From owner-freebsd-net Sun May 19 0:14: 8 2002 Delivered-To: freebsd-net@freebsd.org Received: from goose.prod.itd.earthlink.net (goose.mail.pas.earthlink.net [207.217.120.18]) by hub.freebsd.org (Postfix) with ESMTP id 5517637B409 for ; Sun, 19 May 2002 00:14:05 -0700 (PDT) Received: from pool0049.cvx40-bradley.dialup.earthlink.net ([216.244.42.49] helo=mindspring.com) by goose.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 179Kt2-0002wJ-00; Sun, 19 May 2002 00:13:48 -0700 Message-ID: <3CE7508D.36568484@mindspring.com> Date: Sun, 19 May 2002 00:13:17 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Joshua Goodall Cc: Andrew Reilly , Attila Nagy , freebsd-net@freebsd.org Subject: Re: HEADS UP: ALTQ integration developer preview References: <3CE55A9B.73EA3DE4@mindspring.com> <3CE61675.BCE2A9E1@mindspring.com> <1021717195.1466.4.camel@gurney.reilly.home> <3CE6D592.DCF73743@mindspring.com> <20020519001249.GA24012@roughtrade.net> <3CE6F653.CDE9D2B4@mindspring.com> <20020519010703.GE24468@roughtrade.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Joshua Goodall wrote: > On Sat, May 18, 2002 at 05:48:19PM -0700, Terry Lambert wrote: > > Joshua Goodall wrote: > > > On Sat, May 18, 2002 at 03:28:34PM -0700, Terry Lambert wrote: > > > > No. TCP. RPC over UDP is really a silly idea. If you need > > > > reliable delivery, then don't use a protocol with "unreliable" > > > > as the first word of it's name. 8-). > > > > > > UDP may well be perfectly viable as a RPC transport, but Terry's > > > misinforming statement is not a good justification. > > > > > > UDP is the User Datagram Protocol. > > > > Was that a "miss" or an "ignore" on the "8-)"? > > Definitely an ignore. An incorrect statement remains incorrect no > matter how many irrelevant smilies are appended in a feeble attempt > at irony. Particularly when it reverses the sense of the preceeding > statement. UDP is still a bad bet for reliable request response. It's really dumb to effectively reimplement TCP without windows on top of UDP just to avoid using TCP. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun May 19 0:48:47 2002 Delivered-To: freebsd-net@freebsd.org Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by hub.freebsd.org (Postfix) with ESMTP id 67FB737B407 for ; Sun, 19 May 2002 00:48:44 -0700 (PDT) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020519074844.RSYX18801.rwcrmhc52.attbi.com@blossom.cjclark.org>; Sun, 19 May 2002 07:48:44 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g4J7mh976215; Sun, 19 May 2002 00:48:43 -0700 (PDT) (envelope-from crist.clark@attbi.com) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Sun, 19 May 2002 00:48:43 -0700 From: "Crist J. Clark" To: Matthias Kranz Cc: freebsd-net@FreeBSD.ORG Subject: Re: Enabling Directed Broadcasts Message-ID: <20020519004843.D67779@blossom.cjclark.org> Reply-To: "Crist J. Clark" References: <3CE12EB9.8030508@asdis.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3CE12EB9.8030508@asdis.de>; from mkranz@asdis.de on Tue, May 14, 2002 at 05:35:21PM +0200 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, May 14, 2002 at 05:35:21PM +0200, Matthias Kranz wrote: > Hi! > > We try to start a PC in a different subnet through using a > WakeOnLan. The packet is addressed to the broadcast address of the > client PC net. The FreeBSD router in between does not forward this > packet. I read that FreeBSD is not supporting directed broadcasts > since 2.2.5. Is there any parameter for chanching this behaviour? Looks like it was gutted earlier than that. The code was completely removed. You would have to go back and add it or come up with some other hack. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun May 19 10:25:25 2002 Delivered-To: freebsd-net@freebsd.org Received: from laptop.tenebras.com (laptop.tenebras.com [66.92.188.18]) by hub.freebsd.org (Postfix) with SMTP id 1C2EB37B40A for ; Sun, 19 May 2002 10:25:22 -0700 (PDT) Received: (qmail 766 invoked from network); 19 May 2002 17:25:21 -0000 Received: from unknown (HELO tenebras.com) (192.168.1.123) by 0 with SMTP; 19 May 2002 17:25:21 -0000 Message-ID: <3CE7DFFE.2090809@tenebras.com> Date: Sun, 19 May 2002 10:25:18 -0700 From: Michael Sierchio User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0rc2) Gecko/20020516 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: Re: HEADS UP: ALTQ integration developer preview References: <3CE55A9B.73EA3DE4@mindspring.com> <3CE61675.BCE2A9E1@mindspring.com> <1021717195.1466.4.camel@gurney.reilly.home> <3CE6D592.DCF73743@mindspring.com> <20020519001249.GA24012@roughtrade.net> <3CE6F653.CDE9D2B4@mindspring.com> <20020519010703.GE24468@roughtrade.net> <3CE7508D.36568484@mindspring.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Terry Lambert wrote: > UDP is still a bad bet for reliable request response. It's > really dumb to effectively reimplement TCP without windows on > top of UDP just to avoid using TCP. Speaking as someone who has implemented reliable message protocols over UDP about a dozen times, I can affirm Terry's point. Once you find yourself reimplementing TCP, it's time to use TCP. I think that there are some very good uses for UDP-based protocols (gee, DNS seems to work, but falls back to TCP for responses larger than size N), but it's tricky. If it's not an authenticated protocol, you leave yourself open to a whole class of DOS attacks, akin to RFC 1644 T/TCP. Datagram reassembly in user space is for the birds. Consuming resources for pending operations can choke you to death. TCP is constantly improving, though the improvements sometimes have unwanted side-effects -- congestion-control algorithms break for wireless, where packet loss might be due to a neighbor using a cordless phone rather than congestion. Back to problem of NFS over UDP -- it's not so stateless, is it? ;-) Remote disk access is mostly bulk transfer operations anyway, why wouldn't you use TCP? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun May 19 14:15: 4 2002 Delivered-To: freebsd-net@freebsd.org Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by hub.freebsd.org (Postfix) with ESMTP id 4C68337B401 for ; Sun, 19 May 2002 14:14:59 -0700 (PDT) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc53.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020519211459.BION12519.rwcrmhc53.attbi.com@blossom.cjclark.org>; Sun, 19 May 2002 21:14:59 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g4JLEt177967; Sun, 19 May 2002 14:14:55 -0700 (PDT) (envelope-from crist.clark@attbi.com) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Sun, 19 May 2002 14:14:55 -0700 From: "Crist J. Clark" To: Michael Sierchio Cc: freebsd-net@FreeBSD.ORG Subject: Re: HEADS UP: ALTQ integration developer preview Message-ID: <20020519141455.J67779@blossom.cjclark.org> Reply-To: "Crist J. Clark" References: <3CE55A9B.73EA3DE4@mindspring.com> <3CE61675.BCE2A9E1@mindspring.com> <1021717195.1466.4.camel@gurney.reilly.home> <3CE6D592.DCF73743@mindspring.com> <20020519001249.GA24012@roughtrade.net> <3CE6F653.CDE9D2B4@mindspring.com> <20020519010703.GE24468@roughtrade.net> <3CE7508D.36568484@mindspring.com> <3CE7DFFE.2090809@tenebras.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3CE7DFFE.2090809@tenebras.com>; from kudzu@tenebras.com on Sun, May 19, 2002 at 10:25:18AM -0700 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, May 19, 2002 at 10:25:18AM -0700, Michael Sierchio wrote: [snip] > Back to problem of NFS over UDP -- it's not so stateless, is it? ;-) > Remote disk access is mostly bulk transfer operations anyway, A _lot_ of remote disk access is not bulk transfers, but file status information. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun May 19 20:12:18 2002 Delivered-To: freebsd-net@freebsd.org Received: from laptop.tenebras.com (laptop.tenebras.com [66.92.188.18]) by hub.freebsd.org (Postfix) with SMTP id A545137B412 for ; Sun, 19 May 2002 20:12:14 -0700 (PDT) Received: (qmail 1898 invoked from network); 20 May 2002 03:12:13 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (66.92.188.241) by 0 with SMTP; 20 May 2002 03:12:13 -0000 Message-ID: <3CE8698C.7080500@tenebras.com> Date: Sun, 19 May 2002 20:12:12 -0700 From: Michael Sierchio Reply-To: kudzu@tenebras.com User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0rc2) Gecko/20020516 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Crist J. Clark" Cc: freebsd-net@FreeBSD.ORG Subject: Re: HEADS UP: ALTQ integration developer preview References: <3CE55A9B.73EA3DE4@mindspring.com> <3CE61675.BCE2A9E1@mindspring.com> <1021717195.1466.4.camel@gurney.reilly.home> <3CE6D592.DCF73743@mindspring.com> <20020519001249.GA24012@roughtrade.net> <3CE6F653.CDE9D2B4@mindspring.com> <20020519010703.GE24468@roughtrade.net> <3CE7508D.36568484@mindspring.com> <3CE7DFFE.2090809@tenebras.com> <20020519141455.J67779@blossom.cjclark.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Crist J. Clark wrote: > On Sun, May 19, 2002 at 10:25:18AM -0700, Michael Sierchio wrote: > [snip] > > >>Back to problem of NFS over UDP -- it's not so stateless, is it? ;-) >>Remote disk access is mostly bulk transfer operations anyway, > > > A _lot_ of remote disk access is not bulk transfers, but file status > information. Okay, you're right -- my own research indicates that 'stat' is the most common operation on a file. It accounts, in numbers, for the majority of all file operations, whether local mounts or NFS. I think I'd like to revise my point -- the implementation of a protocol which was intended to be stateless, but whereby state is introduced by attempting to implement reliable delivery over UDP (where UDP datagram size may be up to 64KB) is problematic. T/TCP is interesting, but I wouldn't use it w/o some lightweight authenticator in the message. UDP works, by and large, except when it doesn't. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 20 0:48:45 2002 Delivered-To: freebsd-net@freebsd.org Received: from roam.psg.com (roam.psg.com [147.28.0.10]) by hub.freebsd.org (Postfix) with ESMTP id 06DE537B403 for ; Mon, 20 May 2002 00:48:43 -0700 (PDT) Received: from randy by roam.psg.com with local (Exim 4.04) id 179S14-0000Bb-00; Sun, 19 May 2002 07:50:34 -0700 From: Randy Bush MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Terry Lambert Cc: Joshua Goodall , Andrew Reilly , Attila Nagy , freebsd-net@freebsd.org Subject: Re: HEADS UP: ALTQ integration developer preview References: <3CE55A9B.73EA3DE4@mindspring.com> <3CE61675.BCE2A9E1@mindspring.com> <1021717195.1466.4.camel@gurney.reilly.home> <3CE6D592.DCF73743@mindspring.com> <20020519001249.GA24012@roughtrade.net> <3CE6F653.CDE9D2B4@mindspring.com> <20020519010703.GE24468@roughtrade.net> <3CE7508D.36568484@mindspring.com> Message-Id: Date: Sun, 19 May 2002 07:50:34 -0700 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > UDP is still a bad bet for reliable request response. It's > really dumb to effectively reimplement TCP without windows on > top of UDP just to avoid using TCP. well said randy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 20 4:27:30 2002 Delivered-To: freebsd-net@freebsd.org Received: from daemon.kr.FreeBSD.org (daemon.kr.freebsd.org [211.176.62.31]) by hub.freebsd.org (Postfix) with ESMTP id 58DA137B40A; Mon, 20 May 2002 04:27:23 -0700 (PDT) Received: from gradius.wdb.co.kr (daemon [211.176.62.31]) by daemon.kr.FreeBSD.org (Postfix) with ESMTP id 981798F624; Mon, 20 May 2002 20:27:23 +0900 (KST) Received: from localhost (localhost [127.0.0.1]) by gradius.wdb.co.kr (8.12.3/8.12.3) with ESMTP id g4K9pSQo028032; Mon, 20 May 2002 18:51:40 +0900 (KST) (envelope-from cjh@kr.FreeBSD.org) Date: Mon, 20 May 2002 18:51:28 +0900 (KST) Message-Id: <20020520.185128.124027523.cjh@kr.FreeBSD.org> To: freebsd-net@freebsd.org Cc: cjh@freebsd.org Subject: 1000baseSX support in em/gx/wx? From: CHOI Junho Organization: Korea FreeBSD Users Gruop X-URL: http://www.kr.FreeBSD.org/~cjh X-Mailer: Mew version 3.0.55 on Emacs 21.2 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Recently I have a chance to test Gigabit ethernet card based on 82543GC-F chipset based(Intel Pro/1000 F adapter, I think. It is at data center so I didn't see the board) with FreeBSD 4.5-RELEASE. The problem is that FreeBSD does detect the card, but can't do networking. At booting with newest em (from intel) or gx driver in kernel, it shows: gigatest# ifconfig em0 em0: flags=8802 mtu 1500 inet6 fe80::203:47ff:fede:a186%em0 prefixlen 64 scopeid 0x2 ether 00:03:47:de:a1:86 media: Ethernet autoselect status: no carrier No carrier message showed. Assuming the cable has no problem, what's the problem of this adapter? Here is part of dmesg: em0: mem 0xfb010000-0xfb01ffff,0xfb020000-0xfb03ffff irq 9 at device 10.0 on pci1 em0: Speed:N/A Duplex:N/A This card only has one 1000baseSX interface. em/gx doesn't support 1000baseSX type cable? -- +++ Any opinions in this posting are my own and not those of my employers +++ CHOI Junho [sleeping now] [while sleeping] Korea FreeBSD Users Group Web Data Bank To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 20 6:42: 1 2002 Delivered-To: freebsd-net@freebsd.org Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by hub.freebsd.org (Postfix) with ESMTP id 0654737B40C; Mon, 20 May 2002 06:41:56 -0700 (PDT) Received: from moe.cs.duke.edu (moe.cs.duke.edu [152.3.140.74]) by duke.cs.duke.edu (8.9.3/8.9.3) with ESMTP id JAA03879; Mon, 20 May 2002 09:41:49 -0400 (EDT) Received: (gallatin@localhost) by moe.cs.duke.edu (8.8.5/8.6.9) id JAA01372; Mon, 20 May 2002 09:41:49 -0400 (EDT) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15592.64797.214809.466674@moe.cs.duke.edu> Date: Mon, 20 May 2002 09:41:49 -0400 (EDT) To: Terry Lambert Cc: Don Bowman , "Kenneth D. Merry" , current@FreeBSD.org, net@FreeBSD.org Subject: Re: new zero copy sockets patches available In-Reply-To: <3CE6E263.77E337E0@mindspring.com> References: <3CE6E263.77E337E0@mindspring.com> X-Mailer: VM 6.72 under 21.1 (patch 9) "Canyonlands" XEmacs Lucid Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Terry Lambert writes: > To do the work, you'd have to do it on your own, after licensing > the firmware, after signing an NDA. Unlike the rather public > Tigon II firmware, the Tigon III doesn't have a lot of synergy > or interesting work going for it. Most people doing interesting > work tend to use Tigon II cards, because of this. It also requires a good contact at Broadcom. Some people I know at another institution are willing to sign an NDA and still cannot get the firmware from Broadcom. Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 20 6:49: 9 2002 Delivered-To: freebsd-net@freebsd.org Received: from daemon.kr.FreeBSD.org (daemon.kr.freebsd.org [211.176.62.31]) by hub.freebsd.org (Postfix) with ESMTP id 4D91537B409; Mon, 20 May 2002 06:49:02 -0700 (PDT) Received: from gradius.wdb.co.kr (daemon [211.176.62.31]) by daemon.kr.FreeBSD.org (Postfix) with ESMTP id DC1588F60F; Mon, 20 May 2002 22:49:02 +0900 (KST) Received: from localhost (localhost [127.0.0.1]) by gradius.wdb.co.kr (8.12.3/8.12.3) with ESMTP id g4KDmvOO032453; Mon, 20 May 2002 22:48:58 +0900 (KST) (envelope-from cjh@kr.FreeBSD.org) Date: Mon, 20 May 2002 22:48:57 +0900 (KST) Message-Id: <20020520.224857.00512817.cjh@kr.FreeBSD.org> To: freebsd-net@freebsd.org Cc: cjh@freebsd.org Subject: Re: 1000baseSX support in em/gx/wx? From: CHOI Junho In-Reply-To: <20020520.185128.124027523.cjh@kr.FreeBSD.org> References: <20020520.185128.124027523.cjh@kr.FreeBSD.org> Organization: Korea FreeBSD Users Gruop X-URL: http://www.kr.FreeBSD.org/~cjh X-Mailer: Mew version 3.0.55 on Emacs 21.2 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org From: CHOI Junho Subject: 1000baseSX support in em/gx/wx? Date: Mon, 20 May 2002 18:51:28 +0900 (KST) > Recently I have a chance to test Gigabit ethernet card based on > 82543GC-F chipset based(Intel Pro/1000 F adapter, I think. It is at > data center so I didn't see the board) with FreeBSD 4.5-RELEASE. > > The problem is that FreeBSD does detect the card, but can't do > networking. I changed the cable and it nicely works with em(4) driver. Sorry! BTW, is there any result of performance test of this gigabit driver, or any advice to tune this system for maximum HTTP traffic? My system is PIII-1G, 1G RAM, 18G Atlas 10k U-SCSI, Intel ServerWorks NB6635 board. -- +++ Any opinions in this posting are my own and not those of my employers +++ CHOI Junho [sleeping now] [while sleeping] Korea FreeBSD Users Group Web Data Bank To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 20 7: 0:53 2002 Delivered-To: freebsd-net@freebsd.org Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by hub.freebsd.org (Postfix) with ESMTP id 6C05837B40A; Mon, 20 May 2002 07:00:46 -0700 (PDT) Received: from moe.cs.duke.edu (moe.cs.duke.edu [152.3.140.74]) by duke.cs.duke.edu (8.9.3/8.9.3) with ESMTP id KAA04481; Mon, 20 May 2002 10:00:45 -0400 (EDT) Received: (gallatin@localhost) by moe.cs.duke.edu (8.8.5/8.6.9) id KAA01645; Mon, 20 May 2002 10:00:45 -0400 (EDT) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15593.397.293842.890597@moe.cs.duke.edu> Date: Mon, 20 May 2002 10:00:45 -0400 (EDT) To: "Kenneth D. Merry" Cc: Don Bowman , current@FreeBSD.org, net@FreeBSD.org Subject: Re: new zero copy sockets patches available In-Reply-To: <20020518214509.C46216@panzer.kdm.org> References: <20020518214509.C46216@panzer.kdm.org> X-Mailer: VM 6.72 under 21.1 (patch 9) "Canyonlands" XEmacs Lucid Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Kenneth D. Merry writes: > > As a related question, will this work with the broadcom gigabit (bge) > > driver, which is the Tigon III? If not, what would it take to get > > it working? > > Unfortunately, it won't work with the Tigon III. > > If you can get firmware source for the Tigon III, I can probably get header > splitting working. (The only way it wouldn't work is if they've offloaded > most of the packet processing into the hardware.) I don't want this to sound too much like an advertisement, but since I now work for Myricom, I feel obligated to point out that the other adapters that this can be made to work with are Myricom Myrinet interfaces (*) Anyway, if this gets committed, I will enhance the Myricom GM-2 firmware to support page-flipping receives. I think my boss will approve the work. With FreeBSD & gm-2, we now see roughly 1.8Gb/sec from iperf, but the receiver's CPU is maxed out. It would be nice to have some room left over to actually do something with the data ;) > The send side code will work on any NIC, and you can kludge up special case > header splitting on the receive side if the NIC allows you to break jumbo > frames into multiple chunks of data. (This is what Drew originally did for > the Tigon II -- you just size the initial chunk of data so that it'll just > hold the ethernet header, IP header, TCP header and TCP options, and the > payload will "magically" end up page aligned. This doesn't work for > protocols other than TCP, and it won't work if your TCP header changes in > length.) This mostly doesn't work for TCP at all. It does work for the client-side zero-copy NFS read-response work I did where I page-flip the received frame into the buffer cache. This was something of a hack, because I don't actually parse the rpcs, I just guess that the data starts at a certain offset into the packet (which it does, 99% of the time). Cheers, Drew (*) 2Gb/sec + 2Gb/sec. See http://www.myri.com/myrinet/product_list.html. Before your jaw hits the floor at the price per adapter, take into account how cheap the switches are when compared to high-density gigabit ethernet switches. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 20 10:41:37 2002 Delivered-To: freebsd-net@freebsd.org Received: from mailg.telia.com (mailg.telia.com [194.22.194.26]) by hub.freebsd.org (Postfix) with ESMTP id 5DB9B37B715 for ; Mon, 20 May 2002 10:39:41 -0700 (PDT) Received: from d1o1000.telia.com (d1o1000.telia.com [217.208.12.241]) by mailg.telia.com (8.11.6/8.11.6) with ESMTP id g4KHdeT26740 for ; Mon, 20 May 2002 19:39:40 +0200 (CEST) Received: from veidit.net (h54n1fls35o1000.telia.com [217.210.234.54]) by d1o1000.telia.com (8.10.2/8.10.1) with ESMTP id g4KHdea23312 for ; Mon, 20 May 2002 19:39:40 +0200 (CEST) Message-ID: <3CE934D8.9010302@veidit.net> Date: Mon, 20 May 2002 19:39:36 +0200 From: John Angelmo User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0rc2) Gecko/20020513 X-Accept-Language: en-us, en MIME-Version: 1.0 To: net@freebsd.org Subject: "dynamic" ipfw Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello I have a small problem with IPFW How can I handle adding and removing rules based on IP/MAC per user? I can add a rule for a specific IP/MAC without the need to flush but can I remove it in the same way? now lets say I have a user that only needs access to it's mailserver mail.user.com with pop3 and smtp then the rule for pop3 would be something like add allow ip from mail.user.com 110 to IP/HOST (MAC dosn't work here right?) Now mail.user.com uses runrobin so the IP changes from request to request but dosn't the IPFW resolve the IP when its added to the rules, how can this be solved for the user? /John To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 20 15:23:30 2002 Delivered-To: freebsd-net@freebsd.org Received: from exchange.corp.cre8.com (ns.cre8.com [216.135.81.2]) by hub.freebsd.org (Postfix) with ESMTP id BD79F37B406 for ; Mon, 20 May 2002 15:23:11 -0700 (PDT) Received: by exchange.corp.cre8.com with Internet Mail Service (5.5.2653.19) id ; Mon, 20 May 2002 18:23:20 -0400 Message-ID: <2F6DCE1EFAB3BC418B5C324F13934C96016C9B4C@exchange.corp.cre8.com> From: Scott Ullrich To: 'John Angelmo' , net@freebsd.org Subject: RE: "dynamic" ipfw Date: Mon, 20 May 2002 18:23:20 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C2004C.F2595350" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C2004C.F2595350 Content-Type: text/plain; charset="iso-8859-1" Check out http://www.bsdshell.com 's EtherFirewall project. It will allow you to maintain Mac addresses with your IPFW rules. Now regarding the hostname to ip address conversion for firewall rules. I have a feeling it is translating the IP address at the time of entry so this is not really going to work for your round-robin situation. EtherFirewall is the clear choice for this. Good luck! -Scott > -----Original Message----- > From: John Angelmo [mailto:john@veidit.net] > Sent: Monday, May 20, 2002 1:40 PM > To: net@freebsd.org > Subject: "dynamic" ipfw > > > Hello > > I have a small problem with IPFW > > How can I handle adding and removing rules based on IP/MAC per user? > I can add a rule for a specific IP/MAC without the need to > flush but can > I remove it in the same way? > > now lets say I have a user that only needs access to it's mailserver > mail.user.com with pop3 and smtp > then the rule for pop3 would be something like > add allow ip from mail.user.com 110 to IP/HOST (MAC dosn't > work here right?) > > Now mail.user.com uses runrobin so the IP changes from request to > request but dosn't the IPFW resolve the IP when its added to > the rules, > how can this be solved for the user? > > /John > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > ------_=_NextPart_001_01C2004C.F2595350 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: "dynamic" ipfw

Check out http://www.bsdshell.com 's EtherFirewall = project.   It will allow you to maintain Mac addresses with = your IPFW rules. 

Now regarding the hostname to ip address conversion = for firewall rules.  I have a feeling it is translating the IP = address at the time of entry so this is not really going to work for = your round-robin situation.  EtherFirewall is the clear choice for = this.

Good luck!

