From owner-freebsd-net@FreeBSD.ORG Sun Jul 27 21:11:02 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D4A3537B401 for ; Sun, 27 Jul 2003 21:11:02 -0700 (PDT) Received: from meketrex.pix.net (meketrex.pix.net [192.111.45.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id CA0B543F3F for ; Sun, 27 Jul 2003 21:11:01 -0700 (PDT) (envelope-from stripes@meketrex.pix.net) Received: (from stripes@localhost) by meketrex.pix.net (8.11.6/8.11.6) id h6S4B0113413; Mon, 28 Jul 2003 00:11:00 -0400 (EDT) Date: Mon, 28 Jul 2003 00:11:00 -0400 From: Josh Osborne To: freebsd-net@freebsd.org Message-ID: <20030728001100.A12957@meketrex.pix.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Subject: user ppp's "nat proxy" under FreeBSD 5.1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 04:11:03 -0000 I'm using the user land ppp under 5.1 and I have this in the ppp.conf: nat enable yes nat log yes nat unregistered_only yes nat proxy type no_encode port 80 server 10.0.0.1:3128 proto tcp src 10.0.0.29 before I execute the proxy line the web browser on 10.0.0.29 works fine, after it is dead in the water. (10.0.0.1 is the same machine that is running the user land ppp, and doing the NATing) The web proxy (squid) on 10.0.0.1 doesn't see any requests. To remove configuration of squid from the picture I just ran "ttcp -r -p 3128" on 10.0.0.1. I attempted to use the web browser on 10.0.0.29 agian, and got nothing (no connections to ttcp, and nothing in the web browser). When I just attempted to connect to 10.0.0.1:3128 from a random port on 10.0.0.29 I saw the connection just fine. I built a copy of libalias and ppp with debugging on and set some breakpoints. The libalias code is definitly attempting to do *something* with the port 80 connections, but I can't really tell what. Is that proxy line roughly correct? Is it expected to work on 5.1? Am I smoking too much crack? Not enough? Is there a better way to do this anyway? From owner-freebsd-net@FreeBSD.ORG Sun Jul 27 22:18:19 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A0D537B401 for ; Sun, 27 Jul 2003 22:18:19 -0700 (PDT) Received: from mx1.evo6.net (mx1.evo6.net [80.76.194.10]) by mx1.FreeBSD.org (Postfix) with SMTP id CA2CC43FDF for ; Sun, 27 Jul 2003 22:18:17 -0700 (PDT) (envelope-from andy@evo6.org) Received: (qmail 21162 invoked from network); 28 Jul 2003 05:18:15 -0000 Received: from vx.wi.dhcp.evo6.net (HELO vx) (10.0.2.2) by mx1.evo6.net with SMTP; 28 Jul 2003 05:18:15 -0000 Message-ID: <002701c354c7$96366c40$0202000a@vx> From: "Andy Gilligan" To: Date: Mon, 28 Jul 2003 06:17:48 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Spam-Status: No, hits=0.0 required=5.0 tests=none version=2.55-evo6.net X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.55-evo6.net (1.174.2.19-2003-05-19-exp) Subject: Next-hop based on source address (IPv6) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 05:18:19 -0000 Hi, I have three IPv6 /48 networks connected to a FreeBSD 4.8 router, and I allocate /64 tunnels from each network to client machines. Is there any way I can specify the next-hop or outbound interface to use on the router based on the source address of the client? I initially thought of 'ipfw fwd', but ip6fw doesn't seem to have this ability. Any thoughts? Best regards, -Andy From owner-freebsd-net@FreeBSD.ORG Mon Jul 28 02:04:01 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BEB0137B401 for ; Mon, 28 Jul 2003 02:04:01 -0700 (PDT) Received: from smtp.uc3m.es (smtp01.uc3m.es [163.117.136.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id C782B43F85 for ; Mon, 28 Jul 2003 02:03:59 -0700 (PDT) (envelope-from jrh@it.uc3m.es) Received: from smtp01.uc3m.es (localhost [127.0.0.1]) by smtp.uc3m.es (Postfix) with ESMTP id 7888A4317B; Mon, 28 Jul 2003 11:03:58 +0200 (CEST) Received: from arpa.it.uc3m.es (arpa.it.uc3m.es [163.117.139.120]) by smtp01.uc3m.es (Postfix) with ESMTP id 2754899E5D; Mon, 28 Jul 2003 11:03:58 +0200 (CEST) Received: from itserv2.lab.it.uc3m.es (root@itserv2.it.uc3m.es [163.117.139.100]) by arpa.it.uc3m.es (8.9.3/8.9.3) with ESMTP id LAA14251; Mon, 28 Jul 2003 11:03:57 +0200 X-Authentication-Warning: arpa.it.uc3m.es: Host root@itserv2.it.uc3m.es [163.117.139.100] claimed to be itserv2.lab.it.uc3m.es Received: from mira.it.uc3m.es (mira.it.uc3m.es [163.117.140.166]) by itserv2.lab.it.uc3m.es (8.9.3/8.9.3) with ESMTP id LAA23424; Mon, 28 Jul 2003 11:03:55 +0200 From: Juan Rodriguez Hervella Organization: UC3M To: "Andy Gilligan" , Date: Mon, 28 Jul 2003 11:03:53 +0200 User-Agent: KMail/1.5.1 References: <002701c354c7$96366c40$0202000a@vx> In-Reply-To: <002701c354c7$96366c40$0202000a@vx> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200307281103.55077.jrh@it.uc3m.es> Subject: Re: Next-hop based on source address (IPv6) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 09:04:02 -0000 On Monday 28 July 2003 07:17, Andy Gilligan wrote: > Hi, > > I have three IPv6 /48 networks connected to a FreeBSD 4.8 router, and I > allocate /64 tunnels from each network to client machines. > > Is there any way I can specify the next-hop or outbound interface to use > on the router based on the source address of the client? > > I initially thought of 'ipfw fwd', but ip6fw doesn't seem to have this > ability. > > Any thoughts? > Hello Andy: I wanted to do something similar and when I realized that ip6fw didn't have such option, I asked for it on the Kame mailing list, but they answered me that they didn't see it as a feature demanded by the community so they didn't have any plan to implement it on the short term. (Anyway I think it shouldn't be hard to add such feature, but I'm a bit lazy :) You can ask for it on Kame mailing-list again (because I ask for it a long time ago and it may have been already implemented, I don't know). Also I think that there are implementations of something called "source base routing", but I don't have experience with that. Cheers. > Best regards, > -Andy > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- JFRH From owner-freebsd-net@FreeBSD.ORG Mon Jul 28 03:05:53 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5DEDB37B404; Mon, 28 Jul 2003 03:05:53 -0700 (PDT) Received: from cell.sick.ru (cell.sick.ru [195.91.162.238]) by mx1.FreeBSD.org (Postfix) with ESMTP id ED17D43FAF; Mon, 28 Jul 2003 03:05:49 -0700 (PDT) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.6/8.12.8) with ESMTP id h6SA5lNx065437 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 28 Jul 2003 14:05:48 +0400 (MSD) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.6/8.12.6/Submit) id h6SA5kMb065436; Mon, 28 Jul 2003 14:05:46 +0400 (MSD) Date: Mon, 28 Jul 2003 14:05:46 +0400 From: Gleb Smirnoff To: Ruslan Ermilov Message-ID: <20030728100546.GA65369@cell.sick.ru> References: <4.3.2.7.2.20030722194139.03a7a860@localhost> <4.3.2.7.2.20030723100957.02c45840@localhost> <20030723203757.GB41895@sunbay.com> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20030723203757.GB41895@sunbay.com> User-Agent: Mutt/1.5.1i cc: net@freebsd.org Subject: Re: NAT and PPTP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 10:05:54 -0000 On Wed, Jul 23, 2003 at 11:37:57PM +0300, Ruslan Ermilov wrote: R> I pretty much agree. Attached are my configuration files R> for mpd/pptp; please let me know (Julian) how this could R> be enhanced to serve more PPTP clients simultaneously R> (with different IP addresses). I'd appreciate it. You can use RADIUS for assigning IP addresses to clients. However, if you want to serve more clients, you still have to add more bundles in your configuration file. I used a shell script for generating mpd.conf and mpd.links for 200 clients. I tried to hack mpd, to make it allocate bundles dynamically, but did not succeded. You can search mail archives, Subj is "mpd in dynamic". -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Mon Jul 28 03:27:10 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D62CB37B401 for ; Mon, 28 Jul 2003 03:27:10 -0700 (PDT) Received: from cell.sick.ru (cell.sick.ru [195.91.162.238]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD18E43F75 for ; Mon, 28 Jul 2003 03:27:09 -0700 (PDT) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.6/8.12.8) with ESMTP id h6SAR7Nx065496 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 28 Jul 2003 14:27:08 +0400 (MSD) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.6/8.12.6/Submit) id h6SAR7MK065495; Mon, 28 Jul 2003 14:27:07 +0400 (MSD) Date: Mon, 28 Jul 2003 14:27:07 +0400 From: Gleb Smirnoff To: Brett Glass Message-ID: <20030728102707.GB65369@cell.sick.ru> References: <20030723213028.GB48101@sunbay.com> <4.3.2.7.2.20030723192331.02c9bbd0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <4.3.2.7.2.20030723192331.02c9bbd0@localhost> User-Agent: Mutt/1.5.1i cc: net@freebsd.org Subject: Re: NAT and PPTP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 10:27:11 -0000 On Wed, Jul 23, 2003 at 07:27:38PM -0600, Brett Glass wrote: B> I haven't gotten any hopes up, but it would be nice. It seems as B> if the only alternatives are to un-GNU PoPToP (which requires B> a clean room team; possible but not easy) or to create a FreeBSD B> pptpd that is analogous to pppoed. This would use your work, Archie, IMHO, this is not good idea. Currently I'm running two different types of access points: 1) PPPoE concentrators: pppoed + ppp 2) PPTP server: mpd with huge mpd.conf and mpd.links As I remember, Brett said that mpd allocates a number of nodes for each connection in kernel memory. That's right. But in case of pppoed+ppp or imaginary pptpd+ppp you will have a user-level process and ng_socket for each connection. Not shure that it will take less memory. But it will do a lot of context switching. On my own experience it looks like PPTP (no comperssion, no encryption) access point with mpd is more robust than PPPoE one with pppoed+ppp. Currently I'm planning to look into Alexandr Motin's patches giving PPPoE server support for mpd. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Mon Jul 28 04:48:10 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E14D37B401 for ; Mon, 28 Jul 2003 04:48:10 -0700 (PDT) Received: from mx1.evo6.net (mx1.evo6.net [80.76.194.10]) by mx1.FreeBSD.org (Postfix) with SMTP id A72B743F93 for ; Mon, 28 Jul 2003 04:48:08 -0700 (PDT) (envelope-from andy@mx1.evo6.net) Received: (qmail 18185 invoked by uid 1001); 28 Jul 2003 11:48:07 -0000 Date: Mon, 28 Jul 2003 12:48:06 +0100 From: Andy Gilligan To: Juan Rodriguez Hervella Message-ID: <20030728114806.GA41123@vega.evo6.net> References: <002701c354c7$96366c40$0202000a@vx> <200307281103.55077.jrh@it.uc3m.es> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <200307281103.55077.jrh@it.uc3m.es> User-Agent: Mutt/1.4.1i X-Spam-Status: No, hits=-5.0 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES, REPLY_WITH_QUOTES,USER_AGENT_MUTT version=2.55-evo6.net X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.55-evo6.net (1.174.2.19-2003-05-19-exp) cc: net@freebsd.org Subject: Re: Next-hop based on source address (IPv6) [solved] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 11:48:10 -0000 On Mon, Jul 28, 2003 at 10:03:53AM BST, Juan Rodriguez Hervella wrote: > On Monday 28 July 2003 07:17, Andy Gilligan wrote: > > Hi, > > > > I have three IPv6 /48 networks connected to a FreeBSD 4.8 router, and I > > allocate /64 tunnels from each network to client machines. > > > > Is there any way I can specify the next-hop or outbound interface to use > > on the router based on the source address of the client? > > > > I initially thought of 'ipfw fwd', but ip6fw doesn't seem to have this > > ability. > > > > Any thoughts? > > > > Hello Andy: > > I wanted to do something similar and when I realized that ip6fw didn't have > such option, I asked for it on the Kame mailing list, but they answered me > that they didn't see it as a feature demanded by the community so they > didn't have any plan to implement it on the short term. > (Anyway I think it shouldn't be hard to add such feature, > but I'm a bit lazy :) > > You can ask for it on Kame mailing-list again (because I ask for it a long > time ago and it may have been already implemented, I don't know). Also I > think that there are implementations of something called "source base > routing", but I don't have experience with that. Well, I got it working eventually, after a bit of tinkering with ipf... I must admit, I completely forgot about ipf's 'fastroute' abilities, especially with regard to IPv6 :) --- Summary --- Three tunnels: (fictional ip addrs) gif0 : 2001:111:111::/48 : gw=2001:1000::1 gif1 : 2001:222:222::/48 : gw=2001:2000::1 gif2 : 2001:333:333::/48 : gw=2001:3000::1 The default route is via gif0 (fe80::%gif0) My ipf6.rules: pass in on gif0 to gif1:2001:2000::1 from 2001:222:222::/48 to any pass in on gif0 to gif2:2001:3000::1 from 2001:333:333::/48 to any So far, I haven't noticed any WeirdStuff(tm) happening, so things look promising - all packets leave via the right interface :) Comments welcome if this looks like it may cause problems :) Best regards, -Andy From owner-freebsd-net@FreeBSD.ORG Mon Jul 28 04:53:51 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2EEBA37B401 for ; Mon, 28 Jul 2003 04:53:51 -0700 (PDT) Received: from mx1.evo6.net (mx1.evo6.net [80.76.194.10]) by mx1.FreeBSD.org (Postfix) with SMTP id AB47143F75 for ; Mon, 28 Jul 2003 04:53:49 -0700 (PDT) (envelope-from andy@mx1.evo6.net) Received: (qmail 90142 invoked by uid 1001); 28 Jul 2003 11:53:48 -0000 Date: Mon, 28 Jul 2003 12:53:48 +0100 From: Andy Gilligan To: jrh@it.uc3m.es Message-ID: <20030728115348.GA5882@vega.evo6.net> References: <002701c354c7$96366c40$0202000a@vx> <200307281103.55077.jrh@it.uc3m.es> <20030728114806.GA41123@vega.evo6.