From owner-freebsd-net Sun Sep 8 0:46:59 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6BDB537B400 for ; Sun, 8 Sep 2002 00:46:56 -0700 (PDT) Received: from smtp.inode.at (goliath.inode.at [195.58.161.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6307A43E4A for ; Sun, 8 Sep 2002 00:46:55 -0700 (PDT) (envelope-from mbretter@inode.at) Received: from line-e-127.adsl-dynamic.inode.at ([62.99.165.127] helo=inode.at) by smtp.inode.at with esmtp (Exim 3.34 #1) id 17nwmN-000498-00 for freebsd-net@freebsd.org; Sun, 08 Sep 2002 09:46:48 +0200 Message-ID: <3D7AFFD4.6020500@inode.at> Date: Sun, 08 Sep 2002 09:44:20 +0200 From: Michael Bretterklieber User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-AT; rv:1.1) Gecko/20020826 X-Accept-Language: de-de, de-at, de, en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: protocol inspection (tunneling ssh over http proxy) Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Is there any project or are there any plans to extend ipfw with a protocol inspection module? I know that this can be very bad for the performance of a firewall, but If you have only a bandwidth of 1MBit this shouldn't be a problem. We have problems in our company, that some users, wich have not directly access to the internet, let ssh tunnel over our http-proxy. Extending ssh for tunneling is very easy (see Putty or corkscrew) and its also not a problem for them to let on another machine sshd run on port 443 or 80. At the moment I have no idea how to prevent the users from tunneling ssh over http. bye, -- -- -------------------------------------- E-mail: Michael.Bretterklieber@jawa.at ---------------------------- JAWA Management Software GmbH Liebenauer Hauptstr. 200 A-8041 GRAZ Tel: ++43-(0)316-403274-12 Fax: ++43-(0)316-403274-10 GSM: ++43-(0)676-93 96 698 homepage: http://www.jawa.at --------- privat ----------- E-mail: mbretter@inode.at homepage: http://www.inode.at/mbretter -------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Sep 8 1:19:31 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B322A37B400 for ; Sun, 8 Sep 2002 01:19:29 -0700 (PDT) Received: from jason.argos.org (65-85-207-106.client.dsl.net [65.85.207.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id A7C3343E42 for ; Sun, 8 Sep 2002 01:19:28 -0700 (PDT) (envelope-from mike@argos.org) Received: from argos.org (mike@jason.argos.org [10.193.1.6]) by jason.argos.org (8.11.4/8.11.4) with ESMTP id g8889ht11648; Sun, 8 Sep 2002 04:09:43 -0400 Message-ID: <3D7B05C7.E254DAB0@argos.org> Date: Sun, 08 Sep 2002 04:09:43 -0400 From: Mike Nowlin X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.5 i686) X-Accept-Language: en MIME-Version: 1.0 To: Michael Bretterklieber Cc: freebsd-net@FreeBSD.ORG Subject: Re: protocol inspection (tunneling ssh over http proxy) References: <3D7AFFD4.6020500@inode.at> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > We have problems in our company, that some users, wich have not directly > access to the internet, let ssh tunnel over our http-proxy. Extending > ssh for tunneling is very easy (see Putty or corkscrew) and its also not > a problem for them to let on another machine sshd run on port 443 or 80. > > At the moment I have no idea how to prevent the users from tunneling ssh > over http. You mean that they're opening connections via SSH through the proxy to remote machines on port 22, then using the SSH tunnel capability to allow connections back to their machine over the tunnel? (Sorry, I'm a bit brain-fried right now.) If so, can't you restrict the proxy to not allow remote requests out to port 22? mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Sep 8 1:26:41 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F215737B400 for ; Sun, 8 Sep 2002 01:26:37 -0700 (PDT) Received: from smtp.inode.at (goliath.inode.at [195.58.161.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 83D8F43E6A for ; Sun, 8 Sep 2002 01:26:37 -0700 (PDT) (envelope-from mbretter@inode.at) Received: from line-e-127.adsl-dynamic.inode.at ([62.99.165.127] helo=inode.at) by smtp.inode.at with esmtp (Exim 3.34 #1) id 17nxOu-0005qz-00 for freebsd-net@FreeBSD.ORG; Sun, 08 Sep 2002 10:26:36 +0200 Message-ID: <3D7B0928.2020403@inode.at> Date: Sun, 08 Sep 2002 10:24:08 +0200 From: Michael Bretterklieber User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-AT; rv:1.1) Gecko/20020826 X-Accept-Language: de-de, de-at, de, en-us, en MIME-Version: 1.0 To: freebsd-net@FreeBSD.ORG Subject: Re: protocol inspection (tunneling ssh over http proxy) References: <3D7AFFD4.6020500@inode.at> <3D7B05C7.E254DAB0@argos.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, the problem is that they use not port 22 for the ssh connection, they use port 80 or 443. I need some software that gurantees that over the http-port flows only http and not someting else. bye, Mike Nowlin schrieb: >>We have problems in our company, that some users, wich have not directly >>access to the internet, let ssh tunnel over our http-proxy. Extending >>ssh for tunneling is very easy (see Putty or corkscrew) and its also not >>a problem for them to let on another machine sshd run on port 443 or 80. >> >>At the moment I have no idea how to prevent the users from tunneling ssh >>over http. > > > You mean that they're opening connections via SSH through the proxy to > remote machines on port 22, then using the SSH tunnel capability to > allow connections back to their machine over the tunnel? (Sorry, I'm a > bit brain-fried right now.) If so, can't you restrict the proxy to not > allow remote requests out to port 22? > > mike > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > > -- -- -------------------------------------- E-mail: Michael.Bretterklieber@jawa.at ---------------------------- JAWA Management Software GmbH Liebenauer Hauptstr. 200 A-8041 GRAZ Tel: ++43-(0)316-403274-12 Fax: ++43-(0)316-403274-10 GSM: ++43-(0)676-93 96 698 homepage: http://www.jawa.at --------- privat ----------- E-mail: mbretter@inode.at homepage: http://www.inode.at/mbretter -------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Sep 8 1:29:42 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A3CC37B400 for ; Sun, 8 Sep 2002 01:29:40 -0700 (PDT) Received: from pursued-with.net (adsl-66-125-9-242.dsl.sndg02.pacbell.net [66.125.9.242]) by mx1.FreeBSD.org (Postfix) with ESMTP id 01FC343E75 for ; Sun, 8 Sep 2002 01:29:40 -0700 (PDT) (envelope-from Kevin_Stevens@pursued-with.net) Received: from Fffinch.local. (fffinch [192.168.168.101]) by pursued-with.net (8.12.5/8.12.5) with ESMTP id g888Tbuq017846; Sun, 8 Sep 2002 01:29:37 -0700 (PDT) (envelope-from Kevin_Stevens@pursued-with.net) Date: Sun, 8 Sep 2002 01:29:37 -0700 Subject: Re: protocol inspection (tunneling ssh over http proxy) Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v543) Cc: freebsd-net@FreeBSD.ORG To: Mike Nowlin From: Kevin Stevens In-Reply-To: <3D7B05C7.E254DAB0@argos.org> Message-Id: <1CB3AEDE-C305-11D6-A534-003065715DA8@pursued-with.net> Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.543) Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sunday, Sep 8, 2002, at 01:09 US/Pacific, Mike Nowlin wrote: >> We have problems in our company, that some users, wich have not >> directly >> access to the internet, let ssh tunnel over our http-proxy. Extending >> ssh for tunneling is very easy (see Putty or corkscrew) and its also >> not >> a problem for them to let on another machine sshd run on port 443 or >> 80. >> >> At the moment I have no idea how to prevent the users from tunneling >> ssh >> over http. > > You mean that they're opening connections via SSH through the proxy to > remote machines on port 22, then using the SSH tunnel capability to > allow connections back to their machine over the tunnel? (Sorry, I'm a > bit brain-fried right now.) If so, can't you restrict the proxy to not > allow remote requests out to port 22? No, he means they are initiating SSH sessions over port 80 or 443, after having set up the remote servers to answer SSH requests on those ports. Application-level proxies can prevent this by monitoring the conversation, but IPFW doesn't operate at that level. To the OP, I doubt that IPFW will be modified to incorporate that functionality - it's too far beyond the architecture. If you need to control that activity, you should probably look for a different tool. Just my $.02. KeS To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Sep 8 1:35:47 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 548E637B400 for ; Sun, 8 Sep 2002 01:35:43 -0700 (PDT) Received: from smtp.inode.at (goliath.inode.at [195.58.161.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id D768043E6A for ; Sun, 8 Sep 2002 01:35:42 -0700 (PDT) (envelope-from mbretter@inode.at) Received: from line-e-127.adsl-dynamic.inode.at ([62.99.165.127] helo=inode.at) by smtp.inode.at with esmtp (Exim 3.34 #1) id 17nxXh-0006EZ-00 for freebsd-net@FreeBSD.ORG; Sun, 08 Sep 2002 10:35:41 +0200 Message-ID: <3D7B0B49.6000402@inode.at> Date: Sun, 08 Sep 2002 10:33:13 +0200 From: Michael Bretterklieber User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-AT; rv:1.1) Gecko/20020826 X-Accept-Language: de-de, de-at, de, en-us, en MIME-Version: 1.0 To: freebsd-net@FreeBSD.ORG Subject: Re: protocol inspection (tunneling ssh over http proxy) References: <1CB3AEDE-C305-11D6-A534-003065715DA8@pursued-with.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, yes. you are right, this has to be done at application-level. IPFW will be the wrong place (level). bye, Kevin Stevens schrieb: > > On Sunday, Sep 8, 2002, at 01:09 US/Pacific, Mike Nowlin wrote: > >>> We have problems in our company, that some users, wich have not directly >>> access to the internet, let ssh tunnel over our http-proxy. Extending >>> ssh for tunneling is very easy (see Putty or corkscrew) and its also not >>> a problem for them to let on another machine sshd run on port 443 or 80. >>> >>> At the moment I have no idea how to prevent the users from tunneling ssh >>> over http. >> >> >> You mean that they're opening connections via SSH through the proxy to >> remote machines on port 22, then using the SSH tunnel capability to >> allow connections back to their machine over the tunnel? (Sorry, I'm a >> bit brain-fried right now.) If so, can't you restrict the proxy to not >> allow remote requests out to port 22? > > > No, he means they are initiating SSH sessions over port 80 or 443, after > having set up the remote servers to answer SSH requests on those ports. > Application-level proxies can prevent this by monitoring the > conversation, but IPFW doesn't operate at that level. > > To the OP, I doubt that IPFW will be modified to incorporate that > functionality - it's too far beyond the architecture. If you need to > control that activity, you should probably look for a different tool. > Just my $.02. > > KeS > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > > -- -- -------------------------------------- E-mail: Michael.Bretterklieber@jawa.at ---------------------------- JAWA Management Software GmbH Liebenauer Hauptstr. 200 A-8041 GRAZ Tel: ++43-(0)316-403274-12 Fax: ++43-(0)316-403274-10 GSM: ++43-(0)676-93 96 698 homepage: http://www.jawa.at --------- privat ----------- E-mail: mbretter@inode.at homepage: http://www.inode.at/mbretter -------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Sep 8 2: 0:16 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5967837B400 for ; Sun, 8 Sep 2002 02:00:11 -0700 (PDT) Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id B301943E3B for ; Sun, 8 Sep 2002 02:00:10 -0700 (PDT) (envelope-from julian@elischer.org) Received: from InterJet.elischer.org ([12.232.206.8]) by sccrmhc02.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020908090010.WTFD25823.sccrmhc02.attbi.com@InterJet.elischer.org>; Sun, 8 Sep 2002 09:00:10 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id BAA50657; Sun, 8 Sep 2002 01:55:03 -0700 (PDT) Date: Sun, 8 Sep 2002 01:55:02 -0700 (PDT) From: Julian Elischer To: Michael Bretterklieber Cc: freebsd-net@FreeBSD.ORG Subject: Re: protocol inspection (tunneling ssh over http proxy) In-Reply-To: <3D7B0928.2020403@inode.at> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Run a squid (or apache) proxy for web access, and then ONLY allow port 80 traffic from the proxy. On Sun, 8 Sep 2002, Michael Bretterklieber wrote: > Hi, > > the problem is that they use not port 22 for the ssh connection, they > use port 80 or 443. > > I need some software that gurantees that over the http-port flows only > http and not someting else. > > bye, > > Mike Nowlin schrieb: > >>We have problems in our company, that some users, wich have not directly > >>access to the internet, let ssh tunnel over our http-proxy. Extending > >>ssh for tunneling is very easy (see Putty or corkscrew) and its also not > >>a problem for them to let on another machine sshd run on port 443 or 80. > >> > >>At the moment I have no idea how to prevent the users from tunneling ssh > >>over http. > > > > > > You mean that they're opening connections via SSH through the proxy to > > remote machines on port 22, then using the SSH tunnel capability to > > allow connections back to their machine over the tunnel? (Sorry, I'm a > > bit brain-fried right now.) If so, can't you restrict the proxy to not > > allow remote requests out to port 22? > > > > mike > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-net" in the body of the message > > > > > > -- > -- > -------------------------------------- > E-mail: Michael.Bretterklieber@jawa.at > ---------------------------- > JAWA Management Software GmbH > Liebenauer Hauptstr. 200 > A-8041 GRAZ > Tel: ++43-(0)316-403274-12 > Fax: ++43-(0)316-403274-10 > GSM: ++43-(0)676-93 96 698 > homepage: http://www.jawa.at > --------- privat ----------- > E-mail: mbretter@inode.at > homepage: http://www.inode.at/mbretter > -------------------------------------- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Sep 8 2: 0:20 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 847D537B401 for ; Sun, 8 Sep 2002 02:00:14 -0700 (PDT) Received: from silver.he.iki.fi (silver.he.iki.fi [193.64.42.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0EA0243E72 for ; Sun, 8 Sep 2002 02:00:13 -0700 (PDT) (envelope-from pete@he.iki.fi) Received: from he.iki.fi (localhost.he.iki.fi [127.0.0.1]) by silver.he.iki.fi (8.12.5/8.11.4) with ESMTP id g888xC0x016390; Sun, 8 Sep 2002 11:59:12 +0300 (EEST) (envelope-from pete@he.iki.fi) Message-ID: <3D7B1160.1CBB8953@he.iki.fi> Date: Sun, 08 Sep 2002 11:59:12 +0300 From: Petri Helenius X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.6-STABLE i386) X-Accept-Language: en,fi MIME-Version: 1.0 To: Michael Bretterklieber Cc: freebsd-net@FreeBSD.ORG Subject: Re: protocol inspection (tunneling ssh over http proxy) References: <3D7AFFD4.6020500@inode.at> <3D7B05C7.E254DAB0@argos.org> <3D7B0928.2020403@inode.at> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Michael Bretterklieber wrote: > > Hi, > > the problem is that they use not port 22 for the ssh connection, they > use port 80 or 443. > > I need some software that gurantees that over the http-port flows only > http and not someting else. > If it's HTTPS, then you cannot peek into the content anyway. So by looking at HTTP you only make the culprits to move over to HTTPS, which is probably a good thing anyway. Pete To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Sep 8 3:34:24 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 85E8537B400; Sun, 8 Sep 2002 03:34:13 -0700 (PDT) Received: from maya20.nic.fr (maya20.nic.fr [192.134.4.152]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A72D43E65; Sun, 8 Sep 2002 03:34:12 -0700 (PDT) (envelope-from francois.tigeot@nic.fr) Received: from brazil.nic.fr (brazil.nic.fr [192.134.4.77]) by maya20.nic.fr (8.12.4/8.12.4) with ESMTP id g88ASM231322909; Sun, 8 Sep 2002 12:28:22 +0200 (CEST) Received: from brazil.nic.fr (localhost [IPv6:::1]) by brazil.nic.fr (8.12.5/8.12.5) with ESMTP id g88ASKkR035140; Sun, 8 Sep 2002 12:28:20 +0200 (CEST) (envelope-from tigeot@brazil.nic.fr) Received: (from tigeot@localhost) by brazil.nic.fr (8.12.5/8.12.5/Submit) id g88ASKto035139; Sun, 8 Sep 2002 12:28:20 +0200 (CEST) Date: Sun, 8 Sep 2002 12:28:20 +0200 From: Francois Tigeot To: current@FreeBSD.ORG Cc: freebsd-net@FreeBSD.ORG Subject: ste driver broken Message-ID: <20020908102820.GA71874@brazil.nic.