From owner-freebsd-net@FreeBSD.ORG Sun May 25 16:04:38 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4D30537B401; Sun, 25 May 2003 16:04:38 -0700 (PDT) Received: from mail.tel.fer.hr (zg05-198.dialin.iskon.hr [213.191.138.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9CF4043F93; Sun, 25 May 2003 16:04:33 -0700 (PDT) (envelope-from zec@tel.fer.hr) Received: from tel.fer.hr (marko-tp.katoda.net [192.168.201.109]) by mail.tel.fer.hr (8.12.6/8.12.6) with ESMTP id h4PN0Rfa002359; Mon, 26 May 2003 01:00:31 +0200 (CEST) (envelope-from zec@tel.fer.hr) Message-ID: <3ED14BF3.139CAC32@tel.fer.hr> Date: Mon, 26 May 2003 01:04:19 +0200 From: Marko Zec X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: hackers@freebsd.org, net@freebsd.org Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Network stack cloning / virtualization patches X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 May 2003 23:04:38 -0000 Hi all, at http://www.tel.fer.hr/zec/vimage/ you can find a set of patches against 4.8-RELEASE kernel that provide support for network stack cloning. The patched kernel allows multiple fully independent network stack instances to simultaneously coexist within a single OS kernel, providing a foundation for supporting diverse new applications, including: - Enhanced virtual hosting (think of jails with its own private set of network interfaces, IP addresses, routing tables, ipfw and dummynet instance etc.); - High-performance real-time network simulation / emulation; - Fully isolated overlay VPN provisioning (using IP tunnels), including the possibility of creating nested VPNs. The network stacks are embedded in new resource container entities named "virtual images". Each process and network stack instance within the system has to be associated with a virtual image, which in effect becomes a light or pseudo virtual machine entity. Additional goodies include the possibility to control some other resources besides the network stack, most notably the independent CPU load and usage accounting, as well as feedback-driven proportional share scheduling among virtual images. For more details, check the above URL. Note that the patch was designed to allow all existing applications and utilities to run unmodified on the patched kernel, so no recompiling of the userland is necessary. Hope you'll find use for the new framework :-) Cheers, Marko From owner-freebsd-net@FreeBSD.ORG Sun May 25 16:44:46 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 313DC37B404; Sun, 25 May 2003 16:44:46 -0700 (PDT) Received: from jkh-gw.queasyweasel.com (adsl-64-173-3-158.dsl.sntc01.pacbell.net [64.173.3.158]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2391543F75; Sun, 25 May 2003 16:44:45 -0700 (PDT) (envelope-from jkh@queasyweasel.com) Received: from queasyweasel.com (jkh@narcissus.queasyweasel.com [64.173.15.99])h4PNhb2J075547; Sun, 25 May 2003 16:43:37 -0700 (PDT) (envelope-from jkh@queasyweasel.com) Date: Sun, 25 May 2003 16:44:42 -0700 Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v552) To: Marko Zec From: Jordan K Hubbard In-Reply-To: <3ED14BF3.139CAC32@tel.fer.hr> Message-Id: Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.552) cc: hackers@freebsd.org cc: net@freebsd.org Subject: Re: Network stack cloning / virtualization patches X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 May 2003 23:44:46 -0000 Wow, this is VERY impressive! I wish all FreeBSD "research project" work of this nature was as complete, functional or compatible with existing applications as yours appears to be. Have you thought about extending this to the point to where each independent instance truly is a functionally independent kernel instance, similar to some of the "virtual Linux" work done by/for IBM so that you can run n "linuxes" on a single 3090 processor? - Jordan On Sunday, May 25, 2003, at 04:04 PM, Marko Zec wrote: > Hi all, > > at http://www.tel.fer.hr/zec/vimage/ you can find a set of patches > against 4.8-RELEASE kernel that provide support for network stack > cloning. The patched kernel allows multiple fully independent network > stack instances to simultaneously coexist within a single OS kernel, > providing a foundation for supporting diverse new applications, > including: > > - Enhanced virtual hosting (think of jails with its own private set of > network interfaces, IP addresses, routing tables, ipfw and dummynet > instance etc.); > - High-performance real-time network simulation / emulation; > - Fully isolated overlay VPN provisioning (using IP tunnels), including > the possibility of creating nested VPNs. > > The network stacks are embedded in new resource container entities > named "virtual images". Each process and network stack instance within > the system has to be associated with a virtual image, which in effect > becomes a light or pseudo virtual machine entity. Additional goodies > include the possibility to control some other resources besides the > network stack, most notably the independent CPU load and usage > accounting, as well as feedback-driven proportional share scheduling > among virtual images. For more details, check the above URL. > Note that the patch was designed to allow all existing applications and > utilities to run unmodified on the patched kernel, so no recompiling of > the userland is necessary. > Hope you'll find use for the new framework :-) > Cheers, > > Marko > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to > "freebsd-hackers-unsubscribe@freebsd.org" > -- Jordan K. Hubbard Engineering Manager, BSD technology group Apple Computer From owner-freebsd-net@FreeBSD.ORG Sun May 25 17:19:13 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 32CDA37B401; Sun, 25 May 2003 17:19:12 -0700 (PDT) Received: from mail.tel.fer.hr (zg05-198.dialin.iskon.hr [213.191.138.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 91DF943F75; Sun, 25 May 2003 17:19:10 -0700 (PDT) (envelope-from zec@tel.fer.hr) Received: from tel.fer.hr (marko-tp.katoda.net [192.168.201.109]) by mail.tel.fer.hr (8.12.6/8.12.6) with ESMTP id h4Q0F3fa002376; Mon, 26 May 2003 02:15:08 +0200 (CEST) (envelope-from zec@tel.fer.hr) Message-ID: <3ED15D6F.1BF1BB37@tel.fer.hr> Date: Mon, 26 May 2003 02:18:55 +0200 From: Marko Zec X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Jordan K Hubbard References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: hackers@freebsd.org cc: net@freebsd.org Subject: Re: Network stack cloning / virtualization patches X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 May 2003 00:19:13 -0000 Jordan K Hubbard wrote: > Have you thought about > extending this to the point to where each independent instance truly is > a functionally independent kernel instance, similar to some of the > "virtual Linux" work done by/for IBM so that you can run n "linuxes" > on a single 3090 processor? My model is much more in line with the pseudo-VM concepts, like the jail is (it actually reuses much of the jail code for userland separation between processes running in different virtual images). However, I'm only virtualizing certain resources _within_ the kernel, albeit the entire network stack is quite a big piece of resource :-) This is fundamentally different from what IBM does, as they virtualize the entire hardware and run fully contained OS images within the VMs. Each approach has its advantages and drawbacks, of course. IMO, the main benefits of the "light" VM model lie in near zero performance penalty compared to the unmodified OS, as well as in efficient usage of hardware resources (memory, filesystems). On the other hand, IBM's true VM shines in isolation between the VMs, but lags in efficiency... So, I'd certainly like to virtualize more system resources and make virtual images as independent from each other as possible, but they will always have to share the same kernel. Cheers, Marko From owner-freebsd-net@FreeBSD.ORG Sun May 25 18:07:19 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2AF3037B401 for ; Sun, 25 May 2003 18:07:19 -0700 (PDT) Received: from vineyard.net (k1.vineyard.net [204.17.195.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE3A043F93 for ; Sun, 25 May 2003 18:07:18 -0700 (PDT) (envelope-from ericx@vineyard.net) Received: by vineyard.net (Postfix, from userid 0) id 98E8391682; Sun, 25 May 2003 21:07:17 -0400 (EDT) To: net@freebsd.org From: Eric W.Bates Sender: Eric W.Bates Date: Sun, 25 May 2003 21:07:17 -0400 Message-Id: <20030526010717.98E8391682@vineyard.net> Subject: A problem with too many network interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Eric W.Bates" List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 May 2003 01:07:19 -0000 I'm trying to build a router/filter on FreeBSD 4.8 with 4 real NIC and 32 vlan interfaces. Starting dhcpd generates an error after 15 interfaces: "[interface] not found" My C skills are lacking so while I'm grovelling thru dhcpd source to find the problem; I was wondering if anyone knows of a kernel limit I need to increase? Thanks --- Eric W. Bates From owner-freebsd-net@FreeBSD.ORG Sun May 25 18:38:04 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A0CB37B401; Sun, 25 May 2003 18:38:04 -0700 (PDT) Received: from jkh-gw.queasyweasel.com (adsl-64-173-3-158.dsl.sntc01.pacbell.net [64.173.3.158]) by mx1.FreeBSD.org (Postfix) with ESMTP id 960CB43F75; Sun, 25 May 2003 18:38:03 -0700 (PDT) (envelope-from jkh@queasyweasel.com) Received: from queasyweasel.com (jkh@narcissus.queasyweasel.com [64.173.15.99])h4Q1at2J075692; Sun, 25 May 2003 18:36:55 -0700 (PDT) (envelope-from jkh@queasyweasel.com) Date: Sun, 25 May 2003 18:38:01 -0700 Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v552) To: Marko Zec From: Jordan K Hubbard In-Reply-To: <3ED15D6F.1BF1BB37@tel.fer.hr> Message-Id: Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.552) cc: hackers@freebsd.org cc: net@freebsd.org Subject: Re: Network stack cloning / virtualization patches X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 May 2003 01:38:04 -0000 On Sunday, May 25, 2003, at 05:18 PM, Marko Zec wrote: > So, I'd certainly like to virtualize more system resources and make > virtual images as independent from each other as possible, but they > will always > have to share the same kernel. That's actually what I was talking about - my comparison to what IBM's done may have been a bad example since, as you say, they've virtualized the hardware in true IBM (shades of VM) fashion. I think that's actually overkill for many usage scenarios since all you really want is the ability to run an "instance" of the OS which allows for all the user-visible configuration knobs to be changed and the appropriate user-visible resource limits to be enforced independently. Essentially a jail where it's literally impossible to tell that you're not the only "OS" on the machine or to affect a user or resource running on another instance. -- Jordan K. Hubbard Engineering Manager, BSD technology group Apple Computer From owner-freebsd-net@FreeBSD.ORG Sun May 25 23:57:27 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2211C37B401; Sun, 25 May 2003 23:57:27 -0700 (PDT) Received: from mwinf0403.wanadoo.fr (smtp5.wanadoo.fr [193.252.22.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id F361343FBD; Sun, 25 May 2003 23:57:25 -0700 (PDT) (envelope-from vjardin@wanadoo.fr) Received: from venus.vincentjardin.net (unknown [80.11.204.203]) by mwinf0403.wanadoo.fr (SMTP Server) with ESMTP id 7E97E5000340; Mon, 26 May 2003 08:57:24 +0200 (CEST) Content-Type: text/plain; charset="iso-8859-1" From: Vincent Jardin To: Marko Zec , hackers@freebsd.org, net@freebsd.org Date: Mon, 26 May 2003 08:57:26 +0200 User-Agent: KMail/1.4.3 References: <3ED14BF3.139CAC32@tel.fer.hr> In-Reply-To: <3ED14BF3.139CAC32@tel.fer.hr> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200305260857.26994.vjardin@wanadoo.fr> cc: riccardo.scandariato@polito.it Subject: Re: Network stack cloning / virtualization patches X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 May 2003 06:57:27 -0000 Congratulation. Since the last EuroBSD 2002 conference, there are 2 architectures to supp= ort=20 VPNs with FreeBSD : your patch and the Riccardo Scandariato one=20 (http://softeng.polito.it/freebsd/) that is very good too. =46rom a VPN point of view, how could both projects be compared ? Do you think that both projects could be merged or are there too much=20 differences between your two projects ? Regards, Vincent Le Lundi 26 Mai 2003 01:04, Marko Zec a =E9crit : > Hi all, > > at http://www.tel.fer.hr/zec/vimage/ you can find a set of patches > against 4.8-RELEASE kernel that provide support for network stack > cloning. The patched kernel allows multiple fully independent network > stack instances to simultaneously coexist within a single OS kernel, > providing a foundation for supporting diverse new applications, > including: > > - Enhanced virtual hosting (think of jails with its own private set of > network interfaces, IP addresses, routing tables, ipfw and dummynet > instance etc.); > - High-performance real-time network simulation / emulation; > - Fully isolated overlay VPN provisioning (using IP tunnels), including > the possibility of creating nested VPNs. > > The network stacks are embedded in new resource container entities > named "virtual images". Each process and network stack instance within > the system has to be associated with a virtual image, which in effect > becomes a light or pseudo virtual machine entity. Additional goodies > include the possibility to control some other resources besides the > network stack, most notably the independent CPU load and usage > accounting, as well as feedback-driven proportional share scheduling > among virtual images. For more details, check the above URL. > Note that the patch was designed to allow all existing applications and > utilities to run unmodified on the patched kernel, so no recompiling of > the userland is necessary. > Hope you'll find use for the new framework :-) > Cheers, > > Marko > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Mon May 26 01:06:33 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4EF6637B405 for ; Mon, 26 May 2003 01:06:33 -0700 (PDT) Received: from scribble.fsn.hu (scribble.fsn.hu [193.224.40.95]) by mx1.FreeBSD.org (Postfix) with SMTP id 15D1A43F75 for ; Mon, 26 May 2003 01:06:31 -0700 (PDT) (envelope-from bra@fsn.hu) Received: (qmail 8874 invoked from network); 26 May 2003 06:32:24 -0000 Received: from localhost (HELO fsn.hu) (127.0.0.1) by localhost with SMTP; 26 May 2003 06:32:24 -0000 Message-ID: <3ED1CB03.8010005@fsn.hu> Date: Mon, 26 May 2003 10:06:27 +0200 From: Attila Nagy Organization: Free Software Network Foundation - http://www.fsn.hu/ User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030507 X-Accept-Language: hu, en-us, en MIME-Version: 1.0 To: "Eric W.Bates" References: <20030526010717.98E8391682@vineyard.net> In-Reply-To: <20030526010717.98E8391682@vineyard.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: net@freebsd.org Subject: Re: A problem with too many network interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 May 2003 08:06:33 -0000 Eric W.Bates wrote: > I'm trying to build a router/filter on FreeBSD 4.8 with 4 real NIC and > 32 vlan interfaces. > Starting dhcpd generates an error after 15 interfaces: > "[interface] not found" > My C skills are lacking so while I'm grovelling thru dhcpd source to > find the problem; I was wondering if anyone knows of a kernel limit I > need to increase? It has nothing to do with FreeBSD. Take a look at common/discover.c to find the following code snippet: void discover_interfaces (state) int state; { struct interface_info *tmp, *ip; struct interface_info *last, *next; char buf [2048]; ^^^^ Increase the size of buf for example to 32768 and it will work. -- Attila Nagy e-mail: Attila.Nagy@fsn.hu Free Software Network (FSN.HU) phone @work: +361 210 1415/127 ISOs: http://www.fsn.hu/?f=download cell.: +3630 306 6758 From owner-freebsd-net@FreeBSD.ORG Mon May 26 09:45:11 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF9B837B401; Mon, 26 May 2003 09:45:11 -0700 (PDT) Received: from premijer.tel.fer.hr (premijer.tel.fer.hr [161.53.19.221]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1249143F93; Mon, 26 May 2003 09:45:11 -0700 (PDT) (envelope-from zec@tel.fer.hr) Received: from tel.fer.hr (unknown [161.53.243.135]) by premijer.tel.fer.hr (Postfix) with ESMTP id 802151404; Mon, 26 May 2003 18:44:50 +0200 (MET DST) Message-ID: <3ED2448D.88E08DBB@tel.fer.hr> Date: Mon, 26 May 2003 18:45:01 +0200 From: Marko Zec X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Vincent Jardin References: <3ED14BF3.139CAC32@tel.fer.hr> <200305260857.26994.vjardin@wanadoo.fr> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: hackers@freebsd.org cc: riccardo.scandariato@polito.it cc: net@freebsd.org Subject: Re: Network stack cloning / virtualization patches X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 May 2003 16:45:12 -0000 Vincent Jardin wrote: > Since the last EuroBSD 2002 conference, there are 2 architectures to support > VPNs with FreeBSD : your patch and the Riccardo Scandariato one > (http://softeng.polito.it/freebsd/) that is very good too. > > From a VPN point of view, how could both projects be compared ? > Do you think that both projects could be merged or are there too much > differences between your two projects ? Riccardo's VPN patches were designed specifically for supporting VPNs by basically virtualizing only the IP routing tables. The network stack cloning model is more generic, as it doesn't stop at the virtualization of the routing tables, but rather also provides multiple independent network interface lists, inbound queues, hash & PCB tables, IPFW rulesets, sysctl tunables, traffic counters / statistics etc. But the basic implementation idea and the motivation is quite similar for both frameworks, and they can both support IP-tunnel based overlay VPNs with overlapping addresing spaces. >From the userland API perspective the two approaches are slightly different. Riccardo's patches extended the socket API, so that the applications which require to operate on virtualized routing tables have also to be modified and recompiled. My model provides a single management utility which can be used to spawn new processes bound to a specific network stack instance. Once the processes are assigned to a network stack, all existing userland applications and utilities can operate on that stack without any modifications. Although the described two approaches might seem to follow fundamentally different ideas, IMO both frameworks could be easily modified to adopt the userland API convention of the other, if necessary. Marko From owner-freebsd-net@FreeBSD.ORG Mon May 26 09:48:15 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D74A037B401; Mon, 26 May 2003 09:48:15 -0700 (PDT) Received: from srv00.el.com.br (srv00.el.com.br [200.179.165.123]) by mx1.FreeBSD.org (Postfix) with ESMTP id 58D9143F93; Mon, 26 May 2003 09:48:14 -0700 (PDT) (envelope-from g-paiva@el.com.br) Received: from intranet.el.com.br (srv00.el.com.br [200.179.165.123]) by srv00.el.com.br (elsmtp) with SMTP id ACBC071039; Mon, 26 May 2003 13:48:03 -0300 (BRT) Received: from 192.168.1.194 (SquirrelMail authenticated user g-paiva) by intranet.el.com.br with HTTP; Mon, 26 May 2003 13:48:03 -0300 (BRT) Message-ID: <1156.192.168.1.194.1053967683.squirrel@intranet.el.com.br> Date: Mon, 26 May 2003 13:48:03 -0300 (BRT) From: "Paiva, Gilson de" To: freebsd-net@freebsd.org, freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.4.0 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 X-Priority: 3 Importance: Normal Subject: SOLVED: 3 NICs NAT setup, almost there ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 May 2003 16:48:16 -0000 I could get this working by: natd.conf: redirect_address 192.168.1.x public_address same_ports yes unregistered_only yes use_socks yes The secret, thanks to Barney Wolff, is to run two instances of nat, but the real trick is -alias_address public_address on rl0 packets, this way: /sbin/natd -f /etc/natd.conf -n ep0 /sbin/natd -f /etc/natd.conf -p 8669 -alias_address public_address and ipfw add xxx divert 8668 all from any to any via ep0 ipfw add xxx divert 8669 all from any to any via rl0 Thanks Barney! > >> On Fri, May 23, 2003 at 12:45:39PM -0300, Paiva, Gilson de wrote: >>> Hi, >>> >>> Take this scenario: >>> >>> >>> xxx/26 yyy/26 >>> internet --- ep0 freebsd rl0 --- wired clients >>> ep1 >>> | private ip ( 192.168.1.0/24 ) >>> | >>> wireless >>> >>> I have to nat packets with destination to an ip xxx/26 to an ip at private >>> ip net. So far so good with "common" redirect_address nat >>> configuration. >>> The problem happens with traffic between net yyy/26 and the private network ( and vice-versa ) because packets get routed to destination before they get translated by natd. >>> What´s the secret ? I tried everything I known and learned from reading but no setup could work out. >> >> I'd use ipfw and natd, and run two instances of natd listening on different >> divert sockets. Rules in ipfw can divert the packets to the right natd depending on where the packets are coming from or going to. >> >> -- >> Barney Wolff http://www.databus.com/bwresume.pdf >> I'm available by contract or FT, in the NYC metro area or via the 'Net. _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > > > -- > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > Paiva, Gilson de Domingos Martins > mailto:npd@el.com.br Brazil > http://www.el.com.br/ E&L Producoes de Software > http://www.FreeBSD.org/ FreeBSD: The Power to Serve > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > > ------------------------------------------------------------------------------ Aviso Legal: > Esta mensagem pode nao expressar oficialmente as ideias ou vontades da empresa > E&L Producoes de Software, sendo responsavel por esta exclusivamente seu autor. > -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Paiva, Gilson de Domingos Martins mailto:npd@el.com.br Brazil http://www.el.com.br/ E&L Producoes de Software http://www.FreeBSD.org/ FreeBSD: The Power to Serve =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ------------------------------------------------------------------------------ Aviso Legal: Esta mensagem pode nao expressar oficialmente as ideias ou vontades da empresa E&L Producoes de Software, sendo responsavel por esta exclusivamente seu autor. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Paiva, Gilson de Domingos Martins mailto:npd@el.com.br Brazil http://www.el.com.br/ E&L Producoes de Software http://www.FreeBSD.org/ FreeBSD: The Power to Serve =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ------------------------------------------------------------------------------ Aviso Legal: Esta mensagem pode nao expressar oficialmente as ideias ou vontades da empresa E&L Producoes de Software, sendo responsavel por esta exclusivamente seu autor. From owner-freebsd-net@FreeBSD.ORG Mon May 26 09:54:12 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 520C437B401; Mon, 26 May 2003 09:54:12 -0700 (PDT) Received: from premijer.tel.fer.hr (premijer.tel.fer.hr [161.53.19.221]) by mx1.FreeBSD.org (Postfix) with ESMTP id A552A43F85; Mon, 26 May 2003 09:54:11 -0700 (PDT) (envelope-from zec@tel.fer.hr) Received: from tel.fer.hr (unknown [161.53.243.135]) by premijer.tel.fer.hr (Postfix) with ESMTP id BA3E813C4; Mon, 26 May 2003 18:53:51 +0200 (MET DST) Message-ID: <3ED246AC.483FE6F4@tel.fer.hr> Date: Mon, 26 May 2003 18:54:04 +0200 From: Marko Zec X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Jordan K Hubbard References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: hackers@freebsd.org cc: net@freebsd.org Subject: Re: Network stack cloning / virtualization patches X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 May 2003 16:54:12 -0000 Jordan K Hubbard wrote: > On Sunday, May 25, 2003, at 05:18 PM, Marko Zec wrote: > > > So, I'd certainly like to virtualize more system resources and make > > virtual images as independent from each other as possible, but they > > will always > > have to share the same kernel. > > That's actually what I was talking about - my comparison to what IBM's > done may have been a bad example since, as you say, they've virtualized > the hardware in true IBM (shades of VM) fashion. I think that's > actually overkill for many usage scenarios since all you really want is > the ability to run an "instance" of the OS which allows for all the > user-visible configuration knobs to be changed and the appropriate > user-visible resource limits to be enforced independently. Essentially > a jail where it's literally impossible to tell that you're not the only > "OS" on the machine or to affect a user or resource running on another > instance. Btw. there is a commercial product out there that also seems to offer such a functionality, check http://www.sw-soft.com/en/products/virtuozzo/ Marko From owner-freebsd-net@FreeBSD.ORG Mon May 26 14:04:20 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7095337B401 for ; Mon, 26 May 2003 14:04:20 -0700 (PDT) Received: from mta5.snfc21.pbi.net (mta5.snfc21.pbi.net [206.13.28.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0AA9543F85 for ; Mon, 26 May 2003 14:04:20 -0700 (PDT) (envelope-from mbsd@pacbell.net) Received: from atlas ([64.165.199.230])(built Oct 18net@freebsd.org; Mon, 26 May 2003 14:04:19 -0700 (PDT) Date: Mon, 26 May 2003 14:04:19 -0700 (PDT) From: =?ISO-8859-1?Q?Mikko_Ty=F6l=E4j=E4rvi?= In-reply-to: <3ED1CB03.8010005@fsn.hu> X-X-Sender: mikko@atlas.home To: Attila Nagy Message-id: <20030526135441.U326@atlas.home> MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=US-ASCII Content-transfer-encoding: 7BIT References: <20030526010717.98E8391682@vineyard.net> <3ED1CB03.8010005@fsn.hu> cc: net@freebsd.org Subject: Re: A problem with too many network interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 May 2003 21:04:20 -0000 On Mon, 26 May 2003, Attila Nagy wrote: > Eric W.Bates wrote: > > I'm trying to build a router/filter on FreeBSD 4.8 with 4 real NIC and > > 32 vlan interfaces. > > Starting dhcpd generates an error after 15 interfaces: > > "[interface] not found" > > My C skills are lacking so while I'm grovelling thru dhcpd source to > > find the problem; I was wondering if anyone knows of a kernel limit I > > need to increase? > It has nothing to do with FreeBSD. It sort-of has... See below. > Take a look at common/discover.c to find the following code snippet: > > void discover_interfaces (state) > int state; > { > struct interface_info *tmp, *ip; > struct interface_info *last, *next; > char buf [2048]; > ^^^^ > Increase the size of buf for example to 32768 and it will work. Any static size will be too small at some point. Note how the code has some hacks to resize the buffer for certain cases (mainly for assorted Linux flavors, by the look of it). But there is no handling of the BSD behavior of silently truncating the result if it won't fit, nor to handle OSes that return an error. A proper BSD port could use something like the trick in Stevens[1] and keep retrying the call with a larger bufer until the length of the result is the same as in the previous call. Simply making the buffer "large enough" is of course easier... :-) $.02, /Mikko 1) W. Richard Stevens, UNIX Network Programming 2nd Ed. vol1, p434-435 From owner-freebsd-net@FreeBSD.ORG Tue May 27 00:22:34 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E06137B401; Tue, 27 May 2003 00:22:34 -0700 (PDT) Received: from rambo.401.cx (rambo.401.cx [80.65.205.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id 579C143F85; Tue, 27 May 2003 00:22:33 -0700 (PDT) (envelope-from listsub@401.cx) Received: from 401.cx (132.dairy.twenty4help.se [80.65.195.132]) by rambo.401.cx (8.12.9/8.12.7) with ESMTP id h4R7MHMI014721; Tue, 27 May 2003 09:22:18 +0200 (CEST) (envelope-from listsub@401.cx) Message-ID: <3ED31223.9070003@401.cx> Date: Tue, 27 May 2003 09:22:11 +0200 From: "Roger 'Rocky' Vetterberg" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Barney Wolff References: <1091.192.168.1.39.1053704739.squirrel@intranet.el.com.br> <20030523164902.GA36660@pit.databus.