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <20030728114806.GA41123@vega.evo6.net> User-Agent: Mutt/1.4.1i X-Spam-Status: No, hits=-5.0 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES, REPLY_WITH_QUOTES,USER_AGENT_MUTT version=2.55-evo6.net X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.55-evo6.net (1.174.2.19-2003-05-19-exp) cc: net@freebsd.org Subject: Re: Next-hop based on source address (IPv6) [solved] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 11:53:51 -0000 On Mon, Jul 28, 2003 at 12:48:06PM BST, Andy Gilligan wrote: > pass in on gif0 to gif1:2001:2000::1 from 2001:222:222::/48 to any > pass in on gif0 to gif2:2001:3000::1 from 2001:333:333::/48 to any ^^^^^^^ That should of course read 'pass out' :) -Andy From owner-freebsd-net@FreeBSD.ORG Mon Jul 28 11:01:43 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA4CA37B404 for ; Mon, 28 Jul 2003 11:01:43 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4825B43F3F for ; Mon, 28 Jul 2003 11:01:43 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h6SI1hUp082206 for ; Mon, 28 Jul 2003 11:01:43 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h6SI1glS082200 for freebsd-net@freebsd.org; Mon, 28 Jul 2003 11:01:42 -0700 (PDT) Date: Mon, 28 Jul 2003 11:01:42 -0700 (PDT) Message-Id: <200307281801.h6SI1glS082200@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 18:01:44 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2002/05/04] kern/37761 net process exits but socket is still ESTABLI 1 problem total. From owner-freebsd-net@FreeBSD.ORG Mon Jul 28 14:02:08 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF6AF37B401 for ; Mon, 28 Jul 2003 14:02:08 -0700 (PDT) Received: from smtp.omnis.com (smtp.omnis.com [216.239.128.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4E86D43F93 for ; Mon, 28 Jul 2003 14:02:08 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from salty.rapid.stbernard.com (corp-2.ipinc.com [199.245.188.2]) by smtp-relay.omnis.com (Postfix) with ESMTP id 877445B652; Mon, 28 Jul 2003 14:02:07 -0700 (PDT) From: Wes Peters Organization: Softweyr.com To: Van Vinh Vo , freebsd-net@freebsd.org Date: Mon, 28 Jul 2003 14:02:07 -0700 User-Agent: KMail/1.5.2 References: <20030722181437.83175.qmail@web21008.mail.yahoo.com> In-Reply-To: <20030722181437.83175.qmail@web21008.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200307281402.07425.wes@softweyr.com> Subject: Re: net/1 - net/2 - net/3 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 21:02:09 -0000 On Tuesday 22 July 2003 11:14, Van Vinh Vo wrote: > what is net/1 ? net/2 ? net/3, > what is the current net now ? 1) These questions are NOT suitable for the -net mailing list, which is for discussing development of networking stacks in FreeBSD. If you must ask this sort of drivel, please do so on -chat, which was made for drivel. 2) net/2 and net/3 were code distributions from UC Berkeley. Your favorite UNIX history site will provide you with any details you want. Some of them might even be accurate. -- "Where am I, and what am I doing in this handbasket?" Wes Peters wes@softweyr.com From owner-freebsd-net@FreeBSD.ORG Mon Jul 28 14:44:16 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D8ABF37B401 for ; Mon, 28 Jul 2003 14:44:16 -0700 (PDT) Received: from mwinf0501.wanadoo.fr (smtp4.wanadoo.fr [193.252.22.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id B3B9E43F93 for ; Mon, 28 Jul 2003 14:44:15 -0700 (PDT) (envelope-from vjardin@wanadoo.fr) Received: from venus.vincentjardin.net (AVelizy-102-1-6-84.w193-253.abo.wanadoo.fr [193.253.220.84]) by mwinf0501.wanadoo.fr (SMTP Server) with ESMTP id 4C8E9400200 for ; Mon, 28 Jul 2003 23:44:14 +0200 (CEST) Content-Type: text/plain; charset="us-ascii" From: Vincent Jardin To: net@freebsd.org Date: Mon, 28 Jul 2003 23:45:28 +0200 User-Agent: KMail/1.4.3 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200307282345.28228.vjardin@wanadoo.fr> Subject: RTF_CLONING vs RTF_PRCLONING X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 21:44:17 -0000 I do not understand the purpose of the flag PRCLONING. What is it for ? man rtalloc: RTF_PRCLONING routes are assumed to be managed by the protocol family and no resolution requests are made, but all routes generated by the cloning process retain a reference to the route from which they were generated. I agree, then... Isn't it already the purpose of RTF_CLONING ? When should RTF_PRCLONIG be set ? Thanks, Vincent From owner-freebsd-net@FreeBSD.ORG Mon Jul 28 14:51:33 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B17037B401 for ; Mon, 28 Jul 2003 14:51:33 -0700 (PDT) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id CAD8E43F75 for ; Mon, 28 Jul 2003 14:51:32 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: from khavrinen.lcs.mit.edu (localhost.nic.fr [IPv6:::1] (may be forged)) by khavrinen.lcs.mit.edu (8.12.9/8.12.9) with ESMTP id h6SLpT96025347 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK CN=khavrinen.lcs.mit.edu issuer=SSL+20Client+20CA); Mon, 28 Jul 2003 17:51:29 -0400 (EDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.12.9/8.12.9/Submit) id h6SLpSoZ025344; Mon, 28 Jul 2003 17:51:28 -0400 (EDT) (envelope-from wollman) Date: Mon, 28 Jul 2003 17:51:28 -0400 (EDT) From: Garrett Wollman Message-Id: <200307282151.h6SLpSoZ025344@khavrinen.lcs.mit.edu> To: Vincent Jardin In-Reply-To: <200307282345.28228.vjardin@wanadoo.fr> References: <200307282345.28228.vjardin@wanadoo.fr> X-Spam-Score: -19.8 () IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang) cc: net@freebsd.org Subject: RTF_CLONING vs RTF_PRCLONING X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 21:51:33 -0000 < said: > I agree, then... Isn't it already the purpose of RTF_CLONING ? > When should RTF_PRCLONIG be set ? RTF_PRCLONING is set automatically by the protocol to cause host routes to be generated on every unique lookup. RTF_CLONING is set when the route is added (either manually, or automatically for interface routes) to indicate that a more specific route (possibly a host route) needs to be generated on every unique lookup. RTF_XRESOLVE is set when the target of the newly cloned route is not known by the kernel and must be set up by a user process. I'm not sure if anything ever used this, although I guess it could be used to implement ISIS. -GAWollman From owner-freebsd-net@FreeBSD.ORG Mon Jul 28 14:53:30 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9B72437B41E for ; Mon, 28 Jul 2003 14:53:30 -0700 (PDT) Received: from hysteria.spc.org (hysteria.spc.org [195.206.69.234]) by mx1.FreeBSD.org (Postfix) with SMTP id 8F51443FCB for ; Mon, 28 Jul 2003 14:53:29 -0700 (PDT) (envelope-from bms@hysteria.spc.org) Received: (qmail 13257 invoked by uid 5013); 28 Jul 2003 21:51:03 -0000 Date: Mon, 28 Jul 2003 22:51:03 +0100 From: Bruce M Simpson To: Vincent Jardin Message-ID: <20030728215103.GD29339@spc.org> References: <200307282345.28228.vjardin@wanadoo.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200307282345.28228.vjardin@wanadoo.fr> User-Agent: Mutt/1.4.1i Organization: SPC cc: net@freebsd.org Subject: Re: RTF_CLONING vs RTF_PRCLONING X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 21:53:31 -0000 On Mon, Jul 28, 2003 at 11:45:28PM +0200, Vincent Jardin wrote: > I do not understand the purpose of the flag PRCLONING. What is it for ? Compare the output of netstat -rn with netstat -rna, to see the difference between a cloned and a protocol-cloned route. BMS From owner-freebsd-net@FreeBSD.ORG Mon Jul 28 14:54:07 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 170B137B401 for ; Mon, 28 Jul 2003 14:54:07 -0700 (PDT) Received: from hysteria.spc.org (hysteria.spc.org [195.206.69.234]) by mx1.FreeBSD.org (Postfix) with SMTP id AA06243FD7 for ; Mon, 28 Jul 2003 14:54:05 -0700 (PDT) (envelope-from bms@hysteria.spc.org) Received: (qmail 13276 invoked by uid 5013); 28 Jul 2003 21:51:40 -0000 Date: Mon, 28 Jul 2003 22:51:40 +0100 From: Bruce M Simpson To: Garrett Wollman Message-ID: <20030728215140.GE29339@spc.org> References: <200307282345.28228.vjardin@wanadoo.fr> <200307282151.h6SLpSoZ025344@khavrinen.lcs.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200307282151.h6SLpSoZ025344@khavrinen.lcs.mit.edu> User-Agent: Mutt/1.4.1i Organization: SPC cc: net@freebsd.org Subject: Re: RTF_CLONING vs RTF_PRCLONING X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 21:54:07 -0000 On Mon, Jul 28, 2003 at 05:51:28PM -0400, Garrett Wollman wrote: > RTF_XRESOLVE is set when the target of the newly cloned route is not > known by the kernel and must be set up by a user process. I'm not > sure if anything ever used this, although I guess it could be used to > implement ISIS. I have a hack in the works to support on-demand routing in a userland daemon which will actually make use of this. BMS From owner-freebsd-net@FreeBSD.ORG Mon Jul 28 15:14:31 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A3BE37B401; Mon, 28 Jul 2003 15:14:31 -0700 (PDT) Received: from relay1.softcomca.com (relay1.softcomca.com [168.144.1.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id 91BE943FA3; Mon, 28 Jul 2003 15:14:30 -0700 (PDT) (envelope-from hinkle@interwork.sdsu.edu) Received: from M2W070.mail2web.com ([168.144.251.179]) by relay1.softcomca.com with Microsoft SMTPSVC(5.0.2195.6713); Mon, 28 Jul 2003 18:14:29 -0400 Message-ID: <265000-220037128221429708@M2W070.mail2web.com> X-Priority: 3 X-Originating-IP: 68.15.25.98 X-URL: http://mail2web.com/ From: "hinkle@interwork.sdsu.edu" To: freebsd-questions@freebsd.org Date: Mon, 28 Jul 2003 18:14:29 -0400 MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-OriginalArrivalTime: 28 Jul 2003 22:14:29.0696 (UTC) FILETIME=[9D594400:01C35555] cc: freebsd-net@freebsd.org Subject: Setting up a NAT Router that will route between 3 networks X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hinkle@interwork.sdsu.edu List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 22:14:31 -0000 I was wondering how to modify the appropriate files to setup a FreeBSD computer to act as a NAT Router, that would do the following: One NIC card is connected to a private network, with an IP address of 192=2E168=2E0=2E50=2E This will act as the gateway to all the computers = in the technology center, to connect to the internet (Nic Card 2, Provided by Cox= ) and to the SDSU connection (Nic Card 3)=2E We need the NAT Router to act as follows: 1) When computers of the private network access the general internet, we need the NAT to translate to the Cox=2ENet IP, except for all addresses beginning with 130=2E191=2EX=2EX or 146=2E244=2EX=2EX, or all traffic on p= ort 1214 (KaZaa), which we need to go the SDSU Connection=2E 2) When the IP Address the data is going to begins with 146=2E244=2EX=2EX = or 130=2E191=2EX=2EX, or any IP address using port 1214, we need the data to = route through the SDSU IP Address=2E NIC Card Info: Nic Card 1 (Private Network): IP: 192=2E168=2E0=2E1 Subnet: 255=2E255=2E255=2E0 Gateway: 192=2E168=2E0=2E1 DNS: 192=2E168=2E0=2E2 Nic Card 2 (Cox Network): IP: 68=2E15=2E25=2E98 Subnet: 255=2E255=2E252=2E0 Gateway: 68=2E15=2E25=2E65 DNS: 209=2E242=2E128=2E107 DNS2: 209=2E242=2E128=2E101 NIC Card 3 (SDSU TNS Network): IP: 130=2E191=2E73=2E13 Subnet: 255=2E255=2E255=2E0 Gateway: 130=2E191=2E73=2E254 DNS: 130=2E191=2E1=2E1 DNS2: 130=2E191=2E200=2E1 If someone could give us step-by-step instructions to configure this, it would be appreciated=2E Stephen -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web=2Ecom/ =2E From owner-freebsd-net@FreeBSD.ORG Mon Jul 28 15:36:28 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3F69737B401 for ; Mon, 28 Jul 2003 15:36:28 -0700 (PDT) Received: from pcslink.com (pcslink.com [208.145.64.