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.4i Organization: AFNIC / NIC-France Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Greetings, I recently upgraded one machine to a recent -CURRENT, and the NIC (DLink 550 TX) fails to be properly initialized. The rest of the system is pretty vanilla : Athlon XP, with Via chipset. Here is the relevant part of dmesg: ste0: port 0x9800-0x987f mem 0xe9000000-0xe900007f irq 7 at device 11.0 on pci0 /usr/src/sys/vm/uma_core.c:1332: could sleep with "ste0" locked from /usr/src/sys/pci/if_ste.c:937 /usr/src/sys/vm/uma_core.c:1332: could sleep with "ste0" locked from /usr/src/sys/pci/if_ste.c:937 lock order reversal 1st 0xc25b69a4 ste0 (network driver) @ /usr/src/sys/pci/if_ste.c:937 2nd 0xc0318600 allproc (allproc) @ /usr/src/sys/kern/kern_fork.c:317 /usr/src/sys/vm/uma_core.c:1332: could sleep with "ste0" locked from /usr/src/sys/pci/if_ste.c:937 /usr/src/sys/vm/uma_core.c:1332: could sleep with "ste0" locked from /usr/src/sys/pci/if_ste.c:937 /usr/src/sys/vm/uma_core.c:1332: could sleep with "ste0" locked from /usr/src/sys/pci/if_ste.c:937 ste0: Ethernet address: 00:50:ba:71:be:ea ste0: MII without any phy! device_probe_and_attach: ste0 attach returned 6 By replacing the current version of /usr/src/sys/pci/if_ste.c by version 1.33 I am able to obtain a correctly working system. This is a part of the new dmesg: ste0: port 0x9800-0x987f mem 0xe9000000-0xe900007f irq 7 at device 11.0 on pci0 /usr/src/sys/vm/uma_core.c:1332: could sleep with "ste0" locked from /usr/src/sys/pci/if_ste.c:906 /usr/src/sys/vm/uma_core.c:1332: could sleep with "ste0" locked from /usr/src/sys/pci/if_ste.c:906 lock order reversal 1st 0xc26039a4 ste0 (network driver) @ /usr/src/sys/pci/if_ste.c:906 2nd 0xc0487c00 allproc (allproc) @ /usr/src/sys/kern/kern_fork.c:317 /usr/src/sys/vm/uma_core.c:1332: could sleep with "ste0" locked from /usr/src/sys/pci/if_ste.c:906 /usr/src/sys/vm/uma_core.c:1332: could sleep with "ste0" locked from /usr/src/sys/pci/if_ste.c:906 /usr/src/sys/vm/uma_core.c:1332: could sleep with "ste0" locked from /usr/src/sys/pci/if_ste.c:906 ste0: Ethernet address: 00:50:ba:71:be:ea miibus0: on ste0 ukphy0: on miibus0 ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto /usr/src/sys/vm/uma_core.c:1332: could sleep with "ste0" locked from /usr/src/sys/pci/if_ste.c:244 The main difference between the working and current revision of if_ste.c is very small and doesn't add anything new. I think it should be removed. -- François Tigeot | AFNIC http://www.nic.fr/ | mailto:nic@nic.fr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Sep 8 11:21:41 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA53537B400 for ; Sun, 8 Sep 2002 11:21:30 -0700 (PDT) Received: from smtp.inode.at (goliath.inode.at [195.58.161.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8DF2543E42 for ; Sun, 8 Sep 2002 11:21:29 -0700 (PDT) (envelope-from mbretter@inode.at) Received: from line-e-206.adsl-dynamic.inode.at ([62.99.165.206] helo=inode.at) by smtp.inode.at with esmtp (Exim 3.34 #1) id 17o6gX-00071X-00 for freebsd-net@FreeBSD.ORG; Sun, 08 Sep 2002 20:21:25 +0200 Message-ID: <3D7B9491.9090305@inode.at> Date: Sun, 08 Sep 2002 20:18:57 +0200 From: Michael Bretterklieber User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-AT; rv:1.1) Gecko/20020826 X-Accept-Language: de-de, de-at, de, en-us, en MIME-Version: 1.0 To: freebsd-net@FreeBSD.ORG Subject: Re: protocol inspection (tunneling ssh over http proxy) References: Content-Type: multipart/mixed; boundary="------------020003080003080504020900" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. --------------020003080003080504020900 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hi, I'm already running squid as proxy. But if I allow only port 80, then no https works. Also if they let run there sshd on port 80 on a server somewhere then this doesen't prevent ssh-tunneling over http. I attached the tcpdump of a tunnel'd ssh-connection over http. 192.168.201.1 is my gateway with squid and an adsl internet connection (mpd). 192.168.201.12 is my bad boy, wich uses Putty for tunneling ssh over http. I think, I can nothing do to break the tunnel. Or am I wrong? bye, Julian Elischer schrieb: > Run a squid (or apache) proxy for web access, > and then ONLY allow port 80 traffic from the proxy. > > > On Sun, 8 Sep 2002, Michael Bretterklieber wrote: > > >>Hi, >> >>the problem is that they use not port 22 for the ssh connection, they >>use port 80 or 443. >> >>I need some software that gurantees that over the http-port flows only >>http and not someting else. >> >>bye, >> >>Mike Nowlin schrieb: >> >>>>We have problems in our company, that some users, wich have not directly >>>>access to the internet, let ssh tunnel over our http-proxy. Extending >>>>ssh for tunneling is very easy (see Putty or corkscrew) and its also not >>>>a problem for them to let on another machine sshd run on port 443 or 80. >>>> >>>>At the moment I have no idea how to prevent the users from tunneling ssh >>>>over http. >>> >>> >>>You mean that they're opening connections via SSH through the proxy to >>>remote machines on port 22, then using the SSH tunnel capability to >>>allow connections back to their machine over the tunnel? (Sorry, I'm a >>>bit brain-fried right now.) If so, can't you restrict the proxy to not >>>allow remote requests out to port 22? >>> >>>mike >>> >>>To Unsubscribe: send mail to majordomo@FreeBSD.org >>>with "unsubscribe freebsd-net" in the body of the message >>> >>> >> >>-- >>-- >>-------------------------------------- >>E-mail: Michael.Bretterklieber@jawa.at >>---------------------------- >>JAWA Management Software GmbH >>Liebenauer Hauptstr. 200 >>A-8041 GRAZ >>Tel: ++43-(0)316-403274-12 >>Fax: ++43-(0)316-403274-10 >>GSM: ++43-(0)676-93 96 698 >>homepage: http://www.jawa.at >>--------- privat ----------- >>E-mail: mbretter@inode.at >>homepage: http://www.inode.at/mbretter >>-------------------------------------- >> >> >> >>To Unsubscribe: send mail to majordomo@FreeBSD.org >>with "unsubscribe freebsd-net" in the body of the message >> > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > > -- -- -------------------------------------- E-mail: Michael.Bretterklieber@jawa.at ---------------------------- JAWA Management Software GmbH Liebenauer Hauptstr. 200 A-8041 GRAZ Tel: ++43-(0)316-403274-12 Fax: ++43-(0)316-403274-10 GSM: ++43-(0)676-93 96 698 homepage: http://www.jawa.at --------- privat ----------- E-mail: mbretter@inode.at homepage: http://www.inode.at/mbretter -------------------------------------- --------------020003080003080504020900 Content-Type: text/plain; name="tcpdump.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="tcpdump.txt" 20:26:48.173534 arp who-has 192.168.201.1 tell 192.168.201.12 20:26:48.173664 arp reply 192.168.201.1 is-at 0:d0:c9:6:36:17 20:26:48.173912 192.168.201.12.1052 > 192.168.201.1.8080: S 667310761:667310761(0) win 16384 (DF) 20:26:48.174163 192.168.201.1.8080 > 192.168.201.12.1052: S 2509983361:2509983361(0) ack 667310762 win 65535 20:26:48.174432 192.168.201.12.1052 > 192.168.201.1.8080: . ack 1 win 17520 (DF) 20:26:48.177539 192.168.201.12.1052 > 192.168.201.1.8080: P 1:62(61) ack 1 win 17520 (DF) 20:26:48.179034 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:48.231527 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:48.232300 192.168.201.1.8080 > 192.168.201.12.1052: P 1:40(39) ack 62 win 65535 (DF) 20:26:48.232667 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:48.278087 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:48.278599 192.168.201.1.8080 > 192.168.201.12.1052: P 40:65(25) ack 62 win 65535 (DF) 20:26:48.278873 192.168.201.12.1052 > 192.168.201.1.8080: . ack 65 win 17456 (DF) 20:26:48.279144 192.168.201.12.1052 > 192.168.201.1.8080: P 62:96(34) ack 65 win 17456 (DF) 20:26:48.279727 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:48.322659 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:48.335569 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:48.336202 192.168.201.1.8080 > 192.168.201.12.1052: P 65:341(276) ack 96 win 65535 (DF) 20:26:48.339715 192.168.201.12.1052 > 192.168.201.1.8080: P 96:252(156) ack 341 win 17180 (DF) 20:26:48.340348 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:48.430412 192.168.201.1.8080 > 192.168.201.12.1052: . ack 252 win 65535 (DF) 20:26:48.440204 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:48.450436 10.0.0.1 > 10.0.0.138: [|gre] (gre encap) 20:26:48.465797 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:48.466296 192.168.201.1.8080 > 192.168.201.12.1052: P 341:353(12) ack 252 win 65535 (DF) 20:26:48.466844 192.168.201.12.1052 > 192.168.201.1.8080: P 252:280(28) ack 353 win 17168 (DF) 20:26:48.467375 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:48.506635 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:48.520410 10.0.0.1 > 10.0.0.138: [|gre] (gre encap) 20:26:48.539219 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:48.539693 192.168.201.1.8080 > 192.168.201.12.1052: P 353:365(12) ack 280 win 65535 (DF) 20:26:48.541095 192.168.201.12.1052 > 192.168.201.1.8080: P 280:420(140) ack 365 win 17156 (DF) 20:26:48.541702 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:48.601571 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:48.608883 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:48.609419 192.168.201.1.8080 > 192.168.201.12.1052: P 365:505(140) ack 420 win 65535 (DF) 20:26:48.620417 10.0.0.1 > 10.0.0.138: [|gre] (gre encap) 20:26:48.700597 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:48.769277 192.168.201.12.1052 > 192.168.201.1.8080: P 420:448(28) ack 505 win 17016 (DF) 20:26:48.769871 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:48.819178 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:48.819734 192.168.201.1.8080 > 192.168.201.12.1052: P 505:549(44) ack 448 win 65535 (DF) 20:26:48.830412 10.0.0.1 > 10.0.0.138: [|gre] (gre encap) 20:26:48.910589 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:48.950742 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:48.951278 192.168.201.1.8080 > 192.168.201.12.1052: P 549:561(12) ack 448 win 65535 (DF) 20:26:48.951550 192.168.201.12.1052 > 192.168.201.1.8080: . ack 561 win 16960 (DF) 20:26:48.952201 192.168.201.12.1052 > 192.168.201.1.8080: P 448:484(36) ack 561 win 16960 (DF) 20:26:48.952700 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:49.006404 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:49.006939 192.168.201.1.8080 > 192.168.201.12.1052: P 561:573(12) ack 484 win 65535 (DF) 20:26:49.007384 192.168.201.12.1052 > 192.168.201.1.8080: P 484:496(12) ack 573 win 16948 (DF) 20:26:49.007904 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:49.071772 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:49.072345 192.168.201.1.8080 > 192.168.201.12.1052: P 573:649(76) ack 496 win 65535 (DF) 20:26:49.090412 10.0.0.1 > 10.0.0.138: [|gre] (gre encap) 20:26:49.170596 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:49.187993 192.168.201.12.1052 > 192.168.201.1.8080: . ack 649 win 16872 (DF) 20:26:49.199686 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:49.200327 192.168.201.1.8080 > 192.168.201.12.1052: P 649:741(92) ack 496 win 65535 (DF) 20:26:49.210420 10.0.0.1 > 10.0.0.138: [|gre] (gre encap) 20:26:49.290606 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:49.388285 192.168.201.12.1052 > 192.168.201.1.8080: . ack 741 win 16780 (DF) 20:26:49.446457 10.0.0.138 > 10.0.0.1: [|gre] (gre encap) 20:26:51.501002 192.168.201.12.1052 > 192.168.201.1.8080: P 496:516(20) ack 741 win 16780 (DF) 20:26:51.501625 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:51.548928 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:51.560418 10.0.0.1 > 10.0.0.138: [|gre] (gre encap) 20:26:51.600417 192.168.201.1.8080 > 192.168.201.12.1052: . ack 516 win 65535 (DF) 20:26:51.680241 192.168.201.12.1052 > 192.168.201.1.8080: P 516:536(20) ack 741 win 16780 (DF) 20:26:51.680783 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:51.728029 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:51.728571 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:51.770436 192.168.201.1.8080 > 192.168.201.12.1052: . ack 536 win 65535 (DF) 20:26:51.846470 10.0.0.138 > 10.0.0.1: [|gre] (gre encap) 20:26:51.848759 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:51.849334 192.168.201.1.8080 > 192.168.201.12.1052: P 741:781(40) ack 536 win 65535 (DF) 20:26:51.849692 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:51.991997 192.168.201.12.1052 > 192.168.201.1.8080: . ack 781 win 16740 (DF) 20:26:51.999972 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:52.000418 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:52.146729 10.0.0.138 > 10.0.0.1: [|gre] (gre encap) 20:26:53.344206 192.168.201.12.1052 > 192.168.201.1.8080: P 536:556(20) ack 781 win 16740 (DF) 20:26:53.344864 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:53.395861 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:53.396440 192.168.201.1.8080 > 192.168.201.12.1052: P 781:817(36) ack 556 win 65535 (DF) 20:26:53.397799 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:53.398320 192.168.201.1.8080 > 192.168.201.12.1052: P 817:837(20) ack 556 win 65535 (DF) 20:26:53.398607 192.168.201.12.1052 > 192.168.201.1.8080: . ack 837 win 16684 (DF) 20:26:53.398750 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:53.398877 192.168.201.12.1052 > 192.168.201.1.8080: P 556:568(12) ack 837 win 16684 (DF) 20:26:53.399159 192.168.201.12.1052 > 192.168.201.1.8080: F 568:568(0) ack 837 win 16684 (DF) 20:26:53.399327 192.168.201.1.8080 > 192.168.201.12.1052: . ack 569 win 65535 (DF) 20:26:53.400119 192.168.201.1.8080 > 192.168.201.12.1052: F 837:837(0) ack 569 win 65535 (DF) 20:26:53.400414 192.168.201.12.1052 > 192.168.201.1.8080: . ack 838 win 16684 (DF) 20:26:53.400948 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:53.401188 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:53.466508 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:53.467045 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) 20:26:53.475462 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) 20:26:53.490434 10.0.0.1 > 10.0.0.138: [|gre] (gre encap) --------------020003080003080504020900-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Sep 8 12:44:17 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDAE237B400 for ; Sun, 8 Sep 2002 12:44:03 -0700 (PDT) Received: from pop3.psconsult.nl (ps226.psconsult.nl [193.67.147.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 931FE43E7B for ; Sun, 8 Sep 2002 12:43:55 -0700 (PDT) (envelope-from paul@pop3.psconsult.nl) Received: (from paul@localhost) by pop3.psconsult.nl (8.9.2/8.9.2) id VAA36197 for freebsd-net@FreeBSD.ORG; Sun, 8 Sep 2002 21:43:20 +0200 (CEST) (envelope-from paul) Date: Sun, 8 Sep 2002 21:43:20 +0200 From: Paul Schenkeveld To: freebsd-net@FreeBSD.ORG Subject: Re: protocol inspection (tunneling ssh over http proxy) Message-ID: <20020908214320.A35988@psconsult.nl> References: <3D7B9491.9090305@inode.at> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: Mutt 1.0i In-Reply-To: <3D7B9491.9090305@inode.at>; from mbretter@inode.at on Sun, Sep 08, 2002 at 08:18:57PM +0200 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, Sep 08, 2002 at 08:18:57PM +0200, Michael Bretterklieber wrote: > Hi, > > I'm already running squid as proxy. But if I allow only port 80, then no > https works. Also if they let run there sshd on port 80 on a server > somewhere then this doesen't prevent ssh-tunneling over http. > > I attached the tcpdump of a tunnel'd ssh-connection over http. > > 192.168.201.1 is my gateway with squid and an adsl internet connection > (mpd). > 192.168.201.12 is my bad boy, wich uses Putty for tunneling ssh over http. > > I think, I can nothing do to break the tunnel. With http, packet inspection you could stop your squid from tunneling ssh connections but as https is end to end encrypted you cannot prevent anyone from abusing your proxy for a tunnel if you let connections to port 443 through without inspection. So if you cannot stop them, you could discourage the abuse. With dummynet you could introduce a little packet delay. This does not hurt too much for downloading pages, the main purpose of http[s] but really makes interactive abuse of your proxy with ssh inconvenient. Further, two properties of http[s] are that there is a small request from the client to the server usually followed by much more data coming back from the server to the client. So if we find a way to slow down or break the connection if more than a certain amount of data flows from client to server (allow for a request plus form data here) or break the connection if no data flows from server to client for some time the abuse of your proxy becomes very inattractive. The bottom line is: "data is data so if you let anything through someone can always find a way to abuse this for other data". Think about implementing IP on top of SMTP email. Not very fast but it can bypass many firewalls :-) So if we cannot completely block them, at least make their abuse inattractive. My ¤ 0.02 (close to $ 0.02 now). Paul Schenkeveld > Or am I wrong? > > bye, > > Julian Elischer schrieb: > > Run a squid (or apache) proxy for web access, > > and then ONLY allow port 80 traffic from the proxy. > > > > > > On Sun, 8 Sep 2002, Michael Bretterklieber wrote: > > > > > >>Hi, > >> > >>the problem is that they use not port 22 for the ssh connection, they > >>use port 80 or 443. > >> > >>I need some software that gurantees that over the http-port flows only > >>http and not someting else. > >> > >>bye, > >> > >>Mike Nowlin schrieb: > >> > >>>>We have problems in our company, that some users, wich have not directly > >>>>access to the internet, let ssh tunnel over our http-proxy. Extending > >>>>ssh for tunneling is very easy (see Putty or corkscrew) and its also not > >>>>a problem for them to let on another machine sshd run on port 443 or 80. > >>>> > >>>>At the moment I have no idea how to prevent the users from tunneling ssh > >>>>over http. > >>> > >>> > >>>You mean that they're opening connections via SSH through the proxy to > >>>remote machines on port 22, then using the SSH tunnel capability to > >>>allow connections back to their machine over the tunnel? (Sorry, I'm a > >>>bit brain-fried right now.) If so, can't you restrict the proxy to not > >>>allow remote requests out to port 22? > >>> > >>>mike > >>> > >>>To Unsubscribe: send mail to majordomo@FreeBSD.org > >>>with "unsubscribe freebsd-net" in the body of the message > >>> > >>> > >> > >>-- > >>-- > >>-------------------------------------- > >>E-mail: Michael.Bretterklieber@jawa.at > >>---------------------------- > >>JAWA Management Software GmbH > >>Liebenauer Hauptstr. 