-Scott


> -----Original Message-----
> From: John Angelmo [mailto:john@veidit.net]
> Sent: Monday, May 20, 2002 1:40 PM
> To: net@freebsd.org
> Subject: "dynamic" ipfw
>
>
> Hello
>
> I have a small problem with IPFW
>
> How can I handle adding and removing rules = based on IP/MAC per user?
> I can add a rule for a specific IP/MAC without = the need to
> flush but can
> I remove it in the same way?
>
> now lets say I have a user that only needs = access to it's mailserver
> mail.user.com with pop3 and smtp
> then the rule for pop3 would be something = like
> add allow ip from mail.user.com 110 to IP/HOST = (MAC dosn't
> work here right?)
>
> Now mail.user.com uses runrobin so the IP = changes from request to
> request but dosn't the IPFW resolve the IP when = its added to
> the rules,
> how can this be solved for the user?
>
> /John
>
>
> To Unsubscribe: send mail to = majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the = body of the message
>

------_=_NextPart_001_01C2004C.F2595350-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 20 15:23:55 2002 Delivered-To: freebsd-net@freebsd.org Received: from ns.live.com (ns.live.com [66.80.62.34]) by hub.freebsd.org (Postfix) with ESMTP id 34FE337B412 for ; Mon, 20 May 2002 15:23:23 -0700 (PDT) Received: from ns.live.com (localhost.live.com [127.0.0.1]) by ns.live.com (8.12.3/8.12.3) with ESMTP id g4KMNMAI088094; Mon, 20 May 2002 15:23:22 -0700 (PDT) (envelope-from rsf@ns.live.com) Received: (from rsf@localhost) by ns.live.com (8.12.3/8.12.3/Submit) id g4KMNM9X088093; Mon, 20 May 2002 15:23:22 -0700 (PDT) Message-Id: <4.3.1.1.20020520151716.00c2f870@laptop-localhost> X-Sender: rsf@laptop-localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.1 Date: Mon, 20 May 2002 15:23:13 -0700 To: freebsd-mobile.freebsd.org@ns.live.com, freebsd-net@freebsd.org From: Ross Finlayson Subject: Multicast problem with "wi" driver in promiscuous mode - any resolution? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Last October a couple of messages - and - were posted to the "freebsd-mobile" mailing list, outlining a problem with the "wi" driver not receiving multicast in 'all-multicast-packets' mode. To quote: "The wi driver does not receive multicast packets when set to receive all multicast packets, ie. when running mrouted. Well that is except if I am turning on promiscuous mode" Has anyone looked into this problem at all since then? (I'd take a crack at this myself, except that I'm not a "wi" driver expert...) Ross. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 20 15:24:11 2002 Delivered-To: freebsd-net@freebsd.org Received: from ns.live.com (ns.live.com [66.80.62.34]) by hub.freebsd.org (Postfix) with ESMTP id 0DAF837B404; Mon, 20 May 2002 15:23:34 -0700 (PDT) Received: from ns.live.com (localhost.live.com [127.0.0.1]) by ns.live.com (8.12.3/8.12.3) with ESMTP id g4KMNXAI088189; Mon, 20 May 2002 15:23:33 -0700 (PDT) (envelope-from rsf@ns.live.com) Received: (from rsf@localhost) by ns.live.com (8.12.3/8.12.3/Submit) id g4KMNXop088187; Mon, 20 May 2002 15:23:33 -0700 (PDT) Message-Id: <4.3.1.1.20020520151716.00c2f870@laptop-localhost> X-Sender: rsf@laptop-localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.1 Date: Mon, 20 May 2002 15:23:26 -0700 To: freebsd-mobile@freebsd.org, freebsd-net@freebsd.org From: Ross Finlayson Subject: Multicast problem with "wi" driver in promiscuous mode - any resolution? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Last October a couple of messages - and - were posted to the "freebsd-mobile" mailing list, outlining a problem with the "wi" driver not receiving multicast in 'all-multicast-packets' mode. To quote: "The wi driver does not receive multicast packets when set to receive all multicast packets, ie. when running mrouted. Well that is except if I am turning on promiscuous mode" Has anyone looked into this problem at all since then? (I'd take a crack at this myself, except that I'm not a "wi" driver expert...) Ross. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 20 15:45:46 2002 Delivered-To: freebsd-net@freebsd.org Received: from web21102.mail.yahoo.com (web21102.mail.yahoo.com [216.136.227.104]) by hub.freebsd.org (Postfix) with SMTP id C521437B40B for ; Mon, 20 May 2002 15:45:41 -0700 (PDT) Message-ID: <20020520224541.58516.qmail@web21102.mail.yahoo.com> Received: from [152.15.26.29] by web21102.mail.yahoo.com via HTTP; Mon, 20 May 2002 15:45:41 PDT Date: Mon, 20 May 2002 15:45:41 -0700 (PDT) From: Vinod Subject: gateway of 0.0.0.0 ? To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org i had a simple networking question. This is the setup i have. 10.0.0.2 10.0.1.1 10.0.1.5 _ _ b- - - - - - - - -e 10.0.0.1 | a-----Switch-- | |_ _ c | 10.0.0.3 | d 10.0.0.5 and following is an entry in d: destination Gateway interface 10.0.1/24 0.0.0.0 rl0 but when i ping 10.0.1.2 or 10.0.1.5 , i cant reach. what exactly does the gateway of 0.0.0.0 mean?this gateway of 0.0.0.0 for 10.0.1/24 is automatically generated by a script which i run as part of an installation.so the entry of 0.0.0.0 is correct.i need to know why its not working as it should.so i think i need to know what exactly a gateway of 0.0.0.0 means to the packets to 10.0.1/24. any help will be appreciated. Vinod __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 20 19:52:30 2002 Delivered-To: freebsd-net@freebsd.org Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by hub.freebsd.org (Postfix) with ESMTP id A242B37B40E for ; Mon, 20 May 2002 19:52:20 -0700 (PDT) Received: from DarthVader ([12.249.51.132]) by rwcrmhc53.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020521025220.LPSW12519.rwcrmhc53.attbi.com@DarthVader> for ; Tue, 21 May 2002 02:52:20 +0000 Message-ID: <008a01c20072$89d1b950$0a01a8c0@DarthVader> From: "Mark Hassman" To: Subject: slow network Date: Mon, 20 May 2002 21:52:25 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0087_01C20048.A099E240" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0087_01C20048.A099E240 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi! I was wondering if you know any reasons why my network might be slow = (abnormally slow). Let me tell you about it. I have a FreeBSD server / firewall running. I have a cable modem that = runs into the server. the server does its stuff and passes everything = along to 2 computers hooked up to my internal network. When I connect = my computer to the cable modem directly I get speeds up around 500 - 600 = k/s but when its through the server speeds are drastically slower around = 150 - 200 tops. Also, I have samba running, but that seems very slow too. If I run an = MP3 off the server it is very choppy, however this seems to be local to = the server alone. If I play MP3's or what not off the other computer on = the network things are faster than ever. (d/l from the server seems the = same way) All this leads me to the conclusion that something is wrong with the = server. I don't know what, but let me explain how I have it set up. The server has 2 D-Link ethernet cards (I've had a good history with = them...) in it. 1 connected to the cable modem the other to the = internal network hub. All ethernet cards on the network are 10/100, but = the hub is 10baseT (soon to be 10/100 as well). The server is set up = for DHCPD from the outside, but I was having issues doing that = internally so right now the internal IP's and stuff are all static. That is about all there is to it. Funny thing is I had the same setup = (minus samba) running at school a few months ago and speeds were = fantastic. Therefore I don't know if its the network cards, the hub, or = some wacky configuration in the server itself. This problem existed = before samba worked so I don't think that is the culprit at all. If you have any hints or experience with this please let me know. = Thanks! -Mark ------=_NextPart_000_0087_01C20048.A099E240 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi!
 
I was wondering if you know any reasons = why my=20 network might be slow (abnormally slow).  Let me tell you about=20 it.
 
I have a FreeBSD server / firewall = running.  I=20 have a cable modem that runs into the server.  the server does its = stuff=20 and passes everything along to 2 computers hooked up to my internal=20 network.  When I connect my computer to the cable modem directly I = get=20 speeds up around 500 - 600 k/s but when its through the server speeds = are=20 drastically slower around 150 - 200 tops.
 
Also, I have samba running, but that = seems very=20 slow too.  If I run an MP3 off the server it is very choppy, = however this=20 seems to be local to the server alone.  If I play MP3's or what not = off the=20 other computer on the network things are faster than ever.  (d/l = from the=20 server seems the same way)
 
All this leads me to the conclusion = that something=20 is wrong with the server.  I don't know what, but let me explain = how I have=20 it set up.
 
The server has 2 D-Link ethernet cards = (I've had a=20 good history with them...) in it.  1 connected to the cable = modem the=20 other to the internal network hub.  All ethernet cards on the = network are=20 10/100, but the hub is 10baseT (soon to be 10/100 as well).  The = server is=20 set up for DHCPD from the outside, but I was having issues doing that = internally=20 so right now the internal IP's and stuff are all static.
 
That is about all there is to it.  = Funny thing=20 is I had the same setup (minus samba) running at school a few months ago = and=20 speeds were fantastic.  Therefore I don't know if its the network = cards,=20 the hub, or some wacky configuration in the server itself.  This = problem=20 existed before samba worked so I don't think that is the culprit at=20 all.
 
If you have any hints or experience = with this=20 please let me know.  Thanks!
 
-Mark
------=_NextPart_000_0087_01C20048.A099E240-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 21 4:17:15 2002 Delivered-To: freebsd-net@freebsd.org Received: from scribble.fsn.hu (scribble.fsn.hu [193.224.40.95]) by hub.freebsd.org (Postfix) with SMTP id 4A4B337B40F for ; Tue, 21 May 2002 04:17:11 -0700 (PDT) Received: (qmail 29490 invoked by uid 1000); 21 May 2002 11:18:52 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 21 May 2002 11:18:52 -0000 Date: Tue, 21 May 2002 13:18:52 +0200 (CEST) From: Attila Nagy To: Terry Lambert Cc: freebsd-net@freebsd.org Subject: Re: HEADS UP: ALTQ integration developer preview In-Reply-To: <3CE6D976.3264DE53@mindspring.com> Message-ID: References: <3CE55A9B.73EA3DE4@mindspring.com> <3CE61675.BCE2A9E1@mindspring.com> <3CE6D976.3264DE53@mindspring.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, > > When using 32768 bytes MTU I can get around 190 Mbps out from a PIII 450. > > (and only 190 Mbps because the two frontends have fast ethernet cards) > > So why this is so bad? If the other end can keep up, it will increase > > throughput. > And you could get even better by getting rid of the request/response > turnaround stall by using TCP instead of UDP. Forgot to tell that these results are with TCP, not UDP! But as far as I can remember the original problem is still that with the gx driver I was unable to use a "standard" UDP NFS mount, because of the fragments (it worked with the em driver) and if I remember correctly it had problems with TCP too. My letter was about this: a warning that if people notice problems with the gx driver, they should try the em. It is often hard to find a driver which is not even in LINT... > Then don't add the fragment reassmbly code to the code path for packets > you send to the server. That way you'll have less overhead. I am not a big expert on this area, but if I get 200 Mbps instead of 15, I think increasing the packet size is good for me :) And going over the MTU with UDP also gives similar results. (the above is for TCP) > I run all my NFS over TCP. If I avoid intentionally triggering > fragmentation, it works out to a little over 100 machine instructions in > the fast path. Done any cycle counting on your use of UDP yet? I use TCP. I just noted that I *could* not use UDP mounts, with packet size bigger than the MTU with the gx driver. Which works with the em one, so either me, or the driver is buggy :) --------[ Free Software ISOs - ftp://ftp.fsn.hu/pub/CDROM-Images/ ]------- Attila Nagy e-mail: Attila.Nagy@fsn.hu Free Software Network (FSN.HU) phone @work: +361 210 1415 (194) cell.: +3630 306 6758 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 21 5: 0:53 2002 Delivered-To: freebsd-net@freebsd.org Received: from chicken.orbitel.bg (chicken100.orbitel.bg [195.24.32.21]) by hub.freebsd.org (Postfix) with SMTP id 2E32337B405 for ; Tue, 21 May 2002 05:00:48 -0700 (PDT) Received: (qmail 3938 invoked from network); 21 May 2002 12:00:40 -0000 Received: from unknown (HELO procreditbank.com) (212.95.171.204) by chicken.orbitel.bg with SMTP; 21 May 2002 12:00:40 -0000 Received: from itaush [172.16.248.203] by Proxy+; Tue, 21 May 2002 14:58:27 +0300 for From: "Ivailo Tanusheff" To: "FreeBSD Net" Subject: Interface statistic Date: Tue, 21 May 2002 14:58:22 +0300 Message-ID: <008101c200be$d1f250e0$cbf810ac@sof.procreditbank.bg> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0082_01C200D7.F73F88E0" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0082_01C200D7.F73F88E0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hi, Can you tell me a way to collect per network interface statistic on my FreeBSD box? At this moment I'm using IPFilter accounting to collect needed information, but I think this way I'm collecting only information related to tcp, udp and icmp traffic. My purpose is to visualize this data in MRTG. Thank you in advantage, Ivailo Tanusheff System Administrator and Security Advisor ProCredit Bank ------=_NextPart_000_0082_01C200D7.F73F88E0 Content-Type: text/x-vcard; name="Ivailo Tanusheff.vcf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="Ivailo Tanusheff.vcf" BEGIN:VCARD VERSION:2.1 N:Tanusheff;Ivailo FN:Ivailo Tanusheff ORG:ProCredit Bank TITLE:System administrator and Security advisor TEL;WORK;VOICE:+359 2 9217161 EMAIL;PREF;INTERNET:I.Tanusheff@prokreditbank.com REV:20020510T125145Z END:VCARD ------=_NextPart_000_0082_01C200D7.F73F88E0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 21 7:22:12 2002 Delivered-To: freebsd-net@freebsd.org Received: from exchmx2.lsuhsc.edu (exchmx2.lsuhsc.edu [155.58.212.90]) by hub.freebsd.org (Postfix) with ESMTP id C4C3C37B414 for ; Tue, 21 May 2002 07:22:01 -0700 (PDT) Received: by exchmx2.lsuhsc.edu with Internet Mail Service (5.5.2653.19) id ; Tue, 21 May 2002 09:22:03 -0500 Message-ID: From: "Mire, John" To: 'Scott Ullrich' , 'John Angelmo' , net@freebsd.org Subject: RE: "dynamic" ipfw Date: Tue, 21 May 2002 09:18:58 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C200D2.72699750" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C200D2.72699750 Content-Type: text/plain; charset="iso-8859-1" nice project page, does it do anything? -----Original Message----- From: Scott Ullrich [mailto:sullrich@CRE8.COM] Sent: Monday, May 20, 2002 5:23 PM To: 'John Angelmo'; net@freebsd.org Subject: RE: "dynamic" ipfw Check out http://www.bsdshell.com 's EtherFirewall project. It will allow you to maintain Mac addresses with your IPFW rules. Now regarding the hostname to ip address conversion for firewall rules. I have a feeling it is translating the IP address at the time of entry so this is not really going to work for your round-robin situation. EtherFirewall is the clear choice for this. Good luck! -Scott > -----Original Message----- > From: John Angelmo [ mailto:john@veidit.net ] > Sent: Monday, May 20, 2002 1:40 PM > To: net@freebsd.org > Subject: "dynamic" ipfw > > > Hello > > I have a small problem with IPFW > > How can I handle adding and removing rules based on IP/MAC per user? > I can add a rule for a specific IP/MAC without the need to > flush but can > I remove it in the same way? > > now lets say I have a user that only needs access to it's mailserver > mail.user.com with pop3 and smtp > then the rule for pop3 would be something like > add allow ip from mail.user.com 110 to IP/HOST (MAC dosn't > work here right?) > > Now mail.user.com uses runrobin so the IP changes from request to > request but dosn't the IPFW resolve the IP when its added to > the rules, > how can this be solved for the user? > > /John > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > ------_=_NextPart_001_01C200D2.72699750 Content-Type: text/html; charset="iso-8859-1" RE: "dynamic" ipfw
nice project page, does it do anything?
-----Original Message-----
From: Scott Ullrich [mailto:sullrich@CRE8.COM]
Sent: Monday, May 20, 2002 5:23 PM
To: 'John Angelmo'; net@freebsd.org
Subject: RE: "dynamic" ipfw

Check out http://www.bsdshell.com 's EtherFirewall project.   It will allow you to maintain Mac addresses with your IPFW rules. 

Now regarding the hostname to ip address conversion for firewall rules.  I have a feeling it is translating the IP address at the time of entry so this is not really going to work for your round-robin situation.  EtherFirewall is the clear choice for this.

Good luck!

-Scott


> -----Original Message-----
> From: John Angelmo [mailto:john@veidit.net]
> Sent: Monday, May 20, 2002 1:40 PM
> To: net@freebsd.org
> Subject: "dynamic" ipfw
>
>
> Hello
>
> I have a small problem with IPFW
>
> How can I handle adding and removing rules based on IP/MAC per user?
> I can add a rule for a specific IP/MAC without the need to
> flush but can
> I remove it in the same way?
>
> now lets say I have a user that only needs access to it's mailserver
> mail.user.com with pop3 and smtp
> then the rule for pop3 would be something like
> add allow ip from mail.user.com 110 to IP/HOST (MAC dosn't
> work here right?)
>
> Now mail.user.com uses runrobin so the IP changes from request to
> request but dosn't the IPFW resolve the IP when its added to
> the rules,
> how can this be solved for the user?
>
> /John
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
>

------_=_NextPart_001_01C200D2.72699750-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 21 7:36:46 2002 Delivered-To: freebsd-net@freebsd.org Received: from exchange.corp.cre8.com (ns.cre8.com [216.135.81.2]) by hub.freebsd.org (Postfix) with ESMTP id 365F037B403 for ; Tue, 21 May 2002 07:36:38 -0700 (PDT) Received: by exchange.corp.cre8.com with Internet Mail Service (5.5.2653.19) id ; Tue, 21 May 2002 10:36:46 -0400 Message-ID: <2F6DCE1EFAB3BC418B5C324F13934C96016C9B61@exchange.corp.cre8.com> From: Scott Ullrich To: "'Mire, John'" , Scott Ullrich , 'John Angelmo' , net@freebsd.org Subject: RE: "dynamic" ipfw Date: Tue, 21 May 2002 10:36:46 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C200D4.EEEA1460" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C200D4.EEEA1460 Content-Type: text/plain; charset="iso-8859-1" John, What do you mean by does it do anything? Currently all three projects are working and we are in the process of finishing new verisons. ;) -Scott -----Original Message----- From: Mire, John [mailto:jmire@lsuhsc.edu] Sent: Tuesday, May 21, 2002 10:19 AM To: 'Scott Ullrich'; 'John Angelmo'; net@freebsd.org Subject: RE: "dynamic" ipfw nice project page, does it do anything? -----Original Message----- From: Scott Ullrich [mailto:sullrich@CRE8.COM] Sent: Monday, May 20, 2002 5:23 PM To: 'John Angelmo'; net@freebsd.org Subject: RE: "dynamic" ipfw Check out http://www.bsdshell.com 's EtherFirewall project. It will allow you to maintain Mac addresses with your IPFW rules. Now regarding the hostname to ip address conversion for firewall rules. I have a feeling it is translating the IP address at the time of entry so this is not really going to work for your round-robin situation. EtherFirewall is the clear choice for this. Good luck! -Scott > -----Original Message----- > From: John Angelmo [ mailto:john@veidit.net ] > Sent: Monday, May 20, 2002 1:40 PM > To: net@freebsd.org > Subject: "dynamic" ipfw > > > Hello > > I have a small problem with IPFW > > How can I handle adding and removing rules based on IP/MAC per user? > I can add a rule for a specific IP/MAC without the need to > flush but can > I remove it in the same way? > > now lets say I have a user that only needs access to it's mailserver > mail.user.com with pop3 and smtp > then the rule for pop3 would be something like > add allow ip from mail.user.com 110 to IP/HOST (MAC dosn't > work here right?) > > Now mail.user.com uses runrobin so the IP changes from request to > request but dosn't the IPFW resolve the IP when its added to > the rules, > how can this be solved for the user? > > /John > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > ------_=_NextPart_001_01C200D4.EEEA1460 Content-Type: text/html; charset="iso-8859-1" RE: "dynamic" ipfw
John,
 
What do you mean by does it do anything?  Currently all three projects are working and we are in the process of finishing new verisons. ;)
 
-Scott
-----Original Message-----
From: Mire, John [mailto:jmire@lsuhsc.edu]
Sent: Tuesday, May 21, 2002 10:19 AM
To: 'Scott Ullrich'; 'John Angelmo'; net@freebsd.org
Subject: RE: "dynamic" ipfw

nice project page, does it do anything?
-----Original Message-----
From: Scott Ullrich [mailto:sullrich@CRE8.COM]
Sent: Monday, May 20, 2002 5:23 PM
To: 'John Angelmo'; net@freebsd.org
Subject: RE: "dynamic" ipfw

Check out http://www.bsdshell.com 's EtherFirewall project.   It will allow you to maintain Mac addresses with your IPFW rules. 

Now regarding the hostname to ip address conversion for firewall rules.  I have a feeling it is translating the IP address at the time of entry so this is not really going to work for your round-robin situation.  EtherFirewall is the clear choice for this.

Good luck!

-Scott


> -----Original Message-----
> From: John Angelmo [mailto:john@veidit.net]
> Sent: Monday, May 20, 2002 1:40 PM
> To: net@freebsd.org
> Subject: "dynamic" ipfw
>
>
> Hello
>
> I have a small problem with IPFW
>
> How can I handle adding and removing rules based on IP/MAC per user?
> I can add a rule for a specific IP/MAC without the need to
> flush but can
> I remove it in the same way?
>
> now lets say I have a user that only needs access to it's mailserver
> mail.user.com with pop3 and smtp
> then the rule for pop3 would be something like
> add allow ip from mail.user.com 110 to IP/HOST (MAC dosn't
> work here right?)
>
> Now mail.user.com uses runrobin so the IP changes from request to
> request but dosn't the IPFW resolve the IP when its added to
> the rules,
> how can this be solved for the user?
>
> /John
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
>

------_=_NextPart_001_01C200D4.EEEA1460-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 21 7:43:20 2002 Delivered-To: freebsd-net@freebsd.org Received: from exchmx2.lsuhsc.edu (exchmx2.lsuhsc.edu [155.58.212.90]) by hub.freebsd.org (Postfix) with ESMTP id 9CF4D37B403 for ; Tue, 21 May 2002 07:40:01 -0700 (PDT) Received: by exchmx2.lsuhsc.edu with Internet Mail Service (5.5.2653.19) id ; Tue, 21 May 2002 09:40:03 -0500 Message-ID: From: "Mire, John" To: 'Scott Ullrich' , "Mire, John" , 'John Angelmo' , net@freebsd.org Subject: RE: "dynamic" ipfw Date: Tue, 21 May 2002 09:36:56 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C200D4.F4FCF340" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C200D4.F4FCF340 Content-Type: text/plain; charset="iso-8859-1" a search on google did not turn up anything for me and the webpage is just a page with seiki on it and no other links: seiki

-----Original Message----- From: Scott Ullrich [mailto:sullrich@CRE8.COM] Sent: Tuesday, May 21, 2002 9:37 AM To: 'Mire, John'; Scott Ullrich; 'John Angelmo'; net@freebsd.org Subject: RE: "dynamic" ipfw John, What do you mean by does it do anything? Currently all three projects are working and we are in the process of finishing new verisons. ;) -Scott -----Original Message----- From: Mire, John [mailto:jmire@lsuhsc.edu] Sent: Tuesday, May 21, 2002 10:19 AM To: 'Scott Ullrich'; 'John Angelmo'; net@freebsd.org Subject: RE: "dynamic" ipfw nice project page, does it do anything? -----Original Message----- From: Scott Ullrich [mailto:sullrich@CRE8.COM] Sent: Monday, May 20, 2002 5:23 PM To: 'John Angelmo'; net@freebsd.org Subject: RE: "dynamic" ipfw Check out http://www.bsdshell.com 's EtherFirewall project. It will allow you to maintain Mac addresses with your IPFW rules. Now regarding the hostname to ip address conversion for firewall rules. I have a feeling it is translating the IP address at the time of entry so this is not really going to work for your round-robin situation. EtherFirewall is the clear choice for this. Good luck! -Scott > -----Original Message----- > From: John Angelmo [ mailto:john@veidit.net ] > Sent: Monday, May 20, 2002 1:40 PM > To: net@freebsd.org > Subject: "dynamic" ipfw > > > Hello > > I have a small problem with IPFW > > How can I handle adding and removing rules based on IP/MAC per user? > I can add a rule for a specific IP/MAC without the need to > flush but can > I remove it in the same way? > > now lets say I have a user that only needs access to it's mailserver > mail.user.com with pop3 and smtp > then the rule for pop3 would be something like > add allow ip from mail.user.com 110 to IP/HOST (MAC dosn't > work here right?) > > Now mail.user.com uses runrobin so the IP changes from request to > request but dosn't the IPFW resolve the IP when its added to > the rules, > how can this be solved for the user? > > /John > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > ------_=_NextPart_001_01C200D4.F4FCF340 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: "dynamic" ipfw
a=20 search on google did not turn up anything for me and the webpage is = just a page=20 with seiki on it and no other links:
 
<html>
<head>
<title>seiki</title>
</head>

<body =
bgcolor=3D"#FFFFFF" text=3D"#000000">

<p =
align=3D"center"></p>
<div =
align=3D"center">
  <center>
  <table =
border=3D"0" cellpadding=3D"20" cellspacing=3D"0" width=3D"100%" height=3D"100%">
    <tr>
      <td width=3D"100%" height=3D"100%">

        <p align=3D"center"><img =
border=3D"0" src=3D"seiki.gif" align=3D"center" width=3D"413" height=3D"173"></td>
    </tr>
  </table>
  </center>
</div>

</body>

</html>
-----Original Message-----
From: Scott Ullrich=20 [mailto:sullrich@CRE8.COM]
Sent: Tuesday, May 21, 2002 9:37 = AM
To: 'Mire, John'; Scott Ullrich; 'John Angelmo';=20 net@freebsd.org
Subject: RE: "dynamic" = ipfw

John,
 
What=20 do you mean by does it do anything?  Currently all three = projects are=20 working and we are in the process of finishing new verisons.=20 ;)
 
-Scott
-----Original Message-----
From: Mire, John=20 [mailto:jmire@lsuhsc.edu]
Sent: Tuesday, May 21, 2002 = 10:19=20 AM
To: 'Scott Ullrich'; 'John Angelmo';=20 net@freebsd.org
Subject: RE: "dynamic" = ipfw

nice project page, does it do = anything?
-----Original Message-----
From: Scott Ullrich = [mailto:sullrich@CRE8.COM]
Sent: Monday, May 20, 2002 = 5:23=20 PM
To: 'John Angelmo'; = net@freebsd.org
Subject: RE:=20 "dynamic" ipfw

Check out http://www.bsdshell.com 's=20 EtherFirewall project.   It will allow you to maintain = Mac=20 addresses with your IPFW rules. 