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org cc: "Paiva, Gilson de" cc: freebsd-questions@freebsd.org Subject: Re: 3 NICs NAT setup, almost there ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 May 2003 07:22:34 -0000 Barney Wolff wrote: > On Fri, May 23, 2003 at 12:45:39PM -0300, Paiva, Gilson de wrote: > >> Hi, >> >> Take this scenario: >> >> >> xxx/26 yyy/26 internet --- ep0 freebsd rl0 --- >> wired clients ep1 | private ip ( 192.168.1.0/24 ) | wireless >> >> I have to nat packets with destination to an ip xxx/26 to an ip >> at private ip net. So far so good with "common" redirect_address >> nat configuration. The problem happens with traffic between net >> yyy/26 and the private network ( and vice-versa ) because packets >> get routed to destination before they get translated by natd. >> What´s the secret ? I tried everything I known and learned from >> reading but no setup could work out. > > > I'd use ipfw and natd, and run two instances of natd listening on > different divert sockets. Rules in ipfw can divert the packets to > the right natd depending on where the packets are coming from or > going to. I have been running something similar to the above for well over a year without problems. The tricky thing can be to get you firewall rules right. The machine in question has 3 nic's: xl0: y.y.108.201 netmask 0xffffff00 xl1: 192.168.101.20 netmask 0xfffffc00 xl2: 192.168.200.1 netmask 0xffffff00 The relevant section of my firewall rules looks like this: 00070 divert 8669 ip from any to 192.168.0.0/16 via xl1 00080 divert 8669 ip from any to x.x.184.234 via xl1 00090 divert 8669 ip from any to x.x.89.40 via xl1 00100 divert 8668 ip from any to any via xl0 The ip addresses starting with x.x are servers that we need to go a special route to access. Ignore them if you wish, I only included them as an example of how to write your rules. Besides the above rules, all you have to do is start two instances of natd, one on interface xl1 listening on 8669 and one on xl0 listening on 8668. I also had to add a route on the router in the 192.168.100.0/22 network to make it send traffic to 192.168.200.1/24 back to the right 192.168.101.20 instead of throwing it on default route. The possibilities are almost endless, you can run as many natd's as you need and just divert traffic based on destination, origin, port, protocoll or whatever you see fit. Hope this helps -- R From owner-freebsd-net@FreeBSD.ORG Tue May 27 10:36:27 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1BA7F37B401 for ; Tue, 27 May 2003 10:36:27 -0700 (PDT) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B25743F3F for ; Tue, 27 May 2003 10:36:26 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: from khavrinen.lcs.mit.edu (localhost [IPv6:::1]) by khavrinen.lcs.mit.edu (8.12.9/8.12.9) with ESMTP id h4RHaPVo040018 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 27 May 2003 13:36:25 -0400 (EDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.12.9/8.12.9/Submit) id h4RHaOU7040015; Tue, 27 May 2003 13:36:24 -0400 (EDT) (envelope-from wollman) Date: Tue, 27 May 2003 13:36:24 -0400 (EDT) From: Garrett Wollman Message-Id: <200305271736.h4RHaOU7040015@khavrinen.lcs.mit.edu> To: =?ISO-8859-1?Q?Mikko_Ty=F6l=E4j=E4rvi?= In-Reply-To: <20030526135441.U326@atlas.home> References: <20030526010717.98E8391682@vineyard.net> <3ED1CB03.8010005@fsn.hu> <20030526135441.U326@atlas.home> X-Spam-Score: -19.8 () IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang) cc: net@freebsd.org Subject: Re: A problem with too many network interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 May 2003 17:36:27 -0000 < said: > A proper BSD port could use something like the trick in Stevens[1] and > keep retrying the call with a larger bufer until the length of the > result is the same as in the previous call. Actually, a proper BSD port would use the net.route.iflist sysctl instead. -GAWollman From owner-freebsd-net@FreeBSD.ORG Tue May 27 10:44:37 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA48F37B401 for ; Tue, 27 May 2003 10:44:37 -0700 (PDT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 08B2F43F3F for ; Tue, 27 May 2003 10:44:37 -0700 (PDT) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19) id ; Tue, 27 May 2003 13:44:36 -0400 Message-ID: From: Don Bowman To: 'Garrett Wollman' , Date: Tue, 27 May 2003 13:44:35 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" cc: net@freebsd.org Subject: RE: A problem with too many network interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 May 2003 17:44:38 -0000 > From: Garrett Wollman [mailto:wollman@lcs.mit.edu] > < =?ISO-8859-1?Q?Mikko_Ty=F6l=E4j=E4rvi?= said: > > > A proper BSD port could use something like the trick in > Stevens[1] and > > keep retrying the call with a larger bufer until the length of the > > result is the same as in the previous call. > > Actually, a proper BSD port would use the net.route.iflist sysctl > instead. > > -GAWollman $ uname -sr FreeBSD 4.6-RC $ sysctl net.route sysctl: unknown oid 'net.route' I think since the ports work against other than current branch it would be difficult to support? --don From owner-freebsd-net@FreeBSD.ORG Tue May 27 11:01:50 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C794C37B408 for ; Tue, 27 May 2003 11:01:50 -0700 (PDT) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 188C843FAF for ; Tue, 27 May 2003 11:01:50 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: from khavrinen.lcs.mit.edu (localhost [IPv6:::1]) by khavrinen.lcs.mit.edu (8.12.9/8.12.9) with ESMTP id h4RI1mVo040143 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 27 May 2003 14:01:49 -0400 (EDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.12.9/8.12.9/Submit) id h4RI1mku040140; Tue, 27 May 2003 14:01:48 -0400 (EDT) (envelope-from wollman) Date: Tue, 27 May 2003 14:01:48 -0400 (EDT) From: Garrett Wollman Message-Id: <200305271801.h4RI1mku040140@khavrinen.lcs.mit.edu> To: Don Bowman In-Reply-To: References: X-Spam-Score: -19.8 () IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang) cc: net@freebsd.org Subject: RE: A problem with too many network interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 May 2003 18:01:51 -0000 < said: >> Actually, a proper BSD port would use the net.route.iflist sysctl >> instead. > $ uname -sr > FreeBSD 4.6-RC > $ sysctl net.route > sysctl: unknown oid 'net.route' Irrelevant. sysctl(8) is not equipped to handle the contents of this MIB branch. > I think since the ports work against other than current branch > it would be difficult to support? net.route.iflist has been in FreeBSD since 2.0. -GAWollman From owner-freebsd-net@FreeBSD.ORG Tue May 27 11:24:53 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C6A7237B401 for ; Tue, 27 May 2003 11:24:53 -0700 (PDT) Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5426E43FB1 for ; Tue, 27 May 2003 11:24:53 -0700 (PDT) (envelope-from julian@elischer.org) Received: from interjet.elischer.org (12-232-168-4.client.attbi.com[12.232.168.4]) by attbi.com (rwcrmhc53) with ESMTP id <20030527182452053008ll86e>; Tue, 27 May 2003 18:24:53 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id LAA27634; Tue, 27 May 2003 11:24:52 -0700 (PDT) Date: Tue, 27 May 2003 11:24:52 -0700 (PDT) From: Julian Elischer To: Garrett Wollman In-Reply-To: <200305271801.h4RI1mku040140@khavrinen.lcs.mit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: net@freebsd.org Subject: RE: A problem with too many network interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 May 2003 18:24:54 -0000 On Tue, 27 May 2003, Garrett Wollman wrote: > net.route.iflist has been in FreeBSD since 2.0. I think that it needs more documentation.. by which I mean it should be referenced in more places. I only know it exists by "accident" (saw the commit). From owner-freebsd-net@FreeBSD.ORG Tue May 27 21:51:54 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D377937B401 for ; Tue, 27 May 2003 21:51:54 -0700 (PDT) Received: from haggis.it.ca (haggis.it.ca [216.126.86.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0774743F3F for ; Tue, 27 May 2003 21:51:54 -0700 (PDT) (envelope-from paul@haggis.it.ca) Received: from haggis.it.ca (paul@localhost [127.0.0.1]) by haggis.it.ca (8.12.9/8.12.9) with ESMTP id h4S4psHX098131 for ; Wed, 28 May 2003 00:51:55 -0400 (EDT) (envelope-from paul@haggis.it.ca) Received: (from paul@localhost) by haggis.it.ca (8.12.9/8.12.6/Submit) id h4S4psnQ098130 for freebsd-net@freebsd.org; Wed, 28 May 2003 00:51:54 -0400 (EDT) (envelope-from paul) Date: Wed, 28 May 2003 00:51:54 -0400 From: Paul Chvostek To: freebsd-net@freebsd.org Message-ID: <20030528045154.GA95572@mail.it.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i Subject: ipfw rules vs routes to localhost? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 04:51:55 -0000 I'm considering: ipfw add N deny ip from a.b.c.d to any vs. route add -host a.b.c.d localhost I need to block traffic to a number of IP addresses. I thought I'd use ipfw to avoid things like UDP DNS lookups that might come in ant take up resources while my system tried to respond, but it's been suggested on another list that setting routes to localhost will use less resources. Ideally, I'd like to be able to block a few tens of thousands of IPs. What's the scoop? -- Paul Chvostek Operations / Abuse / Whatever it.canada, hosting and development http://www.it.ca/ From owner-freebsd-net@FreeBSD.ORG Tue May 27 23:49:58 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B47037B401 for ; Tue, 27 May 2003 23:49:58 -0700 (PDT) Received: from fepA.post.tele.dk (fepA.post.tele.dk [195.41.46.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1823A43F85 for ; Tue, 27 May 2003 23:49:57 -0700 (PDT) (envelope-from mlists@daydreamer.dk) Received: from dpws ([80.161.205.30]) by fepA.post.tele.dk (InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with SMTP id <20030528064955.JYNT25848.fepA.post.tele.dk@dpws> for ; Wed, 28 May 2003 08:49:55 +0200 Message-ID: <18d001c324e5$77eda6c0$0301a8c0@dpws> From: "Dennis Pedersen" To: Date: Wed, 28 May 2003 08:50:46 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4920.2300 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300 Subject: Spontan reboot of FreeBSD 4,x box X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 06:49:58 -0000 I have a couple of FreeBSD 4,4 and one 4,7 that are beeing used as firewalls in different locations. Lately i haven noticed that one of the firewall's was starting to reboot at a certin time of the day (give or take maybe 10min). I looked in /var/log/messages and it seem like the power has been removed from the box, and its powered back up again. There is nothing in the log that indicates it have chashed or why. 2 of my box'es (both running FreeBSD 4,4) are running the following apps : ipfw,natd,syslogd,racoon(racoon-20010831a) The funny thing it that its only the box in one of the ends that is rebooting ! The hardware in the box'es is different and there is no thin red line i can follow here (besides its only 3com cards (509 og 905 cards - some run fine , some dont)). I've pretty much gone away from the possibility its hardware because i have more then just one box thats doing the trick. The firewall that starting booting is currently connected to a UPS just to make sure. Below i have pasted rc.conf , ps aux, and the changes to the generic kernel. Help :) Regards, Dennis rc.conf: # cat /etc/rc.conf # -- sysinstall generated deltas -- # Wed May 14 09:19:59 2003 # Created: Wed May 14 09:19:59 2003 # Enable network daemons for user convenience. # Please make all changes to this file, not to /etc/defaults/rc.conf. # This file now contains just the overrides from /etc/defaults/rc.conf. font8x14="cp850-8x14" font8x16="cp850-8x16" font8x8="cp850-8x8" kern_securelevel_enable="NO" keymap="danish.cp865" keyrate="fast" nfs_reserved_port_only="YES" saver="fire" sendmail_enable="no" sshd_enable="YES" gateway_enable="YES" router_flags="-q" router="routed" sendmail_enable="NO" cron_enable="NO" inetd_enable="NO" font8x14="cp850-8x14" font8x16="cp850-8x16" font8x8="cp850-8x8" keymap="danish.cp865" keyrate="fast" ifconfig_ep0="inet 192.168.200.2 netmask 255.255.255.0" ifconfig_ep1="inet XXXX.142 netmask 255.255.255.252" defaultrouter="XXXX.141" firewall_enable="yes" firewall_script="/etc/rc.firewall" # # ps aux USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 313 0.0 0.2 416 244 p0 R+ 9:31PM 0:00.00 ps aux root 1 0.0 0.3 544 316 ?? ILs 6:51AM 0:00.04 /sbin/init -- root 2 0.0 0.0 0 0 ?? DL 6:51AM 0:00.02 (pagedaemon) root 3 0.0 0.0 0 0 ?? DL 6:51AM 0:00.00 (vmdaemon) root 4 0.0 0.0 0 0 ?? DL 6:51AM 0:00.08 (bufdaemon) root 5 0.0 0.0 0 0 ?? DL 6:51AM 0:00.33 (syncer) root 28 0.0 0.1 208 92 ?? Is 6:51AM 0:00.00 adjkerntz -i root 114 0.0 0.3 496 284 ?? Ss 8:21PM 23:27.89 /sbin/natd -inter root 219 0.0 0.6 936 652 ?? Is 8:21PM 0:00.33 /usr/sbin/syslogd root 241 0.0 1.4 2176 1484 ?? Is 8:21PM 0:12.34 /usr/sbin/sshd root 281 0.0 1.6 2204 1716 ?? Is 8:21PM 0:01.39 /usr/local/sbin/r root 298 0.0 0.6 944 656 v0 Is+ 8:21PM 0:00.03 /usr/libexec/gett root 299 0.0 0.6 944 656 v1 Is+ 8:21PM 0:00.03 /usr/libexec/gett root 300 0.0 0.6 944 656 v2 Is+ 8:21PM 0:00.03 /usr/libexec/gett root 301 0.0 0.6 944 656 v3 Is+ 8:21PM 0:00.03 /usr/libexec/gett root 302 0.0 0.6 944 656 v4 Is+ 8:21PM 0:00.03 /usr/libexec/gett root 303 0.0 0.6 944 656 v5 Is+ 8:21PM 0:00.03 /usr/libexec/gett root 304 0.0 0.6 944 656 v6 Is+ 8:21PM 0:00.03 /usr/libexec/gett root 305 0.0 0.6 944 656 v7 Is+ 8:21PM 0:00.03 /usr/libexec/gett root 306 0.0 1.7 2260 1824 ?? S 8:26PM 0:00.36 sshd: ZZZZZ@ttyp jrdata 307 0.0 0.4 628 432 p0 Is 8:27PM 0:00.05 -sh (sh) root 308 0.0 0.9 1352 964 p0 S 8:27PM 0:00.27 _su (csh) root 0 0.0 0.0 0 0 ?? DLs 6:51AM 0:00.01 (swapper) # Changes to generic : options IPDIVERT options IPFIREWALL options DUMMYNET options IPSEC options IPSEC_ESP options IPSEC_DEBUG pseudo-device gif 4 options EISA_SLOTS=12 options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=5000 From owner-freebsd-net@FreeBSD.ORG Wed May 28 01:30:00 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D9FA837B404 for ; Wed, 28 May 2003 01:29:59 -0700 (PDT) Received: from mail.procreditbank.com (mail.procreditbank.com [212.95.179.198]) by mx1.FreeBSD.org (Postfix) with SMTP id 3F61C43F75 for ; Wed, 28 May 2003 01:29:55 -0700 (PDT) (envelope-from i.tanusheff@procreditbank.com) Received: (qmail 4737 invoked from network); 28 May 2003 08:29:50 -0000 Received: from unknown (HELO itaush) (172.16.248.250) by proxy.procreditbank.bg with SMTP; 28 May 2003 08:29:50 -0000 From: "Ivailo Tanusheff" To: "FreeBSD Net" , "FreeBSD Questions" Date: Wed, 28 May 2003 11:29:50 +0300 Organization: ProCredit Bank Message-ID: <03f301c324f3$4e683190$faf810ac@sof.procreditbank.bg> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Subject: Cascading qmail servers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: I.Tanusheff@procreditbank.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 08:30:00 -0000 Hi, I have some problem I can't deal with and maybe because of my not so good English language skills I can't find in the mail archive. I have following configuration: a WAN network, with single internet access point, protected by firewall and a mail server. I also have several remote offices connected trough a 64K links, every one with it's virtual mail sub-domain in form xxx.whatever.com. _office1.whatever.com |{Mail server}<-office2.whatever.com -officen.whatever.com Because of the bandwidth of the mail traffic I'll need to install some local mail servers in each office. My question is: how to configure the main server and local servers in offices, so each mail send to xxx.whatever.com, after receiving by mail.whatever.com to be forwarded to the proper mail server. Keep in mind, that there are too many accounts to make aliases for each. Also I'll need my users to send e-mails trough their local mail servers in the organization and to internet. And also I want to keep part of the e-mail accounts on the main server for the whatever.com domain itself. Any help is appreciated, Best regards, Ivailo Tanusheff From owner-freebsd-net@FreeBSD.ORG Wed May 28 03:59:23 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B5C0A37B401 for ; Wed, 28 May 2003 03:59:23 -0700 (PDT) Received: from andrea.pop4.net (216-234-109-11.ded.det2.hexcom.net [216.234.109.11]) by mx1.FreeBSD.org (Postfix) with SMTP id AD18243F75 for ; Wed, 28 May 2003 03:59:22 -0700 (PDT) (envelope-from vev@michvhf.com) Received: (qmail 75289 invoked by uid 1008); 28 May 2003 10:59:25 -0000 Received: from vev@michvhf.com by www.pop4.net with qmail-scanner-0.96 (uvscan: v4.1.40/v4156. . Clean. Processed in 2.398356 secs); 28 May 2003 10:59:25 -0000 Received: from unknown (HELO paprika.michvhf.com) (67.36.71.182) by 0 with SMTP; 28 May 2003 10:59:21 -0000 Received: (qmail 65364 invoked by uid 1001); 28 May 2003 10:59:19 -0000 Date: Wed, 28 May 2003 06:59:19 -0400 (EDT) From: Vince Vielhaber To: Ivailo Tanusheff In-Reply-To: <03f301c324f3$4e683190$faf810ac@sof.procreditbank.bg> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: FreeBSD Net cc: FreeBSD Questions Subject: Re: Cascading qmail servers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 10:59:24 -0000 On Wed, 28 May 2003, Ivailo Tanusheff wrote: > Hi, > > I have some problem I can't deal with and maybe because of my not so > good English language skills I can't find in the mail archive. > > I have following configuration: a WAN network, with single internet > access point, protected by firewall and a mail server. I also have > several remote offices connected trough a 64K links, every one with it's > virtual mail sub-domain in form xxx.whatever.com. > > _office1.whatever.com > |{Mail server}<-office2.whatever.com > -officen.whatever.com > > > Because of the bandwidth of the mail traffic I'll need to install some > local mail servers in each office. My question is: how to configure the > main server and local servers in offices, so each mail send to > xxx.whatever.com, after receiving by mail.whatever.com to be forwarded > to the proper mail server. Keep in mind, that there are too many > accounts to make aliases for each. Also I'll need my users to send > e-mails trough their local mail servers in the organization and to > internet. And also I want to keep part of the e-mail accounts on the > main server for the whatever.com domain itself. Look at smtproutes. You'll find info on it in: man qmail-remote Vince. -- Fast, inexpensive internet service 56k and beyond! http://www.pop4.net/ http://www.meanstreamradio.com http://www.unknown-artists.com Internet radio: It's not file sharing, it's just radio. From owner-freebsd-net@FreeBSD.ORG Wed May 28 05:57:59 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 54A2437B401; Wed, 28 May 2003 05:57:59 -0700 (PDT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 380A843F75; Wed, 28 May 2003 05:57:58 -0700 (PDT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.9/8.12.9) with ESMTP id h4SCvu9r002644; Wed, 28 May 2003 08:57:56 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9/8.12.9/Submit) id h4SCvtXc002643; Wed, 28 May 2003 08:57:55 -0400 (EDT) Date: Wed, 28 May 2003 08:57:55 -0400 From: Barney Wolff To: Ivailo Tanusheff Message-ID: <20030528125755.GA2305@pit.databus.com> References: <03f301c324f3$4e683190$faf810ac@sof.procreditbank.bg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <03f301c324f3$4e683190$faf810ac@sof.procreditbank.bg> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang) cc: FreeBSD Net cc: FreeBSD Questions Subject: Re: Cascading qmail servers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 12:57:59 -0000 On Wed, May 28, 2003 at 11:29:50AM +0300, Ivailo Tanusheff wrote: > Because of the bandwidth of the mail traffic I'll need to install some > local mail servers in each office. My question is: how to configure the > main server and local servers in offices, so each mail send to > xxx.whatever.com, after receiving by mail.whatever.com to be forwarded > to the proper mail server. Keep in mind, that there are too many > accounts to make aliases for each. Also I'll need my users to send > e-mails trough their local mail servers in the organization and to > internet. And also I want to keep part of the e-mail accounts on the > main server for the whatever.com domain itself. Don't assume that you can't create an alias for each user. When I worked at a very large NY bank, with well over 100,000 employees, /etc/mail/aliases was that big, and sendmail worked just fine. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Wed May 28 06:06:14 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC03F37B401 for ; Wed, 28 May 2003 06:06:14 -0700 (PDT) Received: from park.rambler.ru (park.rambler.ru [81.19.64.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4CF3443F3F for ; Wed, 28 May 2003 06:06:13 -0700 (PDT) (envelope-from is@rambler-co.ru) Received: from is.park.rambler.ru (is.park.rambler.ru [81.19.64.102]) by park.rambler.ru (8.12.6/8.12.6) with ESMTP id h4SD5xmF042679; Wed, 28 May 2003 17:05:59 +0400 (MSD) Date: Wed, 28 May 2003 17:05:59 +0400 (MSD) From: Igor Sysoev X-Sender: is@is To: freebsd-net@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Tony Finch cc: Jonathan Lemon Subject: turning off TCP_NOPUSH X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 13:06:15 -0000 The 1.53 fix http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_usrreq.c.diff?r1=1.52&r2=1.53 always calls tcp_output() when TCP_NOPUSH is turned off. I think tcp_output() should be called only if data in the send buffer is less than MSS: tp->t_flags &= ~TF_NOPUSH; - error = tcp_output(tp); + if (so->so_snd.sb_cc < tp->t_maxseg) { + error = tcp_output(tp); + } If the pending data is bigger than MSS then it will be sent without significant delay. Igor Sysoev http://sysoev.ru/en/ From owner-freebsd-net@FreeBSD.ORG Wed May 28 06:56:32 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3FB2B37B401 for ; Wed, 28 May 2003 06:56:32 -0700 (PDT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 803B343FA3 for ; Wed, 28 May 2003 06:56:31 -0700 (PDT) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19) id ; Wed, 28 May 2003 09:56:30 -0400 Message-ID: From: Don Bowman To: 'Dennis Pedersen' , freebsd-net@FreeBSD.org Date: Wed, 28 May 2003 09:56:29 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Subject: RE: Spontan reboot of FreeBSD 4,x box X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 13:56:32 -0000 > From: Dennis Pedersen [mailto:mlists@daydreamer.dk] > > I have a couple of FreeBSD 4,4 and one 4,7 that are beeing > used as firewalls > in different locations. > Lately i haven noticed that one of the firewall's was > starting to reboot at > a certin time of the day (give or take maybe 10min). The time it resets wouldn't correlate to the periodic (e.g. 3am) would it? From owner-freebsd-net@FreeBSD.ORG Wed May 28 07:45:13 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C088237B401 for ; Wed, 28 May 2003 07:45:13 -0700 (PDT) Received: from smtp-relay.omnis.com (smtp-relay.omnis.com [216.239.128.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 227DC43F3F for ; Wed, 28 May 2003 07:45:13 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.homeunix.net (66-91-236-204.san.rr.com [66.91.236.204]) by smtp-relay.omnis.com (Postfix) with ESMTP id 1E1C71BF7F; Wed, 28 May 2003 07:45:12 -0700 (PDT) From: Wes Peters Organization: Softweyr To: Barney Wolff , Ivailo Tanusheff Date: Wed, 28 May 2003 07:45:10 -0700 User-Agent: KMail/1.5.2 References: <03f301c324f3$4e683190$faf810ac@sof.procreditbank.bg> <20030528125755.GA2305@pit.databus.com> In-Reply-To: <20030528125755.GA2305@pit.databus.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200305280745.10248.wes@softweyr.com> cc: FreeBSD Net Subject: Re: Cascading qmail servers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 14:45:14 -0000 On Wednesday 28 May 2003 05:57 am, Barney Wolff wrote: > On Wed, May 28, 2003 at 11:29:50AM +0300, Ivailo Tanusheff wrote: > > Because of the bandwidth of the mail traffic I'll need to install > > some local mail servers in each office. My question is: how to > > configure the main server and local servers in offices, so each mail > > send to xxx.whatever.com, after receiving by mail.whatever.com to be > > forwarded to the proper mail server. Keep in mind, that there are too > > many accounts to make aliases for each. Also I'll need my users to > > send e-mails trough their local mail servers in the organization and > > to internet. And also I want to keep part of the e-mail accounts on > > the main server for the whatever.com domain itself. > > Don't assume that you can't create an alias for each user. When I > worked at a very large NY bank, with well over 100,000 employees, > /etc/mail/aliases was that big, and sendmail worked just fine. In sendmail, you can do domain routing with mailertable. I think you can do the same in Postfix with relay_domains. -- Where am I, and what am I doing in this handbasket? Wes Peters wes@softweyr.com From owner-freebsd-net@FreeBSD.ORG Wed May 28 08:00:36 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4348737B404 for ; Wed, 28 May 2003 08:00:36 -0700 (PDT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 65F1943F85 for ; Wed, 28 May 2003 08:00:35 -0700 (PDT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.9/8.12.9) with ESMTP id h4SF0X9r003929; Wed, 28 May 2003 11:00:33 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9/8.12.9/Submit) id h4SF0XSK003928; Wed, 28 May 2003 11:00:33 -0400 (EDT) Date: Wed, 28 May 2003 11:00:33 -0400 From: Barney Wolff To: Wes Peters Message-ID: <20030528150033.GA3844@pit.databus.com> References: <03f301c324f3$4e683190$faf810ac@sof.procreditbank.bg> <20030528125755.GA2305@pit.databus.com> <200305280745.10248.wes@softweyr.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200305280745.10248.wes@softweyr.com> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang) cc: Barney Wolff cc: FreeBSD Net cc: Ivailo Tanusheff Subject: Re: Cascading qmail servers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 15:00:36 -0000 On Wed, May 28, 2003 at 07:45:10AM -0700, Wes Peters wrote: > > Don't assume that you can't create an alias for each user. When I > > worked at a very large NY bank, with well over 100,000 employees, > > /etc/mail/aliases was that big, and sendmail worked just fine. > > In sendmail, you can do domain routing with mailertable. I think you can > do the same in Postfix with relay_domains. The question I thought I was answering was how to make the address route to my actual account, . If external correspondents use the sub-domains the problem is easier, but employees in large orgs move around so often it's impractical. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Wed May 28 08:49:25 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0E4F837B401 for ; Wed, 28 May 2003 08:49:25 -0700 (PDT) Received: from mailer.cat.co.za (smtp.cat.co.za [196.33.33.51]) by mx1.FreeBSD.org (Postfix) with SMTP id E891543FA3 for ; Wed, 28 May 2003 08:49:20 -0700 (PDT) (envelope-from bradd@cat.co.za) Received: (qmail 22561 invoked from network); 28 May 2003 15:48:58 -0000 Received: from unknown (HELO 161?DEMO?400) (196.33.33.52) by mail.cat.co.za with SMTP; 28 May 2003 15:48:58 -0000 Content-Type: text/plain; charset="us-ascii" From: Brad du Plessis To: net@freebsd.org Date: Wed, 28 May 2003 17:43:56 +0200 User-Agent: KMail/1.4.3 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200305281743.56089.bradd@cat.co.za> Subject: USB Modem support X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 15:49:25 -0000 Where can I get a list of USB modems supported by BSD Thanks Brad From owner-freebsd-net@FreeBSD.ORG Wed May 28 08:59:16 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 281EC37B401 for ; Wed, 28 May 2003 08:59:16 -0700 (PDT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 358DD43FAF for ; Wed, 28 May 2003 08:59:15 -0700 (PDT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.9/8.12.9) with ESMTP id h4SFxE9r004646 for ; Wed, 28 May 2003 11:59:14 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9/8.12.9/Submit) id h4SFxECq004645 for freebsd-net@freebsd.org; Wed, 28 May 2003 11:59:14 -0400 (EDT) Date: Wed, 28 May 2003 11:59:14 -0400 From: Barney Wolff To: freebsd-net@freebsd.org Message-ID: <20030528155914.GA4573@pit.databus.