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id ACAC743F75 for ; Mon, 28 Jul 2003 15:36:27 -0700 (PDT) (envelope-from ryan@pcslink.com) Received: (from ryan@localhost) by pcslink.com (8.9.3/8.9.2) id PAA37089; Mon, 28 Jul 2003 15:36:10 -0700 (MST) (envelope-from ryan) Date: Mon, 28 Jul 2003 12:36:10 -1000 From: Ryan Mooney To: Petri Helenius Message-ID: <20030728223609.GA72542@pcslink.com> References: <20030722191024.GA16760@pcslink.com> <023c01c3509d$8df929b0$812a40c1@PETEX31> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <023c01c3509d$8df929b0$812a40c1@PETEX31> User-Agent: Mutt/1.3.25i cc: freebsd-net@freebsd.org Subject: Re: 10Ge drivers? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 22:36:28 -0000 Yeah, you'd hope so huh. When I asked them I got a "we can neither confirm nor deny that we may someday release drivers" reply. I took that to mean that yeah, someday we may see them - but don't hold your breath. Oh well, I guess I'll stress it more once I actually get one in to mess with. > > Is anyone working on a driver for the Intel 10Ge card (I think they're > > the only one actually shipping...)? I was looking to give one a try on > > something other than linux :) > > > Since intel provided the 1Ge driver, I would suspect them to come up with > the 10Ge one. The 10Ge part does not seem to have too much new stuff > compared to the more advanced em parts. > > Pete > -- >-=-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-=-< Ryan Mooney ryan@pcslink.com <-=-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-=-> From owner-freebsd-net@FreeBSD.ORG Mon Jul 28 15:46:03 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C20C37B401 for ; Mon, 28 Jul 2003 15:46:03 -0700 (PDT) Received: from vsmtp12.tin.it (vsmtp12.tin.it [212.216.176.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id C373043F3F for ; Mon, 28 Jul 2003 15:46:02 -0700 (PDT) (envelope-from flag@tin.it) Received: from newluxor.skynet.org (80.182.24.132) by vsmtp12.tin.it (7.0.019) id 3F1BB814001DFECB for freebsd-net@FreeBSD.ORG; Tue, 29 Jul 2003 00:45:59 +0200 Received: by newluxor.skynet.org (Postfix, from userid 1002) id 576618C; Tue, 29 Jul 2003 00:47:38 +0200 (CEST) Date: Tue, 29 Jul 2003 00:47:38 +0200 From: Paolo Pisati To: FreeBSD_Net Message-ID: <20030728224737.GA47439@newluxor.skynet.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Useless-Header: Look ma, it's a # sign! X-Operating-System: FreeBSD newluxor.skynet.org 4.8-STABLE FreeBSD 4.8-STABLE Subject: Differences between netgraph nodes in 4.x and 5.x X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 22:46:03 -0000 As the subject says, i developed a netgraph node (it's classifier node) using a 5.x box but tonight, i had a bad surprise: it seems the netgraph implemntation in 4.x and 5.x are different, so now. Could someone shed some light on the differences, please? Thanks. -- Paolo GUFI: http://www.gufi.org From owner-freebsd-net@FreeBSD.ORG Mon Jul 28 19:13:17 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7092037B401 for ; Mon, 28 Jul 2003 19:13:17 -0700 (PDT) Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id B0BC943FA3 for ; Mon, 28 Jul 2003 19:13:16 -0700 (PDT) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([12.233.125.100]) by attbi.com (rwcrmhc12) with ESMTP id <2003072902131001400amnjse>; Tue, 29 Jul 2003 02:13:10 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id TAA08327; Mon, 28 Jul 2003 19:13:06 -0700 (PDT) Date: Mon, 28 Jul 2003 19:13:04 -0700 (PDT) From: Julian Elischer To: Paolo Pisati In-Reply-To: <20030728224737.GA47439@newluxor.skynet.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: FreeBSD_Net Subject: Re: Differences between netgraph nodes in 4.x and 5.x X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 02:13:17 -0000 Netgraph in 5.0 had to be alterred to support SMP locking. at teh same time some 'simplificatiosn were made, however changing a driver from one, to work witht he orther is relatively simple.. Major changes: Instead of passing separate message and o-o-band data, both are attached to a single 'item' which is passed. You need to keep track of, and free if neccesary, the 'item'. You can extract the message and oob data from the 'item' simply, using the macro's supplied.. In 4.x the functions take teh message and oob data separatly as arguments. Ther eis no "item" so you don't need tr keep track of it. In 5.x you can send a control message to whoever is on the other end of a link. In 4.x you need to get the address and send it there. If you want to send me the node you have writen I can make the diffs and send it back :-) The init functions have very subtly changed Instead of your init routine calling teh common code, it is called by teh framework first so that it is already called bty teh time your code is called. Examine the two "ng_sample.c" source files and examine the differences.. On Tue, 29 Jul 2003, Paolo Pisati wrote: > > As the subject says, > i developed a netgraph node (it's classifier node) > using a 5.x box but tonight, i had a bad > surprise: > > it seems the netgraph implemntation in 4.x and 5.x > are different, so now. > > Could someone shed some light on the differences, please? > > Thanks. > > -- > > Paolo > > GUFI: http://www.gufi.org > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Mon Jul 28 20:15:00 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4BB4E37B401; Mon, 28 Jul 2003 20:15:00 -0700 (PDT) Received: from boreas.primus.ca (mail.tor.primus.ca [216.254.136.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 79FAB43F3F; Mon, 28 Jul 2003 20:14:59 -0700 (PDT) (envelope-from leth@lethargic.dyndns.org) Received: from dialin-153-34.tor.primus.ca ([216.254.153.34] helo=lethargic.dyndns.org) by boreas.primus.ca with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 3.36 #3) id 19hKwr-00065M-0A; Mon, 28 Jul 2003 23:14:50 -0400 Received: from lethargic.dyndns.org (localhost [127.0.0.1]) by lethargic.dyndns.org (8.12.9/8.12.9) with ESMTP id h6T3FXTm056011; Mon, 28 Jul 2003 23:15:34 -0400 (EDT) (envelope-from leth@lethargic.dyndns.org) Received: (from leth@localhost) by lethargic.dyndns.org (8.12.9/8.12.9/Submit) id h6T3FW8T056010; Mon, 28 Jul 2003 23:15:32 -0400 (EDT) Date: Mon, 28 Jul 2003 23:15:31 -0400 From: Jason Hunt To: "hinkle@interwork.sdsu.edu" Message-ID: <20030729031531.GA55879@lethargic.dyndns.org> References: <265000-220037128221429708@M2W070.mail2web.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <265000-220037128221429708@M2W070.mail2web.com> User-Agent: Mutt/1.4.1i cc: freebsd-net@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: Setting up a NAT Router that will route between 3 networks X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 03:15:00 -0000 On Mon, Jul 28, 2003 at 06:14:29PM -0400, hinkle@interwork.sdsu.edu wrote: > I was wondering how to modify the appropriate files to setup a FreeBSD > computer to act as a NAT Router, that would do the following: > Check the natd(8) man page, it should give you a good start. Chapter 19.12 in the handbook might be helpful as well. From owner-freebsd-net@FreeBSD.ORG Mon Jul 28 23:38:49 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0467737B401 for ; Mon, 28 Jul 2003 23:38:49 -0700 (PDT) Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4935643F75 for ; Mon, 28 Jul 2003 23:38:45 -0700 (PDT) (envelope-from ru@sunbay.com) Received: from whale.sunbay.crimea.ua (ru@localhost [127.0.0.1]) h6T6ca0U087217 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 29 Jul 2003 09:38:36 +0300 (EEST) (envelope-from ru@sunbay.com) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.12.9/8.12.8/Submit) id h6T6cUl0087211; Tue, 29 Jul 2003 09:38:30 +0300 (EEST) (envelope-from ru) Date: Tue, 29 Jul 2003 09:38:30 +0300 From: Ruslan Ermilov To: Garrett Wollman Message-ID: <20030729063830.GD76774@sunbay.com> References: <200307282345.28228.vjardin@wanadoo.fr> <200307282151.h6SLpSoZ025344@khavrinen.lcs.mit.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="C+ts3FVlLX8+P6JN" Content-Disposition: inline In-Reply-To: <200307282151.h6SLpSoZ025344@khavrinen.lcs.mit.edu> User-Agent: Mutt/1.5.4i cc: net@freebsd.org Subject: Re: RTF_CLONING vs RTF_PRCLONING X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 06:38:49 -0000 --C+ts3FVlLX8+P6JN Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 28, 2003 at 05:51:28PM -0400, Garrett Wollman wrote: > <= said: >=20 > > I agree, then... Isn't it already the purpose of RTF_CLONING ? > > When should RTF_PRCLONIG be set ? >=20 > RTF_PRCLONING is set automatically by the protocol to cause host > routes to be generated on every unique lookup. >=20 > RTF_CLONING is set when the route is added (either manually, or > automatically for interface routes) to indicate that a more specific > route (possibly a host route) needs to be generated on every unique > lookup. >=20 Yes, RTF_CLONING routes also accept the netmask (RTA_GENMASK). I don't remember if it also applies to RTF_PRCLONING routes, but I suspect so. Cheers, --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software Ltd, ru@FreeBSD.org FreeBSD committer --C+ts3FVlLX8+P6JN Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE/JhZmUkv4P6juNwoRAnASAJ93qIScEiDecVKLUI+Doy3moIQt3ACdG3zO vL07ur/D1bL4pKv4PxUPDEU= =ASe8 -----END PGP SIGNATURE----- --C+ts3FVlLX8+P6JN-- From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 02:12:53 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 32BB037B404; Tue, 29 Jul 2003 02:12:53 -0700 (PDT) Received: from proton.hexanet.fr (proton.hexanet.fr [81.23.32.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6DA6D43F93; Tue, 29 Jul 2003 02:12:51 -0700 (PDT) (envelope-from c.prevotaux@hexanet.fr) Received: from proton.hexanet.fr (localhost [127.0.0.1]) by proton.hexanet.fr (8.12.9/8.12.9) with SMTP id h6T9Cfwa043001; Tue, 29 Jul 2003 11:12:42 +0200 (CEST) (envelope-from c.prevotaux@hexanet.fr) Date: Tue, 29 Jul 2003 11:12:41 +0200 From: Christophe Prevotaux To: Brett Glass Message-Id: <20030729111241.70a5f030.c.prevotaux@hexanet.fr> In-Reply-To: <4.3.2.7.2.20030724225832.02bd6bc0@localhost> References: <4.3.2.7.2.20030723233055.02ceaa30@localhost> <4.3.2.7.2.20030724225832.02bd6bc0@localhost> Organization: HEXANET Sarl X-Mailer: Sylpheed version 0.8.11 (GTK+ 1.2.10; i386-portbld-freebsd4.8) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable cc: ru@FreeBSD.ORG cc: julian@elischer.org cc: archie@dellroad.org cc: net@FreeBSD.ORG Subject: Re: NAT and PPTP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 09:12:53 -0000 Hello, Any hopes for anything like a pptpd (like the pppoed)=20 any time soon ? , discussion stopped in the thread so maybe you guys discussed this further privately and decided something ?=20 pptpd is a much needed feature nowdays. On Thu, 24 Jul 2003 23:00:45 -0600 Brett Glass wrote: > At 08:50 PM 7/24/2003, Archie Cobbs wrote: > =20 > >I don't have time to do any real work.. however, the PPTP control > >layer can be used pretty much as is.. i.e., the files pptp_ctrl.