Now regarding the hostname to ip address = conversion for=20 firewall rules.  I have a feeling it is translating the IP = address at=20 the time of entry so this is not really going to work for your = round-robin=20 situation.  EtherFirewall is the clear choice for = this.

Good luck!

-Scott


> -----Original Message----- =
> From: John Angelmo [mailto:john@veidit.net] =
> Sent: Monday, May 20, 2002 1:40 PM
> To: net@freebsd.org
> = Subject:=20 "dynamic" ipfw
>
>=20
> Hello
>=20
> I have a small problem with = IPFW=20
>
> How can I = handle adding=20 and removing rules based on IP/MAC per user?
>=20 I can add a rule for a specific IP/MAC without the need to=20
> flush but can
> I=20 remove it in the same way?
> =
> now lets say I have a user that only needs access = to it's=20 mailserver
> mail.user.com with pop3 = and=20 smtp
> then the rule for pop3 would = be=20 something like
> add allow ip from=20 mail.user.com 110 to IP/HOST (MAC dosn't
> work=20 here right?)
>
> Now=20 mail.user.com uses runrobin so the IP changes from request to=20
> request but dosn't the IPFW = resolve the IP=20 when its added to
> the rules, =
> how can this be solved for the user? =
>
> /John =
>
>
> To=20 Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the=20 message
>=20

------_=_NextPart_001_01C200D4.F4FCF340-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 21 7:46:15 2002 Delivered-To: freebsd-net@freebsd.org Received: from support.euronet.nl (support.euronet.nl [194.134.32.134]) by hub.freebsd.org (Postfix) with ESMTP id 314EC37B48E for ; Tue, 21 May 2002 07:43:32 -0700 (PDT) Received: from localhost (franst@localhost) by support.euronet.nl (8.11.6/8.11.0) with ESMTP id g4LEhPA42600; Tue, 21 May 2002 16:43:25 +0200 (CEST) X-Authentication-Warning: support.euronet.nl: franst owned process doing -bs Date: Tue, 21 May 2002 16:43:25 +0200 (CEST) From: Frans ter Borg X-X-Sender: franst@support.euronet.nl To: "Mire, John" Cc: "'Scott Ullrich'" , "'John Angelmo'" , Subject: RE: "dynamic" ipfw In-Reply-To: Message-ID: <20020521164158.K27177-100000@support.euronet.nl> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Scott must have meant to type http://www.bsdshell.net which does list the EtherFirewall project. Best regards, Frans On Tue, 21 May 2002, Mire, John wrote: > nice project page, does it do anything? > > -----Original Message----- > From: Scott Ullrich [mailto:sullrich@CRE8.COM] > Sent: Monday, May 20, 2002 5:23 PM > To: 'John Angelmo'; net@freebsd.org > Subject: RE: "dynamic" ipfw > > > > Check out http://www.bsdshell.com 's > EtherFirewall project. It will allow you to maintain Mac addresses with > your IPFW rules. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 21 8:47:27 2002 Delivered-To: freebsd-net@freebsd.org Received: from rover.village.org (rover.bsdimp.com [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id E5D3E37B40B; Tue, 21 May 2002 08:47:11 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.3/8.11.3) with ESMTP id g4LFl9C25886; Tue, 21 May 2002 09:47:10 -0600 (MDT) (envelope-from imp@village.org) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.11.6/8.11.6) with ESMTP id g4LFl8N30637; Tue, 21 May 2002 09:47:09 -0600 (MDT) (envelope-from imp@village.org) Date: Tue, 21 May 2002 09:46:48 -0600 (MDT) Message-Id: <20020521.094648.109072840.imp@village.org> To: finlayson@live.com Cc: freebsd-mobile@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: Multicast problem with "wi" driver in promiscuous mode - any resolution? From: "M. Warner Losh" In-Reply-To: <4.3.1.1.20020520151716.00c2f870@laptop-localhost> References: <4.3.1.1.20020520151716.00c2f870@laptop-localhost> X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I don't think anybody has applied fixes to the wi driver in that time frame for this purpose. Have fun :-(. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 21 9:37:25 2002 Delivered-To: freebsd-net@freebsd.org Received: from zibbi.icomtek.csir.co.za (zibbi.icomtek.csir.co.za [146.64.24.58]) by hub.freebsd.org (Postfix) with ESMTP id D57BA37B409; Tue, 21 May 2002 09:36:58 -0700 (PDT) Received: (from jhay@localhost) by zibbi.icomtek.csir.co.za (8.11.6/8.11.6) id g4LGaL691810; Tue, 21 May 2002 18:36:21 +0200 (SAT) (envelope-from jhay) From: John Hay Message-Id: <200205211636.g4LGaL691810@zibbi.icomtek.csir.co.za> Subject: Re: Multicast problem with "wi" driver in promiscuous mode - any resolution? In-Reply-To: <20020521.094648.109072840.imp@village.org> from "M. Warner Losh" at "May 21, 2002 09:46:48 am" To: imp@village.org (M. Warner Losh) Date: Tue, 21 May 2002 18:36:21 +0200 (SAT) Cc: finlayson@live.com, freebsd-mobile@FreeBSD.ORG, freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I don't think anybody has applied fixes to the wi driver in that time > frame for this purpose. Have fun :-(. The problem is that the wavelan/orinoco cards at least, only have space for 16 multicast addresses and don't have an "all multicast" bit, so if you go over 16 addresses or want to catch all multicast packets, you have to enable promicious mode. I have a work in progress patch from a while back that did work if I remember correctly. :-) The reason I didn't go much further with it was because I found that the Orinoco cards stayed at 2Mbit when promiscious mode was enabled, so at the end I just tunneled the multicast stuff over the wireless net. John -- John Hay -- John.Hay@icomtek.csir.co.za / jhay@FreeBSD.org Index: if_wi.c =================================================================== RCS file: /home/ncvs/src/sys/i386/isa/Attic/if_wi.c,v retrieving revision 1.18.2.14 diff -u -r1.18.2.14 if_wi.c --- if_wi.c 31 Jan 2002 16:56:59 -0000 1.18.2.14 +++ if_wi.c 19 Feb 2002 09:04:22 -0000 @@ -1231,13 +1231,26 @@ bzero((char *)&mcast, sizeof(mcast)); - mcast.wi_type = WI_RID_MCAST; - mcast.wi_len = (3 * 16) + 1; - - if (ifp->if_flags & IFF_ALLMULTI || ifp->if_flags & IFF_PROMISC) { + if (ifp->if_flags & IFF_ALLMULTI && + !(sc->wi_if_flags & IFF_ALLMULTI)) { +#if 0 + mcast.wi_type = WI_RID_MCAST; + mcast.wi_len = (3 * 16) + 1; wi_write_record(sc, (struct wi_ltv_gen *)&mcast); +#endif + + sc->wi_if_flags |= IFF_ALLMULTI; + ifpromisc(ifp, 1); return; } + if (!(ifp->if_flags & IFF_ALLMULTI) && + sc->wi_if_flags & IFF_ALLMULTI) { + printf("wi%d: switch of all multicast\n", ifp->if_unit); + sc->wi_if_flags &= ~IFF_ALLMULTI; + ifpromisc(ifp, 0); + if (ifp->if_flags & IFF_PROMISC) + return; + } LIST_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) { if (ifma->ifma_addr->sa_family != AF_LINK) @@ -1247,11 +1260,13 @@ (char *)&mcast.wi_mcast[i], ETHER_ADDR_LEN); i++; } else { - bzero((char *)&mcast, sizeof(mcast)); - break; + printf("wi%d: Oops too many multicast addresses\n", + ifp->if_unit); + return; } } + mcast.wi_type = WI_RID_MCAST; mcast.wi_len = (i * 3) + 1; wi_write_record(sc, (struct wi_ltv_gen *)&mcast); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 21 10:30:15 2002 Delivered-To: freebsd-net@freebsd.org Received: from proton.hexanet.fr (proton.hexanet.fr [81.23.32.33]) by hub.freebsd.org (Postfix) with ESMTP id E05DF37B407; Tue, 21 May 2002 10:30:05 -0700 (PDT) Received: from hexanet.fr (localhost [127.0.0.1]) by proton.hexanet.fr (8.11.6/8.11.6) with SMTP id g4LHU3C42254; Tue, 21 May 2002 19:30:04 +0200 (CEST) (envelope-from c.prevotaux@hexanet.fr) Date: Tue, 21 May 2002 19:30:03 +0200 From: Christophe Prevotaux To: atm@freebsd.org, net@freebsd.org Subject: hfa0 PCA200E more informations [Help] Message-Id: <20020521193003.7c17be5c.c.prevotaux@hexanet.fr> Organization: HEXANET Sarl X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i386-portbld-freebsd4.4) X-NCC-RegID: fr.hexanet Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Fore PCA-200E AAL 5 Statistics CRC/Len CRC Proto PDU Cells In Cells Out Errs Drops PDUs In PDUs Out Errs Errs Drops 147895872 220929747 4757 9 20005779 23507681 9 0 9 As can be seen I get 4757 CRC Erros, 9 PDU Dropped Fore PCA-200E Device Statistics Type 1 Type 1 Type 2 Type 2 Small Buff Large Buff Small Buff Large Buff Receive Receive Alloc Fail Alloc Fail Alloc Fail Alloc Fail Queue Full Carrier 3222 0 0 0 0 On Also 3222 Buffers Failed Fore PCA-200E Device Driver Statistics No Xmit Max Seg No No No IQ No Cmd No VCC Queue Seg Not Seg DMA VCC No Mbuf Full DMA Queue DMA Out Full Size Align Pad Out In Buff In In Sup Full Cmd 0 1551827 0 0 0 0 0 0 0 0 0 0 0 And as previously stated (in the previous atm@freebsd.org posting) 1551827 Xmit Queue Full errors Input Input Input Output Output Output Interface VPI VCI PDUs Bytes Errs PDUs Bytes Errs hfa0 0 33 20005779 2048761777 9 23507681 1247248987 14238 Also Output Errs seems to confirm it since I get 14238 Output Errs. Can anyone enlighten me as to how I can fix this or what is needed to get rid of these errors. ? -- =============================================================== Christophe Prevotaux Email: c.prevotaux@hexanet.fr HEXANET SARL URL: http://www.hexanet.fr/ Z.A.C Les Charmilles Tel: +33 (0)3 26 79 30 05 3 Allée Thierry Sabine Direct: +33 (0)3 26 79 08 02 BP202 Fax: +33 (0)3 26 79 30 06 51686 Reims Cedex 2 FRANCE HEXANET Network Operation Center =============================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 21 15:41:53 2002 Delivered-To: freebsd-net@freebsd.org Received: from kali.avantgo.com (shadow.avantgo.com [64.157.226.66]) by hub.freebsd.org (Postfix) with ESMTP id 98BC837B408 for ; Tue, 21 May 2002 15:41:45 -0700 (PDT) Received: from river.avantgo.com ([10.11.30.114]) by kali.avantgo.com with Microsoft SMTPSVC(5.0.2195.3779); Tue, 21 May 2002 15:41:45 -0700 Date: Tue, 21 May 2002 15:41:44 -0700 (PDT) From: Scott Hess To: freebsd-net@freebsd.org Subject: High volume proxy server configuration. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-OriginalArrivalTime: 21 May 2002 22:41:45.0471 (UTC) FILETIME=[AF7AF8F0:01C20118] Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Background: I'm working on an intelligent Apache-based proxy server for backend servers running a custom Apache module. The server does some inspection of the incoming request to determine how to direct it, and passes the reseponse directly back to the client. Thus, I'd like to be able to set the TCP buffers fairly large, with the server merely acting as a conduit to transfer data between the backend server and the client. Upstream data is relatively small (a handful of kilobytes), downstream can be large (100k-2Meg). Setup: 2x SMP server running FreeBSD4.5. Apache 1.3.x. 2Gig of memory. When stress-testing, I am able to cause the kernel messages: m_clalloc failed, consider increase NMBCLUSTERS value fxp0: cluster allocation failed, packet dropped! The system hangs for a perhaps five minutes, and then comes back and is able to continue operating. pings work, but the console isn't responsive (I mean "no response until things clear a couple minutes later). I've spent some time trying to tweak things, but I haven't been able to prevent the problem. My /boot/loader.conf includes: kern.maxusers="512" kern.ipc.nmbclusters="65536" The problem can happen at various points. I've seen it happen with the mbuf cluster count <1k. Usually, the current/peak/max of netstat -m will have peak nowhere near 65536. This usually happens when I have on the order of 2000 processes/connections running - the machine is 80% idle at this point, though. I wrote a program to specifically use up mbuf clusters (many servers write lots of data, many clients sleep), and it didn't cause any problems until hitting the maximum. Even then, the machine wasn't locked up at the console. So I think the message is a symptom of something else. Here's my theory: When the amount of space used for user processes and kernel usage fills all of memory, and a burst of packets are received from the backend servers, the kernel isn't able to allocate pages and drops the packets, with the message. The sender resends, and things cascade away. Since this is a kernel vm issue, the console also locks up. [Well, it's the best I have.] I've tried upping vm.v_free_min, vm.v_free_target, and vm.v_free_reserved. It doesn't appear to have any impact. I was also getting the message: pmap_collect: collecting pv entries -- suggest increasing PMAP_SHPGPERPROC From what I can tell, this sounds like a direct results of running so many processes forked from the same parent. Each process is small (SIZE ~4M). I increased PMAP_SHPGPERPROC to 400, now I don't seem to get this message. I've watched 'sysctl vm.zone', and the PV ENTRY line seems more reasonable, now. The last line of vmstat output when this happens (broadly similar to previous lines): procs memory page disks faults cpu r b w avm fre flt re pi po fr sr da0 da1 in sy cs us sy id 8 2 0 2141424 41184 8255 46 0 0 3982 0 0 0 3477 5416 1264 14 38 48 This is consistent with top: last pid: 79636; load averages: 3.51, 1.59, 0.83 up 0+22:23:16 16:37:14 2268 processes:9 running, 2259 sleeping CPU states: 19.6% user, 0.0% nice, 19.6% system, 5.4% interrupt, 55.4% idle Mem: 578M Active, 25M Inact, 361M Wired, 3528K Cache, 112M Buf, 37M Free Swap: 2048M Total, 35M Used, 2012M Free, 1% Inuse [Hmm, one note - I'm replicating this on a 1Gig machine, but we've also seen it in an extreme case on the 2Gig machine which is in production.] Hmm. vmstat just came back, the first two lines: procs memory page disks faults cpu r b w avm fre flt re pi po fr sr da0 da1 in sy cs us sy id 2268 2 0 2352192 62236 7308 59 0 32 3306 161397 28 0 2454 5111 1153 12 40 49 0 2 0 266364 46240 292845 1517 9 608 38036 6843317 1 0 334730 253302 17192 0 100 0 top shows increased space used in swap (42M, now), so it looks like we got a bunch of swapping going on. [Just to be clear - when the event happens, things don't simple get a bad response time. There's _no_ response, until the problem clears and everything comes back. Then it's all shiny-happy, again.] /etc/sysctl.conf has: kern.ipc.somaxconn=4192 net.inet.ip.portrange.last=40000 kern.ipc.maxsockbuf=2097152 We are definitely not using the full maxsockbuf range! Actually, we've left things at the default (sendspace=32k, recvspace=64k). AFAICT, everything else is at default settings. Thanks for any help, scott To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 21 19:31:14 2002 Delivered-To: freebsd-net@freebsd.org Received: from hetnet.nl (net015s.hetnet.nl [194.151.104.155]) by hub.freebsd.org (Postfix) with ESMTP id DF72E37B403 for ; Tue, 21 May 2002 19:31:05 -0700 (PDT) Received: from alias ([63.206.88.85]) by hetnet.nl with Microsoft SMTPSVC(5.5.1877.757.75); Wed, 22 May 2002 04:29:50 +0200 Message-ID: <002201c20138$4a912de0$6601a8c0@alias> From: "Wilbert deGraaf" To: "Scott Hess" Cc: References: Subject: Re: High volume proxy server configuration. Date: Tue, 21 May 2002 19:27:58 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello Scott, > Here's my theory: When the amount of space used for user processes and > kernel usage fills all of memory, and a burst of packets are received from > the backend servers, the kernel isn't able to allocate pages and drops the > packets, with the message. The sender resends, and things cascade away. > Since this is a kernel vm issue, the console also locks up. [Well, it's > the best I have.] It sounds like the proxy doesn't implement flow control. What I mean is that if a proxy reads all it can from a server, and writes it to the client as fast it can, memory usage can easily explode if the connection to the client is slower that the server connection. Did you modify that part of the Apache proxy ? If so, you probably want to stop reading from the server until you have been able to send data to the client. That way, TCP takes care of it. I expected you to run into user level memory allocation problems, but since you ran out of NMBCLUSTERS, it could be that the proxy tries to write to the client at the speed it reads itself from the servers. In this case, I understand the problem that you describe. Hope this helps, Wilbert ----- Original Message ----- From: "Scott Hess" To: Sent: Tuesday, May 21, 2002 3:41 PM Subject: High volume proxy server configuration. > Background: I'm working on an intelligent Apache-based proxy server for > backend servers running a custom Apache module. The server does some > inspection of the incoming request to determine how to direct it, and > passes the reseponse directly back to the client. Thus, I'd like to be > able to set the TCP buffers fairly large, with the server merely acting as > a conduit to transfer data between the backend server and the client. > Upstream data is relatively small (a handful of kilobytes), downstream can > be large (100k-2Meg). > > Setup: 2x SMP server running FreeBSD4.5. Apache 1.3.x. 2Gig of memory. > > When stress-testing, I am able to cause the kernel messages: > > m_clalloc failed, consider increase NMBCLUSTERS value > fxp0: cluster allocation failed, packet dropped! > > The system hangs for a perhaps five minutes, and then comes back and is > able to continue operating. pings work, but the console isn't responsive > (I mean "no response until things clear a couple minutes later). I've > spent some time trying to tweak things, but I haven't been able to prevent > the problem. My /boot/loader.conf includes: > > kern.maxusers="512" > kern.ipc.nmbclusters="65536" > > The problem can happen at various points. I've seen it happen with the > mbuf cluster count <1k. Usually, the current/peak/max of netstat -m will > have peak nowhere near 65536. This usually happens when I have on the > order of 2000 processes/connections running - the machine is 80% idle at > this point, though. > > I wrote a program to specifically use up mbuf clusters (many servers write > lots of data, many clients sleep), and it didn't cause any problems until > hitting the maximum. Even then, the machine wasn't locked up at the > console. So I think the message is a symptom of something else. > > Here's my theory: When the amount of space used for user processes and > kernel usage fills all of memory, and a burst of packets are received from > the backend servers, the kernel isn't able to allocate pages and drops the > packets, with the message. The sender resends, and things cascade away. > Since this is a kernel vm issue, the console also locks up. [Well, it's > the best I have.] > > I've tried upping vm.v_free_min, vm.v_free_target, and vm.v_free_reserved. > It doesn't appear to have any impact. > > I was also getting the message: > > pmap_collect: collecting pv entries -- suggest increasing PMAP_SHPGPERPROC > > From what I can tell, this sounds like a direct results of running so many > processes forked from the same parent. Each process is small (SIZE ~4M). > I increased PMAP_SHPGPERPROC to 400, now I don't seem to get this message. > I've watched 'sysctl vm.zone', and the PV ENTRY line seems more > reasonable, now. > > The last line of vmstat output when this happens (broadly similar to > previous lines): > > procs memory page disks faults cpu > r b w avm fre flt re pi po fr sr da0 da1 in sy cs us sy id > 8 2 0 2141424 41184 8255 46 0 0 3982 0 0 0 3477 5416 1264 14 38 48 > > This is consistent with top: > > last pid: 79636; load averages: 3.51, 1.59, 0.83 up 0+22:23:16 16:37:14 > 2268 processes:9 running, 2259 sleeping > CPU states: 19.6% user, 0.0% nice, 19.6% system, 5.4% interrupt, 55.4% idle > Mem: 578M Active, 25M Inact, 361M Wired, 3528K Cache, 112M Buf, 37M Free > Swap: 2048M Total, 35M Used, 2012M Free, 1% Inuse > > [Hmm, one note - I'm replicating this on a 1Gig machine, but we've also > seen it in an extreme case on the 2Gig machine which is in production.] > > Hmm. vmstat just came back, the first two lines: > > procs memory page disks faults cpu > r b w avm fre flt re pi po fr sr da0 da1 in sy cs us sy id > 2268 2 0 2352192 62236 7308 59 0 32 3306 161397 28 0 2454 5111 1153 12 40 49 > 0 2 0 266364 46240 292845 1517 9 608 38036 6843317 1 0 334730 253302 17192 0 100 0 > > top shows increased space used in swap (42M, now), so it looks like we got > a bunch of swapping going on. [Just to be clear - when the event happens, > things don't simple get a bad response time. There's _no_ response, until > the problem clears and everything comes back. Then it's all shiny-happy, > again.] > > /etc/sysctl.conf has: > > kern.ipc.somaxconn=4192 > net.inet.ip.portrange.last=40000 > kern.ipc.maxsockbuf=2097152 > > We are definitely not using the full maxsockbuf range! Actually, we've > left things at the default (sendspace=32k, recvspace=64k). > > AFAICT, everything else is at default settings. > > Thanks for any help, > scott > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 21 20:42:58 2002 Delivered-To: freebsd-net@freebsd.org Received: from loquat.bbn.com (crodrigues.bbn.com [128.89.72.49]) by hub.freebsd.org (Postfix) with ESMTP id 71DE637B409 for ; Tue, 21 May 2002 20:42:54 -0700 (PDT) Received: (from crodrigu@localhost) by loquat.bbn.com (8.11.2/8.11.2) id g4M3gmu13223 for freebsd-net@freebsd.org; Tue, 21 May 2002 23:42:48 -0400 Date: Tue, 21 May 2002 23:42:48 -0400 From: Craig Rodrigues To: freebsd-net@freebsd.org Subject: Question about Dummynet and Diffserv Message-ID: <20020521234248.B13074@bbn.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I am trying to set up a network testbed where I can offer different levels of service to different streams of traffic marked with different Diffserv codepoints. I have two FreeBSD routers (4.6 RC1) in my testbed, compiled with Dummynet, ALTQ, and IPFIREWALL. Dummynet works great for changing characteristics such as delay, packet loss rate, and bandwidth. I have used the ipfw command to set up rules like: "Set the delay to 800ms for packets with source address foo and destination address bar." However, ipfw support setting up filter rules based on the IP TOS field (Diffserv byte). The ipfw command seems to only support the capability for creating firewall rules based on the following IP options: ssrr (strict source route), lsrr (loose source route), rr (record packet route) and ts (timestamp). It doesn't let you create a filter rule based on the TOS field. Now, on the other hand, with ALTQ, it is possible to set up filter rules which can deal with IP TOS. However, ALTQ seems to be separate from ipfw/Dummynet, and doesn't have the nice features of being able to specify delay and packet loss rates. Does anybody know how I can resolve this? I basically want to use ipfw/Dummynet, but set the filter rule based on the TOS field. Thanks. -- Craig Rodrigues Distributed Systems and Logistics, Office 6/304 crodrigu@bbn.com BBN Technologies, a Verizon company (617) 873-4725 Cambridge, MA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 21 22:25:15 2002 Delivered-To: freebsd-net@freebsd.org Received: from flamingo.mail.pas.earthlink.net (flamingo.mail.pas.earthlink.net [207.217.120.232]) by hub.freebsd.org (Postfix) with ESMTP id EAC7437B40E for ; Tue, 21 May 2002 22:25:10 -0700 (PDT) Received: from pool0776.cvx8-bradley.dialup.earthlink.net ([209.178.173.11] helo=cx408168-b) by flamingo.mail.pas.earthlink.net with smtp (Exim 3.33 #2) id 17AOcR-0002lS-00; Tue, 21 May 2002 22:25:04 -0700 From: Larry Sica To: Ivailo Tanusheff Cc: X-Mailer: PocoMail 2.6 (1006) - EVALUATION VERSION Date: Tue, 21 May 2002 22:32:00 -0700 X-URL: http://www.pocomail.com/ In-Reply-To: <008101c200be$d1f250e0$cbf810ac@sof.procreditbank.bg> Subject: Re: Interface statistic Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="50318887-POCO-84516347" Message-Id: Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multipart message in MIME format --50318887-POCO-84516347 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable On Tue, 21 May 2002 14:58:22 +0300, Ivailo Tanusheff wrote: >Hi, > >Can you tell me a way to collect per network interface statistic= on >my FreeBSD box? >At this moment I'm using IPFilter accounting to collect needed >information, but I think this way I'm collecting only= information >related to tcp, udp and icmp traffic. My purpose is to= visualize >this data in MRTG. > You could capture traffic via tcpdump. I think MRTG can read= tcpdump output. I am going by memory right now though so some research= would be helpful. -- Larry Larry Sica lsica1@cox.net --50318887-POCO-84516347 Content-Type: text/html Content-Transfer-Encoding: Quoted-Printable
On Tue, 21 May 2002 14:58:22 +0300, Ivailo Tanusheff= wrote:
>Hi,
>
>Can you tell me a way to collect per= network interface statistic on
>my FreeBSD box?
>At this moment I'm using IPFilter= accounting to collect needed
>information, but I think this way I'm= collecting only information
>related to tcp, udp and icmp traffic.= My purpose is to visualize
>this data in MRTG.
>
 
