seems i'm being thrown by ms-chap authentication. i don't really > know how to set this up. as far as i can see from reading the > documentation that comes with pptpclient, this should suffice: > > cnet: > set authname cnet\\jdrukman > set authkey xxxxx > set timeout 0 > set login > enable chap > set log LCP > > > i type "pptp vpn-sf.cnet.com cnet" to initiate the connection. the log > file shows: > > Jan 31 16:19:22 cluttered ppp[32201]: Phase: Using interface: tun0 > Jan 31 16:19:22 cluttered ppp[32201]: Phase: deflink: Created in closed state > Jan 31 16:19:23 cluttered ppp[32201]: LCP: FSM: Using "deflink" as a transport > Jan 31 16:19:23 cluttered ppp[32201]: LCP: deflink: State change Initial > --> Closed > Jan 31 16:19:23 cluttered ppp[32201]: LCP: deflink: State change Closed --> > Stopped > Jan 31 16:19:24 cluttered ppp[32201]: LCP: deflink: LayerStart > Jan 31 16:19:24 cluttered ppp[32201]: LCP: deflink: SendConfigReq(1) state > = Stopped > Jan 31 16:19:24 cluttered ppp[32201]: LCP: ACFCOMP[2] > Jan 31 16:19:24 cluttered ppp[32201]: LCP: PROTOCOMP[2] > Jan 31 16:19:24 cluttered ppp[32201]: LCP: ACCMAP[6] 0x00000000 > Jan 31 16:19:24 cluttered ppp[32201]: LCP: MRU[4] 1500 > Jan 31 16:19:24 cluttered ppp[32201]: LCP: MAGICNUM[6] 0x451f9b67 > Jan 31 16:19:24 cluttered ppp[32201]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) > Jan 31 16:19:24 cluttered ppp[32201]: LCP: deflink: State change Stopped > --> Req-Sent > Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: RecvConfigReq(77) state > = Req-Sent > Jan 31 16:19:25 cluttered ppp[32201]: LCP: MRU[4] 1500 > Jan 31 16:19:25 cluttered ppp[32201]: LCP: ACCMAP[6] 0x000a0000 > Jan 31 16:19:25 cluttered ppp[32201]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x81) > Jan 31 16:19:25 cluttered ppp[32201]: Warning: CHAP 0x81 not supported > Jan 31 16:19:25 cluttered ppp[32201]: LCP: MAGICNUM[6] 0x2567e117 > Jan 31 16:19:25 cluttered ppp[32201]: LCP: PROTOCOMP[2] > Jan 31 16:19:25 cluttered ppp[32201]: LCP: ACFCOMP[2] > Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: SendConfigNak(77) state > = Req-Sent > Jan 31 16:19:25 cluttered ppp[32201]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) > Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: SendTerminateReq(1) > state = Req-Sent > Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: State change Req-Sent > --> Closing > Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: LayerFinish > Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: State change Closing > --> Initial > > and i'm not connected. the tech support people at my company are not very > helpful. they said, use windows. i can get it to work fine from windows > but it's so annoying (it interrupts existing connections and forces > everything to go through the vpn regardless of whether it makes any > sense). it used to work great with freebsd... any help appreciated!! > > thanks > -jsd- -- Brian http://www.freebsd-services.com/ Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 31 18:41:56 2002 Delivered-To: freebsd-net@freebsd.org Received: from tp.databus.com (p72-186.acedsl.com [66.114.72.186]) by hub.freebsd.org (Postfix) with ESMTP id 1D6D037B404 for ; Thu, 31 Jan 2002 18:41:54 -0800 (PST) Received: (from barney@localhost) by tp.databus.com (8.11.6/8.11.4) id g112fT941080; Thu, 31 Jan 2002 21:41:29 -0500 (EST) (envelope-from barney) Date: Thu, 31 Jan 2002 21:41:29 -0500 From: Barney Wolff To: Brian Somers Cc: Jon Drukman , freebsd-net@FreeBSD.ORG Subject: Re: pptp + mschap Message-ID: <20020131214129.A16814@tp.databus.com> References: <200202010151.g111pbJ06655@hak.lan.Awfulhak.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200202010151.g111pbJ06655@hak.lan.Awfulhak.org>; from brian@freebsd-services.com on Fri, Feb 01, 2002 at 01:51:37AM +0000 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org See RFC2548. On Fri, Feb 01, 2002 at 01:51:37AM +0000, Brian Somers wrote: > > If you could find a spec on how to talk MSCHAP & MSCHAPv2 to a radius > server, I'd certainly be happy to add support to ppp. You never know > - the client may come back :*) -- Barney Wolff "Nonetheless, ease and peace had left this people still curiously tough. They were, if it came to it, difficult to daunt or to kill; and they were, perhaps, so unwearyingly fond of good things not least because they could, when put to it, do without them, and could survive rough handling by grief, foe, or weather in a way that astonished those who did not know them well and looked no further than their bellies and their well-fed faces." J.R.R.T. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 31 19:15: 0 2002 Delivered-To: freebsd-net@freebsd.org Received: from cody.jharris.com (cody.jharris.com [205.238.128.83]) by hub.freebsd.org (Postfix) with ESMTP id AE61737B41A; Thu, 31 Jan 2002 19:14:33 -0800 (PST) Received: from localhost (nick@localhost) by cody.jharris.com (8.11.1/8.9.3) with ESMTP id g113IuV46719; Thu, 31 Jan 2002 21:18:56 -0600 (CST) (envelope-from nick@rogness.net) Date: Thu, 31 Jan 2002 21:18:56 -0600 (CST) From: Nick Rogness X-Sender: nick@cody.jharris.com To: Jeffrey Hsu Cc: net@FreeBSD.ORG, keramida@FreeBSD.ORG Subject: Re: Need Help ASAP: Out of UDP space? In-Reply-To: <0GQT00LWHOOIO0@mta6.snfc21.pbi.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 31 Jan 2002, Jeffrey Hsu wrote: > What does netstat -s say? It looks as if it gets progressively worse over time. The UDP "dropped due to full socket buffers" increases with time: [NOTE]: tcpdump on the wire reveals that packets are still being sent back to the NAS. I have a trace if you need. # netstat -s: [SNIP] udp: 1880604 datagrams received 0 with incomplete header 0 with bad data length field 14 with bad checksum 41541 with no checksum 4182 dropped due to no socket 7 broadcast/multicast datagrams dropped due to no socket 20602 dropped due to full socket buffers 0 not for hashed pcb 1855799 delivered 1839573 datagrams output netstat -s (taken later): [SNIP] udp: 1889747 datagrams received 0 with incomplete header 0 with bad data length field 14 with bad checksum 44508 with no checksum 4184 dropped due to no socket 8 broadcast/multicast datagrams dropped due to no socket 23056 dropped due to full socket buffers 0 not for hashed pcb 1862485 delivered 1846204 datagrams output netstat -s (even later): [SNIP] udp: 1901210 datagrams received 0 with incomplete header 0 with bad data length field 14 with bad checksum 48692 with no checksum 4184 dropped due to no socket 14 broadcast/multicast datagrams dropped due to no socket 26514 dropped due to full socket buffers 0 not for hashed pcb 1870484 delivered 1854002 datagrams output Any help would be greatly appreciated. Nick Rogness - Don't mind me...I'm just sniffing your packets To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 31 20:52: 9 2002 Delivered-To: freebsd-net@freebsd.org Received: from mta5.snfc21.pbi.net (mta5.snfc21.pbi.net [206.13.28.241]) by hub.freebsd.org (Postfix) with ESMTP id 255A737B405 for ; Thu, 31 Jan 2002 20:52:08 -0800 (PST) Received: from FreeBSD.org ([63.193.112.125]) by mta5.snfc21.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with ESMTP id <0GQU00D1386VQ0@mta5.snfc21.pbi.net> for net@FreeBSD.ORG; Thu, 31 Jan 2002 20:52:07 -0800 (PST) Date: Thu, 31 Jan 2002 20:52:58 -0800 From: Jeffrey Hsu Subject: Re: Need Help ASAP: Out of UDP space? In-reply-to: Message from Nick Rogness "of Thu, 31 Jan 2002 21:18:56 CST." To: Nick Rogness Cc: net@FreeBSD.ORG Message-id: <0GQU00D1486VQ0@mta5.snfc21.pbi.net> MIME-version: 1.0 X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > The UDP "dropped due to full socket buffers" increases with time This is on the receiving machine, right? It looks like the application isn't reading the buffer. Do a 'ps l' on the application and look at the WCHAN to see if the application is running or waiting for something. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 31 21:28:26 2002 Delivered-To: freebsd-net@freebsd.org Received: from ns1.infowest.com (ns1.infowest.com [204.17.177.10]) by hub.freebsd.org (Postfix) with ESMTP id 6ED0E37B42A for ; Thu, 31 Jan 2002 21:27:54 -0800 (PST) Received: from there (eq.net [208.186.104.163]) by ns1.infowest.com (Postfix) with SMTP id E078B20F8F; Thu, 31 Jan 2002 22:27:53 -0700 (MST) Content-Type: text/plain; charset="iso-8859-1" From: "Aaron D. Gifford" To: freebsd-net@freebsd.org Subject: Re: Timeouts on dynamic ipfw rules Date: Thu, 31 Jan 2002 22:27:50 -0700 X-Mailer: KMail [version 1.3.2] Cc: spe@bsdfr.org MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20020201052753.E078B20F8F@ns1.infowest.