[ch]. > >It has a fairly clean API that any PPP daemon could use, and all they > >require is some kind of event support. >=20 > We wouldn't be doing it quite that way; we'd be using it just to > steer the call through PPP (which wouldn't know that it was PPTP; > it would just think the call was PPP with MPPE on the CCP layer). > So, the PPP implementation wouldn't need to know about PPTP call > control. >=20 > --Brett -- =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Christophe Prevotaux Email: c.prevotaux@hexanet.fr HEXANET SARL URL: http://www.hexanet.fr/ Z.A.C Les Charmilles Tel: +33 (0)3 26 79 30 05=20 3 All=E9e Thierry Sabine Direct: +33 (0)3 26 61 77 72=20 BP202 Fax: +33 (0)3 26 79 30 06 51686 Reims Cedex 2 =20 FRANCE HEXANET Network Operation Center =20 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 02:36:55 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C74737B401 for ; Tue, 29 Jul 2003 02:36:55 -0700 (PDT) Received: from cell.sick.ru (cell.sick.ru [195.91.162.238]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0E0FB43F75 for ; Tue, 29 Jul 2003 02:36:54 -0700 (PDT) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.6/8.12.8) with ESMTP id h6T9aqNx069995 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Tue, 29 Jul 2003 13:36:52 +0400 (MSD) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.6/8.12.6/Submit) id h6T9apV5069994 for freebsd-net@freebsd.org; Tue, 29 Jul 2003 13:36:51 +0400 (MSD) Date: Tue, 29 Jul 2003 13:36:51 +0400 From: Gleb Smirnoff To: freebsd-net@freebsd.org Message-ID: <20030729093651.GA69782@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.5.1i Subject: never freeing data received in netgraph control message X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 09:36:55 -0000 In netgraph(4) it is said that: In both directions, (request and response) it is up to the receiver of that message to free() the control mes- sage buffer. All control messages and replies are allocated with malloc() type M_NETGRAPH. Does this mean that I can receive message, point to its data with a pointer in private node info, and use this data? -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 02:39:02 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A0A237B401 for ; Tue, 29 Jul 2003 02:39:02 -0700 (PDT) Received: from smtp3.libero.it (smtp3.libero.it [193.70.192.127]) by mx1.FreeBSD.org (Postfix) with ESMTP id B8AF243F3F for ; Tue, 29 Jul 2003 02:39:00 -0700 (PDT) (envelope-from ml.ventu@flashnet.it) Received: from soth.ventu (151.38.127.191) by smtp3.libero.it (7.0.012) id 3EE735C600E92A5D for freebsd-net@freebsd.org; Tue, 29 Jul 2003 11:38:59 +0200 Received: from mailer (xanatar.ventu [10.1.2.6]) by soth.ventu (8.12.6p2/8.12.6) with SMTP id h6T9cwPp001482 for ; Tue, 29 Jul 2003 11:38:58 +0200 (CEST) (envelope-from ml.ventu@flashnet.it) Message-Id: <200307290938.h6T9cwPp001482@soth.ventu> To: freebsd-net@freebsd.org Priority: Normal X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Tue, 29 Jul 2003 11:38:57 EST From: Andrea Venturoli X-Scanned-By: MIMEDefang 2.35 Subject: Crash with bpfs X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrea Venturoli List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 09:39:02 -0000 Hello. I've got a production server which keeps crashing if I use bpfs to much. I usually only use bpf0 for dhcp server, but if I start e.g. snort and ntop, the machine will soon reboot. The same happens if I run tcpdump. uname -a gives: FreeBSD xxxxx.yyyyyyyy.zz 4.7-RELEASE-p9 FreeBSD 4.7-RELEASE-p9 #2: Sat Mar 22 19:25:28 CET 2003 root@xxxxx.yyyyyyyy.zz:/usr/obj/usr/src/sys/XXXXX i386 The hardware is an Athlon with 128MB RAM, 4 SCSI HD building two mirrored vinum volumes and two Intel NIC (one of which is currently unused, but was when it all began and probably will be again soon). The problem has started to show after an upgrade to 4.6 or 4.7 I believe (but I cannot recall exactly). I might as well try an upgrade to 4.8, but I'd rather have more insight. Following is the output of bt from gdb. Anyone can suggest where do I look next? #0 dumpsys () at ../../kern/kern_shutdown.c:487 #1 0xc015b2ef in boot (howto=260) at ../../kern/kern_shutdown.c:316 #2 0xc015b714 in poweroff_wait (junk=0xc02594cc, howto=-1071280145) at ../../kern/kern_shutdown.c:595 #3 0xc021c30a in trap_fatal (frame=0xc8344abc, eva=3230566052) at ../../i386/i386/trap.c:974 #4 0xc021bfdd in trap_pfault (frame=0xc8344abc, usermode=0, eva=3230566052) at ../../i386/i386/trap.c:867 #5 0xc021bbc7 in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16, tf_edi = 6704128, tf_esi = 1, tf_ebp = -936097008, tf_isp = -936097048, tf_ebx = -1065849344, tf_edx = -1066233856, tf_ecx = -1607974912, tf_eax = 1832612, tf_trapno = 12, tf_err = 2, tf_eip = -1072206401, tf_cs = 8, tf_eflags = 66066, tf_esp = -1066083072, tf_ss = -1066180606}) at ../../i386/i386/trap.c:466 #6 0xc0176dbf in m_getcl (how=1, type=1, flags=2) at ../../kern/uipc_mbuf.c:589 #7 0xc012f2e7 in fxp_add_rfabuf (sc=0xc0a54e00, oldm=0xc074dd00) at ../../dev/fxp/if_fxp.c:1867 #8 0xc012df28 in fxp_intr_body (sc=0xc0a54e00, statack=64 '@', count=-1) at ../../dev/fxp/if_fxp.c:1327 #9 0xc012de3d in fxp_intr (xsc=0xc0a54e00) at ../../dev/fxp/if_fxp.c:1228 #10 0xc0211ec2 in vec10 () #11 0xc0182eb3 in biowait (bp=0xc3394184) at ../../kern/vfs_bio.c:2638 #12 0xc018081d in bread (vp=0xc7fc00c0, blkno=360576, size=8192, cred=0x0, bpp=0xc8344c6c) at ../../kern/vfs_bio.c:525 #13 0xc01cc5c2 in ffs_update (vp=0xc8256700, waitfor=0) at ../../ufs/ffs/ffs_inode.c:99 #14 0xc01d5fed in ffs_fsync (ap=0xc8344cd0) at ../../ufs/ffs/ffs_vnops.c:273 #15 0xc01d48cb in ffs_sync (mp=0xc0b99400, waitfor=2, cred=0xc0731900, p=0xc02b94e0) at vnode_if.h:558 #16 0xc018b0df in sync (p=0xc02b94e0, uap=0x0) at ../../kern/vfs_syscalls.c:576 #17 0xc015b08a in boot (howto=256) at ../../kern/kern_shutdown.c:235 #18 0xc015b714 in poweroff_wait (junk=0xc02594cc, howto=-1071280145) at ../../kern/kern_shutdown.c:595 #19 0xc021c30a in trap_fatal (frame=0xc8344df0, eva=3230566052) at ../../i386/i386/trap.c:974 #20 0xc021bfdd in trap_pfault (frame=0xc8344df0, usermode=0, eva=3230566052) at ../../i386/i386/trap.c:867 #21 0xc021bbc7 in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16, tf_edi = 0, tf_esi = -1065680640, tf_ebp = -936096172, tf_isp = -936096228, tf_ebx = -1065680640, tf_edx = -1066233856, tf_ecx = -1607974912, tf_eax = 1832612, tf_trapno = 12, tf_err = 2, tf_eip = -1072194409, tf_cs = 8, tf_eflags = 66066, tf_esp = -1058056832, tf_ss = -947913056}) at ../../i386/i386/trap.c:466 #22 0xc0179c97 in sosend (so=0xc7c168c0, addr=0x0, uio=0xc8344ed4, top=0x0, control=0x0, flags=0, p=0xc77ffea0) at ../../kern/uipc_socket.c:567 #23 0xc016d624 in soo_write (fp=0xc0ef5580, uio=0xc8344ed4, cred=0xc0c2e800, flags=0, p=0xc77ffea0) at ../../kern/sys_socket.c:81 #24 0xc016a2b5 in dofilewrite (p=0xc77ffea0, fp=0xc0ef5580, fd=3, buf=0x8092000, nbyte=8240, offset=-1, flags=0) at ../../sys/file.h:162 #25 0xc016a16e in write (p=0xc77ffea0, uap=0xc8344f80) at ../../kern/sys_generic.c:329 #26 0xc021c5b9 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 671784156, tf_esi = 8240, tf_ebp = -1077937636, tf_isp = -936095788, tf_ebx = 671771728, tf_edx = 671784156, tf_ecx = 3, tf_eax = 4, tf_trapno = 0, tf_err = 2, tf_eip = 673124360, tf_cs = 31, tf_eflags = 646, tf_esp = -1077937680, tf_ss = 47}) at ../../i386/i386/trap.c:1175 #27 0xc02109b5 in Xint0x80_syscall () #28 0x8050a5c in ?? () #29 0x804e065 in ?? () #30 0x804d413 in ?? () #31 0x804c0bd in ?? () bye & Thanks av. From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 03:29:03 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 31D7A37B401 for ; Tue, 29 Jul 2003 03:29:03 -0700 (PDT) Received: from vsmtp3.tin.it (vsmtp3.tin.it [212.216.176.223]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4756043FA3 for ; Tue, 29 Jul 2003 03:29:02 -0700 (PDT) (envelope-from flag@tin.it) Received: from newluxor.skynet.org (80.182.24.132) by vsmtp3.tin.it (7.0.019) id 3F16C22A003C29DF for freebsd-net@FreeBSD.ORG; Tue, 29 Jul 2003 12:29:00 +0200 Received: by newluxor.skynet.org (Postfix, from userid 1002) id 5AB7F1EC; Tue, 29 Jul 2003 12:30:42 +0200 (CEST) Date: Tue, 29 Jul 2003 12:30:42 +0200 From: Paolo Pisati To: FreeBSD_Net Message-ID: <20030729103042.GA230@newluxor.skynet.org> References: <20030728224737.GA47439@newluxor.skynet.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-Useless-Header: Look ma, it's a # sign! X-Operating-System: FreeBSD newluxor.skynet.org 4.8-STABLE FreeBSD 4.8-STABLE Subject: Re: Differences between netgraph nodes in 4.x and 5.x X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 10:29:03 -0000 On Mon, Jul 28, 2003 at 07:13:04PM -0700, Julian Elischer wrote: > > If you want to send me the node you have writen I can > make the diffs and send it back :-) thanks Julian, but i prefer to do it myself, cause i want to understand how the hell netgraph works... =) btw, i think i did the converion and it was quite straightforward, but i've still a little problem that i didn't have in 5.x: if i try to unload my module, change the internals, compile and use it again, it fails! =P I think it's a problem in the shutdown/disconnect part of my work, cause this is what i get: ngctl mkpeer rl0: tee lower right ngctl: send msg: File exists actually tee is my own node, i didn't yet change the name to classifier but it's my node. And while you are listening, i can show u something else... =) I have NETGRAPH in my kernel, and this is what i get when i try to load ng_ether the first time: [root@newluxor root]# kldload ng_ether module_register: module netgraph already exists! linker_file_sysinit "netgraph.ko" failed to register! 17 kldload: can't load ng_ether: Exec format error ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ it fails to load the node... [root@newluxor root]# kldload ng_ether while the second time it works... =O [root@newluxor root]# kldunload ng_ether kldunload: can't unload file: Device busy and if i try to unload it, it always says that it's busy: i think this is due to the inability to delete an interface, isn't it? nothing really nasty, but maybe you didn't know... =) thank you & bye. -- Paolo GUFI: http://www.gufi.org From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 04:53:07 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A00F837B401 for ; Tue, 29 Jul 2003 04:53:07 -0700 (PDT) Received: from mx.nsu.ru (mx.nsu.ru [212.192.164.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6EA6C43FBD for ; Tue, 29 Jul 2003 04:53:06 -0700 (PDT) (envelope-from fjoe@iclub.nsu.ru) Received: from mail by mx.nsu.ru with drweb-scanned (Exim 3.35 #1 (Debian)) id 19hT4r-0005GA-00; Tue, 29 Jul 2003 18:55:37 +0700 Received: from iclub.nsu.ru ([193.124.215.97] ident=root) by mx.nsu.ru with esmtp (Exim 3.35 #1 (Debian)) id 19hT4q-0005F0-00; Tue, 29 Jul 2003 18:55:36 +0700 Received: from iclub.nsu.ru (fjoe@localhost [127.0.0.1]) by iclub.nsu.ru (8.12.9/8.12.9) with ESMTP id h6TBr15B085612; Tue, 29 Jul 2003 18:53:01 +0700 (NSS) (envelope-from fjoe@iclub.nsu.ru) Received: (from fjoe@localhost) by iclub.nsu.ru (8.12.9/8.12.9/Submit) id h6TBr1fc085609; Tue, 29 Jul 2003 18:53:01 +0700 (NSS) Date: Tue, 29 Jul 2003 18:53:00 +0700 From: Max Khon To: Paolo Pisati Message-ID: <20030729115300.GA85370@iclub.nsu.ru> References: <20030728224737.GA47439@newluxor.skynet.org> <20030729103042.GA230@newluxor.skynet.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030729103042.GA230@newluxor.skynet.org> User-Agent: Mutt/1.4.1i X-Envelope-To: flag@libero.it, freebsd-net@freebsd.org cc: FreeBSD_Net Subject: Re: Differences between netgraph nodes in 4.x and 5.x' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 11:53:08 -0000 hi, there! On Tue, Jul 29, 2003 at 12:30:42PM +0200, Paolo Pisati wrote: > And while you are listening, i can show u something else... =) > > I have NETGRAPH in my kernel, and this is what i get when i > try to load ng_ether the first time: > > [root@newluxor root]# kldload ng_ether > module_register: module netgraph already exists! > linker_file_sysinit "netgraph.ko" failed to register! 