200 > >>A-8041 GRAZ > >>Tel: ++43-(0)316-403274-12 > >>Fax: ++43-(0)316-403274-10 > >>GSM: ++43-(0)676-93 96 698 > >>homepage: http://www.jawa.at > >>--------- privat ----------- > >>E-mail: mbretter@inode.at > >>homepage: http://www.inode.at/mbretter > >>-------------------------------------- > >> > >> > >> > >>To Unsubscribe: send mail to majordomo@FreeBSD.org > >>with "unsubscribe freebsd-net" in the body of the message > >> > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-net" in the body of the message > > > > > > -- > -- > -------------------------------------- > E-mail: Michael.Bretterklieber@jawa.at > ---------------------------- > JAWA Management Software GmbH > Liebenauer Hauptstr. 200 > A-8041 GRAZ > Tel: ++43-(0)316-403274-12 > Fax: ++43-(0)316-403274-10 > GSM: ++43-(0)676-93 96 698 > homepage: http://www.jawa.at > --------- privat ----------- > E-mail: mbretter@inode.at > homepage: http://www.inode.at/mbretter > -------------------------------------- > > 20:26:48.173534 arp who-has 192.168.201.1 tell 192.168.201.12 > 20:26:48.173664 arp reply 192.168.201.1 is-at 0:d0:c9:6:36:17 > 20:26:48.173912 192.168.201.12.1052 > 192.168.201.1.8080: S 667310761:667310761(0) win 16384 (DF) > 20:26:48.174163 192.168.201.1.8080 > 192.168.201.12.1052: S 2509983361:2509983361(0) ack 667310762 win 65535 > 20:26:48.174432 192.168.201.12.1052 > 192.168.201.1.8080: . ack 1 win 17520 (DF) > 20:26:48.177539 192.168.201.12.1052 > 192.168.201.1.8080: P 1:62(61) ack 1 win 17520 (DF) > 20:26:48.179034 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:48.231527 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:48.232300 192.168.201.1.8080 > 192.168.201.12.1052: P 1:40(39) ack 62 win 65535 (DF) > 20:26:48.232667 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:48.278087 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:48.278599 192.168.201.1.8080 > 192.168.201.12.1052: P 40:65(25) ack 62 win 65535 (DF) > 20:26:48.278873 192.168.201.12.1052 > 192.168.201.1.8080: . ack 65 win 17456 (DF) > 20:26:48.279144 192.168.201.12.1052 > 192.168.201.1.8080: P 62:96(34) ack 65 win 17456 (DF) > 20:26:48.279727 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:48.322659 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:48.335569 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:48.336202 192.168.201.1.8080 > 192.168.201.12.1052: P 65:341(276) ack 96 win 65535 (DF) > 20:26:48.339715 192.168.201.12.1052 > 192.168.201.1.8080: P 96:252(156) ack 341 win 17180 (DF) > 20:26:48.340348 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:48.430412 192.168.201.1.8080 > 192.168.201.12.1052: . ack 252 win 65535 (DF) > 20:26:48.440204 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:48.450436 10.0.0.1 > 10.0.0.138: [|gre] (gre encap) > 20:26:48.465797 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:48.466296 192.168.201.1.8080 > 192.168.201.12.1052: P 341:353(12) ack 252 win 65535 (DF) > 20:26:48.466844 192.168.201.12.1052 > 192.168.201.1.8080: P 252:280(28) ack 353 win 17168 (DF) > 20:26:48.467375 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:48.506635 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:48.520410 10.0.0.1 > 10.0.0.138: [|gre] (gre encap) > 20:26:48.539219 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:48.539693 192.168.201.1.8080 > 192.168.201.12.1052: P 353:365(12) ack 280 win 65535 (DF) > 20:26:48.541095 192.168.201.12.1052 > 192.168.201.1.8080: P 280:420(140) ack 365 win 17156 (DF) > 20:26:48.541702 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:48.601571 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:48.608883 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:48.609419 192.168.201.1.8080 > 192.168.201.12.1052: P 365:505(140) ack 420 win 65535 (DF) > 20:26:48.620417 10.0.0.1 > 10.0.0.138: [|gre] (gre encap) > 20:26:48.700597 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:48.769277 192.168.201.12.1052 > 192.168.201.1.8080: P 420:448(28) ack 505 win 17016 (DF) > 20:26:48.769871 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:48.819178 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:48.819734 192.168.201.1.8080 > 192.168.201.12.1052: P 505:549(44) ack 448 win 65535 (DF) > 20:26:48.830412 10.0.0.1 > 10.0.0.138: [|gre] (gre encap) > 20:26:48.910589 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:48.950742 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:48.951278 192.168.201.1.8080 > 192.168.201.12.1052: P 549:561(12) ack 448 win 65535 (DF) > 20:26:48.951550 192.168.201.12.1052 > 192.168.201.1.8080: . ack 561 win 16960 (DF) > 20:26:48.952201 192.168.201.12.1052 > 192.168.201.1.8080: P 448:484(36) ack 561 win 16960 (DF) > 20:26:48.952700 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:49.006404 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:49.006939 192.168.201.1.8080 > 192.168.201.12.1052: P 561:573(12) ack 484 win 65535 (DF) > 20:26:49.007384 192.168.201.12.1052 > 192.168.201.1.8080: P 484:496(12) ack 573 win 16948 (DF) > 20:26:49.007904 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:49.071772 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:49.072345 192.168.201.1.8080 > 192.168.201.12.1052: P 573:649(76) ack 496 win 65535 (DF) > 20:26:49.090412 10.0.0.1 > 10.0.0.138: [|gre] (gre encap) > 20:26:49.170596 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:49.187993 192.168.201.12.1052 > 192.168.201.1.8080: . ack 649 win 16872 (DF) > 20:26:49.199686 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:49.200327 192.168.201.1.8080 > 192.168.201.12.1052: P 649:741(92) ack 496 win 65535 (DF) > 20:26:49.210420 10.0.0.1 > 10.0.0.138: [|gre] (gre encap) > 20:26:49.290606 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:49.388285 192.168.201.12.1052 > 192.168.201.1.8080: . ack 741 win 16780 (DF) > 20:26:49.446457 10.0.0.138 > 10.0.0.1: [|gre] (gre encap) > 20:26:51.501002 192.168.201.12.1052 > 192.168.201.1.8080: P 496:516(20) ack 741 win 16780 (DF) > 20:26:51.501625 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:51.548928 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:51.560418 10.0.0.1 > 10.0.0.138: [|gre] (gre encap) > 20:26:51.600417 192.168.201.1.8080 > 192.168.201.12.1052: . ack 516 win 65535 (DF) > 20:26:51.680241 192.168.201.12.1052 > 192.168.201.1.8080: P 516:536(20) ack 741 win 16780 (DF) > 20:26:51.680783 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:51.728029 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:51.728571 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:51.770436 192.168.201.1.8080 > 192.168.201.12.1052: . ack 536 win 65535 (DF) > 20:26:51.846470 10.0.0.138 > 10.0.0.1: [|gre] (gre encap) > 20:26:51.848759 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:51.849334 192.168.201.1.8080 > 192.168.201.12.1052: P 741:781(40) ack 536 win 65535 (DF) > 20:26:51.849692 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:51.991997 192.168.201.12.1052 > 192.168.201.1.8080: . ack 781 win 16740 (DF) > 20:26:51.999972 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:52.000418 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:52.146729 10.0.0.138 > 10.0.0.1: [|gre] (gre encap) > 20:26:53.344206 192.168.201.12.1052 > 192.168.201.1.8080: P 536:556(20) ack 781 win 16740 (DF) > 20:26:53.344864 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:53.395861 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:53.396440 192.168.201.1.8080 > 192.168.201.12.1052: P 781:817(36) ack 556 win 65535 (DF) > 20:26:53.397799 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:53.398320 192.168.201.1.8080 > 192.168.201.12.1052: P 817:837(20) ack 556 win 65535 (DF) > 20:26:53.398607 192.168.201.12.1052 > 192.168.201.1.8080: . ack 837 win 16684 (DF) > 20:26:53.398750 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:53.398877 192.168.201.12.1052 > 192.168.201.1.8080: P 556:568(12) ack 837 win 16684 (DF) > 20:26:53.399159 192.168.201.12.1052 > 192.168.201.1.8080: F 568:568(0) ack 837 win 16684 (DF) > 20:26:53.399327 192.168.201.1.8080 > 192.168.201.12.1052: . ack 569 win 65535 (DF) > 20:26:53.400119 192.168.201.1.8080 > 192.168.201.12.1052: F 837:837(0) ack 569 win 65535 (DF) > 20:26:53.400414 192.168.201.12.1052 > 192.168.201.1.8080: . ack 838 win 16684 (DF) > 20:26:53.400948 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:53.401188 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:53.466508 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:53.467045 10.0.0.1 > 10.0.0.138: gre-proto-0x880B (gre encap) > 20:26:53.475462 10.0.0.138 > 10.0.0.1: gre-proto-0x880B (gre encap) > 20:26:53.490434 10.0.0.1 > 10.0.0.138: [|gre] (gre encap) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Sep 8 13:31:28 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 376C837B401 for ; Sun, 8 Sep 2002 13:31:23 -0700 (PDT) Received: from mail.dada.it (mail3.dada.it [195.110.100.3]) by mx1.FreeBSD.org (Postfix) with SMTP id 98B0C43E4A for ; Sun, 8 Sep 2002 13:31:21 -0700 (PDT) (envelope-from ale@unixmania.net) Received: (qmail 9486 invoked from network); 8 Sep 2002 20:31:18 -0000 Received: from unknown (HELO libero.sunshine.ale) (195.110.114.252) by mail.dada.it with SMTP; 8 Sep 2002 20:31:18 -0000 Received: by libero.sunshine.ale (Postfix, from userid 1001) id 019025E69; Sun, 8 Sep 2002 22:31:18 +0200 (CEST) Date: Sun, 8 Sep 2002 22:31:18 +0200 From: Alessandro de Manzano To: net@freebsd.org Cc: questions@freebsd.org Subject: little problem with MPD and Win clients Message-ID: <20020908223118.A75784@libero.sunshine.ale> Reply-To: Alessandro de Manzano Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i X-Operating-System: FreeBSD 4.6-STABLE Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi! here I am again with another little problem about MPD ;-) situation: FreeBSD 4.6p1 box with MPD 3.8 as VPN server (MPPE). mpd.conf is exaclty the same included in mpd.conf examples. problem: using FreeBSD boxes with pptpclient all works fine: trasferring large files using ftp works correctly. using Win2K or XP boxes sessions involving telnet or similar works fine, but trasferring large files via ftp hangs connection after about 90-100Kbytes. I'm using Windows standard command line ftp client. Win clients are using standard Connection Wizard config. I thought a MTU or similar problem, like I had few time ago, but now mpd logs seems correct and, as said, interactive sessions now are working. Have you some hints ? What could be ? Hoping you can help me :-) Many thanks in advance! -- bye! Ale To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Sep 9 8: 3: 8 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4AEAB37B400 for ; Mon, 9 Sep 2002 08:03:05 -0700 (PDT) Received: from anor.ics.muni.cz (anor.ics.muni.cz [147.251.4.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id E6E4C43E72 for ; Mon, 9 Sep 2002 08:03:03 -0700 (PDT) (envelope-from hopet@ics.muni.cz) Received: from dior.ics.muni.cz (dior.ics.muni.cz [147.251.6.10]) by anor.ics.muni.cz (8.12.1/8.12.1) with ESMTP id g89F2m9Q007987 for ; Mon, 9 Sep 2002 17:02:48 +0200 Received: from kloboucek (root@localhost) (authenticated as hopet with LOGIN) by dior.ics.muni.cz (8.10.1/8.10.0.Beta12) with ESMTP id g89F2lw13033 for ; Mon, 9 Sep 2002 17:02:47 +0200 (MEST) From: "Petr Holub" To: Subject: 32 bit couters in netstat Date: Mon, 9 Sep 2002 17:03:03 +0200 Message-ID: <004501c25811$fed51160$27e86cc2@kloboucek> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 X-Muni-Virus-Test: Clean Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, I've just found that netstat in FreeBSD 4.4 has just 32 bit couters (compared to 64 bit counters in NetBSD), at least for Ibytes and Obytes. Is there any improvement in this respect in -STABLE or in -CURRENT? Thanks, Petr ================================================================ Petr Holub CESNET z.s.p.o. Supercomputing Center Brno Zikova 4 Institute of Compt. Science 160 00 Praha 6, CZ Masaryk University Czech Republic Botanicka 68a, 60200 Brno, CZ e-mail: Petr.Holub@cesnet.cz phone: +420-5-41512213 e-mail: hopet@ics.muni.cz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Sep 9 8:18:17 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5692E37B401 for ; Mon, 9 Sep 2002 08:18:15 -0700 (PDT) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with SMTP id CC0AE43E3B for ; Mon, 9 Sep 2002 08:18:13 -0700 (PDT) (envelope-from oppermann@pipeline.ch) Received: (qmail 75309 invoked from network); 9 Sep 2002 15:15:52 -0000 Received: from unknown (HELO pipeline.ch) ([62.48.0.54]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 9 Sep 2002 15:15:52 -0000 Message-ID: <3D7CBB8A.B9F426C6@pipeline.ch> Date: Mon, 09 Sep 2002 17:17:30 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Petr Holub Cc: net@freebsd.org Subject: Re: 32 bit couters in netstat References: <004501c25811$fed51160$27e86cc2@kloboucek> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Petr Holub wrote: > > Hi all, > > I've just found that netstat in FreeBSD 4.4 has just 32 bit couters > (compared to 64 bit counters in NetBSD), at least for Ibytes and Obytes. > Is there any improvement in this respect in -STABLE or in -CURRENT? No because certain people argue that having a 64 bit counter slows down the machine to the level of a 386SX-16 and who needs large counters anyway... IMO 64 bit interface counters are a must and ipfw counters are 64 bits wide since 3.0 without any noticeable impact on performance (other than rule processing). -- Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Sep 9 8:30:59 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C93BE37B401 for ; Mon, 9 Sep 2002 08:30:55 -0700 (PDT) Received: from anor.ics.muni.cz (anor.ics.muni.cz [147.251.4.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 99D7743E6A for ; Mon, 9 Sep 2002 08:30:54 -0700 (PDT) (envelope-from hopet@ics.muni.cz) Received: from dior.ics.muni.cz (dior.ics.muni.cz [147.251.6.10]) by anor.ics.muni.cz (8.12.1/8.12.1) with ESMTP id g89FUr9Q013878; Mon, 9 Sep 2002 17:30:53 +0200 Received: from kloboucek (root@localhost) (authenticated as hopet with LOGIN) by dior.ics.muni.cz (8.10.1/8.10.0.Beta12) with ESMTP id g89FUlc14790; Mon, 9 Sep 2002 17:30:47 +0200 (MEST) From: "Petr Holub" To: "Andre Oppermann" Cc: Subject: RE: 32 bit couters in netstat Date: Mon, 9 Sep 2002 17:31:08 +0200 Message-ID: <004601c25815$eb9715e0$27e86cc2@kloboucek> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 In-Reply-To: <3D7CBB8A.B9F426C6@pipeline.ch> X-Muni-Virus-Test: Clean Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > I've just found that netstat in FreeBSD 4.4 has just 32 bit couters > > (compared to 64 bit counters in NetBSD), at least for Ibytes and Obytes. > > Is there any improvement in this respect in -STABLE or in -CURRENT? > > No because certain people argue that having a 64 bit counter slows > down the machine to the level of a 386SX-16 and who needs large > counters anyway... I don't think NetBSD is slow that way ;o))). Petr ================================================================ Petr Holub CESNET z.s.p.o. Supercomputing Center Brno Zikova 4 Institute of Compt. Science 160 00 Praha 6, CZ Masaryk University Czech Republic Botanicka 68a, 60200 Brno, CZ e-mail: Petr.Holub@cesnet.cz phone: +420-5-41512213 e-mail: hopet@ics.muni.cz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Sep 9 8:35:39 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4902B37B400 for ; Mon, 9 Sep 2002 08:35:36 -0700 (PDT) Received: from mailhub.fokus.gmd.de (mailhub.fokus.gmd.de [193.174.154.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F83643E6A for ; Mon, 9 Sep 2002 08:35:35 -0700 (PDT) (envelope-from brandt@fokus.gmd.de) Received: from beagle (beagle [193.175.132.100]) by mailhub.fokus.gmd.de (8.11.6/8.11.6) with ESMTP id g89FZWh07007; Mon, 9 Sep 2002 17:35:32 +0200 (MEST) Date: Mon, 9 Sep 2002 17:35:32 +0200 (CEST) From: Harti Brandt To: Petr Holub Cc: Andre Oppermann , Subject: RE: 32 bit couters in netstat In-Reply-To: <004601c25815$eb9715e0$27e86cc2@kloboucek> Message-ID: <20020909173330.F30835-100000@beagle.fokus.gmd.