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Sebastien Petit (spe@bsdfr.org) was heard to say: >I found your patches for 5.0-CURRENT, I will update it for 4.4 and 4.5, >thank you Crist. >Will this patch be commited in 5.0-RELEASE or perhaps 4.6 ? I think >this is a good functionnality imho. > >-- >Sebastien Petit >spe@bsdfr.org >The HUT Project >http://www.bsdshell.net/ > I wrote an ipfw patch set available for 4.4-RELEASE through 4.5-STABLE, and even a very few versions of -CURRENT that addes a "lifetime " feature to ipfw. By default, it overrides the dyn_ack_lifetime timeout for TCP rules, the dyn_udp_lifetime for UDP rules, and dyn_short_lifetime for all other IP rules that use it (keepstate rules, that is). The patch set includes a man page patch explaining the addition. The latest versions of the set are available at: http://www.aarongifford.com/computers/ipfwpatch.html I have used this functionality on MANY of the FreeBSD systems I admin. since June of 2000 when I first created the patches and posted them (see the freebsd-net archive for the archaic versions thereof). The above web page has versions of the patch set for 4.4-RELEASE, 4.5-RELEASE, several different 4.X-STABLE versions, and even 1 or 2 -CURRENT versions (though those are getting old). There are two open PRs (Oops! There should be only one - someone can freely merge these if they want.) in hopes of getting this (or similar) functionality included in the source tree: http://www.FreeBSD.org/cgi/query-pr.cgi?pr=kern/28713 http://www.FreeBSD.org/cgi/query-pr.cgi?pr=kern/22065 Memory wise, the patches only increase memory use in the dynamic rules (a single unsigned short), using a union to store the information in the main ruleset since for keep-state rules the union in question was not in use (or so I believe - no one has told me otherwise, I can't see a problem, and I haven't yet heard of any trouble - if there ever was trouble, it would be easy to move the field out of the union). >On 2002.01.26 02:53 Crist J. Clark wrote: >> On Fri, Jan 25, 2002 at 11:39:29AM -0800, Luigi Rizzo wrote: >> > there were patches floating around for something similar. >> > >> > cheers >> > luigi >> > >> > On Fri, Jan 25, 2002 at 05:28:38PM +0100, Sebastien Petit wrote: >> > > Hi, >> > > >> > > Is there a way to set per keep-state rule timeout ? >> > > I want to have a little ack timeout for connection to mysql database tcp 3306 but a long ack timeout for other rules. >> > > if not perhaps this syntax can be implemented on ipfw code, for example: >> > > ipfw add ... keepstate setup timeout-ack 3600 >> > > or >> > > ipfw add ... keepstate setup timeout-syn 50 Now that's an intriguing idea, adding per-rule options that are a bit more specific than just modifying dyn_ack_lifetime for TCP, dyn_udp_lifetime for UDP, and dyn_short_lifetime for others. Your syntax (or a variation thereof) could be used to give even tighter control over per-rule timeouts (at the small expense of more memory used to store those per-rule timeouts). >> > > >> > > Perhaps I can do this stuff if there are no objections ? >> >> I've got CURRENT patches to do this at the site in the .sig. My STABLE >> ones bitrotted (the CURRENT ones might be pass the sell-by date >> too). But I could redo them if there is interest. >> -- >> Crist J. Clark | cjclark@alum.mit.edu >> | cjclark@jhu.edu >> http://people.freebsd.org/~cjc/ | cjc@freebsd.org >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-net" in the body of the message >> I too would love to see per-rule expiration control added to FreeBSD's excellent ipfw filter. Aaron out. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 1 0:58:19 2002 Delivered-To: freebsd-net@freebsd.org Received: from ns1.infowest.com (ns1.infowest.com [204.17.177.10]) by hub.freebsd.org (Postfix) with ESMTP id AB50637B404 for ; Fri, 1 Feb 2002 00:58:17 -0800 (PST) Received: from there (eq.net [208.186.104.163]) by ns1.infowest.com (Postfix) with SMTP id A60B12151E for ; Fri, 1 Feb 2002 01:57:40 -0700 (MST) Content-Type: text/plain; charset="iso-8859-1" From: "Aaron D. Gifford" To: freebsd-net@freebsd.org Subject: Re: Timeouts on dynamic ipfw rules Date: Fri, 1 Feb 2002 01:57:36 -0700 X-Mailer: KMail [version 1.3.2] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20020201085740.A60B12151E@ns1.infowest.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I recently was heard to elocute: >Memory wise, the patches only increase memory use in the dynamic rules (a >single unsigned short), using a union to store the information in the main >ruleset since for keep-state rules the union in question was not in use (or >so I believe - no one has told me otherwise, I can't see a problem, and I >haven't yet heard of any trouble - if there ever was trouble, it would be >easy to move the field out of the union). Oops. s/unsigned short/unsigned long/g; Scratch that "unsigned short" and make it an "unsigned long" (or "u_int32_t") instead in the above paragraph. Aaron out. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 1 4:53:39 2002 Delivered-To: freebsd-net@freebsd.org Received: from smtp1.alkar.net (pandora.alkar.net [195.248.191.68]) by hub.freebsd.org (Postfix) with ESMTP id E08D237B417; Fri, 1 Feb 2002 04:53:30 -0800 (PST) Received: by smtp1.alkar.net (Postfix, from userid 1000) id E2CE9F84F; Fri, 1 Feb 2002 14:53:26 +0200 (EET) Date: Fri, 1 Feb 2002 14:53:26 +0200 From: Alexey Luckyanchikov To: freebsd-stable@freebsd.org Cc: freebsd-net@freebsd.org Subject: Weird path MTU autodiscovery problem in 4.5-RELEASE Message-ID: <20020201125326.GA3036@alkar.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: ISP Alkar Teleport Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, I have such network topology: +--------+ +--------+ +--------+ | Server |<---- MTU 1500 ---->| Router |<---- MTU 1476 ---->| Client | +--------+ +--------+ +--------+ Server is box with FreeBSD 4.5-RELEASE, it have firewall, but for testing purpose all connections are allowed. Below is part of dump of session between client & server: 14:06:33.307163 client.1371 > server.7: S [tcp sum ok] 17372427:17372427(0) win 16384 (DF) (ttl 61, id 28157, len 44) 14:06:33.307235 server.7 > client.1371: S [tcp sum ok] 3046898158:3046898158(0) ack 17372428 win 65535 (ttl 64, id 11786, len 44) 14:06:33.365432 client.1371 > server.7: . [tcp sum ok] 1:1(0) ack 1 win 17232 (DF) (ttl 61, id 28158, len 40) 14:06:33.395645 client.1371 > server.7: . 1:1437(1436) ack 1 win 17232 (DF) (ttl 61, id 28159, len 1476) 14:06:33.395889 server.7 > client.1371: P 1:1437(1436) ack 1437 win 65535 (DF) (ttl 64, id 37650, len 1476) [...skip...] 14:06:48.477578 server.7 > client.1371: . 1437:2897(1460) ack 10001 win 65535 (DF) (ttl 64, id 25428, len 1500) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Server send packet with size 1500 bytes 14:06:48.682558 router > server: icmp: client unreachable - need to frag (mtu 1476) for server.7 > client.1371: [|tcp] (DF) (ttl 61, id 25428, len 1500) (ttl 253, id 2491, len 56) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Router say to server that he must to decrease packet size 14:07:04.477857 server.7 > client.1371: . 1437:2897(1460) ack 10001 win 65535 (DF) (ttl 64, id 52781, len 1500) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ But server ignore this information and still send 1500 bytes packets [...skip...] It demonstrate that server _must_ to decrease MTU, but it doesn't. Wy? And how I can fix this problem? -- Sincerely, e-mail: alexl@alkar.net Alexey Luckyanchikov To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 1 5:55:12 2002 Delivered-To: freebsd-net@freebsd.org Received: from inje.iskon.hr (inje.iskon.hr [213.191.128.16]) by hub.freebsd.org (Postfix) with ESMTP id ACFE737B419 for ; Fri, 1 Feb 2002 05:55:06 -0800 (PST) Received: from tel.fer.hr (zg07-029.dialin.iskon.hr [213.191.150.30]) by mail.iskon.hr (8.11.4/8.11.4/Iskon 8.11.3-1) with ESMTP id g11DsuR09917 for ; Fri, 1 Feb 2002 14:54:59 +0100 (MET) Message-ID: <3C5A9E1E.400F9772@tel.fer.hr> Date: Fri, 01 Feb 2002 14:54:38 +0100 From: Marko Zec X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: ng_dummy - netgraph traffic shaping node Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The result of an innocent netgraph programming exercise can be found at: http://www.tel.fer.hr/zec/BSD/ng_dummy/ "ng_dummy" is a simple traffic shaper node that implements control of traffic flow in both upstream and downstream direction. In each direction, the traffic flows through the sequence of two FIFO-type queues, which implement different queuing policies. The "inbound" queue is rate limited, and emulates an interface output buffer. On "outbound" queue, frames are dequeued based on preconfigured delay, thus emulating propagation effects on a transmission link. Additional features include random frame discarding based on BER; and emulation of phantom traffic, which competes for available bandwidth, and thereby introduces inbound queue congestions and delay jitter. Have fun! Marko To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 1 7:30:11 2002 Delivered-To: freebsd-net@freebsd.org Received: from laptop.tenebras.com (laptop.tenebras.com [66.92.188.18]) by hub.freebsd.org (Postfix) with SMTP id 1436C37B41B for ; Fri, 1 Feb 2002 07:30:01 -0800 (PST) Received: (qmail 6222 invoked from network); 1 Feb 2002 15:29:59 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (66.92.188.241) by 0 with SMTP; 1 Feb 2002 15:29:59 -0000 Message-ID: <3C5AB477.3000304@tenebras.com> Date: Fri, 01 Feb 2002 07:29:59 -0800 From: Michael Sierchio User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.7) Gecko/20020131 X-Accept-Language: en-us MIME-Version: 1.0 To: Alexey Luckyanchikov Cc: freebsd-stable@freebsd.org, freebsd-net@freebsd.org Subject: Re: Weird path MTU autodiscovery problem in 4.5-RELEASE References: <20020201125326.GA3036@alkar.