17 > kldload: can't load ng_ether: Exec format error > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > it fails to load the node... yes, kernel loader in RELENG_4 fails when some of the dependancies are linked into the kernel. > [root@newluxor root]# kldload ng_ether > > while the second time it works... =O > > [root@newluxor root]# kldunload ng_ether > kldunload: can't unload file: Device busy > > and if i try to unload it, it always says that it's busy: > i think this is due to the inability to delete > an interface, isn't it? /fjoe From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 06:46:25 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C584937B401; Tue, 29 Jul 2003 06:46:25 -0700 (PDT) Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8612443F93; Tue, 29 Jul 2003 06:46:24 -0700 (PDT) (envelope-from culverk@yumyumyum.org) Received: by mailhub.yumyumyum.org (Postfix, from userid 1001) id DEDDD3B4; Tue, 29 Jul 2003 09:45:05 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by mailhub.yumyumyum.org (Postfix) with ESMTP id DA0D72A1; Tue, 29 Jul 2003 09:45:05 -0400 (EDT) Date: Tue, 29 Jul 2003 09:45:05 -0400 (EDT) From: Kenneth Culver To: Jason Hunt In-Reply-To: <20030729031531.GA55879@lethargic.dyndns.org> Message-ID: <20030729094353.J53157@alpha.yumyumyum.org> References: <265000-220037128221429708@M2W070.mail2web.com> <20030729031531.GA55879@lethargic.dyndns.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: "hinkle@interwork.sdsu.edu" cc: freebsd-net@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: Setting up a NAT Router that will route between 3 networks X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 13:46:26 -0000 On Mon, 28 Jul 2003, Jason Hunt wrote: > On Mon, Jul 28, 2003 at 06:14:29PM -0400, hinkle@interwork.sdsu.edu wrote: > > I was wondering how to modify the appropriate files to setup a FreeBSD > > computer to act as a NAT Router, that would do the following: > > > > Check the natd(8) man page, it should give you a good start. Chapter > 19.12 in the handbook might be helpful as well. > You should also check man ipf and man ipnat. ipf and ipnat run completely in the kernel, where natd runs in userland. On a slower machine this could affect speed (lots more context switches with natd than with ipnat). Ken > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 06:58:53 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2597337B401 for ; Tue, 29 Jul 2003 06:58:53 -0700 (PDT) Received: from paiol.terra.com.br (paiol.terra.com.br [200.176.3.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 28D9443F93 for ; Tue, 29 Jul 2003 06:58:52 -0700 (PDT) (envelope-from eick.jac@terra.com.br) Received: from marova.terra.com.br (marova.terra.com.br [200.176.3.39]) by paiol.terra.com.br (Postfix) with ESMTP id 4FFF484876E for ; Tue, 29 Jul 2003 10:58:51 -0300 (BRT) Received: from eicke (unknown [200.162.114.126]) (authenticated user eick.jac) by marova.terra.com.br (Postfix) with ESMTP id C75CB3DC355 for ; Tue, 29 Jul 2003 10:58:50 -0300 (BRT) Message-ID: <003601c355d9$65652ee0$0902a8c0@alellyxbr.com.br> From: "Eicke" To: "FreeBSD_Net" References: <20030728224737.GA47439@newluxor.skynet.org><20030729103042.GA230@newluxor.skynet.org> <20030729115300.GA85370@iclub.nsu.ru> Date: Tue, 29 Jul 2003 10:57:48 -0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 Subject: Off Topic - Broadcasts X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 13:58:53 -0000 Hi Folks, I verified my network traffic using tcpdump. I have 3 sub-net. In the past i used one switch per sub-net. The broadcast were genereted for PC's inside your sub-net. I need to created VLANS in one switch and attach the 3 sub-nets. Now the broadcasts are genereted of all PC's to all sub-nets, Is it normal? Thanks. Eicke. From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 07:00:41 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B373C37B401 for ; Tue, 29 Jul 2003 07:00:41 -0700 (PDT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id E1B0543F93 for ; Tue, 29 Jul 2003 07:00:40 -0700 (PDT) (envelope-from sloach@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19) id <305LG9B6>; Tue, 29 Jul 2003 10:00:40 -0400 Message-ID: From: Scot Loach To: 'Mike Silbersack' Date: Tue, 29 Jul 2003 10:00:39 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" cc: "'freebsd-net@freebsd.org'" Subject: RE: Kernel tuning for large maxsockets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 14:00:42 -0000 Here is my patch for this. I've added the new settings to uipc_socket2.c instead of subr_param.c because they need to be initialized with maxsockets to keep the current behavior by default. This patch adds four new tunable vars: kern.ipc.maxripcb - maximum number of raw pcbs kern.ipc.maxdivcb - maximum number of divert pcbs kern.ipc.maxudpcb - maximum number of udp pcbs kern.ipc.maxtcpcb - maximum number of tcp pcbs Index: kern/uipc_socket2.c =================================================================== RCS file: /cvs/src/sys/kern/uipc_socket2.c,v retrieving revision 1.55.2.17 diff -U3 -r1.55.2.17 uipc_socket2.c --- kern/uipc_socket2.c 31 Aug 2002 19:04:55 -0000 1.55.2.17 +++ kern/uipc_socket2.c 23 Jul 2003 20:40:53 -0000 @@ -54,6 +54,10 @@ #include int maxsockets; +int maxripcb; /* max raw pcbs to preallocate */ +int maxdivcb; /* max divert pcbs to preallocate */ +int maxtcpcb; /* max tcp pcbs to preallocate */ +int maxudpcb; /* max udp pcbs to preallocate */ /* * Primitive routines for operating on sockets and socket buffers @@ -998,6 +1002,16 @@ SYSCTL_INT(_kern_ipc, KIPC_SOCKBUF_WASTE, sockbuf_waste_factor, CTLFLAG_RW, &sb_efficiency, 0, ""); +SYSCTL_INT(_kern_ipc, OID_AUTO, maxripcb, CTLFLAG_RD, + &maxripcb, 0, "Maximum number of raw sockets available"); +SYSCTL_INT(_kern_ipc, OID_AUTO, maxdivcb, CTLFLAG_RD, + &maxdivcb, 0, "Maximum number of divert sockets available"); +SYSCTL_INT(_kern_ipc, OID_AUTO, maxtcpcb, CTLFLAG_RD, + &maxtcpcb, 0, "Maximum number of TCP sockets available"); +SYSCTL_INT(_kern_ipc, OID_AUTO, maxudpcb, CTLFLAG_RD, + &maxudpcb, 0, "Maximum number of UDP sockets available"); + + /* * Initialise maxsockets */ @@ -1005,5 +1019,14 @@ { TUNABLE_INT_FETCH("kern.ipc.maxsockets", &maxsockets); maxsockets = imax(maxsockets, imax(maxfiles, nmbclusters)); + + maxripcb = maxsockets; + TUNABLE_INT_FETCH("kern.ipc.maxripcb", &maxripcb); + maxdivcb = maxsockets; + TUNABLE_INT_FETCH("kern.ipc.maxdivcb", &maxdivcb); + maxtcpcb = maxsockets; + TUNABLE_INT_FETCH("kern.ipc.maxtcpcb", &maxtcpcb); + maxudpcb = maxsockets; + TUNABLE_INT_FETCH("kern.ipc.maxudpcb", &maxudpcb); } SYSINIT(param, SI_SUB_TUNABLES, SI_ORDER_ANY, init_maxsockets, NULL); Index: netinet/ip_divert.c =================================================================== RCS file: /cvs/src/sys/netinet/ip_divert.c,v retrieving revision 1.42.2.5 diff -U3 -r1.42.2.5 ip_divert.c --- netinet/ip_divert.c 9 Jul 2002 09:11:42 -0000 1.42.2.5 +++ netinet/ip_divert.c 23 Jul 2003 20:10:30 -0000 @@ -125,7 +125,7 @@ divcbinfo.hashbase = hashinit(1, M_PCB, &divcbinfo.hashmask); divcbinfo.porthashbase = hashinit(1, M_PCB, &divcbinfo.porthashmask); divcbinfo.ipi_zone = zinit("divcb", sizeof(struct inpcb), - maxsockets, ZONE_INTERRUPT, 0); + maxdivcb, ZONE_INTERRUPT, 0); } /* Index: netinet/raw_ip.c =================================================================== RCS file: /cvs/src/sys/netinet/raw_ip.c,v retrieving revision 1.64.2.10 diff -U3 -r1.64.2.10 raw_ip.c --- netinet/raw_ip.c 26 Nov 2001 10:07:57 -0000 1.64.2.10 +++ netinet/raw_ip.c 23 Jul 2003 20:10:43 -0000 @@ -103,7 +103,7 @@ ripcbinfo.hashbase = hashinit(1, M_PCB, &ripcbinfo.hashmask); ripcbinfo.porthashbase = hashinit(1, M_PCB, &ripcbinfo.porthashmask); ripcbinfo.ipi_zone = zinit("ripcb", sizeof(struct inpcb), - maxsockets, ZONE_INTERRUPT, 0); + maxripcb, ZONE_INTERRUPT, 0); } static struct sockaddr_in ripsrc = { sizeof(ripsrc), AF_INET }; Index: netinet/tcp_subr.c =================================================================== RCS file: /cvs/src/sys/netinet/tcp_subr.c,v retrieving revision 1.73.2.28.1000.1 diff -U3 -r1.73.2.28.1000.1 tcp_subr.c --- netinet/tcp_subr.c 2 Jan 2003 18:07:54 -0000 1.73.2.28.1000.1 +++ netinet/tcp_subr.c 23 Jul 2003 22:55:12 -0000 @@ -231,7 +231,7 @@ tcbinfo.hashbase = hashinit(hashsize, M_PCB, &tcbinfo.hashmask); tcbinfo.porthashbase = hashinit(hashsize, M_PCB, &tcbinfo.porthashmask); - tcbinfo.ipi_zone = zinit("tcpcb", sizeof(struct inp_tp), maxsockets, + tcbinfo.ipi_zone = zinit("tcpcb", sizeof(struct inp_tp), maxtcpcb, ZONE_INTERRUPT, 0); #ifdef INET6 #define TCP_MINPROTOHDR (sizeof(struct ip6_hdr) + sizeof(struct tcphdr)) Index: netinet/udp_usrreq.c =================================================================== RCS file: /cvs/src/sys/netinet/udp_usrreq.c,v retrieving revision 1.64.2.16.1000.3 diff -U3 -r1.64.2.16.1000.3 udp_usrreq.c --- netinet/udp_usrreq.c 29 May 2003 16:35:50 -0000 1.64.2.16.1000.3 +++ netinet/udp_usrreq.c 23 Jul 2003 22:54:55 -0000 @@ -144,7 +144,7 @@ udbinfo.hashbase = hashinit(UDBHASHSIZE, M_PCB, &udbinfo.hashmask); udbinfo.porthashbase = hashinit(UDBHASHSIZE, M_PCB, &udbinfo.porthashmask); - udbinfo.ipi_zone = zinit("udpcb", sizeof(struct inpcb), maxsockets, + udbinfo.ipi_zone = zinit("udpcb", sizeof(struct inpcb), maxudpcb, ZONE_INTERRUPT, 0); } Index: sys/socketvar.h =================================================================== RCS file: /cvs/src/sys/sys/socketvar.h,v retrieving revision 1.46.2.9 diff -U3 -r1.46.2.9 socketvar.h --- sys/socketvar.h 14 Aug 2002 22:23:10 -0000 1.46.2.9 +++ sys/socketvar.h 28 Jul 2003 02:28:40 -0000 @@ -297,6 +297,10 @@ extern u_long sb_max; extern struct vm_zone *socket_zone; extern so_gen_t so_gencnt; +extern int maxripcb; +extern int maxdivcb; +extern int maxtcpcb; +extern int maxudpcb; struct file; struct filedesc; -----Original Message----- From: Mike Silbersack [mailto:silby@silby.com] Sent: Tuesday, July 15, 2003 6:39 PM To: Scot Loach Cc: 'freebsd-net@freebsd.org' Subject: Re: Kernel tuning for large maxsockets On Tue, 15 Jul 2003, Scot Loach wrote: > Is there any reason I should not modify the kernel code to only let a small, > fixed number of raw and divert pcbs be preallocated instead of having them > scale with maxsockets? Your idea is sound. > Next, does this seem like a generally useful thing that could be rolled back > into the source tree? I could make this a kernel option or a tunable sysctl > variable. > > thanks > > Scot Loach A tunable maximum for each of those settings sounds good, that should fit well in subr_param.c. Send me your patch when it's done, and I'll look into incorporating it. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 07:15:02 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 19D0F37B401 for ; Tue, 29 Jul 2003 07:15:02 -0700 (PDT) Received: from vsmtp12.tin.it (vsmtp12.tin.it [212.216.176.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id 33B9E43F85 for ; Tue, 29 Jul 2003 07:15:01 -0700 (PDT) (envelope-from flag@tin.it) Received: from newluxor.skynet.org (80.182.24.132) by vsmtp12.tin.it (7.0.019) id 3F1BB81400207398 for freebsd-net@FreeBSD.ORG; Tue, 29 Jul 2003 16:14:59 +0200 Received: by newluxor.skynet.org (Postfix, from userid 1002) id EFE6AC1; Tue, 29 Jul 2003 16:16:41 +0200 (CEST) Date: Tue, 29 Jul 2003 16:16:41 +0200 From: Paolo Pisati To: FreeBSD_Net Message-ID: <20030729141641.GA257@newluxor.skynet.org> References: <20030728224737.GA47439@newluxor.skynet.org> <20030729103042.GA230@newluxor.skynet.