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang) Subject: [dab@BSDI.COM: Re: [e2e] TCP-SYN and delayed TCB allocation] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 15:59:16 -0000 I found this message interesting. Can someone point me to the rationale for putting all conns through the syncache? Thanks, Barney ----- Forwarded message from David Borman ----- To: end2end-interest@postel.org Date: Wed, 28 May 2003 09:46:00 -0500 (CDT) > > B) has it been modified that it is now done after the 1st ACK? It all depends on what OS you are talking about... FreeBSD makes use of the syncaching code that I wrote back in the days of the the original SYN flood attacks. They now use it for all their incoming connections, so only minimal state is kept for connections in SYN-RCVD state. When the ACK is received in response to the SYN,ACK, the full blown TCP is created. However, since the original syncache code was only used when the normal mechanism overflowed, it did not do any SYN,ACK retransmissions for connections in the syncache. But since FreeBSD now sends all their connections through the SYN cache, they had to add timers so that they can do SYN,ACK retransmissions out of the syncache. But that means that during a real synflood attack, they are doing more work sending out SYN,ACK retransmissions for all those bogus connections. And for most connections, you are eventually going to create a full blown TCB anyway, so there really isn't any cost savings in defering the full TCB creation until transition from SYN-RCVD to ESTABLISHED. BSD/OS still uses the standard creation of a full TCB block when a SYN is received, and only when that queue overflows do connections get created in the syncache, and we don't do SYN,ACK retransmissions out of the syncache. So, we can hang valid connections in the syncache if our SYN,ACK is received by the other side, but the returning ACK is lost. (If our SYN,ACK is lost, the other side will retransmit the SYN, causing us to generate another SYN,ACK). But when you are under attack, I figure its better to be able to maintain connectivity for the majority of the valid connections, rather than buckle over and die. > > if not, any reason why not B? we would so the same if we had a > > "NAT/Firewall" with delayed binding etc > > If B), where do you put the data that could have been sent in the SYN? > I'm not sure you can ACK the SYN without ACKing the data therein (though > you don't deliver it until receiving the ACK and transitioning to > ESTABLISHED)... As long as you don't ACK the data, you don't need to save it. Throw away the data and just ACK the SYN. The other side will have retained a copy of the data, and will have to retransmit it. Slow, but it will work. -David Borman ----- End forwarded message ----- -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Wed May 28 09:07:34 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 567CD37B405 for ; Wed, 28 May 2003 09:07:34 -0700 (PDT) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1A37F43FB1 for ; Wed, 28 May 2003 09:07:33 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: from khavrinen.lcs.mit.edu (localhost [IPv6:::1]) by khavrinen.lcs.mit.edu (8.12.9/8.12.9) with ESMTP id h4SG7TVo049545 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 28 May 2003 12:07:29 -0400 (EDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.12.9/8.12.9/Submit) id h4SG7SwR049542; Wed, 28 May 2003 12:07:28 -0400 (EDT) (envelope-from wollman) Date: Wed, 28 May 2003 12:07:28 -0400 (EDT) From: Garrett Wollman Message-Id: <200305281607.h4SG7SwR049542@khavrinen.lcs.mit.edu> To: Igor Sysoev In-Reply-To: References: X-Spam-Score: -19.8 () IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang) cc: freebsd-net@freebsd.org Subject: turning off TCP_NOPUSH X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 16:07:34 -0000 < said: > always calls tcp_output() when TCP_NOPUSH is turned off. I think > tcp_output() should be called only if data in the send buffer is less > than MSS: I believe that this is intentional. The application had to explicitly enable TCP_NOPUSH, so if the application disables it explicitly, then we interpret that as meaning that the application wants to send a PSH segment immediately. -GAWollman From owner-freebsd-net@FreeBSD.ORG Wed May 28 09:11:38 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A20D37B401 for ; Wed, 28 May 2003 09:11:38 -0700 (PDT) Received: from athena.erwane.net (breton.net1.nerim.net [213.41.144.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id C042543F3F for ; Wed, 28 May 2003 09:11:36 -0700 (PDT) (envelope-from breton@erwane.net) Received: from athena.erwane.net (athena-in [10.1.1.254]) by athena.erwane.net (8.12.9/8.12.6) with SMTP id h4SGBY3Q058011 for ; Wed, 28 May 2003 18:11:34 +0200 (CEST) (envelope-from breton@erwane.net) Date: Wed, 28 May 2003 18:11:34 +0200 From: Erwane Breton To: freebsd-net@freebsd.org Message-Id: <20030528181134.0eaeab62.breton@erwane.net> Organization: Erwane X-Mailer: Sylpheed version 0.9.0 (GTK+ 1.2.10; i386-portbld-freebsd5.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Monitoring network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 16:11:38 -0000 Hi, Someone know a solution to monitor client pc on a network ? I have a FreeBSD Server 5.x and a lot of win98 Client (30 Pc). I want to know what is the traffic of upload and download every 1 min for each Pc (Client have static IP). I try argus but understand nothing :-) thanks Erwan -- From owner-freebsd-net@FreeBSD.ORG Wed May 28 09:19:01 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 20CE137B401 for ; Wed, 28 May 2003 09:19:01 -0700 (PDT) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 519E143FAF for ; Wed, 28 May 2003 09:19:00 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: from khavrinen.lcs.mit.edu (localhost [IPv6:::1]) by khavrinen.lcs.mit.edu (8.12.9/8.12.9) with ESMTP id h4SGIrVo049700 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 28 May 2003 12:18:53 -0400 (EDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.12.9/8.12.9/Submit) id h4SGIqsf049697; Wed, 28 May 2003 12:18:52 -0400 (EDT) (envelope-from wollman) Date: Wed, 28 May 2003 12:18:52 -0400 (EDT) From: Garrett Wollman Message-Id: <200305281618.h4SGIqsf049697@khavrinen.lcs.mit.edu> To: Brad du Plessis In-Reply-To: <200305281743.56089.bradd@cat.co.za> References: <200305281743.56089.bradd@cat.co.za> X-Spam-Score: -9.9 () IN_REP_TO,REFERENCES X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang) cc: net@freebsd.org Subject: USB Modem support X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 16:19:01 -0000 < said: > Where can I get a list of USB modems supported by BSD You can't. FreeBSD supports any USB modem that (1) claims in the USB control protocol to be a modem and (2) doesn't require a firmware download to make it work. It does not look for specific product identifiers. -GAWollman From owner-freebsd-net@FreeBSD.ORG Wed May 28 09:25:38 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B154737B401 for ; Wed, 28 May 2003 09:25:38 -0700 (PDT) Received: from mgw-x4.nokia.com (mgw-x4.nokia.com [131.228.20.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D6DA43F75 for ; Wed, 28 May 2003 09:25:37 -0700 (PDT) (envelope-from Balaji.Prasad@nokia.com) Received: from esvir04nok.ntc.nokia.com (esvir04nokt.ntc.nokia.com [172.21.143.36])h4SGPZD06889 for ; Wed, 28 May 2003 19:25:35 +0300 (EET DST) Received: from esebh001.NOE.Nokia.com (unverified) by esvir04nok.ntc.nokia.com for ; Wed, 28 May 2003 19:25:35 +0300 Received: from daebh001.NOE.Nokia.com ([172.18.242.231]) by esebh001.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6139); Wed, 28 May 2003 19:25:34 +0300 Received: from mvebe001.NOE.Nokia.com ([172.18.140.37]) by daebh001.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6139); Wed, 28 May 2003 09:25:30 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Wed, 28 May 2003 09:25:29 -0700 Message-ID: <59A36C4D2F9E7243BEB522274F72C303DD7725@mvebe001.americas.nokia.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Monitoring network Thread-Index: AcMlM9z+wH1w+ZGLR9K+j8B1abP+GgAAXxoQ From: To: X-OriginalArrivalTime: 28 May 2003 16:25:30.0859 (UTC) FILETIME=[C1A18BB0:01C32535] Subject: RE: Monitoring network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 16:25:39 -0000 There are several available. The most obvious is ethereal (if you are on = a non-switched network). For something more fancy, try www.ntop.org or = www.mrtg.com. These offer more granularity and can be run as daemons. Balaji -----Original Message----- From: ext Erwane Breton [mailto:breton@erwane.net] Sent: Wednesday, May 28, 2003 9:12 AM To: freebsd-net@freebsd.org Subject: Monitoring network Hi, Someone know a solution to monitor client pc on a network ? I have a FreeBSD Server 5.x and a lot of win98 Client (30 Pc). I want to = know what is the traffic of upload and download every 1 min for each Pc = (Client have static IP). I try argus but understand nothing :-) thanks Erwan --=20 _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Wed May 28 10:03:47 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A6DFA37B404 for ; Wed, 28 May 2003 10:03:47 -0700 (PDT) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 4B16D43F85 for ; Wed, 28 May 2003 10:03:44 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 24404 invoked from network); 28 May 2003 17:03:43 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 28 May 2003 17:03:43 -0000 X-pair-Authenticated: 209.68.2.70 Date: Wed, 28 May 2003 12:02:34 -0500 (CDT) From: Mike Silbersack To: Barney Wolff In-Reply-To: <20030528155914.GA4573@pit.databus.com> Message-ID: <20030528115405.M39182@odysseus.silby.com> References: <20030528155914.GA4573@pit.databus.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: [dab@BSDI.COM: Re: [e2e] TCP-SYN and delayed TCB allocation] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 17:03:48 -0000 On Wed, 28 May 2003, Barney Wolff wrote: > I found this message interesting. > Can someone point me to the rationale for putting all conns through > the syncache? > Thanks, > Barney The main rationale is simple: Code duplication. If we kept both the incomplete listen queue and the syn cache, any incoming syn-ack would have to search both of them. I agree that FreeBSD's syn cache could be better, jlemon and I talked about incorprorating some of Yahoo's patches to it, but we haven't had time yet. The main problem now is that we calculate syncookies for everything, and that we kick entries out of the syncache in FIFO order. What we should do is change things around so that we never kick out syncache entries due to incoming packets (although we could reduce their lifetime during attack), and only use syncookies for connections not resident in the syncache. That would increase our efficiency while under attack, although we're still in decent shape right now. I think the main difference in opinion is that we use the syncache to replace the incomplete listen queue, with syncookies as the backup plan. BSDI apparently still uses the incomplete listen queue as the main mechanism, with a syncache as backup. Hence, we're both going to be defensive about our implementations. If you want to arrange a syn-floodoff, I'd be interested in seeing the results. :) Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Wed May 28 10:12:00 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D3BC37B401 for ; Wed, 28 May 2003 10:12:00 -0700 (PDT) Received: from mail12.uunet.ca (mail12.uunet.ca [142.77.1.49]) by mx1.FreeBSD.org (Postfix) with ESMTP id 67FAD43F75 for ; Wed, 28 May 2003 10:11:59 -0700 (PDT) (envelope-from kfl@xiphos.ca) Received: from tick ([216.95.199.148]) by mail12.uunet.ca with SMTP id <96228-1024>; Wed, 28 May 2003 12:42:44 -0400 From: "kfl" To: "freebsd - net" Date: Wed, 28 May 2003 12:52:39 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Subject: TCP for transaction X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 17:12:00 -0000 Here is a tcpdump output from one FreeBSD box with TCP for transaction enabled and a client supporting the NO_PUSH setsockopt with a windows box: 19:00:15.357281 192.168.3.200.1247 > 192.168.2.7.microsoft-ds: SP 4208572194:420 8572331(137) win 65535 (DF) 19:00:15.357514 192.168.2.7.microsoft-ds > 192.168.3.200.1247: S 2795532295:2795 532295(0) ack 4208572195 win 61680 (DF) 19:00:15.357911 192.168.3.200.1247 > 192.168.2.7.microsoft-ds: . ack 1 win 52560 (DF) 19:00:18.356736 192.168.3.200.1247 > 192.168.2.7.microsoft-ds: P 1:138(137) ack 1 win 52560 (DF) 19:00:18.357465 192.168.2.7.microsoft-ds > 192.168.3.200.1247: P 1:90(89) ack 13 8 win 61646 (DF) 19:00:18.456659 192.168.3.200.1247 > 192.168.2.7.microsoft-ds: . ack 90 win 5256 0 (DF) 19:00:20.611227 192.168.3.200.1247 > 192.168.2.7.microsoft-ds: P 138:336(198) ac k 90 win 52560 (DF) 19:00:20.612037 192.168.2.7.microsoft-ds > 192.168.3.200.1247: P 90:359(269) ack 336 win 61597 (DF) I see two problems here (in fact its only one problem with a side effect): 1) When sending the ccnew option T/TCP send data with it. 2) As a results the sender times out and retransmit at 19:00:18.356736 adding 3 seconds to the connection data transfer. Now, in the rfc1644 it is stipulated that a host can send data with the cc.new option. I am a bit confused here since T/TCP should accelerate data transfer for small transaction (saving 1 RTT) and not timing out if the destination host does not support it. I think we should avoid sending data with the cc.new option. Any thoughs? Karim Fodil-Lemelin Network Engineering. Xiphos Technologies www.xiphos.com From owner-freebsd-net@FreeBSD.ORG Wed May 28 10:12:01 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 789D937B401 for ; Wed, 28 May 2003 10:12:01 -0700 (PDT) Received: from mail12.uunet.ca (mail12.uunet.ca [142.77.1.49]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8676E43F75 for ; Wed, 28 May 2003 10:12:00 -0700 (PDT) (envelope-from kfl@xiphos.ca) Received: from tick ([216.95.199.148]) by mail12.uunet.ca with SMTP id <96662-2471>; Wed, 28 May 2003 12:45:55 -0400 From: "kfl" To: "freebsd - net" Date: Wed, 28 May 2003 12:55:47 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Subject: FW: TCP for transaction X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 17:12:01 -0000 > -----Original Message----- > From: kfl [mailto:kfl@xiphos.ca] > Sent: Wednesday, May 28, 2003 12:53 PM > To: freebsd - net > Subject: TCP for transaction > > > > Here is a tcpdump output from one FreeBSD box with TCP for > transaction enabled and a client supporting the NO_PUSH > setsockopt with a windows box: > > 19:00:15.357281 192.168.3.200.1247 > 192.168.2.7.microsoft-ds: SP > 4208572194:420 > 8572331(137) win 65535 (DF) > 19:00:15.357514 192.168.2.7.microsoft-ds > 192.168.3.200.1247: S > 2795532295:2795 > 532295(0) ack 4208572195 win 61680 (DF) > 19:00:15.357911 192.168.3.200.1247 > 192.168.2.7.microsoft-ds: . > ack 1 win 52560 > (DF) > 19:00:18.356736 192.168.3.200.1247 > 192.168.2.7.microsoft-ds: P > 1:138(137) ack > 1 win 52560 (DF) > 19:00:18.357465 192.168.2.7.microsoft-ds > 192.168.3.200.1247: P > 1:90(89) ack 13 > 8 win 61646 (DF) > 19:00:18.456659 192.168.3.200.1247 > 192.168.2.7.microsoft-ds: . > ack 90 win 5256 > 0 (DF) > 19:00:20.611227 192.168.3.200.1247 > 192.168.2.7.microsoft-ds: P > 138:336(198) ac > k 90 win 52560 (DF) > 19:00:20.612037 192.168.2.7.microsoft-ds > 192.168.3.200.1247: P > 90:359(269) ack > 336 win 61597 (DF) > > I see two problems here (in fact its only one problem with a side effect): > > 1) When sending the ccnew option T/TCP send data with it. > 2) As a results the sender times out and retransmit at > 19:00:18.356736 > adding 3 seconds to the connection data transfer. > > Now, in the rfc1644 it is stipulated that a host can send data > with the cc.new option. I am a bit confused here since T/TCP > should accelerate data transfer for small transaction (saving 1 > RTT) and not timing out if the destination host does not support it. > > I think we should avoid sending data with the cc.new option. > > Any thoughs? > > Karim Fodil-Lemelin > Network Engineering. > Xiphos Technologies > www.xiphos.com > From owner-freebsd-net@FreeBSD.ORG Wed May 28 10:17:04 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6038337B401 for ; Wed, 28 May 2003 10:17:04 -0700 (PDT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 966C243FAF for ; Wed, 28 May 2003 10:17:03 -0700 (PDT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.9/8.12.9) with ESMTP id h4SHH39r005650; Wed, 28 May 2003 13:17:03 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9/8.12.9/Submit) id h4SHH3T1005649; Wed, 28 May 2003 13:17:03 -0400 (EDT) Date: Wed, 28 May 2003 13:17:02 -0400 From: Barney Wolff To: Mike Silbersack Message-ID: <20030528171702.GA5515@pit.databus.com> References: <20030528155914.GA4573@pit.databus.com> <20030528115405.M39182@odysseus.silby.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030528115405.M39182@odysseus.silby.com> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang) cc: freebsd-net@freebsd.org Subject: Re: [dab@BSDI.COM: Re: [e2e] TCP-SYN and delayed TCB allocation] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 17:17:04 -0000 On Wed, May 28, 2003 at 12:02:34PM -0500, Mike Silbersack wrote: Thanks Mike. I'll go read the code before forming an opinion of my own. > If you want to arrange a syn-floodoff, I'd be interested in seeing the > results. :) I can test against Linux, but don't own any bsdi boxes, and probably should not pick a victim at random. :) Regards, Barney -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Wed May 28 10:28:55 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B8A8E37B401 for ; Wed, 28 May 2003 10:28:55 -0700 (PDT) Received: from mail12.uunet.ca (mail12.uunet.ca [142.77.1.49]) by mx1.FreeBSD.org (Postfix) with ESMTP id F1BC143FBF for ; Wed, 28 May 2003 10:28:52 -0700 (PDT) (envelope-from kfl@xiphos.ca) Received: from tick ([216.95.199.148]) by mail12.uunet.ca with SMTP id <94157-12743>; Wed, 28 May 2003 13:22:21 -0400 From: "kfl" To: "freebsd - net" Date: Wed, 28 May 2003 13:32:14 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Subject: TCP for transaction X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 17:28:56 -0000 Hi, Here is a tcpdump output from one FreeBSD box with TCP for transaction enabled and a client supporting the NOPUSH setsockopt with a windows box: 19:00:15.357281 192.168.3.200.1247 > 192.168.2.7.microsoft-ds: SP 4208572194:420 8572331(137) win 65535 (DF) 19:00:15.357514 192.168.2.7.microsoft-ds > 192.168.3.200.1247: S 2795532295:2795 532295(0) ack 4208572195 win 61680 (DF) 19:00:15.357911 192.168.3.200.1247 > 192.168.2.7.microsoft-ds: . ack 1 win 52560 (DF) 19:00:18.356736 192.168.3.200.1247 > 192.168.2.7.microsoft-ds: P 1:138(137) ack 1 win 52560 (DF) 19:00:18.357465 192.168.2.7.microsoft-ds > 192.168.3.200.1247: P 1:90(89) ack 13 8 win 61646 (DF) 19:00:18.456659 192.168.3.200.1247 > 192.168.2.7.microsoft-ds: . ack 90 win 5256 0 (DF) 19:00:20.611227 192.168.3.200.1247 > 192.168.2.7.microsoft-ds: P 138:336(198) ac k 90 win 52560 (DF) 19:00:20.612037 192.168.2.7.microsoft-ds > 192.168.3.200.1247: P 90:359(269) ack 336 win 61597 (DF) I see two problems here (in fact its only one problem with a side effect): 1) When sending the ccnew option T/TCP send data with it. 2) As a results the sender times out and retransmit at 19:00:18.356736 adding 3 seconds to the connection data transfer. Now, in the rfc1644 it is stipulated that a host can send data with the cc.new option. I am a bit confused here since T/TCP should accelerate data transfer for small transaction (saving 1 RTT) and not timing out if the destination host does not support it. I think we should avoid sending data with the cc.new option. Any thoughs? Karim. From owner-freebsd-net@FreeBSD.ORG Wed May 28 10:28:56 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A37337B401 for ; Wed, 28 May 2003 10:28:56 -0700 (PDT) Received: from mail12.uunet.ca (mail12.uunet.ca [142.77.1.49]) by mx1.FreeBSD.org (Postfix) with ESMTP id D414743F93 for ; Wed, 28 May 2003 10:28:55 -0700 (PDT) (envelope-from kfl@xiphos.ca) Received: from tick ([216.95.199.148]) by mail12.uunet.ca with SMTP id <93884-11674>; Wed, 28 May 2003 13:18:21 -0400 From: "kfl" To: "freebsd - net" Date: Wed, 28 May 2003 13:28:16 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Subject: TCP for transaction X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 17:28:56 -0000 Hi, Here is a tcpdump output from one FreeBSD box with TCP for transaction enabled and a client supporting the NOPUSH setsockopt with a windows box: 19:00:15.357281 192.168.3.200.1247 > 192.168.2.7.microsoft-ds: SP 4208572194:420 8572331(137) win 65535 (DF) 19:00:15.357514 192.168.2.7.microsoft-ds > 192.168.3.200.1247: S 2795532295:2795 532295(0) ack 4208572195 win 61680 (DF) 19:00:15.357911 192.168.3.200.1247 > 192.168.2.7.microsoft-ds: . ack 1 win 52560 (DF) 19:00:18.356736 192.168.3.200.1247 > 192.168.2.7.microsoft-ds: P 1:138(137) ack 1 win 52560 (DF) 19:00:18.357465 192.168.2.7.microsoft-ds > 192.168.3.200.1247: P 1:90(89) ack 13 8 win 61646 (DF) 19:00:18.456659 192.168.3.200.1247 > 192.168.2.7.microsoft-ds: . ack 90 win 5256 0 (DF) 19:00:20.611227 192.168.3.200.1247 > 192.168.2.7.microsoft-ds: P 138:336(198) ac k 90 win 52560 (DF) 19:00:20.612037 192.168.2.7.microsoft-ds > 192.168.3.200.1247: P 90:359(269) ack 336 win 61597 (DF) I see two problems here (in fact its only one problem with a side effect): 1) When sending the ccnew option T/TCP send data with it. 2) As a results the sender times out and retransmit at 19:00:18.356736 adding 3 seconds to the connection data transfer. Now, in the rfc1644 it is stipulated that a host can send data with the cc.new option. I am a bit confused here since T/TCP should accelerate data transfer for small transaction (saving 1 RTT) and not timing out if the destination host does not support it. I think we should avoid sending data with the cc.new option. Any thoughs? Karim Fodil-Lemelin Network Engineering. Xiphos Technologies www.xiphos.com From owner-freebsd-net@FreeBSD.ORG Wed May 28 11:22:17 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C29B37B401 for ; Wed, 28 May 2003 11:22:17 -0700 (PDT) Received: from park.rambler.ru (park.rambler.ru [81.19.64.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 156B843F85 for ; Wed, 28 May 2003 11:22:16 -0700 (PDT) (envelope-from is@rambler-co.ru) Received: from is.park.rambler.ru (is.park.rambler.ru [81.19.64.102]) by park.rambler.ru (8.12.6/8.12.6) with ESMTP id h4SIMEmF049560; Wed, 28 May 2003 22:22:14 +0400 (MSD) Date: Wed, 28 May 2003 22:22:14 +0400 (MSD) From: Igor Sysoev X-Sender: is@is To: Garrett Wollman In-Reply-To: <200305281607.h4SG7SwR049542@khavrinen.lcs.mit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: turning off TCP_NOPUSH X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 18:22:17 -0000 On Wed, 28 May 2003, Garrett Wollman wrote: > < said: > > > always calls tcp_output() when TCP_NOPUSH is turned off. I think > > tcp_output() should be called only if data in the send buffer is less > > than MSS: > > I believe that this is intentional. The application had to explicitly > enable TCP_NOPUSH, so if the application disables it explicitly, then > we interpret that as meaning that the application wants to send a PSH > segment immediately. As I understand if the data in the send buffer is bigger than MSS it means that TCP stack has some reason not to send it and this reason is not TF_NOPUSH flag. Am I wrong ? Igor Sysoev http://sysoev.ru/en/ From owner-freebsd-net@FreeBSD.ORG Wed May 28 11:41:43 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1C8B337B401 for ; Wed, 28 May 2003 11:41:43 -0700 (PDT) Received: from 66-162-33-178.gen.twtelecom.net (66-162-33-181.gen.twtelecom.net [66.162.33.181]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E6BD43F3F for ; Wed, 28 May 2003 11:41:42 -0700 (PDT) (envelope-from steve@expertcity.com) Received: from [10.4.10.142] (helo=expertcity.com) by 66-162-33-178.gen.twtelecom.net with esmtp (Exim 3.22 #4) id 19L5rq-0005fI-00 for freebsd-net@freebsd.org; Wed, 28 May 2003 11:41:42 -0700 Message-ID: <3ED502E5.1060001@expertcity.com> Date: Wed, 28 May 2003 11:41:41 -0700 From: Steve Francis User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4a) Gecko/20030401 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Side effect of net.inet.tcp.rexmit_min? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 18:41:43 -0000 On testing a 4.8 Free BSD system for short connections (basically a single HTTP get, then close of the connection), we found big differences from 4.6. The 4.6 BSD system would comfortably do over 6000 connections per second- the 4.8 system was only doing about 4000/sec, and also fluctuating wildly in its rate, even though not CPU or NIC loaded. (The 4.8 is a faster machine with gig nics, cf the 4.6 which was 100Mbps.) The behaviour of the 4.8 machine was made equal to the 4.6 machine (over 6000 connections/sec, limited by our test bed) by changing net.inet.tcp.rexmit_min from default 1000 to 10. However, all testing is on a LAN, and packet loss, AFAIK, is zero. (Flood ping shows no loss; switch ports show no errors; netstat -sptcp show a very small number of retransmissions (See below); a tcptrace ran against tcpdump while net.inet.tcp.rexmit_min was 1000 reports no retranmissions.) So why should changing net.inet.tcp.rexmit_min have any impact on a lossless LAN? Any help appreciated as to what further info I can collect to diagnose this.. Thanks netstat -sptcp tcp: 205678066 packets sent 51416973 data packets (3553577611 bytes) 474 data packets (30344 bytes) retransmitted 0 resends initiated by MTU discovery 102843980 ack-only packets (75 delayed) 0 URG only packets 0 window probe packets 0 window update packets 51416642 control packets 287817734 packets received 133565842 acks (for 3656410968 bytes) 14930 duplicate acks 0 acks for unsent data 102833595 packets (3826892727 bytes) received in-sequence 1177 completely duplicate packets (2370 bytes) 0 old duplicate packets 0 packets with some dup. data (0 bytes duped) 0 out-of-order packets (0 bytes) 51416434 packets (0 bytes) of data after window 0 window probes 51403368 window update packets 0 packets received after close 0 discarded for bad checksums 0 discarded for bad header offset fields 0 discarded because packet too short 12 connection requests 51416620 connection accepts 0 bad connection attempts 0 listen queue overflows 51416629 connections established (including accepts) 51424590 connections closed (including 0 drops) 5 connections updated cached RTT on close 5 connections updated cached RTT variance on close 0 connections updated cached ssthresh on close 0 embryonic connections dropped 133565841 segments updated rtt (of 51417199 attempts) 9788 retransmit timeouts 0 connections dropped by rexmit timeout 0 persist timeouts 0 connections dropped by persist timeout 9 keepalive timeouts 9 keepalive probes sent 0 connections dropped by keepalive 9 correct ACK header predictions 51416725 correct data packet header predictions 51416620 syncache entries added 191 retransmitted 122 dupsyn 0 dropped 51416620 completed 0 bucket overflow 0 cache overflow 0 reset 0 stale 0 aborted 0 badack 0 unreach 0 zone failures 0 cookies sent 0 cookies received From owner-freebsd-net@FreeBSD.ORG Wed May 28 11:58:39 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 79F8137B401 for ; Wed, 28 May 2003 11:58:39 -0700 (PDT) Received: from mxg1.impsat.com.ar (mxg1.impsat.com.ar [200.0.195.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id 494CD43FAF for ; Wed, 28 May 2003 11:58:38 -0700 (PDT) (envelope-from dverzolla@impsat.com.br) Received: by ARG-GATEWAY with Internet Mail Service (5.5.2653.19) id ; Wed, 28 May 2003 15:59:16 -0300 Message-ID: From: "BRA-SAO-Verzolla,David" To: net@freebsd.org Date: Wed, 28 May 2003 15:54:37 -0300 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Subject: Linkproof or Fatpipe with FreeBSD? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 18:58:39 -0000 Hi, Does anybody know if there is possible to make a clone of these hardwares with a FreeBSD box? (set of scripts + ipfw + ... )? http://www.westlakecom.com/linkproof.htm http://www.fatpipeinc.com Tks David Verzolla From owner-freebsd-net@FreeBSD.ORG Wed May 28 12:19:21 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 49CB737B401 for ; Wed, 28 May 2003 12:19:21 -0700 (PDT) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 82AFF43F3F for ; Wed, 28 May 2003 12:19:20 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: from khavrinen.lcs.mit.edu (localhost [IPv6:::1]) by khavrinen.lcs.mit.edu (8.12.9/8.12.9) with ESMTP id h4SJJJVo050589 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 28 May 2003 15:19:19 -0400 (EDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.12.9/8.12.9/Submit) id h4SJJI5h050586; Wed, 28 May 2003 15:19:18 -0400 (EDT) (envelope-from wollman) Date: Wed, 28 May 2003 15:19:18 -0400 (EDT) From: Garrett Wollman Message-Id: <200305281919.h4SJJI5h050586@khavrinen.lcs.mit.edu> To: Igor Sysoev In-Reply-To: References: <200305281607.h4SG7SwR049542@khavrinen.lcs.mit.edu> X-Spam-Score: -19.8 () IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang) cc: freebsd-net@freebsd.org Subject: Re: turning off TCP_NOPUSH X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 19:19:21 -0000 < said: > As I understand if the data in the send buffer is bigger than MSS it means > that TCP stack has some reason not to send it and this reason is not > TF_NOPUSH flag. Am I wrong ? If TCP is for some reason prohibited from sending (i.e., the flow control or congestion control is closed), then tcp_output() will do nothing (except perhaps send a window update if necessary). If TCP is allowed to send data, then tcp_output() will send the data immediately, which is what we want. -GAWollman From owner-freebsd-net@FreeBSD.ORG Wed May 28 13:22:09 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A54B037B401 for ; Wed, 28 May 2003 13:22:09 -0700 (PDT) Received: from mail.hydromel.org (merlin.hydromel.org [212.254.187.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7908E43F3F for ; Wed, 28 May 2003 13:22:07 -0700 (PDT) (envelope-from fbsd@hydromel.org) Received: (qmail 12326 invoked by uid 89); 28 May 2003 19:20:01 -0000 Received: from unknown (HELO hydromel.org) (192.168.1.30) by merlin01.avalon.avl with SMTP; 28 May 2003 19:20:01 -0000 Message-ID: <3ED50BF8.1030500@hydromel.org> Date: Wed, 28 May 2003 21:20:24 +0200 From: "L. R." User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3) Gecko/20030312 X-Accept-Language: fr, en MIME-Version: 1.0 To: freebsd - net X-Enigmail-Version: 0.74.3.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Install from lan ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 20:22:09 -0000 Hi folks, I have quite a lot of computers to install FreeBSD on. I only have floppies on'em, no cd-rom drive. I was planning to do a local network mirror of the needed files for a network installation. What shall I D/L ? What size would it use ? I only need a "fresh" install with the minimal system, the rest would be installed from network too. Thx ! From owner-freebsd-net@FreeBSD.ORG Wed May 28 13:44:58 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6471137B401 for ; Wed, 28 May 2003 13:44:58 -0700 (PDT) Received: from fepY.post.tele.dk (fepy.post.tele.dk [195.41.46.233]) by mx1.FreeBSD.org (Postfix) with ESMTP id D51CC43FBD for ; Wed, 28 May 2003 13:44:56 -0700 (PDT) (envelope-from mlists@daydreamer.dk) Received: from dpws ([80.161.205.30]) by fepY.post.tele.dk (InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with SMTP id <20030528204453.RSMD435.fepY.post.tele.dk@dpws>; Wed, 28 May 2003 22:44:53 +0200 Message-ID: <002101c3255a$1c626280$0301a8c0@dpws> From: "Dennis Pedersen" To: "Don Bowman" , References: Date: Wed, 28 May 2003 22:45:42 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4920.2300 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300 Subject: Re: Spontan reboot of FreeBSD 4,x box X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 20:44:58 -0000 ----- Original Message ----- From: "Don Bowman" To: "'Dennis Pedersen'" ; Sent: Wednesday, May 28, 2003 3:56 PM Subject: RE: Spontan reboot of FreeBSD 4,x box > > From: Dennis Pedersen [mailto:mlists@daydreamer.dk] > > > > I have a couple of FreeBSD 4,4 and one 4,7 that are beeing > > used as firewalls > > in different locations. > > Lately i haven noticed that one of the firewall's was > > starting to reboot at > > a certin time of the day (give or take maybe 10min). > > The time it resets wouldn't correlate to the periodic (e.g. > 3am) would it? On one of the box´s that fits yeah.. What am i missing? cron_enable is set to no in rc.conf and the cron deamon isnt running? Regards, Dennis From owner-freebsd-net@FreeBSD.ORG Wed May 28 13:49:58 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 676DD37B401 for ; Wed, 28 May 2003 13:49:58 -0700 (PDT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id AEBCF43FA3 for ; Wed, 28 May 2003 13:49:57 -0700 (PDT) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19) id ; Wed, 28 May 2003 16:49:56 -0400 Message-ID: From: Don Bowman To: 'Dennis Pedersen' , Don Bowman , freebsd-net@FreeBSD.org Date: Wed, 28 May 2003 16:49:47 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: Spontan reboot of FreeBSD 4,x box X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 20:49:58 -0000 well, I would speculate that your /etc/periodic is running @ 3am doing things like looking for setuid files, pruning /tmp, etc, which sparks up some disk activity, forks a few processes, walks the filesystem, etc, which is tripping some=20 bug you have in the kernel, or bad memory. [i have a version of memtest86 which can be loaded from 'loader' and placed on a fbsd file system if you wish to try the bad memory theory conveniently]. I have a similar problem in 4.7 that occurs once in a while @ 3:01am which seems to randomly corrupt memory. I've been chasing it for a while but is hasn't been reproducible enough to find. This is pure speculation. man 8 periodic see /etc/periodic.conf > -----Original Message----- > From: Dennis Pedersen [mailto:mlists@daydreamer.dk] > Sent: May 28, 2003 16:46 > To: Don Bowman; freebsd-net@FreeBSD.org > Subject: Re: Spontan reboot of FreeBSD 4,x box >=20 >=20 >=20 > ----- Original Message ----- > From: "Don Bowman" > To: "'Dennis Pedersen'" ;=20 > > Sent: Wednesday, May 28, 2003 3:56 PM > Subject: RE: Spontan reboot of FreeBSD 4,x box >=20 >=20 > > > From: Dennis Pedersen [mailto:mlists@daydreamer.dk] > > > > > > I have a couple of FreeBSD 4,4 and one 4,7 that are beeing > > > used as firewalls > > > in different locations. > > > Lately i haven noticed that one of the firewall's was > > > starting to reboot at > > > a certin time of the day (give or take maybe 10min). > > > > The time it resets wouldn't correlate to the periodic (e.g. > > 3am) would it? >=20 > On one of the box=B4s that fits yeah.. > What am i missing? > cron_enable is set to no in rc.conf and the cron deamon isnt running? >=20 >=20 > Regards, > Dennis >=20 From owner-freebsd-net@FreeBSD.ORG Wed May 28 14:04:06 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3F2D637B401 for ; Wed, 28 May 2003 14:04:06 -0700 (PDT) Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 98B5243F3F for ; Wed, 28 May 2003 14:04:05 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org (12-234-159-107.client.attbi.com[12.234.159.107]) by attbi.com (rwcrmhc51) with ESMTP id <2003052821040505100h6p2de>; Wed, 28 May 2003 21:04:05 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.8p1/8.12.3) with ESMTP id h4SL44ki004406; Wed, 28 May 2003 14:04:04 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.8p1/8.12.8/Submit) id h4SL3xIB004405; Wed, 28 May 2003 14:03:59 -0700 (PDT) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Wed, 28 May 2003 14:03:59 -0700 From: "Crist J. Clark" To: Paul Chvostek Message-ID: <20030528210359.GA3907@blossom.cjclark.org> References: <20030528045154.GA95572@mail.it.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030528045154.GA95572@mail.it.ca> User-Agent: Mutt/1.4.1i X-URL: http://people.freebsd.org/~cjc/ cc: freebsd-net@freebsd.org Subject: Re: ipfw rules vs routes to localhost? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Crist J. Clark" List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 21:04:06 -0000 On Wed, May 28, 2003 at 12:51:54AM -0400, Paul Chvostek wrote: > > I'm considering: > > ipfw add N deny ip from a.b.c.d to any > > vs. > > route add -host a.b.c.d localhost > > I need to block traffic to a number of IP addresses. I thought I'd use > ipfw to avoid things like UDP DNS lookups that might come in ant take up > resources while my system tried to respond, but it's been suggested on > another list that setting routes to localhost will use less resources. > Ideally, I'd like to be able to block a few tens of thousands of IPs. > > What's the scoop? Someone is assumng the old rule for blocking traffic on a (Cisco) router applies to the FreeBSD stack. It doesn't necessarily apply. First off, blocking it in ipfw rules is obviously more efficient if you are running ipfw(8) already. If you wouldn't be otherwise running ipfw(8) at all, there _may_ be some gain. Packets blocked by ipfw(8) get dropped very early in ip_input(), which is good, but _all_ packets have to go through ipfw(8), and we usually assume the majority of packets are "good" ones. So, the second case, adding the route, doesn't add much overhead to the processing of good packets, but does greatly increase the resources used before you toss out bad ones. You may end up using fewer resources if there are only a few bad ones relative to the good. IMHO, if this machine is a firewall, use the right tool for firewalling, ipfw(8). Are you short on resources in the first place? If you are really pushing this machine's routing capabilities to its max, you might be in need of an OS and hardware designed solely for routing. Tinkering with ipfw(8) versus blackhole routes probably is not the way to solve the problem. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org From owner-freebsd-net@FreeBSD.ORG Wed May 28 14:05:11 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 876F637B401 for ; Wed, 28 May 2003 14:05:11 -0700 (PDT) Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id E1C0D43F3F for ; Wed, 28 May 2003 14:05:09 -0700 (PDT) (envelope-from julian@elischer.org) Received: from interjet.elischer.org (12-232-168-4.client.attbi.com[12.232.168.4]) by attbi.com (sccrmhc02) with ESMTP id <2003052821050800200eute9e>; Wed, 28 May 2003 21:05:09 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id OAA38304; Wed, 28 May 2003 14:05:08 -0700 (PDT) Date: Wed, 28 May 2003 14:05:06 -0700 (PDT) From: Julian Elischer To: "BRA-SAO-Verzolla,David" In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: net@freebsd.org Subject: Re: Linkproof or Fatpipe with FreeBSD? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 21:05:11 -0000 On Wed, 28 May 2003, BRA-SAO-Verzolla,David wrote: > Hi, Does anybody know if there is possible to make a clone of these > hardwares with a FreeBSD box? (set of scripts + ipfw + ... )? > > http://www.westlakecom.com/linkproof.htm > http://www.fatpipeinc.com > Yes I have done similar: Basically: set up two machines. one at each end of the vpn. order two links to the internet, from two different national ISPS Say for example, that we use Sprint and AT&T, then packets going from the sprint connection at one site will stay totally within the sprint network while traversing to the sprint connection at the other site. Similarly the AT&T packests will stay within AT&T whe whole path. The I set up ipsec so that there is a security association between each pair of matching interfaces. I run racoon, set up to keep the conections running on different keys. I only allow UDP packets to teh far end to be encrypted. all else discarded. Now I set the firewall (ipfw) to block ALL packets in and out of the interfaces except for IPSEC (ESP) packets (and udp-500.. IKE) that are going to or coming from teh other end.. all other packets are rejected. I then run mpd (from ports) running in multilink mode and I set its link type to be via UDP sockets. The UDP sockets are 'connected' to fixed ports at the far end. Mpd creates an 'ng0' interface. I assign an 10.x.x.x address to each ng interface and set up the routes in teh mpd setup so that the route to each site is via the ng0 interface.... Mpd will automatically fail-over to using only one of the links if the other goes down, and it will start using it again when it comes back again. If I wanted to use mpd's encryption, then I would have double encryption.. /-[udp-socket]---[IPSEC]--[ISP1]--- [local-net]<-->[mpd] \-[udp-socket]---[IPSEC]--[ISP2]--- I started to write a netgraph node to do the job of mpd but I never got good enough behaviour out of it.. it would be possible but I ran out of time.. Mpd does the job ok and it does things like set up the routes.. Julian From owner-freebsd-net@FreeBSD.ORG Wed May 28 14:40:48 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA65D37B401; Wed, 28 May 2003 14:40:48 -0700 (PDT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id A1CDF43F93; Wed, 28 May 2003 14:40:47 -0700 (PDT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.9/8.12.9) with ESMTP id h4SLel9r009206; Wed, 28 May 2003 17:40:47 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9/8.12.9/Submit) id h4SLekKG009205; Wed, 28 May 2003 17:40:46 -0400 (EDT) Date: Wed, 28 May 2003 17:40:46 -0400 From: Barney Wolff To: "Crist J. Clark" Message-ID: <20030528214046.GA9084@pit.databus.com> References: <20030528045154.GA95572@mail.it.ca> <20030528210359.GA3907@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030528210359.GA3907@blossom.cjclark.org> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang) cc: freebsd-net@freebsd.org Subject: Re: ipfw rules vs routes to localhost? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 21:40:49 -0000 On Wed, May 28, 2003 at 02:03:59PM -0700, Crist J. Clark wrote: > On Wed, May 28, 2003 at 12:51:54AM -0400, Paul Chvostek wrote: > > > > I'm considering: > > > > ipfw add N deny ip from a.b.c.d to any > > > > vs. > > > > route add -host a.b.c.d localhost > > > > I need to block traffic to a number of IP addresses. I thought I'd use > > ipfw to avoid things like UDP DNS lookups that might come in ant take up > > resources while my system tried to respond, but it's been suggested on > > another list that setting routes to localhost will use less resources. > > Ideally, I'd like to be able to block a few tens of thousands of IPs. > > > > What's the scoop? > > Someone is assumng the old rule for blocking traffic on a (Cisco) > router applies to the FreeBSD stack. It doesn't necessarily apply. > > First off, blocking it in ipfw rules is obviously more efficient if > you are running ipfw(8) already. Can ipfw really handle "tens of thousands" of rules efficiently? I'd hate to implement a trie with ipfw skipto rules, but that's the only way ipfw could block that many individual IPs efficiently. But there's a more fundamental problem: The two choices above do different things. The ipfw rule drops inbound packets, while the route drops outbound packets. If the threat is connections from outside, the route solution converts each of these into a DoS attempt. If the threat is internal users connecting to banned sites, the ipfw rule should be written as "from any to a.b.c.d." In the latter case the route solution looks good. If I had to do this inbound, I'd look at netgraph as a way to put custom code in the kernel that looks up the source IP addr in a hash table. But the hard part will be updating the table of banned IPs and informing the kernel. How often must the table change? -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Wed May 28 14:48:26 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BAA3337B401 for ; Wed, 28 May 2003 14:48:26 -0700 (PDT) Received: from sccrmhc03.attbi.com (sccrmhc03.attbi.com [204.127.202.63]) by mx1.FreeBSD.org (Postfix) with ESMTP id E8C3443F75 for ; Wed, 28 May 2003 14:48:25 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org (12-234-159-107.client.attbi.com[12.234.159.107]) by attbi.com (sccrmhc03) with ESMTP id <2003052821482400300e296ce>; Wed, 28 May 2003 21:48:24 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.8p1/8.12.3) with ESMTP id h4SLmNki004518 for ; Wed, 28 May 2003 14:48:23 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.8p1/8.12.8/Submit) id h4SLmMJU004517 for freebsd-net@freebsd.org; Wed, 28 May 2003 14:48:22 -0700 (PDT) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Wed, 28 May 2003 14:48:22 -0700 From: "Crist J. Clark" To: freebsd-net@freebsd.org Message-ID: <20030528214822.GB3907@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i X-URL: http://people.freebsd.org/~cjc/ Subject: Merging Non-Back-Compatible setkey(8) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Crist J. Clark" List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 21:48:27 -0000 I sent a PR into the KAME guys a few weeks back about an issue with setkey(8). The issue is that setkey(8) refers to the NULL encryption algorithm by the rather misleading name, 'simple.' I'd hoped they'd patch it in a back-compatible way, so that 'simple' still would work, but they've just swapped 'simple' for 'null' in the code. So now I'm trying to decide what to do, stay close to the vendor and merge their change, add a hack that accepts both, or leave it for someone else to worry about when they next sync stuff with KAME. My personal lean is that 'simple,' now known as 'null,' should only really be used as a debugging tool so we wouldn't be breaking many, if any at all, existing installations. I should go ahead and merge it into -CURRENT and -STABLE (honoring any code freezes of course) as-is. So, my reason for writing is, is anyone aware of wide-spread use of the NULL encryption algorithm in confguration file that will get broken by such a change? -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org From owner-freebsd-net@FreeBSD.ORG Wed May 28 15:12:26 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A6A7437B401; Wed, 28 May 2003 15:12:26 -0700 (PDT) Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2AA1143FAF; Wed, 28 May 2003 15:12:26 -0700 (PDT) (envelope-from julian@elischer.org) Received: from interjet.elischer.org (12-232-168-4.client.attbi.com[12.232.168.4]) by attbi.com (rwcrmhc53) with ESMTP id <2003052822122505300b48l4e>; Wed, 28 May 2003 22:12:25 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id PAA38721; Wed, 28 May 2003 15:12:25 -0700 (PDT) Date: Wed, 28 May 2003 15:12:24 -0700 (PDT) From: Julian Elischer To: Barney Wolff In-Reply-To: <20030528214046.GA9084@pit.databus.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: ipfw rules vs routes to localhost? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 22:12:27 -0000 On Wed, 28 May 2003, Barney Wolff wrote: > On Wed, May 28, 2003 at 02:03:59PM -0700, Crist J. Clark wrote: > > First off, blocking it in ipfw rules is obviously more efficient if > > you are running ipfw(8) already. > > Can ipfw really handle "tens of thousands" of rules efficiently? > I'd hate to implement a trie with ipfw skipto rules, but that's the > only way ipfw could block that many individual IPs efficiently. I once wrote a script to generate a skipto tree. Any packet hit at most 33 rules.. :-) problem was running out of ipfw line numbers.. :-) > > But there's a more fundamental problem: The two choices above do > different things. The ipfw rule drops inbound packets, while the > route drops outbound packets. If the threat is connections from outside, > the route solution converts each of these into a DoS attempt. If the > threat is internal users connecting to banned sites, the ipfw rule > should be written as "from any to a.b.c.d." In the latter case the > route solution looks good. > > If I had to do this inbound, I'd look at netgraph as a way to put > custom code in the kernel that looks up the source IP addr in a > hash table. I've done that too :-) > > But the hard part will be updating the table of banned IPs and informing > the kernel. How often must the table change? From owner-freebsd-net@FreeBSD.ORG Wed May 28 15:28:55 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 52AD337B401 for ; Wed, 28 May 2003 15:28:55 -0700 (PDT) Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3B33D43F93 for ; Wed, 28 May 2003 15:28:54 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org (12-234-159-107.client.attbi.com[12.234.159.107]) by attbi.com (rwcrmhc53) with ESMTP id <2003052822285305300qkapfe>; Wed, 28 May 2003 22:28:53 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.8p1/8.12.3) with ESMTP id h4SMSrki004643; Wed, 28 May 2003 15:28:53 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.8p1/8.12.8/Submit) id h4SMSqlj004642; Wed, 28 May 2003 15:28:52 -0700 (PDT) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Wed, 28 May 2003 15:28:52 -0700 From: "Crist J. Clark" To: Barney Wolff Message-ID: <20030528222852.GD3907@blossom.cjclark.org> References: <20030528045154.GA95572@mail.it.ca> <20030528210359.GA3907@blossom.cjclark.org> <20030528214046.GA9084@pit.databus.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030528214046.GA9084@pit.databus.com> User-Agent: Mutt/1.4.1i X-URL: http://people.freebsd.org/~cjc/ cc: freebsd-net@freebsd.org Subject: Re: ipfw rules vs routes to localhost? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: cjclark@alum.mit.edu List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 22:28:55 -0000 On Wed, May 28, 2003 at 05:40:46PM -0400, Barney Wolff wrote: > On Wed, May 28, 2003 at 02:03:59PM -0700, Crist J. Clark wrote: > > On Wed, May 28, 2003 at 12:51:54AM -0400, Paul Chvostek wrote: > > > > > > I'm considering: > > > > > > ipfw add N deny ip from a.b.c.d to any > > > > > > vs. > > > > > > route add -host a.b.c.d localhost > > > > > > I need to block traffic to a number of IP addresses. I thought I'd use > > > ipfw to avoid things like UDP DNS lookups that might come in ant take up > > > resources while my system tried to respond, but it's been suggested on > > > another list that setting routes to localhost will use less resources. > > > Ideally, I'd like to be able to block a few tens of thousands of IPs. > > > > > > What's the scoop? > > > > Someone is assumng the old rule for blocking traffic on a (Cisco) > > router applies to the FreeBSD stack. It doesn't necessarily apply. > > > > First off, blocking it in ipfw rules is obviously more efficient if > > you are running ipfw(8) already. > > Can ipfw really handle "tens of thousands" of rules efficiently? If we're talking about tens of thousands of hosts sparsely distributed through IP-space, I don't think either approach is very practical. > If I had to do this inbound, I'd look at netgraph as a way to put > custom code in the kernel that looks up the source IP addr in a > hash table. Writing something that uses pfil(9) might also be a lightweight way to do this. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org From owner-freebsd-net@FreeBSD.ORG Wed May 28 15:46:11 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D6CB137B404 for ; Wed, 28 May 2003 15:46:11 -0700 (PDT) Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4834743FA3 for ; Wed, 28 May 2003 15:46:11 -0700 (PDT) (envelope-from julian@elischer.org) Received: from interjet.elischer.org (12-232-168-4.client.attbi.com[12.232.168.4]) by attbi.com (rwcrmhc51) with ESMTP id <2003052822461005100r80ble>; Wed, 28 May 2003 22:46:10 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id PAA38958; Wed, 28 May 2003 15:46:10 -0700 (PDT) Date: Wed, 28 May 2003 15:46:08 -0700 (PDT) From: Julian Elischer To: Bruce M Simpson In-Reply-To: <20030528224226.GB32325@spc.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Garrett Wollman cc: net@freebsd.org Subject: Re: A problem with too many network interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 22:46:12 -0000 On Wed, 28 May 2003, Bruce M Simpson wrote: > On Tue, May 27, 2003 at 11:24:52AM -0700, Julian Elischer wrote: > > On Tue, 27 May 2003, Garrett Wollman wrote: > > > net.route.iflist has been in FreeBSD since 2.0. > > I think that it needs more documentation.. > > by which I mean it should be referenced in more places. > > I only know it exists by "accident" (saw the commit). > > I'm running -CURRENT.. and:- > saboteur:~ % sysctl -d -a | grep iflist > Exit 1 > > This worries me because I'm sure I've seen this sysctl before. > There is net.link.generic.system.ifcount, and that's about it! mibs can be set up to indicate whether sysctl(1) should report them. this one is set to not be reported.. it is for "binary use only" so to speak.. > > BMS > From owner-freebsd-net@FreeBSD.ORG Wed May 28 15:50:38 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4869137B401 for ; Wed, 28 May 2003 15:50:38 -0700 (PDT) Received: from web14206.mail.yahoo.com (web14206.mail.yahoo.com [216.136.173.70]) by mx1.FreeBSD.org (Postfix) with SMTP id 8BBB443F85 for ; Wed, 28 May 2003 15:50:37 -0700 (PDT) (envelope-from neelnatu@yahoo.com) Message-ID: <20030528225037.91756.qmail@web14206.mail.yahoo.com> Received: from [208.2.250.35] by web14206.mail.yahoo.com via HTTP; Wed, 28 May 2003 15:50:37 PDT Date: Wed, 28 May 2003 15:50:37 -0700 (PDT) From: Neelkanth Natu To: "Crist J. Clark" , Paul Chvostek In-Reply-To: <20030528210359.GA3907@blossom.cjclark.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-net@freebsd.org Subject: Re: ipfw rules vs routes to localhost? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 22:50:38 -0000 --- "Crist J. Clark" wrote: > On Wed, May 28, 2003 at 12:51:54AM -0400, Paul Chvostek wrote: > > > > I'm considering: > > > > ipfw add N deny ip from a.b.c.d to any > > > > vs. > > > > route add -host a.b.c.d localhost If you do decide to go with the "route-to-localhost" approach, you might want to add the "-blackhole" modifier so that the packets are dropped in looutput(). Otherwise they would unnecessarily go up the stack before being dropped in ip_input(). best Neel > > > > I need to block traffic to a number of IP addresses. I thought I'd use > > ipfw to avoid things like UDP DNS lookups that might come in ant take up > > resources while my system tried to respond, but it's been suggested on > > another list that setting routes to localhost will use less resources. > > Ideally, I'd like to be able to block a few tens of thousands of IPs. > > > > What's the scoop? > > Someone is assumng the old rule for blocking traffic on a (Cisco) > router applies to the FreeBSD stack. It doesn't necessarily apply. > > First off, blocking it in ipfw rules is obviously more efficient if > you are running ipfw(8) already. > > If you wouldn't be otherwise running ipfw(8) at all, there _may_ be > some gain. Packets blocked by ipfw(8) get dropped very early in > ip_input(), which is good, but _all_ packets have to go through > ipfw(8), and we usually assume the majority of packets are "good" > ones. So, the second case, adding the route, doesn't add much overhead > to the processing of good packets, but does greatly increase the > resources used before you toss out bad ones. You may end up using > fewer resources if there are only a few bad ones relative to the > good. > > IMHO, if this machine is a firewall, use the right tool for > firewalling, ipfw(8). Are you short on resources in the first place? > If you are really pushing this machine's routing capabilities to its > max, you might be in need of an OS and hardware designed solely for > routing. Tinkering with ipfw(8) versus blackhole routes probably is > not the way to solve the problem. > -- > Crist J. Clark | cjclark@alum.mit.edu > | cjclark@jhu.edu > http://people.freebsd.org/~cjc/ | cjc@freebsd.org > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" __________________________________ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com From owner-freebsd-net@FreeBSD.ORG Wed May 28 16:32:08 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D12D537B401 for ; Wed, 28 May 2003 16:32:08 -0700 (PDT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0D40F43F3F for ; Wed, 28 May 2003 16:32:08 -0700 (PDT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.9/8.12.9) with ESMTP id h4SNW69r010434; Wed, 28 May 2003 19:32:06 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9/8.12.9/Submit) id h4SNW6NF010433; Wed, 28 May 2003 19:32:06 -0400 (EDT) Date: Wed, 28 May 2003 19:32:06 -0400 From: Barney Wolff To: cjclark@alum.mit.edu Message-ID: <20030528233206.GA10255@pit.databus.com> References: <20030528045154.GA95572@mail.it.ca> <20030528210359.GA3907@blossom.cjclark.org> <20030528214046.GA9084@pit.databus.com> <20030528222852.GD3907@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030528222852.GD3907@blossom.cjclark.org> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang) cc: freebsd-net@freebsd.org Subject: Re: ipfw rules vs routes to localhost? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 23:32:09 -0000 On Wed, May 28, 2003 at 03:28:52PM -0700, Crist J. Clark wrote: > > Writing something that uses pfil(9) might also be a lightweight way to > do this. Hmm, yes. But the problem of communicating the table to the kernel remains. Is there a natural BSD way to have a block of memory mapped both to kernel and user space? With SVR4 Streams, I'd probably use an ioctl to communicate. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Wed May 28 16:56:39 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C32FF37B401 for ; Wed, 28 May 2003 16:56:39 -0700 (PDT) Received: from relay2.softcomca.com (relay2.softcomca.com [168.144.1.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id EFD3B43F3F for ; Wed, 28 May 2003 16:56:38 -0700 (PDT) (envelope-from akanwar@digitarchy.com) Received: from M2W054.mail2web.com ([168.144.251.161]) by relay2.softcomca.com with Microsoft SMTPSVC(5.0.2195.5576); Wed, 28 May 2003 20:00:23 -0400 Message-ID: <63340-22003532823577384@M2W054.mail2web.com> X-Priority: 3 X-Originating-IP: 66.162.33.181 X-URL: http://mail2web.com/ From: "akanwar@digitarchy.com" To: freebsd-net@freebsd.org Date: Wed, 28 May 2003 19:57:07 -0400 MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-OriginalArrivalTime: 29 May 2003 00:00:23.0226 (UTC) FILETIME=[4D2641A0:01C32575] Subject: gratuitous ARP with em interface. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: akanwar@digitarchy.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 23:56:40 -0000 Hi all, =20 Is there a known issue with alias IPs on em interfaces not sending out gratuitous arps ? The situation is as follows: I am running a custom redundancy daemon that migrates the IP address of a= server from one interface to another in case the active network path fails= =2E Till now I was experimenting with two fxp interfaces and everything worked= perfectly=2E i=2Ee=2E when the ip address moved over (using a perl script = to run ifconfig commands) it sent out grat=2E arps for each of its alias IPs=2E T= his allowed the router to update its Arp table and talk to the newly active interface=2E Now when I try running the code with em (gigabit Ethernet over copper) NICs, I simply do not see the gratuitous arps come out of the new interfac= e=2E I am at a loss to understand what has changed=2E Could it be that the line= DOWN -> UP time of the em interface is longer thereby causing a loss of ARPs ? Any suggestions ? Thank you=2E =20 =20 -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web=2Ecom/ =2E From owner-freebsd-net@FreeBSD.ORG Wed May 28 20:45:37 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 22B3737B401; Wed, 28 May 2003 20:45:37 -0700 (PDT) Received: from smtp-relay.omnis.com (smtp-relay.omnis.com [216.239.128.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 977F243F3F; Wed, 28 May 2003 20:45:36 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.homeunix.net (66-91-236-204.san.rr.com [66.91.236.204]) by smtp-relay.omnis.com (Postfix) with ESMTP id 0C7DB1B51D; Wed, 28 May 2003 20:45:36 -0700 (PDT) From: Wes Peters Organization: Softweyr To: I.Tanusheff@procreditbank.com, "FreeBSD Net" , "FreeBSD Questions" Date: Wed, 28 May 2003 20:45:34 -0700 User-Agent: KMail/1.5.2 References: <03f301c324f3$4e683190$faf810ac@sof.procreditbank.bg> In-Reply-To: <03f301c324f3$4e683190$faf810ac@sof.procreditbank.bg> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200305282045.34282.wes@softweyr.com> Subject: Re: Cascading qmail servers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 03:45:37 -0000 On Wednesday 28 May 2003 01:29 am, Ivailo Tanusheff wrote: > Hi, > > I have some problem I can't deal with and maybe because of my not so > good English language skills I can't find in the mail archive. > > I have following configuration: a WAN network, with single internet > access point, protected by firewall and a mail server. I also have > several remote offices connected trough a 64K links, every one with > it's virtual mail sub-domain in form xxx.whatever.com. > > _office1.whatever.com > |{Mail server}<-office2.whatever.com > -officen.whatever.com > > > Because of the bandwidth of the mail traffic I'll need to install some > local mail servers in each office. My question is: how to configure the > main server and local servers in offices, so each mail send to > xxx.whatever.com, after receiving by mail.whatever.com to be forwarded > to the proper mail server. Keep in mind, that there are too many > accounts to make aliases for each. Also I'll need my users to send > e-mails trough their local mail servers in the organization and to > internet. And also I want to keep part of the e-mail accounts on the > main server for the whatever.com domain itself. Why qmail? -- Where am I, and what am I doing in this handbasket? Wes Peters wes@softweyr.com From owner-freebsd-net@FreeBSD.ORG Wed May 28 21:38:53 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D3B2C37B401; Wed, 28 May 2003 21:38:53 -0700 (PDT) Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [202.249.10.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id F0BDC43F75; Wed, 28 May 2003 21:38:52 -0700 (PDT) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from ocean.jinmei.org (shuttle.wide.toshiba.co.jp [3ffe:501:100f::35]) by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP id CD40A15248; Thu, 29 May 2003 13:38:51 +0900 (JST) Date: Thu, 29 May 2003 13:38:49 +0900 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: "Crist J. Clark" In-Reply-To: <20030528214822.GB3907@blossom.cjclark.org> References: <20030528214822.GB3907@blossom.cjclark.org> User-Agent: Wanderlust/2.10.0 (Venus) Emacs/21.3 Mule/5.0 (SAKAKI) Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan. MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Merging Non-Back-Compatible setkey(8) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 04:38:54 -0000 >>>>> On Wed, 28 May 2003 14:48:22 -0700, >>>>> "Crist J. Clark" said: > I sent a PR into the KAME guys a few weeks back about an issue with > setkey(8). The issue is that setkey(8) refers to the NULL encryption > algorithm by the rather misleading name, 'simple.' I'd hoped they'd > patch it in a back-compatible way, so that 'simple' still would work, > but they've just swapped 'simple' for 'null' in the code. We (KAME) provided backward compatibility, though the fix warned when the old name is specified. Our latest code works as follows: # /usr/local/v6/sbin/setkey -c << E_O_F heredoc> add 10.0.0.1 10.0.0.2 esp 123457 -E simple; heredoc> E_O_F line 1: WARNING: encryption algorithm is obsoleted. at [simple] # /usr/local/v6/sbin/setkey -D | head -10 10.0.0.1 10.0.0.2 esp mode=any spi=123457(0x0001e241) reqid=0(0x00000000) E: null seq=0x00000000 replay=0 flags=0x00000040 state=mature created: May 29 13:37:27 2003 current: May 29 13:37:52 2003 diff: 25(s) hard: 0(s) soft: 0(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0 hard: 0 soft: 0 sadb_seq=8 pid=14308 refcnt=1 JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp From owner-freebsd-net@FreeBSD.ORG Thu May 29 00:14:37 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 56B0137B401 for ; Thu, 29 May 2003 00:14:37 -0700 (PDT) Received: from smtp-relay.omnis.com (smtp-relay.omnis.com [216.239.128.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE3EA43F75 for ; Thu, 29 May 2003 00:14:36 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.homeunix.net (66-91-236-204.san.rr.com [66.91.236.204]) by smtp-relay.omnis.com (Postfix) with ESMTP id 0CC951C028; Thu, 29 May 2003 00:14:36 -0700 (PDT) From: Wes Peters Organization: Softweyr To: Barney Wolff Date: Thu, 29 May 2003 00:14:34 -0700 User-Agent: KMail/1.5.2 References: <03f301c324f3$4e683190$faf810ac@sof.procreditbank.bg> <200305280745.10248.wes@softweyr.com> <20030528150033.GA3844@pit.databus.com> In-Reply-To: <20030528150033.GA3844@pit.databus.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200305290014.34182.wes@softweyr.com> cc: Barney Wolff cc: FreeBSD Net cc: Ivailo Tanusheff Subject: Re: Cascading qmail servers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 07:14:37 -0000 On Wednesday 28 May 2003 08:00 am, Barney Wolff wrote: > On Wed, May 28, 2003 at 07:45:10AM -0700, Wes Peters wrote: > > > Don't assume that you can't create an alias for each user. When I > > > worked at a very large NY bank, with well over 100,000 employees, > > > /etc/mail/aliases was that big, and sendmail worked just fine. > > > > In sendmail, you can do domain routing with mailertable. I think you > > can do the same in Postfix with relay_domains. > > The question I thought I was answering was how to make the address > > route to my actual account, > . > > If external correspondents use the sub-domains the problem is easier, > but employees in large orgs move around so often it's impractical. It's also impractical to deliver copies of every message to each of the various offices, leaving thousands and thousands of unread messages for the employees that don't work in each office. This is where directory technologies like LDAP come into play, when you have large user bases. I think this has strayed pretty far from the question that was asked, though, which seemed to me to be a 'mail gateway' attached to the internet at the company HQ that would route to ~3 internal mail servers, delivering the correct accounts to each one. Wasn't that the original question? -- Where am I, and what am I doing in this handbasket? Wes Peters wes@softweyr.com From owner-freebsd-net@FreeBSD.ORG Thu May 29 01:32:57 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A68B037B401; Thu, 29 May 2003 01:32:57 -0700 (PDT) Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 71D2843F75; Thu, 29 May 2003 01:32:51 -0700 (PDT) (envelope-from ru@whale.sunbay.crimea.ua) Received: from whale.sunbay.crimea.ua (ru@localhost [127.0.0.1]) h4T8WUEd052724 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 29 May 2003 11:32:30 +0300 (EEST) (envelope-from ru@whale.sunbay.crimea.ua) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.12.9/8.12.8/Submit) id h4T8WN5r052701; Thu, 29 May 2003 11:32:23 +0300 (EEST) (envelope-from ru) Date: Thu, 29 May 2003 11:32:23 +0300 From: Ruslan Ermilov To: "akanwar@digitarchy.com" , Prafulla Deuskar Message-ID: <20030529083223.GA52253@sunbay.com> References: <63340-22003532823577384@M2W054.mail2web.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="RnlQjJ0d97Da+TV1" Content-Disposition: inline In-Reply-To: <63340-22003532823577384@M2W054.mail2web.com> User-Agent: Mutt/1.5.4i cc: freebsdnic@mailbox.cps.intel.com cc: freebsd-net@FreeBSD.org Subject: Re: gratuitous ARP with em interface. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 08:32:58 -0000 --RnlQjJ0d97Da+TV1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 28, 2003 at 07:57:07PM -0400, akanwar@digitarchy.com wrote: > Hi all, > =20 > Is there a known issue with alias IPs on em interfaces not sending out > gratuitous arps ? >=20 > The situation is as follows: > I am running a custom redundancy daemon that migrates the IP address of a > server from one interface to another in case the active network path fail= s. > Till now I was experimenting with two fxp interfaces and everything worked > perfectly. i.e. when the ip address moved over (using a perl script to run > ifconfig commands) it sent out grat. arps for each of its alias IPs. This > allowed the router to update its Arp table and talk to the newly active > interface. >=20 > Now when I try running the code with em (gigabit Ethernet over copper) > NICs, I simply do not see the gratuitous arps come out of the new interfa= ce. >=20 > I am at a loss to understand what has changed. Could it be that the line > DOWN -> UP time of the em interface is longer thereby causing a loss of > ARPs ? Any suggestions ? >=20 Yes, I can reproduce this too, no gratuitous ARP is sent. Cheers, --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer. --RnlQjJ0d97Da+TV1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+1cWXUkv4P6juNwoRAp2CAJ9/+UGvcS65PByxUOYkJYwoR8ZJMgCdG6NP 1FKPKstk7WQiWlwbRL8QjVs= =JAvd -----END PGP SIGNATURE----- --RnlQjJ0d97Da+TV1-- From owner-freebsd-net@FreeBSD.ORG Thu May 29 04:39:02 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 71ACA37B401; Thu, 29 May 2003 04:39:02 -0700 (PDT) Received: from silver.he.iki.fi (silver.he.iki.fi [193.64.42.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 01C0D43F75; Thu, 29 May 2003 04:39:01 -0700 (PDT) (envelope-from pete@he.iki.fi) Received: from he.iki.fi (localhost.he.iki.fi [127.0.0.1]) by silver.he.iki.fi (8.12.9/8.11.4) with ESMTP id h4TBctk8086758; Thu, 29 May 2003 14:38:57 +0300 (EEST) (envelope-from pete@he.iki.fi) Message-ID: <3ED5F14E.8070205@he.iki.fi> Date: Thu, 29 May 2003 14:38:54 +0300 From: Petri Helenius User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3) Gecko/20030501 X-Accept-Language: English [en],Finnish [fi] MIME-Version: 1.0 To: Ruslan Ermilov References: <63340-22003532823577384@M2W054.mail2web.com> <20030529083223.GA52253@sunbay.com> In-Reply-To: <20030529083223.GA52253@sunbay.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsdnic@mailbox.cps.intel.com cc: "akanwar@digitarchy.com" cc: freebsd-net@freebsd.org Subject: Re: gratuitous ARP with em interface. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 11:39:02 -0000 I haven't looked that deep into why, but em is quite slow on coming up compared to fxp for example. Probably something to do with hardware re-initialization. Pete Ruslan Ermilov wrote: >On Wed, May 28, 2003 at 07:57:07PM -0400, akanwar@digitarchy.com wrote: > > >>Hi all, >> >>Is there a known issue with alias IPs on em interfaces not sending out >>gratuitous arps ? >> >>The situation is as follows: >> I am running a custom redundancy daemon that migrates the IP address of a >>server from one interface to another in case the active network path fails. >>Till now I was experimenting with two fxp interfaces and everything worked >>perfectly. i.e. when the ip address moved over (using a perl script to run >>ifconfig commands) it sent out grat. arps for each of its alias IPs. This >>allowed the router to update its Arp table and talk to the newly active >>interface. >> >>Now when I try running the code with em (gigabit Ethernet over copper) >>NICs, I simply do not see the gratuitous arps come out of the new interface. >> >>I am at a loss to understand what has changed. Could it be that the line >>DOWN -> UP time of the em interface is longer thereby causing a loss of >>ARPs ? Any suggestions ? >> >> >> >Yes, I can reproduce this too, no gratuitous ARP is sent. > > >Cheers, > > From owner-freebsd-net@FreeBSD.ORG Thu May 29 06:16:29 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D4FB937B401 for ; Thu, 29 May 2003 06:16:29 -0700 (PDT) Received: from mailer.cat.co.za (mail.cat.co.za [196.33.33.51]) by mx1.FreeBSD.org (Postfix) with SMTP id D373843F85 for ; Thu, 29 May 2003 06:16:24 -0700 (PDT) (envelope-from bradd@cat.co.za) Received: (qmail 7583 invoked from network); 29 May 2003 13:16:06 -0000 Received: from unknown (HELO 161?DEMO?400) (196.33.33.52) by mail.cat.co.za with SMTP; 29 May 2003 13:16:06 -0000 Content-Type: text/plain; charset="iso-8859-1" From: Brad du Plessis To: freebsd-net@freebsd.org Date: Thu, 29 May 2003 15:10:59 +0200 User-Agent: KMail/1.4.3 References: <200305281743.56089.bradd@cat.co.za> <200305281618.h4SGIqsf049697@khavrinen.lcs.mit.edu> In-Reply-To: <200305281618.h4SGIqsf049697@khavrinen.lcs.mit.edu> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200305291510.59938.bradd@cat.co.za> cc: Garrett Wollman Subject: Re: USB Modem support X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 13:16:30 -0000 How do I find out before I go and buy a usb modem that its going to be=20 detected as a umodem or a ugen device. I assume when its detected as a ug= en=20 then the modem is some type of usb winmodem and its not going to work und= er=20 bsd. Are usb modems with CAPI support always winmodems? Thanks Brad > <= =20 said: > > Where can I get a list of USB modems supported by BSD > > You can't. FreeBSD supports any USB modem that (1) claims in the USB > control protocol to be a modem and (2) doesn't require a firmware > download to make it work. It does not look for specific product > identifiers. > > -GAWollman > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Thu May 29 06:30:01 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4ADFD37B401 for ; Thu, 29 May 2003 06:30:01 -0700 (PDT) Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 104C943FAF for ; Thu, 29 May 2003 06:30:00 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org (12-234-159-107.client.attbi.com[12.234.159.107]) by attbi.com (sccrmhc02) with ESMTP id <2003052913295900200o4m85e>; Thu, 29 May 2003 13:29:59 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.8p1/8.12.3) with ESMTP id h4TDTvki011782; Thu, 29 May 2003 06:29:57 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.8p1/8.12.8/Submit) id h4TDTul9011781; Thu, 29 May 2003 06:29:56 -0700 (PDT) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Thu, 29 May 2003 06:29:55 -0700 From: "Crist J. Clark" To: "JINMEI Tatuya / ?$B?@L@C#:H" Message-ID: <20030529132955.GA51170@blossom.cjclark.org> References: <20030528214822.GB3907@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-URL: http://people.freebsd.org/~cjc/ cc: freebsd-net@freebsd.org Subject: Re: Merging Non-Back-Compatible setkey(8) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: cjclark@alum.mit.edu List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 13:30:01 -0000 On Thu, May 29, 2003 at 01:38:49PM +0900, JINMEI Tatuya / ?$B?@L@C#:H wrote: > >>>>> On Wed, 28 May 2003 14:48:22 -0700, > >>>>> "Crist J. Clark" said: > > > I sent a PR into the KAME guys a few weeks back about an issue with > > setkey(8). The issue is that setkey(8) refers to the NULL encryption > > algorithm by the rather misleading name, 'simple.' I'd hoped they'd > > patch it in a back-compatible way, so that 'simple' still would work, > > but they've just swapped 'simple' for 'null' in the code. > > We (KAME) provided backward compatibility, though the fix warned when > the old name is specified. Our latest code works as follows: > > # /usr/local/v6/sbin/setkey -c << E_O_F > heredoc> add 10.0.0.1 10.0.0.2 esp 123457 -E simple; > heredoc> E_O_F > line 1: WARNING: encryption algorithm is obsoleted. at [simple] > > # /usr/local/v6/sbin/setkey -D | head -10 > 10.0.0.1 10.0.0.2 > esp mode=any spi=123457(0x0001e241) reqid=0(0x00000000) > E: null > seq=0x00000000 replay=0 flags=0x00000040 state=mature > created: May 29 13:37:27 2003 current: May 29 13:37:52 2003 > diff: 25(s) hard: 0(s) soft: 0(s) > last: hard: 0(s) soft: 0(s) > current: 0(bytes) hard: 0(bytes) soft: 0(bytes) > allocated: 0 hard: 0 soft: 0 > sadb_seq=8 pid=14308 refcnt=1 Sorry, I hadn't noticed that the changes were made with a number of separate commits when I reviewed them. Thanks for the good work. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org From owner-freebsd-net@FreeBSD.ORG Thu May 29 06:51:49 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6CA9937B401 for ; Thu, 29 May 2003 06:51:49 -0700 (PDT) Received: from athena.erwane.net (breton.net1.nerim.net [213.41.144.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4B85A43FAF for ; Thu, 29 May 2003 06:51:45 -0700 (PDT) (envelope-from breton@erwane.net) Received: from athena.erwane.net (athena-in [10.1.1.254]) by athena.erwane.net (8.12.9/8.12.6) with SMTP id h4TDph3Q025482 for ; Thu, 29 May 2003 15:51:44 +0200 (CEST) (envelope-from breton@erwane.net) Date: Thu, 29 May 2003 15:51:43 +0200 From: Erwane Breton To: freebsd-net@freebsd.org Message-Id: <20030529155143.2c39326e.breton@erwane.net> Organization: Erwane X-Mailer: Sylpheed version 0.9.0 (GTK+ 1.2.10; i386-portbld-freebsd5.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Collision on NIC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 13:51:49 -0000 Hi, Few weeks ago, i discovered i have collision on my NIC for my Adsl ethernet modem (ed0). After research i found the other FreeBSD box i used, have same problem. Take a look. On my FreeBSD box Network interface status: Name Mtu Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll ed0 1500 00:00:b4:bc:f0:b6 21852457 0 280187344 28530965 7 3906410421 8584 ed0 1500 10/24 10.0.0.254 8 - 384 13 - 632 - xl0 1500 00:50:da:4c:ed:c5 9470610 6 2735351753 13266752 0 2582350504 0 xl0 1500 10.1.1/24 10.1.1.254 6212939 - 2395538679 8600799 - 1389994967 - lo0 16384 513933 0 106611959 513933 0 106611959 0 lo0 16384 your-net localhost 358554 - 78001172 358554 - 78001172 - tun0 1492 21878874 0 4108172057 28557467 0 3406988782 0 tun0 1492 start-213-41- xxxxxxxxx 192029 - 92763765 380021 - 60316512 - Lot of collisions (for 10 days uptime) # ifconfig ed0: flags=8843 mtu 1500 inet 10.0.0.254 netmask 0xffffff00 broadcast 10.0.0.255 ether 00:00:b4:bc:f0:b6 xl0: flags=8843 mtu 1500 options=3 inet 10.1.1.254 netmask 0xffffff00 broadcast 10.1.1.255 ether 00:50:da:4c:ed:c5 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 tun0: flags=8051 mtu 1492 inet xxx.xxx.xxx.xxx --> xx.xx.xx.xx netmask 0xffffff00 Opened by PID 20935 # netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 62.4.16.251 UGSc 153 44612 tun0 10/24 link#1 UC 1 0 ed0 10.0.0.254 00:00:b4:bc:f0:b6 UHLW 0 14 lo0 10.1.1/24 link#2 UC 3 0 xl0 10.1.1.10 00:10:b5:ae:06:da UHLW 10 11844185 xl0 862 10.1.1.254 00:50:da:4c:ed:c5 UHLW 12 162524 lo0 10.1.1.255 ff:ff:ff:ff:ff:ff UHLWb 2 4610 xl0 62.4.16.251 213.41.144.146 UH 151 3820 tun0 127.0.0.1 127.0.0.1 UH 3 410587 lo0 All this route is generate BY FreeBSD. I haven't change anything I think the problem came from here. I have route to 10/24 use ed0 or my network (where other pc is connected (10.1.1.0) is on xl0. Maybe not come from here, i don't know. If someone have idea or same problem, and solution :) Thanks Erwan -- -- From owner-freebsd-net@FreeBSD.ORG Thu May 29 07:46:45 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E77F37B401 for ; Thu, 29 May 2003 07:46:45 -0700 (PDT) Received: from praetor.linc-it.com (hardtime.linuxman.net [66.147.26.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id F24BF43F93 for ; Thu, 29 May 2003 07:46:43 -0700 (PDT) (envelope-from fullermd@over-yonder.net) Received: from mortis.over-yonder.net (adsl-156-171-96.jan.bellsouth.net [66.156.171.96]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by praetor.linc-it.com (Postfix) with ESMTP id 2AA7D15482; Thu, 29 May 2003 09:46:42 -0500 (CDT) Received: by mortis.over-yonder.net (Postfix, from userid 100) id E790620F27; Thu, 29 May 2003 09:46:39 -0500 (CDT) Date: Thu, 29 May 2003 09:46:39 -0500 From: "Matthew D. Fuller" To: Erwane Breton Message-ID: <20030529144639.GI61246@over-yonder.net> References: <20030529155143.2c39326e.breton@erwane.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030529155143.2c39326e.breton@erwane.net> User-Agent: Mutt/1.4i-fullermd.1 X-Editor: vi X-OS: FreeBSD cc: freebsd-net@freebsd.org Subject: Re: Collision on NIC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 14:46:45 -0000 On Thu, May 29, 2003 at 03:51:43PM +0200 I heard the voice of Erwane Breton, and lo! it spake thus: > > On my FreeBSD box > Network interface status: > Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll > 21852457 0 280187344 28530965 7 3906410421 8584 > Lot of collisions (for 10 days uptime) > > If someone have idea or same problem, and solution :) Well, I don't see the problem. My math says that that's .03% collision rate, which is so deep in the noise as to be practically zero. What do you _think_ it should be? -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet" From owner-freebsd-net@FreeBSD.ORG Thu May 29 08:17:36 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C451137B401 for ; Thu, 29 May 2003 08:17:36 -0700 (PDT) Received: from mailout01.sul.t-online.com (mailout01.sul.t-online.com [194.25.134.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id D956343F93 for ; Thu, 29 May 2003 08:17:34 -0700 (PDT) (envelope-from hm@kts.org) Received: from fwd07.sul.t-online.de by mailout01.sul.t-online.com with smtp id 19LP9i-00016V-08; Thu, 29 May 2003 17:17:26 +0200 Received: from ernie.kts.org (520021727764-0001@[217.227.32.201]) by fmrl07.sul.t-online.com with esmtp id 19LP9c-0QC2qWC; Thu, 29 May 2003 17:17:20 +0200 Received: from bert.int.kts.org (bert.int.kts.org [172.31.42.2]) by ernie.kts.org (Postfix) with ESMTP id 6C90EFDA3; Thu, 29 May 2003 17:17:19 +0200 (CEST) Received: by bert.int.kts.org (Postfix, from userid 100) id 52393A4; Thu, 29 May 2003 17:17:19 +0200 (CEST) In-Reply-To: <200305291510.59938.bradd@cat.co.za> To: Brad du Plessis Date: Thu, 29 May 2003 17:17:19 +0200 (CEST) Organization: Kitchen Table Systems X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <20030529151719.52393A4@bert.int.kts.org> From: hm@kts.org (Hellmuth Michaelis) X-Sender: 520021727764-0001@t-dialin.net cc: freebsd-net@freebsd.org Subject: Re: USB Modem support X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hellmuth.michaelis@t-online.de List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 15:17:37 -0000 Brad du Plessis wrote: > How do I find out before I go and buy a usb modem that its going to be > detected as a umodem or a ugen device. Take your notebook to the USB-dealer :-) and ask if you can connect the thingie to test it. > Are usb modems with CAPI support always winmodems? You mix things up. A modem (MOdulator / DEModulator) is a piece of hardware usually interfacing a RS232 serial line to a telephone line. The data from the serial line is converted into tones sent over the phone line which are decoded back to computer data on the remote end. The call control is usually done in-band by using the the Hayes AT-protocol. As Garret said, an USB modem is a device that claims in the USB control protocol to be a modem ( = RS232 is replaced by the USB). CAPI is an application programming interface for ISDN applications interfacing to some (PCI / ISA / USB / whatever) hardware device(s) (and it is also used for other communication stuff like X.25 etc.) There is NO such thing which is commonly called "ISDN modem". A winmodem is a little bit of hardware / silicon which perhaps is going to look like a modem when it is used by some proprietary binary-only software (= libraries = RS232 is replaced by some software which makes the silicon virtually look like a RS232 connector). I have no idea if you get this type of s**t with a USB interface ... (and in case you would get it, i think that the USB would be used to exchange highly propietary and undocumented data to interface the silicon to the software library). hellmuth -- Hellmuth Michaelis Hamburg, Europe hm\at\kts.org www.kts.org a duck is like a bicycle because they both have two wheels except the duck (tl) From owner-freebsd-net@FreeBSD.ORG Thu May 29 08:23:14 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B55F37B401 for ; Thu, 29 May 2003 08:23:14 -0700 (PDT) Received: from silver.he.iki.fi (silver.he.iki.fi [193.64.42.