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Alexey Luckyanchikov wrote: > 14:06:48.477578 server.7 > client.1371: . 1437:2897(1460) ack 10001 win 65535 (DF) (ttl 64, id 25428, len 1500) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > Server send packet with size 1500 bytes > > 14:06:48.682558 router > server: icmp: client unreachable - need to frag (mtu 1476) for server.7 > client.1371: [|tcp] (DF) (ttl 61, id 25428, len 1500) (ttl 253, id 2491, len 56) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > Router say to server that he must to decrease packet size > > 14:07:04.477857 server.7 > client.1371: . 1437:2897(1460) ack 10001 win 65535 (DF) (ttl 64, id 52781, len 1500) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > But server ignore this information and still send 1500 bytes packets What's the result of 'sysctl net.inet.tcp.path_mtu_discovery' ?? Not that I can imagine, at the moment, what would set it to 0.... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 1 7:51:41 2002 Delivered-To: freebsd-net@freebsd.org Received: from whizzo.transsys.com (whizzo.TransSys.COM [144.202.42.10]) by hub.freebsd.org (Postfix) with ESMTP id 543ED37B428; Fri, 1 Feb 2002 07:51:10 -0800 (PST) Received: from whizzo.transsys.com (#6@localhost.transsys.com [127.0.0.1]) by whizzo.transsys.com (8.11.6/8.11.6) with ESMTP id g11Forp17319; Fri, 1 Feb 2002 10:50:53 -0500 (EST) (envelope-from louie@whizzo.transsys.com) Message-Id: <200202011550.g11Forp17319@whizzo.transsys.com> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Michael Sierchio Cc: Alexey Luckyanchikov , freebsd-stable@FreeBSD.ORG, freebsd-net@FreeBSD.ORG X-Image-URL: http://www.transsys.com/louie/images/louie-mail.jpg From: "Louis A. Mamakos" Subject: Re: Weird path MTU autodiscovery problem in 4.5-RELEASE References: <20020201125326.GA3036@alkar.net> <3C5AB477.3000304@tenebras.com> In-reply-to: Your message of "Fri, 01 Feb 2002 07:29:59 PST." <3C5AB477.3000304@tenebras.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 01 Feb 2002 10:50:53 -0500 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Is the server filtering out ICMP traffic with ipfw or something? > Alexey Luckyanchikov wrote: > > > > 14:06:48.477578 server.7 > client.1371: . 1437:2897(1460) ack 10001 win 65535 (DF) (ttl 64, id 25428, len 1500) > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > Server send packet with size 1500 bytes > > > > 14:06:48.682558 router > server: icmp: client unreachable - need to frag (mtu 1476) for server.7 > client.1371: [|tcp] (DF) (ttl 61, id 25428, len 1500) (ttl 253, id 2491, len 56) > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > Router say to server that he must to decrease packet size > > > > 14:07:04.477857 server.7 > client.1371: . 1437:2897(1460) ack 10001 win 65535 (DF) (ttl 64, id 52781, len 1500) > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > But server ignore this information and still send 1500 bytes packets > > > What's the result of 'sysctl net.inet.tcp.path_mtu_discovery' ?? Not that > I can imagine, at the moment, what would set it to 0.... > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 1 8: 3:16 2002 Delivered-To: freebsd-net@freebsd.org Received: from smtp1.alkar.net (pandora.alkar.net [195.248.191.68]) by hub.freebsd.org (Postfix) with ESMTP id 3EF0F37B400; Fri, 1 Feb 2002 08:03:05 -0800 (PST) Received: by smtp1.alkar.net (Postfix, from userid 1000) id 29BF7F884; Fri, 1 Feb 2002 18:03:02 +0200 (EET) Date: Fri, 1 Feb 2002 18:03:02 +0200 From: Alexey Luckyanchikov To: "Louis A. Mamakos" Cc: freebsd-stable@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: Weird path MTU autodiscovery problem in 4.5-RELEASE Message-ID: <20020201160302.GD15303@alkar.net> References: <20020201125326.GA3036@alkar.net> <3C5AB477.3000304@tenebras.com> <200202011550.g11Forp17319@whizzo.transsys.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200202011550.g11Forp17319@whizzo.transsys.com> Organization: ISP Alkar Teleport Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 01 Feb 2002, Louis A. Mamakos wrote: LAM> Is the server filtering out ICMP traffic with ipfw or something? Server have not any filters. ipfw support is compiled in, but first rule is 'allow ip from any to any' and dump which you can see below was made on server. LAM> > Alexey Luckyanchikov wrote: LAM> > LAM> > LAM> > > 14:06:48.477578 server.7 > client.1371: . 1437:2897(1460) ack 10001 win 65535 (DF) (ttl 64, id 25428, len 1500) LAM> > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ LAM> > > Server send packet with size 1500 bytes LAM> > > LAM> > > 14:06:48.682558 router > server: icmp: client unreachable - need to frag (mtu 1476) for server.7 > client.1371: [|tcp] (DF) (ttl 61, id 25428, len 1500) (ttl 253, id 2491, len 56) LAM> > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ LAM> > > Router say to server that he must to decrease packet size LAM> > > LAM> > > 14:07:04.477857 server.7 > client.1371: . 1437:2897(1460) ack 10001 win 65535 (DF) (ttl 64, id 52781, len 1500) LAM> > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ LAM> > > But server ignore this information and still send 1500 bytes packets LAM> > LAM> > LAM> > What's the result of 'sysctl net.inet.tcp.path_mtu_discovery' ?? Not that LAM> > I can imagine, at the moment, what would set it to 0.... -- Sincerely, e-mail: alexl@alkar.net Alexey Luckyanchikov To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 1 8:13:32 2002 Delivered-To: freebsd-net@freebsd.org Received: from smtp1.alkar.net (pandora.alkar.net [195.248.191.68]) by hub.freebsd.org (Postfix) with ESMTP id 8F67037B400; Fri, 1 Feb 2002 08:13:22 -0800 (PST) Received: by smtp1.alkar.net (Postfix, from userid 1000) id 47DF6F897; Fri, 1 Feb 2002 18:13:19 +0200 (EET) Date: Fri, 1 Feb 2002 18:13:19 +0200 From: Alexey Luckyanchikov To: Michael Sierchio Cc: freebsd-stable@freebsd.org, freebsd-net@freebsd.org Subject: Re: Weird path MTU autodiscovery problem in 4.5-RELEASE Message-ID: <20020201161319.GA948@alkar.net> References: <20020201125326.GA3036@alkar.net> <3C5AB477.3000304@tenebras.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3C5AB477.3000304@tenebras.com> Organization: ISP Alkar Teleport Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, On Fri, 01 Feb 2002, Michael Sierchio wrote: MS> Alexey Luckyanchikov wrote: MS> MS> MS> >14:06:48.477578 server.7 > client.1371: . 1437:2897(1460) ack 10001 win MS> >65535 (DF) (ttl 64, id 25428, len 1500) MS> >^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ MS> >Server send packet with size 1500 bytes MS> > MS> >14:06:48.682558 router > server: icmp: client unreachable - need to frag MS> >(mtu 1476) for server.7 > client.1371: [|tcp] (DF) (ttl 61, id 25428, len MS> >1500) (ttl 253, id 2491, len 56) MS> >^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ MS> >Router say to server that he must to decrease packet size MS> > MS> >14:07:04.477857 server.7 > client.1371: . 1437:2897(1460) ack 10001 win MS> >65535 (DF) (ttl 64, id 52781, len 1500) MS> >^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ MS> >But server ignore this information and still send 1500 bytes packets MS> MS> MS> What's the result of 'sysctl net.inet.tcp.path_mtu_discovery' ?? Not that 1 MoS> I can imagine, at the moment, what would set it to 0.... Yes, set net.inet.tcp.path_mtu_discovery to 0 or set MTU on server to 1476 help. But it is only workaround. -- Sincerely, e-mail: alexl@alkar.net Alexey Luckyanchikov To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 1 8:39:48 2002 Delivered-To: freebsd-net@freebsd.org Received: from web.cs.ndsu.nodak.edu (web.cs.ndsu.NoDak.edu [134.129.125.7]) by hub.freebsd.org (Postfix) with ESMTP id 3737137B402; Fri, 1 Feb 2002 08:39:42 -0800 (PST) Received: (from tinguely@localhost) by web.cs.ndsu.nodak.edu (8.11.4/8.11.4) id g11Gd2C83516; Fri, 1 Feb 2002 10:39:02 -0600 (CST) (envelope-from tinguely) Date: Fri, 1 Feb 2002 10:39:02 -0600 (CST) From: mark tinguely Message-Id: <200202011639.g11Gd2C83516@web.cs.ndsu.nodak.edu> To: andy@kksonline.com, freebsd-hackers@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: ARP and AX.25 (help needed) Cc: fjoe@iclub.nsu.ru In-Reply-To: <5.0.2.1.0.20020131212800.02756b20@164.8.8.5> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I am working on implementation of AX.25 protocol. My code also needs ARP > and I was wondering if there is a way to use existing ARP code, or do I > need to duplicate code and use my arp structure instead original one? I > need arp to resolve HAM addresses to IP addresses. HAM address has seven > u_chars (6 for callsign one one for SSID). Now if anyone has any idea how > could I solve this without duplicating same code, I would be very thankful. the arp code has been modified for ARCNET (which uses 1 byte of link level addressing) by fjoe@iclub.nsu.ru from the ARCNET code in NetBSD. In this version they changed the passed parameter in the kernel stack "arpcom" pointer to the ifnet pointer, and reference from the fixed ethernet LLA of 6 octect is changed to "if_addrlen". A new "arpcom" like structure is needed for the AX.25. There are some changes to ifconfig(8) if you plan to soft set the LLA. I made some changes to the above mentioned ARP changes to be more ethernet-like, in that the link level address is stored in both the "arccom" as well as the ifnet structure to make getting the value easier and making the soft-changing of the link level address compatiable with ethernet. To answer your question, the foot work has been done for you. --mark tinguely. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 1 8:57:58 2002 Delivered-To: freebsd-net@freebsd.org Received: from ambrisko.com (adsl-64-174-51-42.dsl.snfc21.pacbell.net [64.174.51.42]) by hub.freebsd.org (Postfix) with ESMTP id 3864337B402 for ; Fri, 1 Feb 2002 08:57:55 -0800 (PST) Received: (from ambrisko@localhost) by ambrisko.com (8.11.6/8.11.6) id g11GvYt20049; Fri, 1 Feb 2002 08:57:34 -0800 (PST) (envelope-from ambrisko) From: Doug Ambrisko Message-Id: <200202011657.g11GvYt20049@ambrisko.com> Subject: Re: pptp + mschap In-Reply-To: <200202010151.g111pbJ06655@hak.lan.Awfulhak.org> To: Brian Somers Date: Fri, 1 Feb 2002 08:57:33 -0800 (PST) Cc: Jon Drukman , freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL94b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Brian Somers writes: | I don't know a great deal about PPTP, but as it happens, I recently | looked for a radius server that'd talk MSCHAPv2 - so that I could teach | ppp to do it. | | I couldn't find any support in the ports, and then our [potential] | client backed out, so I never got any further. | | If you could find a spec on how to talk MSCHAP & MSCHAPv2 to a radius | server, I'd certainly be happy to add support to ppp. You never know | - the client may come back :*) FYI, try FreeRADIUS from their cvs tree. It works here for our testing. http://www.freeradius.org/ Now if they supported LEAP ... I think people are working on it. Doug A. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 1 9:51:57 2002 Delivered-To: freebsd-net@freebsd.org Received: from chmls06.mediaone.net (chmls06.ne.ipsvc.net [24.147.1.144]) by hub.freebsd.org (Postfix) with ESMTP id 212E637B402 for ; Fri, 1 Feb 2002 09:51:28 -0800 (PST) Received: from baloo.ne.mediaone.net (panariti.ne.mediaone.net [66.30.120.53]) by chmls06.mediaone.net (8.11.1/8.11.1) with ESMTP id g11HqXr08368 for ; Fri, 1 Feb 2002 12:52:33 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by baloo.ne.mediaone.net (8.11.6/8.11.6) with ESMTP id g11HpYY64613 for ; Fri, 1 Feb 2002 12:51:34 -0500 (EST) (envelope-from panariti@mediaone.net) Date: Fri, 01 Feb 2002 12:51:34 -0500 (EST) Message-Id: <20020201.125134.730570091.panariti@mediaone.net> To: freebsd-net@freebsd.org Subject: 4.5R and explicit broadcast routes From: "David A. Panariti" X-Attribution: davep X-Mailer: Mew version 2.2rc1 on XEmacs 21.4.6 (Common Lisp) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello all, 4.5R has a new behavior that is breaking an old (and essential) application of mine. When the app tries to make a TCP connection to 255.255.255.255, (as shown by strace: socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3 fcntl(3, F_GETFL) = 0x2 (flags O_RDWR) fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0 connect(3, {sin_family=AF_INET, sin_port=htons(6666), sin_addr=inet_addr("255.255.255.255")}}, 16) = -1 EACCES (Permission denied) ) something in the new net code is adding an explicit route for broadcast, e.g.: 192.168.123.255 ff:ff:ff:ff:ff:ff UHLWb 0 8 dc0 In 4.4, no explicit route for broadcast ever got added, and the app could connect, presumably due to never finding the broadcast route. At this point, I'm not 100% sure this is THE problem, but it certainly is A problem. Unfortunately, all I have is a binary for the app, so I can't figure out what they are doing. I don't even know if making a TCP connection to 255.255.255.255 is legal. Does anyone know where this explicit broadcast route is being added, and why? Is there a knob to turn it off? Since this is the only app I care about that uses its port, I could add special case code to *NOT* add this route when I see a connection to this port to addr 255.255.255.255. Would the lack of this route cause then cause other failures, too? Some more details: During connect, the broadcast route is found and the app then errors out inside ip_output() since the flags passed to that routine mask out all bits except SO_DONTROUTE. During connect, tcp_usr_connect() calls tcp_output() which eventually calls ip_output(): error = ip_output(m, tp->t_inpcb->inp_options, &tp->t_inpcb->inp_route, (so->so_options & SO_DONTROUTE), 0); Inside ip_output(): if (ro->ro_rt->rt_flags & RTF_HOST) isbroadcast = (ro->ro_rt->rt_flags & RTF_BROADCAST); ... if (isbroadcast) { .... if ((flags & IP_ALLOWBROADCAST) == 0) { error = EACCES; goto bad; } } Even if the socket did allow broadcasts, that bit would have been masked in the call to ip_output(). This error is set and the connect fails. thanks, davep -- The surest protection against temptation is cowardice. -- Mark Twain To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 1 10:15:13 2002 Delivered-To: freebsd-net@freebsd.org Received: from avocet.prod.itd.earthlink.net (avocet.mail.pas.earthlink.net [207.217.120.50]) by hub.freebsd.org (Postfix) with ESMTP id 0261D37B422; Fri, 1 Feb 2002 10:13:54 -0800 (PST) Received: from user-2ivfov0.dialup.mindspring.com ([165.247.227.224] helo=gohan.cjclark.org) by avocet.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 16WiC7-0005BU-00; Fri, 01 Feb 2002 10:13:52 -0800 Received: (from cjc@localhost) by gohan.cjclark.org (8.11.6/8.11.1) id g11Hl3H68287; Fri, 1 Feb 2002 09:47:03 -0800 (PST) (envelope-from cjc) Date: Fri, 1 Feb 2002 09:47:02 -0800 From: "Crist J. Clark" To: Alexey Luckyanchikov Cc: freebsd-stable@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: Weird path MTU autodiscovery problem in 4.5-RELEASE Message-ID: <20020201094702.P152@gohan.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <20020201125326.GA3036@alkar.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020201125326.GA3036@alkar.net>; from alexl@alkar.net on Fri, Feb 01, 2002 at 02:53:26PM +0200 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Feb 01, 2002 at 02:53:26PM +0200, Alexey Luckyanchikov wrote: > Hello, > > I have such network topology: > > +--------+ +--------+ +--------+ > | Server |<---- MTU 1500 ---->| Router |<---- MTU 1476 ---->| Client | > +--------+ +--------+ +--------+ [snip] > 14:06:48.682558 router > server: icmp: client unreachable - need to frag (mtu 1476) for server.7 > client.1371: [|tcp] (DF) (ttl 61, id 25428, len 1500) (ttl 253, id 2491, len 56) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > Router say to server that he must to decrease packet size Is "router" the same IP address that "server" has as the route to "client?" That is, there aren't any aliases on "router's" interface with "server" making problems? -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 1 10:20:18 2002 Delivered-To: freebsd-net@freebsd.org Received: from rwcrmhc54.attbi.com (rwcrmhc54.attbi.com [216.148.227.87]) by hub.freebsd.org (Postfix) with ESMTP id 7C2CB37B417 for ; Fri, 1 Feb 2002 10:20:10 -0800 (PST) Received: from InterJet.elischer.org ([12.232.206.8]) by rwcrmhc54.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020201182010.YLQL7443.rwcrmhc54.attbi.com@InterJet.elischer.org>; Fri, 1 Feb 2002 18:20:10 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id KAA67238; Fri, 1 Feb 2002 10:14:43 -0800 (PST) Date: Fri, 1 Feb 2002 10:14:42 -0800 (PST) From: Julian Elischer To: Marko Zec Cc: freebsd-net@freebsd.org Subject: Re: ng_dummy - netgraph traffic shaping node In-Reply-To: <3C5A9E1E.400F9772@tel.fer.hr> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org hmm interesting... any docs? (we always include a man page when we commit a new node type.) Any comments on netgraph in general On Fri, 1 Feb 2002, Marko Zec wrote: > The result of an innocent netgraph programming exercise can be found at: > > http://www.tel.fer.hr/zec/BSD/ng_dummy/ > > "ng_dummy" is a simple traffic shaper node that implements control of > traffic flow in both upstream and downstream direction. In each > direction, the traffic flows through the sequence of two FIFO-type > queues, which implement different queuing policies. The "inbound" queue > is rate limited, and emulates an interface output buffer. On "outbound" > queue, frames are dequeued based on preconfigured delay, thus emulating > propagation effects on a transmission link. Additional features include > random frame discarding based on BER; and emulation of phantom traffic, > which competes for available bandwidth, and thereby introduces inbound > queue congestions and delay jitter. > > Have fun! > > Marko > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 1 10:29:56 2002 Delivered-To: freebsd-net@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 3742B37B400 for ; Fri, 1 Feb 2002 10:29:51 -0800 (PST) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.11.4/8.11.4) id g11ITmq86936; Fri, 1 Feb 2002 13:29:48 -0500 (EST) (envelope-from wollman) Date: Fri, 1 Feb 2002 13:29:48 -0500 (EST) From: Garrett Wollman Message-Id: <200202011829.g11ITmq86936@khavrinen.lcs.mit.edu> To: "David A. Panariti" Cc: freebsd-net@FreeBSD.ORG Subject: 4.5R and explicit broadcast routes In-Reply-To: <20020201.125134.730570091.panariti@mediaone.net> References: <20020201.125134.730570091.panariti@mediaone.net> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org < said: > Unfortunately, all I have is a binary for the app, so I can't figure > out what they are doing. I don't even know if making a TCP connection > to 255.255.255.255 is legal. It is utterly, 100% bogus. > Does anyone know where this explicit broadcast route is being added, > and why? Is there a knob to turn it off? The route is created automatically in order to speed up recognition of broadcast addresses on machines with many interfaces. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 1 12:23:18 2002 Delivered-To: freebsd-net@freebsd.org Received: from chmls06.mediaone.net (chmls06.ne.ipsvc.net [24.147.1.144]) by hub.freebsd.org (Postfix) with ESMTP id 2EE3C37B404 for ; Fri, 1 Feb 2002 12:23:14 -0800 (PST) Received: from baloo.ne.mediaone.net (panariti.ne.mediaone.net [66.30.120.53]) by chmls06.mediaone.net (8.11.1/8.11.1) with ESMTP id g11KOJr13238; Fri, 1 Feb 2002 15:24:19 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by baloo.ne.mediaone.net (8.11.6/8.11.6) with ESMTP id g11KN4v00388; Fri, 1 Feb 2002 15:23:05 -0500 (EST) (envelope-from panariti@mediaone.net) Date: Fri, 01 Feb 2002 15:23:04 -0500 (EST) Message-Id: <20020201.152304.730551989.panariti@mediaone.net> To: wollman@khavrinen.lcs.mit.edu Cc: freebsd-net@freebsd.org Subject: Re: 4.5R and explicit broadcast routes From: "David A. Panariti" In-Reply-To: <200202011829.g11ITmq86936@khavrinen.lcs.mit.edu> References: <20020201.125134.730570091.panariti@mediaone.net> <200202011829.g11ITmq86936@khavrinen.lcs.mit.edu> X-Attribution: davep X-Mailer: Mew version 2.2rc1 on XEmacs 21.4.6 (Common Lisp) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >>>>> "Garrett" == Garrett Wollman writes: Garrett> < A. Panariti" said: >> Unfortunately, all I have is a binary for the app, so I can't >> figure out what they are doing. I don't even know if making a TCP >> connection to 255.255.255.255 is legal. Garrett> It is utterly, 100% bogus. That was my suspicion. >> Does anyone know where this explicit broadcast route is being >> added, and why? Is there a knob to turn it off? Garrett> The route is created automatically in order to speed up Garrett> recognition of broadcast addresses on machines with many Garrett> interfaces. Where is it created and will it break things if I comment it out? This binary is my VPN to work and it is very important that it works for me. thanks, davep To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 1 12:41:19 2002 Delivered-To: freebsd-net@freebsd.org Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by hub.freebsd.org (Postfix) with ESMTP id F1C3237B43B for ; Fri, 1 Feb 2002 12:40:20 -0800 (PST) Received: from InterJet.elischer.org ([12.232.206.8]) by rwcrmhc53.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020201204020.GUCU10199.rwcrmhc53.attbi.com@InterJet.elischer.org>; Fri, 1 Feb 2002 20:40:20 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id MAA67830; Fri, 1 Feb 2002 12:33:49 -0800 (PST) Date: Fri, 1 Feb 2002 12:33:48 -0800 (PST) From: Julian Elischer To: "David A. Panariti" Cc: wollman@khavrinen.lcs.mit.edu, freebsd-net@freebsd.org Subject: Re: 4.5R and explicit broadcast routes In-Reply-To: <20020201.152304.730551989.panariti@mediaone.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ummmm by definition a tcp session cannot be to 255.255.255.255 what on EARTH is it trying to do? On Fri, 1 Feb 2002, David A. Panariti wrote: > >>>>> "Garrett" == Garrett Wollman writes: > > Garrett> < Garrett> A. Panariti" said: > >> Unfortunately, all I have is a binary for the app, so I can't > >> figure out what they are doing. I don't even know if making a TCP > >> connection to 255.255.255.255 is legal. > > Garrett> It is utterly, 100% bogus. > That was my suspicion. > > >> Does anyone know where this explicit broadcast route is being > >> added, and why? Is there a knob to turn it off? > > Garrett> The route is created automatically in order to speed up > Garrett> recognition of broadcast addresses on machines with many > Garrett> interfaces. > > Where is it created and will it break things if I comment it out? > This binary is my VPN to work and it is very important that it works > for me. > > thanks, > > davep > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 1 12:54:36 2002 Delivered-To: freebsd-net@freebsd.org Received: from chmls16.mediaone.net (chmls16.ne.ipsvc.net [24.147.1.151]) by hub.freebsd.org (Postfix) with ESMTP id 69AB837B404 for ; Fri, 1 Feb 2002 12:54:30 -0800 (PST) Received: from baloo.ne.mediaone.net (panariti.ne.mediaone.net [66.30.120.53]) by chmls16.mediaone.net (8.11.1/8.11.1) with ESMTP id g11KsSP20283; Fri, 1 Feb 2002 15:54:28 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by baloo.ne.mediaone.net (8.11.6/8.11.6) with ESMTP id g11KsLv00550; Fri, 1 Feb 2002 15:54:26 -0500 (EST) (envelope-from panariti@mediaone.net) Date: Fri, 01 Feb 2002 15:54:20 -0500 (EST) Message-Id: <20020201.155420.640903199.panariti@mediaone.net> To: julian@elischer.org Cc: wollman@khavrinen.lcs.mit.edu, freebsd-net@freebsd.org Subject: Re: 4.5R and explicit broadcast routes From: "David A. Panariti" In-Reply-To: References: <20020201.152304.730551989.panariti@mediaone.net> X-Attribution: davep X-Mailer: Mew version 2.2rc1 on XEmacs 21.4.6 (Common Lisp) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >>>>> "Julian" == Julian Elischer writes: Julian> ummmm by definition a tcp session cannot be to 255.255.255.255 Julian> what on EARTH is it trying to do? I haven't the slightest idea... I'm running AltaVist Tunnel 97. A five year old binary with no source. I guess I should be glad it lasted this long. It worked perfectly up till 4.3, had a slight routing problem in 4.4 and is DOA under 4.5 I guess it is time to roll back to 4.4. Perhaps a complete trace under 4.4 will give me a clue as to what it is trying to do. But I'll still need a way to disable that automagic route addition. thanks, davep Julian> On Fri, 1 Feb 2002, David A. Panariti wrote: >> >>>>> "Garrett" == Garrett Wollman >> >>>>> writes: >> Garrett> < A. Panariti" said: >> >> Unfortunately, all I have is a binary for the app, so I can't >> >> figure out what they are doing. I don't even know if making a >> >> TCP connection to 255.255.255.255 is legal. >> Garrett> It is utterly, 100% bogus. >> That was my suspicion. >> >> >> Does anyone know where this explicit broadcast route is being >> >> added, and why? Is there a knob to turn it off? >> Garrett> The route is created automatically in order to speed up Garrett> recognition of broadcast addresses on machines with many Garrett> interfaces. >> >> Where is it created and will it break things if I comment it out? >> This binary is my VPN to work and it is very important that it >> works for me. >> >> thanks, >> >> davep >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org with >> "unsubscribe freebsd-net" in the body of the message >> -- You buttered your bread, now lie in it. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 1 15:17:55 2002 Delivered-To: freebsd-net@freebsd.org Received: from chmls16.mediaone.net (chmls16.ne.ipsvc.net [24.147.1.151]) by hub.freebsd.org (Postfix) with ESMTP id E25F237B405 for ; Fri, 1 Feb 2002 15:17:47 -0800 (PST) Received: from baloo.ne.mediaone.net (panariti.ne.mediaone.net [66.30.120.53]) by chmls16.mediaone.net (8.11.1/8.11.1) with ESMTP id g11NHjP19038; Fri, 1 Feb 2002 18:17:45 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by baloo.ne.mediaone.net (8.11.6/8.11.6) with ESMTP id g11NHKP01127; Fri, 1 Feb 2002 18:17:43 -0500 (EST) (envelope-from panariti@mediaone.net) Date: Fri, 01 Feb 2002 18:17:19 -0500 (EST) Message-Id: <20020201.181719.730554943.panariti@mediaone.net> To: julian@elischer.org Cc: wollman@khavrinen.lcs.mit.edu, freebsd-net@freebsd.org Subject: Re: 4.5R and explicit broadcast routes From: "David A. Panariti" In-Reply-To: References: <20020201.152304.730551989.panariti@mediaone.net> X-Attribution: davep X-Mailer: Mew version 2.2rc1 on XEmacs 21.4.6 (Common Lisp) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >>>>> "Julian" == Julian Elischer writes: It's fixed. mergemaster swapped these two lines in /etc/hosts: 127.0.0.1 localhost localhost.ne.mediaone.net ::1 localhost localhost.ne.mediaone.net to ::1 localhost localhost.ne.mediaone.net 127.0.0.1 localhost localhost.ne.mediaone.net This apparently confused the tunnel binary. An strace with a ``fixed'' /etc/hosts shows a connect to 127.0.0.1, which makes a lot more sense. Thanks for everything, davep Julian> ummmm by definition a tcp session cannot be to 255.255.255.255 Julian> what on EARTH is it trying to do? Julian> On Fri, 1 Feb 2002, David A. Panariti wrote: >> >>>>> "Garrett" == Garrett Wollman >> >>>>> writes: >> Garrett> < A. Panariti" said: >> >> Unfortunately, all I have is a binary for the app, so I can't >> >> figure out what they are doing. I don't even know if making a >> >> TCP connection to 255.255.255.255 is legal. >> Garrett> It is utterly, 100% bogus. >> That was my suspicion. >> >> >> Does anyone know where this explicit broadcast route is being >> >> added, and why? Is there a knob to turn it off? >> Garrett> The route is created automatically in order to speed up Garrett> recognition of broadcast addresses on machines with many Garrett> interfaces. >> >> Where is it created and will it break things if I comment it out? >> This binary is my VPN to work and it is very important that it >> works for me. >> >> thanks, >> >> davep >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org with >> "unsubscribe freebsd-net" in the body of the message >> -- Mother told me to be good, but she's been wrong before. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 1 15:48:20 2002 Delivered-To: freebsd-net@freebsd.org Received: from soda.nextgig.com (nextgig-7.customer.nethere.net [209.132.102.167]) by hub.freebsd.org (Postfix) with ESMTP id A135637B402 for ; Fri, 1 Feb 2002 15:48:16 -0800 (PST) Received: from DMANESAJIAN († by soda.nextgig.com (8.11.3/8.11.3) with SMTP id g11NmGu74179 for ; Fri, 1 Feb 2002 15:48:16 -0800 (PST) From: "Daniel Manesajian" To: Subject: em and gx drivers Date: Fri, 1 Feb 2002 15:55:16 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi guys, I'm moving from the wx driver to either the gx or em driver. I haven't seen a lot of traffic about either and I was wondering what people's experiences have been like. Has any one done performance tests? How do the three drivers stack up? Any negative points on either driver? Also, are both drivers still being actively maintained (i.e. is one going to become the official driver)? Glancing through the source, it seems gx doesn't support the 82544 controller yet, and I was wondering if this in the works. Thanks in advance for the feedback. D-man Software Engineer, NextGig To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 1 16:22:32 2002 Delivered-To: freebsd-net@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 618) id A2D4D37B430; Fri, 1 Feb 2002 16:22:09 -0800 (PST) Subject: Re: em and gx drivers In-Reply-To: from Daniel Manesajian at "Feb 1, 2002 03:55:16 pm" To: dmanesajian@nextgig.com (Daniel Manesajian) Date: Fri, 1 Feb 2002 16:22:09 -0800 (PST) Cc: freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20020202002209.A2D4D37B430@hub.freebsd.org> From: wpaul@FreeBSD.ORG (Bill Paul) Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Hi guys, > > I'm moving from the wx driver to either the gx or em driver. I haven't seen > a lot of traffic about either and I was wondering what people's experiences > have been like. Has any one done performance tests? How do the three drivers > stack up? Any negative points on either driver? > > Also, are both drivers still being actively maintained (i.e. is one going to > become the official driver)? Glancing through the source, it seems gx > doesn't support the 82544 controller yet, and I was wondering if this in the > works. Not to detract from Jonathan Lemon's efforts in writing the gx driver, but from what I've heard, I suspect your best option right now is the em driver. This one was actually written by Intel engineers and has undergone testing in their labs. And as you note, it should support all of the existing Intel gigE controllers. (If it doesn't support the 82544, I'd be surprised.) The em driver is supposed to be maintained by Intel. An Intel engineer has commit access to the tree, and should hopefully be keeping it up to date. -Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 1 19:25: 5 2002 Delivered-To: freebsd-net@freebsd.org Received: from urdvg135.cms.usa.net (urdvg135.cms.usa.net [204.68.25.135]) by hub.freebsd.org (Postfix) with SMTP id 17DBE37B400 for ; Fri, 1 Feb 2002 19:24:59 -0800 (PST) Received: (qmail 22966 invoked from network); 2 Feb 2002 03:31:51 -0000 Received: from cpdvg202.cms.usa.net (165.212.10.6) by outbound.postoffice.net with SMTP; 2 Feb 2002 03:31:51 -0000 Received: (qmail 8676 invoked by uid 60001); 2 Feb 2002 03:24:03 -0000 Message-ID: <20020202032403.8675.qmail@cpdvg202.cms.usa.net> Received: from 147.11.38.26 [147.11.38.26] by cpdvg202.cms.usa.net (USANET web-mailer 34FM.0700.28.01B); Sat, 02 Feb 2002 03:24:03 +0000 Date: 1 Feb 2002 19:24:03 PST From: Preety Puri To: freebsd-net@FreeBSD.ORG Subject: Found Possible bugs (IPV6)?? Cc: preetypuri@usa.net X-Mailer: USANET web-mailer (34FM.0700.28.01B) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi ... I have two issues ... both related to the ndp(IPV6)utility : 1. I am trying to add a temporary entry into the neighbor discovery cache= using ndp. I noticed that it has a temp flag inorder to add temporary entries(documented in the man page as well). Here is wot i did : ndp -s 3ffe::1123 1:2:3:4:5:6 temp and here is wot ndp -a displayed : ndp -a = Neighbor Linklayer Address Netif Expire St Flg= s Prbs 3ffe::1234 1:2:3:4:5:6 fxp0 permanent R = = so i am trying to add a temporary entry into the cache but it is always a= dded as a permanant entry ... Is this a known issue/bug ?? 2. The second issue is that the man page for "ndp -p" shows that it displ= ays all the prefix's in the list (that includes link local). The man page for "ndp -P" shows that it flushes all the prefix's in the l= ist. But ndp -P (which is supposed to flush the prefix list) does not = flush the link local address's. = The reason it does'nt flush the entries is as follows : = The ioctl -p SIOCSPFXFLUSH_IN6 in nd6.c (in function nd6_ioctl)explicitly= checks to see if it a link local address and does'nt flush an entry based= on that. File :nd6.c ; Function : nd6_ioctl () (Notice i've pointed the check below using arrows) case SIOCSPFXFLUSH_IN6: { /* flush all the prefix advertised by routers */ struct nd_prefix *pr, *next; s =3D splnet(); for (pr =3D nd_prefix.lh_first; pr; pr =3D next) { struct in6_ifaddr *ia, *ia_next; next =3D pr->ndpr_next; -----> if(IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) <---- continue; /* XXX */ so basically ignore any LINK LOCAL prefix's that are in the table. = If we are allowed to have/add link local prefix's in the list , why are'n= t we allowed to remove them. Is there some reasoning behind this .. or is it s= imply a bug. Thanks for all the help, Preety. "What u see is the virtual perception of u'r digital self" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Feb 1 20:30: 8 2002 Delivered-To: freebsd-net@freebsd.org Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by hub.freebsd.org (Postfix) with ESMTP id F079537B404 for ; Fri, 1 Feb 2002 20:30:03 -0800 (PST) Received: from arch20m.dellroad.org (arch20m.dellroad.org [10.1.1.20]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id UAA42145 for ; Fri, 1 Feb 2002 20:18:40 -0800 (PST) Received: (from archie@localhost) by arch20m.dellroad.org (8.11.6/8.11.6) id g124Ie861881 for freebsd-net@freebsd.org; Fri, 1 Feb 2002 20:18:40 -0800 (PST) (envelope-from archie) From: Archie Cobbs Message-Id: <200202020418.g124Ie861881@arch20m.dellroad.org> Subject: Delayed checksums problem? To: freebsd-net@freebsd.org Date: Fri, 1 Feb 2002 20:18:40 -0800 (PST) X-Mailer: ELM [version 2.4ME+ PL88 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm looking into this bug: http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/31586 In short, using ng_bridge(4) with de(4) and xl(4) drivers, they're seeing broken TCP checksums on the wire. It sounds like there's some delayed TCP checksum hack that is breaking when doing bridging this way. Could someone quickly explain how delayed TCP checksums (or whatever they're called) is supposed to work? Thanks, -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Feb 2 4:14:31 2002 Delivered-To: freebsd-net@freebsd.org Received: from smtp1.alkar.net (pandora.alkar.net [195.248.191.68]) by hub.freebsd.org (Postfix) with ESMTP id 1A5C837B404; Sat, 2 Feb 2002 04:14:26 -0800 (PST) Received: by smtp1.alkar.net (Postfix, from userid 1000) id 86000F88D; Sat, 2 Feb 2002 14:14:20 +0200 (EET) Date: Sat, 2 Feb 2002 14:14:20 +0200 From: Alexey Luckyanchikov To: cjclark@alum.mit.edu Cc: freebsd-stable@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: Weird path MTU autodiscovery problem in 4.5-RELEASE Message-ID: <20020202121420.GA30077@alkar.net> References: <20020201125326.GA3036@alkar.net> <20020201094702.P152@gohan.