You could capture traffic via= tcpdump.  I think MRTG can read tcpdump output.  I am= going by memory right now though so some research would be= helpful. 
 



-- Larry
 
 
Larry Sica
lsica1@cox.net
 
--50318887-POCO-84516347-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 21 22:55:58 2002 Delivered-To: freebsd-net@freebsd.org Received: from patrocles.silby.com (d54.as28.nwbl0.wi.voyager.net [169.207.69.54]) by hub.freebsd.org (Postfix) with ESMTP id 8E65C37B40C for ; Tue, 21 May 2002 22:55:51 -0700 (PDT) Received: from patrocles.silby.com (localhost [127.0.0.1]) by patrocles.silby.com (8.12.3/8.12.3) with ESMTP id g4M5uYWW010367; Wed, 22 May 2002 00:56:34 -0500 (CDT) (envelope-from silby@silby.com) Received: from localhost (silby@localhost) by patrocles.silby.com (8.12.3/8.12.3/Submit) with ESMTP id g4M5uR2T010364; Wed, 22 May 2002 00:56:32 -0500 (CDT) X-Authentication-Warning: patrocles.silby.com: silby owned process doing -bs Date: Wed, 22 May 2002 00:56:26 -0500 (CDT) From: Mike Silbersack To: Scott Hess Cc: freebsd-net@freebsd.org Subject: Re: High volume proxy server configuration. In-Reply-To: Message-ID: <20020522005024.T7748-100000@patrocles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 21 May 2002, Scott Hess wrote: > Setup: 2x SMP server running FreeBSD4.5. Apache 1.3.x. 2Gig of memory. > > When stress-testing, I am able to cause the kernel messages: > > m_clalloc failed, consider increase NMBCLUSTERS value > fxp0: cluster allocation failed, packet dropped! > > Here's my theory: When the amount of space used for user processes and > kernel usage fills all of memory, and a burst of packets are received from > the backend servers, the kernel isn't able to allocate pages and drops the > packets, with the message. The sender resends, and things cascade away. > Since this is a kernel vm issue, the console also locks up. [Well, it's > the best I have.] > > I've tried upping vm.v_free_min, vm.v_free_target, and vm.v_free_reserved. > It doesn't appear to have any impact. I think that your theory is probably close to what is happening. Unfortunately, there's no easy way to address this yet. Due to the extensive use of zone allocators in 4.x, it's hard to size all allocations correctly. For this reason, there may be other subtle issues with 2 gig+ machines. For now, I think your best option may be to run your mbuf allocation program so that you have a certain amount of mbufs allocated and ready for your application. Along those lines, you might consider writing a kernel patch which performs this function based on a configurable value; I would be happy to commit such a feature if it was implemented well; other people with busy servers might find it useful. I've been pondering various methods to handle out of mbuf cluster situations better, but handling your case seems especially difficult. I'll have to think more. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 22 0:39:52 2002 Delivered-To: freebsd-net@freebsd.org Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by hub.freebsd.org (Postfix) with ESMTP id 5D6A137B406 for ; Wed, 22 May 2002 00:39:49 -0700 (PDT) Received: from house (cage.simianscience.com [64.7.134.1]) by smtp1.sentex.ca (8.12.3/8.12.3) with SMTP id g4M7dio3078621; Wed, 22 May 2002 03:39:48 -0400 (EDT) (envelope-from mike@sentex.net) From: Mike Tancsa To: "Ivailo Tanusheff" Cc: freebsd-net@freebsd.org Subject: Re: Interface statistic Date: Wed, 22 May 2002 03:39:47 -0400 Message-ID: References: <008101c200be$d1f250e0$cbf810ac@sof.procreditbank.bg> In-Reply-To: <008101c200be$d1f250e0$cbf810ac@sof.procreditbank.bg> X-Mailer: Forte Agent 1.8/32.548 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org MTRG in conjunction with snmpd. It will gather the data you require. = Also, you can safely run SNMPD as a non root user for this purpose and I = strongly advise that. Both programs are in the ports tree. ---Mike On Tue, 21 May 2002 14:58:22 +0300, in sentex.lists.freebsd.net you = wrote: >Hi, > >Can you tell me a way to collect per network interface statistic on my >FreeBSD box? >At this moment I'm using IPFilter accounting to collect needed >information, but I think this way I'm collecting only information >related to tcp, udp and icmp traffic. My purpose is to visualize this >data in MRTG. > >Thank you in advantage, > >Ivailo Tanusheff >System Administrator and Security Advisor >ProCredit Bank Mike Tancsa (mdtancsa@sentex.net) =09 Sentex Communications Corp, =09 Waterloo, Ontario, Canada "Given enough time, 100 monkeys on 100 routers=20 could setup a national IP network." (KDW2) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 22 8:16:41 2002 Delivered-To: freebsd-net@freebsd.org Received: from nt52.parliament.bg (nt52.parliament.bg [193.109.54.3]) by hub.freebsd.org (Postfix) with ESMTP id 14FE837B409; Wed, 22 May 2002 08:16:23 -0700 (PDT) Received: from itaush (pool115-tch-2.sofia.0rbitel.net [212.95.171.115]) by nt52.parliament.bg with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id LBJPXJHZ; Wed, 22 May 2002 18:13:49 +0300 From: "Ivailo Tanusheff" To: "FreeBSD Net" , "FreeBSD Questions" Subject: Squid filtering Date: Wed, 22 May 2002 18:20:36 +0300 Message-ID: <001201c201a4$54f59480$cbf810ac@sof.procreditbank.bg> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0013_01C201BD.7A42CC80" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0013_01C201BD.7A42CC80 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hi, I need to filter some kind of traffic - mp3, .avi and so on for the my network users. I'd try to find some info on that, but with no success. Is there some kind of acl or other rule that can help? Can you help me with this problem, please? Thank you in advantage Ivo ------=_NextPart_000_0013_01C201BD.7A42CC80 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi,

 

I need to filter some kind of = traffic – mp3, .avi and so on for the my network users. I’d try to find some = info on that, but with no success. Is there some kind of acl or other rule = that can help? Can you help me with this problem, please? =

Thank you in = advantage

 

Ivo

------=_NextPart_000_0013_01C201BD.7A42CC80-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 22 8:40:23 2002 Delivered-To: freebsd-net@freebsd.org Received: from measurement-factory.com (measurement-factory.com [206.168.0.5]) by hub.freebsd.org (Postfix) with ESMTP id 1571137B409; Wed, 22 May 2002 08:40:06 -0700 (PDT) Received: (from rousskov@localhost) by measurement-factory.com (8.11.6/8.11.6) id g4MFdss62188; Wed, 22 May 2002 09:39:54 -0600 (MDT) (envelope-from rousskov) Date: Wed, 22 May 2002 09:39:54 -0600 (MDT) From: Alex Rousskov To: Ivailo Tanusheff Cc: FreeBSD Net , FreeBSD Questions Subject: Re: Squid filtering In-Reply-To: <001201c201a4$54f59480$cbf810ac@sof.procreditbank.bg> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ivo, Looks like your question is specific to Squid rather than FreeBSD. Please see Squid FAQ at www.squid-cache.org and ACL-related comments in the default squid.conf file. The info you need is there. If you need further help, please post to squid-users mailing list, after searching its archive. Good luck, Alex. On Wed, 22 May 2002, Ivailo Tanusheff wrote: > Hi, > > I need to filter some kind of traffic - mp3, .avi and so on for the my > network users. I'd try to find some info on that, but with no success. > Is there some kind of acl or other rule that can help? Can you help me > with this problem, please? > Thank you in advantage > > Ivo > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 22 9:31:34 2002 Delivered-To: freebsd-net@freebsd.org Received: from loquat.bbn.com (crodrigues.bbn.com [128.89.72.49]) by hub.freebsd.org (Postfix) with ESMTP id 1AEC437B425 for ; Wed, 22 May 2002 09:31:18 -0700 (PDT) Received: (from crodrigu@localhost) by loquat.bbn.com (8.11.2/8.11.2) id g4MGV0r24670; Wed, 22 May 2002 12:31:00 -0400 Date: Wed, 22 May 2002 12:31:00 -0400 From: Craig Rodrigues To: Luigi Rizzo Cc: freebsd-net@freebsd.org Subject: Re: Question about Dummynet and Diffserv Message-ID: <20020522123100.A24632@bbn.com> References: <20020521234248.B13074@bbn.com> <20020522024323.A34030@iguana.icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020522024323.A34030@iguana.icir.org>; from rizzo@icir.org on Wed, May 22, 2002 at 02:43:23AM -0700 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, May 22, 2002 at 02:43:23AM -0700, Luigi Rizzo wrote: > I think the TOS matching is implemented in ipfw in 5.0, not 4.6. > > it should not be too hard to merge it into RELENG_4. > > cheers > luigi Cool! Could you merge this stuff into RELENG_4, or are there more restrictions on merging things into STABLE these days? If it is not possible, if I do it myself, do I just need to download the files in /usr/src/sbin/ipfw from the CURRENT in CVS? Thanks. -- Craig Rodrigues Distributed Systems and Logistics, Office 6/304 crodrigu@bbn.com BBN Technologies, a Verizon company (617) 873-4725 Cambridge, MA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 22 9:47:24 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx2.nersc.gov (mx2.nersc.gov [128.55.6.22]) by hub.freebsd.org (Postfix) with ESMTP id 3A30937B401 for ; Wed, 22 May 2002 09:47:14 -0700 (PDT) Received: from gemini.nersc.gov (gemini.nersc.gov [128.55.16.111]) by mx2.nersc.gov (Postfix) with ESMTP id 8F7BA5932; Wed, 22 May 2002 09:47:13 -0700 (PDT) Received: from gemini.nersc.gov (localhost [127.0.0.1]) by gemini.nersc.gov (Postfix) with ESMTP id CA24D3B1AB; Wed, 22 May 2002 09:47:12 -0700 (PDT) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: freebsd-net@FreeBSD.ORG Cc: Ivailo Tanusheff Subject: Re: Interface statistic In-Reply-To: Your message of Tue, 21 May 2002 22:32:00 PDT. Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_1234646104P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Wed, 22 May 2002 09:47:12 -0700 From: Eli Dart Message-Id: <20020522164712.CA24D3B1AB@gemini.nersc.gov> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --==_Exmh_1234646104P Content-Type: text/plain; charset=us-ascii It's actually fairly easy to take the output of netstat -inb and put it into rrdtool. If you grep Link out of netstat -inb you get in and out packets and bytes, and you get error counters as well. My $0.02 --eli In reply to Larry Sica : > This is a multipart message in MIME format > > --50318887-POCO-84516347 > Content-Type: text/plain; charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > On Tue, 21 May 2002 14:58:22 +0300, Ivailo Tanusheff wrote: > >Hi, > > > >Can you tell me a way to collect per network interface statistic= > on > >my FreeBSD box? > >At this moment I'm using IPFilter accounting to collect needed > >information, but I think this way I'm collecting only= > information > >related to tcp, udp and icmp traffic. My purpose is to= > visualize > >this data in MRTG. > > > > You could capture traffic via tcpdump. I think MRTG can read= > tcpdump > output. I am going by memory right now though so some research= > would > be helpful. > > > > > -- Larry > > > Larry Sica > lsica1@cox.net > > > > --50318887-POCO-84516347 > Content-Type: text/html > Content-Transfer-Encoding: Quoted-Printable > > > > > >
On Tue, 21 May 2002 14:58:22 +0300, Ivailo Tanusheff= > wrote:
> >Hi,
> >
> >Can you tell me a way to collect per= > network interface statistic on
> >my FreeBSD box?
> >At this moment I'm using IPFilter= > accounting to collect needed
> >information, but I think this way I'm= > collecting only information
> >related to tcp, udp and icmp traffic.= > My purpose is to visualize
> >this data in MRTG.
> >
>
 
>
You could capture traffic via= > tcpdump.  I think MRTG can read tcpdump output.  I am= > going by memory right now though so some research would be= > helpful. 
>
 