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030729103042.GA230@newluxor.skynet.org> User-Agent: Mutt/1.4.1i X-Useless-Header: Look ma, it's a # sign! X-Operating-System: FreeBSD newluxor.skynet.org 4.8-STABLE FreeBSD 4.8-STABLE Subject: Re: Differences between netgraph nodes in 4.x and 5.x X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 14:15:02 -0000 On Tue, Jul 29, 2003 at 12:30:42PM +0200, Paolo Pisati wrote: > > btw, i think i did the converion and it was quite straightforward, > but i've still a little problem that i didn't have in 5.x: > > if i try to unload my module, change the internals, compile > and use it again, it fails! =P > > I think it's a problem in the shutdown/disconnect > part of my work, cause this is what i get: > > ngctl mkpeer rl0: tee lower right > ngctl: send msg: File exists > > actually tee is my own node, i didn't yet change the name > to classifier but it's my node. well, i answer to myself: it seems it's not my mistake, cause you can trigger it with a plain original tee node too. =P does it mean that the problem lays inside the inability to delete rl0? the only solution that i found now, when i've to try some modifications to my node, is to reboot, while i'm sure it worked under 5.x... =P bye -- Paolo GUFI: http://www.gufi.org From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 09:10:46 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C4AF937B405 for ; Tue, 29 Jul 2003 09:10:46 -0700 (PDT) Received: from vsmtp2.tin.it (vsmtp2.tin.it [212.216.176.222]) by mx1.FreeBSD.org (Postfix) with ESMTP id 39C3043F75 for ; Tue, 29 Jul 2003 09:10:45 -0700 (PDT) (envelope-from flag@tin.it) Received: from newluxor.skynet.org (80.182.24.132) by vsmtp2.tin.it (7.0.019) id 3F17B3730042F3A4 for freebsd-net@FreeBSD.ORG; Tue, 29 Jul 2003 18:10:43 +0200 Received: by newluxor.skynet.org (Postfix, from userid 1002) id AC9B98C; Tue, 29 Jul 2003 18:12:25 +0200 (CEST) Date: Tue, 29 Jul 2003 18:12:25 +0200 From: Paolo Pisati To: FreeBSD_Net Message-ID: <20030729161225.GA231@newluxor.skynet.org> References: <20030728224737.GA47439@newluxor.skynet.org> <20030729103042.GA230@newluxor.skynet.org> <20030729141641.GA257@newluxor.skynet.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030729141641.GA257@newluxor.skynet.org> User-Agent: Mutt/1.4.1i X-Useless-Header: Look ma, it's a # sign! X-Operating-System: FreeBSD newluxor.skynet.org 4.8-STABLE FreeBSD 4.8-STABLE Subject: Re: Differences between netgraph nodes in 4.x and 5.x X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 16:10:47 -0000 On Tue, Jul 29, 2003 at 04:16:41PM +0200, Paolo Pisati wrote: > > well, i answer to myself: > > it seems it's not my mistake, cause you can trigger it with a > plain original tee node too. =P Ok, i promise this is the last msg: it was my mistake, whe i deleted the tee node, the ether node short circuited the lower & upper hook, and then it was impossibile to connect again something to the ether hook. solution: rmhook one of the ether hook, and connect again mynode... =P maybe it would be nice to change the error msg from: "File exists" to "hook already connected" or something like this. bye -- Paolo GUFI: http://www.gufi.org From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 09:46:59 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 81F4E37B401 for ; Tue, 29 Jul 2003 09:46:59 -0700 (PDT) Received: from smtp0.libero.it (smtp0.libero.it [193.70.192.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD53243F85 for ; Tue, 29 Jul 2003 09:46:58 -0700 (PDT) (envelope-from ml.ventu@flashnet.it) Received: from soth.ventu (151.38.127.191) by smtp0.libero.it (7.0.019) id 3F1D5F84001F88C6 for freebsd-net@freebsd.org; Tue, 29 Jul 2003 18:46:57 +0200 Received: from mailer (xanatar.ventu [10.1.2.6]) by soth.ventu (8.12.6p2/8.12.6) with SMTP id h6TGktPq002912 for ; Tue, 29 Jul 2003 18:46:56 +0200 (CEST) (envelope-from ml.ventu@flashnet.it) Message-Id: <200307291646.h6TGktPq002912@soth.ventu> To: freebsd-net@freebsd.org Priority: Normal X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Tue, 29 Jul 2003 18:46:54 EST From: Andrea Venturoli X-Scanned-By: MIMEDefang 2.35 Subject: Re: xl0 full duplex X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrea Venturoli List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 16:46:59 -0000 ** Reply to note from "Kevin Stevens" Mon, 21 Jul 2003 02:53:35 -0700 (PDT) >Do you know that full-duplex is supported and enabled on the switch for >10Mb operation? Some only support half-duplex for 10Mb, others have to be >forced. Quoting the manual: This Switch supports both Half- and Full-Duplex modes for 10BASE-T and 100BASE-TX. Bye & Thanks av. From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 09:47:04 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9425A37B40B for ; Tue, 29 Jul 2003 09:47:04 -0700 (PDT) Received: from smtp1.libero.it (smtp1.libero.it [193.70.192.51]) by mx1.FreeBSD.org (Postfix) with ESMTP id E745343FA3 for ; Tue, 29 Jul 2003 09:47:01 -0700 (PDT) (envelope-from ml.ventu@flashnet.it) Received: from soth.ventu (151.38.127.191) by smtp1.libero.it (7.0.012) id 3ECB938A015B35E0 for freebsd-net@freebsd.org; Tue, 29 Jul 2003 18:47:07 +0200 Received: from mailer (xanatar.ventu [10.1.2.6]) by soth.ventu (8.12.6p2/8.12.6) with SMTP id h6TGktPs002912 for ; Tue, 29 Jul 2003 18:46:59 +0200 (CEST) (envelope-from ml.ventu@flashnet.it) Message-Id: <200307291646.h6TGktPs002912@soth.ventu> To: freebsd-net@freebsd.org Priority: Normal X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Tue, 29 Jul 2003 18:46:56 EST From: Andrea Venturoli X-Scanned-By: MIMEDefang 2.35 Subject: Re: xl0 full duplex X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrea Venturoli List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 16:47:04 -0000 ** Reply to note from Olivier Nicole Mon, 21 Jul 2003 16:56:30 +0700 (ICT) >> since it is connected to a full-duplex switch. >Is the port set to full-duplex? Or to auto configuration? There is no such options: it's always using Auto-Negotiation. >If the last, the default is to fall in half duplex degradated mode. >Auto configuration will only work when both ends are set to auto. Ok, so I tried: ifconfig xl0 mediaopt autoselect but I get: ifconfig: SIOCSIFMEDIA: Device not configured Would this mean that either the card or the driver do not support auto configuration? (and thus I would be stuck to half-duplex?) bye & Thanks av. From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 09:53:01 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5517C37B401 for ; Tue, 29 Jul 2003 09:53:01 -0700 (PDT) Received: from mail.redlinenetworks.com (mail.redlinenetworks.com [216.136.145.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC35C43FA3 for ; Tue, 29 Jul 2003 09:53:00 -0700 (PDT) (envelope-from sreekanth@redlinenetworks.com) Received: from SREELAPTOP (dhcp-174.redlinenetworks.com [192.168.40.174]) h6TGr0W19768; Tue, 29 Jul 2003 09:53:00 -0700 (PDT) (envelope-from sreekanth@redlinenetworks.com) From: "Sreekanth" To: "'Andrea Venturoli'" , Date: Tue, 29 Jul 2003 09:53:05 -0700 Message-ID: <000d01c355f1$e198c270$ae28a8c0@SREELAPTOP> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 In-Reply-To: <200307291646.h6TGktPs002912@soth.ventu> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: RE: xl0 full duplex X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 16:53:01 -0000 Try ifconfig xl0 media auto Sreekanth > -----Original Message----- > From: owner-freebsd-net@freebsd.org > [mailto:owner-freebsd-net@freebsd.org] On Behalf Of Andrea Venturoli > Sent: Tuesday, July 29, 2003 4:47 PM > To: freebsd-net@freebsd.org > Subject: Re: xl0 full duplex > > > ** Reply to note from Olivier Nicole Mon, > 21 Jul 2003 16:56:30 +0700 (ICT) > > >> since it is connected to a full-duplex switch. > > >Is the port set to full-duplex? Or to auto configuration? > > There is no such options: it's always using Auto-Negotiation. > > >If the last, the default is to fall in half duplex degradated mode. > >Auto configuration will only work when both ends are set to auto. > > Ok, so I tried: > > ifconfig xl0 mediaopt autoselect > > but I get: > > ifconfig: SIOCSIFMEDIA: Device not configured > > > > Would this mean that either the card or the driver do not > support auto configuration? (and thus I would be stuck to > half-duplex?) > > bye & Thanks > av. > > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/free> bsd-net > To > unsubscribe, send any mail to > "freebsd-net-unsubscribe@freebsd.org" > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.502 / Virus Database: 300 - Release Date: 7/18/2003 > > From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 09:59:20 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A5A037B401 for ; Tue, 29 Jul 2003 09:59:20 -0700 (PDT) Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id A1F7A43F85 for ; Tue, 29 Jul 2003 09:59:17 -0700 (PDT) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([12.233.125.100]) by attbi.com (rwcrmhc13) with ESMTP id <2003072916591601500o8kr2e>; Tue, 29 Jul 2003 16:59:17 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id JAA14022; Tue, 29 Jul 2003 09:59:16 -0700 (PDT) Date: Tue, 29 Jul 2003 09:59:14 -0700 (PDT) From: Julian Elischer To: Paolo Pisati In-Reply-To: <20030729161225.GA231@newluxor.skynet.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: FreeBSD_Net Subject: Re: Differences between netgraph nodes in 4.x and 5.x X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 16:59:20 -0000 On Tue, 29 Jul 2003, Paolo Pisati wrote: > On Tue, Jul 29, 2003 at 04:16:41PM +0200, Paolo Pisati wrote: > > > > well, i answer to myself: > > > > it seems it's not my mistake, cause you can trigger it with a > > plain original tee node too. =P > > Ok, i promise this is the last msg: > > it was my mistake, whe i deleted the tee node, the ether > node short circuited the lower & upper hook, and then > it was impossibile to connect again something to the ether > hook. > > solution: rmhook one of the ether hook, and connect > again mynode... =P > > maybe it would be nice to change the error msg from: > "File exists" to "hook already connected" or something like this The fix in this case would be for the ether node to not allow this ti happen.. this requires a few small changes.. The error codes must exist in sys/errno.h I try select one that is closest in spirit :-) > > bye > > -- > > Paolo > > GUFI: http://www.gufi.org > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 10:16:21 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C7FE737B401; Tue, 29 Jul 2003 10:16:21 -0700 (PDT) Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id E868643F93; Tue, 29 Jul 2003 10:16:18 -0700 (PDT) (envelope-from archie@dellroad.org) Received: from arch20m.dellroad.org (arch20m.dellroad.org [10.2.2.20]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id KAA07308; Tue, 29 Jul 2003 10:04:50 -0700 (PDT) Received: from arch20m.dellroad.org (localhost [127.0.0.1]) by arch20m.dellroad.org (8.12.8/8.12.6) with ESMTP id h6TH4oGG006841; Tue, 29 Jul 2003 10:04:51 -0700 (PDT) (envelope-from archie@arch20m.dellroad.org) Received: (from archie@localhost) by arch20m.dellroad.org (8.12.8/8.12.8/Submit) id h6TH4nkS006840; Tue, 29 Jul 2003 10:04:49 -0700 (PDT) From: Archie Cobbs Message-Id: <200307291704.h6TH4nkS006840@arch20m.dellroad.org> In-Reply-To: <20030729111241.70a5f030.c.prevotaux@hexanet.fr> To: Christophe Prevotaux Date: Tue, 29 Jul 2003 10:04:49 -0700 (PDT) X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII cc: Brett Glass cc: ru@FreeBSD.ORG cc: julian@elischer.org cc: archie@dellroad.org cc: net@FreeBSD.ORG Subject: Re: NAT and PPTP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 17:16:22 -0000 Christophe Prevotaux wrote: > Any hopes for anything like a pptpd (like the pppoed) > any time soon ? , discussion stopped in the thread > so maybe you guys discussed this further privately > and decided something ? Not really.. from my point of view, unfortunately I don't have time to work on mpd right now (just keeping up with email is hard these days :-) so someone else will have to do any coding work that needs to be done, etc. Might make for a nice programming project if anyone is interested. -Archie __________________________________________________________________________ Archie Cobbs * Halloo Communications * http://www.halloo.com From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 10:28:23 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DED4F37B401 for ; Tue, 29 Jul 2003 10:28:23 -0700 (PDT) Received: from smtp.omnis.com (smtp.omnis.com [216.239.128.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3DCE443F93 for ; Tue, 29 Jul 2003 10:28:21 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from salty.rapid.stbernard.com (corp-2.ipinc.com [199.245.188.2]) by smtp-relay.omnis.com (Postfix) with ESMTP id 391571B310; Tue, 29 Jul 2003 10:28:20 -0700 (PDT) From: Wes Peters Organization: Softweyr.com To: Van Vinh Vo , freebsd-net@freebsd.org Date: Tue, 29 Jul 2003 10:28:20 -0700 User-Agent: KMail/1.5.2 References: <20030719042414.37719.qmail@web21004.mail.yahoo.com> In-Reply-To: <20030719042414.37719.qmail@web21004.