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020201094702.P152@gohan.cjclark.org> Organization: ISP Alkar Teleport Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 01 Feb 2002, Crist J. Clark wrote: CJC> On Fri, Feb 01, 2002 at 02:53:26PM +0200, Alexey Luckyanchikov wrote: CJC> > Hello, CJC> > CJC> > I have such network topology: CJC> > CJC> > +--------+ +--------+ +--------+ CJC> > | Server |<---- MTU 1500 ---->| Router |<---- MTU 1476 ---->| Client | CJC> > +--------+ +--------+ +--------+ CJC> CJC> [snip] CJC> CJC> > 14:06:48.682558 router > server: icmp: client unreachable - need to frag (mtu 1476) for server.7 > client.1371: [|tcp] (DF) (ttl 61, id 25428, len 1500) (ttl 253, id 2491, len 56) CJC> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ CJC> > Router say to server that he must to decrease packet size CJC> CJC> Is "router" the same IP address that "server" has as the route to CJC> "client?" That is, there aren't any aliases on "router's" interface CJC> with "server" making problems? "router" have not any aliases on it's interfaces. Seems like problem is in FreeBSD 4.5-RELESE. "Server" with installed 4.4-RELEASE worked without any problems. -- Sincerely, e-mail: alexl@alkar.net Alexey Luckyanchikov To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Feb 2 9:17: 6 2002 Delivered-To: freebsd-net@freebsd.org Received: from vinyl.catpipe.net (vinyl.catpipe.net [195.249.214.189]) by hub.freebsd.org (Postfix) with ESMTP id 3FC3037B402 for ; Sat, 2 Feb 2002 09:17:00 -0800 (PST) Received: by vinyl.catpipe.net (Postfix, from userid 1006) id 252951976; Sat, 2 Feb 2002 18:17:06 +0100 (CET) Date: Sat, 2 Feb 2002 18:17:05 +0100 From: Phil Regnauld To: Luigi Rizzo Cc: Joe Greco , freebsd-net@FreeBSD.ORG Subject: Re: Luigi's polling code and 4.5R Message-ID: <20020202181705.A86870@vinyl.catpipe.net> References: <200201311739.LAA64358@aurora.sol.net> <20020131094443.A44015@iguana.icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020131094443.A44015@iguana.icir.org>; from rizzo@icir.org on Thu, Jan 31, 2002 at 09:44:43AM -0800 X-Operating-System: FreeBSD 4.4-STABLE i386 Organization: catpipe Systems ApS Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Luigi Rizzo (rizzo) writes: > Wait a bit -- next week iam going to review the code and > MFC (with the structure that is in -current ie. the new code > in a separate file, kern_poll.c). Sounds good! We're using the code here with 5 x fxps in our firewall, and the load on the box is ridiculously low (0.1 on average). We had it running with 2 x DFE 570-TX for a total of 8 ports, but whatever we tried (including activating polling) the cards would still go into buffer underrun, and eventually lock up. Until we were forced to switch to fxp, we had an ifconfig down/up to unfreeze the cards every 5 minutes just in case :-| I must say I'm not really convinced about the D-Link cards... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Feb 2 9:30: 3 2002 Delivered-To: freebsd-net@freebsd.org Received: from iguana.icir.org (iguana.icir.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id 82F0137B402 for ; Sat, 2 Feb 2002 09:29:59 -0800 (PST) Received: (from rizzo@localhost) by iguana.icir.org (8.11.3/8.11.3) id g12HTtq65512; Sat, 2 Feb 2002 09:29:55 -0800 (PST) (envelope-from rizzo) Date: Sat, 2 Feb 2002 09:29:55 -0800 From: Luigi Rizzo To: Phil Regnauld Cc: Joe Greco , freebsd-net@FreeBSD.ORG Subject: Re: Luigi's polling code and 4.5R Message-ID: <20020202092954.B65442@iguana.icir.org> References: <200201311739.LAA64358@aurora.sol.net> <20020131094443.A44015@iguana.icir.org> <20020202181705.A86870@vinyl.catpipe.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020202181705.A86870@vinyl.catpipe.net> User-Agent: Mutt/1.3.23i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org what is curious is that I am using a 4-port D-link on our test boxes as primary development cards and they do not seem to freeze. The card uses 21143 and seems quite reliable. I know of a bug in the code on my web site whose symptoms look like a freeze, but that is presumably related to a race in delivering softisr's and so should be card independent and appear with the fxp's as well -- as a matter of fact i first hit it with the "sis" card. cheers luigi On Sat, Feb 02, 2002 at 06:17:05PM +0100, Phil Regnauld wrote: > > Sounds good! > > We're using the code here with 5 x fxps in our firewall, and the > load on the box is ridiculously low (0.1 on average). > > We had it running with 2 x DFE 570-TX for a total of 8 ports, > but whatever we tried (including activating polling) the cards > would still go into buffer underrun, and eventually lock up. > > Until we were forced to switch to fxp, we had an ifconfig down/up > to unfreeze the cards every 5 minutes just in case :-| > > I must say I'm not really convinced about the D-Link cards... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Feb 2 10:19:58 2002 Delivered-To: freebsd-net@freebsd.org Received: from atreides.freenix.no (atreides.freenix.no [212.33.142.6]) by hub.freebsd.org (Postfix) with ESMTP id 77E9A37B402 for ; Sat, 2 Feb 2002 10:19:50 -0800 (PST) Received: (from shamz@localhost) by atreides.freenix.no (8.11.6/8.11.6) id g12IJhG30571; Sat, 2 Feb 2002 19:19:43 +0100 (CET) (envelope-from shamz) Date: Sat, 2 Feb 2002 19:19:43 +0100 From: Shaun Jurrens To: freebsd-net@FreeBSD.ORG Cc: Alexey Luckyanchikov Subject: Re: Weird path MTU autodiscovery problem in 4.5-RELEASE Message-ID: <20020202191943.B65253@atreides.freenix.no> Mail-Followup-To: Shaun Jurrens , freebsd-net@FreeBSD.ORG, Alexey Luckyanchikov Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i X-Operating-System: FreeBSD 4.4-RELEASE X-Philosophy: If you can read this, you're too close. Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Alexey Luckyanchikov wrote: #>Server have not any filters. ipfw support is compiled in, but first rule #>is 'allow ip from any to any' and dump which you can see below was made #>on server. yeah, but icmp is it's own protocol, so you're probably filtering it and bpf will see it because it sees what comes in on the interface before ipfw processes it. ICMP isn't allowed by default in ipfw. I'd suggest you unload the module, if possible and see if it works correctly then. -- Yours truly, Shaun D. Jurrens shaun@shamz.net shamz@freenix.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Feb 2 11:57:34 2002 Delivered-To: freebsd-net@freebsd.org Received: from artemis.drwilco.net (diana.drwilco.net [66.48.127.79]) by hub.freebsd.org (Postfix) with ESMTP id E7B9D37B416 for ; Sat, 2 Feb 2002 11:57:27 -0800 (PST) Received: from ceres.drwilco.net (docwilco.xs4all.nl [213.84.68.230]) by artemis.drwilco.net (8.11.6/8.11.6) with ESMTP id g12JvHi31150 (using TLSv1/SSLv3 with cipher DES-CBC3-SHA (168 bits) verified NO); Sat, 2 Feb 2002 14:57:19 -0500 (EST) (envelope-from drwilco@drwilco.net) Message-Id: <5.1.0.14.0.20020202202155.01b9e390@mail.drwilco.net> X-Sender: lists@mail.drwilco.net X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sat, 02 Feb 2002 20:32:49 +0100 To: Shaun Jurrens , freebsd-net@FreeBSD.ORG From: "Rogier R. Mulhuijzen" Subject: Re: Weird path MTU autodiscovery problem in 4.5-RELEASE Cc: Alexey Luckyanchikov In-Reply-To: <20020202191943.B65253@atreides.freenix.no> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >#>Server have not any filters. ipfw support is compiled in, but first rule >#>is 'allow ip from any to any' and dump which you can see below was made >#>on server. > > yeah, but icmp is it's own protocol, so you're probably filtering it >and bpf will see it because it sees what comes in on the interface before >ipfw processes it. ICMP isn't allowed by default in ipfw. I'd suggest you >unload the module, if possible and see if it works correctly then. ICMP is an IP protocol, if the very first rule in IPFW is 'allow ip from any to any' then ICMP is allowed. Doc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Feb 2 12: 7:37 2002 Delivered-To: freebsd-net@freebsd.org Received: from mighty.grot.org (mighty.grot.org [204.182.56.120]) by hub.freebsd.org (Postfix) with ESMTP id E43DE37B405 for ; Sat, 2 Feb 2002 12:07:35 -0800 (PST) Received: by mighty.grot.org (Postfix, from userid 515) id EF0695D34; Sat, 2 Feb 2002 12:07:29 -0800 (PST) Date: Sat, 2 Feb 2002 12:07:29 -0800 From: "R.P. Aditya" To: "Rogier R. Mulhuijzen" Cc: Shaun Jurrens , freebsd-net@FreeBSD.ORG, Alexey Luckyanchikov Subject: Re: Weird path MTU autodiscovery problem in 4.5-RELEASE Message-ID: <20020202200729.GA22083@mighty.grot.org> Reply-To: "R.P. Aditya" References: <20020202191943.B65253@atreides.freenix.no> <5.1.0.14.0.20020202202155.01b9e390@mail.drwilco.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5.1.0.14.0.20020202202155.01b9e390@mail.drwilco.net> X-PGP-Key: http://www.grot.org/pubkey.asc X-PGP-Key-ID: 0x6405D8D5 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Feb 02, 2002 at 08:32:49PM +0100, Rogier R. Mulhuijzen wrote: > ICMP is an IP protocol, if the very first rule in IPFW is 'allow ip from > any to any' then ICMP is allowed. uh, that might be ipfw-speak (I don't use or pretend to know ipfw) but ICMP is NOT "part" of IP (that would defeat the whole purpose of using it as a control protocol for IP). Look at /etc/protocols: ip 0 IP # internet protocol, pseudo protocol number icmp 1 ICMP # internet control message protocol Adi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Feb 2 12:11:58 2002 Delivered-To: freebsd-net@freebsd.org Received: from rip.psg.com (rip.psg.com [147.28.0.39]) by hub.freebsd.org (Postfix) with ESMTP id 6B77337B405 for ; Sat, 2 Feb 2002 12:11:56 -0800 (PST) Received: from randy by rip.psg.com with local (Exim 3.33 #1) id 16X6Vk-0005t1-00; Sat, 02 Feb 2002 12:11:44 -0800 From: Randy Bush MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: "Rogier R. Mulhuijzen" Cc: freebsd-net@FreeBSD.ORG Subject: Re: Weird path MTU autodiscovery problem in 4.5-RELEASE References: <20020202191943.B65253@atreides.freenix.no> <5.1.0.14.0.20020202202155.01b9e390@mail.drwilco.net> Message-Id: Date: Sat, 02 Feb 2002 12:11:44 -0800 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > ICMP is an IP protocol like hell it is To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Feb 2 12:55:10 2002 Delivered-To: freebsd-net@freebsd.org Received: from artemis.drwilco.net (diana.drwilco.net [66.48.127.79]) by hub.freebsd.org (Postfix) with ESMTP id C5B4837B440 for ; Sat, 2 Feb 2002 12:53:30 -0800 (PST) Received: from ceres.drwilco.net (docwilco.xs4all.nl [213.84.68.230]) by artemis.drwilco.net (8.11.6/8.11.6) with ESMTP id g12KrIi32650 (using TLSv1/SSLv3 with cipher DES-CBC3-SHA (168 bits) verified NO); Sat, 2 Feb 2002 15:53:20 -0500 (EST) (envelope-from drwilco@drwilco.net) Message-Id: <5.1.0.14.0.20020202215924.01b9e248@mail.drwilco.net> X-Sender: lists@mail.drwilco.net X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sat, 02 Feb 2002 22:03:08 +0100 To: "R.P. Aditya" From: "Rogier R. Mulhuijzen" Subject: Re: Weird path MTU autodiscovery problem in 4.5-RELEASE Cc: Shaun Jurrens , freebsd-net@FreeBSD.ORG, Alexey Luckyanchikov In-Reply-To: <20020202200729.GA22083@mighty.grot.org> References: <5.1.0.14.0.20020202202155.01b9e390@mail.drwilco.net> <20020202191943.B65253@atreides.freenix.no> <5.1.0.14.0.20020202202155.01b9e390@mail.drwilco.