>

>
>
>
-- Larry
>
 
>
 
>
Larry Sica
>
lsica1@cox.net
>
 
> > > --50318887-POCO-84516347-- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message --==_Exmh_1234646104P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: This is a comment. iD8DBQE868uQLTFEeF+CsrMRAh1DAJ4s48Z6x0M7GNe9kCPegJYhOxHSqwCfX6TV MfFHEXUtPEA//SrCV5zkjMQ= =E5av -----END PGP SIGNATURE----- --==_Exmh_1234646104P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 22 14:44: 0 2002 Delivered-To: freebsd-net@freebsd.org Received: from mail.speakeasy.net (mail15.speakeasy.net [216.254.0.215]) by hub.freebsd.org (Postfix) with ESMTP id 8D50F37B40F for ; Wed, 22 May 2002 14:43:23 -0700 (PDT) Received: (qmail 11247 invoked from network); 22 May 2002 21:43:22 -0000 Received: from unknown (HELO server.baldwin.cx) ([216.27.160.63]) (envelope-sender ) by mail15.speakeasy.net (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for ; 22 May 2002 21:43:22 -0000 Received: from laptop.baldwin.cx (gw1.twc.weather.com [216.133.140.1]) by server.baldwin.cx (8.11.6/8.11.6) with ESMTP id g4MLhLF01436 for ; Wed, 22 May 2002 17:43:21 -0400 (EDT) (envelope-from jhb@FreeBSD.org) Message-ID: X-Mailer: XFMail 1.5.2 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Wed, 22 May 2002 17:42:56 -0400 (EDT) From: John Baldwin To: net@FreeBSD.org Subject: Lossless bandwidth limiter on an interface Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm curious: what would be the best method of implementing a bandwith limiter on an interface that is lossless? I'm having to limit UDP with no back channel, so I can't reply on TCP retransmits to make up for packets being dropped. DUMMYNET drops packets that overflow it's queue size so it doesn't seem to work out of the box. Ideally, I would like applications sending packets to the interface to block when the outgoing queue is full. One idea I thought about is trying to use netgraph to implement a network interface that does this limiting and then hands the data off to a real network interface that it is attached to, but I also don't want to have to add netgraph support to a bunch of network drivers to get this to work either. Suggestions? -- John Baldwin <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 22 14:49:27 2002 Delivered-To: freebsd-net@freebsd.org Received: from web21104.mail.yahoo.com (web21104.mail.yahoo.com [216.136.227.106]) by hub.freebsd.org (Postfix) with SMTP id 0DFD437B410 for ; Wed, 22 May 2002 14:49:22 -0700 (PDT) Message-ID: <20020522214921.51516.qmail@web21104.mail.yahoo.com> Received: from [152.15.26.29] by web21104.mail.yahoo.com via HTTP; Wed, 22 May 2002 14:49:21 PDT Date: Wed, 22 May 2002 14:49:21 -0700 (PDT) From: Vinod Subject: mobile routing problem To: freebsd-net@freebsd.org Cc: freebsd-mobile@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org i need some help with a routing problem i face. below is my setup. | | 10.0.0.1 firewall/router | _ _ _ _ |_ _ _ _ _ | | |10.0.0.2 |10.0.0.3 Desktop1 Desktop2 10.0.1.1 10.0.1.2 Mobile 10.0.1.5 Desktop1 and Desktop 2 are multihomed pc's with an ethernet and wireless nic.i want to access the internet from my mobile through either desktop1 or desktop2 with just a change of ibss channel,like a handoff(Desktop1 and Desktop2 wireless cards are assigned different channels).How can this be best implemented ? 1) for such a scenario what should be the default router of the mobile? 2) how can i tell the firewall through which desktop i can access the mobile? 3)my desktops are configured as routers right now.is there any other way my mobile can access the internet? Thanks in advance, Vinod __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 22 16:59:12 2002 Delivered-To: freebsd-net@freebsd.org Received: from iguana.icir.org (iguana.icir.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id 8854937B404; Wed, 22 May 2002 16:59:07 -0700 (PDT) Received: (from rizzo@localhost) by iguana.icir.org (8.11.6/8.11.3) id g4MNx0543380; Wed, 22 May 2002 16:59:00 -0700 (PDT) (envelope-from rizzo) Date: Wed, 22 May 2002 16:59:00 -0700 From: Luigi Rizzo To: John Baldwin Cc: net@FreeBSD.ORG Subject: Re: Lossless bandwidth limiter on an interface Message-ID: <20020522165900.B43026@iguana.icir.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from jhb@FreeBSD.ORG on Wed, May 22, 2002 at 05:42:56PM -0400 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org when a dummynet queue drops UDP packets, it returns an ENOBUF error on the write(), so you can at least retry the transmission yourself after some time. Unfortunately there is not any mechanism in place to make an UDP write() blocking. cheers luigi On Wed, May 22, 2002 at 05:42:56PM -0400, John Baldwin wrote: > I'm curious: what would be the best method of implementing a bandwith limiter > on an interface that is lossless? I'm having to limit UDP with no back channel, > so I can't reply on TCP retransmits to make up for packets being dropped. > DUMMYNET drops packets that overflow it's queue size so it doesn't seem to work > out of the box. Ideally, I would like applications sending packets to the > interface to block when the outgoing queue is full. One idea I thought > about is trying to use netgraph to implement a network interface that does > this limiting and then hands the data off to a real network interface that > it is attached to, but I also don't want to have to add netgraph support to > a bunch of network drivers to get this to work either. > > Suggestions? > > -- > > John Baldwin <>< http://www.FreeBSD.org/~jhb/ > "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 22 17:28:43 2002 Delivered-To: freebsd-net@freebsd.org Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by hub.freebsd.org (Postfix) with ESMTP id C432137B409 for ; Wed, 22 May 2002 17:28:38 -0700 (PDT) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc51.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020523002838.VCZI11426.rwcrmhc51.attbi.com@blossom.cjclark.org>; Thu, 23 May 2002 00:28:38 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g4N0Sbi09020; Wed, 22 May 2002 17:28:37 -0700 (PDT) (envelope-from crist.clark@attbi.com) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Wed, 22 May 2002 17:28:37 -0700 From: "Crist J. Clark" To: John Angelmo Cc: net@FreeBSD.ORG Subject: Re: "dynamic" ipfw Message-ID: <20020522172837.A8894@blossom.cjclark.org> Reply-To: "Crist J. Clark" References: <3CE934D8.9010302@veidit.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3CE934D8.9010302@veidit.net>; from john@veidit.net on Mon, May 20, 2002 at 07:39:36PM +0200 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, May 20, 2002 at 07:39:36PM +0200, John Angelmo wrote: > Hello > > I have a small problem with IPFW > > How can I handle adding and removing rules based on IP/MAC per user? Per user? You mean with 'uid' options? > I can add a rule for a specific IP/MAC without the need to flush but can > I remove it in the same way? It kind of sounds like you want to use 'keep-state' rules? But I'm confused about the "user" stuff. > now lets say I have a user that only needs access to it's mailserver > mail.user.com with pop3 and smtp > then the rule for pop3 would be something like > add allow ip from mail.user.com 110 to IP/HOST (MAC dosn't work here right?) Well, support for MAC addresses in ipfw(8) only exists in -CURRENT right now. But I think you want, add pass tcp from me to mail.user.com 25,110 keep-state Which will pass the return traffic. > Now mail.user.com uses runrobin so the IP changes from request to > request but dosn't the IPFW resolve the IP when its added to the rules, > how can this be solved for the user? You can load all of the IP addresses at start-up? There really is no way to deal with this within ipfw(8) itself. Rules for hostnames whose IP address changes is not a problem that can really be efficiently solved in a general way. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 22 17:28:56 2002 Delivered-To: freebsd-net@freebsd.org Received: from cable2-228.fctvplus.net (cable2-228.fctvplus.net [63.85.56.228]) by hub.freebsd.org (Postfix) with ESMTP id CA6CA37B405 for ; Wed, 22 May 2002 17:28:50 -0700 (PDT) Received: from lester.manchero.org (localhost [127.0.0.1]) by cable2-228.fctvplus.net (8.12.3/8.12.3) with ESMTP id g4N0Set3003429 for ; Wed, 22 May 2002 20:28:40 -0400 (EDT) (envelope-from rmanches@lester.manchero.org) Received: (from rmanches@localhost) by lester.manchero.org (8.12.3/8.12.3/Submit) id g4N0Sed7003428 for freebsd-net@FreeBSD.ORG; Wed, 22 May 2002 20:28:40 -0400 (EDT) Date: Wed, 22 May 2002 20:28:39 -0400 From: Rob To: freebsd-net@FreeBSD.ORG Subject: ip src address in outgoing ipv4 multicast packets Message-ID: <20020522202839.A3413@lester.manchero.org> Mail-Followup-To: freebsd-net@FreeBSD.ORG Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I was just wondering why the src address is set to the host group in outgoing multicast packets on RELENG_4? As far as I can tell, rfc1054 says that the src address should be set to that of the host, not the host group (6.2). The behavior exists in 4.5-release also. I noticed this because linux seems to reject mc packets with a multicast source address (which is also incorrect according to section 7.2). Looking at the source, it seems trivial to get the correct (?) behavior. Is there some reason why we shouldn't do this? -r To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 22 17:39:10 2002 Delivered-To: freebsd-net@freebsd.org Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by hub.freebsd.org (Postfix) with ESMTP id B5B3D37B40F for ; Wed, 22 May 2002 17:39:05 -0700 (PDT) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020523003905.ULZQ2751.rwcrmhc52.attbi.com@blossom.cjclark.org>; Thu, 23 May 2002 00:39:05 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g4N0cvF09048; Wed, 22 May 2002 17:38:57 -0700 (PDT) (envelope-from crist.clark@attbi.com) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Wed, 22 May 2002 17:38:57 -0700 From: "Crist J. Clark" To: Craig Rodrigues Cc: freebsd-net@FreeBSD.org Subject: Re: Question about Dummynet and Diffserv Message-ID: <20020522173857.B8894@blossom.cjclark.org> Reply-To: "Crist J. Clark" References: <20020521234248.B13074@bbn.com> <20020522024323.A34030@iguana.icir.org> <20020522123100.A24632@bbn.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020522123100.A24632@bbn.com>; from crodrigu@bbn.com on Wed, May 22, 2002 at 12:31:00PM -0400 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, May 22, 2002 at 12:31:00PM -0400, Craig Rodrigues wrote: > On Wed, May 22, 2002 at 02:43:23AM -0700, Luigi Rizzo wrote: > > I think the TOS matching is implemented in ipfw in 5.0, not 4.6. > > > > it should not be too hard to merge it into RELENG_4. > > > > cheers > > luigi > > Cool! Could you merge this stuff into RELENG_4, or are there more > restrictions on merging things into STABLE these days? Yes. Code freeze for 4.6-RELEASE. > If it is not possible, if I do it myself, do I just need to > download the files in /usr/src/sbin/ipfw from the CURRENT in CVS? No. sbin/ipfw is just the userland command for modifying rules. The actual firewall code lives in sys/netinet/ip_fw.{c,h}. There are old patches against 4.x for filtering on DIFSERV bits floating around. Check the archives of freebsd-security@ and freebsd-ipfw@. I think I may have some somewhere. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 22 17:52:54 2002 Delivered-To: freebsd-net@freebsd.org Received: from mailf.telia.com (mailf.telia.com [194.22.194.25]) by hub.freebsd.org (Postfix) with ESMTP id 7250637B419; Wed, 22 May 2002 17:52:49 -0700 (PDT) Received: from d1o1000.telia.com (d1o1000.telia.com [217.208.12.241]) by mailf.telia.com (8.11.6/8.11.6) with ESMTP id g4N0qlj28636; Thu, 23 May 2002 02:52:48 +0200 (CEST) Received: from Amnesiac (h54n1fls35o1000.telia.com [217.210.234.54]) by d1o1000.telia.com (8.10.2/8.10.1) with SMTP id g4N0qla13201; Thu, 23 May 2002 02:52:47 +0200 (CEST) Date: Thu, 23 May 2002 02:51:16 +0200 From: John Angelmo To: "Crist J. Clark" Cc: crist.clark@attbi.com, net@FreeBSD.ORG Subject: Re: "dynamic" ipfw Message-Id: <20020523025116.41a796b6.john@veidit.net> In-Reply-To: <20020522172837.A8894@blossom.cjclark.org> References: <3CE934D8.9010302@veidit.net> <20020522172837.A8894@blossom.cjclark.org> X-Mailer: Sylpheed version 0.7.6 (GTK+ 1.2.10; i386-portbld-freebsd5.0) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; boundary="=.,wsQx2jq1,ZKXs" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --=.,wsQx2jq1,ZKXs Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Wed, 22 May 2002 17:28:37 -0700 "Crist J. Clark" wrote: > On Mon, May 20, 2002 at 07:39:36PM +0200, John Angelmo wrote: > > Hello > > > > I have a small problem with IPFW > > > > How can I handle adding and removing rules based on IP/MAC per user? > > Per user? You mean with 'uid' options? Sorry, bad explenation from my side, in this case, for a user to get routing outside the server he/she needs to login via a webform, after that well then he/she can do what he/she wants to. I wonder if I can map that userlogin (in an mysql/pgsql db) to IPFW in some way so I can add/remove rules in an easy way based on userlogin? Just a shot in the dark :) > > > I can add a rule for a specific IP/MAC without the need to flush but can > > I remove it in the same way? > > It kind of sounds like you want to use 'keep-state' rules? But I'm > confused about the "user" stuff. > > > now lets say I have a user that only needs access to it's mailserver > > mail.user.com with pop3 and smtp > > then the rule for pop3 would be something like > > add allow ip from mail.user.com 110 to IP/HOST (MAC dosn't work here right?) > > Well, support for MAC addresses in ipfw(8) only exists in -CURRENT > right now. But I think you want, > > add pass tcp from me to mail.user.com 25,110 keep-state Well for 4.5 this seems to exist: http://www.bsdshell.net > > Which will pass the return traffic. > > > Now mail.user.com uses runrobin so the IP changes from request to > > request but dosn't the IPFW resolve the IP when its added to the rules, > > how can this be solved for the user? > > You can load all of the IP addresses at start-up? There really is no > way to deal with this within ipfw(8) itself. Rules for hostnames whose > IP address changes is not a problem that can really be efficiently > solved in a general way. the problem is that the person configuring the firewall for the user can't possibly know about this problem unless the user states it. well one way would be to hack a bit in ipfw so that the hostname isn't looked up when the rule is added but every time the user uses it, but thi would take to much cpu time for IPFW I think /John --=.,wsQx2jq1,ZKXs Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE87D0OdU9I0dY0KzMRAjWwAJwK5bvwN5dp2z2oEd4v4UwlwLYR0QCeJxJw NVdR5x3Qfp44TUHKYcurUM0= =ZRG3 -----END PGP SIGNATURE----- --=.,wsQx2jq1,ZKXs-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 22 21:28:19 2002 Delivered-To: freebsd-net@freebsd.org Received: from viola.sinor.ru (viola.sinor.ru [217.70.106.9]) by hub.freebsd.org (Postfix) with ESMTP id AC09D37B403; Wed, 22 May 2002 21:28:13 -0700 (PDT) Received: from p162.bass3.sinor.ru (p162.bass3.sinor.ru [217.70.108.162]) by viola.sinor.ru (8.9.3/8.9.3) with ESMTP id LAA02001; Thu, 23 May 2002 11:28:09 +0700 Date: Thu, 23 May 2002 11:28:50 +0700 (NOVST) From: "Semen A. Ustimenko" X-X-Sender: semenu@def.the.net To: freebsd-net@FreeBSD.org Cc: freebsd-fs@FreeBSD.org Subject: NFS don't set sopt.sopt_dir sometimes... Maybe sosetopt() should? Message-ID: <20020523111658.N405-100000@def.the.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi! Looks like nfs_socket.c and nfs_syscalls.c lack strings sopt.sopt_dir = SOPT_SET; when setting TCP_NODELAY and SO_KEEPALIVE. For SO_KEEPALIVE, it doesn't matter, sosetopt() doesn't examine it, but TCP_NODELAY is actually ignored. Obviously, it's easy to add these lines, but maybe it's better to make sosetopt() set sopt_dir for callers? BYe! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu May 23 0: 9:33 2002 Delivered-To: freebsd-net@freebsd.org Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by hub.freebsd.org (Postfix) with ESMTP id C452037B408 for ; Thu, 23 May 2002 00:09:28 -0700 (PDT) Received: from blossom.cjclark.org ([12.234.91.48]) by sccrmhc02.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020523070927.NATD11183.sccrmhc02.attbi.com@blossom.cjclark.org>; Thu, 23 May 2002 07:09:27 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g4N79Ph26155; Thu, 23 May 2002 00:09:25 -0700 (PDT) (envelope-from crist.clark@attbi.com) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Thu, 23 May 2002 00:09:24 -0700 From: "Crist J. Clark" To: John Angelmo Cc: net@FreeBSD.ORG Subject: Re: "dynamic" ipfw Message-ID: <20020523000924.A9562@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <3CE934D8.9010302@veidit.net> <20020522172837.A8894@blossom.cjclark.org> <20020523025116.41a796b6.john@veidit.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020523025116.41a796b6.john@veidit.net>; from john@veidit.net on Thu, May 23, 2002 at 02:51:16AM +0200 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, May 23, 2002 at 02:51:16AM +0200, John Angelmo wrote: > On Wed, 22 May 2002 17:28:37 -0700 > "Crist J. Clark" wrote: > > > On Mon, May 20, 2002 at 07:39:36PM +0200, John Angelmo wrote: > > > Hello > > > > > > I have a small problem with IPFW > > > > > > How can I handle adding and removing rules based on IP/MAC per user? > > > > Per user? You mean with 'uid' options? > > Sorry, bad explenation from my side, in this case, for a user to get routing outside the server he/she needs to login via a webform, after that well then he/she can do what he/she wants to. > I wonder if I can map that userlogin (in an mysql/pgsql db) to IPFW in some way so I can add/remove rules in an easy way based on userlogin? Just a shot in the dark :) You can do whatever you want. Obviously, something like this sounds like you will need to roll your own code/scripts. I know FreeBSD doesn't include anything like this and doubt there are existing packages. That said, I still don't really understand what that means. Users "get routing outside the server" by using a webform? > > > I can add a rule for a specific IP/MAC without the need to flush but can > > > I remove it in the same way? > > > > It kind of sounds like you want to use 'keep-state' rules? But I'm > > confused about the "user" stuff. > > > > > now lets say I have a user that only needs access to it's mailserver > > > mail.user.com with pop3 and smtp > > > then the rule for pop3 would be something like > > > add allow ip from mail.user.com 110 to IP/HOST (MAC dosn't work here right?) > > > > Well, support for MAC addresses in ipfw(8) only exists in -CURRENT > > right now. But I think you want, > > > > add pass tcp from me to mail.user.com 25,110 keep-state > > Well for 4.5 this seems to exist: http://www.bsdshell.net Yeah, the 3rd party ethfw utility. It is not strictly part of FreeBSD and is not part of ipfw(8), but I've never heard anyone say anything bad about it (haven't heard all that much period). > > Which will pass the return traffic. > > > > > Now mail.user.com uses runrobin so the IP changes from request to > > > request but dosn't the IPFW resolve the IP when its added to the rules, > > > how can this be solved for the user? > > > > You can load all of the IP addresses at start-up? There really is no > > way to deal with this within ipfw(8) itself. Rules for hostnames whose > > IP address changes is not a problem that can really be efficiently > > solved in a general way. > > the problem is that the person configuring the firewall for the user can't possibly know about this problem unless the user states it. > > well one way would be to hack a bit in ipfw so that the hostname isn't looked up when the rule is added but every time the user uses it, but thi would take to much cpu time for IPFW I think Exactly, it cannot be solved efficiently for the general case. (But it would be network limited, not CPU. Imagine the lag waitng for DNS lookups for each packet.) -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu May 23 5:38: 6 2002 Delivered-To: freebsd-net@freebsd.org Received: from tisch.mail.mindspring.net (tisch.mail.mindspring.net [207.69.200.157]) by hub.freebsd.org (Postfix) with ESMTP id 746B537B405 for ; Thu, 23 May 2002 05:38:03 -0700 (PDT) Received: from user-1121rer.dsl.mindspring.com ([66.32.237.219] helo=compaq) by tisch.mail.mindspring.net with smtp (Exim 3.33 #1) id 17Arr0-0002ef-00 for freebsd-net@FreeBSD.org; Thu, 23 May 2002 08:38:02 -0400 Message-ID: <002f01c20255$f7503620$5ab9fea9@compaq> From: "Naga Narayanaswamy" To: Subject: ng_eiface hangs on 4.6RC Date: Thu, 23 May 2002 08:32:35 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello! I updated to 4.6-RC on May 22. Posted to freebsd-stable no response, so cross posting to net. Am testing ng_eiface, new netgraph node added in this release. I find that it is not in sys/conf/[files|options] but the ng_eiface.[ch] are present in netgraph directory and in Release notes. After cvsup'ing, I added the required lines in sys/conf/[files|options] and did buildkernel and installkernel. Also modified sys/modules/netgraph to install ng_eiface.ko However on running the following command the system hangs and I have to hard reboot the PC. Any idea ? (I also made /usr/sbin/ngctl; but I did not do a complete buildworld. Could that be a problem ?) Command causing hang = ngctl mkpeer fxp0: eiface divert ether Thanks! Naga To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu May 23 10: 0: 0 2002 Delivered-To: freebsd-net@freebsd.org Received: from loquat.bbn.com (crodrigues.bbn.com [128.89.72.49]) by hub.freebsd.org (Postfix) with ESMTP id 067CB37B40C for ; Thu, 23 May 2002 09:59:40 -0700 (PDT) Received: (from crodrigu@localhost) by loquat.bbn.com (8.11.2/8.11.2) id g4NGxZd32272 for freebsd-net@freebsd.org; Thu, 23 May 2002 12:59:35 -0400 Date: Thu, 23 May 2002 12:59:35 -0400 From: Craig Rodrigues To: freebsd-net@freebsd.org Subject: Re: Question about Dummynet and Diffserv Message-ID: <20020523125935.A32262@bbn.com> References: <20020521234248.B13074@bbn.com> <20020522024323.A34030@iguana.icir.org> <20020522123100.A24632@bbn.com> <20020522173857.B8894@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020522173857.B8894@blossom.cjclark.org>; from crist.clark@attbi.com on Wed, May 22, 2002 at 05:38:57PM -0700 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, May 22, 2002 at 05:38:57PM -0700, Crist J. Clark wrote: > > No. sbin/ipfw is just the userland command for modifying rules. The > actual firewall code lives in sys/netinet/ip_fw.{c,h}. Hi, I merged from -CURRENT to my -STABLE tree some changes made in October 2000 to sys/netinet/ip_fw.{c,h} and sbin/ipfw/ipfw.c which add ipfw filtering based on iptos. However, from reading the documentation, it seems that only the older IP TOS precedence values are supported for filtering. Is it possible to use ipfw to filter based on any Diffserv codepoint value? This is from the man page: " iptos spec Match if the IP header contains the comma separated list of service types specified in spec. The supported IP types of service are: lowdelay (IPTOS_LOWDELAY), throughput (IPTOS_THROUGHPUT), reliability (IPTOS_RELIABILITY), mincost (IPTOS_MINCOST), congestion (IPTOS_CE). The absence of a particular type may be denoted with a `'!. " Thanks. -- Craig Rodrigues Distributed Systems and Logistics, Office 6/304 crodrigu@bbn.com BBN Technologies, a Verizon company (617) 873-4725 Cambridge, MA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu May 23 11: 3:40 2002 Delivered-To: freebsd-net@freebsd.org Received: from garbo.lodgenet.com (garbo.lodgenet.com [204.124.122.252]) by hub.freebsd.org (Postfix) with ESMTP id 713CA37B40B; Thu, 23 May 2002 11:03:13 -0700 (PDT) Received: from hardy.lodgenet.com (hardy.lodgenet.com [10.0.104.235]) by garbo.lodgenet.com (8.11.4/8.11.4) with ESMTP id g4NI38L05689; Thu, 23 May 2002 13:03:09 -0500 (CDT) Received: from chaplin.lodgenet.com (not verified[10.0.104.215]) by hardy.lodgenet.com with MailMarshal (4,2,5,0) id ; Thu, 23 May 2002 13:03:08 -0500 Received: by chaplin.lodgenet.com with Internet Mail Service (5.5.2653.19) id <2FNAZN80>; Thu, 23 May 2002 12:58:48 -0500 Message-ID: <3EA88113DE92D211807300805FA7994209149E09@chaplin.lodgenet.com> From: "McKenna, Lee" To: "'Christophe Prevotaux'" , freebsd-net@freebsd.org Cc: freebsd-hardware@freebsd.org Subject: RE: UDLR and DVB-S Date: Thu, 23 May 2002 12:58:47 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have some interest in UDLR, but alas I am no programmer either. UDCast appears to have the first commercially available UDLR implementation, and if I am not mistaken, I believe they have it running on FreeBSD. I also think Emmanuel Duros wrote FreeBSD drivers for a few DVB-S cards while at Inria. I might be able to lend out some DVB-S hardware if someone wants to seriously tackle writing a driver for FreeBSD and commits it to open source... Later, --Lee > -----Original Message----- > From: Christophe Prevotaux [mailto:c.prevotaux@hexanet.fr] > Sent: Wednesday, May 08, 2002 8:10 AM > To: freebsd-net@FreeBSD.ORG > Cc: freebsd-hardware@FreeBSD.ORG > Subject: UDLR > > > Hi, > > I have once asked if someone would be interested in implementing UDLR > and DVMRP and include it in FreeBSD ? > > Julian Elischer mentioned it would be fairly trivial to implement as a > node in Netgraph. However I am no programmer. > > I was wondering if no one had interest in UDLR ? I understand > that today's > broadband access do not require these unidirectional links, > but I can't > believe no one needs this, since they are also plenty of > other use for it > apart from the fact it can be used for unidirectional link (one way > internet access (uplink is done thru a modem or a different kind of > internet access link)) > > If someone is interested in develloping this, there is some > code source > available (it is FreeBSD Release 2.2.x. based and has not > been maintained > for a long time). > > Receivers boards > ================ > DVB-S PCI adapter drivers are also needed for devices from > any of these > manufacturers > > http://www.coship.com/English/products/cdvbany2010s.htm > http://www.broadlogic.com > http://www.pentamedia.com > http://www.twinhan.com.tw > > who might be ready to lend or give out hardware in order to help > devellopement of these drivers. > > Uplink boards > ============= > These boards must be able to: > > - Transmit IP packet over DVB/MPEG 2 transport stream > > - Variable maximum data rate determined by external clock generator, > transparent for reception cards > > - ISA Bus > > As of today I have not found (yet) transmit (uplink) boards > manufacturer > > As for uplink boards the devellopement of such drivers are to > be a problem > since it is very unlikely that anyone as a personal space > segment on a DVB > capable satellite and the necessary hardware > > However if anyone has ideas on how to build a test cheap unit > for uplink > and downlink testing locally , please let me know. > > Also since Bill Fenner is both part of the UDLR IETF BOARD > and member of > the Mbone FreeBSD Team, we have a great source of internal > knowledge in > this protocol etc...