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 9 Sep 2002, Petr Holub wrote: PH>> > I've just found that netstat in FreeBSD 4.4 has just 32 bit couters PH>> > (compared to 64 bit counters in NetBSD), at least for Ibytes and Obytes. PH>> > Is there any improvement in this respect in -STABLE or in -CURRENT? PH>> PH>> No because certain people argue that having a 64 bit counter slows PH>> down the machine to the level of a 386SX-16 and who needs large PH>> counters anyway... PH> PH>I don't think NetBSD is slow that way ;o))). If you search the archives you will find the arguments. As far as I remember the problem is to do the counter update atomically correct. harti -- harti brandt, http://www.fokus.gmd.de/research/cc/cats/employees/hartmut.brandt/private brandt@fokus.gmd.de, brandt@fokus.fhg.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Sep 9 9:10:42 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1179237B400 for ; Mon, 9 Sep 2002 09:10:40 -0700 (PDT) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with SMTP id C44FE43E42 for ; Mon, 9 Sep 2002 09:10:38 -0700 (PDT) (envelope-from oppermann@pipeline.ch) Received: (qmail 80333 invoked from network); 9 Sep 2002 16:08:17 -0000 Received: from unknown (HELO pipeline.ch) ([62.48.0.54]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 9 Sep 2002 16:08:17 -0000 Message-ID: <3D7CC7D3.55BBB7BA@pipeline.ch> Date: Mon, 09 Sep 2002 18:09:55 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Harti Brandt Cc: Petr Holub , net@FreeBSD.ORG Subject: Re: 32 bit couters in netstat References: <20020909173330.F30835-100000@beagle.fokus.gmd.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Harti Brandt wrote: > > On Mon, 9 Sep 2002, Petr Holub wrote: > > PH>> > I've just found that netstat in FreeBSD 4.4 has just 32 bit couters > PH>> > (compared to 64 bit counters in NetBSD), at least for Ibytes and Obytes. > PH>> > Is there any improvement in this respect in -STABLE or in -CURRENT? > PH>> > PH>> No because certain people argue that having a 64 bit counter slows > PH>> down the machine to the level of a 386SX-16 and who needs large > PH>> counters anyway... > PH> > PH>I don't think NetBSD is slow that way ;o))). > > If you search the archives you will find the arguments. As far as I > remember the problem is to do the counter update atomically correct. Yes. Doing a 64 bit atomically add even on UP machines takes a couple a CPU cycles more. But does that matter with 2.8GHz machines? -- Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Sep 9 9:16:31 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 188C437B400 for ; Mon, 9 Sep 2002 09:16:28 -0700 (PDT) Received: from mailhub.fokus.gmd.de (mailhub.fokus.gmd.de [193.174.154.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC92743E6E for ; Mon, 9 Sep 2002 09:16:26 -0700 (PDT) (envelope-from brandt@fokus.gmd.de) Received: from beagle (beagle [193.175.132.100]) by mailhub.fokus.gmd.de (8.11.6/8.11.6) with ESMTP id g89GGNh14627; Mon, 9 Sep 2002 18:16:23 +0200 (MEST) Date: Mon, 9 Sep 2002 18:16:23 +0200 (CEST) From: Harti Brandt To: Andre Oppermann Cc: Harti Brandt , Petr Holub , Subject: Re: 32 bit couters in netstat In-Reply-To: <3D7CC7D3.55BBB7BA@pipeline.ch> Message-ID: <20020909181135.K30835-100000@beagle.fokus.gmd.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 9 Sep 2002, Andre Oppermann wrote: AO>Harti Brandt wrote: AO>> AO>> On Mon, 9 Sep 2002, Petr Holub wrote: AO>> AO>> PH>> > I've just found that netstat in FreeBSD 4.4 has just 32 bit couters AO>> PH>> > (compared to 64 bit counters in NetBSD), at least for Ibytes and Obytes. AO>> PH>> > Is there any improvement in this respect in -STABLE or in -CURRENT? AO>> PH>> AO>> PH>> No because certain people argue that having a 64 bit counter slows AO>> PH>> down the machine to the level of a 386SX-16 and who needs large AO>> PH>> counters anyway... AO>> PH> AO>> PH>I don't think NetBSD is slow that way ;o))). AO>> AO>> If you search the archives you will find the arguments. As far as I AO>> remember the problem is to do the counter update atomically correct. AO> AO>Yes. Doing a 64 bit atomically add even on UP machines takes a couple AO>a CPU cycles more. But does that matter with 2.8GHz machines? Not everyone has the money to buy a new machine each time one comes out. It may matter for people having a 486 in the corner to do their local routing. It may also matter for people that never look at their counters. But as I said already, refer to the archives. harti -- harti brandt, http://www.fokus.gmd.de/research/cc/cats/employees/hartmut.brandt/private brandt@fokus.gmd.de, brandt@fokus.fhg.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Sep 9 9:45:15 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0761237B400 for ; Mon, 9 Sep 2002 09:45:12 -0700 (PDT) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with SMTP id E17C843E4A for ; Mon, 9 Sep 2002 09:45:10 -0700 (PDT) (envelope-from oppermann@pipeline.ch) Received: (qmail 82949 invoked from network); 9 Sep 2002 16:42:49 -0000 Received: from unknown (HELO pipeline.ch) ([62.48.0.54]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 9 Sep 2002 16:42:49 -0000 Message-ID: <3D7CCFEC.8719520F@pipeline.ch> Date: Mon, 09 Sep 2002 18:44:28 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Harti Brandt Cc: Petr Holub , net@FreeBSD.ORG Subject: Re: 32 bit couters in netstat References: <20020909181135.K30835-100000@beagle.fokus.gmd.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Harti Brandt wrote: > > On Mon, 9 Sep 2002, Andre Oppermann wrote: > > AO>Harti Brandt wrote: > AO>> > AO>> On Mon, 9 Sep 2002, Petr Holub wrote: > AO>> > AO>> PH>> > I've just found that netstat in FreeBSD 4.4 has just 32 bit couters > AO>> PH>> > (compared to 64 bit counters in NetBSD), at least for Ibytes and Obytes. > AO>> PH>> > Is there any improvement in this respect in -STABLE or in -CURRENT? > AO>> PH>> > AO>> PH>> No because certain people argue that having a 64 bit counter slows > AO>> PH>> down the machine to the level of a 386SX-16 and who needs large > AO>> PH>> counters anyway... > AO>> PH> > AO>> PH>I don't think NetBSD is slow that way ;o))). > AO>> > AO>> If you search the archives you will find the arguments. As far as I > AO>> remember the problem is to do the counter update atomically correct. > AO> > AO>Yes. Doing a 64 bit atomically add even on UP machines takes a couple > AO>a CPU cycles more. But does that matter with 2.8GHz machines? > > Not everyone has the money to buy a new machine each time one comes out. > > It may matter for people having a 486 in the corner to do their local > routing. It may also matter for people that never look at their counters. The moment you enable ipfw you get 64bit ipfw packet|byte counters anyway... one more doesn't matter at all. > But as I said already, refer to the archives. Make it a macro so everone can choose what fits best: if < I586 make32bitcounters else make64bitaotmiccounters -- Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Sep 9 10:21:24 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C65937B400 for ; Mon, 9 Sep 2002 10:21:20 -0700 (PDT) Received: from overlord.e-gerbil.net (e-gerbil.net [64.186.142.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4BD9D43E65 for ; Mon, 9 Sep 2002 10:21:20 -0700 (PDT) (envelope-from ras@e-gerbil.net) Received: by overlord.e-gerbil.net (Postfix, from userid 1000) id 9CD0C15E47; Mon, 9 Sep 2002 13:21:19 -0400 (EDT) Date: Mon, 9 Sep 2002 13:21:19 -0400 From: Richard A Steenbergen To: Andre Oppermann Cc: Harti Brandt , Petr Holub , net@FreeBSD.ORG Subject: Re: 32 bit couters in netstat Message-ID: <20020909172119.GK53265@overlord.e-gerbil.net> References: <20020909181135.K30835-100000@beagle.fokus.gmd.de> <3D7CCFEC.8719520F@pipeline.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3D7CCFEC.8719520F@pipeline.ch> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Sep 09, 2002 at 06:44:28PM +0200, Andre Oppermann wrote: > > Make it a macro so everone can choose what fits best: > > if < I586 > make32bitcounters > else > make64bitaotmiccounters 32 bit counters simply roll over too quickly to be of any real use for anything other than a home or small office device, even when polled every 5 minutes. Not including 64 bit counters on modern software is remarkably short sighted and pretty darn inexcusable IMHO. But if you're going to include an option doing 32 bit only, I would suggest it not be some obscure and arbitrary. Can you just imagine the frustration of the poor person using the 486 when they're sitting around wondering why the counters are rolling over on this one machine but not another. -- Richard A Steenbergen http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Sep 9 10:34:19 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 14A4437B401 for ; Mon, 9 Sep 2002 10:34:16 -0700 (PDT) Received: from newnet.co.uk (newnet.co.uk [212.87.80.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 10BD643E6A for ; Mon, 9 Sep 2002 10:34:15 -0700 (PDT) (envelope-from peter@newnet.co.uk) Received: from newnet.co.uk (peter.port [212.87.87.37]) by newnet.co.uk (8.12.3/8.12.3) with ESMTP id g89HXgNE030823; Mon, 9 Sep 2002 18:33:42 +0100 (BST) (envelope-from peter@newnet.co.uk) Message-ID: <3D7CDB82.1070906@newnet.co.uk> Date: Mon, 09 Sep 2002 18:33:54 +0100 From: Peter V Coates-Bulgear User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Harti Brandt Cc: Andre Oppermann , Petr Holub , net@FreeBSD.ORG Subject: Re: 32 bit couters in netstat References: <20020909181135.K30835-100000@beagle.fokus.gmd.de> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Newnet-MailScanner: Found to be clean Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Harti Brandt wrote: > On Mon, 9 Sep 2002, Andre Oppermann wrote: > > AO>Harti Brandt wrote: > AO>> > AO>> On Mon, 9 Sep 2002, Petr Holub wrote: > AO>> > AO>> PH>> > I've just found that netstat in FreeBSD 4.4 has just 32 bit couters > AO>> PH>> > (compared to 64 bit counters in NetBSD), at least for Ibytes and Obytes. > AO>> PH>> > Is there any improvement in this respect in -STABLE or in -CURRENT? > AO>> PH>> > AO>> PH>> No because certain people argue that having a 64 bit counter slows > AO>> PH>> down the machine to the level of a 386SX-16 and who needs large > AO>> PH>> counters anyway... > AO>> PH> > AO>> PH>I don't think NetBSD is slow that way ;o))). > AO>> > AO>> If you search the archives you will find the arguments. As far as I > AO>> remember the problem is to do the counter update atomically correct. > AO> > AO>Yes. Doing a 64 bit atomically add even on UP machines takes a couple > AO>a CPU cycles more. But does that matter with 2.8GHz machines? > > Not everyone has the money to buy a new machine each time one comes out. > > It may matter for people having a 486 in the corner to do their local > routing. It may also matter for people that never look at their counters. > > But as I said already, refer to the archives. Anything that slows a machine down is bad news :( Even if only a few CPU cycles. I feel 32bits are just fine. Best to install some additional s/w if you really need 64 bit counters. Rather than force it on everyone. Thanks, Peter -- ____________________________________________________ Message scanned for viruses and dangerous content by and believed to be clean To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Sep 11 10: 9:38 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 588D437B4F0 for ; Wed, 11 Sep 2002 10:09:22 -0700 (PDT) Received: from hotmail.com (f64.law9.hotmail.com [64.4.9.64]) by mx1.FreeBSD.org (Postfix) with ESMTP id C178743E6E for ; Wed, 11 Sep 2002 10:09:21 -0700 (PDT) (envelope-from soheil_h_y@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 11 Sep 2002 10:09:21 -0700 Received: from 80.75.12.10 by lw9fd.law9.hotmail.msn.com with HTTP; Wed, 11 Sep 2002 17:09:21 GMT X-Originating-IP: [80.75.12.10] From: "soheil h" To: freebsd-net@FreeBSD.ORG Subject: computing the Ack Seq. No. Date: Wed, 11 Sep 2002 21:39:21 +0430 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 11 Sep 2002 17:09:21.0650 (UTC) FILETIME=[F8B72520:01C259B5] Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org hi list I wrote the code below and it doesn't work correctly please tell me what is wrong int len, tlen; tcpiphdr ti, ti_send; int hlen; int acklen; /* the hlen is ip header hlen */ .... /* the ip->ip_len is ntohs'ed by NTOHS in io_input() */ len = ti->ti_len; tlen = ti->ti_off << 2; acklen = len - hlen - tlen; ti_send->ti_ack = htonl(ntohl(ti->ti_seq) + acklen ); /* this field is incorrect and i don't know why */ .... _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Sep 11 10:10: 8 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 22A3837B405 for ; Wed, 11 Sep 2002 10:10:04 -0700 (PDT) Received: from hotmail.com (f150.law9.hotmail.com [64.4.9.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF1AD43E4A for ; Wed, 11 Sep 2002 10:10:03 -0700 (PDT) (envelope-from soheil_h_y@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 11 Sep 2002 10:10:03 -0700 Received: from 80.75.12.10 by lw9fd.law9.hotmail.msn.com with HTTP; Wed, 11 Sep 2002 17:10:03 GMT X-Originating-IP: [80.75.12.10] From: "soheil h" To: freebsd-net@FreeBSD.ORG Subject: computing the Ack Seq. No. Date: Wed, 11 Sep 2002 21:40:03 +0430 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 11 Sep 2002 17:10:03.0851 (UTC) FILETIME=[11DE81B0:01C259B6] Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org hi list I wrote the code below and it doesn't work correctly for computing the th->th_ack ( the ack seq. no.) please tell me what is wrong int len, tlen; tcpiphdr ti, ti_send; int hlen; int acklen; /* the hlen is ip header hlen */ .... /* the ip->ip_len is ntohs'ed by NTOHS in io_input() */ len = ti->ti_len; tlen = ti->ti_off << 2; acklen = len - hlen - tlen; ti_send->ti_ack = htonl(ntohl(ti->ti_seq) + acklen ); /* this field is incorrect and i don't know why */ .... thanx _________________________________________________________________ Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Sep 11 10:50:17 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ACE3637B400 for ; Wed, 11 Sep 2002 10:50:13 -0700 (PDT) Received: from wall.polstra.com (wall-gw.polstra.com [206.213.73.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id A48FF43E72 for ; Wed, 11 Sep 2002 10:50:12 -0700 (PDT) (envelope-from jdp@polstra.com) Received: from vashon.polstra.com (vashon.polstra.com [206.213.73.13]) by wall.polstra.com (8.11.3/8.11.3) with ESMTP id g8BHoBf61383; Wed, 11 Sep 2002 10:50:11 -0700 (PDT) (envelope-from jdp@vashon.polstra.com) Received: (from jdp@localhost) by vashon.polstra.com (8.12.5/8.12.5/Submit) id g8BHoBZf032104; Wed, 11 Sep 2002 10:50:11 -0700 (PDT) (envelope-from jdp) Date: Wed, 11 Sep 2002 10:50:11 -0700 (PDT) Message-Id: <200209111750.g8BHoBZf032104@vashon.polstra.com> To: net@freebsd.org From: John Polstra Cc: soheil_h_y@hotmail.com Subject: Re: computing the Ack Seq. No. In-Reply-To: References: Organization: Polstra & Co., Seattle, WA Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In article , soheil h wrote: > hi list > I wrote the code below and it doesn't work correctly > please tell me what is wrong > int len, tlen; > tcpiphdr ti, ti_send; > int hlen; > int acklen; > /* > the hlen is ip header hlen > */ > .... > /* the ip->ip_len is ntohs'ed by NTOHS in io_input() */ > len = ti->ti_len; > tlen = ti->ti_off << 2; > acklen = len - hlen - tlen; > ti_send->ti_ack = htonl(ntohl(ti->ti_seq) + acklen ); > /* this field is incorrect and i don't know why */ If the TH_SYN flag is set in the received packet, you must increment the ack by 1. Likewise, if the TH_FIN flag is set, you must increment the ack by 1. In other words, each of those flags counts the same as a byte of data, as far as the ack calculation is concerned. John -- John Polstra John D. Polstra & Co., Inc. Seattle, Washington USA "Disappointment is a good sign of basic intelligence." -- Chögyam Trungpa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Sep 11 11:14:54 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC7D837B400 for ; Wed, 11 Sep 2002 11:14:49 -0700 (PDT) Received: from smtpout.mac.com (smtpout.mac.com [204.179.120.89]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8DF1B43E6A for ; Wed, 11 Sep 2002 11:14:49 -0700 (PDT) (envelope-from justin@mac.com) Received: from smtp-relay03.mac.com (smtp-relay03-en1 [10.13.10.222]) by smtpout.mac.com (Xserve/MantshX 2.0) with ESMTP id g8BIEnKw002502 for ; Wed, 11 Sep 2002 11:14:49 -0700 (PDT) Received: from asmtp01.mac.com (asmtp01-qfe3 [10.13.10.65]) by smtp-relay03.mac.com (8.12.1/8.12.1/1.0) with ESMTP id g8BIEmKN016674 for ; Wed, 11 Sep 2002 11:14:48 -0700 (PDT) Received: from grinch ([12.234.224.67]) by asmtp01.mac.com (Netscape Messaging Server 4.15) with ESMTP id H2ADCN00.GOG for ; Wed, 11 Sep 2002 11:14:47 -0700 Date: Wed, 11 Sep 2002 11:14:46 -0700 Subject: Re: computing the Ack Seq. No. Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v482) From: "Justin C. Walker" To: net@FreeBSD.ORG Content-Transfer-Encoding: 7bit In-Reply-To: <200209111750.g8BHoBZf032104@vashon.polstra.com> Message-Id: <5A3F3774-C5B2-11D6-A7E3-00306544D642@mac.com> X-Mailer: Apple Mail (2.482) Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wednesday, September 11, 2002, at 10:50 AM, John Polstra wrote: > In article , > soheil h wrote: >> hi list >> I wrote the code below and it doesn't work correctly >> please tell me what is wrong >> int len, tlen; >> tcpiphdr ti, ti_send; >> int hlen; >> int acklen; >> /* >> the hlen is ip header hlen >> */ >> .... >> /* the ip->ip_len is ntohs'ed by NTOHS in io_input() */ >> len = ti->ti_len; >> tlen = ti->ti_off << 2; >> acklen = len - hlen - tlen; >> ti_send->ti_ack = htonl(ntohl(ti->ti_seq) + acklen ); >> /* this field is incorrect and i don't know why */ > > If the TH_SYN flag is set in the received packet, you must increment > the ack by 1. Likewise, if the TH_FIN flag is set, you must increment > the ack by 1. In other words, each of those flags counts the same as > a byte of data, as far as the ack calculation is concerned. Also, it's not clear to me why you include the IP header length in the count of acknowledged TCP bytes. Perhaps I missunderstand your code... Regards, Justin -- Justin C. Walker, Curmudgeon-At-Large * Institute for General Semantics | When LuteFisk is outlawed | Only outlaws will have | LuteFisk *--------------------------------------*-------------------------------* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Sep 11 12:33:58 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 46E9E37B400 for ; Wed, 11 Sep 2002 12:33:43 -0700 (PDT) Received: from mail1.uunet.ca (mail1.uunet.ca [209.167.141.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 87E8943E3B for ; Wed, 11 Sep 2002 12:33:42 -0700 (PDT) (envelope-from kfl@xiphos.ca) Received: from tick ([216.95.199.148]) by mail1.uunet.ca with SMTP id <667233-8195>; Wed, 11 Sep 2002 14:08:16 -0400 From: "kfl" To: "freebsd - net" Subject: T/TCP and FreeBSD 4.5 Date: Wed, 11 Sep 2002 14:10:12 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Importance: Normal Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I'm having a problem using TCP for transaction in FreeBSd 4.5. Here's a trace from tcpdump and the code I'm using. Also, from the dump you can see that rfc1644 is on ;) Problem: (At 12:41:05.626586, the ack should also ack the data sent with the SYN.) Any hints on what could be wrong? Regards, Karim Fodil-Lemelin Xiphos Technologies Inc. uname -a: cartman.xiphos.ca 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 GMT 2002 murray@builder.freebsdmall.com:/usr/src/sys/compile/GENERIC i386 TRACE: 12:41:05.626087 cartman.xiphos.ca.1029 > ratbert.xiphos.ca.8888: SFP 361776143:361776543(400) win 65535 (DF) 12:41:05.626293 ratbert.xiphos.ca.8888 > cartman.xiphos.ca.1029: S 1733428688:1733428688(0) ack 361776144 win 65535 12:41:05.626451 cartman.xiphos.ca.1029 > ratbert.xiphos.ca.8888: F 361776544:361776544(0) ack 1733428689 win 33120 (DF) 12:41:05.626586 ratbert.xiphos.ca.8888 > cartman.xiphos.ca.1029: . ack 361776144 win 33120 (DF) 12:41:06.625726 cartman.xiphos.ca.1029 > ratbert.xiphos.ca.8888: FP 361776144:361776544(400) ack 1733428689 win 33120 (DF) 12:41:06.625831 ratbert.xiphos.ca.8888 > cartman.xiphos.ca.1029: . ack 361776545 win 32920 (DF) 12:41:06.626626 ratbert.xiphos.ca.8888 > cartman.xiphos.ca.1029: FP 1733428689:1733429089(400) ack 361776545 win 33120 (DF) 12:41:06.626818 cartman.xiphos.ca.1029 > ratbert.xiphos.ca.8888: . ack 1733429090 win 32920 (DF) INCLUDE FILE: /* Common includes and defines for UDP, TCP, and T/TCP */ /* clients and servers */ #include #include #include #include #include #include #include #include #define REQUEST 400 /* max size of request, in bytes */ #define REPLY 400 /* max size of reply, in bytes */ #define UDP_SERV_PORT 7777 /* UDP server's well-known port */ #define TCP_SERV_PORT 8888 /* TCP server's well-known port */ #define TTCP_SER_PORT 9999 /* T/TCP server's well-known port */ /* Following shortens all the type casts of pointer arguments */ #define SA struct sockaddr * CLIENT: int read_stream (int fd, char *ptr, int maxbytes) { int nleft, nread; nleft = maxbytes; while (nleft > 0) { if ((nread = read(fd, ptr, nleft)) < 0) return (nread); /* error return < 0 */ else if (nread == 0) break; /* EOF, return #bytes read */ nleft -= nread; ptr += nread; } return (maxbytes - nleft); } int main (int argc, char *argv[]) { struct sockaddr_in serv; struct hostent *host; char request[REQUEST], reply[REPLY]; uint32_t ipAddr; int sockfd, n; int One = 1; if (argc !=2) { printf("usage: ttcpcli \n"); exit(0); } if ((sockfd = socket(PF_INET, SOCK_STREAM, 0)) < 0) { printf("socket error\n"); exit(0); } memset(&serv, sizeof(serv), 0); serv.sin_family = AF_INET; serv.sin_port = htons(TCP_SERV_PORT); if ((ipAddr = inet_addr(argv[1])) != -1) { serv.sin_addr.s_addr = ipAddr; } else if ((host = gethostbyname(argv[1])) != NULL) { bcopy((char *)host->h_addr, (char *)&serv.sin_addr, host->h_length); } else { printf("unknown host\n"); exit(0); } /* form request */ strcpy(request, "This is a T/TCP payload"); setsockopt(sockfd, IPPROTO_TCP, TCP_NOPUSH, &One, sizeof (One)); if (sendto (sockfd, request, REQUEST, MSG_EOF, (SA)&serv, sizeof(serv)) != REQUEST) { printf("sendto error\n"); exit(0); } if ((n = read_stream(sockfd, reply, REPLY)) < 0) { printf("read error\n"); exit(0); } /* process "n" bytes of reply[] ... */ printf("received:%s\n", reply); exit(0); } SERVER: int read_stream (int fd, char *ptr, int maxbytes) { int nleft, nread; nleft = maxbytes; while (nleft > 0) { if ((nread = read(fd, ptr, nleft)) < 0) return (nread); /* error return < 0 */ else if (nread == 0) break; /* EOF, return #bytes read */ nleft -= nread; ptr += nread; } return (maxbytes - nleft); } int main () { struct sockaddr_in serv, cli; char request[REQUEST], reply[REPLY]; int listenfd, sockfd, n, clilen; if ((listenfd = socket(PF_INET, SOCK_STREAM, 0)) < 0) { printf("socket error\n"); exit(0); } memset(&serv, sizeof(serv), 0); serv.sin_family = AF_INET; serv.sin_port = htons(TCP_SERV_PORT); serv.sin_addr.s_addr = htonl(INADDR_ANY); if (bind(listenfd, (SA)&serv, sizeof(serv)) < 0) { printf("bind error\n"); exit(0); } if (listen(listenfd, SOMAXCONN) < 0) { printf("listen error\n"); exit(0); } for(;;) { clilen = sizeof(cli); if ((sockfd = accept(listenfd, (SA)&cli, &clilen)) < 0) { printf("accept error\n"); exit(0); } if ((n = read_stream(sockfd, request, REQUEST)) < 0) { printf("read error\n"); exit(0); } /* process "n" bytes of request[] and create reply[] ... */ printf("recevied:%s\n", request); strcpy(reply, "Server response"); if (send(sockfd, reply, REPLY, MSG_EOF) != REPLY) { printf("send error\n"); exit(0); } close(sockfd); } } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Sep 11 13: 9:35 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A0B8237B400 for ; Wed, 11 Sep 2002 13:09:33 -0700 (PDT) Received: from niwun.pair.com (niwun.pair.com [209.68.2.70]) by mx1.FreeBSD.org (Postfix) with SMTP id 92F9443E42 for ; Wed, 11 Sep 2002 13:09:32 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 43316 invoked by uid 3193); 11 Sep 2002 20:09:31 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 11 Sep 2002 20:09:31 -0000 Date: Wed, 11 Sep 2002 16:09:31 -0400 (EDT) From: Mike Silbersack X-X-Sender: silby@niwun.pair.com To: kfl Cc: freebsd - net Subject: Re: T/TCP and FreeBSD 4.5 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 11 Sep 2002, kfl wrote: > Hi, > > I'm having a problem using TCP for transaction in FreeBSd 4.5. Here's a > trace from tcpdump and the code I'm using. > Also, from the dump you can see that rfc1644 is on ;) > > Problem: (At 12:41:05.626586, the ack should also ack the data sent with the > SYN.) > > Any hints on what could be wrong? > > Regards, > > Karim Fodil-Lemelin > Xiphos Technologies Inc. > > uname -a: > cartman.xiphos.ca 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 I think it needs more cheesy poofs. Ho ho, ok, now to the real answer. In order to make the syn cache more resistant to denial of service attacks, one of its features is that it will not accept any data in the initial SYN packet. In 99.9% of the cases, this is fine, as TCP stacks don't tend to send data along with a SYN. I guess T/TCP differs, though... It would certainly be possible to rewrite the syn cache to be more friendly to T/TCP, but I don't think that anyone has plans to do so. If you have the time and need, you might wish to take a stab at it. If not, you'll have to run 4.4-release (or 4.4-stable before the syncache import) in order to get the old behavior. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Sep 11 13:27:54 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1586F37B400 for ; Wed, 11 Sep 2002 13:27:52 -0700 (PDT) Received: from mrout3.yahoo.com (mrout3.yahoo.com [216.145.54.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id B853E43E4A for ; Wed, 11 Sep 2002 13:27:51 -0700 (PDT) (envelope-from jayanth@yahoo-inc.com) Received: from milk.yahoo.com (milk.yahoo.com [216.145.52.137]) by mrout3.yahoo.com (8.11.6/8.11.6/y.out) with ESMTP id g8BKRh953271; Wed, 11 Sep 2002 13:27:43 -0700 (PDT) Received: (from root@localhost) by milk.yahoo.com (8.11.0/8.11.0) id g8BKRgr87668; Wed, 11 Sep 2002 13:27:42 -0700 (PDT) (envelope-from jayanth) Date: Wed, 11 Sep 2002 13:27:42 -0700 From: jayanth To: Mike Silbersack Cc: kfl , freebsd - net Subject: Re: T/TCP and FreeBSD 4.5 Message-ID: <20020911132742.C61572@yahoo-inc.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: ; from silby@silby.com on Wed, Sep 11, 2002 at 04:09:31PM -0400 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Mike Silbersack (silby@silby.com) wrote: > > Ho ho, ok, now to the real answer. In order to make the syn cache more > resistant to denial of service attacks, one of its features is that it > will not accept any data in the initial SYN packet. In 99.9% of the > cases, this is fine, as TCP stacks don't tend to send data along with a > SYN. I guess T/TCP differs, though... You are right, however this should happen only on the first connection, between two hosts. All subsequent connections should behave normally as there will be a cached route between these two hosts. Try running multiple connections between the same two hosts and you should see subsequent ttcp connections behave normally. jayanth To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Sep 11 19:13:38 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 109DD37B400 for ; Wed, 11 Sep 2002 19:13:36 -0700 (PDT) Received: from wall.polstra.com (wall-gw.polstra.com [206.213.73.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9BDC043E3B for ; Wed, 11 Sep 2002 19:13:34 -0700 (PDT) (envelope-from jdp@polstra.com) Received: from vashon.polstra.com (vashon.polstra.com [206.213.73.13]) by wall.polstra.com (8.11.3/8.11.3) with ESMTP id g8C2DUf63307; Wed, 11 Sep 2002 19:13:30 -0700 (PDT) (envelope-from jdp@vashon.polstra.com) Received: (from jdp@localhost) by vashon.polstra.com (8.12.5/8.12.5/Submit) id g8C2DUZL032515; Wed, 11 Sep 2002 19:13:30 -0700 (PDT) (envelope-from jdp) Date: Wed, 11 Sep 2002 19:13:30 -0700 (PDT) Message-Id: <200209120213.g8C2DUZL032515@vashon.polstra.com> To: net@freebsd.org From: John Polstra Cc: justin@mac.com Subject: Re: computing the Ack Seq. No. In-Reply-To: <5A3F3774-C5B2-11D6-A7E3-00306544D642@mac.com> References: <5A3F3774-C5B2-11D6-A7E3-00306544D642@mac.com> Organization: Polstra & Co., Seattle, WA Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In article <5A3F3774-C5B2-11D6-A7E3-00306544D642@mac.com>, Justin C. Walker wrote: > > On Wednesday, September 11, 2002, at 10:50 AM, John Polstra wrote: > > > In article , > > soheil h wrote: > >> hi list > >> I wrote the code below and it doesn't work correctly > >> please tell me what is wrong > >> int len, tlen; > >> tcpiphdr ti, ti_send; > >> int hlen; > >> int acklen; > >> /* > >> the hlen is ip header hlen > >> */ > >> .... > >> /* the ip->ip_len is ntohs'ed by NTOHS in io_input() */ > >> len = ti->ti_len; > >> tlen = ti->ti_off << 2; > >> acklen = len - hlen - tlen; > >> ti_send->ti_ack = htonl(ntohl(ti->ti_seq) + acklen ); > >> /* this field is incorrect and i don't know why */ > > > > If the TH_SYN flag is set in the received packet, you must increment > > the ack by 1. Likewise, if the TH_FIN flag is set, you must increment > > the ack by 1. In other words, each of those flags counts the same as > > a byte of data, as far as the ack calculation is concerned. > > Also, it's not clear to me why you include the IP header length in the > count of acknowledged TCP bytes. Perhaps I missunderstand your code... I think that part is OK. "len" is the total packet length including the IP and TCP headers. He takes that and subtracts out the lengths of the headers to get the number of bytes to ack (acklen). That's correct: you ack only the payload, not the headers. John -- John Polstra John D. Polstra & Co., Inc. Seattle, Washington USA "Disappointment is a good sign of basic intelligence." -- Chögyam Trungpa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Sep 11 19:27: 6 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B494B37B400 for ; Wed, 11 Sep 2002 19:27:03 -0700 (PDT) Received: from smtpout.mac.com (smtpout.mac.com [204.179.120.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5F08943E88 for ; Wed, 11 Sep 2002 19:27:03 -0700 (PDT) (envelope-from justin@mac.com) Received: from smtp-relay02.mac.com (smtp-relay02-en1 [10.13.10.225]) by smtpout.mac.com (Xserve/MantshX 2.0) with ESMTP id g8C2R3Or024177 for ; Wed, 11 Sep 2002 19:27:03 -0700 (PDT) Received: from asmtp01.mac.com (asmtp01-qfe3 [10.13.10.65]) by smtp-relay02.mac.com (8.12.1/8.12.1/1.0) with ESMTP id g8C2R2ZH019204 for ; Wed, 11 Sep 2002 19:27:02 -0700 (PDT) Received: from grinch ([12.234.224.67]) by asmtp01.mac.com (Netscape Messaging Server 4.15) with ESMTP id H2B05200.SDW for ; Wed, 11 Sep 2002 19:27:02 -0700 Date: Wed, 11 Sep 2002 19:27:01 -0700 Subject: Re: computing the Ack Seq. No. Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v482) From: "Justin C. Walker" To: net@FreeBSD.ORG Content-Transfer-Encoding: 7bit In-Reply-To: <200209120213.g8C2DUZL032515@vashon.polstra.com> Message-Id: <1E71621C-C5F7-11D6-A7E3-00306544D642@mac.com> X-Mailer: Apple Mail (2.482) Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wednesday, September 11, 2002, at 07:13 PM, John Polstra wrote: > In article <5A3F3774-C5B2-11D6-A7E3-00306544D642@mac.com>, > Justin C. Walker wrote: >> >> On Wednesday, September 11, 2002, at 10:50 AM, John Polstra wrote: >> >>> In article , >>> soheil h wrote: >>>> hi list >>>> I wrote the code below and it doesn't work correctly >>>> please tell me what is wrong [snip] > I think that part is OK. "len" is the total packet length including > the IP and TCP headers. He takes that and subtracts out the lengths > of the headers to get the number of bytes to ack (acklen). That's > correct: you ack only the payload, not the headers. D'oh! That's ti_, not th_! Thanks. Justin -- /~\ The ASCII Justin C. Walker, Curmudgeon-at-Large \ / Ribbon Campaign X Help cure HTML Email / \ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Sep 12 4:19:44 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CDB6A37B400 for ; Thu, 12 Sep 2002 04:19:40 -0700 (PDT) Received: from smtp.uc3m.es (smtp03.uc3m.es [163.117.136.123]) by mx1.FreeBSD.org (Postfix) with ESMTP id 25A8E43E42 for ; Thu, 12 Sep 2002 04:19:40 -0700 (PDT) (envelope-from jrh@it.uc3m.es) Received: from smtp03.uc3m.es (localhost [127.0.0.1]) by smtp.uc3m.es (Postfix) with ESMTP id CFD7B431C3; Thu, 12 Sep 2002 12:19:40 +0200 (CEST) Received: from it.uc3m.es (mira.it.uc3m.es [163.117.140.166]) by smtp03.uc3m.es (Postfix) with ESMTP id 730E899E16; Thu, 12 Sep 2002 12:19:36 +0200 (CEST) Message-ID: <3D807846.FD8163F1@it.uc3m.es> Date: Thu, 12 Sep 2002 13:19:34 +0200 From: Juan Francisco Rodriguez Hervella X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.5-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Lista , "(Lista) snap-users@kame.net" , Octavio.Medina@enst-bretagne.fr, Jean-Luc.Richier@imag.fr Subject: Reencapsulate IPv6-over-IPv6 "over" IPv4 doesn't work for me, but it should, right ? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello: Sorry for this cross-posting. I have the following configuration: gif0: flags=8051 mtu 1280 tunnel inet aaa.aaa.aaa.aaa --> bbb.bbb.bbb.bbb inet6 3ffe:3328:6::f571 prefixlen 126 inet6 fe80::290:27ff:fe86:93d%gif0 prefixlen 64 scopeid 0xa gif1: flags=8051 mtu 1280 tunnel inet6 2001:720:1500:30::2 --> 3ffe:3326:3:920::1 inet6 fe80::290:27ff:fe86:93d%gif1 prefixlen 64 scopeid 0xe inet6 3ffe:3328:6::f544 prefixlen 126 inet6 2001:720:1500:30::2 prefixlen 128 To reach "3ffe:3326:3:920::1", I go through "gif0": root@mira:~# netstat -rn | grep 3ffe:3326:3:9 3ffe:3326:3:900::/56 fe80::d560:d738%gif0 UG1c gif0 When I exec "ping6 3ffe:3328:6::f545", this happens: root@mira:~# ping6 3ffe:3328:6::f545 PING6(56=40+8+8 bytes) 3ffe:3328:6::f544 --> 3ffe:3328:6::f545 ping6: sendmsg: Input/output error ping6: wrote 3ffe:3328:6::f545 16 chars, ret=-1 ping6: sendmsg: Input/output error ping6: wrote 3ffe:3328:6::f545 16 chars, ret=-1 Im using FreeBSD-4.5 with two patches to run the DSTM transition mechanism (http://www.ipv6.rennes.enst-bretagne.fr/dstm/inst-45.html) One patch to obtain IPv6-RPCs and the other to install the mechanism. I don't know if this is a problem of FreeBSD-4.5" or if it's caused by the patches. It's possible to configure the number of "gif" loops using sysctls or something like that ? Does standard FreeBSD has support for it or only KAME snaps ? Have anyone heard or similar problems ? Best Regards. -- JFRH. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Sep 12 4:26: 1 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E61237B400 for ; Thu, 12 Sep 2002 04:25:59 -0700 (PDT) Received: from mail1.ugr.es (mail1.ugr.es [150.214.20.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id F224F43E4A for ; Thu, 12 Sep 2002 04:25:54 -0700 (PDT) (envelope-from fran@ugr.es) Received: from mail1.ugr.es (localhost [127.0.0.1]) by mail1.ugr.es (8.9.3/8.9.3) with ESMTP id NAA08000 for ; Thu, 12 Sep 2002 13:25:50 +0200 (MEST) Received: from goliat.ugr.es (goliat.ugr.es [150.214.20.3]) by mail1.ugr.es (8.9.3/8.9.3) with ESMTP id NAA07992 for ; Thu, 12 Sep 2002 13:25:49 +0200 (MEST) Received: from pcb2bis (pcb2bis.ugr.es [150.214.35.65]) by goliat.ugr.es (8.9.3/8.9.1) with SMTP id NAA01296 for ; Thu, 12 Sep 2002 13:25:49 +0200 (MEST) Message-ID: <002801c25a4f$5c241520$4123d696@ugr.es> Reply-To: "Francisco J. Medina Jimenez" From: "Francisco J. Medina Jimenez" To: Subject: mpd and limit number of user sessions Date: Thu, 12 Sep 2002 13:27:20 +0200 Organization: Servicios de Informatica y Redes de Comunicaciones. Universidad de Granada MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi All. I would like to know if it's possible to limit the number of sessions that one user can do, put time restrictions ... Thanks in advance. Regards. Fran. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Sep 12 4:37:40 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F53737B400 for ; Thu, 12 Sep 2002 04:37:38 -0700 (PDT) Received: from laposte.enst-bretagne.fr (laposte.enst-bretagne.fr [192.108.115.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B1FF43E6A for ; Thu, 12 Sep 2002 04:37:32 -0700 (PDT) (envelope-from Francis.Dupont@enst-bretagne.fr) Received: from rsm.rennes.enst-bretagne.fr (rsm.rennes.enst-bretagne.fr [192.44.77.1]) by laposte.enst-bretagne.fr (8.11.6/8.11.6) with ESMTP id g8CBbOO30884; Thu, 12 Sep 2002 13:37:24 +0200 Received: from givry.rennes.enst-bretagne.fr (givry.rennes.enst-bretagne.fr [193.52.74.194]) by rsm.rennes.enst-bretagne.fr (8.8.8/8.8.8) with ESMTP id NAA13994; Thu, 12 Sep 2002 13:37:25 +0200 (MET DST) Received: from givry.rennes.enst-bretagne.fr (localhost.rennes.enst-bretagne.fr [127.0.0.1]) by givry.rennes.enst-bretagne.fr (8.12.3/8.12.3) with ESMTP id g8CBbO6o083811; Thu, 12 Sep 2002 13:37:24 +0200 (CEST) (envelope-from dupont@givry.rennes.enst-bretagne.fr) Message-Id: <200209121137.g8CBbO6o083811@givry.rennes.enst-bretagne.fr> From: Francis Dupont To: snap-users@kame.net Cc: Lista , Octavio.Medina@enst-bretagne.fr, Jean-Luc.Richier@imag.fr Subject: Re: (KAME-snap 6885) Reencapsulate IPv6-over-IPv6 "over" IPv4 doesn't work for me, but it should, right ? In-reply-to: Your message of Thu, 12 Sep 2002 13:19:34 +0200. <3D807846.FD8163F1@it.uc3m.es> Date: Thu, 12 Sep 2002 13:37:24 +0200 X-Virus-Scanned: by amavisd-milter (http://amavis.org/) at enst-bretagne.fr Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In your previous mail you wrote: gif1: flags=8051 mtu 1280 tunnel inet6 2001:720:1500:30::2 --> 3ffe:3326:3:920::1 inet6 fe80::290:27ff:fe86:93d%gif1 prefixlen 64 scopeid 0xe inet6 3ffe:3328:6::f544 prefixlen 126 inet6 2001:720:1500:30::2 prefixlen 128 => you have the same address for the tunnel encapsulation and the tunnel itself. This will give infinite recursive encapsulation which is detected (in this easy case only) and gives an EIO error with a log notice like "gif_output: recursively called too many times...". I don't know if this is a problem of FreeBSD-4.5" or if it's caused by the patches. => try to set MAX_GIF_NEST (kernel option) to a small value (default seems to be 1 which is too small for you) and please cleanup your config (no recursive use of addresses, /64 prefixes on link, etc). Regards Francis.Dupont@enst-bretagne.fr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Sep 12 5:53:41 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 98C9837B400 for ; Thu, 12 Sep 2002 05:53:38 -0700 (PDT) Received: from smtp.uc3m.es (smtp03.uc3m.es [163.117.136.123]) by mx1.FreeBSD.org (Postfix) with ESMTP id E3E3F43E6A for ; Thu, 12 Sep 2002 05:53:37 -0700 (PDT) (envelope-from jrh@it.uc3m.es) Received: from smtp03.uc3m.es (localhost [127.0.0.1]) by smtp.uc3m.es (Postfix) with ESMTP id 90934431AC; Thu, 12 Sep 2002 13:53:38 +0200 (CEST) Received: from it.uc3m.es (mira.it.uc3m.es [163.117.140.166]) by smtp03.uc3m.es (Postfix) with ESMTP id 2517299DF0; Thu, 12 Sep 2002 13:53:38 +0200 (CEST) Message-ID: <3D808E50.E14E7FC2@it.uc3m.es> Date: Thu, 12 Sep 2002 14:53:36 +0200 From: Juan Francisco Rodriguez Hervella X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.5-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: snap-users@kame.net Cc: Lista , Octavio.Medina@enst-bretagne.fr, Jean-Luc.Richier@imag.fr Subject: Re: (KAME-snap 6886) Re: Reencapsulate IPv6-over-IPv6 "over" IPv4 doesn't work for me, but it should, right ? References: <200209121137.g8CBbO6o083811@givry.rennes.enst-bretagne.fr> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Francis Dupont wrote: > > In your previous mail you wrote: > > gif1: flags=8051 mtu 1280 > tunnel inet6 2001:720:1500:30::2 --> 3ffe:3326:3:920::1 > inet6 fe80::290:27ff:fe86:93d%gif1 prefixlen 64 scopeid 0xe > inet6 3ffe:3328:6::f544 prefixlen 126 > inet6 2001:720:1500:30::2 prefixlen 128 > > => you have the same address for the tunnel encapsulation and > the tunnel itself. This will give infinite recursive encapsulation > which is detected (in this easy case only) and gives an EIO error > with a log notice like "gif_output: recursively called too many times...". > I've moved "2001:720:1500:30::2 prefixlen 64" to interface fxp0 and I've removed it from "gif1"... but still I've got the same problem... > I don't know if this is a problem of FreeBSD-4.5" or if it's > caused by the patches. > > => try to set MAX_GIF_NEST (kernel option) to a small value > (default seems to be 1 which is too small for you) and > please cleanup your config (no recursive use of addresses, > /64 prefixes on link, etc). > I haven't found such option. Are you sure FreeBSD-4.5 has it ? PS: In "gif1", I don't see any problem with a prefix of /126... Thanks again. -- JFRH. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Sep 12 5:57:58 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF70237B400 for ; Thu, 12 Sep 2002 05:57:57 -0700 (PDT) Received: from birch.ripe.net (birch.ripe.net [193.0.1.96]) by mx1.FreeBSD.org (Postfix) with ESMTP id D119C43E42 for ; Thu, 12 Sep 2002 05:57:56 -0700 (PDT) (envelope-from marks@ripe.net) Received: from laptop.6bone.nl (cow.ripe.net [193.0.1.239]) by birch.ripe.net (8.12.5/8.11.6) with SMTP id g8CCvnKu032230; Thu, 12 Sep 2002 14:57:49 +0200 Received: (nullmailer pid 1596 invoked by uid 1000); Thu, 12 Sep 2002 12:57:49 -0000 Date: Thu, 12 Sep 2002 14:57:49 +0200 From: Mark Santcroos To: Juan Francisco Rodriguez Hervella Cc: snap-users@kame.net, Lista , Octavio.Medina@enst-bretagne.fr, Jean-Luc.Richier@imag.fr Subject: Re: (KAME-snap 6886) Re: Reencapsulate IPv6-over-IPv6 "over" IPv4 doesn't work for me, but it should, right ? Message-ID: <20020912125749.GA728@laptop.6bone.nl> References: <200209121137.g8CBbO6o083811@givry.rennes.enst-bretagne.fr> <3D808E50.E14E7FC2@it.uc3m.es> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3D808E50.E14E7FC2@it.uc3m.es> User-Agent: Mutt/1.4i X-Handles: MS6-6BONE, MS18417-RIPE X-RIPE-Spam-Status: NONE ; -1035 X-RIPE-Spam-Level: Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Sep 12, 2002 at 02:53:36PM +0200, Juan Francisco Rodriguez Hervella wrote: > I haven't found such option. Are you sure FreeBSD-4.5 has it ? see sys/net/if_gif.c Mark -- Mark Santcroos RIPE Network Coordination Centre http://www.ripe.net/home/mark/ New Projects Group/TTM To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Sep 12 6:44: 9 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A554937B400 for ; Thu, 12 Sep 2002 06:44:04 -0700 (PDT) Received: from femme.sapphite.org (pcp02268182pcs.longhl01.md.comcast.net [68.50.99.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3EED143E6E for ; Thu, 12 Sep 2002 06:44:00 -0700 (PDT) (envelope-from trish@bsdunix.net) Received: from localhost (trish@localhost [127.0.0.1]) by femme.sapphite.org (8.12.6/8.12.5) with ESMTP id g8CDiSgo035588 for ; Thu, 12 Sep 2002 09:44:29 -0400 (EDT) (envelope-from trish@bsdunix.net) Date: Thu, 12 Sep 2002 09:44:28 -0400 (EDT) From: Trish Lynch X-X-Sender: To: Subject: ipv6 tunneling over ipv4 acting weird Message-ID: <20020912094213.J6060-100000@femme.sapphite.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I may be doing something wrong, but as far as I know, everything looks right: I'm trying to get a tunnel that previously worked working again. this is on FreeBSD 5.0-CURRENT ifconfig gif0 create ifconfig gif0 tunnel 68.50.99.190 64.71.128.82 ifconfig gif0 inet6 2001:470:1F00:FFFF::AD 2001:470:1F00:FFFF::AC prefixlen 128 route -n add -inet6 default 2001:470:1F00:FFFF::AC femme:~# ifconfig gif0 gif0: flags=8051 mtu 1280 tunnel inet 68.50.99.190 --> 64.71.128.82 inet6 fe80::2d0:b7ff:fe23:3a0f%gif0 prefixlen 64 scopeid 0x5 inet6 2001:470:1f00:ffff::ad --> 2001:470:1f00:ffff::ac prefixlen 128 All looks correct however when ping6ing the peer, I get no response, so I did a tcpdump on the gif0 interface: 09:35:35.338762 sapphite-pt.tunnel.tserv1.fmt.ipv6.he.net > sapphite.tunnel.tserv1.fmt.ipv6.he.net: icmp6: echo request 09:35:36.338752 sapphite-pt.tunnel.tserv1.fmt.ipv6.he.net > sapphite.tunnel.tserv1.fmt.ipv6.he.net: icmp6: echo request 09:35:37.338746 sapphite-pt.tunnel.tserv1.fmt.ipv6.he.net > sapphite.tunnel.tserv1.fmt.ipv6.he.net: icmp6: echo request 09:35:38.338790 sapphite-pt.tunnel.tserv1.fmt.ipv6.he.net > sapphite.tunnel.tserv1.fmt.ipv6.he.net: icmp6: echo request If I then do a tcpdump on the fxp1 interface (external ipv4 interface).... femme:~# tcpdump -i fxp1 host 64.71.128.82 tcpdump: listening on fxp1 09:36:28.456322 64.71.128.82 > listmistress.org: sapphite.tunnel.tserv01.fmt.ipv6.he.net > sapphite-pt.tunnel.tserv1.fmt.ipv6.he.net: icmp6: echo reply 09:36:29.339881 listmistress.org > 64.71.128.82: sapphite-pt.tunnel.tserv1.fmt.ipv6.he.net > sapphite.tunnel.tserv1.fmt.ipv6.he.net: icmp6: echo request 09:36:29.448975 64.71.128.82 > listmistress.org: sapphite.tunnel.tserv1.fmt.ipv6.he.net > sapphite-pt.tunnel.tserv1.fmt.ipv6.he.net: icmp6: echo reply 09:36:30.339941 listmistress.org > 64.71.128.82: sapphite-pt.tunnel.tserv1.fmt.ipv6.he.net > sapphite.tunnel.tserv1.fmt.ipv6.he.net: icmp6: echo request 09:36:30.446743 64.71.128.82 > listmistress.org: sapphite.tunnel.tserv1.fmt.ipv6.he.net > sapphite-pt.tunnel.tserv1.fmt.ipv6.he.net: icmp6: echo reply 09:36:31.339905 listmistress.org > 64.71.128.82: sapphite-pt.tunnel.tserv1.fmt.ipv6.he.net > sapphite.tunnel.tserv1.fmt.ipv6.he.net: icmp6: echo request Why is the reply not being tunneled back? it works on my OpenBSD box, just not on my FreeBSD one (the one that I route with) -Trish -- Trish Lynch trish@bsdunix.net Ecartis Core Team trish@listmistress.org Key fingerprint = C44E 8E63 6E3C 18BD 608F E004 9DC7 C2E9 0E24 DFBD To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Sep 12 6:54: 0 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E07F537B400 for ; Thu, 12 Sep 2002 06:53:57 -0700 (PDT) Received: from laposte.enst-bretagne.fr (laposte.enst-bretagne.fr [192.108.115.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 14D3443E3B for ; Thu, 12 Sep 2002 06:53:56 -0700 (PDT) (envelope-from Francis.Dupont@enst-bretagne.fr) Received: from rsm.rennes.enst-bretagne.fr (rsm.rennes.enst-bretagne.fr [192.44.77.1]) by laposte.enst-bretagne.fr (8.11.6/8.11.6) with ESMTP id g8CDrcR16168; Thu, 12 Sep 2002 15:53:46 +0200 Received: from givry.rennes.enst-bretagne.fr (givry.rennes.enst-bretagne.fr [193.52.74.194]) by rsm.rennes.enst-bretagne.fr (8.8.8/8.8.8) with ESMTP id PAA16977; Thu, 12 Sep 2002 15:53:38 +0200 (MET DST) Received: from givry.rennes.enst-bretagne.fr (localhost.rennes.enst-bretagne.fr [127.0.0.1]) by givry.rennes.enst-bretagne.fr (8.12.3/8.12.3) with ESMTP id g8CDrX6o084332; Thu, 12 Sep 2002 15:53:37 +0200 (CEST) (envelope-from dupont@givry.rennes.enst-bretagne.fr) Message-Id: <200209121353.g8CDrX6o084332@givry.rennes.enst-bretagne.fr> From: Francis Dupont To: snap-users@kame.net Cc: Lista , Octavio.Medina@enst-bretagne.fr, Jean-Luc.Richier@imag.fr Subject: Re: (KAME-snap 6887) Re: Reencapsulate IPv6-over-IPv6 "over" IPv4 doesn't work for me, but it should, right ? In-reply-to: Your message of Thu, 12 Sep 2002 14:53:36 +0200. <3D808E50.E14E7FC2@it.uc3m.es> Date: Thu, 12 Sep 2002 15:53:33 +0200 X-Virus-Scanned: by amavisd-milter (http://amavis.org/) at enst-bretagne.fr Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In your previous mail you wrote: > => try to set MAX_GIF_NEST (kernel option) to a small value I haven't found such option. Are you sure FreeBSD-4.5 has it ? => read [/usr/src]/sys/net/if_gif.c We have to add it in the kernel config file as an option and to ignore the warning you should get from an undeclared option. Another way is to patch if_gif.c directly (but the #ifndef is there in order to provide the other better way :-). PS: In "gif1", I don't see any problem with a prefix of /126... => look at the archive of this list (snap-users) for a message by Itojun about reasonable prefix lengths for gif interfaces. Regards Francis.Dupont@enst-bretagne.fr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Sep 12 7:36:56 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A25DC37B400 for ; Thu, 12 Sep 2002 07:36:52 -0700 (PDT) Received: from femme.sapphite.org (pcp02268182pcs.longhl01.md.comcast.net [68.50.99.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC71D43E3B for ; Thu, 12 Sep 2002 07:36:51 -0700 (PDT) (envelope-from trish@bsdunix.net) Received: from localhost (trish@localhost [127.0.0.1]) by femme.sapphite.org (8.12.6/8.12.5) with ESMTP id g8CEbJgo036379 for ; Thu, 12 Sep 2002 10:37:20 -0400 (EDT) (envelope-from trish@bsdunix.net) Date: Thu, 12 Sep 2002 10:37:19 -0400 (EDT) From: Trish Lynch X-X-Sender: To: Subject: Re: ipv6 tunneling over ipv4 acting weird In-Reply-To: <20020912094213.J6060-100000@femme.sapphite.org> Message-ID: <20020912103642.A6060-100000@femme.sapphite.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Just as a point, a freenet6 autoconfigured tunnel does the same exact thing.... -Trish On Thu, 12 Sep 2002, Trish Lynch wrote: > I may be doing something wrong, but as far as I know, everything looks > right: > > I'm trying to get a tunnel that previously worked working again. > > this is on FreeBSD 5.0-CURRENT > > ifconfig gif0 create > ifconfig gif0 tunnel 68.50.99.190 64.71.128.82 > ifconfig gif0 inet6 2001:470:1F00:FFFF::AD 2001:470:1F00:FFFF::AC prefixlen 128 > route -n add -inet6 default 2001:470:1F00:FFFF::AC > > > femme:~# ifconfig gif0 > gif0: flags=8051 mtu 1280 > tunnel inet 68.50.99.190 --> 64.71.128.82 > inet6 fe80::2d0:b7ff:fe23:3a0f%gif0 prefixlen 64 scopeid 0x5 > inet6 2001:470:1f00:ffff::ad --> 2001:470:1f00:ffff::ac prefixlen 128 > > > All looks correct however when ping6ing the peer, I get no response, so I > did a tcpdump on the gif0 interface: > > 09:35:35.338762 sapphite-pt.tunnel.tserv1.fmt.ipv6.he.net > > sapphite.tunnel.tserv1.fmt.ipv6.he.net: icmp6: echo request > 09:35:36.338752 sapphite-pt.tunnel.tserv1.fmt.ipv6.he.net > > sapphite.tunnel.tserv1.fmt.ipv6.he.net: icmp6: echo request > 09:35:37.338746 sapphite-pt.tunnel.tserv1.fmt.ipv6.he.net > > sapphite.tunnel.tserv1.fmt.ipv6.he.net: icmp6: echo request > 09:35:38.338790 sapphite-pt.tunnel.tserv1.fmt.ipv6.he.net > > sapphite.tunnel.tserv1.fmt.ipv6.he.net: icmp6: echo request > > If I then do a tcpdump on the fxp1 interface (external ipv4 interface).... > > > femme:~# tcpdump -i fxp1 host 64.71.128.82 > tcpdump: listening on fxp1 > 09:36:28.456322 64.71.128.82 > listmistress.org: > sapphite.tunnel.tserv01.fmt.ipv6.he.net > > sapphite-pt.tunnel.tserv1.fmt.ipv6.he.net: icmp6: echo reply > 09:36:29.339881 listmistress.org > 64.71.128.82: > sapphite-pt.tunnel.tserv1.fmt.ipv6.he.net > > sapphite.tunnel.tserv1.fmt.ipv6.he.net: icmp6: echo request > 09:36:29.448975 64.71.128.82 > listmistress.org: > sapphite.tunnel.tserv1.fmt.ipv6.he.net > > sapphite-pt.tunnel.tserv1.fmt.ipv6.he.net: icmp6: echo reply > 09:36:30.339941 listmistress.org > 64.71.128.82: > sapphite-pt.tunnel.tserv1.fmt.ipv6.he.net > > sapphite.tunnel.tserv1.fmt.ipv6.he.net: icmp6: echo request > 09:36:30.446743 64.71.128.82 > listmistress.org: > sapphite.tunnel.tserv1.fmt.ipv6.he.net > > sapphite-pt.tunnel.tserv1.fmt.ipv6.he.net: icmp6: echo reply > 09:36:31.339905 listmistress.org > 64.71.128.82: > sapphite-pt.tunnel.tserv1.fmt.ipv6.he.net > > sapphite.tunnel.tserv1.fmt.ipv6.he.net: icmp6: echo request > > > Why is the reply not being tunneled back? it works on my OpenBSD box, just > not on my FreeBSD one (the one that I route with) > > -Trish > > -- > Trish Lynch trish@bsdunix.net > Ecartis Core Team trish@listmistress.org > Key fingerprint = C44E 8E63 6E3C 18BD 608F E004 9DC7 C2E9 0E24 DFBD > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > -- Trish Lynch trish@bsdunix.net Ecartis Core Team trish@listmistress.org Key fingerprint = C44E 8E63 6E3C 18BD 608F E004 9DC7 C2E9 0E24 DFBD To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Sep 12 8:14:14 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A54237B400 for ; Thu, 12 Sep 2002 08:14:11 -0700 (PDT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id C604D43E3B for ; Thu, 12 Sep 2002 08:14:10 -0700 (PDT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (IDENT:brdavis@localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.12.3/8.12.3) with ESMTP id g8CFE1wu008225; Thu, 12 Sep 2002 08:14:01 -0700 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.12.3/8.12.3/Submit) id g8CFE0JY008223; Thu, 12 Sep 2002 08:14:00 -0700 Date: Thu, 12 Sep 2002 08:14:00 -0700 From: Brooks Davis To: Francis Dupont Cc: snap-users@kame.net, Lista , Octavio.Medina@enst-bretagne.fr, Jean-Luc.Richier@imag.fr Subject: Re: (KAME-snap 6887) Re: Reencapsulate IPv6-over-IPv6 "over" IPv4 doesn't work for me, but it should, right ? Message-ID: <20020912081400.A28716@Odin.AC.HMC.Edu> References: <3D808E50.E14E7FC2@it.uc3m.es> <200209121353.g8CDrX6o084332@givry.rennes.enst-bretagne.fr> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="5vNYLRcllDrimb99" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200209121353.g8CDrX6o084332@givry.rennes.enst-bretagne.fr>; from Francis.Dupont@enst-bretagne.fr on Thu, Sep 12, 2002 at 03:53:33PM +0200 X-Virus-Scanned: by amavisd-milter (http://amavis.org/) on odin.ac.hmc.edu Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --5vNYLRcllDrimb99 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Sep 12, 2002 at 03:53:33PM +0200, Francis Dupont wrote: > In your previous mail you wrote: >=20 > > =3D> try to set MAX_GIF_NEST (kernel option) to a small value > =20 > I haven't found such option. Are you sure FreeBSD-4.5 has it ? > =20 > =3D> read [/usr/src]/sys/net/if_gif.c > We have to add it in the kernel config file as an option and > to ignore the warning you should get from an undeclared option. > Another way is to patch if_gif.c directly (but the #ifndef is there > in order to provide the other better way :-). An even better solution is to upgrade to 4.6 or so and use the net.link.gif.max_nesting sysctl. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --5vNYLRcllDrimb99 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9gK83XY6L6fI4GtQRAsPgAJ9ase3Fq2X/cuPdEwET/9a7iM3GbACgrFWg g8VLmbGNYsTyYTcwMT745Dc= =5w5X -----END PGP SIGNATURE----- --5vNYLRcllDrimb99-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Sep 12 8:32:44 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D152437B400 for ; Thu, 12 Sep 2002 08:32:39 -0700 (PDT) Received: from smtp.uc3m.es (smtp02.uc3m.es [163.117.136.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1FDA743E6E for ; Thu, 12 Sep 2002 08:32:39 -0700 (PDT) (envelope-from jrh@it.uc3m.es) Received: from smtp02.uc3m.es (localhost [127.0.0.1]) by smtp.uc3m.es (Postfix) with ESMTP id 288234313C; Thu, 12 Sep 2002 17:32:38 +0200 (CEST) Received: from it.uc3m.es (mira.it.uc3m.es [163.117.140.166]) by smtp02.uc3m.es (Postfix) with ESMTP id BD52B99F2A; Thu, 12 Sep 2002 17:32:37 +0200 (CEST) Message-ID: <3D80B395.427E5416@it.uc3m.es> Date: Thu, 12 Sep 2002 17:32:37 +0200 From: Juan Francisco Rodriguez Hervella X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.5-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Brooks Davis Cc: Francis Dupont , snap-users@kame.net, Lista , Octavio.Medina@enst-bretagne.fr, Jean-Luc.Richier@imag.fr Subject: Re: (KAME-snap 6887) Re: Reencapsulate IPv6-over-IPv6 "over" IPv4 doesn't work for me, but it should, right ? References: <3D808E50.E14E7FC2@it.uc3m.es> <200209121353.g8CDrX6o084332@givry.rennes.enst-bretagne.fr> <20020912081400.A28716@Odin.AC.HMC.Edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Firstly thanks for answering. I don't know if this is the correct form of doing it, but I've changed "compile/GENERIC/opt_inet6.h" and I've added "#define MAX_GIF_NEST 3"... recopiled as usual... And now it works fine ! Thanks again for your help. Brooks Davis wrote: > > On Thu, Sep 12, 2002 at 03:53:33PM +0200, Francis Dupont wrote: > > In your previous mail you wrote: > > > > > => try to set MAX_GIF_NEST (kernel option) to a small value > > > > I haven't found such option. Are you sure FreeBSD-4.5 has it ? > > > > => read [/usr/src]/sys/net/if_gif.c > > We have to add it in the kernel config file as an option and > > to ignore the warning you should get from an undeclared option. > > Another way is to patch if_gif.c directly (but the #ifndef is there > > in order to provide the other better way :-). > > An even better solution is to upgrade to 4.6 or so and use the > net.link.gif.max_nesting sysctl. > > -- Brooks > > -- > Any statement of the form "X is the one, true Y" is FALSE. > PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 > > ------------------------------------------------------------------------ > Part 1.2Type: application/pgp-signature -- JFRH. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Sep 12 9:18:28 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BDE8537B400 for ; Thu, 12 Sep 2002 09:18:24 -0700 (PDT) Received: from relay1.macomnet.ru (relay1.macomnet.ru [195.128.64.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8678243E4A for ; Thu, 12 Sep 2002 09:18:23 -0700 (PDT) (envelope-from maxim@macomnet.ru) Received: from news1.macomnet.ru (news1.macomnet.ru [195.128.64.14]) by relay1.macomnet.ru (8.11.6/8.11.6) with ESMTP id g8CGILO980711 for ; Thu, 12 Sep 2002 20:18:22 +0400 (MSD) Date: Thu, 12 Sep 2002 20:18:21 +0400 (MSD) From: Maxim Konovalov To: freebsd-net@freebsd.org Subject: ip reassembling patch Message-ID: <20020912194517.K2218-100000@news1.macomnet.ru> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello -net, There is a minor bug in reassembling code. sys/netinet/ip_input.c::ip_input(): 730 if (ip->ip_off & IP_MF) { 731 /* 732 * Make sure that fragments have a data length 733 * that's a non-zero multiple of 8 bytes. 734 */ 735 if (ip->ip_len == 0 || (ip->ip_len & 0x7) != 0) { 736 ipstat.ips_toosmall++; /* XXX */ 737 goto bad; 738 } 739 m->m_flags |= M_FRAG; 740 } In the code above we go through all mbufs with fragments and set M_FRAG for all mbufs except the last one. sys/netinet/ip_input.c::ip_reass() checks this flag later: 1013 /* Make sure the last packet didn't have the IP_MF flag */ 1014 if (p->m_flags & M_FRAG) 1015 return (0); It doesn't work for simplex interfaces because ip_output() sets M_FRAG for *all* mbufs with fragments. That is why # ifconfig lo0 mtu 16384 && ping -s 20000 localhost doesn't work. (It works for mtu ~= MCLBYTES due to looutput()'s feature/bug). I have already discussed this problem with bde and jlemon, I made several patches, the less intrusive one is below: Index: sys/netinet/ip_input.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_input.c,v retrieving revision 1.130.2.38 diff -u -r1.130.2.38 ip_input.c --- sys/netinet/ip_input.c 9 Aug 2002 14:49:22 -0000 1.130.2.38 +++ sys/netinet/ip_input.c 9 Sep 2002 14:35:39 -0000 @@ -714,7 +714,8 @@ goto bad; } m->m_flags |= M_FRAG; - } + } else + m->m_flags &= ~M_FRAG; ip->ip_off <<= 3; /* %%% Any objections? -- Maxim Konovalov, MAcomnet, Internet Dept., system engineer phone: +7 (095) 796-9079, mailto:maxim@macomnet.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Sep 12 10:45: 7 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A34A637B400 for ; Thu, 12 Sep 2002 10:45:05 -0700 (PDT) Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 10A8343E4A for ; Thu, 12 Sep 2002 10:45:05 -0700 (PDT) (envelope-from archie@dellroad.org) Received: from arch20m.dellroad.org (arch20m.dellroad.org [10.1.1.20]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id KAA76541; Thu, 12 Sep 2002 10:44:23 -0700 (PDT) Received: (from archie@localhost) by arch20m.dellroad.org (8.11.6/8.11.6) id g8CHgcu43827; Thu, 12 Sep 2002 10:42:38 -0700 (PDT) (envelope-from archie) From: Archie Cobbs Message-Id: <200209121742.g8CHgcu43827@arch20m.dellroad.org> Subject: Re: mpd and limit number of user sessions In-Reply-To: <002801c25a4f$5c241520$4123d696@ugr.es> "from Francisco J. Medina Jimenez at Sep 12, 2002 01:27:20 pm" To: "Francisco J. Medina Jimenez" Date: Thu, 12 Sep 2002 10:42:38 -0700 (PDT) Cc: freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL88 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Francisco J. Medina Jimenez writes: > I would like to know if it's possible to limit the number of > sessions that one user can do, put time restrictions ... Mpd does not support doing this.. But this sounds like a more generic functionality, so perhaps there's a more generic solution out there that works whether or not you're using mpd. -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Sep 12 11:15:12 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4D37137B400 for ; Thu, 12 Sep 2002 11:15:10 -0700 (PDT) Received: from ns2.gnf.org (ns2.gnf.org [63.196.132.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id D20A243E6E for ; Thu, 12 Sep 2002 11:15:09 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: from EXCHCLUSTER01.lj.gnf.org (exch02.lj.gnf.org [172.25.10.20]) by ns2.gnf.org (8.12.3/8.12.3) with ESMTP id g8CIAKXb008533 for ; Thu, 12 Sep 2002 11:10:20 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: from roark.gnf.org ([172.25.24.15]) by EXCHCLUSTER01.lj.gnf.org with Microsoft SMTPSVC(5.0.2195.4905); Thu, 12 Sep 2002 11:15:09 -0700 Received: from roark.gnf.org (localhost [127.0.0.1]) by roark.gnf.org (8.12.5/8.12.5) with ESMTP id g8CIF97J063825 for ; Thu, 12 Sep 2002 11:15:09 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: (from gtetlow@localhost) by roark.gnf.org (8.12.5/8.12.5/Submit) id g8CIF99e063824 for net@FreeBSD.org; Thu, 12 Sep 2002 11:15:09 -0700 (PDT) Date: Thu, 12 Sep 2002 11:15:09 -0700 From: Gordon Tetlow To: net@FreeBSD.org Subject: ARP move hangs NFS mount Message-ID: <20020912181509.GY42734@roark.gnf.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="XQSDX3NWE02rtiZq" Content-Disposition: inline User-Agent: Mutt/1.4i X-OriginalArrivalTime: 12 Sep 2002 18:15:09.0641 (UTC) FILETIME=[54508390:01C25A88] Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --XQSDX3NWE02rtiZq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline I see this behavior on 4.6.1-RELEASE-p10: I have an EMC IP4700 NAS with 2 heads. On one head I have an active NFS share that is being used by my FreeBSD webservers for content. When I reboot the head that is actively hosting the NFS share, the other head arps up and takes over the ip address of the head that just rebooted. My FreeBSD webservers see the arp move but hang the NFS mount until the I reinstate the other head. As a comparison, I tried this on a linux box and it continued along without a hitch. Any ideas? Note: I'm not subscribed to the list, please CC: me on all replies -gordon --XQSDX3NWE02rtiZq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9gNmtRu2t9DV9ZfsRAgXZAKC2REhBtJC0eyRXFhgQDkfLdWz37ACgr2m+ x3zgZdkSlFo54It8aB0haWk= =Tc+0 -----END PGP SIGNATURE----- --XQSDX3NWE02rtiZq-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Sep 12 11:59:30 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 24D6F37B400 for ; Thu, 12 Sep 2002 11:59:29 -0700 (PDT) Received: from hotmail.com (f129.law9.hotmail.com [64.4.9.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id E1F6443E6E for ; Thu, 12 Sep 2002 11:59:28 -0700 (PDT) (envelope-from soheil_h_y@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 12 Sep 2002 11:59:28 -0700 Received: from 217.218.14.134 by lw9fd.law9.hotmail.msn.com with HTTP; Thu, 12 Sep 2002 18:59:28 GMT X-Originating-IP: [217.218.14.134] From: "soheil h" To: jdp@polstra.com, net@freebsd.org Cc: justin@mac.com Subject: Re: computing the Ack Seq. No. Date: Thu, 12 Sep 2002 23:29:28 +0430 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 12 Sep 2002 18:59:28.0881 (UTC) FILETIME=[85585610:01C25A8E] Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi list accourding to my code does anyone think that i must make the th_off ntohsed ????????? NTOHS(th_off) ????????? Please verify me i know that i didn't do that thanx _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Sep 12 14: 6:50 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A88C937B401 for ; Thu, 12 Sep 2002 14:06:47 -0700 (PDT) Received: from wall.polstra.com (wall-gw.polstra.com [206.213.73.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id AEB9C43E6A for ; Thu, 12 Sep 2002 14:06:46 -0700 (PDT) (envelope-from jdp@polstra.com) Received: from vashon.polstra.com (vashon.polstra.com [206.213.73.13]) by wall.polstra.com (8.11.3/8.11.3) with ESMTP id g8CL6Xf68402; Thu, 12 Sep 2002 14:06:33 -0700 (PDT) (envelope-from jdp@vashon.polstra.com) Received: (from jdp@localhost) by vashon.polstra.com (8.12.5/8.12.5/Submit) id g8CL6XvX033841; Thu, 12 Sep 2002 14:06:33 -0700 (PDT) (envelope-from jdp) Date: Thu, 12 Sep 2002 14:06:33 -0700 (PDT) Message-Id: <200209122106.g8CL6XvX033841@vashon.polstra.com> To: net@freebsd.org From: John Polstra Cc: soheil_h_y@hotmail.com Subject: Re: computing the Ack Seq. No. In-Reply-To: References: Organization: Polstra & Co., Seattle, WA Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In article , soheil h wrote: > Hi list > accourding to my code > does anyone think that i must make the th_off ntohsed ????????? > NTOHS(th_off) ????????? > Please verify me > i know that i didn't do that > thanx No, th_off is not a multibyte field, so you don't have to byte swap it. But you do have to byte swap the sequence number (ntohl), the ack (ntohl), and the ip length (ntohs) before you do calculations on them. And then you have to swap the results back (htonl, htons) before you send them out the network. John -- John Polstra John D. Polstra & Co., Inc. Seattle, Washington USA "Disappointment is a good sign of basic intelligence." -- Chögyam Trungpa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Sep 13 3:46:43 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 79A6837B400 for ; Fri, 13 Sep 2002 03:46:41 -0700 (PDT) Received: from web21408.mail.yahoo.com (web21408.mail.yahoo.com [216.136.232.78]) by mx1.FreeBSD.org (Postfix) with SMTP id 36A1443E42 for ; Fri, 13 Sep 2002 03:46:41 -0700 (PDT) (envelope-from igbarn@yahoo.com) Message-ID: <20020913104640.55743.qmail@web21408.mail.yahoo.com> Received: from [194.159.6.17] by web21408.mail.yahoo.com via HTTP; Fri, 13 Sep 2002 11:46:40 BST Date: Fri, 13 Sep 2002 11:46:40 +0100 (BST) From: =?iso-8859-1?q?Iain=20Barnes?= Subject: gif intergace MTU problem To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Sep 13 3:51:35 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B976F37B400 for ; Fri, 13 Sep 2002 03:51:31 -0700 (PDT) Received: from web21409.mail.yahoo.com (web21409.mail.yahoo.com [216.136.232.79]) by mx1.FreeBSD.org (Postfix) with SMTP id 7455743E75 for ; Fri, 13 Sep 2002 03:51:31 -0700 (PDT) (envelope-from igbarn@yahoo.com) Message-ID: <20020913105131.85419.qmail@web21409.mail.yahoo.com> Received: from [194.159.6.17] by web21409.mail.yahoo.com via HTTP; Fri, 13 Sep 2002 11:51:31 BST Date: Fri, 13 Sep 2002 11:51:31 +0100 (BST) From: =?iso-8859-1?q?Iain=20Barnes?= Subject: gif intergace MTU problem - take 2 To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ok, We have a number of 6over4 gif interfaces configured on our 4.6 release machine. The default MTU is configured as 1280, which is fine, but when attempting to increase this to a larger value, such as 1400, ifconfig reports that the new value has been applied correctly, but upon actually sending large packets we find that v6 fragmentation occurs at source. We need to increase the MTU to take into account a further layer of tunnelling applied downstream of the FreeBSD machine. It appears that the MTU isn't being honoured as set. Is this a known problem fixed by 4.6.2 ? Iain __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Sep 13 6:17:39 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D622137B400; Fri, 13 Sep 2002 06:17:37 -0700 (PDT) Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id D3DCF43EAA; Fri, 13 Sep 2002 06:17:33 -0700 (PDT) (envelope-from gallatin@cs.duke.edu) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.9.3/8.9.3) with ESMTP id JAA07230; Fri, 13 Sep 2002 09:17:33 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id g8DDH3U73788; Fri, 13 Sep 2002 09:17:03 -0400 (EDT) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15745.58702.945886.573972@grasshopper.cs.duke.edu> Date: Fri, 13 Sep 2002 09:17:02 -0400 (EDT) To: Gordon Tetlow Cc: net@FreeBSD.org, dillon@FreeBSD.org Subject: Re: ARP move hangs NFS mount In-Reply-To: <20020912181509.GY42734@roark.gnf.org> References: <20020912181509.GY42734@roark.gnf.org> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Gordon Tetlow writes: > I see this behavior on 4.6.1-RELEASE-p10: > > I have an EMC IP4700 NAS with 2 heads. On one head I have an active NFS share > that is being used by my FreeBSD webservers for content. When I reboot the > head that is actively hosting the NFS share, the other head arps up and takes > over the ip address of the head that just rebooted. My FreeBSD webservers see > the arp move but hang the NFS mount until the I reinstate the other head. As > a comparison, I tried this on a linux box and it continued along without a > hitch. Any ideas? I'll bet that when the second head takes over, it replies using its own IP address, rather the IP address of the head that it took over from. There's something about the FreeBSD NFS client implementation which requires that if you make an NFS request to a certain IP address, the reply MUST return from that same IP address. Otherwise, the reply will be ignored. Matt -- Do you know off the top of your head what makes this happen? While I realize that its a security feature, its caused me no end of suffering at two different sites, and I'd really like to know how to disable it! ;) Thanks, Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Sep 13 8:55:43 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A491037B401 for ; Fri, 13 Sep 2002 08:55:37 -0700 (PDT) Received: from web14606.mail.yahoo.com (web14606.mail.yahoo.com [216.136.224.86]) by mx1.FreeBSD.org (Postfix) with SMTP id 10CE543E4A for ; Fri, 13 Sep 2002 08:55:37 -0700 (PDT) (envelope-from shubha_mr@yahoo.com) Message-ID: <20020913155536.56220.qmail@web14606.mail.yahoo.com> Received: from [12.151.32.25] by web14606.mail.yahoo.com via HTTP; Fri, 13 Sep 2002 16:55:36 BST Date: Fri, 13 Sep 2002 16:55:36 +0100 (BST) From: =?iso-8859-1?q?shubha=20mr?