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 22DCC43F75 for ; Thu, 29 May 2003 08:23:13 -0700 (PDT) (envelope-from pete@he.iki.fi) Received: from PETEX31 (h81.vuokselantie10.fi [193.64.42.129]) by silver.he.iki.fi (8.12.9/8.11.4) with SMTP id h4TFN0k8088443; Thu, 29 May 2003 18:23:00 +0300 (EEST) (envelope-from pete@he.iki.fi) Message-ID: <004b01c325f6$2c5cfd20$812a40c1@PETEX31> From: "Petri Helenius" To: "Matthew D. Fuller" , "Erwane Breton" References: <20030529155143.2c39326e.breton@erwane.net> <20030529144639.GI61246@over-yonder.net> Date: Thu, 29 May 2003 18:18:26 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 cc: freebsd-net@freebsd.org Subject: Re: Collision on NIC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 15:23:14 -0000 > > Well, I don't see the problem. > > My math says that that's .03% collision rate, which is so deep in the > noise as to be practically zero. What do you _think_ it should be? > Even Mr. Inventor of the ethernet himself regrets calling them collisions because that term has a bad ring people unfamiliar with the technological detail. Pete From owner-freebsd-net@FreeBSD.ORG Thu May 29 08:31:32 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F2E437B401; Thu, 29 May 2003 08:31:32 -0700 (PDT) Received: from mail.redlinenetworks.com (mail.redlinenetworks.com [216.136.145.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id 79E8C43FAF; Thu, 29 May 2003 08:31:31 -0700 (PDT) (envelope-from sreekanth@redlinenetworks.com) Received: from SREELAPTOP (dhcp-174.redlinenetworks.com [192.168.40.174]) h4TFVUM11167; Thu, 29 May 2003 08:31:30 -0700 (PDT) (envelope-from sreekanth@redlinenetworks.com) From: "Sreekanth" To: "'Petri Helenius'" , "'Ruslan Ermilov'" Date: Thu, 29 May 2003 08:31:29 -0700 Message-ID: <001101c325f7$607b29a0$ae28a8c0@SREELAPTOP> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 In-Reply-To: <3ED5F14E.8070205@he.iki.fi> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal cc: freebsdnic@mailbox.cps.intel.com cc: freebsd-net@freebsd.org cc: akanwar@digitarchy.com Subject: RE: gratuitous ARP with em interface. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 15:31:32 -0000 Could be attributed to the spanning tree in the switch.I have seen it happening(especially with cisco switches).I bet you are not able to send out any packet(Not just Garp). Sreekanth > -----Original Message----- > From: owner-freebsd-net@freebsd.org > [mailto:owner-freebsd-net@freebsd.org] On Behalf Of Petri Helenius > Sent: Thursday, May 29, 2003 4:39 AM > To: Ruslan Ermilov > Cc: freebsdnic@mailbox.cps.intel.com; akanwar@digitarchy.com; > freebsd-net@freebsd.org > Subject: Re: gratuitous ARP with em interface. > > > > I haven't looked that deep into why, but em is quite slow on > coming up > compared to > fxp for example. Probably something to do with hardware > re-initialization. > > Pete > > > Ruslan Ermilov wrote: > > >On Wed, May 28, 2003 at 07:57:07PM -0400, > akanwar@digitarchy.com wrote: > > > > > >>Hi all, > >> > >>Is there a known issue with alias IPs on em interfaces not > sending out > >>gratuitous arps ? > >> > >>The situation is as follows: > >> I am running a custom redundancy daemon that migrates the > IP address > >>of a server from one interface to another in case the > active network > >>path fails. Till now I was experimenting with two fxp > interfaces and > >>everything worked perfectly. i.e. when the ip address moved over > >>(using a perl script to run ifconfig commands) it sent out > grat. arps > >>for each of its alias IPs. This allowed the router to > update its Arp > >>table and talk to the newly active interface. > >> > >>Now when I try running the code with em (gigabit Ethernet > over copper) > >>NICs, I simply do not see the gratuitous arps come out of the new > >>interface. > >> > >>I am at a loss to understand what has changed. Could it be that the > >>line DOWN -> UP time of the em interface is longer thereby > causing a > >>loss of ARPs ? Any suggestions ? > >> > >> > >> > >Yes, I can reproduce this too, no gratuitous ARP is sent. > > > > > >Cheers, > > > > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/free> bsd-net > To > unsubscribe, send any mail to > "freebsd-net-unsubscribe@freebsd.org" > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003 > > From owner-freebsd-net@FreeBSD.ORG Thu May 29 09:01:22 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DCB0537B401 for ; Thu, 29 May 2003 09:01:22 -0700 (PDT) Received: from wall.polstra.com (wall-gw.polstra.com [206.213.73.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0BBB743FA3 for ; Thu, 29 May 2003 09:01:22 -0700 (PDT) (envelope-from jdp@polstra.com) Received: from strings.polstra.com (strings.polstra.com [206.213.73.20]) by wall.polstra.com (8.12.3p2/8.12.3) with ESMTP id h4TG1KuA015894 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 29 May 2003 09:01:21 -0700 (PDT) (envelope-from jdp@strings.polstra.com) Received: (from jdp@localhost) by strings.polstra.com (8.12.6/8.12.6/Submit) id h4TG1KxY072360; Thu, 29 May 2003 09:01:20 -0700 (PDT) (envelope-from jdp) Date: Thu, 29 May 2003 09:01:20 -0700 (PDT) Message-Id: <200305291601.h4TG1KxY072360@strings.polstra.com> To: net@freebsd.org From: John Polstra In-Reply-To: <3ED5F14E.8070205@he.iki.fi> References: <63340-22003532823577384@M2W054.mail2web.com> <20030529083223.GA52253@sunbay.com> <3ED5F14E.8070205@he.iki.fi> Organization: Polstra & Co., Seattle, WA X-Bogosity: No, tests=bogofilter, spamicity=0.499995, version=0.11.2 Subject: Re: gratuitous ARP with em interface. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 16:01:23 -0000 In article <3ED5F14E.8070205@he.iki.fi>, Petri Helenius wrote: > I haven't looked that deep into why, but em is quite slow on coming > up compared to fxp for example. Probably something to do with > hardware re-initialization. I haven't tried this, but I think the problem would go away if you changed WAIT_FOR_AUTO_NEG_DEFAULT to 0 in "if_em.h". John -- John Polstra John D. Polstra & Co., Inc. Seattle, Washington USA "Two buttocks cannot avoid friction." -- Malawi saying From owner-freebsd-net@FreeBSD.ORG Thu May 29 09:08:08 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1F39537B401 for ; Thu, 29 May 2003 09:08:08 -0700 (PDT) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A47F43F93 for ; Thu, 29 May 2003 09:08:06 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: from khavrinen.lcs.mit.edu (localhost [IPv6:::1]) by khavrinen.lcs.mit.edu (8.12.9/8.12.9) with ESMTP id h4TG7vVo061947 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 29 May 2003 12:07:58 -0400 (EDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.12.9/8.12.9/Submit) id h4TG7sPK061944; Thu, 29 May 2003 12:07:54 -0400 (EDT) (envelope-from wollman) Date: Thu, 29 May 2003 12:07:54 -0400 (EDT) From: Garrett Wollman Message-Id: <200305291607.h4TG7sPK061944@khavrinen.lcs.mit.edu> To: Brad du Plessis In-Reply-To: <200305291510.59938.bradd@cat.co.za> References: <200305281743.56089.bradd@cat.co.za> <200305281618.h4SGIqsf049697@khavrinen.lcs.mit.edu> <200305291510.59938.bradd@cat.co.za> X-Spam-Score: -19.8 () IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang) cc: freebsd-net@freebsd.org Subject: Re: USB Modem support X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 16:08:08 -0000 < said: > How do I find out before I go and buy a usb modem that its going to be > detected as a umodem or a ugen device. A priori, you can't. Looking in the Macintosh section will usually assure you of getting something that is not Windows-specific, although this is not a sufficient condition. I bought one that worked; I think it was a D-Link (it's at home right now and I'm not). -GAWollman PS: Suggest you learn to format your followups properly. From owner-freebsd-net@FreeBSD.ORG Thu May 29 09:15:54 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A373637B401; Thu, 29 May 2003 09:15:54 -0700 (PDT) Received: from hindon.hss.co.in (hindon.hss.co.in [202.54.26.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id E5E9F43F85; Thu, 29 May 2003 09:15:48 -0700 (PDT) (envelope-from mvsjetti@hss.hns.com) Received: from hindon.hss.co.in (localhost [127.0.0.1]) by hindon.hss.co.in (8.10.0/8.10.0) with ESMTP id h4TGDJP11852; Thu, 29 May 2003 21:43:19 +0530 (IST) Received: from ultra.hss.co.in (ultra [192.168.100.5]) by hindon.hss.co.in (8.10.0/8.10.0) with ESMTP id h4TGDE911843; Thu, 29 May 2003 21:43:14 +0530 (IST) Received: from sandesh.hss.hns.com (localhost [127.0.0.1]) by ultra.hss.co.in (8.10.0/8.10.0) with ESMTP id h4TGGYh04949; Thu, 29 May 2003 21:46:34 +0530 (IST) Sensitivity: To: "Sreekanth" From: mvsjetti@hss.hns.com Date: Thu, 29 May 2003 21:47:07 +0530 Message-ID: X-MIMETrack: Serialize by Router on Sandesh/HSS(Release 6.0|September 26, 2002) at 29/05/2003 09:40:50 PM MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII cc: freebsdnic@mailbox.cps.intel.com cc: freebsd-net@freebsd.org cc: akanwar@digitarchy.com Subject: RE: gratuitous ARP with em interface. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 16:15:55 -0000 hi, I had checked the kernel code of the freeBsd. In case of fxp port " fxp_ether_ioctl" fucntional will be called when we add a new address to an interface(using the if_ioctl pointer from the in_ifinit fucntion). And this fuction will inturn call the arp_ifinit fucntion which sends the gratituos ARP. I am not able to find this kind of fucntionality for em. I am not the sure whether the code i am having was incomplete or some fucntonality was missing in the implementation. This may be the case of incomplete intitlaization( if_ioctl of the ifp may not be initlized properly). If u can do kernel debugging put break point at the "arp_ifinit" and verify if this was getting called or not.................. cheers, mahesh "Sreekanth" @freebsd.org on 29/05/2003 21:01:29 Sent by: owner-freebsd-net@freebsd.org To: "'Petri Helenius'" , "'Ruslan Ermilov'" cc: freebsdnic@mailbox.cps.intel.com, freebsd-net@freebsd.org, akanwar@digitarchy.com Subject: RE: gratuitous ARP with em interface. Could be attributed to the spanning tree in the switch.I have seen it happening(especially with cisco switches).I bet you are not able to send out any packet(Not just Garp). Sreekanth > -----Original Message----- > From: owner-freebsd-net@freebsd.org > [mailto:owner-freebsd-net@freebsd.org] On Behalf Of Petri Helenius > Sent: Thursday, May 29, 2003 4:39 AM > To: Ruslan Ermilov > Cc: freebsdnic@mailbox.cps.intel.com; akanwar@digitarchy.com; > freebsd-net@freebsd.org > Subject: Re: gratuitous ARP with em interface. > > > > I haven't looked that deep into why, but em is quite slow on > coming up > compared to > fxp for example. Probably something to do with hardware > re-initialization. > > Pete > > > Ruslan Ermilov wrote: > > >On Wed, May 28, 2003 at 07:57:07PM -0400, > akanwar@digitarchy.com wrote: > > > > > >>Hi all, > >> > >>Is there a known issue with alias IPs on em interfaces not > sending out > >>gratuitous arps ? > >> > >>The situation is as follows: > >> I am running a custom redundancy daemon that migrates the > IP address > >>of a server from one interface to another in case the > active network > >>path fails. Till now I was experimenting with two fxp > interfaces and > >>everything worked perfectly. i.e. when the ip address moved over > >>(using a perl script to run ifconfig commands) it sent out > grat. arps > >>for each of its alias IPs. This allowed the router to > update its Arp > >>table and talk to the newly active interface. > >> > >>Now when I try running the code with em (gigabit Ethernet > over copper) > >>NICs, I simply do not see the gratuitous arps come out of the new > >>interface. > >> > >>I am at a loss to understand what has changed. Could it be that the > >>line DOWN -> UP time of the em interface is longer thereby > causing a > >>loss of ARPs ? Any suggestions ? > >> > >> > >> > >Yes, I can reproduce this too, no gratuitous ARP is sent. > > > > > >Cheers, > > > > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/free> bsd-net > To > unsubscribe, send any mail to > "freebsd-net-unsubscribe@freebsd.org" > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003 > > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Thu May 29 09:23:12 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E0EE337B401 for ; Thu, 29 May 2003 09:23:11 -0700 (PDT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 13A1943F85 for ; Thu, 29 May 2003 09:23:11 -0700 (PDT) (envelope-from sloach@SANDVINE.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19) id ; Thu, 29 May 2003 12:23:10 -0400 Message-ID: From: Scot Loach To: "'freebsd-net@freebsd.org'" Date: Thu, 29 May 2003 12:23:06 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Subject: Socket option to get dst port X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 16:23:12 -0000 When a UDP packet is read from a socket, the userland program can get the destination IP address by using the IP_RECVDSTADDR socket option. This returns the destination address as ancillary data in the msg_control member of the msghdr structure passed to recvmsg(). I needed a way to get the destination port for UDP packets that were forwarded to a local UDP port using ipfw, with the "fwd" option. There doesn't seem to be any way to get this information currently. I added a IP_RECVDSTPORT socket option for this purpose. Unfortunately I had to add the control mbuf within udp_input() instead of within ip_savecontrol() since that's the only place I have the UDP header. Patch to 4.7 is below. Please let me know if you see any problems with it. If this is generally useful, it could be committed. Index: in.h =================================================================== RCS file: /usr/cvs/src/sys/netinet/in.h,v retrieving revision 1.48.2.9 diff -U3 -r1.48.2.9 in.h --- in.h 1 Dec 2002 14:03:10 -0000 1.48.2.9 +++ in.h 29 May 2003 15:56:19 -0000 @@ -333,6 +333,8 @@ #define IP_DUMMYNET_FLUSH 62 /* flush dummynet */ #define IP_DUMMYNET_GET 64 /* get entire dummynet pipes */ +#define IP_RECVDSTPORT 80 /* bool; receive IP dst port w/dgram */ + /* * Defaults and limits for options */ Index: in_pcb.h =================================================================== RCS file: /usr/cvs/src/sys/netinet/in_pcb.h,v retrieving revision 1.32.2.6 diff -U3 -r1.32.2.6 in_pcb.h --- in_pcb.h 29 Jul 2002 18:56:37 -0000 1.32.2.6 +++ in_pcb.h 29 May 2003 15:56:13 -0000 @@ -273,8 +273,10 @@ #define IN6P_RTHDRDSTOPTS 0x200000 /* receive dstoptions before rt hdr */ #define IN6P_AUTOFLOWLABEL 0x800000 /* attach flowlabel automatically */ +#define INP_RECVDSTPORT 0x01000000 /* receive UDP dst port */ + #define INP_CONTROLOPTS (INP_RECVOPTS|INP_RECVRETOPTS|INP_RECVDS TADDR|\ - INP_RECVIF|\ + INP_RECVIF| INP_RECVDSTPORT |\ IN6P_PKTINFO|IN6P_HOPLIMIT|IN6P_HOPOPTS|\ IN6P_DSTOPTS|IN6P_RTHDR|IN6P_RTHDRDSTOPTS|\ IN6P_AUTOFLOWLABEL) Index: ip_output.c =================================================================== RCS file: /usr/cvs/src/sys/netinet/ip_output.c,v retrieving revision 1.99.2.31 diff -U3 -r1.99.2.31 ip_output.c --- ip_output.c 12 Jul 2002 22:14:12 -0000 1.99.2.31 +++ ip_output.c 28 May 2003 19:32:57 -0000 @@ -1181,6 +1181,7 @@ case IP_RECVOPTS: case IP_RECVRETOPTS: case IP_RECVDSTADDR: + case IP_RECVDSTPORT: case IP_RECVIF: case IP_FAITH: error = sooptcopyin(sopt, &optval, sizeof optval, @@ -1213,6 +1214,10 @@ case IP_RECVDSTADDR: OPTSET(INP_RECVDSTADDR); break; + + case IP_RECVDSTPORT: + OPTSET(INP_RECVDSTPORT); + break; case IP_RECVIF: OPTSET(INP_RECVIF); Index: udp_usrreq.c =================================================================== RCS file: /usr/cvs/src/sys/netinet/udp_usrreq.c,v retrieving revision 1.64.2.16.1000.2 diff -U3 -r1.64.2.16.1000.2 udp_usrreq.c --- udp_usrreq.c 27 Jan 2003 16:38:06 -0000 1.64.2.16.1000.2 +++ udp_usrreq.c 29 May 2003 15:55:24 -0000 @@ -450,7 +450,18 @@ inp->inp_flags = savedflags; } else #endif - ip_savecontrol(inp, &opts, ip, m); + { + ip_savecontrol(inp, &opts, ip, m); + if (inp->inp_flags & INP_RECVDSTPORT) { + struct mbuf **mp = &opts; + while (*mp) { + mp = &(*mp)->m_next; + } + *mp = sbcreatecontrol((caddr_t) &uh->uh_dport, + sizeof(u_int16_t), IP_RECVDSTPORT, + IPPROTO_IP); + } + } } m_adj(m, iphlen + sizeof(struct udphdr)); #ifdef INET6 From owner-freebsd-net@FreeBSD.ORG Thu May 29 09:36:30 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4CB7137B401; Thu, 29 May 2003 09:36:30 -0700 (PDT) Received: from mail.redlinenetworks.com (mail.redlinenetworks.com [216.136.145.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6EF9043F3F; Thu, 29 May 2003 09:36:29 -0700 (PDT) (envelope-from sreekanth@redlinenetworks.com) Received: from SREELAPTOP (dhcp-174.redlinenetworks.com [192.168.40.174]) h4TGaSM21270; Thu, 29 May 2003 09:36:28 -0700 (PDT) (envelope-from sreekanth@redlinenetworks.com) From: "Sreekanth" To: Date: Thu, 29 May 2003 09:36:27 -0700 Message-ID: <000001c32600$73ca2930$ae28a8c0@SREELAPTOP> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 cc: freebsdnic@mailbox.cps.intel.com cc: freebsd-net@freebsd.org cc: akanwar@digitarchy.com Subject: RE: gratuitous ARP with em interface. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 16:36:30 -0000 em_ioctl() has a call to ether_ioctl() which in turn calls arp_ifinit(). Sreekanth > -----Original Message----- > From: mvsjetti@hss.hns.com [mailto:mvsjetti@hss.hns.com] > Sent: Thursday, May 29, 2003 9:17 AM > To: Sreekanth > Cc: 'Petri Helenius'; 'Ruslan Ermilov'; > freebsdnic@mailbox.cps.intel.com; freebsd-net@freebsd.org; > akanwar@digitarchy.com > Subject: RE: gratuitous ARP with em interface. > > > > > > > > hi, > I had checked the kernel code of the freeBsd. In case of fxp > port " fxp_ether_ioctl" fucntional will be called when we add > a new address to an interface(using the if_ioctl pointer from > the in_ifinit fucntion). And this fuction will inturn call > the arp_ifinit fucntion which sends the gratituos ARP. I am > not able to find this kind of fucntionality for em. I am not > the sure whether the code i am having was incomplete or some > fucntonality was missing in the implementation. This may be > the case of incomplete intitlaization( if_ioctl of the ifp > may not be initlized properly). > > If u can do kernel debugging put break point at the > "arp_ifinit" and verify if this was getting called or > not.................. cheers, mahesh > > > > > "Sreekanth" @freebsd.org on > 29/05/2003 21:01:29 > > Sent by: owner-freebsd-net@freebsd.org > > > To: "'Petri Helenius'" , "'Ruslan Ermilov'" > > cc: freebsdnic@mailbox.cps.intel.com, freebsd-net@freebsd.org, > akanwar@digitarchy.com > > Subject: RE: gratuitous ARP with em interface. > > > Could be attributed to the spanning tree in the switch.I have > seen it happening(especially with cisco switches).I bet you > are not able to send out any packet(Not just Garp). > > Sreekanth > > > -----Original Message----- > > From: owner-freebsd-net@freebsd.org > > [mailto:owner-freebsd-net@freebsd.org] On Behalf Of Petri Helenius > > Sent: Thursday, May 29, 2003 4:39 AM > > To: Ruslan Ermilov > > Cc: freebsdnic@mailbox.cps.intel.com; akanwar@digitarchy.com; > > freebsd-net@freebsd.org > > Subject: Re: gratuitous ARP with em interface. > > > > > > > > I haven't looked that deep into why, but em is quite slow > on coming up > > compared to > > fxp for example. Probably something to do with hardware > > re-initialization. > > > > Pete > > > > > > Ruslan Ermilov wrote: > > > > >On Wed, May 28, 2003 at 07:57:07PM -0400, > > akanwar@digitarchy.com wrote: > > > > > > > > >>Hi all, > > >> > > >>Is there a known issue with alias IPs on em interfaces not > > sending out > > >>gratuitous arps ? > > >> > > >>The situation is as follows: > > >> I am running a custom redundancy daemon that migrates the > > IP address > > >>of a server from one interface to another in case the > > active network > > >>path fails. Till now I was experimenting with two fxp > > interfaces and > > >>everything worked perfectly. i.e. when the ip address moved over > > >>(using a perl script to run ifconfig commands) it sent out > > grat. arps > > >>for each of its alias IPs. This allowed the router to > > update its Arp > > >>table and talk to the newly active interface. > > >> > > >>Now when I try running the code with em (gigabit Ethernet > > over copper) > > >>NICs, I simply do not see the gratuitous arps come out of the new > > >>interface. > > >> > > >>I am at a loss to understand what has changed. Could it > be that the > > >>line DOWN -> UP time of the em interface is longer thereby > > causing a > > >>loss of ARPs ? Any suggestions ? > > >> > > >> > > >> > > >Yes, I can reproduce this too, no gratuitous ARP is sent. > > > > > > > > >Cheers, > > > > > > > > > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/free> bsd-net To > > unsubscribe, send any mail to > > "freebsd-net-unsubscribe@freebsd.org" > > > > --- > > Incoming mail is certified Virus Free. > > Checked by AVG anti-virus system (http://www.grisoft.com). > > Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003 > > > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/free> bsd-net > To > unsubscribe, send any mail to > "freebsd-net-unsubscribe@freebsd.org" > > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003 > > From owner-freebsd-net@FreeBSD.ORG Thu May 29 10:25:01 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A40C37B401 for ; Thu, 29 May 2003 10:25:01 -0700 (PDT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6375943F75 for ; Thu, 29 May 2003 10:25:00 -0700 (PDT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.9/8.12.9) with ESMTP id h4THOx9r018405; Thu, 29 May 2003 13:24:59 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9/8.12.9/Submit) id h4THOvdF018404; Thu, 29 May 2003 13:24:57 -0400 (EDT) Date: Thu, 29 May 2003 13:24:57 -0400 From: Barney Wolff To: Wes Peters Message-ID: <20030529172457.GA18329@pit.databus.com> References: <03f301c324f3$4e683190$faf810ac@sof.procreditbank.bg> <200305280745.10248.wes@softweyr.com> <20030528150033.GA3844@pit.databus.com> <200305290014.34182.wes@softweyr.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200305290014.34182.wes@softweyr.com> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang) cc: FreeBSD Net cc: Ivailo Tanusheff Subject: Re: Cascading qmail servers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 17:25:01 -0000 On Thu, May 29, 2003 at 12:14:34AM -0700, Wes Peters wrote: > On Wednesday 28 May 2003 08:00 am, Barney Wolff wrote: > > On Wed, May 28, 2003 at 07:45:10AM -0700, Wes Peters wrote: > > > > Don't assume that you can't create an alias for each user. When I > > > > worked at a very large NY bank, with well over 100,000 employees, > > > > /etc/mail/aliases was that big, and sendmail worked just fine. > > > > > > In sendmail, you can do domain routing with mailertable. I think you > > > can do the same in Postfix with relay_domains. > > > > The question I thought I was answering was how to make the address > > > > route to my actual account, > > . > > > > If external correspondents use the sub-domains the problem is easier, > > but employees in large orgs move around so often it's impractical. > > It's also impractical to deliver copies of every message to each of the > various offices, leaving thousands and thousands of unread messages for > the employees that don't work in each office. > > This is where directory technologies like LDAP come into play, when you > have large user bases. I think this has strayed pretty far from the > question that was asked, though, which seemed to me to be a 'mail > gateway' attached to the internet at the company HQ that would route to > ~3 internal mail servers, delivering the correct accounts to each one. > Wasn't that the original question? You can try a fancy solution with LDAP, yes. Or you can just have an /etc/mail/aliases with a line for each employee. All I'm saying is that this simpleminded solution actually worked, even for one of the largest corps in the world. Of course the alias file was not hand-edited, but derived from the HR database, daily. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Thu May 29 12:22:19 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C19D37B401 for ; Thu, 29 May 2003 12:22:19 -0700 (PDT) Received: from mail.redlinenetworks.com (mail.redlinenetworks.com [216.136.145.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id D23C143F3F for ; Thu, 29 May 2003 12:22:18 -0700 (PDT) (envelope-from sreekanth@redlinenetworks.com) Received: from SREELAPTOP (dhcp-174.redlinenetworks.com [192.168.40.174]) by mail.redlinenetworks.com (8.11.6/8.11.1) with ESMTP id h4TJMHM48854 for ; Thu, 29 May 2003 12:22:18 -0700 (PDT) (envelope-from sreekanth@redlinenetworks.com) From: "Sreekanth" To: Date: Thu, 29 May 2003 12:22:17 -0700 Message-ID: <000701c32617$9e7c5ec0$ae28a8c0@SREELAPTOP> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 In-Reply-To: <000001c32600$73ca2930$ae28a8c0@SREELAPTOP> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: RE: gratuitous ARP with em interface. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 19:22:19 -0000 A related topic.Whenever an alias gets added to the interface, the interface is reset.In my opinion this is uncalled for.The Interface should be reset only when adding the first Ip address.As far as interface is concerned Adding an IP address has no effect,except in the first instance.My suggestion is to use the flags IFF_RUNNING|IFF_OACTIVE to decide if we want to reset the interface again. Comments..? Sreekanth > -----Original Message----- > From: owner-freebsd-net@freebsd.org > [mailto:owner-freebsd-net@freebsd.org] On Behalf Of Sreekanth > Sent: Thursday, May 29, 2003 9:36 AM > To: mvsjetti@hss.hns.com > Cc: freebsdnic@mailbox.cps.intel.com; > freebsd-net@freebsd.org; akanwar@digitarchy.com > Subject: RE: gratuitous ARP with em interface. > > > em_ioctl() has a call to ether_ioctl() which in turn calls > arp_ifinit(). > > Sreekanth > > > -----Original Message----- > > From: mvsjetti@hss.hns.com [mailto:mvsjetti@hss.hns.com] > > Sent: Thursday, May 29, 2003 9:17 AM > > To: Sreekanth > > Cc: 'Petri Helenius'; 'Ruslan Ermilov'; > > freebsdnic@mailbox.cps.intel.com; freebsd-net@freebsd.org; > > akanwar@digitarchy.com > > Subject: RE: gratuitous ARP with em interface. > > > > > > > > > > > > > > > > hi, > > I had checked the kernel code of the freeBsd. In case of fxp > > port " fxp_ether_ioctl" fucntional will be called when we add > > a new address to an interface(using the if_ioctl pointer from > > the in_ifinit fucntion). And this fuction will inturn call > > the arp_ifinit fucntion which sends the gratituos ARP. I am > > not able to find this kind of fucntionality for em. I am not > > the sure whether the code i am having was incomplete or some > > fucntonality was missing in the implementation. This may be > > the case of incomplete intitlaization( if_ioctl of the ifp > > may not be initlized properly). > > > > If u can do kernel debugging put break point at the > > "arp_ifinit" and verify if this was getting called or > > not.................. cheers, mahesh > > > > > > > > > > "Sreekanth" @freebsd.org on > > 29/05/2003 21:01:29 > > > > Sent by: owner-freebsd-net@freebsd.org > > > > > > To: "'Petri Helenius'" , "'Ruslan Ermilov'" > > > > cc: freebsdnic@mailbox.cps.intel.com, freebsd-net@freebsd.org, > > akanwar@digitarchy.com > > > > Subject: RE: gratuitous ARP with em interface. > > > > > > Could be attributed to the spanning tree in the switch.I have > > seen it happening(especially with cisco switches).I bet you > > are not able to send out any packet(Not just Garp). > > > > Sreekanth > > > > > -----Original Message----- > > > From: owner-freebsd-net@freebsd.org > > > [mailto:owner-freebsd-net@freebsd.org] On Behalf Of Petri Helenius > > > Sent: Thursday, May 29, 2003 4:39 AM > > > To: Ruslan Ermilov > > > Cc: freebsdnic@mailbox.cps.intel.com; akanwar@digitarchy.com; > > > freebsd-net@freebsd.org > > > Subject: Re: gratuitous ARP with em interface. > > > > > > > > > > > > I haven't looked that deep into why, but em is quite slow > > on coming up > > > compared to > > > fxp for example. Probably something to do with hardware > > > re-initialization. > > > > > > Pete > > > > > > > > > Ruslan Ermilov wrote: > > > > > > >On Wed, May 28, 2003 at 07:57:07PM -0400, > > > akanwar@digitarchy.com wrote: > > > > > > > > > > > >>Hi all, > > > >> > > > >>Is there a known issue with alias IPs on em interfaces not > > > sending out > > > >>gratuitous arps ? > > > >> > > > >>The situation is as follows: > > > >> I am running a custom redundancy daemon that migrates the > > > IP address > > > >>of a server from one interface to another in case the > > > active network > > > >>path fails. Till now I was experimenting with two fxp > > > interfaces and > > > >>everything worked perfectly. i.e. when the ip address moved over > > > >>(using a perl script to run ifconfig commands) it sent out > > > grat. arps > > > >>for each of its alias IPs. This allowed the router to > > > update its Arp > > > >>table and talk to the newly active interface. > > > >> > > > >>Now when I try running the code with em (gigabit Ethernet > > > over copper) > > > >>NICs, I simply do not see the gratuitous arps come out > of the new > > > >>interface. > > > >> > > > >>I am at a loss to understand what has changed. Could it > > be that the > > > >>line DOWN -> UP time of the em interface is longer thereby > > > causing a > > > >>loss of ARPs ? Any suggestions ? > > > >> > > > >> > > > >> > > > >Yes, I can reproduce this too, no gratuitous ARP is sent. > > > > > > > > > > > >Cheers, > > > > > > > > > > > > > > > > > _______________________________________________ > > > freebsd-net@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/free> bsd-net To > > > unsubscribe, send any mail to > > > "freebsd-net-unsubscribe@freebsd.org" > > > > > > --- > > > Incoming mail is certified Virus Free. > > > Checked by AVG anti-virus system (http://www.grisoft.com). > > > Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003 > > > > > > > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/free> bsd-net > > To > > unsubscribe, send any mail to > > "freebsd-net-unsubscribe@freebsd.org" > > > > > > --- > > Incoming mail is certified Virus Free. > > Checked by AVG anti-virus system (http://www.grisoft.com). > > Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003 > > > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/free> bsd-net > To > unsubscribe, send any mail to > "freebsd-net-unsubscribe@freebsd.org" > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003 > > From owner-freebsd-net@FreeBSD.ORG Thu May 29 15:16:08 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2192C37B401 for ; Thu, 29 May 2003 15:16:08 -0700 (PDT) Received: from ints.mail.pike.ru (ints.mail.pike.ru [195.9.45.