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200307291028.20298.wes@softweyr.com> Subject: Re: what developpement of network between BSD 4.3 et BSD 4.4 life X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 17:28:24 -0000 On Friday 18 July 2003 21:24, Van Vinh Vo wrote: > i am working the research about the network of freeBSD > i want knowing the developpement of BSD4.4 life > comparing the 4.3 BSD. I've explained to you several times these historical questions are not appropriate for the freebsd-net mailing list. Please take these to freebsd-chat or I'll have to ban you from this list. -- "Where am I, and what am I doing in this handbasket?" Wes Peters wes@softweyr.com From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 10:51:33 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CFB5537B404 for ; Tue, 29 Jul 2003 10:51:33 -0700 (PDT) Received: from vsmtp3.tin.it (vsmtp3.tin.it [212.216.176.223]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F9A843F85 for ; Tue, 29 Jul 2003 10:51:32 -0700 (PDT) (envelope-from flag@tin.it) Received: from newluxor.skynet.org (80.182.24.132) by vsmtp3.tin.it (7.0.019) id 3F16C22A003EE6BD for freebsd-net@FreeBSD.ORG; Tue, 29 Jul 2003 19:51:30 +0200 Received: by newluxor.skynet.org (Postfix, from userid 1002) id 73FD68C; Tue, 29 Jul 2003 19:53:12 +0200 (CEST) Date: Tue, 29 Jul 2003 19:53:12 +0200 From: Paolo Pisati To: FreeBSD_Net Message-ID: <20030729175312.GA2266@newluxor.skynet.org> References: <20030729161225.GA231@newluxor.skynet.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-Useless-Header: Look ma, it's a # sign! X-Operating-System: FreeBSD newluxor.skynet.org 4.8-STABLE FreeBSD 4.8-STABLE Subject: Re: Differences between netgraph nodes in 4.x and 5.x X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 17:51:34 -0000 On Tue, Jul 29, 2003 at 09:59:14AM -0700, Julian Elischer wrote: > > The fix in this case would be for the ether node to not allow this ti > happen.. > this requires a few small changes.. > The error codes must exist in sys/errno.h > I try select one that is closest in spirit :-) maybe: #define EISCONN 56 /* Socket is already connected */ or #define ECONNREFUSED 61 /* Connection refused */ but anyway it's not vital anymore, now i that know i won't make the same mistake again... =) but it seems that there's another problem now, while loading the nodes, that freeze my box... -- Paolo GUFI: http://www.gufi.org From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 11:30:38 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 05CB237B401 for ; Tue, 29 Jul 2003 11:30:37 -0700 (PDT) Received: from smtp0.libero.it (smtp0.libero.it [193.70.192.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id 09BC443F3F for ; Tue, 29 Jul 2003 11:30:37 -0700 (PDT) (envelope-from ml.ventu@flashnet.it) Received: from soth.ventu (151.38.127.191) by smtp0.libero.it (7.0.019) id 3F1D5F8400200A19 for freebsd-net@freebsd.org; Tue, 29 Jul 2003 20:30:36 +0200 Received: from mailer (xanatar.ventu [10.1.2.6]) by soth.ventu (8.12.6p2/8.12.6) with SMTP id h6TIUYPq003282 for ; Tue, 29 Jul 2003 20:30:35 +0200 (CEST) (envelope-from ml.ventu@flashnet.it) Message-Id: <200307291830.h6TIUYPq003282@soth.ventu> To: Priority: Normal X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Tue, 29 Jul 2003 20:30:33 EST From: Andrea Venturoli X-Scanned-By: MIMEDefang 2.35 Subject: RE: xl0 full duplex X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrea Venturoli List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 18:30:38 -0000 ** Reply to note from "Sreekanth" Tue, 29 Jul 2003 09:53:05 -0700 > > Ok, so I tried: > > > > ifconfig xl0 mediaopt autoselect > > > > but I get: > > > > ifconfig: SIOCSIFMEDIA: Device not configured >Try >ifconfig xl0 media auto Ditto. I get the same message. bye & Thanks av. From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 11:33:44 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0AF7037B404; Tue, 29 Jul 2003 11:33:44 -0700 (PDT) Received: from anuket.mj.niksun.com (gwnew.niksun.com [65.115.46.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD9CE43FAF; Tue, 29 Jul 2003 11:33:42 -0700 (PDT) (envelope-from jkim@niksun.com) Received: from daemon.mj.niksun.com (daemon.mj.niksun.com [10.70.0.244]) h6TIXPlT077003; Tue, 29 Jul 2003 14:33:25 -0400 (EDT) (envelope-from jkim@niksun.com) X-RAV-AntiVirus: This e-mail has been scanned for viruses. From: Jung-uk Kim Organization: Niksun, Inc. To: "Dan Mahoney, System Admin" Date: Tue, 29 Jul 2003 14:33:23 -0400 User-Agent: KMail/1.5.1 References: <20030728173009.O27114-100000@prime.gushi.org> In-Reply-To: <20030728173009.O27114-100000@prime.gushi.org> MIME-Version: 1.0 Content-Type: text/plain; charset="euc-kr" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200307291433.23282.jkim@niksun.com> cc: freebsd-net@freebsd.org cc: freebsd-hardware@freebsd.org Subject: Re: SysKonnect 9821 Adapters X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 18:33:44 -0000 On Monday 28 July 2003 05:33 pm, Dan Mahoney, System Admin wrote: > Hi, we recently bought a "fully supported" SysKonnect 9821 adapter, > but it claims to be "V2.0". I can't find any docs anywhere on this > extra "feature" but the card does not detect under either a > standard kernel or one with the sk driver compiled in... V2.0 is NOT supported by FreeBSD yet. FYI, this one has Marvell's Yukon controller. http://www.marvell.com/products/pcconn/yukon/index.jsp The previous 'version' used SysKonnect Genesis and XaQti XMAC II combo. V2.0 is sort of compatible with the previous version in many ways but identification/initialization change is required. > This is a 64 bit card in a dell poweredge 600SC. > > By the way, according to LINT, support for the 9821 is provided by > the bge driver. According to "man sk" it's provided by the sk > driver. Could this be part of the problem? No, bge supports SK-9D21. Jung-uk Kim > (Both device lines are included in my kernel). > > Please reply directly as I am not subscribed. > > -Dan Mahoney > > -- > > --------Dan Mahoney-------- > Techie, Sysadmin, WebGeek > Gushi on efnet/undernet IRC > ICQ: 13735144 AIM: LarpGM > Site: http://www.gushi.org > --------------------------- From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 12:18:33 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 618) id A015737B401; Tue, 29 Jul 2003 12:18:33 -0700 (PDT) In-Reply-To: <200307291830.h6TIUYPq003282@soth.ventu> from Andrea Venturoli at "Jul 29, 2003 08:30:33 pm" To: ml.ventu@flashnet.it (Andrea Venturoli) Date: Tue, 29 Jul 2003 12:18:33 -0700 (PDT) X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20030729191833.A015737B401@hub.freebsd.org> From: wpaul@FreeBSD.ORG (Bill Paul) cc: freebsd-net@FreeBSD.ORG Subject: Re: xl0 full duplex X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2003 19:18:34 -0000 > ** Reply to note from "Sreekanth" Tue, 29 Jul 2003 09:53:05 -0700 > > > > > Ok, so I tried: > > > > > > ifconfig xl0 mediaopt autoselect > > > > > > but I get: > > > > > > ifconfig: SIOCSIFMEDIA: Device not configured > > >Try > >ifconfig xl0 media auto > > Ditto. I get the same message. > > bye & Thanks > av. *sigh* You can't set a mode that the NIC doesn't support. You have a 10Mbps-only NIC (3c900/3c900B). These NICs do _NOT_ support NWAY autoneg: 10baseT mode is implemented using a non-NWAY transceiver which doesn't do autonegotiation. If you do "ifconfig -m xl0" and 'auto' doesn't show up as one of the supported modes, autoselect won't work. If you want to do full duplex with this NIC, you will need to manually set both ends of the link to do it. You can do this with "ifconfig xl0 media 10baseT/UTP mediaopt full-duplex" on the NIC, but you'll need to manually configure the switch via its management interface to set the port with the xl0 link to full duplex as well. If your switch is not managed and doesn't allow you to manually configure the port settings, then you're out of luck. You'll just have to live with half duplex mode. -Bill -- ============================================================================= -Bill Paul (510) 749-2329 | Senior Engineer, Master of Unix-Fu wpaul@windriver.com | Wind River Systems ============================================================================= "If stupidity were a handicap, you'd have the best parking spot." ============================================================================= From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 17:18:05 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D756937B405; Tue, 29 Jul 2003 17:18:04 -0700 (PDT) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2CEF443F93; Tue, 29 Jul 2003 17:18:00 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id SAA17363; Tue, 29 Jul 2003 18:17:39 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030729175603.0395da70@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 29 Jul 2003 18:17:33 -0600 To: Christophe Prevotaux From: Brett Glass In-Reply-To: <20030729111241.70a5f030.c.prevotaux@hexanet.fr> References: <4.3.2.7.2.20030724225832.02bd6bc0@localhost> <4.3.2.7.2.20030723233055.02ceaa30@localhost> <4.3.2.7.2.20030724225832.02bd6bc0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit cc: ru@FreeBSD.ORG cc: julian@elischer.org cc: archie@dellroad.org cc: net@FreeBSD.ORG Subject: Re: NAT and PPTP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 00:18:05 -0000 Cristophe: Nothing was decided in private e-mail. I'd really like to go for this, but will likely need some help analyzing the existing code, abstracting the right parts from pppoed and mpd, and gluing everything together. That's why I was hoping to ask Archie and Brian for help. The code for both is tricky and not well documented. I do agree that a BSD-licensed pptpd that's made to work with FreeBSD's (and NetBSD's, and OpenBSD's) userland PPP is needed. PoPToP is a Linux- oriented, GPLed project and cannot be trusted to maintain compatibility with the BSDs. (The version in the FreeBSD Ports Collection has serious bugs, too, and is far behind the developers' latest version.) What's more, professional programmers, or ones who work on BSD-licensed projects, can't safely look at the code because it's GPLed and license contamination is a serious legal threat. PPTP is really very close to PPPoE, except that it runs over TCP (for call setup and control) and GRE (for the PPP session) rather than raw MAC-layer Ethernet. The call control mechnism has no real security, and I've always thought it wouldn't be too hard to hijack. PPP over SSH would probably be more secure, but Windows doesn't support that and most of us need to support Windows clients. In any event, the most difficult part of PPTP to implement seems to be that call control mechanism, which has far more features than necessary. This is what would be good to extract from mpd, since I'll bet Archie spent a LOT of time figuring out how to do it. By the way, one thing that surprised me, when I researched it, was that even though it's supposedly a secure "tunneling" protocol, there's no requirement that a PPTP session actually use encryption. (In fact, several models of Linksys routers have a PPTP implementation that does no encryption. This is likely to mislead consumers, who will assume that if they're using PPTP they have encryption.) On the other hand, PPPoE can be just as secure as PPTP, since either can use MPPE to wedge encryption in where PPP normally has compression. By the way, is there BSD-licensed code for the enhanced version of MPPE that does both encryption AND compression (I believe it's called MPPC)? I understand that Microsoft Windows has it built in, and that it's available for Linux as well. --Brett At 03:12 AM 7/29/2003, Christophe Prevotaux wrote: >Hello, > >Any hopes for anything like a pptpd (like the pppoed) >any time soon ? , discussion stopped in the thread >so maybe you guys discussed this further privately >and decided something ? > >pptpd is a much needed feature nowdays. > >On Thu, 24 Jul 2003 23:00:45 -0600 >Brett Glass wrote: > >> At 08:50 PM 7/24/2003, Archie Cobbs wrote: >> >> >I don't have time to do any real work.. however, the PPTP control >> >layer can be used pretty much as is.. i.e., the files pptp_ctrl.