= Subject: help needed. To: freebsd-net@FreeBSD.org Cc: freebsd-questions@FreeBSD.ORG MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I am using samba to share a file on my freebsd machine so that other windows machines(windows 2000 machines,precisely) can access them. Is there an options by which I can make this shared file non-cacheable on the client side?(My clients are win2k machines).I mean the clients should not be able to cache this file so that they NEED to do network transactions to read from this shared file? Thnaks in advance, shubha __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Sep 13 9: 3:22 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 67EEE37B406 for ; Fri, 13 Sep 2002 09:03:18 -0700 (PDT) Received: from relay1.macomnet.ru (relay1.macomnet.ru [195.128.64.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 39C4E43E6A for ; Fri, 13 Sep 2002 09:03:16 -0700 (PDT) (envelope-from maxim@macomnet.ru) Received: from news1.macomnet.ru (news1.macomnet.ru [195.128.64.14]) by relay1.macomnet.ru (8.11.6/8.11.6) with ESMTP id g8DG3EH1029915 for ; Fri, 13 Sep 2002 20:03:14 +0400 (MSD) Date: Fri, 13 Sep 2002 20:03:14 +0400 (MSD) From: Maxim Konovalov X-X-Sender: Maxim Konovalov To: freebsd-net@freebsd.org Subject: ip_output() problem with a large packets and IP_OPTIONS Message-ID: <20020913194115.F94274-100000@news1.macomnet.ru> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello -net, There is a problem when there is no room for ip options and ip_insertoptions() fails. ip_output() does not initialize len and doesn't check what ip_insertoptions() returns. This behaviour leads to a panic when you are trying to send 65507 bytes packet and setsockopt(IP_OPTIONS). Please review a patch below: Index: sys/netinet/ip_output.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_output.c,v retrieving revision 1.163 diff -u -r1.163 ip_output.c --- sys/netinet/ip_output.c 31 Jul 2002 17:21:01 -0000 1.163 +++ sys/netinet/ip_output.c 13 Sep 2002 15:14:31 -0000 @@ -141,6 +141,7 @@ int rv; #endif /* PFIL_HOOKS */ + len = 0; args.eh = NULL; args.rule = NULL; args.next_hop = NULL; @@ -199,7 +200,8 @@ if (opt) { m = ip_insertoptions(m, opt, &len); - hlen = len; + if (len >= sizeof(struct ip)) + hlen = len; } ip = mtod(m, struct ip *); pkt_dst = args.next_hop ? args.next_hop->sin_addr : ip->ip_dst; %%% -- Maxim Konovalov, MAcomnet, Internet Dept., system engineer phone: +7 (095) 796-9079, mailto:maxim@macomnet.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Sep 13 9:13:29 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9565C37B400 for ; Fri, 13 Sep 2002 09:13:27 -0700 (PDT) Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1176043E42 for ; Fri, 13 Sep 2002 09:13:27 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: from apollo.backplane.com (localhost [127.0.0.1]) by apollo.backplane.com (8.12.5/8.12.4) with ESMTP id g8DGDPPQ045284; Fri, 13 Sep 2002 09:13:25 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.12.5/8.12.4/Submit) id g8DGDNcb045281; Fri, 13 Sep 2002 09:13:23 -0700 (PDT) (envelope-from dillon) Date: Fri, 13 Sep 2002 09:13:23 -0700 (PDT) From: Matthew Dillon Message-Id: <200209131613.g8DGDNcb045281@apollo.backplane.com> To: Andrew Gallatin Cc: Gordon Tetlow , net@FreeBSD.ORG Subject: Re: ARP move hangs NFS mount References: <20020912181509.GY42734@roark.gnf.org> <15745.58702.945886.573972@grasshopper.cs.duke.edu> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org :... : > a comparison, I tried this on a linux box and it continued along without a : > hitch. Any ideas? : :I'll bet that when the second head takes over, it replies using its :own IP address, rather the IP address of the head that it took over :from. : :There's something about the FreeBSD NFS client implementation which :requires that if you make an NFS request to a certain IP address, the :reply MUST return from that same IP address. Otherwise, the reply :will be ignored. : :Matt -- Do you know off the top of your head what makes this happen? :While I realize that its a security feature, its caused me no end of :suffering at two different sites, and I'd really like to know how to :disable it! ;) : :Thanks, : :Drew It's probably because the NFS client does a connect() equivalent for UDP mounts as well as TCP mounts. That's my guess anyway. I'm not home at the moment so I can't investigate fully. Try mounting the filesystem with the 'conn' option (or -c option to mount_nfs). Alternatively, try using a TCP mount. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Sep 13 10:41:13 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5812E37B400 for ; Fri, 13 Sep 2002 10:41:06 -0700 (PDT) Received: from ns2.gnf.org (ns2.gnf.org [63.196.132.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id A75A843E4A for ; Fri, 13 Sep 2002 10:41:05 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: from EXCHCLUSTER01.lj.gnf.org (exch02.lj.gnf.org [172.25.10.20]) by ns2.gnf.org (8.12.3/8.12.3) with ESMTP id g8DHaAXb020915 for ; Fri, 13 Sep 2002 10:36:10 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: from roark.gnf.org ([172.25.24.15]) by EXCHCLUSTER01.lj.gnf.org with Microsoft SMTPSVC(5.0.2195.4905); Fri, 13 Sep 2002 10:41:05 -0700 Received: from roark.gnf.org (localhost [127.0.0.1]) by roark.gnf.org (8.12.5/8.12.5) with ESMTP id g8DHf57J080065; Fri, 13 Sep 2002 10:41:05 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: (from gtetlow@localhost) by roark.gnf.org (8.12.5/8.12.5/Submit) id g8DHf2Gv080064; Fri, 13 Sep 2002 10:41:02 -0700 (PDT) Date: Fri, 13 Sep 2002 10:41:02 -0700 From: Gordon Tetlow To: Matthew Dillon Cc: Andrew Gallatin , net@FreeBSD.ORG Subject: Re: ARP move hangs NFS mount Message-ID: <20020913174102.GA79669@roark.gnf.org> References: <20020912181509.GY42734@roark.gnf.org> <15745.58702.945886.573972@grasshopper.cs.duke.edu> <200209131613.g8DGDNcb045281@apollo.backplane.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="pWyiEgJYm5f9v55/" Content-Disposition: inline In-Reply-To: <200209131613.g8DGDNcb045281@apollo.backplane.com> User-Agent: Mutt/1.4i X-OriginalArrivalTime: 13 Sep 2002 17:41:05.0245 (UTC) FILETIME=[BC2C30D0:01C25B4C] Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --pWyiEgJYm5f9v55/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Sep 13, 2002 at 09:13:23AM -0700, Matthew Dillon wrote: > :... > : > a comparison, I tried this on a linux box and it continued along with= out a > : > hitch. Any ideas? > : > :I'll bet that when the second head takes over, it replies using its > :own IP address, rather the IP address of the head that it took over > :from. > : > :There's something about the FreeBSD NFS client implementation which > :requires that if you make an NFS request to a certain IP address, the > :reply MUST return from that same IP address. Otherwise, the reply > :will be ignored. > : > :Matt -- Do you know off the top of your head what makes this happen? > :While I realize that its a security feature, its caused me no end of > :suffering at two different sites, and I'd really like to know how to > :disable it! ;) > : > :Thanks, > : > :Drew >=20 > It's probably because the NFS client does a connect() equivalent > for UDP mounts as well as TCP mounts. That's my guess anyway. > I'm not home at the moment so I can't investigate fully. >=20 > Try mounting the filesystem with the 'conn' option (or -c option to > mount_nfs). Alternatively, try using a TCP mount. This worked for me. Thanks! -gordon --pWyiEgJYm5f9v55/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9giMuRu2t9DV9ZfsRAmSCAKCbS+fchx6Y1nznUsQPcMhKgLQDjgCgxTmN CiCHz7mvPXUBhclosvib8KE= =MODC -----END PGP SIGNATURE----- --pWyiEgJYm5f9v55/-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Sep 13 14:58: 9 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF91637B400 for ; Fri, 13 Sep 2002 14:58:05 -0700 (PDT) Received: from mx2.licentia.net (24-196-96-227.jvl.wi.charter.com [24.196.96.227]) by mx1.FreeBSD.org (Postfix) with SMTP id 0216743E42 for ; Fri, 13 Sep 2002 14:58:05 -0700 (PDT) (envelope-from lists@stevenfettig.com) Received: (qmail 20110 invoked from network); 13 Sep 2002 21:57:59 -0000 Received: from unknown (HELO Unknown21) (10.6.18.1) by mx2.licentia.net with SMTP; 13 Sep 2002 21:57:59 -0000 Date: Fri, 13 Sep 2002 16:58:00 -0500 Mime-Version: 1.0 (Apple Message framework v482) Content-Type: text/plain; charset=US-ASCII; format=flowed Subject: Network Transfer Speed Issues - Tweaks/Advice? From: Steve Fettig To: net@freebsd.org Content-Transfer-Encoding: 7bit Message-Id: X-Mailer: Apple Mail (2.482) Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I already asked this one in questions thinking that I should try there before hitting the net list. Since I haven't received any responses, I was hoping someone here might have a clue. I recently set up an NFS server to run daily backups on. The server was built using an old P150 w/ 90 MB of ram and a 6GB hard drive. (All servers in this experiment are set up using FBSD 4.6.2 and the client is a Mac PowerBook G4 running Mac OS X.) Attached to it is an external SCSI hard drive enclosure with 4 47GB SCSI drives running off an AHA-2490UW SCSI adapter. I am getting really odd performance when doing an NFS transfer (I also get odd performance out of scp) from the machine I am trying to back up. I will get a burst of 20Mbps for about 30 seconds, then it will ramp down to 1 Mbps for about 2 minutes, ramp backup to 20 Mbps, then back down to 1 Mbps and so on. It take absolutely forever to do any high volume transfer at this rate. I originally thought it was a faulty NIC, so I swapped out my 3Com 509B Fast Etherlink card for an Intel Pro 10/100 card. The switch between cards and also between PCI slots has made no difference. When I run the same setup on a PIII 1GHz machine, the results are completely different. I get average transfer rates of 20-40 Mbps between the client and server using the same ethernet hardware. I have also set up another test on a dual PII-450 and have the same luck as with the PIII 1 GHz machine. This is using the same network cables and adapters, but between faster machines. I don't have any other services other than NFS running on the old P150, so I don't understand what would be the root of the problem. Is there something I can tweak in the kernel config that would help me attain higher, consistent throughput or am I out of luck with the older machine? (By the way, soft updates are enabled on all of the machines. MaxUsers is set to 0 on the P150 and to 128 on the PIII 1 GHz, but from what I have read in the Handbook, setting MaxUsers to 0 only helps the system decide what is best given the current configuration.) If needed I can also attach my current kernel config... Thanks, Steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Sep 14 13:39: 8 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6542137B405 for ; Sat, 14 Sep 2002 13:39:04 -0700 (PDT) Received: from ns.flncs.com (srv.flncs.com [12.27.148.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0613343E65 for ; Sat, 14 Sep 2002 13:39:04 -0700 (PDT) (envelope-from moti@flncs.com) Received: from win (cable [12.164.45.65]) by ns.flncs.com (Postfix) with ESMTP id 5D09E106A0; Fri, 13 Sep 2002 18:07:46 -0400 (EDT) Message-ID: <003201c25b71$f03c4930$f901a8c0@win> From: "Moti Levy" To: "Steve Fettig" , References: Subject: Re: Network Transfer Speed Issues - Tweaks/Advice? Date: Fri, 13 Sep 2002 18:07:14 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org i my expirience it's ot the etwork but the file types ..... is it a large amount of small files or a small amount of large files . i get over 400kb a sec when transfering large ( 1gb + ) files files but 7.2kb a sec when copying our small files ( 1 to 5 kb each but over 300,000 of them ) if it's the case with you AFAIK there's not much you can do but change IO devices . Moti ----- Original Message ----- From: "Steve Fettig" To: Sent: Friday, September 13, 2002 5:58 PM Subject: Network Transfer Speed Issues - Tweaks/Advice? > Hi, > > I already asked this one in questions thinking that I should try there > before hitting the net list. Since I haven't received any responses, I > was hoping someone here might have a clue. > I recently set up an NFS server to run daily backups on. The server was > built using an old P150 w/ 90 MB of ram and a 6GB hard drive. (All > servers in this experiment are set up using FBSD 4.6.2 and the client is > a Mac PowerBook G4 running Mac OS X.) Attached to it is an external > SCSI hard drive enclosure with 4 47GB SCSI drives running off an > AHA-2490UW SCSI adapter. I am getting really odd performance when doing > an NFS transfer (I also get odd performance out of scp) from the machine > I am trying to back up. I will get a burst of 20Mbps for about 30 > seconds, then it will ramp down to 1 Mbps for about 2 minutes, ramp > backup to 20 Mbps, then back down to 1 Mbps and so on. It take > absolutely forever to do any high volume transfer at this rate. I > originally thought it was a faulty NIC, so I swapped out my 3Com 509B > Fast Etherlink card for an Intel Pro 10/100 card. The switch between > cards and also between PCI slots has made no difference. When I run the > same setup on a PIII 1GHz machine, the results are completely > different. I get average transfer rates of 20-40 Mbps between the > client and server using the same ethernet hardware. I have also set up > another test on a dual PII-450 and have the same luck as with the PIII 1 > GHz machine. This is using the same network cables and adapters, but > between faster machines. > I don't have any other services other than NFS running on the old P150, > so I don't understand what would be the root of the problem. > Is there something I can tweak in the kernel config that would help me > attain higher, consistent throughput or am I out of luck with the older > machine? (By the way, soft updates are enabled on all of the machines. > MaxUsers is set to 0 on the P150 and to 128 on the PIII 1 GHz, but from > what I have read in the Handbook, setting MaxUsers to 0 only helps the > system decide what is best given the current configuration.) If needed > I can also attach my current kernel config... > > Thanks, > Steve > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Sep 14 15: 0: 7 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F31E37B401 for ; Sat, 14 Sep 2002 15:00:06 -0700 (PDT) Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id D6CB443E6E for ; Sat, 14 Sep 2002 15:00:05 -0700 (PDT) (envelope-from archie@dellroad.org) Received: from arch20m.dellroad.org (arch20m.dellroad.org [10.1.1.20]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id OAA92992; Sat, 14 Sep 2002 14:51:23 -0700 (PDT) Received: (from archie@localhost) by arch20m.dellroad.org (8.11.6/8.11.6) id g8ELoP207460; Sat, 14 Sep 2002 14:50:25 -0700 (PDT) (envelope-from archie) From: Archie Cobbs Message-Id: <200209142150.g8ELoP207460@arch20m.dellroad.org> Subject: Re: ip_output() problem with a large packets and IP_OPTIONS In-Reply-To: <20020913194115.F94274-100000@news1.macomnet.ru> "from Maxim Konovalov at Sep 13, 2002 08:03:14 pm" To: Maxim Konovalov Date: Sat, 14 Sep 2002 14:50:25 -0700 (PDT) Cc: freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL88 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Maxim Konovalov writes: > There is a problem when there is no room for ip options and > ip_insertoptions() fails. ip_output() does not initialize len and > doesn't check what ip_insertoptions() returns. This behaviour leads to > a panic when you are trying to send 65507 bytes packet and > setsockopt(IP_OPTIONS). Please review a patch below: It's definitely broken the way it is and your patch seems to fix it. -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message