(In the event that Bill agrees to help > (of course)) > > http://people.freebsd.org/~fenner/ > > I have contacted the author of the RFC for UDLR Emmanuel > Duros but as of > now it is to no avail since he has not answered my email (it has been > several months) > > Here are some pointers to some available literature and source code: > > What is UDLR (Short introduction) > ================================= > http://www.actconferences.com/sif2002/abstract/udlr.htm > > RFCs , Drafts and Charter > ========================= > http://www.ietf.org/html.charters/udlr-charter.html > > http://www.ietf.org/internet-drafts/draft-ietf-udlr-pppoe-00.txt > http://www.ietf.org/internet-drafts/draft-ietf-udlr-multicast- issues-00.txt http://www.ietf.org/internet-drafts/draft-ietf-udlr-security-00.txt http://www.ietf.org/internet-drafts/draft-ietf-udlr-dvmrp-conf-02.txt http://www.ietf.org/rfc/rfc3077.txt http://www.ietf.org/rfc/rfc1075.txt Source code =========== http://www-sop.inria.fr/rodeo/personnel/eduros/manu.html -- -- =============================================================== Christophe Prevotaux Email: c.prevotaux@hexanet.fr HEXANET SARL URL: http://www.hexanet.fr/ Z.A.C Les Charmilles Tel: +33 (0)3 26 79 30 05 3 Allée Thierry Sabine Direct: +33 (0)3 26 79 08 02 BP202 Fax: +33 (0)3 26 79 30 06 51686 Reims Cedex 2 FRANCE HEXANET Network Operation Center =============================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu May 23 13:37:37 2002 Delivered-To: freebsd-net@freebsd.org Received: from mail-out2.apple.com (mail-out2.apple.com [17.254.0.51]) by hub.freebsd.org (Postfix) with ESMTP id 069F537B414; Thu, 23 May 2002 13:37:31 -0700 (PDT) Received: from mailgate1.apple.com (A17-128-100-225.apple.com [17.128.100.225]) by mail-out2.apple.com (8.11.3/8.11.3) with ESMTP id g4NKbUs28852; Thu, 23 May 2002 13:37:30 -0700 (PDT) Received: from scv1.apple.com (scv1.apple.com) by mailgate1.apple.com (Content Technologies SMTPRS 4.2.1) with ESMTP id ; Thu, 23 May 2002 13:36:57 -0700 Received: from [17.219.180.26] (minshallidsl1.apple.com [17.219.180.26]) by scv1.apple.com (8.11.3/8.11.3) with ESMTP id g4NKbT922504; Thu, 23 May 2002 13:37:29 -0700 (PDT) X-Sender: conrad@mail.apple.com Message-Id: In-Reply-To: <20020523111658.N405-100000@def.the.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Thu, 23 May 2002 13:37:26 -0700 To: "Semen A. Ustimenko" , freebsd-net@FreeBSD.ORG From: Conrad Minshall Subject: Re: NFS don't set sopt.sopt_dir sometimes... Maybe sosetopt() should? Cc: freebsd-fs@FreeBSD.ORG Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 9:28 PM -0700 5/22/02, Semen A. Ustimenko wrote: >Looks like nfs_socket.c and nfs_syscalls.c lack strings > > sopt.sopt_dir = SOPT_SET; > >when setting TCP_NODELAY and SO_KEEPALIVE. For SO_KEEPALIVE, it doesn't >matter, sosetopt() doesn't examine it, but TCP_NODELAY is actually >ignored. > >Obviously, it's easy to add these lines, but maybe it's better to make >sosetopt() set sopt_dir for callers? This came up with SMB (and NFS) in Darwin. Changing both caller and callee is the robust choice in our case as old loadable kernel module binaries with new kernels will get fixed, and vice-versa. If you have the luxury of not considering out-of-sync kernel loadables then I envy you :) -- Conrad Minshall, conrad@apple.com, 408 974-2749 Apple Computer, Mac OS X Core Operating Systems To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu May 23 17:22:36 2002 Delivered-To: freebsd-net@freebsd.org Received: from cable2-228.fctvplus.net (cable2-228.fctvplus.net [63.85.56.228]) by hub.freebsd.org (Postfix) with ESMTP id 0907737B403; Thu, 23 May 2002 17:22:27 -0700 (PDT) Received: from lester.manchero.org (localhost [127.0.0.1]) by cable2-228.fctvplus.net (8.12.3/8.12.3) with ESMTP id g4O0MMt3006228; Thu, 23 May 2002 20:22:22 -0400 (EDT) (envelope-from rmanches@lester.manchero.org) Received: (from rmanches@localhost) by lester.manchero.org (8.12.3/8.12.3/Submit) id g4O0MMvX006227; Thu, 23 May 2002 20:22:22 -0400 (EDT) Date: Thu, 23 May 2002 20:22:22 -0400 From: Rob To: freebsd-net@FreeBSD.ORG Cc: hackers@FreeBSD.ORG Subject: Re: ip src address in outgoing ipv4 multicast packets Message-ID: <20020523202222.A6200@lester.manchero.org> Mail-Followup-To: freebsd-net@FreeBSD.ORG, hackers@freebsd.org References: <20020522202839.A3413@lester.manchero.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020522202839.A3413@lester.manchero.org>; from telez@brown.edu on Wed, May 22, 2002 at 08:28:39PM -0400 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * Rob (telez@brown.edu) [020522 20:30]: > I was just wondering why the src address is set to the host group in > outgoing multicast packets on RELENG_4? As far as I can tell, rfc1054 > says that the src address should be set to that of the host, not the > host group (6.2). The behavior exists in 4.5-release also. > > I noticed this because linux seems to reject mc packets with a multicast > source address (which is also incorrect according to section 7.2). > > Looking at the source, it seems trivial to get the correct (?) behavior. > Is there some reason why we shouldn't do this? If anyone cares I just submitted a pr with an attached patch which will fix this problem. What is a good avenue to get this incorporated into the main tree? http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/38473 -r To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu May 23 19:21:44 2002 Delivered-To: freebsd-net@freebsd.org Received: from hall.mail.mindspring.net (hall.mail.mindspring.net [207.69.200.60]) by hub.freebsd.org (Postfix) with ESMTP id 2121C37B40B; Thu, 23 May 2002 19:21:39 -0700 (PDT) Received: from user-1121rtu.dsl.mindspring.com ([66.32.239.190] helo=compaq) by hall.mail.mindspring.net with smtp (Exim 3.33 #1) id 17B4hx-0001Gf-00; Thu, 23 May 2002 22:21:33 -0400 Message-ID: <000f01c202c9$028d6c60$5ab9fea9@compaq> From: "Naga Narayanaswamy" To: "Rob" , Cc: References: <20020522202839.A3413@lester.manchero.org> <20020523202222.A6200@lester.manchero.org> Subject: Re: ip src address in outgoing ipv4 multicast packets Date: Thu, 23 May 2002 22:16:26 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In my 4.6-RC system, I do not have problems with RIPv2 and OSPFv2 packets. I tried zebra routing daemon just now and RIP multicast packets with 224.0.0.9 have proper source address of the interface originating them and OSPFv2 HELLO multicast packets with dst 224.0.0.5 have proper src address of the interface originating them. When you say src address is set to host group, what application generates them? What is the src and dest address ? I quickly checked Rich Stevens vol II. Looks like the code has been like this since old days. Is the application setting the src address as mc group intentionally? Regards Naga. ----- Original Message ----- From: "Rob" To: Cc: Sent: Thursday, May 23, 2002 8:22 PM Subject: Re: ip src address in outgoing ipv4 multicast packets > * Rob (telez@brown.edu) [020522 20:30]: > > I was just wondering why the src address is set to the host group in > > outgoing multicast packets on RELENG_4? As far as I can tell, rfc1054 > > says that the src address should be set to that of the host, not the > > host group (6.2). The behavior exists in 4.5-release also. > > > > I noticed this because linux seems to reject mc packets with a multicast > > source address (which is also incorrect according to section 7.2). > > > > Looking at the source, it seems trivial to get the correct (?) behavior. > > Is there some reason why we shouldn't do this? > > > If anyone cares I just submitted a pr with an attached patch which will > fix this problem. What is a good avenue to get this incorporated into > the main tree? > > http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/38473 > > -r > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu May 23 21:18:55 2002 Delivered-To: freebsd-net@freebsd.org Received: from merlino.iscanet.com (merlino.iscanet.com [217.59.173.229]) by hub.freebsd.org (Postfix) with ESMTP id B342137B409 for ; Thu, 23 May 2002 21:18:50 -0700 (PDT) Received: from d37.cs.tin.it (beta.tin.it [194.243.154.46]) (authenticated bits=0) by merlino.iscanet.com (8.12.2/8.12.2) with ESMTP id g4O4JAUq004511 for ; Fri, 24 May 2002 06:19:12 +0200 (CEST) (envelope-from rlucia@iscanet.com) Date: Fri, 24 May 2002 06:18:46 +0200 Mime-Version: 1.0 (Apple Message framework v481) Content-Type: text/plain; charset=US-ASCII; format=flowed Subject: ng_fwdswitch netgraph node From: Rocco Lucia To: freebsd-net@freebsd.org Content-Transfer-Encoding: 7bit Message-Id: <57047D2A-6ECD-11D6-A953-000393B296CE@iscanet.com> X-Mailer: Apple Mail (2.481) Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, I tweaked a little the one2many node to realize some different kind of packet switching node. I needed something that would help me to split over different IDS sensors data coming from span/mirroring session done on the network. At first I tried to glue some bpf nodes but I had no luck since performance was very poor and I had tons of packets lost (p3 866MHz, ~100kpt/s inbound). The fwdswitch node, could be imagined as a 'many2many' node but monodirectional only: packets flow from 'in' hooks to 'out' hooks only. The decision about which 'out' hook to choose to forward a packet is taken going through a forwarding table that associates an IPaddress/netmask to an output hook index. Packets that are not matched or frames that are not IP packets will be forwarded to the 'default' hook. I just finished to fix it, made some documentation so it is still incomplete, requires cleanup and has some bugs in the configuration part, but it is nicely working. Let me know if it can be of any interest. It's downloadable at http://elisa.utopianet.net/~rlucia/devel/ng_fwdswitch/ It will compile on 4-STABLE. Ciao :) Rocco -- Rocco Lucia - rlucia@iscanet.com Iscanet Internet Services http://elisa.utopianet.net/~rlucia System and Network Admin C6E6 AC9A 1361 FB38 B47A 2792 9FC4 C52F 7A68 4468 Free unices for a free world. Support *BSD. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 5: 0:15 2002 Delivered-To: freebsd-net@freebsd.org Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by hub.freebsd.org (Postfix) with ESMTP id 42AC437B409 for ; Fri, 24 May 2002 05:00:05 -0700 (PDT) Received: from house (cage.simianscience.com [64.7.134.1]) by smtp1.sentex.ca (8.12.3/8.12.3) with SMTP id g4OC00Jc094523; Fri, 24 May 2002 08:00:00 -0400 (EDT) (envelope-from mike@sentex.net) From: Mike Tancsa To: "Naga Narayanaswamy" Cc: freebsd-net@FreeBSD.ORG Subject: Re: ng_eiface hangs on 4.6RC Date: Fri, 24 May 2002 08:00:10 -0400 Message-ID: <3naseu0b7lg8jh4etai5ba0roah9qcsb21@4ax.com> References: <002f01c20255$f7503620$5ab9fea9@compaq> In-Reply-To: <002f01c20255$f7503620$5ab9fea9@compaq> X-Mailer: Forte Agent 1.8/32.548 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 23 May 2002 08:32:35 -0400, in sentex.lists.freebsd.net you = wrote: >Hello! > >I updated to 4.6-RC on May 22. Posted to freebsd-stable >(I also made /usr/sbin/ngctl; but I did not do a complete buildworld. >Could that be a problem ?) Yes, it could very much be your problem. Do a complete buildworld first = so you really do update to 4.6 and try again.=20 ---Mike Mike Tancsa (mdtancsa@sentex.net) =09 Sentex Communications Corp, =09 Waterloo, Ontario, Canada "Given enough time, 100 monkeys on 100 routers=20 could setup a national IP network." (KDW2) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 6: 8:57 2002 Delivered-To: freebsd-net@freebsd.org Received: from optima-hyper.com (s2.optima-hyper.com [12.111.39.156]) by hub.freebsd.org (Postfix) with ESMTP id 0C6B037B403 for ; Fri, 24 May 2002 06:08:39 -0700 (PDT) Received: from HQWKSTYV (blackhole.optima-hyper.com [12.111.39.146]) by optima-hyper.com (8.12.3/8.12.2) with SMTP id g4OD8a4G064772; Fri, 24 May 2002 09:08:36 -0400 (EDT) Message-ID: <007501c20324$40ca4920$6c00a8c0@OPTIMA.HQ> From: "Yuri Victorovich" To: "Rocco Lucia" , References: <57047D2A-6ECD-11D6-A953-000393B296CE@iscanet.com> Subject: Re: ng_fwdswitch netgraph node Date: Fri, 24 May 2002 09:09:35 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org And why make it one-directional only? It shouldn't improve performance. So it's rather an "IP router" than "fwdswitch". many2many IP routing node would be useful in many situations. Yuri > The fwdswitch node, could be imagined as a 'many2many' node but > monodirectional only: packets flow from 'in' hooks to 'out' hooks > only. The decision about which 'out' hook to choose to forward a > packet is taken going through a forwarding table that associates > an IPaddress/netmask to an output hook index. Packets that are not > matched or frames that are not IP packets will be forwarded to the > 'default' hook. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 6: 9: 0 2002 Delivered-To: freebsd-net@freebsd.org Received: from optima-hyper.com (s2.optima-hyper.com [12.111.39.156]) by hub.freebsd.org (Postfix) with ESMTP id AC58737B407 for ; Fri, 24 May 2002 06:08:44 -0700 (PDT) Received: from HQWKSTYV (blackhole.optima-hyper.com [12.111.39.146]) by optima-hyper.com (8.12.3/8.12.2) with SMTP id g4OD8h4G064780; Fri, 24 May 2002 09:08:43 -0400 (EDT) Message-ID: <007601c20324$4536a3f0$6c00a8c0@OPTIMA.HQ> From: "Yuri Victorovich" To: "Rocco Lucia" , References: <57047D2A-6ECD-11D6-A953-000393B296CE@iscanet.com> Subject: Re: ng_fwdswitch netgraph node Date: Fri, 24 May 2002 09:09:43 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org And why make it one-directional only? It shouldn't improve performance. So it's rather an "IP router" than "fwdswitch". many2many IP routing node would be useful in many situations. Yuri > The fwdswitch node, could be imagined as a 'many2many' node but > monodirectional only: packets flow from 'in' hooks to 'out' hooks > only. The decision about which 'out' hook to choose to forward a > packet is taken going through a forwarding table that associates > an IPaddress/netmask to an output hook index. Packets that are not > matched or frames that are not IP packets will be forwarded to the > 'default' hook. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 7: 7:36 2002 Delivered-To: freebsd-net@freebsd.org Received: from iguana.icir.org (iguana.icir.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id 4AAED37B404 for ; Fri, 24 May 2002 07:07:31 -0700 (PDT) Received: (from rizzo@localhost) by iguana.icir.org (8.11.6/8.11.3) id g4OE7E261904; Fri, 24 May 2002 07:07:14 -0700 (PDT) (envelope-from rizzo) Date: Fri, 24 May 2002 07:07:14 -0700 From: Luigi Rizzo To: Craig Rodrigues Cc: freebsd-net@FreeBSD.ORG Subject: Re: Question about Dummynet and Diffserv Message-ID: <20020524070714.E61411@iguana.icir.org> References: <20020521234248.B13074@bbn.com> <20020522024323.A34030@iguana.icir.org> <20020522123100.A24632@bbn.com> <20020522173857.B8894@blossom.cjclark.org> <20020523125935.A32262@bbn.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020523125935.A32262@bbn.com>; from crodrigu@bbn.com on Thu, May 23, 2002 at 12:59:35PM -0400 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, May 23, 2002 at 12:59:35PM -0400, Craig Rodrigues wrote: ... > Hi, > > I merged from -CURRENT to my -STABLE tree some changes made in October 2000 to > sys/netinet/ip_fw.{c,h} and sbin/ipfw/ipfw.c which add ipfw > filtering based on iptos. > > However, from reading the documentation, it seems that only the > older IP TOS precedence values are supported for filtering. i am not sure but i seem to remember seeing keywords for the newer codepoint values as well. In any case, they should not be hard to add. cheers luigi > Is it possible to use ipfw to filter based on any Diffserv codepoint value? > > This is from the man page: > > " iptos spec > Match if the IP header contains the comma separated list > of service types specified in spec. The supported IP > types of service are: > > lowdelay (IPTOS_LOWDELAY), throughput (IPTOS_THROUGHPUT), > reliability (IPTOS_RELIABILITY), mincost (IPTOS_MINCOST), > congestion (IPTOS_CE). The absence of a particular type > may be denoted with a `'!. > " > > Thanks. > -- > Craig Rodrigues Distributed Systems and Logistics, Office 6/304 > crodrigu@bbn.com BBN Technologies, a Verizon company > (617) 873-4725 Cambridge, MA > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 7:28:11 2002 Delivered-To: freebsd-net@freebsd.org Received: from merlino.iscanet.com (merlino.iscanet.com [217.59.173.229]) by hub.freebsd.org (Postfix) with ESMTP id 5346537B403 for ; Fri, 24 May 2002 07:28:00 -0700 (PDT) Received: from d37.cs.tin.it (beta.tin.it [194.243.154.46]) (authenticated bits=0) by merlino.iscanet.com (8.12.2/8.12.2) with ESMTP id g4OESNUq018811; Fri, 24 May 2002 16:28:24 +0200 (CEST) (envelope-from rlucia@iscanet.com) Date: Fri, 24 May 2002 16:27:55 +0200 Subject: Re: ng_fwdswitch netgraph node Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v481) Cc: To: "Yuri Victorovich" From: Rocco Lucia In-Reply-To: <007501c20324$40ca4920$6c00a8c0@OPTIMA.HQ> Message-Id: <7014E592-6F22-11D6-9500-000393B296CE@iscanet.com> Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.481) Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Re, On Friday, May 24th, 2002, alle 03:09 PM, Yuri Victorovich wrote: > And why make it one-directional only? It shouldn't improve performance. > So it's rather an "IP router" than "fwdswitch". > many2many IP routing node would be useful in many situations. > > Yuri > Well I needed a node that would have forwarded IP packets from a source interface pool to a destination interface pool analyzing source and destination addresses. The very task this node had to accomplish was to nicely behave as an IDS load balancer, whence the monodirectional nature. The source pool would be hooked to the span/mirroring ports to monitor, and the destination pool would be hooked to the IDS sensors. Because of the way a distributed IDS is working I needed to forward them packets in some coherent fashion. The quickest idea to implement was just tag or identify packets flowing to/from an IP network to monitor and forward them to the sensor which is supposed to analyze that data. In this case for each IP network we configure we have a destination hook to forward the traffic. Needless to say that if you want to monitor two different networks and forward them to different destination hooks, since the module does not copy data, it will forward to the first match when we sniff packets which come from one of those and go to the other one. As for treating ng_fwdswitch more like an IP router, well it is not intended to be that. I agree with you about the misleading name, I think I'd have called it something like "basicsrcdstpacketfwd" :-) I'm sorry about that. Rocco -- Rocco Lucia - rlucia@iscanet.com Iscanet Internet Services http://elisa.utopianet.net/~rlucia System and Network Admin C6E6 AC9A 1361 FB38 B47A 2792 9FC4 C52F 7A68 4468 Free unices for a free world. Support *BSD. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 8:37:50 2002 Delivered-To: freebsd-net@freebsd.org Received: from proton.hexanet.fr (proton.hexanet.fr [81.23.32.33]) by hub.freebsd.org (Postfix) with ESMTP id BCAFA37B406; Fri, 24 May 2002 08:37:42 -0700 (PDT) Received: from hexanet.fr (localhost [127.0.0.1]) by proton.hexanet.fr (8.11.6/8.11.6) with SMTP id g4OFbeC53503; Fri, 24 May 2002 17:37:40 +0200 (CEST) (envelope-from c.prevotaux@hexanet.fr) Date: Fri, 24 May 2002 17:37:39 +0200 From: Christophe Prevotaux To: net@freebsd.org, stable@freebsd.org Subject: lge driver and vlan Message-Id: <20020524173739.2a6e9fe0.c.prevotaux@hexanet.fr> Organization: HEXANET Sarl X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i386-portbld-freebsd4.4) X-NCC-RegID: fr.hexanet Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org is it possible to do vlan tagging 802.11q with the lge driver under FreeBSD RELENG_4 (4-STABLE) ? If not ? does someone has patches so it can be done ? -- =============================================================== Christophe Prevotaux Email: c.prevotaux@hexanet.fr HEXANET SARL URL: http://www.hexanet.fr/ Z.A.C Les Charmilles Tel: +33 (0)3 26 79 30 05 3 Allée Thierry Sabine Direct: +33 (0)3 26 79 08 02 BP202 Fax: +33 (0)3 26 79 30 06 51686 Reims Cedex 2 FRANCE HEXANET Network Operation Center =============================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 9:12:23 2002 Delivered-To: freebsd-net@freebsd.org Received: from proton.hexanet.fr (proton.hexanet.fr [81.23.32.33]) by hub.freebsd.org (Postfix) with ESMTP id 3771C37B401; Fri, 24 May 2002 09:12:14 -0700 (PDT) Received: from hexanet.fr (localhost [127.0.0.1]) by proton.hexanet.fr (8.11.6/8.11.6) with SMTP id g4OGC7C53572; Fri, 24 May 2002 18:12:07 +0200 (CEST) (envelope-from c.prevotaux@hexanet.fr) Date: Fri, 24 May 2002 18:12:06 +0200 From: Christophe Prevotaux To: net@freebsd.org, questions@freebsd.org Subject: lge question Message-Id: <20020524181206.54f2e15a.c.prevotaux@hexanet.fr> Organization: HEXANET Sarl X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i386-portbld-freebsd4.4) X-NCC-RegID: fr.hexanet Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Why do I get this messages on a regular basis even knowing that the interface is already up and running ? mymachine /kernel: lge0: gigabit link up -- =============================================================== Christophe Prevotaux Email: c.prevotaux@hexanet.fr HEXANET SARL URL: http://www.hexanet.fr/ Z.A.C Les Charmilles Tel: +33 (0)3 26 79 30 05 3 Allée Thierry Sabine Direct: +33 (0)3 26 79 08 02 BP202 Fax: +33 (0)3 26 79 30 06 51686 Reims Cedex 2 FRANCE HEXANET Network Operation Center =============================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 9:46:16 2002 Delivered-To: freebsd-net@freebsd.org Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68]) by hub.freebsd.org (Postfix) with ESMTP id DEC5D37B401; Fri, 24 May 2002 09:46:10 -0700 (PDT) Received: from localhost (marck@localhost) by woozle.rinet.ru (8.11.6/8.11.6) with ESMTP id g4OGk7q13691; Fri, 24 May 2002 20:46:08 +0400 (MSD) (envelope-from marck@rinet.ru) Date: Fri, 24 May 2002 20:46:07 +0400 (MSD) From: Dmitry Morozovsky To: Christophe Prevotaux Cc: net@FreeBSD.ORG, Subject: Re: lge driver and vlan In-Reply-To: <20020524173739.2a6e9fe0.c.prevotaux@hexanet.fr> Message-ID: <20020524204327.L74058-100000@woozle.rinet.ru> X-NCC-RegID: ru.rinet MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 24 May 2002, Christophe Prevotaux wrote: CP> is it possible to do vlan tagging 802.11q with the lge CP> driver under FreeBSD RELENG_4 (4-STABLE) ? CP> From lge(4) manpage: The LXT1001 supports TCP/IP checksum offload for receive and VLAN-based filtering as well as a 64-bit multicast hash filter. It also supports jumbo frames, which can be configured via the interface MTU setting. Selecting an MTU larger than 1500 bytes with the ifconfig(8) utility con- figures the adapter to receive and transmit jumbo frames. Using jumbo frames can greatly improve performance for certain tasks, such as file transfers and data streaming. [Don't know whether VLAN support really works due to absense of lge cards ;-)] Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 10:40:21 2002 Delivered-To: freebsd-net@freebsd.org Received: from sccrmhc01.attbi.com (sccrmhc01.attbi.com [204.127.202.61]) by hub.freebsd.org (Postfix) with ESMTP id 4F70137B40A for ; Fri, 24 May 2002 10:40:09 -0700 (PDT) Received: from InterJet.elischer.org ([12.232.206.8]) by sccrmhc01.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020524174008.HWXI7675.sccrmhc01.attbi.com@InterJet.elischer.org>; Fri, 24 May 2002 17:40:08 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id KAA93292; Fri, 24 May 2002 10:31:55 -0700 (PDT) Date: Fri, 24 May 2002 10:31:54 -0700 (PDT) From: Julian Elischer To: Rocco Lucia Cc: freebsd-net@freebsd.org Subject: Re: ng_fwdswitch netgraph node In-Reply-To: <57047D2A-6ECD-11D6-A953-000393B296CE@iscanet.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org some comments.. 