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 12:07 2-2-2002 -0800, R.P. Aditya wrote: >On Sat, Feb 02, 2002 at 08:32:49PM +0100, Rogier R. Mulhuijzen wrote: > > ICMP is an IP protocol, if the very first rule in IPFW is 'allow ip from > > any to any' then ICMP is allowed. > >uh, that might be ipfw-speak (I don't use or pretend to know ipfw) but ICMP is >NOT "part" of IP (that would defeat the whole purpose of using it as a control >protocol for IP). Look at /etc/protocols: > >ip 0 IP # internet protocol, pseudo protocol number >icmp 1 ICMP # internet control message protocol 1) /etc/protocols to my knowledge lists IP-protocols... note that 0 is a PSEUDO protocol number. TCP and UDP are listed further down, those are IP protocols. IPv6 that's listed there is 6over4 packets to my knowledge. 2) Even if this were not the case, in IPFW if you allow ip, you allow all. 'all' is nothing but an alias for 'ip' Doc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Feb 2 12:55:32 2002 Delivered-To: freebsd-net@freebsd.org Received: from gull.prod.itd.earthlink.net (gull.mail.pas.earthlink.net [207.217.120.84]) by hub.freebsd.org (Postfix) with ESMTP id AA9E737B42B for ; Sat, 2 Feb 2002 12:54:55 -0800 (PST) Received: from user-33qtnmu.dialup.mindspring.com ([199.174.222.222] helo=gohan.cjclark.org) by gull.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 16X7BE-0006Og-00; Sat, 02 Feb 2002 12:54:38 -0800 Received: (from cjc@localhost) by gohan.cjclark.org (8.11.6/8.11.1) id g12Kr4q06144; Sat, 2 Feb 2002 12:53:04 -0800 (PST) (envelope-from cjc) Date: Sat, 2 Feb 2002 12:53:02 -0800 From: "Crist J. Clark" To: "R.P. Aditya" Cc: "Rogier R. Mulhuijzen" , Shaun Jurrens , freebsd-net@FreeBSD.ORG, Alexey Luckyanchikov Subject: Re: Weird path MTU autodiscovery problem in 4.5-RELEASE Message-ID: <20020202125301.E1280@gohan.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <20020202191943.B65253@atreides.freenix.no> <5.1.0.14.0.20020202202155.01b9e390@mail.drwilco.net> <20020202200729.GA22083@mighty.grot.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020202200729.GA22083@mighty.grot.org>; from aditya@grot.org on Sat, Feb 02, 2002 at 12:07:29PM -0800 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Feb 02, 2002 at 12:07:29PM -0800, R.P. Aditya wrote: > On Sat, Feb 02, 2002 at 08:32:49PM +0100, Rogier R. Mulhuijzen wrote: > > ICMP is an IP protocol, if the very first rule in IPFW is 'allow ip from > > any to any' then ICMP is allowed. > > uh, that might be ipfw-speak (I don't use or pretend to know ipfw) but ICMP is > NOT "part" of IP (that would defeat the whole purpose of using it as a control > protocol for IP). It sure is an IP protocol. > Look at /etc/protocols: > > ip 0 IP # internet protocol, pseudo protocol number > icmp 1 ICMP # internet control message protocol And what does it say at the top of /etc/protocols? # Internet protocols All of the protocols on that list are different protocols you can run over the Internet Protocol (IP). Not only that, but ICMP _is_ also part of IP in the sense that any compliant IP implementation must understand ICMP. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Feb 2 13:15:13 2002 Delivered-To: freebsd-net@freebsd.org Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by hub.freebsd.org (Postfix) with ESMTP id 2457937B405; Sat, 2 Feb 2002 13:15:03 -0800 (PST) Received: from arch20m.dellroad.org (arch20m.dellroad.org [10.1.1.20]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id NAA47333; Sat, 2 Feb 2002 13:13:54 -0800 (PST) Received: (from archie@localhost) by arch20m.dellroad.org (8.11.6/8.11.6) id g12LDs771403; Sat, 2 Feb 2002 13:13:54 -0800 (PST) (envelope-from archie) From: Archie Cobbs Message-Id: <200202022113.g12LDs771403@arch20m.dellroad.org> Subject: Re: mpd-netgraph problem. In-Reply-To: <15449.62243.298239.408537@trooper.velocet.net> "from David Gilbert at Jan 31, 2002 08:45:07 pm" To: David Gilbert Date: Sat, 2 Feb 2002 13:13:53 -0800 (PST) Cc: freebsd-stable@FreeBSD.ORG, freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL88 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org David Gilbert writes: > I'm using mpd-netgraph to attempt to connect an encrypted tunnel. It > appears to connect (according to the messages), but the following is > spit out for most packets I try to put down the tunnel: > > [vpn] LCP: rec'd Protocol Reject #1 link 0 (Opened) > [vpn] LCP: protocol 0x0029 was rejected > [vpn] LCP: rec'd Protocol Reject #2 link 0 (Opened) > [vpn] LCP: protocol 0x00a1 was rejected > > (on the one end) > > [strikeppp] rec'd unexpected protocol 0x0029 on link -1, rejecting > [strikeppp] rec'd unexpected protocol 0x00a1 on link -1, rejecting > [strikeppp] rec'd unexpected protocol 0x0001 on link -1, rejecting > > (on the other) > > The second log also contains lines of the form: > > [strikeppp] rec'd proto 0xee53 on MP link! (ignoring) > [strikeppp] rec'd proto 0xcc0d on MP link! (ignoring) > > ... any ideas? This is usually because one side is sending encrypted traffic that the other is thinking is not encrypted... i.e., it's a side-effect of a negotiation problem. I've just heard from another person with this problem. Check your logs for something like ``"enable chap" required for MPPE'' on one side. As a workaround, if you are doing CHAP in both directions, try turning it off in one direction. -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Feb 2 13:30:17 2002 Delivered-To: freebsd-net@freebsd.org Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by hub.freebsd.org (Postfix) with ESMTP id A942B37B419 for ; Sat, 2 Feb 2002 13:30:12 -0800 (PST) Received: from arch20m.dellroad.org (arch20m.dellroad.org [10.1.1.20]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id NAA47413; Sat, 2 Feb 2002 13:20:11 -0800 (PST) Received: (from archie@localhost) by arch20m.dellroad.org (8.11.6/8.11.6) id g12LK8v71452; Sat, 2 Feb 2002 13:20:08 -0800 (PST) (envelope-from archie) From: Archie Cobbs Message-Id: <200202022120.g12LK8v71452@arch20m.dellroad.org> Subject: Re: pptp + mschap In-Reply-To: <200202010151.g111pbJ06655@hak.lan.Awfulhak.org> "from Brian Somers at Feb 1, 2002 01:51:37 am" To: Brian Somers Date: Sat, 2 Feb 2002 13:20:08 -0800 (PST) Cc: Jon Drukman , freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL88 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Brian Somers writes: > If you could find a spec on how to talk MSCHAP & MSCHAPv2 to a radius > server, I'd certainly be happy to add support to ppp. You never know > - the client may come back :*) Try these... Microsoft Vendor-specific RADIUS Attributes http://www.ietf.org/rfc/rfc2548.txt Remote Authentication Dial In User Service (RADIUS) http://www.ietf.org/rfc/rfc2865.txt Network Access Servers Requirements: Extended RADIUS Practices http://www.ietf.org/rfc/rfc2882.txt -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Feb 2 15:16:30 2002 Delivered-To: freebsd-net@freebsd.org Received: from aurora.sol.net (aurora.sol.net [206.55.65.76]) by hub.freebsd.org (Postfix) with ESMTP id E520E37B431 for ; Sat, 2 Feb 2002 15:16:17 -0800 (PST) Received: (from jgreco@localhost) by aurora.sol.net (8.9.3/8.9.2/SNNS-1.02) id RAA85545; Sat, 2 Feb 2002 17:16:04 -0600 (CST) From: Joe Greco Message-Id: <200202022316.RAA85545@aurora.sol.net> Subject: Re: Luigi's polling code and 4.5R To: rizzo@icir.org (Luigi Rizzo) Date: Sat, 2 Feb 2002 17:16:04 -0600 (CST) Cc: freebsd-net@freebsd.org In-Reply-To: <20020202092954.B65442@iguana.icir.org> from "Luigi Rizzo" at Feb 02, 2002 09:29:55 AM X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > what is curious is that I am using a 4-port D-link on our > test boxes as primary development cards and they do not seem > to freeze. The card uses 21143 and seems quite reliable. > > I know of a bug in the code on my web site whose symptoms look like > a freeze, but that is presumably related to a race in delivering > softisr's and so should be card independent and appear with the > fxp's as well -- as a matter of fact i first hit it with the "sis" > card. If you're interested, I can give you console access to the box and you can take a look. At least when I tried it, it eventually recovers if you turn off polling. -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message