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 88DDD43F85 for ; Thu, 29 May 2003 15:16:06 -0700 (PDT) (envelope-from babolo@cicuta.babolo.ru) Received: (qmail 43610 invoked from network); 29 May 2003 22:36:39 -0000 Received: from babolo.ru (HELO me) (194.58.226.160) by ints.mail.pike.ru with SMTP; 29 May 2003 22:36:39 -0000 Received: (nullmailer pid 6874 invoked by uid 136); Thu, 29 May 2003 22:19:47 -0000 X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1 In-Reply-To: <20030528045154.GA95572@mail.it.ca> To: Paul Chvostek Date: Fri, 30 May 2003 02:19:47 +0400 (MSD) From: "."@babolo.ru X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <1054246787.649875.6873.nullmailer@cicuta.babolo.ru> cc: freebsd-net@freebsd.org Subject: Re: ipfw rules vs routes to localhost? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 22:16:08 -0000 > I'm considering: > > ipfw add N deny ip from a.b.c.d to any > > vs. > > route add -host a.b.c.d localhost > > I need to block traffic to a number of IP addresses. I thought I'd use > ipfw to avoid things like UDP DNS lookups that might come in ant take up > resources while my system tried to respond, but it's been suggested on > another list that setting routes to localhost will use less resources. > Ideally, I'd like to be able to block a few tens of thousands of IPs. > > What's the scoop? ipfw with huge list works slow. Dont try huge route tables. use in kernel: pseudo-device disc #Discard device (ds0, ds1, etc) and ifconfig ds0 inet 0.0.0.1/32 (or else) route add -host a.b.c.d 0.0.0.1 instead of localhost From owner-freebsd-net@FreeBSD.ORG Thu May 29 16:52:47 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 33EA037B409; Thu, 29 May 2003 16:52:47 -0700 (PDT) Received: from relay3.softcomca.com (relay3.softcomca.com [168.144.1.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id A56CB43F93; Thu, 29 May 2003 16:52:42 -0700 (PDT) (envelope-from akanwar@digitarchy.com) Received: from M2W038.mail2web.com ([168.144.251.143]) by relay3.softcomca.com with Microsoft SMTPSVC(5.0.2195.5576); Thu, 29 May 2003 19:54:21 -0400 Message-ID: <191690-220035429235428215@M2W038.mail2web.com> X-Priority: 3 X-Originating-IP: 66.162.33.181 X-URL: http://mail2web.com/ From: "akanwar@digitarchy.com" To: sreekanth@redlinenetworks.com, mvsjetti@hss.hns.com, pete@he.iki.fi, ru@freebsd.org, freebsdnic@mailbox.cps.intel.com, freebsd-net@freebsd.org, akanwar@digitarchy.com Date: Thu, 29 May 2003 19:54:28 -0400 MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-OriginalArrivalTime: 29 May 2003 23:54:21.0734 (UTC) FILETIME=[A018B460:01C3263D] Subject: RE: gratuitous ARP with em interface. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: akanwar@digitarchy.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 23:52:47 -0000 Thanks all for you replies=2E > I haven't tried this, but I think the problem would go away if you > changed WAIT_FOR_AUTO_NEG_DEFAULT to 0 in "if_em=2Eh"=2E Changed this=2E Did not work=2E=20 > If u can do kernel debugging put break point at the=20 > "arp_ifinit" and verify if this was getting called or=20 > not=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E cheers, mahesh= Will try this=2E > Could be attributed to the spanning tree in the switch=2EI have=20 > seen it happening(especially with cisco switches)=2EI bet you=20 > are not able to send out any packet(Not just Garp)=2E No=2E Spanning tree is turned off (Tried it with both IOS and Catalyst switches)=2E > I haven't looked that deep into why, but em is quite slow=20 > on coming up compared to fxp for example=2E Probably something to do wi= th=20 > hardware re-initialization=2E Correct, there is a delay=2E "ifconfig em0 inet x=2Ex=2Ex=2Ex/y" takes a f= ew seconds to complete whereas "ifconfig fxp0 inet x=2Ex=2Ex=2Ex/y" returns instantly=2E Is there a way to force gratituous arp ? ( Short of writing a raw socket utility) Thanks, -ansh > > >On Wed, May 28, 2003 at 07:57:07PM -0400, > > akanwar@digitarchy=2Ecom wrote: > > > > > > > > >>Hi all, > > >> > > >>Is there a known issue with alias IPs on em interfaces not > > sending out > > >>gratuitous arps ? > > >> > > >>The situation is as follows: > > >> I am running a custom redundancy daemon that migrates the > > IP address > > >>of a server from one interface to another in case the > > active network > > >>path fails=2E Till now I was experimenting with two fxp > > interfaces and > > >>everything worked perfectly=2E i=2Ee=2E when the ip address moved ov= er=20 > > >>(using a perl script to run ifconfig commands) it sent out > > grat=2E arps > > >>for each of its alias IPs=2E This allowed the router to > > update its Arp > > >>table and talk to the newly active interface=2E > > >> > > >>Now when I try running the code with em (gigabit Ethernet > > over copper) > > >>NICs, I simply do not see the gratuitous arps come out of the new=20= > > >>interface=2E > > >> > > >>I am at a loss to understand what has changed=2E Could it=20 > be that the=20 > > >>line DOWN -> UP time of the em interface is longer thereby > > causing a > > >>loss of ARPs ? Any suggestions ? > > >> > > >> > > >> > > >Yes, I can reproduce this too, no gratuitous ARP is sent=2E > > > > > > > > >Cheers, > > > > > > > > > > > > _______________________________________________ > > freebsd-net@freebsd=2Eorg mailing list=20 > > http://lists=2Efreebsd=2Eorg/mailman/listinfo/free> bsd-net To > > unsubscribe, send any mail to > > "freebsd-net-unsubscribe@freebsd=2Eorg" > > > > --- > > Incoming mail is certified Virus Free=2E > > Checked by AVG anti-virus system (http://www=2Egrisoft=2Ecom)=2E > > Version: 6=2E0=2E483 / Virus Database: 279 - Release Date: 5/19/2003 > > > > >=20 > _______________________________________________ > freebsd-net@freebsd=2Eorg mailing list=20 > http://lists=2Efreebsd=2Eorg/mailman/listinfo/free> bsd-net > To=20 > unsubscribe, send any mail to=20 > "freebsd-net-unsubscribe@freebsd=2Eorg" >=20 >=20 > --- > Incoming mail is certified Virus Free=2E > Checked by AVG anti-virus system (http://www=2Egrisoft=2Ecom)=2E > Version: 6=2E0=2E483 / Virus Database: 279 - Release Date: 5/19/2003 > =20 >=20 -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web=2Ecom/ =2E From owner-freebsd-net@FreeBSD.ORG Thu May 29 17:49:14 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 88B0B37B401 for ; Thu, 29 May 2003 17:49:14 -0700 (PDT) Received: from mail.redlinenetworks.com (mail.redlinenetworks.com [216.136.145.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id EBEDF43F75 for ; Thu, 29 May 2003 17:49:13 -0700 (PDT) (envelope-from sreekanth@redlinenetworks.com) Received: from SREELAPTOP (dhcp-174.redlinenetworks.com [192.168.40.174]) h4U0nCM01798; Thu, 29 May 2003 17:49:13 -0700 (PDT) (envelope-from sreekanth@redlinenetworks.com) From: "Sreekanth" To: , Date: Thu, 29 May 2003 17:49:11 -0700 Message-ID: <000001c32645$48d2f690$ae28a8c0@SREELAPTOP> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: Normal In-Reply-To: <191690-220035429235428215@M2W038.mail2web.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: RE: gratuitous ARP with em interface. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2003 00:49:14 -0000 I did a quick test just now and... Interestingly I did see GARP packets on the network with Em copper connected to a 100base Switch(I don't have a gigabit Copper switch rightnow). You might want to try these things. 1) Ping immediately after the link comes up and see if it succeeds.(In 1000baseTX switch). 2) Connect it to a 100Base port and try. 3) Connect to another machine with crossover cable and try First try 1 and if it fails try 2 and 3. Hope it helps. Sreekanth > -----Original Message----- > From: owner-freebsd-net@freebsd.org > [mailto:owner-freebsd-net@freebsd.org] On Behalf Of > akanwar@digitarchy.com > Sent: Thursday, May 29, 2003 4:54 PM > To: sreekanth@redlinenetworks.com; mvsjetti@hss.hns.com; > pete@he.iki.fi; ru@freebsd.org; > freebsdnic@mailbox.cps.intel.com; freebsd-net@freebsd.org; > akanwar@digitarchy.com > Subject: RE: gratuitous ARP with em interface. > > > Thanks all for you replies. > > > I haven't tried this, but I think the problem would go away if you > > changed WAIT_FOR_AUTO_NEG_DEFAULT to 0 in "if_em.h". > > Changed this. Did not work. > > > If u can do kernel debugging put break point at the > > "arp_ifinit" and verify if this was getting called or > > not.................. cheers, mahesh > > Will try this. > > > Could be attributed to the spanning tree in the switch.I have > > seen it happening(especially with cisco switches).I bet you > > are not able to send out any packet(Not just Garp). > > No. Spanning tree is turned off (Tried it with both IOS and > Catalyst switches). > > > I haven't looked that deep into why, but em is quite slow > > on coming up compared to fxp for example. Probably > something to do with > > hardware re-initialization. > > Correct, there is a delay. "ifconfig em0 inet x.x.x.x/y" > takes a few seconds to complete whereas "ifconfig fxp0 inet > x.x.x.x/y" returns instantly. > > > Is there a way to force gratituous arp ? ( Short of writing a > raw socket > utility) > > Thanks, > -ansh > > > > >On Wed, May 28, 2003 at 07:57:07PM -0400, > > > akanwar@digitarchy.com wrote: > > > > > > > > > > > >>Hi all, > > > >> > > > >>Is there a known issue with alias IPs on em interfaces not > > > sending out > > > >>gratuitous arps ? > > > >> > > > >>The situation is as follows: > > > >> I am running a custom redundancy daemon that migrates the > > > IP address > > > >>of a server from one interface to another in case the > > > active network > > > >>path fails. Till now I was experimenting with two fxp > > > interfaces and > > > >>everything worked perfectly. i.e. when the ip address moved over > > > >>(using a perl script to run ifconfig commands) it sent out > > > grat. arps > > > >>for each of its alias IPs. This allowed the router to > > > update its Arp > > > >>table and talk to the newly active interface. > > > >> > > > >>Now when I try running the code with em (gigabit Ethernet > > > over copper) > > > >>NICs, I simply do not see the gratuitous arps come out > of the new > > > >>interface. > > > >> > > > >>I am at a loss to understand what has changed. Could it > > be that the > > > >>line DOWN -> UP time of the em interface is longer thereby > > > causing a > > > >>loss of ARPs ? Any suggestions ? > > > >> > > > >> > > > >> > > > >Yes, I can reproduce this too, no gratuitous ARP is sent. > > > > > > > > > > > >Cheers, > > > > > > > > > > > > > > > > > _______________________________________________ > > > freebsd-net@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/free> bsd-net To > > > unsubscribe, send any mail to > > > "freebsd-net-unsubscribe@freebsd.org" > > > > > > --- > > > Incoming mail is certified Virus Free. > > > Checked by AVG anti-virus system (http://www.grisoft.com). > > > Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003 > > > > > > > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/free> bsd-net > > To > > unsubscribe, send any mail to > > "freebsd-net-unsubscribe@freebsd.org" > > > > > > --- > > Incoming mail is certified Virus Free. > > Checked by AVG anti-virus system (http://www.grisoft.com). > > Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003 > > > > > > > > -------------------------------------------------------------------- > mail2web - Check your email from the web at http://mail2web.com/ . > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/free> bsd-net > To > unsubscribe, send any mail to > "freebsd-net-unsubscribe@freebsd.org" > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003 > > From owner-freebsd-net@FreeBSD.ORG Thu May 29 18:12:49 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8709C37B404 for ; Thu, 29 May 2003 18:12:49 -0700 (PDT) Received: from web14203.mail.yahoo.com (web14203.mail.yahoo.com [216.136.172.145]) by mx1.FreeBSD.org (Postfix) with SMTP id 1E38243F3F for ; Thu, 29 May 2003 18:12:49 -0700 (PDT) (envelope-from neelnatu@yahoo.com) Message-ID: <20030530011249.96101.qmail@web14203.mail.yahoo.com> Received: from [208.2.250.35] by web14203.mail.yahoo.com via HTTP; Thu, 29 May 2003 18:12:49 PDT Date: Thu, 29 May 2003 18:12:49 -0700 (PDT) From: Neelkanth Natu To: "."@babolo.ru, Paul Chvostek In-Reply-To: <1054246787.649875.6873.nullmailer@cicuta.babolo.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-net@freebsd.org Subject: Re: ipfw rules vs routes to localhost? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2003 01:12:49 -0000 --- .@babolo.ru wrote: > > I'm considering: > > > > ipfw add N deny ip from a.b.c.d to any > > > > vs. > > > > route add -host a.b.c.d localhost > > > > I need to block traffic to a number of IP addresses. I thought I'd use > > ipfw to avoid things like UDP DNS lookups that might come in ant take up > > resources while my system tried to respond, but it's been suggested on > > another list that setting routes to localhost will use less resources. > > Ideally, I'd like to be able to block a few tens of thousands of IPs. > > > > What's the scoop? > ipfw with huge list works slow. > Dont try huge route tables. > > use in kernel: > pseudo-device disc #Discard device (ds0, ds1, etc) > > and > ifconfig ds0 inet 0.0.0.1/32 (or else) > route add -host a.b.c.d 0.0.0.1 > instead of localhost An advantage of using "disc" is that you can monitor interface counters and use tcpdump to see the discarded traffic. A blackhole route to the loopback interface does not offer you this luxury. best Neel __________________________________ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com From owner-freebsd-net@FreeBSD.ORG Fri May 30 03:52:51 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF51937B401 for ; Fri, 30 May 2003 03:52:51 -0700 (PDT) Received: from fepA.post.tele.dk (fepA.post.tele.dk [195.41.46.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id 579AB43F85 for ; Fri, 30 May 2003 03:52:50 -0700 (PDT) (envelope-from mlists@daydreamer.dk) Received: from dpws ([80.161.205.30]) by fepA.post.tele.dk (InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with SMTP id <20030530105248.FKQM25848.fepA.post.tele.dk@dpws>; Fri, 30 May 2003 12:52:48 +0200 Message-ID: <000e01c32699$baf7a730$0301a8c0@dpws> From: "Dennis Pedersen" To: "Don Bowman" References: Date: Fri, 30 May 2003 12:53:40 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4920.2300 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300 cc: freebsd-net@FreeBSD.org Subject: Re: Spontan reboot of FreeBSD 4,x box X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2003 10:52:52 -0000 If i understand the man page of periodic correctly then it should'nt run if cron is'nt running? (ps aux |grep cron gives nothing and cron_enable is set to 'NO' in rc.conf) Can i simply remove the scripts from daily to make sure nothing is running from there or will that possibly crash the box? (i dont have access to the box with anything other than ssh right now.) Memory i having trouoble beliving in , its 3 different box's. 2 running 4,4 and one running 4,7. All on different hardware (except the nics are 3com, not same model.) Regards, Dennis ----- Original Message ----- From: "Don Bowman" To: "'Dennis Pedersen'" ; "Don Bowman" ; Sent: Wednesday, May 28, 2003 10:49 PM Subject: RE: Spontan reboot of FreeBSD 4,x box well, I would speculate that your /etc/periodic is running @ 3am doing things like looking for setuid files, pruning /tmp, etc, which sparks up some disk activity, forks a few processes, walks the filesystem, etc, which is tripping some bug you have in the kernel, or bad memory. [i have a version of memtest86 which can be loaded from 'loader' and placed on a fbsd file system if you wish to try the bad memory theory conveniently]. I have a similar problem in 4.7 that occurs once in a while @ 3:01am which seems to randomly corrupt memory. I've been chasing it for a while but is hasn't been reproducible enough to find. This is pure speculation. man 8 periodic see /etc/periodic.conf > -----Original Message----- > From: Dennis Pedersen [mailto:mlists@daydreamer.dk] > Sent: May 28, 2003 16:46 > To: Don Bowman; freebsd-net@FreeBSD.org > Subject: Re: Spontan reboot of FreeBSD 4,x box > > > > ----- Original Message ----- > From: "Don Bowman" > To: "'Dennis Pedersen'" ; > > Sent: Wednesday, May 28, 2003 3:56 PM > Subject: RE: Spontan reboot of FreeBSD 4,x box > > > > > From: Dennis Pedersen [mailto:mlists@daydreamer.dk] > > > > > > I have a couple of FreeBSD 4,4 and one 4,7 that are beeing > > > used as firewalls > > > in different locations. > > > Lately i haven noticed that one of the firewall's was > > > starting to reboot at > > > a certin time of the day (give or take maybe 10min). > > > > The time it resets wouldn't correlate to the periodic (e.g. > > 3am) would it? > > On one of the box´s that fits yeah.. > What am i missing? > cron_enable is set to no in rc.conf and the cron deamon isnt running? > > > Regards, > Dennis > From owner-freebsd-net@FreeBSD.ORG Fri May 30 06:25:38 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2FDEE37B401 for ; Fri, 30 May 2003 06:25:38 -0700 (PDT) Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 667A643F75 for ; Fri, 30 May 2003 06:25:37 -0700 (PDT) (envelope-from gallatin@cs.duke.edu) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.12.9/8.12.9) with ESMTP id h4UDPa29002168 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Fri, 30 May 2003 09:25:36 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id h4UDPVS37360; Fri, 30 May 2003 09:25:31 -0400 (EDT) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16087.23499.422415.378026@grasshopper.cs.duke.edu> Date: Fri, 30 May 2003 09:25:31 -0400 (EDT) To: freebsd-net@freebsd.org X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Subject: limiting connections per IP w/FreeBSD ftpd? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2003 13:25:38 -0000 At my company, some bonehead (not sure if it was maliciousness or just a stupid customer), opened 60 simultaneous connections to our ftp server and totally swamped our T1. This is the second or third time this has happened recently. So I'm looking for some way to limit the number of connections per-IP. I understand this may be bad for sites behind NAT boxes, or for multiuser systems, and I don't want to start a thread debating its merits. I'd like to avoid downgrading to one of the swiss-army knife ftpds that always seems to have a vulnerability in the headlines, but I don't have time to hack FreeBSD ftpd myself. So: Does anybody have patches to allow FreeBSD's ftpd to limit connections per IP? Or am I stuck with proftpd or wuftpd Thanks, Drew From owner-freebsd-net@FreeBSD.ORG Fri May 30 06:30:55 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D742D37B401 for ; Fri, 30 May 2003 06:30:55 -0700 (PDT) Received: from arthur.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2DDD043FB1 for ; Fri, 30 May 2003 06:30:55 -0700 (PDT) (envelope-from simon@arthur.nitro.dk) Received: by arthur.nitro.dk (Postfix, from userid 1000) id 3ADAE10BF82; Fri, 30 May 2003 15:30:53 +0200 (CEST) Date: Fri, 30 May 2003 15:30:53 +0200 From: "Simon L. Nielsen" To: Andrew Gallatin Message-ID: <20030530133052.GC414@nitro.dk> References: <16087.23499.422415.378026@grasshopper.cs.duke.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="m51xatjYGsM+13rf" Content-Disposition: inline In-Reply-To: <16087.23499.422415.378026@grasshopper.cs.duke.edu> User-Agent: Mutt/1.5.4i cc: freebsd-net@freebsd.org Subject: Re: limiting connections per IP w/FreeBSD ftpd? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2003 13:30:56 -0000 --m51xatjYGsM+13rf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2003.05.30 09:25:31 -0400, Andrew Gallatin wrote: >=20 > At my company, some bonehead (not sure if it was maliciousness or just > a stupid customer), opened 60 simultaneous connections to our ftp > server and totally swamped our T1. This is the second or third time > this has happened recently. How about just restricting the bandwidth usage with ipfw/dummynet ? --=20 Simon L. Nielsen --m51xatjYGsM+13rf Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE+110M8kocFXgPTRwRAkaHAJ4+Ul7gZTXFafGhe23VJ1V2KLzUjACeOaEE Fsj6B1QtVjljVOnV3OEV/1Y= =wY3L -----END PGP SIGNATURE----- --m51xatjYGsM+13rf-- From owner-freebsd-net@FreeBSD.ORG Fri May 30 06:34:02 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8054737B401 for ; Fri, 30 May 2003 06:34:02 -0700 (PDT) Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id C225643F93 for ; Fri, 30 May 2003 06:34:01 -0700 (PDT) (envelope-from gallatin@cs.duke.edu) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.12.9/8.12.9) with ESMTP id h4UDY129002540 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Fri, 30 May 2003 09:34:01 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id h4UDXut37373; Fri, 30 May 2003 09:33:56 -0400 (EDT) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16087.24004.208831.221102@grasshopper.cs.duke.edu> Date: Fri, 30 May 2003 09:33:56 -0400 (EDT) To: "Simon L. Nielsen" In-Reply-To: <20030530133052.GC414@nitro.dk> References: <16087.23499.422415.378026@grasshopper.cs.duke.edu> <20030530133052.GC414@nitro.dk> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid cc: freebsd-net@freebsd.org Subject: Re: limiting connections per IP w/FreeBSD ftpd? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2003 13:34:02 -0000 Simon L. Nielsen writes: > On 2003.05.30 09:25:31 -0400, Andrew Gallatin wrote: > > > > At my company, some bonehead (not sure if it was maliciousness or just > > a stupid customer), opened 60 simultaneous connections to our ftp > > server and totally swamped our T1. This is the second or third time > > this has happened recently. > > How about just restricting the bandwidth usage with ipfw/dummynet ? > Our firewall is elsewhere, and I don't admin it. As for adding it to the server itself, its an alpha, and I don't think dummnet/ipfw are production quality on alpha... Drew From owner-freebsd-net@FreeBSD.ORG Fri May 30 06:38:33 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D27AC37B401 for ; Fri, 30 May 2003 06:38:32 -0700 (PDT) Received: from relay.macomnet.ru (relay.macomnet.ru [195.128.64.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7FF5843FE0 for ; Fri, 30 May 2003 06:38:31 -0700 (PDT) (envelope-from maxim@macomnet.ru) Received: from news1.macomnet.ru (news1.macomnet.ru [195.128.64.14]) by relay.macomnet.ru (8.11.6/8.11.6) with ESMTP id h4UDcLb6173836; Fri, 30 May 2003 17:38:21 +0400 (MSD) Date: Fri, 30 May 2003 17:38:21 +0400 (MSD) From: Maxim Konovalov To: Andrew Gallatin In-Reply-To: <16087.23499.422415.378026@grasshopper.cs.duke.edu> Message-ID: <20030530173609.L69032@news1.macomnet.ru> References: <16087.23499.422415.378026@grasshopper.cs.duke.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: limiting connections per IP w/FreeBSD ftpd? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2003 13:38:33 -0000 On 09:25-0400, May 30, 2003, Andrew Gallatin wrote: > > At my company, some bonehead (not sure if it was maliciousness or just > a stupid customer), opened 60 simultaneous connections to our ftp > server and totally swamped our T1. This is the second or third time > this has happened recently. > > So I'm looking for some way to limit the number of connections per-IP. > I understand this may be bad for sites behind NAT boxes, or for > multiuser systems, and I don't want to start a thread debating its > merits. > > I'd like to avoid downgrading to one of the swiss-army knife ftpds > that always seems to have a vulnerability in the headlines, but I > don't have time to hack FreeBSD ftpd myself. > > So: Does anybody have patches to allow FreeBSD's ftpd to limit > connections per IP? Or am I stuck with proftpd or wuftpd a) run ftpd from inetd -s, man inetd; b) ipfw2 limit src-addr, man ipfw. -- Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org From owner-freebsd-net@FreeBSD.ORG Fri May 30 06:49:57 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A289837B401 for ; Fri, 30 May 2003 06:49:57 -0700 (PDT) Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id C58EC43FA3 for ; Fri, 30 May 2003 06:49:56 -0700 (PDT) (envelope-from gallatin@cs.duke.edu) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.12.9/8.12.9) with ESMTP id h4UDnu29003224 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Fri, 30 May 2003 09:49:56 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id h4UDnpt37392; Fri, 30 May 2003 09:49:51 -0400 (EDT) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16087.24959.113061.774044@grasshopper.cs.duke.edu> Date: Fri, 30 May 2003 09:49:51 -0400 (EDT) To: Maxim Konovalov In-Reply-To: <20030530173609.L69032@news1.macomnet.ru> References: <16087.23499.422415.378026@grasshopper.cs.duke.edu> <20030530173609.L69032@news1.macomnet.ru> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid cc: freebsd-net@freebsd.org Subject: Re: limiting connections per IP w/FreeBSD ftpd? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2003 13:49:58 -0000 Maxim Konovalov writes: > a) run ftpd from inetd -s, man inetd; Duh! Thanks! Works fine. Drew From owner-freebsd-net@FreeBSD.ORG Fri May 30 07:26:14 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9840F37B401 for ; Fri, 30 May 2003 07:26:14 -0700 (PDT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 20F6943F75 for ; Fri, 30 May 2003 07:26:14 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.8p1/8.12.3) with ESMTP id h4UEQ6Qg098400; Fri, 30 May 2003 07:26:06 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.8p1/8.12.3/Submit) id h4UEQ5Nx098387; Fri, 30 May 2003 07:26:05 -0700 (PDT) (envelope-from rizzo) Date: Fri, 30 May 2003 07:26:05 -0700 From: Luigi Rizzo To: Andrew Gallatin Message-ID: <20030530072605.A97702@xorpc.icir.org> References: <16087.23499.422415.378026@grasshopper.cs.duke.edu> <20030530133052.GC414@nitro.dk> <16087.24004.208831.221102@grasshopper.cs.duke.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <16087.24004.208831.221102@grasshopper.cs.duke.edu>; from gallatin@cs.duke.edu on Fri, May 30, 2003 at 09:33:56AM -0400 cc: "Simon L. Nielsen" cc: freebsd-net@freebsd.org Subject: Re: limiting connections per IP w/FreeBSD ftpd? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2003 14:26:14 -0000 On Fri, May 30, 2003 at 09:33:56AM -0400, Andrew Gallatin wrote: ... > As for adding it to the server itself, its an alpha, and I don't think > dummnet/ipfw are production quality on alpha... actually the ipfw1/dummynet code is the same and should be working perfectly fine on the alpha. ipfw2 does have alignement issues on the alpha and sparc, but i have patches (posted to the -alpha and -sparc64 lists almost 2 weeks ago now) which are just awaiting some good soul with those platform to provide feedback. cheers luigi From owner-freebsd-net@FreeBSD.ORG Fri May 30 07:33:55 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4285637B401 for ; Fri, 30 May 2003 07:33:55 -0700 (PDT) Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 75CFE43F3F for ; Fri, 30 May 2003 07:33:54 -0700 (PDT) (envelope-from gallatin@cs.duke.edu) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.12.9/8.12.9) with ESMTP id h4UEXr29006081 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Fri, 30 May 2003 10:33:53 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id h4UEXmt37435; Fri, 30 May 2003 10:33:48 -0400 (EDT) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16087.27596.771233.714068@grasshopper.cs.duke.edu> Date: Fri, 30 May 2003 10:33:48 -0400 (EDT) To: Luigi Rizzo In-Reply-To: <20030530072605.A97702@xorpc.icir.org> References: <16087.23499.422415.378026@grasshopper.cs.duke.edu> <20030530133052.GC414@nitro.dk> <16087.24004.208831.221102@grasshopper.cs.duke.edu> <20030530072605.A97702@xorpc.icir.org> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid cc: freebsd-net@freebsd.org Subject: Re: limiting connections per IP w/FreeBSD ftpd? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2003 14:33:55 -0000 Luigi Rizzo writes: > On Fri, May 30, 2003 at 09:33:56AM -0400, Andrew Gallatin wrote: > ... > > As for adding it to the server itself, its an alpha, and I don't think > > dummnet/ipfw are production quality on alpha... > > actually the ipfw1/dummynet code is the same and should be working > perfectly fine on the alpha. ipfw2 does have alignement issues on > the alpha and sparc, but i have patches (posted to the -alpha and > -sparc64 lists almost 2 weeks ago now) which are just awaiting some > good soul with those platform to provide feedback. Ah, thanks. I'd confused the 2 in my mind; sorry. I thought Wilko (wkb) had a test setup for ipfw2? Drew From owner-freebsd-net@FreeBSD.ORG Fri May 30 09:27:01 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C860737B401 for ; Fri, 30 May 2003 09:27:01 -0700 (PDT) Received: from athena.erwane.net (breton.net1.nerim.net [213.41.144.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0593F43FA3 for ; Fri, 30 May 2003 09:27:00 -0700 (PDT) (envelope-from breton@erwane.net) Received: from athena.erwane.net (athena-in [10.1.1.254]) by athena.erwane.net (8.12.9/8.12.6) with SMTP id h4UGQu3Q052247 for ; Fri, 30 May 2003 18:26:58 +0200 (CEST) (envelope-from breton@erwane.net) Date: Fri, 30 May 2003 18:26:56 +0200 From: Erwane Breton To: freebsd-net@freebsd.org Message-Id: <20030530182656.08046610.breton@erwane.net> In-Reply-To: <004b01c325f6$2c5cfd20$812a40c1@PETEX31> References: <20030529155143.2c39326e.breton@erwane.net> <20030529144639.GI61246@over-yonder.net> <004b01c325f6$2c5cfd20$812a40c1@PETEX31> Organization: Erwane X-Mailer: Sylpheed version 0.9.0 (GTK+ 1.2.10; i386-portbld-freebsd5.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Collision on NIC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2003 16:27:02 -0000 > > > > Well, I don't see the problem. > > > > My math says that that's .03% collision rate, which is so deep in the > > noise as to be practically zero. What do you _think_ it should be? > > > Even Mr. Inventor of the ethernet himself regrets calling them collisions because > that term has a bad ring people unfamiliar with the technological detail. > > Pete So there are no answers or solutions ? Erwan From owner-freebsd-net@FreeBSD.ORG Fri May 30 09:54:04 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 25FFE37B401 for ; Fri, 30 May 2003 09:54:04 -0700 (PDT) Received: from mail.redlinenetworks.com (mail.redlinenetworks.com [216.136.145.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1438C43F93 for ; Fri, 30 May 2003 09:54:03 -0700 (PDT) (envelope-from sreekanth@redlinenetworks.com) Received: from SREELAPTOP (dhcp-174.redlinenetworks.com [192.168.40.174]) h4UGrwM47405; Fri, 30 May 2003 09:53:58 -0700 (PDT) (envelope-from sreekanth@redlinenetworks.com) From: "Sreekanth" To: "'Erwane Breton'" , Date: Fri, 30 May 2003 09:53:57 -0700 Message-ID: <000001c326cc$100ae840$ae28a8c0@SREELAPTOP> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 In-Reply-To: <20030530182656.08046610.breton@erwane.net> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: RE: Collision on NIC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2003 16:54:04 -0000 Hmmm..The thumb rule I generally follow is that if there are too many collisions, I would look at the duplex settings of the NIC and the switch.If one of them is forced(Not auto negotiated) then the other one turns itself into Half-duplex.The ifconfig display is also cryptic in the sense that it does not tell you explicitly that it is half-duplex.If there is no full-duplex in ifconfig display it is half-duplex.Check those settings again and may be you are in for a surprise.. Sreekanth > -----Original Message----- > From: owner-freebsd-net@freebsd.org > [mailto:owner-freebsd-net@freebsd.org] On Behalf Of Erwane Breton > Sent: Friday, May 30, 2003 9:27 AM > To: freebsd-net@freebsd.org > Subject: Re: Collision on NIC > > > > > > > > Well, I don't see the problem. > > > > > > My math says that that's .03% collision rate, which is so deep in > > > the noise as to be practically zero. What do you _think_ > it should > > > be? > > > > > Even Mr. Inventor of the ethernet himself regrets calling them > > collisions because that term has a bad ring people > unfamiliar with the > > technological detail. > > > > Pete > > So there are no answers or solutions ? > > Erwan > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/free> bsd-net > To > unsubscribe, send any mail to > "freebsd-net-unsubscribe@freebsd.org" > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003 > > From owner-freebsd-net@FreeBSD.ORG Fri May 30 09:59:53 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EEC0C37B401 for ; Fri, 30 May 2003 09:59:53 -0700 (PDT) Received: from exchange.wan.no (exchange.wan.no [80.86.128.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id BEA5F43FB1 for ; Fri, 30 May 2003 09:59:52 -0700 (PDT) (envelope-from sten.daniel.sorsdal@wan.no) X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Fri, 30 May 2003 18:59:18 +0200 Message-ID: <0AF1BBDF1218F14E9B4CCE414744E70F07DEB9@exchange.wanglobal.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Collision on NIC Thread-Index: AcMmyEMkchfm514sSKS/ZcPeX3eo/wAADCRw From: =?iso-8859-1?Q?Sten_Daniel_S=F8rsdal?= To: "Erwane Breton" , Subject: RE: Collision on NIC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2003 16:59:54 -0000 > > >=20 > > > Well, I don't see the problem. > > >=20 > > > My math says that that's .03% collision rate, which is so=20 > deep in the > > > noise as to be practically zero. What do you _think_ it=20 > should be? > > >=20 > > Even Mr. Inventor of the ethernet himself regrets calling=20 > them collisions because > > that term has a bad ring people unfamiliar with the=20 > technological detail. > >=20 > > Pete >=20 > So there are no answers or solutions ? >=20 > Erwan Answer: Collisions are normal when your ethernet interface is set to = Half-duplex. In Half-duplex mode it can only either send or listen. Changing both sides to full-duplex removes to collisions. However: Changing only one side _always_ results in packet-loss! Collisions does not mean packets lost. 10mbit Half-duplex from your computer to your ADSL modem does not mean loss of performance. The reason that your ADSL modem is at 10mbit Half-duplex is usually = either; * It does not support anything else (almost always the case) * Auto-detect will in certain cases fail and there would be duplex = mismatch=20 (packetloss) requiring operators assistance. Either way, it is the way it is because then practically nothing can go = wrong. Solution: Do absolutly nothing. You would (probably) have realized so many reasons not to ask this = question if you had spent 10 seconds on www.google.com. And don't tell me you have, = because you havent. - Sten From owner-freebsd-net@FreeBSD.ORG Fri May 30 11:53:24 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 247AB37B401 for ; Fri, 30 May 2003 11:53:23 -0700 (PDT) Received: from web14206.mail.yahoo.com (web14206.mail.yahoo.com [216.136.173.70]) by mx1.FreeBSD.org (Postfix) with SMTP id 6DA8F43F75 for ; Fri, 30 May 2003 11:53:23 -0700 (PDT) (envelope-from neelnatu@yahoo.com) Message-ID: <20030530185323.78273.qmail@web14206.mail.yahoo.com> Received: from [208.2.250.35] by web14206.mail.yahoo.com via HTTP; Fri, 30 May 2003 11:53:23 PDT Date: Fri, 30 May 2003 11:53:23 -0700 (PDT) From: Neelkanth Natu To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Alpine4Linux X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2003 18:53:24 -0000 Hi all, Alpine4Linux is a userlevel FreeBSD 4.8 networking stack running on top of a stock Linux kernel. It is an implementation of an idea that I came across in a paper[1] by David Ely, Stefan Savage and David Wetherall. Alpine4Linux consists of a userland server program that runs the FreeBSD kernel code as well as the unmodified networking stack. Client programs use the Alpine stack by setting the LD_PRELOAD environment variable to link to libraries, that intercept socket related system calls. These intercepted system calls are routed to the Alpine server over a TCP connection established on the loopback interface. Alpine4Linux goes great lengths to ensure that its behavior is identical to that of a FreeBSD kernel as far as networking is concerned. Thus, in addition to the unmodified FreeBSD stack. Alpine4Linux also has unmodified socket layer code, file descriptor code, tsleep and wakeup for e.g. It also has a rich client-side library that supports almost all socket functions as well as functions like fork() that are commonly used by server programs. I have tested stock Linux programs like telnet, nmap, ifconfig, vsftpd-1.1.3 etc. against the Alpine stack. I have only compiled it on a Redhat 8.x Linux box, so if someone manages to run it on another Linux distribution/kernel please let me know. You can find more information at: http://www.vzavenue.net/~neelnatu/alpine4linux Hopefully someone finds use for this. thanks Neel [1] Alpine: A user-level infrastructure for network protocol development David Ely, Stefan Savage, David Wetherall http://alpine.cs.washington.edu/ __________________________________ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com From owner-freebsd-net@FreeBSD.ORG Fri May 30 13:07:26 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1AB2437B401; Fri, 30 May 2003 13:07:26 -0700 (PDT) Received: from mail.tel.fer.hr (zg06-054.dialin.iskon.hr [213.191.148.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C28343F85; Fri, 30 May 2003 13:07:22 -0700 (PDT) (envelope-from zec@tel.fer.hr) Received: from tel.fer.hr (marko-tp.katoda.net [192.168.201.109]) by mail.tel.fer.hr (8.12.6/8.12.6) with ESMTP id h4UK6v9W000511; Fri, 30 May 2003 22:07:02 +0200 (CEST) (envelope-from zec@tel.fer.hr) Message-ID: <3ED7B9EB.9719E0FB@tel.fer.hr> Date: Fri, 30 May 2003 22:07:07 +0200 From: Marko Zec X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Juli Mallett References: <3ED14BF3.139CAC32@tel.fer.hr> <20030530182645.GP62688@perrin.int.nxad.com> <20030530133302.A48390@FreeBSD.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: hackers@FreeBSD.org cc: net@FreeBSD.org Subject: Re: Network stack cloning / virtualization patches X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2003 20:07:26 -0000 Juli Mallett wrote: > * Sean Chittenden [ Date: 2003-05-30 ] > [ w.r.t. Re: Network stack cloning / virtualization patches ] > > > at http://www.tel.fer.hr/zec/vimage/ you can find a set of patches > > > against 4.8-RELEASE kernel that provide support for network stack > > > cloning. > > > > Has anyone stepped forward to possibly shepherd this code into the > > tree? I am highly interested in this code and would like to see it > > incorporated into the base system (read: -CURRENT, before 5.2). After > > looking at the TODO, I realize that this patch isn't 100% yet, but can > > it be broken down into a smaller set of commits? > > Has anyone looked at making the patch work with CURRENT? Does this do > anything to degrade performance of UP systems with no (0?) virtualised > images running? Does it make the locking situation much worse? Can it > be stripped down to minimal, clean, well-architected diffs to accomplish > a centralised goal, rather than a "Network+goodies, random subsystem > overhaul"? Those are probably good questions for someone to know the > answers to (by looking at the code, or someone trying such) before it > gets too close to the tree. I plan to start porting the cloning code to -CURRENT once it becomes -STABLE (that means once the 5.2 gets out, I guess). In the meanwhile I'd like to get more feedback on what people like / dislike regarding the general concept and the code as it is right now, in which direction I should strive to redesign the management API etc. I fully agree with Juli's comment that the patch coalesces many things not fundamentally related to the network stack itself, and that it therefore has to be slightly reengineered first. While at BSDCon in Amsterdam, idowse@ and phk@ suggested to me that the vimage framework should probably be implemented in a more modular fashion, so that admins could choose which system resources to virtualize and which not. My current experiments are going in that direction... Regarding the question on performance penalty, I suggest that you check the EuroBSDCon slides which provide a basic comparison between the standard and the patched kernel. The overhead increase is generally hardly measurable, and depending on traffic type it does not exceed 3-4% in worst case scenarios. Julian Elischer will be giving a talk accompanying a paper on the subject at the upcoming USENIX / FreeNIX ATC, so perhaps this could also be a good place to learn a couple of more details :-) Unfortunately I won't be able to attend the conference personally :-| , but I hope to hear some feedback though... Cheers, Marko From owner-freebsd-net@FreeBSD.ORG Fri May 30 15:16:03 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9672337B401 for ; Fri, 30 May 2003 15:16:03 -0700 (PDT) Received: from praetor.linc-it.com (hardtime.linuxman.net [66.147.26.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id F3FD243F75 for ; Fri, 30 May 2003 15:16:02 -0700 (PDT) (envelope-from fullermd@over-yonder.net) Received: from mortis.over-yonder.net (adsl-156-172-64.jan.bellsouth.net [66.156.172.64]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by praetor.linc-it.com (Postfix) with ESMTP id 19F5D15482; Fri, 30 May 2003 17:16:02 -0500 (CDT) Received: by mortis.over-yonder.net (Postfix, from userid 100) id 325A620F28; Fri, 30 May 2003 17:16:00 -0500 (CDT) Date: Fri, 30 May 2003 17:15:59 -0500 From: "Matthew D. Fuller" To: Erwane Breton Message-ID: <20030530221559.GL61246@over-yonder.net> References: <20030529155143.2c39326e.breton@erwane.net> <20030529144639.GI61246@over-yonder.net> <004b01c325f6$2c5cfd20$812a40c1@PETEX31> <20030530182656.08046610.breton@erwane.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030530182656.08046610.breton@erwane.net> User-Agent: Mutt/1.4i-fullermd.1 X-Editor: vi X-OS: FreeBSD cc: freebsd-net@freebsd.org Subject: Re: Collision on NIC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2003 22:16:04 -0000 On Fri, May 30, 2003 at 06:26:56PM +0200 I heard the voice of Erwane Breton, and lo! it spake thus: > > > > > > Well, I don't see the problem. > > > > > > My math says that that's .03% collision rate, which is so deep in the > > > noise as to be practically zero. What do you _think_ it should be? > > > > > Even Mr. Inventor of the ethernet himself regrets calling them collisions because > > that term has a bad ring people unfamiliar with the technological detail. > > > > Pete > > So there are no answers or solutions ? Solution: Do nothing, because nothing is /wrong/. There's nothing to FIX. Move along, nothing to see here. -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet" From owner-freebsd-net@FreeBSD.ORG Fri May 30 15:26:27 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F27A737B404; Fri, 30 May 2003 15:26:26 -0700 (PDT) Received: from cirb503493.alcatel.com.au (c18609.belrs1.nsw.optusnet.com.au [210.49.80.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id E21F743FAF; Fri, 30 May 2003 15:26:24 -0700 (PDT) (envelope-from peterjeremy@optushome.com.au) Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1])h4UMQMp9052822; Sat, 31 May 2003 08:26:23 +1000 (EST) (envelope-from jeremyp@cirb503493.alcatel.com.au) Received: (from jeremyp@localhost) by cirb503493.alcatel.com.au (8.12.8/8.12.8/Submit) id h4UMQKYv052821; Sat, 31 May 2003 08:26:20 +1000 (EST) Date: Sat, 31 May 2003 08:26:19 +1000 From: Peter Jeremy To: Marko Zec Message-ID: <20030530222619.GA49229@cirb503493.alcatel.com.au> References: <3ED14BF3.139CAC32@tel.fer.hr> <20030530182645.GP62688@perrin.int.nxad.com> <20030530133302.A48390@FreeBSD.org> <3ED7B9EB.9719E0FB@tel.fer.hr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3ED7B9EB.9719E0FB@tel.fer.hr> User-Agent: Mutt/1.4.1i cc: hackers@freebsd.org cc: net@freebsd.org Subject: Re: Network stack cloning / virtualization patches X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2003 22:26:27 -0000 On Fri, May 30, 2003 at 10:07:07PM +0200, Marko Zec wrote: >I plan to start porting the cloning code to -CURRENT once it becomes -STABLE >(that means once the 5.2 gets out, I guess). FreeBSD has a policy that all new features must be added to -CURRENT before they can be added to -STABLE (4.x or 5.x). This means that you are going to have to port the code to -CURRENT at some point in order to get it added to the main tree. That said, now is actually a relatively good time to look at porting code to -CURRENT. It has been in a 'semi-frozen' state since about last November and will stay in this like this until 5.x is branched (ie work is focused on bug-fixes and performance enhancements with minimal new features). Once 5-STABLE is branched, 6-CURRENT will go through a period of rapid change and instability as everyone gets 9 months or so of pent-up API changes and 'interesting new ideas' committed. In other words, the longer you leave it, the more effort you'll probably need to invest. Peter From owner-freebsd-net@FreeBSD.ORG Fri May 30 17:14:56 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 963CA37B401 for ; Fri, 30 May 2003 17:14:56 -0700 (PDT) Received: from smtp-relay.omnis.com (smtp-relay.omnis.com [216.239.128.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id C38C243F85 for ; Fri, 30 May 2003 17:14:55 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from salty.rapid.stbernard.com (corp-2.ipinc.com [199.245.188.2]) by smtp-relay.omnis.com (Postfix) with ESMTP id AE08C1B584; Fri, 30 May 2003 17:14:54 -0700 (PDT) From: Wes Peters Organization: Softweyr.com To: Erwane Breton , freebsd-net@freebsd.org Date: Fri, 30 May 2003 17:14:53 -0700 User-Agent: KMail/1.5 References: <20030529155143.2c39326e.breton@erwane.net> <004b01c325f6$2c5cfd20$812a40c1@PETEX31> <20030530182656.08046610.breton@erwane.net> In-Reply-To: <20030530182656.08046610.breton@erwane.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200305301714.53997.wes@softweyr.com> Subject: Re: Collision on NIC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 May 2003 00:14:56 -0000 On Friday 30 May 2003 09:26, Erwane Breton wrote: > > > Well, I don't see the problem. > > > > > > My math says that that's .03% collision rate, which is so deep in > > > the noise as to be practically zero. What do you _think_ it > > > should be? > > > > Even Mr. Inventor of the ethernet himself regrets calling them > > collisions because that term has a bad ring people unfamiliar with > > the technological detail. > > > > Pete > > So there are no answers or solutions ? If it were a problem there might be a solution, but collisions are not a problem, they're normal on an ethernet. When you read "collision" you think "error." You must retrain your mind, collisions are normal operating procedure on ethernet. Really. If the collisions were above 10%, it would be cause for concern; at 0.03% I can only conclude that you have a switched ethernet and have occasional broadcast traffic. 0.03% is way too low for any half-duplex (i.e. built with hubs) network. Repeat after me: "Collisions are normal on ethernet. 0.03% is nothing to be upset about." -- "Where am I, and what am I doing in this handbasket?" Wes Peters wes@softweyr.com From owner-freebsd-net@FreeBSD.ORG Fri May 30 11:26:47 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D43D37B401; Fri, 30 May 2003 11:26:47 -0700 (PDT) Received: from perrin.int.nxad.com (internal.ext.nxad.com [69.1.70.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9FF9843F93; Fri, 30 May 2003 11:26:46 -0700 (PDT) (envelope-from sean@nxad.com) Received: by perrin.int.nxad.com (Postfix, from userid 1001) id 14FFC21065; Fri, 30 May 2003 11:26:46 -0700 (PDT) Date: Fri, 30 May 2003 11:26:45 -0700 From: Sean Chittenden To: Marko Zec Message-ID: <20030530182645.GP62688@perrin.int.nxad.com> References: <3ED14BF3.139CAC32@tel.fer.hr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3ED14BF3.139CAC32@tel.fer.hr> X-PGP-Key: finger seanc@FreeBSD.org X-PGP-Fingerprint: 3849 3760 1AFE 7B17 11A0 83A6 DD99 E31F BC84 B341 X-Web-Homepage: http://sean.chittenden.org/ User-Agent: Mutt/1.5.4i X-Mailman-Approved-At: Fri, 30 May 2003 17:25:03 -0700 cc: hackers@freebsd.org Subject: Re: Network stack cloning / virtualization patches X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2003 18:26:47 -0000 > at http://www.tel.fer.hr/zec/vimage/ you can find a set of patches > against 4.8-RELEASE kernel that provide support for network stack > cloning. The patched kernel allows multiple fully independent > network stack instances to simultaneously coexist within a single OS > kernel, providing a foundation for supporting diverse new > applications, including: > > - Enhanced virtual hosting (think of jails with its own private set of > network interfaces, IP addresses, routing tables, ipfw and dummynet > instance etc.); > - High-performance real-time network simulation / emulation; > - Fully isolated overlay VPN provisioning (using IP tunnels), including > the possibility of creating nested VPNs. > > The network stacks are embedded in new resource container entities > named "virtual images". Each process and network stack instance within > the system has to be associated with a virtual image, which in effect > becomes a light or pseudo virtual machine entity. Additional goodies > include the possibility to control some other resources besides the > network stack, most notably the independent CPU load and usage > accounting, as well as feedback-driven proportional share scheduling > among virtual images. For more details, check the above URL. > Note that the patch was designed to allow all existing applications and > utilities to run unmodified on the patched kernel, so no recompiling of > the userland is necessary. > > Hope you'll find use for the new framework :-) Has anyone stepped forward to possibly shepherd this code into the tree? I am highly interested in this code and would like to see it incorporated into the base system (read: -CURRENT, before 5.2). After looking at the TODO, I realize that this patch isn't 100% yet, but can it be broken down into a smaller set of commits? Anyone doing virtual hosting would kill to have this functionality in FreeBSD right now. -sc -- Sean Chittenden From owner-freebsd-net@FreeBSD.ORG Sat May 31 02:43:36 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F66737B401 for ; Sat, 31 May 2003 02:43:36 -0700 (PDT) Received: from athena.erwane.net (breton.net1.nerim.net [213.41.144.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1DAB043FA3 for ; Sat, 31 May 2003 02:43:32 -0700 (PDT) (envelope-from breton@erwane.net) Received: from athena.erwane.net (athena-in [10.1.1.254]) by athena.erwane.net (8.12.9/8.12.6) with SMTP id h4V9hUfm066745 for ; Sat, 31 May 2003 11:43:30 +0200 (CEST) (envelope-from breton@erwane.net) Date: Sat, 31 May 2003 11:43:30 +0200 From: Erwane Breton To: freebsd-net@freebsd.org Message-Id: <20030531114330.02efd2d6.breton@erwane.net> In-Reply-To: <200305301714.53997.wes@softweyr.com> References: <20030529155143.2c39326e.breton@erwane.net> <004b01c325f6$2c5cfd20$812a40c1@PETEX31> <20030530182656.08046610.breton@erwane.net> <200305301714.53997.wes@softweyr.com> Organization: Erwane X-Mailer: Sylpheed version 0.9.0 (GTK+ 1.2.10; i386-portbld-freebsd5.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Collision on NIC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 May 2003 09:43:36 -0000 > Repeat after me: "Collisions are normal on ethernet. 0.03% is > nothing to be upset about." > > -- > "Where am I, and what am I doing in this handbasket?" > > Wes Peters wes@softweyr.com "Collisions are normal on ethrnet. 0.03% is nothing to be upset about." :-) OK OK.. I never understand what is collision before, now i know (i think) I change nothing on all FreeBSD box. Thanks for all Erwan -- From owner-freebsd-net@FreeBSD.ORG Sat May 31 03:58:36 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5997C37B405 for ; Sat, 31 May 2003 03:58:36 -0700 (PDT) Received: from silver.he.iki.fi (silver.he.iki.fi [193.64.42.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C86C43FA3 for ; Sat, 31 May 2003 03:58:35 -0700 (PDT) (envelope-from pete@he.iki.fi) Received: from PETEX31 (h81.vuokselantie10.fi [193.64.42.129]) by silver.he.iki.fi (8.12.9/8.11.4) with SMTP id h4VAwJk8018600; Sat, 31 May 2003 13:58:19 +0300 (EEST) (envelope-from pete@he.iki.fi) Message-ID: <01c601c32763$86e44be0$812a40c1@PETEX31> From: "Petri Helenius" To: =?iso-8859-1?Q?Sten_Daniel_S=F8rsdal?= , "Erwane Breton" , References: <0AF1BBDF1218F14E9B4CCE414744E70F07DEB9@exchange.wanglobal.net> Date: Sat, 31 May 2003 13:58:09 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: Collision on NIC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 May 2003 10:58:36 -0000 >Changing both sides to full-duplex removes to collisions. >However: Changing only one side _always_ results in packet-loss! It´s only when both sides transmit at once. Which is not always. It happens almost always though. Pete From owner-freebsd-net@FreeBSD.ORG Sat May 31 09:59:49 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5226237B401 for ; Sat, 31 May 2003 09:59:49 -0700 (PDT) Received: from smtp-relay.omnis.com (smtp-relay.omnis.com [216.239.128.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 92DA643F75 for ; Sat, 31 May 2003 09:59:46 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.homeunix.net (66-91-236-204.san.rr.com [66.91.236.204]) by smtp-relay.omnis.com (Postfix) with ESMTP id 06CD51B6FD; Sat, 31 May 2003 09:59:44 -0700 (PDT) From: Wes Peters Organization: Softweyr To: Erwane Breton , freebsd-net@freebsd.org Date: Sat, 31 May 2003 09:59:42 -0700 User-Agent: KMail/1.5.2 References: <20030529155143.2c39326e.breton@erwane.net> <200305301714.53997.wes@softweyr.com> <20030531114330.02efd2d6.breton@erwane.net> In-Reply-To: <20030531114330.02efd2d6.breton@erwane.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200305310959.42167.wes@softweyr.com> Subject: Re: Collision on NIC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 May 2003 16:59:49 -0000 On Saturday 31 May 2003 02:43 am, Erwane Breton wrote: > > Repeat after me: "Collisions are normal on ethernet. 0.03% is > > nothing to be upset about." > > "Collisions are normal on ethrnet. 0.03% is nothing to be upset > about." Very good. ;^) Another freebsd-net success story. -- Where am I, and what am I doing in this handbasket? Wes Peters wes@softweyr.com