1/ it may be more useful to not make any distinction between 'in' and 'out' hooks but just have connections.. The hooks could be given purely arbitrary names e.g. "source1" and "suspicious" a hook could be configured as being 'read-only' by command rather than by special name.. (though special names are not a very bad way of doing it.. "out-normal" and "out-dubious" for example.. I haven't looked at the code yet, just the man page.. Julian On Fri, 24 May 2002, Rocco Lucia wrote: > Hello, > I tweaked a little the one2many node to realize some different > kind of packet switching node. I needed something that would help me > to split over different IDS sensors data coming from span/mirroring > session done on the network. At first I tried to glue some bpf nodes > but I had no luck since performance was very poor and I had tons of > packets lost (p3 866MHz, ~100kpt/s inbound). > > The fwdswitch node, could be imagined as a 'many2many' node but > monodirectional only: packets flow from 'in' hooks to 'out' hooks > only. The decision about which 'out' hook to choose to forward a > packet is taken going through a forwarding table that associates > an IPaddress/netmask to an output hook index. Packets that are not > matched or frames that are not IP packets will be forwarded to the > 'default' hook. > > I just finished to fix it, made some documentation so it is still > incomplete, requires cleanup and has some bugs in the configuration > part, but it is nicely working. Let me know if it can be of any > interest. > > It's downloadable at > http://elisa.utopianet.net/~rlucia/devel/ng_fwdswitch/ > It will compile on 4-STABLE. > > Ciao :) > Rocco > > -- > Rocco Lucia - rlucia@iscanet.com Iscanet Internet Services > http://elisa.utopianet.net/~rlucia System and Network Admin > C6E6 AC9A 1361 FB38 B47A 2792 9FC4 C52F 7A68 4468 > > Free unices for a free world. Support *BSD. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 11:15: 8 2002 Delivered-To: freebsd-net@freebsd.org Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by hub.freebsd.org (Postfix) with ESMTP id 32B5737B403; Fri, 24 May 2002 11:15:03 -0700 (PDT) Received: from arch20m.dellroad.org (arch20m.dellroad.org [10.1.1.20]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id LAA03358; Fri, 24 May 2002 11:07:57 -0700 (PDT) Received: (from archie@localhost) by arch20m.dellroad.org (8.11.6/8.11.6) id g4OI7Ja70244; Fri, 24 May 2002 11:07:19 -0700 (PDT) (envelope-from archie) From: Archie Cobbs Message-Id: <200205241807.g4OI7Ja70244@arch20m.dellroad.org> Subject: splimp() during panic? To: freebsd-net@freebsd.org Date: Fri, 24 May 2002 11:07:19 -0700 (PDT) Cc: freebsd-hackers@freebsd.org X-Mailer: ELM [version 2.4ME+ PL88 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I'm trying to debug a mbuf corruption bug in the kernel. I've added an mbuf sanity check routine which calls panic() if anything is amiss with the mbuf free list, etc. This function runs at splimp() and if/when it calls panic() the cpl is still at splimp(). My question is: does this guarantee that the mbuf free lists, etc. will not be modified between the time panic() is called and the time a core file is generated? For example, if an incoming packet causes a networking interrupt after panic() has been called but before the core file is written, will that interrupt be blocked when it calls splimp()? I've been working under this assumption but it seems to not be valid, because I seem to be seeing panics for situations that are not true in the core file. If this is not a valid assumption, is there an easy way to 'freeze' the mbuf free lists long enough to generate the core file when an inconsistency is found (other than adding the obvious hack)? Thanks, -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 12:52:31 2002 Delivered-To: freebsd-net@freebsd.org Received: from angelica.unixdaemons.com (angelica.unixdaemons.com [209.148.64.135]) by hub.freebsd.org (Postfix) with ESMTP id 5A17D37B407; Fri, 24 May 2002 12:52:23 -0700 (PDT) Received: from angelica.unixdaemons.com (bmilekic@localhost.unixdaemons.com [127.0.0.1]) by angelica.unixdaemons.com (8.12.3/8.12.1) with ESMTP id g4OJq86r026665; Fri, 24 May 2002 15:52:08 -0400 (EDT) X-Authentication-Warning: angelica.unixdaemons.com: Host bmilekic@localhost.unixdaemons.com [127.0.0.1] claimed to be angelica.unixdaemons.com Received: (from bmilekic@localhost) by angelica.unixdaemons.com (8.12.3/8.12.1/Submit) id g4OJq7jl026664; Fri, 24 May 2002 15:52:07 -0400 (EDT) (envelope-from bmilekic) Date: Fri, 24 May 2002 15:52:07 -0400 From: Bosko Milekic To: Archie Cobbs , freebsd-net@freebsd.org Cc: freebsd-hackers@freebsd.org Subject: Re: splimp() during panic? Message-ID: <20020524155207.A25775@unixdaemons.com> References: <20020524151549.A49952@unixdaemons.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020524151549.A49952@unixdaemons.com>; from bmilekic@unixdaemons.com on Fri, May 24, 2002 at 03:15:49PM -0400 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Archie Cobbs wrote: > Hi, > > I'm trying to debug a mbuf corruption bug in the kernel. I've added > an mbuf sanity check routine which calls panic() if anything is amiss > with the mbuf free list, etc. This function runs at splimp() and if/when > it calls panic() the cpl is still at splimp(). > > My question is: does this guarantee that the mbuf free lists, etc. will > not be modified between the time panic() is called and the time a core > file is generated? For example, if an incoming packet causes a networking > interrupt after panic() has been called but before the core file is > written, will that interrupt be blocked when it calls splimp()? splimp() ensures that no driver handlers will be executed. Further, dumpsys() is called from panic() at splhigh() which would also mean that none of those potentially troublesome handlers will run. > I've been working under this assumption but it seems to not be > valid, because I seem to be seeing panics for situations that are > not true in the core file. Are you seeing invalid stuff from DDB but valid stuff from the core file? Because if so, that's REALLY WIERD. If you're just seeing two different but invalid things, then perhaps something is happening when Debugger() runs (is it possible that the cpl() is changed after or before a breakpoint()?). > If this is not a valid assumption, is there an easy way to 'freeze' > the mbuf free lists long enough to generate the core file when an > inconsistency is found (other than adding the obvious hack)? To make doubly-sure, what you can do is just keep a variable 'foo' which you initialize to 0. Before any mbuf free list manipulations, place a 'if (foo == 0)' check. Atomically set foo to 1 before the panic. See if the inconsistency changes. If you're seeing garbage in both cases, but the garbage is inconsistent, perhaps there's a memory problem or the dump isn't working properly (I've never heard of anything like this before). > Thanks, > -Archie > > __________________________________________________________________________ > Archie Cobbs * Packet Design * http://www.packetdesign.com Regards, -- Bosko Milekic bmilekic@unixdaemons.com bmilekic@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 13:32:35 2002 Delivered-To: freebsd-net@freebsd.org Received: from web21101.mail.yahoo.com (web21101.mail.yahoo.com [216.136.227.103]) by hub.freebsd.org (Postfix) with SMTP id 85B0537B40D for ; Fri, 24 May 2002 13:32:14 -0700 (PDT) Message-ID: <20020524203214.30158.qmail@web21101.mail.yahoo.com> Received: from [152.15.26.29] by web21101.mail.yahoo.com via HTTP; Fri, 24 May 2002 13:32:14 PDT Date: Fri, 24 May 2002 13:32:14 -0700 (PDT) From: Vinod Subject: setting up batch files To: freebsd-newbies@freebsd.org Cc: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org whats the best way to execute a series of commands in freebsd?something like a batch file in MS-DOS. suppose i want to execute the two commands, defaultrouter="a.b.c.d" ifconfig_eth0="inet e.f.g.h netmask e.f.g.h" by typing something like 'change' on the terminal window;howdo i go about this? note these two commands are set in /etc/rc.conf and i want to execute the changes through a batch sort of file. Thanks in advance, vinod __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 14:15: 9 2002 Delivered-To: freebsd-net@freebsd.org Received: from andrsn.stanford.edu (andrsn.Stanford.EDU [171.66.112.163]) by hub.freebsd.org (Postfix) with ESMTP id 40DD337B414; Fri, 24 May 2002 14:15:02 -0700 (PDT) Received: from localhost (localhost.stanford.edu [127.0.0.1]) by andrsn.stanford.edu (8.11.6/8.11.6) with ESMTP id g4OL1ZH40125; Fri, 24 May 2002 14:01:35 -0700 (PDT) (envelope-from andrsn@andrsn.stanford.edu) Date: Fri, 24 May 2002 14:01:35 -0700 (PDT) From: Annelise Anderson To: Vinod Cc: freebsd-newbies@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: setting up batch files In-Reply-To: <20020524203214.30158.qmail@web21101.mail.yahoo.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 24 May 2002, Vinod wrote: > whats the best way to execute a series of commands in > freebsd?something like a batch file in MS-DOS. > > suppose i want to execute the two commands, > defaultrouter="a.b.c.d" > ifconfig_eth0="inet e.f.g.h netmask e.f.g.h" > by typing something like 'change' on the terminal > window;howdo i go about this? > note these two commands are set in /etc/rc.conf and i > want to execute the changes through a batch sort of > file. > Thanks in advance, > vinod > > __________________________________________________ > Do You Yahoo!? > LAUNCH - Your Yahoo! Music Experience > http://launch.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-newbies" in the body of the message > You use a shell script; put the commands in the script as you would type them at the command line; make the shell script executable; run it. The commands aren't really set in /etc/rc.conf; only the values of the variables are set there. /etc/rc and scripts it calls actually run the commands. So if you don't want to reboot, do it at the command line or do a shell script. Annelise -- Annelise Anderson Author of: FreeBSD: An Open-Source Operating System for Your PC Available from: BSDmall.com and amazon.com Book Website: http://www.bittreepress.com/FreeBSD/introbook/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 14:38:12 2002 Delivered-To: freebsd-net@freebsd.org Received: from web20701.mail.yahoo.com (web20701.mail.yahoo.com [216.136.226.174]) by hub.freebsd.org (Postfix) with SMTP id E47F437B401 for ; Fri, 24 May 2002 14:38:01 -0700 (PDT) Message-ID: <20020524213801.1982.qmail@web20701.mail.yahoo.com> Received: from [194.184.65.139] by web20701.mail.yahoo.com via HTTP; Fri, 24 May 2002 23:38:01 CEST Date: Fri, 24 May 2002 23:38:01 +0200 (CEST) From: =?iso-8859-1?q?GM=20GG?= Subject: mpd: pptp server To: net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I am trying to implement a small vpn solutions with mpd as pptp server and pptpclient from home to office. I have setup also in other implementations and it works fine, but I need for this situations pptp server... The office is connected directly to the net, while at home I am using user ppp and a PPPoE connection. The situations is this one: Home : 10.254.254.1/24 pptpclient from the ports. Office: 192.168.0.1/24 , 194.243.20.91 real ip , mpd as pptp server This is the config for the mpd - pptp server: --- mpd.links --- pptp: set link type pptp set pptp self 194.243.20.91 set pptp enable incoming set pptp disable originate --- mpd.conf --- pptp: new -i ng0 pptp pptp set iface disable on-demand set iface enable proxy-arp set iface idle 1800 set bundle disable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 10 60 set ipcp yes vjcomp set ipcp ranges 192.168.0.1/32 192.168.0.70/32 set ipcp dns 192.168.0.1 set bundle enable compression set ccp yes mppc set ccp no mpp-e40 set ccp yes mpp-e128 set ccp no mpp-stateless --- mpd.secret --- mylogin "mypwd" For the pptpclient I have added to my ppp.conf the following lines: --- ppp.conf --- vpn-pptp-cof: set authname mylogin set authkey mypwd set timeout 0 set ifaddr 0 0 add 192.168.0.1/24 HISADDR # alias enable yes I run on the server: mpd pptp and on the client: pptp 194.243.20.91 vpn-pptp-cof where 194.243.20.91 is the real ip of the server (like in the links section). I think the connections is fine because... On the CLIENT: a new tun device (the tun0 is the user ppp with the PPPoE on the DSL cable) is created on the client side with the requested ip address: tun1: flags=8051 mtu 1498 inet 192.168.0.70 --> 192.168.0.1 netmask 0xffffff00 Opened by PID 2152 and the appropriate routing added: 192.168.0 192.168.0.1 UGSc 0 0 tun1 192.168.0.1 192.168.0.70 UH 1 3 tun1 On the SERVER: ng0: flags=88d1 mtu 1496 inet 192.168.0.1 --> 192.168.0.70 netmask 0xffffffff the netstat -rn: [...] 192.168.0.70 192.168.0.1 UH 0 3 ng0 192.168.0.70 00:10:5a:dc:21:f6 UHLS2 0 0 xl1 But when I try to use a ping I receive: [...] [pptp] IPCP: state change Ack-Rcvd --> Opened [pptp] IPCP: LayerUp 192.168.0.1 -> 192.168.0.70 [pptp] IFACE: Up event [pptp] exec: /sbin/ifconfig ng0 192.168.0.1 192.168.0.70 netmask 0xffffffff -link0 [pptp] exec: /usr/sbin/arp -s 192.168.0.70 0:10:5a:dc:21:f6 pub [pptp] IFACE: Up event [pptp] CCP: rec'd Configure Request #3 link 0 (Ack-Rcvd) MPPC 0x00000040: MPPE, 128 bit [pptp] CCP: SendConfigAck #3 MPPC 0x00000040: MPPE, 128 bit [pptp] CCP: state change Ack-Rcvd --> Opened [pptp] CCP: LayerUp Compress using: MPPE, 128 bit Decompress using: MPPE, 128 bit [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected and on the client: ppp[2152]: tun1: IPCP: IPADDR[6] 192.168.0.70 ppp[2152]: tun1: IPCP: COMPPROTO[6] 16 VJ slots with slot compression ppp[2152]: tun1: CCP: deflink: RecvConfigNak(2) state = Ack-Sent ppp[2152]: tun1: CCP: MPPE[6] value 0x00000040 (128 bits, stateful) ppp[2152]: tun1: CCP: deflink: SendConfigReq(3) state = Ack-Sent ppp[2152]: tun1: CCP: MPPE[6] value 0x00000040 (128 bits, stateful) ppp[2152]: tun1: IPCP: deflink: RecvConfigAck(2) state = Ack-Sent ppp[2152]: tun1: IPCP: deflink: State change Ack-Sent --> Opened ppp[2152]: tun1: IPCP: deflink: LayerUp. ppp[2152]: tun1: IPCP: myaddr 192.168.0.70 hisaddr = 192.168.0.1 ppp[2152]: tun1: CCP: deflink: RecvConfigAck(3) state = Ack-Sent ppp[2152]: tun1: CCP: deflink: State change Ack-Sent --> Opened ppp[2152]: tun1: CCP: deflink: LayerUp. ppp[2152]: tun1: CCP: MPPE: Input channel initiated ppp[2152]: tun1: CCP: MPPE: Output channel initiated ppp[2152]: tun1: CCP: deflink: Out = MPPE[18], In = MPPE[18] ppp[2152]: tun1: Phase: Unknown protocol 0x2145 (unrecognised protocol) with the ssh from the client to the server I got: ppp[2152]: tun1: Phase: Unknown protocol 0x2145 (unrecognised protocol) last message repeated 9 times ppp[2152]: tun1: Phase: Unknown protocol 0x2145 (unrecognised protocol) ppp[2152]: tun1: Phase: deflink: HDLC errors -> FCS: 0, ADDR: 0, COMD: 0, PROTO: 11 and [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: bad length: says 0, rec'd 65 [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: bad length: says 174, rec'd 65 [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) and so on... I tried to reverse the client server hosts, so mpd behind user ppp and pptpclient alone, but I get the same results. I have to say I have tried only with pptpclient from the ports not from any windows implementation... Any idea ? Thanks to all for attention... P.s. I am sorry if I have to use this account, but hub.freebsd.org suddendly has begin to say: May 24 23:25:36 kirk sm-mta[24214]: g4OLPOmA024212: to=, ctladdr= (1000/20), delay=00:00:11, xdelay=00:00:11, mailer=esmtp, pri=30322, relay=hub.freebsd.org. [216.136.204.18], dsn=4.2.0, stat=Deferred: 450 Client host rejected: cannot find your hostname, [194.184.65.4] while this ip is correctly reversed on the net ... ______________________________________________________________________ Scommetti gratis sui Mondiali! http://it.yahoo.com/mail_it/foot/?http://ads.unibet.com/adverts/it/yahoo/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 15:15: 9 2002 Delivered-To: freebsd-net@freebsd.org Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by hub.freebsd.org (Postfix) with ESMTP id 1BEF837B40A; Fri, 24 May 2002 15:15:04 -0700 (PDT) Received: from arch20m.dellroad.org (arch20m.dellroad.org [10.1.1.20]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id PAA04648; Fri, 24 May 2002 15:08:42 -0700 (PDT) Received: (from archie@localhost) by arch20m.dellroad.org (8.11.6/8.11.6) id g4OM84v71088; Fri, 24 May 2002 15:08:04 -0700 (PDT) (envelope-from archie) From: Archie Cobbs Message-Id: <200205242208.g4OM84v71088@arch20m.dellroad.org> Subject: Re: splimp() during panic? In-Reply-To: <20020524155207.A25775@unixdaemons.com> "from Bosko Milekic at May 24, 2002 03:52:07 pm" To: Bosko Milekic Date: Fri, 24 May 2002 15:08:04 -0700 (PDT) Cc: Archie Cobbs , freebsd-net@freebsd.org, freebsd-hackers@freebsd.org X-Mailer: ELM [version 2.4ME+ PL88 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Bosko Milekic writes: > > My question is: does this guarantee that the mbuf free lists, etc. will > > not be modified between the time panic() is called and the time a core > > file is generated? For example, if an incoming packet causes a networking > > interrupt after panic() has been called but before the core file is > > written, will that interrupt be blocked when it calls splimp()? > > splimp() ensures that no driver handlers will be executed. Further, > dumpsys() is called from panic() at splhigh() which would also mean > that none of those potentially troublesome handlers will run. OK, good... > > I've been working under this assumption but it seems to not be > > valid, because I seem to be seeing panics for situations that are > > not true in the core file. > > Are you seeing invalid stuff from DDB but valid stuff from the core > file? Because if so, that's REALLY WIERD. If you're just seeing two > different but invalid things, then perhaps something is happening when > Debugger() runs (is it possible that the cpl() is changed after > or before a breakpoint()?). I'm not trying to use DDB for debugging.. just letting it panic and generate the core file and then using GDB to examine it. I got one panic that happened because mclfree was NULL (it was a bug in the debug code :-) but looking at mclfree in the core file with GDB showed it to be not NULL. So somehow some mbuf operation must have occurred in there somewhere that modified mclfree it seems. > > If this is not a valid assumption, is there an easy way to 'freeze' > > the mbuf free lists long enough to generate the core file when an > > inconsistency is found (other than adding the obvious hack)? > > To make doubly-sure, what you can do is just keep a variable 'foo' > which you initialize to 0. Before any mbuf free list manipulations, > place a 'if (foo == 0)' check. Atomically set foo to 1 before the > panic. See if the inconsistency changes. If you're seeing garbage in Yep, I'll probably do that as well.. thanks. Thanks, -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 15:18:46 2002 Delivered-To: freebsd-net@freebsd.org Received: from freebsd.schema.ca (freebsd.schema.ca [142.59.253.48]) by hub.freebsd.org (Postfix) with ESMTP id 24FB437B406 for ; Fri, 24 May 2002 15:18:43 -0700 (PDT) Received: from freebsd.schema.ca (localhost [127.0.0.1]) by freebsd.schema.ca (8.12.3/8.12.2) with ESMTP id g4OMIgWs029113; Fri, 24 May 2002 16:18:42 -0600 (MDT) (envelope-from pandaro@freebsd.schema.ca) Received: (from pandaro@localhost) by freebsd.schema.ca (8.12.3/8.12.3/Submit) id g4OMIgXZ029112; Fri, 24 May 2002 16:18:42 -0600 (MDT) (envelope-from pandaro@freebsd.schema.ca) Date: Fri, 24 May 2002 16:18:42 -0600 From: "Mike A. Oligny" To: GM GG Cc: net@FreeBSD.ORG Subject: Re: mpd: pptp server Message-ID: <20020524221842.GA29098@freebsd.schema.ca> References: <20020524213801.1982.qmail@web20701.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020524213801.1982.qmail@web20701.mail.yahoo.com> User-Agent: Mutt/1.3.99i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org GM GG (gimbolino@yahoo.it) wrote: > Hi, > I am trying to implement a small vpn solutions with > mpd as pptp server and pptpclient from home to office. Just a thought - I have had much better luck using MPD for both sides of the pptp equation. pptpclient seemed quite unstable the last few times I tried it. -Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 15:48: 1 2002 Delivered-To: freebsd-net@freebsd.org Received: from web20701.mail.yahoo.com (web20701.mail.yahoo.com [216.136.226.174]) by hub.freebsd.org (Postfix) with SMTP id EA96437B400 for ; Fri, 24 May 2002 15:47:57 -0700 (PDT) Message-ID: <20020524224757.5028.qmail@web20701.mail.yahoo.com> Received: from [194.184.65.139] by web20701.mail.yahoo.com via HTTP; Sat, 25 May 2002 00:47:57 CEST Date: Sat, 25 May 2002 00:47:57 +0200 (CEST) From: =?iso-8859-1?q?GM=20GG?= Subject: Re: mpd: pptp server To: "Mike A. Oligny" Cc: net@freebsd.org In-Reply-To: <20020524221842.GA29098@freebsd.schema.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --- "Mike A. Oligny" ha scritto: > GM GG (gimbolino@yahoo.it) wrote: > > > Hi, > > I am trying to implement a small vpn solutions > with > > mpd as pptp server and pptpclient from home to > office. > > Just a thought - I have had much better luck using > MPD > for both sides of the pptp equation. pptpclient > seemed > quite unstable the last few times I tried it. Can you suggest a config for mpd used like a pptp client ? It seems to me there is not such config sample in the provided mpd.conf default. Or I have to use the vpn label perhaps ? Btw I was testing with pptp client because I'd like to use this vpn from a windows box too that has only the pptp stuff ("virtual private network adapter) .... Thanks for your kind reply... ______________________________________________________________________ Scommetti gratis sui Mondiali! http://it.yahoo.com/mail_it/foot/?http://ads.unibet.com/adverts/it/yahoo/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 16:13:16 2002 Delivered-To: freebsd-net@freebsd.org Received: from smtp3.america.net (smtp3.america.net [199.170.121.53]) by hub.freebsd.org (Postfix) with ESMTP id F120737B404; Fri, 24 May 2002 16:13:09 -0700 (PDT) Received: from lester.manchero.org ([65.211.120.109]) by smtp3.america.net (8.11.6/8.11.6) with ESMTP id g4OND2v13514; Fri, 24 May 2002 19:13:02 -0400 (EDT) Received: from lester.manchero.org (localhost [127.0.0.1]) by [65.211.120.109] (8.12.3/8.12.3) with ESMTP id g4ON0kvc008918; Fri, 24 May 2002 19:00:46 -0400 (EDT) (envelope-from rmanches@lester.manchero.org) Received: (from rmanches@localhost) by lester.manchero.org (8.12.3/8.12.3/Submit) id g4ON0jgR008917; Fri, 24 May 2002 19:00:45 -0400 (EDT) Date: Fri, 24 May 2002 19:00:45 -0400 From: Rob To: Naga Narayanaswamy Cc: freebsd-net@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: ip src address in outgoing ipv4 multicast packets Message-ID: <20020524190045.A8865@lester.manchero.org> Mail-Followup-To: Naga Narayanaswamy , freebsd-net@FreeBSD.ORG, hackers@FreeBSD.ORG References: <20020522202839.A3413@lester.manchero.org> <20020523202222.A6200@lester.manchero.org> <000f01c202c9$028d6c60$5ab9fea9@compaq> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <000f01c202c9$028d6c60$5ab9fea9@compaq>; from naga@mindspring.com on Thu, May 23, 2002 at 10:16:26PM -0400 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * Naga Narayanaswamy (naga@mindspring.com) [020523 19:21]: > When you say src address is set to host group, what application generates > them? What is the src and dest address ? I quickly checked Rich Stevens vol > II. > Looks like the code has been like this since old days. > Is the application setting the src address as mc group intentionally? yes, it does in the call to bind, though I wouldn't think that one would have to use two sockets for outgoing / incoming traffic if we just wanted to restrict incoming traffic to have a dst address of the host's group. -r To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 16:49:33 2002 Delivered-To: freebsd-net@freebsd.org Received: from kirk.giovannelli.it (kirk.giovannelli.it [194.184.65.4]) by hub.freebsd.org (Postfix) with ESMTP id 2483837B40D for ; Fri, 24 May 2002 16:48:45 -0700 (PDT) Received: from gimbo.org (localhost [127.0.0.1]) by kirk.giovannelli.it (8.12.3/8.12.2) with ESMTP id g4OLPOmA024212 for ; Fri, 24 May 2002 23:25:25 +0200 (CEST) (envelope-from gmarco@gimbo.org) From: "Gianmarco Giovannelli" To: net@freebsd.org Subject: mpd: pptp server Date: Fri, 24 May 2002 23:25:24 +0900 Message-Id: <20020524232524.M39363@gimbo.org> X-Mailer: Open WebMail 1.64 20020415 X-OriginatingIP: 194.184.65.139 (gmarco) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I am trying to implement a small vpn solutions with mpd as pptp server and pptpclient from home to office. I have setup also in other implementations and it works fine, but I need for this situations pptp server... The office is connected directly to the net, while at home I am using user ppp and a PPPoE connection. The situations is this one: Home : 10.254.254.1/24 pptpclient from the ports. Office: 192.168.0.1/24 , 194.243.20.91 real ip , mpd as pptp server This is the config for the mpd - pptp server: --- mpd.links --- pptp: set link type pptp set pptp self 194.243.20.91 set pptp enable incoming set pptp disable originate --- mpd.conf --- pptp: new -i ng0 pptp pptp set iface disable on-demand set iface enable proxy-arp set iface idle 1800 set bundle disable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 10 60 set ipcp yes vjcomp set ipcp ranges 192.168.0.1/32 192.168.0.70/32 set ipcp dns 192.168.0.1 set bundle enable compression set ccp yes mppc set ccp no mpp-e40 set ccp yes mpp-e128 set ccp no mpp-stateless --- mpd.secret --- mylogin "mypwd" For the pptpclient I have added to my ppp.conf the following lines: --- ppp.conf --- vpn-pptp-cof: set authname mylogin set authkey mypwd set timeout 0 set ifaddr 0 0 add 192.168.0.1/24 HISADDR # alias enable yes I run on the server: mpd pptp and on the client: pptp 194.243.20.91 vpn-pptp-cof where 194.243.20.91 is the real ip of the server (like in the links section). I think the connections is fine because... On the CLIENT: a new tun device (the tun0 is the user ppp with the PPPoE on the DSL cable) is created on the client side with the requested ip address: tun1: flags=8051 mtu 1498 inet 192.168.0.70 --> 192.168.0.1 netmask 0xffffff00 Opened by PID 2152 and the appropriate routing added: 192.168.0 192.168.0.1 UGSc 0 0 tun1 192.168.0.1 192.168.0.70 UH 1 3 tun1 On the SERVER: ng0: flags=88d1 mtu 1496 inet 192.168.0.1 --> 192.168.0.70 netmask 0xffffffff the netstat -rn: [...] 192.168.0.70 192.168.0.1 UH 0 3 ng0 192.168.0.70 00:10:5a:dc:21:f6 UHLS2 0 0 xl1 But when I try to use a ping I receive: [...] [pptp] IPCP: state change Ack-Rcvd --> Opened [pptp] IPCP: LayerUp 192.168.0.1 -> 192.168.0.70 [pptp] IFACE: Up event [pptp] exec: /sbin/ifconfig ng0 192.168.0.1 192.168.0.70 netmask 0xffffffff - link0 [pptp] exec: /usr/sbin/arp -s 192.168.0.70 0:10:5a:dc:21:f6 pub [pptp] IFACE: Up event [pptp] CCP: rec'd Configure Request #3 link 0 (Ack-Rcvd) MPPC 0x00000040: MPPE, 128 bit [pptp] CCP: SendConfigAck #3 MPPC 0x00000040: MPPE, 128 bit [pptp] CCP: state change Ack-Rcvd --> Opened [pptp] CCP: LayerUp Compress using: MPPE, 128 bit Decompress using: MPPE, 128 bit [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected and on the client: ppp[2152]: tun1: IPCP: IPADDR[6] 192.168.0.70 ppp[2152]: tun1: IPCP: COMPPROTO[6] 16 VJ slots with slot compression ppp[2152]: tun1: CCP: deflink: RecvConfigNak(2) state = Ack-Sent ppp[2152]: tun1: CCP: MPPE[6] value 0x00000040 (128 bits, stateful) ppp[2152]: tun1: CCP: deflink: SendConfigReq(3) state = Ack-Sent ppp[2152]: tun1: CCP: MPPE[6] value 0x00000040 (128 bits, stateful) ppp[2152]: tun1: IPCP: deflink: RecvConfigAck(2) state = Ack-Sent ppp[2152]: tun1: IPCP: deflink: State change Ack-Sent --> Opened ppp[2152]: tun1: IPCP: deflink: LayerUp. ppp[2152]: tun1: IPCP: myaddr 192.168.0.70 hisaddr = 192.168.0.1 ppp[2152]: tun1: CCP: deflink: RecvConfigAck(3) state = Ack-Sent ppp[2152]: tun1: CCP: deflink: State change Ack-Sent --> Opened ppp[2152]: tun1: CCP: deflink: LayerUp. ppp[2152]: tun1: CCP: MPPE: Input channel initiated ppp[2152]: tun1: CCP: MPPE: Output channel initiated ppp[2152]: tun1: CCP: deflink: Out = MPPE[18], In = MPPE[18] ppp[2152]: tun1: Phase: Unknown protocol 0x2145 (unrecognised protocol) with the ssh from the client to the server I got: ppp[2152]: tun1: Phase: Unknown protocol 0x2145 (unrecognised protocol) last message repeated 9 times ppp[2152]: tun1: Phase: Unknown protocol 0x2145 (unrecognised protocol) ppp[2152]: tun1: Phase: deflink: HDLC errors -> FCS: 0, ADDR: 0, COMD: 0, PROTO: 11 and [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: bad length: says 0, rec'd 65 [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: bad length: says 174, rec'd 65 [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) and so on... I tried to reverse the client server hosts, so mpd behind user ppp and pptpclient alone, but I get the same results. I have to say I have tried only with pptpclient from the ports not from any windows implementation... Any idea ? Thanks to all for attention... -- Open WebMail Project (http://openwebmail.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 17: 8:27 2002 Delivered-To: freebsd-net@freebsd.org Received: from scotty.masternet.it (scotty.masternet.it [194.184.65.2]) by hub.freebsd.org (Postfix) with SMTP id 0546437B400 for ; Fri, 24 May 2002 17:08:21 -0700 (PDT) Received: from usul.scotty.masternet.it [194.184.65.139] by scotty.masternet.it with ESMTP (SMTPD32-4.03) id A526B50098; Fri, 24 May 2002 20:23:34 +03d00 Message-Id: <5.1.1.2.2.20020524202247.02722e98@194.184.65.4> X-Sender: gmarco@194.184.65.7 X-Mailer: QUALCOMM Windows Eudora Version 5.1.1.3 (Beta) Date: Fri, 24 May 2002 20:22:52 +0200 To: net@freebsd.org From: Gianmarco Giovannelli Subject: mpd: pptp server Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I am trying to implement a small vpn solutions with mpd as pptp server and pptpclient from home to office. I have setup also in other implementations and it works fine, but I need for this situations pptp server... The office is connected directly to the net, while at home I am using user ppp and a PPPoE connection. The situations is this one: Home : 10.254.254.1/24 pptpclient from the ports. Office: 192.168.0.1/24 , 194.243.20.91 real ip , mpd as pptp server This is the config for the mpd - pptp server: --- mpd.links --- pptp: set link type pptp set pptp self 194.243.20.91 set pptp enable incoming set pptp disable originate --- mpd.conf --- pptp: new -i ng0 pptp pptp set iface disable on-demand set iface enable proxy-arp set iface idle 1800 set bundle disable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 10 60 set ipcp yes vjcomp set ipcp ranges 192.168.0.1/32 192.168.0.70/32 set ipcp dns 192.168.0.1 set bundle enable compression set ccp yes mppc set ccp no mpp-e40 set ccp yes mpp-e128 set ccp no mpp-stateless --- mpd.secret --- mylogin "mypwd" For the pptpclient I have added to my ppp.conf the following lines: --- ppp.conf --- vpn-pptp-cof: set authname mylogin set authkey mypwd set timeout 0 set ifaddr 0 0 add 192.168.0.1/24 HISADDR # alias enable yes I run on the server: mpd pptp and on the client: pptp 194.243.20.91 vpn-pptp-cof where 194.243.20.91 is the real ip of the server (like in the links section). I think the connections is fine because... On the CLIENT: a new tun device (the tun0 is the user ppp with the PPPoE on the DSL cable) is created on the client side with the requested ip address: tun1: flags=8051 mtu 1498 inet 192.168.0.70 --> 192.168.0.1 netmask 0xffffff00 Opened by PID 2152 and the appropriate routing added: 192.168.0 192.168.0.1 UGSc 0 0 tun1 192.168.0.1 192.168.0.70 UH 1 3 tun1 On the SERVER: ng0: flags=88d1 mtu 1496 inet 192.168.0.1 --> 192.168.0.70 netmask 0xffffffff the netstat -rn: [...] 192.168.0.70 192.168.0.1 UH 0 3 ng0 192.168.0.70 00:10:5a:dc:21:f6 UHLS2 0 0 xl1 But when I try to use a ping I receive: [...] [pptp] IPCP: state change Ack-Rcvd --> Opened [pptp] IPCP: LayerUp 192.168.0.1 -> 192.168.0.70 [pptp] IFACE: Up event [pptp] exec: /sbin/ifconfig ng0 192.168.0.1 192.168.0.70 netmask 0xffffffff -link0 [pptp] exec: /usr/sbin/arp -s 192.168.0.70 0:10:5a:dc:21:f6 pub [pptp] IFACE: Up event [pptp] CCP: rec'd Configure Request #3 link 0 (Ack-Rcvd) MPPC 0x00000040: MPPE, 128 bit [pptp] CCP: SendConfigAck #3 MPPC 0x00000040: MPPE, 128 bit [pptp] CCP: state change Ack-Rcvd --> Opened [pptp] CCP: LayerUp Compress using: MPPE, 128 bit Decompress using: MPPE, 128 bit [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected and on the client: ppp[2152]: tun1: IPCP: IPADDR[6] 192.168.0.70 ppp[2152]: tun1: IPCP: COMPPROTO[6] 16 VJ slots with slot compression ppp[2152]: tun1: CCP: deflink: RecvConfigNak(2) state = Ack-Sent ppp[2152]: tun1: CCP: MPPE[6] value 0x00000040 (128 bits, stateful) ppp[2152]: tun1: CCP: deflink: SendConfigReq(3) state = Ack-Sent ppp[2152]: tun1: CCP: MPPE[6] value 0x00000040 (128 bits, stateful) ppp[2152]: tun1: IPCP: deflink: RecvConfigAck(2) state = Ack-Sent ppp[2152]: tun1: IPCP: deflink: State change Ack-Sent --> Opened ppp[2152]: tun1: IPCP: deflink: LayerUp. ppp[2152]: tun1: IPCP: myaddr 192.168.0.70 hisaddr = 192.168.0.1 ppp[2152]: tun1: CCP: deflink: RecvConfigAck(3) state = Ack-Sent ppp[2152]: tun1: CCP: deflink: State change Ack-Sent --> Opened ppp[2152]: tun1: CCP: deflink: LayerUp. ppp[2152]: tun1: CCP: MPPE: Input channel initiated ppp[2152]: tun1: CCP: MPPE: Output channel initiated ppp[2152]: tun1: CCP: deflink: Out = MPPE[18], In = MPPE[18] ppp[2152]: tun1: Phase: Unknown protocol 0x2145 (unrecognised protocol) with the ssh from the client to the server I got: ppp[2152]: tun1: Phase: Unknown protocol 0x2145 (unrecognised protocol) last message repeated 9 times ppp[2152]: tun1: Phase: Unknown protocol 0x2145 (unrecognised protocol) ppp[2152]: tun1: Phase: deflink: HDLC errors -> FCS: 0, ADDR: 0, COMD: 0, PROTO: 11 and [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: bad length: says 0, rec'd 65 [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: bad length: says 174, rec'd 65 [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) [pptp] LCP: protocol 0x2145 was rejected [pptp] LCP: rec'd Protocol Reject #2 link 0 (Opened) and so on... I tried to reverse the client server hosts, so mpd behind user ppp and pptpclient alone, but I get the same results. I have to say I have tried only with pptpclient from the ports not from any windows implementation... Any idea ? Thanks to all for attention... Best Regards, Gianmarco Giovannelli , "Unix expert since yesterday" http://www.gufi.org/~gmarco To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 17:10:45 2002 Delivered-To: freebsd-net@freebsd.org Received: from freebsd.schema.ca (freebsd.schema.ca [142.59.253.48]) by hub.freebsd.org (Postfix) with ESMTP id CB09F37B40E for ; Fri, 24 May 2002 17:10:36 -0700 (PDT) Received: from freebsd.schema.ca (localhost [127.0.0.1]) by freebsd.schema.ca (8.12.3/8.12.2) with ESMTP id g4P0AVWs029532; Fri, 24 May 2002 18:10:31 -0600 (MDT) (envelope-from pandaro@freebsd.schema.ca) Received: (from pandaro@localhost) by freebsd.schema.ca (8.12.3/8.12.3/Submit) id g4P0AUBp029531; Fri, 24 May 2002 18:10:30 -0600 (MDT) (envelope-from pandaro@freebsd.schema.ca) Date: Fri, 24 May 2002 18:10:30 -0600 From: "Mike A. Oligny" To: GM GG Cc: net@freebsd.org Subject: Re: mpd: pptp server Message-ID: <20020525001030.GA29518@freebsd.schema.ca> References: <20020524221842.GA29098@freebsd.schema.ca> <20020524224757.5028.qmail@web20701.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020524224757.5028.qmail@web20701.mail.yahoo.com> User-Agent: Mutt/1.3.99i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org GM GG (gimbolino@yahoo.it) wrote: > Can you suggest a config for mpd used like a > pptp client ? It seems to me there is not such > config sample in the provided mpd.conf default. Sure, I'll include some that I've used successfully - client configs are old and haven't been tested recently - they were last used with mpd 3.6. server configs work very well with W2K/XP clients, however, I think my IP calculations in .secrets may be incorrect. Perhaps this isn't even necessary with 3.7 - my goal was to have one user always get the same IP - this worked fine, except if that user disconnected and someone else connected on same interface, they ended up with the reserved IP. Eventually, I'd end up with a couple clients connected as 192.168.0.210. :( I find the same sort of thing happens if I log in twice with the same username unless I have the client request a specific IP. Probably just need to play with numbers in .secrets file. Any feedback/corrections would be appreciated! -Mike ** `client' mpd.conf ** default: load vpn vpn: new -i ng1 vpn vpn set iface disable on-demand # set iface addrs 192.168.1.1 192.168.2.1 set iface idle 0 set iface route 192.168.1.0/24 set bundle disable multilink set bundle authname "" set bundle password "" set link yes acfcomp protocomp set link no pap # set link yes chap set link enable no-orig-auth set link keep-alive 10 75 set ipcp yes vjcomp set ipcp ranges 0.0.0.0/0 192.168.1.0/24 set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e128 set bundle enable crypt-reqd set ccp yes mpp-stateless open ** `client' mpd.links ** vpn: set link type pptp set pptp self set pptp peer set pptp enable originate incoming outcall ** `server' mpd.conf ** default: load client1 load client2 . . . load client9 pptp_common_settings: set iface disable on-demand set iface enable proxy-arp set iface idle 0 set bundle enable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 25 60 set ipcp yes vjcomp set ipcp dns 192.168.0.102 set ipcp nbns 192.168.0.102 set bundle enable compression set ccp yes mppc # I've been trying mpp-compress every couple # months... it doesn't work for me. :) # set ccp yes mpp-compress set ccp yes mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless client1: new -i ng0 pptp1 pptp1 set ipcp ranges 192.168.0.101/32 192.168.0.201/32 load pptp_common_settings client2: new -i ng1 pptp2 pptp2 set ipcp ranges 192.168.0.101/32 192.168.0.202/32 load pptp_common_settings . . . client9: new -i ng8 pptp9 pptp9 set ipcp ranges 192.168.0.101/32 192.168.0.209/32 load pptp_common_settings ** `server' mpd.links ** pptp1: set link type pptp set pptp self 192.168.0.101 set pptp enable incoming set pptp disable originate pptp2: set link type pptp set pptp self 192.168.0.101 set pptp enable incoming set pptp disable originate . . . pptp9: set link type pptp set pptp self 192.168.0.101 set pptp enable incoming set pptp disable originate ** `server' mpd.secret ** user1 "password" 192.168.0.210/32 user2 "password" 192.168.0.216/29 user3 "password" 192.168.0.224/29 user4 "password" 192.168.0.232/29 user5 "password" 192.168.0.240/29 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 19: 5:40 2002 Delivered-To: freebsd-net@freebsd.org Received: from web11206.mail.yahoo.com (web11206.mail.yahoo.com [216.136.131.188]) by hub.freebsd.org (Postfix) with SMTP id C179837B40A for ; Fri, 24 May 2002 19:05:38 -0700 (PDT) Message-ID: <20020525020538.71422.qmail@web11206.mail.yahoo.com> Received: from [128.107.253.38] by web11206.mail.yahoo.com via HTTP; Fri, 24 May 2002 19:05:38 PDT Date: Fri, 24 May 2002 19:05:38 -0700 (PDT) From: Henry Fung Subject: data link layer protocol To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Is there any module or well-known mechanism available for punting a data link layer PDU to a user process? Also for sending out PDUs? Say I'd like to implement ARP as a user process, or some other protocols. Thanks. Henry __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 24 20:12:24 2002 Delivered-To: freebsd-net@freebsd.org Received: from loquat.bbn.com (crodrigues.bbn.com [128.89.72.49]) by hub.freebsd.org (Postfix) with ESMTP id 206C937B404 for ; Fri, 24 May 2002 20:12:16 -0700 (PDT) Received: (from crodrigu@localhost) by loquat.bbn.com (8.11.2/8.11.2) id g4P3CEQ00722; Fri, 24 May 2002 23:12:14 -0400 Date: Fri, 24 May 2002 23:12:14 -0400 From: Craig Rodrigues To: Henry Fung Cc: freebsd-net@FreeBSD.ORG Subject: Re: data link layer protocol Message-ID: <20020524231214.A381@bbn.com> References: <20020525020538.71422.qmail@web11206.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020525020538.71422.qmail@web11206.mail.yahoo.com>; from henryfung_00@yahoo.com on Fri, May 24, 2002 at 07:05:38PM -0700 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, May 24, 2002 at 07:05:38PM -0700, Henry Fung wrote: > Is there any module or well-known mechanism available > for punting a data link layer PDU to a user process? > Also for sending out PDUs? > Say I'd like to implement ARP as a user process, or > some other protocols. > Thanks. > Henry Hi, Try reading the man page for the tap device: man tap There is also a web page with more information: http://vtun.sourceforge.net/ You may also wish to look at netgraph: man 4 netgraph http://www.elischer.org/netgraph/ -- Craig Rodrigues Distributed Systems and Logistics, Office 6/304 crodrigu@bbn.com BBN Technologies, a Verizon company (617) 873-4725 Cambridge, MA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat May 25 1: 5:53 2002 Delivered-To: freebsd-net@freebsd.org Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by hub.freebsd.org (Postfix) with ESMTP id E8AE437B403; Sat, 25 May 2002 01:05:44 -0700 (PDT) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id SAA12197; Sat, 25 May 2002 18:05:39 +1000 Date: Sat, 25 May 2002 18:08:37 +1000 (EST) From: Bruce Evans X-X-Sender: bde@gamplex.bde.org To: Archie Cobbs Cc: freebsd-net@FreeBSD.ORG, Subject: Re: splimp() during panic? In-Reply-To: <200205241807.g4OI7Ja70244@arch20m.dellroad.org> Message-ID: <20020525172252.B6594-100000@gamplex.bde.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 24 May 2002, Archie Cobbs wrote: > I'm trying to debug a mbuf corruption bug in the kernel. I've added > an mbuf sanity check routine which calls panic() if anything is amiss > with the mbuf free list, etc. This function runs at splimp() and if/when > it calls panic() the cpl is still at splimp(). > > My question is: does this guarantee that the mbuf free lists, etc. will > not be modified between the time panic() is called and the time a core > file is generated? For example, if an incoming packet causes a networking > interrupt after panic() has been called but before the core file is > written, will that interrupt be blocked when it calls splimp()? No (apart from it being too late to block the interrupt after it has occurred). panic() should run entirely at the ipl that it is called at, or higher, and it should not undo any other interrupt disables (e.g. the CPU interrupt (un)mask or the ICU or APIC interrupt masks on i386's), since unmasking might cause various problems including corruption of your data structures. However, panic() is too broken to actually keep interrupts masked. If does a sync() very early, and sync() obviously cannot work with interrupts masked, since it wanders off into normal disk i/o code that depends on disk interrupts being enabled to work (actually it is the wait for i/o to complete after the sync() that depends on disk interrupts working). But sync() in panic() usually does work in FreeBSD-[1-4]. The usual mechanism for clobbering the interrupt masks so that it works is calling tsleep(). tsleep() knows that it is in a panic, but still "helpfully" enables interrupts. From the RELENG_4 version: if (cold || panicstr) { /* * After a panic, or during autoconfiguration, * just give interrupts a chance, then just return; * don't run any other procs or panic below, * in case this is the idle process and already asleep. */ splx(safepri); splx(s); return (0); } You could try setting safepri to a priority that is actually safe (0xffff on i386's). There may be other ipl-clobbering mechanism though. sync() in panic() tends to not work in -current, since things are locked by mutexes and there is no kludge like the above to unlock them. The usual failure is to panic recursively on hitting a non-recursive mutex that is already held, usually the same one (in or near bremfree IIRC). There is some chance of dump working for recursive panics, but data structures may already have been clobbered. panic() has two defenses against endless recursion: it turns off sync() after the first entry to panic(), and it turns off dumping after the first entry to doadump(). It has no defense against recursion in all the EVENTHANDLER_INVOKE() shutdowns. All the event handlers are apparently supposed to have their own defenses :-(. > If this is not a valid assumption, is there an easy way to 'freeze' > the mbuf free lists long enough to generate the core file when an > inconsistency is found (other than adding the obvious hack)? Not if removing RB_SYNC is the obvious hack :-). Removing everything except the dump and the final EVENTHANDLER_INVOKE() in boot() should help. (One event handler shutdown is still needed to reboot the system, but it is after the dump so you don't care if it corrupts your structures). Maybe add code to splx() to check that the ipl is not lowered below its value at the start of panic(). Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat May 25 7:41:43 2002 Delivered-To: freebsd-net@freebsd.org Received: from rwcrmhc54.attbi.com (rwcrmhc54.attbi.com [216.148.227.87]) by hub.freebsd.org (Postfix) with ESMTP id 6306437B43C for ; Sat, 25 May 2002 07:40:14 -0700 (PDT) Received: from InterJet.elischer.org ([12.232.206.8]) by rwcrmhc54.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020525144008.FGNJ13253.rwcrmhc54.attbi.com@InterJet.elischer.org>; Sat, 25 May 2002 14:40:08 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id HAA97421; Sat, 25 May 2002 07:34:39 -0700 (PDT) Date: Sat, 25 May 2002 07:34:38 -0700 (PDT) From: Julian Elischer To: Henry Fung Cc: freebsd-net@freebsd.org Subject: Re: data link layer protocol In-Reply-To: <20020525020538.71422.qmail@web11206.mail.yahoo.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org netgraph can do this for you... On Fri, 24 May 2002, Henry Fung wrote: > Is there any module or well-known mechanism available > for punting a data link layer PDU to a user process? > Also for sending out PDUs? > Say I'd like to implement ARP as a user process, or > some other protocols. > Thanks. > Henry > > __________________________________________________ > Do You Yahoo!? > LAUNCH - Your Yahoo! Music Experience > http://launch.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat May 25 9:36:21 2002 Delivered-To: freebsd-net@freebsd.org Received: from web21109.mail.yahoo.com (web21109.mail.yahoo.com [216.136.227.111]) by hub.freebsd.org (Postfix) with SMTP id C997737B403 for ; Sat, 25 May 2002 09:36:17 -0700 (PDT) Message-ID: <20020525163617.42919.qmail@web21109.mail.yahoo.com> Received: from [152.15.26.29] by web21109.mail.yahoo.com via HTTP; Sat, 25 May 2002 09:36:17 PDT Date: Sat, 25 May 2002 09:36:17 -0700 (PDT) From: Vinod Subject: ifconfig and route in a shell script To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org i had some problems with a script of mine. #!/bin/sh ifconfig wi0 10.0.1.5 netmask 255.255.255.0 route delete default route add default 10.0.2.1 i get a host 10.0.2.1 unreachable message when i run this script.then i put the ifconfig in a seperate script and ran it first and then the route commands in a seperate script.this works.so my guess is there is some timing issue between these two commands.i tried putting an echo between the ifconfig and route commands(to make a slight delay) but that didnt work.any other suggestions? will putting a delay work?if yes,can anyone tell me how i can do that on a script.i am new to writing shell scripts.i am using csh. __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat May 25 10:37:42 2002 Delivered-To: freebsd-net@freebsd.org Received: from mighty.grot.org (mighty.grot.org [204.182.56.120]) by hub.freebsd.org (Postfix) with ESMTP id 18E1B37B40A for ; Sat, 25 May 2002 10:37:33 -0700 (PDT) Received: by mighty.grot.org (Postfix, from userid 515) id E57E55EA9; Sat, 25 May 2002 10:37:26 -0700 (PDT) Date: Sat, 25 May 2002 10:37:26 -0700 From: Aditya To: Vinod Cc: freebsd-net@freebsd.org Subject: Re: ifconfig and route in a shell script Message-ID: <20020525173726.GA12379@mighty.grot.org> Reply-To: Aditya References: <20020525163617.42919.qmail@web21109.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020525163617.42919.qmail@web21109.mail.yahoo.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org your default gateway should be on a directly connected network; 10.0.2.1 is not in 10.0.1.0/24 and so your machine doesn't know how to get to it -- your default gateway needs to be of the form 10.0.1.x, probably 10.0.1.1 Aditya On Sat, May 25, 2002 at 09:36:17AM -0700, Vinod wrote: > i had some problems with a script of mine. > > #!/bin/sh > ifconfig wi0 10.0.1.5 netmask 255.255.255.0 > route delete default > route add default 10.0.2.1 > > > > > i get a host 10.0.2.1 unreachable message when i run > this script.then i put the ifconfig in a seperate > script and ran it first and then the route commands in > a seperate script.this works.so my guess is there is > some timing issue between these two commands.i tried > putting an echo between the ifconfig and route > commands(to make a slight delay) but that didnt > work.any other suggestions? > will putting a delay work?if yes,can anyone tell me > how i can do that on a script.i am new to writing > shell scripts.i am using csh. > > __________________________________________________ > Do You Yahoo!? > Yahoo! - Official partner of 2002 FIFA World Cup > http://fifaworldcup.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat May 25 12:17: 7 2002 Delivered-To: freebsd-net@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id BF52037B405; Sat, 25 May 2002 12:17:03 -0700 (PDT) Received: from khavrinen.lcs.mit.edu (localhost [IPv6:::1]) by khavrinen.lcs.mit.edu (8.12.3/8.12.3) with ESMTP id g4PJH3EN088443; Sat, 25 May 2002 15:17:03 -0400 (EDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.12.3/8.12.3/Submit) id g4PJH3oS088440; Sat, 25 May 2002 15:17:03 -0400 (EDT) Date: Sat, 25 May 2002 15:17:03 -0400 (EDT) From: Garrett Wollman Message-Id: <200205251917.g4PJH3oS088440@khavrinen.lcs.mit.edu> To: John Baldwin Cc: net@FreeBSD.ORG Subject: Lossless bandwidth limiter on an interface In-Reply-To: References: Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org < said: > out of the box. Ideally, I would like applications sending packets to the > interface to block when the outgoing queue is full. No Can Do. The network stack is not prepared to block at all, ever. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat May 25 18:27: 2 2002 Delivered-To: freebsd-net@freebsd.org Received: from merlino.iscanet.com (merlino.iscanet.com [217.59.173.229]) by hub.freebsd.org (Postfix) with ESMTP id 4141737B409 for ; Sat, 25 May 2002 18:26:58 -0700 (PDT) Received: from iwalk.iscanet.intr (alice.iscanet.com [217.59.173.230]) (authenticated bits=0) by merlino.iscanet.com (8.12.2/8.12.2) with ESMTP id g4Q1RNUq071289; Sun, 26 May 2002 03:27:24 +0200 (CEST) (envelope-from rlucia@iscanet.com) Date: Sun, 26 May 2002 03:26:48 +0200 Subject: Re: ng_fwdswitch netgraph node Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v481) Cc: freebsd-net@freebsd.org To: Julian Elischer From: Rocco Lucia In-Reply-To: Message-Id: Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.481) Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, May 24, 2002 at 10:31:54AM -0700, Julian Elischer wrote: > some comments.. > > 1/ it may be more useful to not make any distinction between > 'in' and 'out' hooks but just have connections.. > The hooks could be given purely arbitrary names > e.g. "source1" and "suspicious" > a hook could be configured as being 'read-only' by command > rather than by special name.. (though special names are > not a very bad way of doing it.. > "out-normal" > and > "out-dubious" > Ah, sure, that's a good idea, I'm going to rework it to be able to set node behavior sending it messages... that would consume some more cycles per packet tho. Thank you for the suggestion :) -- Rocco Lucia - rlucia@iscanet.com Iscanet Internet Services http://elisa.utopianet.net/~rlucia System and Network Admin C6E6 AC9A 1361 FB38 B47A 2792 9FC4 C52F 7A68 4468 Free unices for a free world. Support *BSD. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message