[ch]. >> >It has a fairly clean API that any PPP daemon could use, and all they >> >require is some kind of event support. >> >> We wouldn't be doing it quite that way; we'd be using it just to >> steer the call through PPP (which wouldn't know that it was PPTP; >> it would just think the call was PPP with MPPE on the CCP layer). >> So, the PPP implementation wouldn't need to know about PPTP call >> control. >> >> --Brett > >-- >=============================================================== >Christophe Prevotaux Email: c.prevotaux@hexanet.fr >HEXANET SARL URL: http://www.hexanet.fr/ >Z.A.C Les Charmilles Tel: +33 (0)3 26 79 30 05 >3 Allée Thierry Sabine Direct: +33 (0)3 26 61 77 72 >BP202 Fax: +33 (0)3 26 79 30 06 >51686 Reims Cedex 2 >FRANCE HEXANET Network Operation Center >=============================================================== From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 17:56:26 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3822837B401 for ; Tue, 29 Jul 2003 17:56:26 -0700 (PDT) Received: from endikos.com (endikos.com [216.234.204.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 95FF343F3F for ; Tue, 29 Jul 2003 17:56:25 -0700 (PDT) (envelope-from webmaster@endikos.com) Received: from ONESIMUS (softdnserr [::ffff:216.234.204.197]) by endikos.com with esmtp; Wed, 30 Jul 2003 00:20:52 -0600 From: "William Knechtel" To: freebsd-net@freebsd.org Date: Tue, 29 Jul 2003 18:56:25 -0600 Message-ID: <000701c35635$66bdb530$c5ccead8@ONESIMUS> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: Help with FreeBSD Bridged Firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 00:56:26 -0000 Hello! Help!! I'm running a PC with dual NICs and FreeBSD 4.8 for a bridged firewall. I've got a private IP 10.0.0.1 tied to the internal card on the box for remote management. The firewall blocks any 10.x traffic coming in on the external card, so to remotely admin it, I have to shell into a machine on the same isolated network segment that it's on, and then shell over from that machine. Today around noon, the machine suddenly stopped responding to pings. I went down to the server room and couldnt find anything wrong. No notes on the console screen, no anomalous entries in the security or message logs. So, in the interest of getting it back up quickly, I rebooted it. That worked. About an hour later, the same thing happened... my network monitor tells me that it's not responding to pings. So before I go down to the server room, I run a few tests... the firewall is still blocking packets like a champ. I run nmap against a host the firewall protects, and everything comes back fine. But when I go downstairs to the console, I can't ping out to it's 10.0.0.2 buddy, and no incoming pings work either. I'm at a loss on how to troubleshoot this, folks. I could really use a few ideas, so please send them along! Thanks in Advance! Bill From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 18:24:20 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7974837B401 for ; Tue, 29 Jul 2003 18:24:20 -0700 (PDT) Received: from endikos.com (endikos.com [216.234.204.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 58CC843FB1 for ; Tue, 29 Jul 2003 18:24:19 -0700 (PDT) (envelope-from webmaster@endikos.com) Received: from ONESIMUS (softdnserr [::ffff:216.234.204.197]) by endikos.com with esmtp; Wed, 30 Jul 2003 00:48:46 -0600 From: "William Knechtel" To: freebsd-net@freebsd.org Date: Tue, 29 Jul 2003 19:24:19 -0600 Message-ID: <000801c35639$4c761ec0$c5ccead8@ONESIMUS> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=_endikos.com-10147-1059547727-0001-2" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal In-Reply-To: <000701c35635$66bdb530$c5ccead8@ONESIMUS> Subject: RE: Help with FreeBSD Bridged Firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 01:24:20 -0000 This is a MIME-formatted message. If you see this text it means that your E-mail software does not support MIME-formatted messages. --=_endikos.com-10147-1059547727-0001-2 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Per a list members request, I've attached dumps of the following commands: arp -a netstat -m ipfw show ifconfig netstat -s netstat -i One caveat, I've hidden all IP addresses that could be used to divine my netblock... I guess I'm a little paranoid about people inspecting my firewall configuration :-) and are public (routable) IP addresses of the two machines I have behind the firewall. One additional note. Since I first composed this message early this afternoon, the responsiveness of the internal NIC on the firewall has bounced up and down a bit. Here's a bit of a log of it's activity: 11:57 DOWN 12:06 UP (reboot) 12:26 DOWN 2:18 UP 3:14 DOWN 5:43 UP The odd thing is that it's been in operating fine for a few months now (it's a fairly new installation), and the last change I made to the firewalls config was well over a week ago. I hope this helps figure out what's going on!! Thanks in advance for your help. Kindest Regards, Bill > -----Original Message----- > From: owner-freebsd-net@freebsd.org > [mailto:owner-freebsd-net@freebsd.org]On Behalf Of William Knechtel > Sent: Tuesday, July 29, 2003 6:56 PM > To: freebsd-net@freebsd.org > Subject: Help with FreeBSD Bridged Firewall > > > Hello! > > Help!! I'm running a PC with dual NICs and FreeBSD 4.8 for a bridged > firewall. I've got a private IP 10.0.0.1 tied to the internal card on the > box for remote management. The firewall blocks any 10.x traffic > coming in on > the external card, so to remotely admin it, I have to shell into a machine > on the same isolated network segment that it's on, and then shell > over from > that machine. > > Today around noon, the machine suddenly stopped responding to > pings. I went > down to the server room and couldnt find anything wrong. No notes on the > console screen, no anomalous entries in the security or message > logs. So, in > the interest of getting it back up quickly, I rebooted it. That worked. > About an hour later, the same thing happened... my network > monitor tells me > that it's not responding to pings. So before I go down to the > server room, I > run a few tests... the firewall is still blocking packets like a champ. I > run nmap against a host the firewall protects, and everything comes back > fine. But when I go downstairs to the console, I can't ping out to it's > 10.0.0.2 buddy, and no incoming pings work either. I'm at a loss > on how to > troubleshoot this, folks. I could really use a few ideas, so please send > them along! > > Thanks in Advance! > Bill > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > --=_endikos.com-10147-1059547727-0001-2 Content-Type: text/plain; name="dumps.txt"; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="dumps.txt" # arp -a ? (10.0.0.1) at 00:01:53:80:e2:40 on dc0 permanent [ethernet] ? (10.0.0.2) at 00:02:b3:a8:3d:2b on dc0 [ethernet] # netstat -m 129/160/4992 mbufs in use (current/peak/max): 129 mbufs allocated to data 128/136/1248 mbuf clusters in use (current/peak/max) 312 Kbytes allocated to network (8% of mb_map in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines # ipfw show 00100 24 1824 allow udp from 132.239.1.6 123 to 123 00200 23 1748 allow udp from 128.194.254.9 123 to 123 00300 24 1824 allow udp from 192.43.244.18 123 to 123 00400 24 1824 allow udp from 128.138.140.44 123 to = 123 00500 0 0 allow udp from 132.239.1.6 123 to 123 00600 0 0 allow udp from 128.194.254.9 123 to 123 00700 0 0 allow udp from 192.43.244.18 123 to 123 00800 0 0 allow udp from 128.138.140.44 123 to = 123 00900 0 0 deny ip from 127.0.0.0/8 to any via vr0 01000 1316 132222 deny ip from 10.0.0.0/8 to any via vr0 01100 512 65098 deny ip from 192.168.0.0/16 to any via vr0 01200 0 0 deny ip from 172.16.0.0/16 to any via vr0 01300 6363 1136947 allow ip from 10.0.0.0/28 to any via dc0 01400 5952 374220 allow ip from any to any via lo* 01500 214096 106791094 allow ip from X.X.211.64/26 to any 01600 176 21124 allow ip from X.X.122.180 to any 01700 703 33825 allow icmp from any to any 01800 898 130784 allow ip from X.X.204.192/28 to any 01900 0 0 allow ip from X.X.211.68 to any 02000 51768 7784246 allow ip from any to X.X.255.255 02100 0 0 allow tcp from any to 53 02200 0 0 allow udp from any to 53 02300 11915 2725386 allow tcp from any to 80 02400 0 0 allow udp from any to 80 02500 659 444559 allow tcp from any to 25 02600 0 0 allow udp from any to 25 02700 0 0 allow tcp from any to 110 02800 0 0 allow udp from any to 110 02900 0 0 allow tcp from any to 143 03000 0 0 allow udp from any to 143 03100 0 0 deny tcp from any to 3306 03200 0 0 deny udp from any to 3306 03300 0 0 deny tcp from any to 6101 03400 0 0 deny tcp from any to 8192 03500 0 0 allow tcp from X.X.211.64/26 to 53 03600 0 0 allow udp from X.X.211.64/26 to 88 03700 0 0 allow tcp from X.X.211.64/26 to 135 03800 0 0 allow udp from X.X.211.64/26 to 137 03900 0 0 allow udp from X.X.211.64/26 to 138 04000 0 0 allow tcp from X.X.211.64/26 to 139 04100 0 0 allow udp from X.X.211.64/26 to 389 04200 0 0 allow tcp from X.X.211.64/26 to 445 04300 0 0 allow tcp from X.X.211.64/26 to 464 04400 0 0 allow tcp from X.X.211.64/26 to 636 04500 0 0 allow tcp from X.X.211.64/26 to 3268 04600 0 0 allow tcp from X.X.211.64/26 to 3269 04700 168 13430 allow tcp from X.X.33.84 to 389 04800 0 0 allow udp from X.X.33.84 to 389 04900 8 643 allow tcp from X.X.33.75 to 389 05000 0 0 allow udp from X.X.33.75 to 389 05100 0 0 allow ip from X.X.15.22 to 05200 0 0 allow ip from X.X.15.41 to 05300 0 0 allow ip from X.X.15.25 to 05400 0 0 allow tcp from X.X.15.15 to 53 05500 0 0 allow tcp from X.X.15.16 to 53 05600 7565 303432 deny tcp from any to X.X.211.64/26 setup 05700 227 18147 allow tcp from any to X.X.211.64/26 1024-65535 05800 364 89403 allow udp from any to X.X.211.64/26 1024-65535 05900 24660 2746580 deny log ip from any to any 65535 17 997 deny ip from any to any # ifconfig dc0: flags=3D8943 mtu = 1500 inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 ether 00:01:53:80:e2:40 media: Ethernet autoselect (100baseTX ) status: active vr0: flags=3D8943 mtu = 1500 ether 00:e0:4c:9c:83:1a media: Ethernet autoselect (100baseTX ) status: active lp0: flags=3D8810 mtu 1500 lo0: flags=3D8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 ppp0: flags=3D8010 mtu 1500 sl0: flags=3Dc010 mtu 552 faith0: flags=3D8002 mtu 1500 tcp: 1632 packets sent 482 data packets (396644 bytes) 12 data packets (12480 bytes) retransmitted 0 resends initiated by MTU discovery 760 ack-only packets (3 delayed) 0 URG only packets 0 window probe packets 0 window update packets 378 control packets 2001 packets received 838 acks (for 396325 bytes) 2 duplicate acks 0 acks for unsent data 824 packets (388527 bytes) received in-sequence 0 completely duplicate packets (0 bytes) 0 old duplicate packets 0 packets with some dup. data (0 bytes duped) 0 out-of-order packets (0 bytes) 0 packets (0 bytes) of data after window 0 window probes 367 window update packets 0 packets received after close 0 discarded for bad checksums 0 discarded for bad header offset fields 0 discarded because packet too short 4 connection requests 371 connection accepts 0 bad connection attempts 0 listen queue overflows 373 connections established (including accepts) 374 connections closed (including 2 drops) 0 connections updated cached RTT on close 0 connections updated cached RTT variance on close 0 connections updated cached ssthresh on close 2 embryonic connections dropped 838 segments updated rtt (of 472 attempts) 24 retransmit timeouts 2 connections dropped by rexmit timeout 0 persist timeouts 0 connections dropped by persist timeout 0 keepalive timeouts 0 keepalive probes sent 0 connections dropped by keepalive 22 correct ACK header predictions 412 correct data packet header predictions 371 syncache entries added 0 retransmitted 0 dupsyn 0 dropped 371 completed 0 bucket overflow 0 cache overflow 0 reset 0 stale 0 aborted 0 badack 0 unreach 0 zone failures 0 cookies sent 0 cookies received udp: 1504 datagrams received 0 with incomplete header 0 with bad data length field 0 with bad checksum 0 with no checksum 1502 dropped due to no socket 2 broadcast/multicast datagrams dropped due to no socket 0 dropped due to full socket buffers 0 not for hashed pcb 0 delivered 1503 datagrams output ip: 44537 total packets received 0 bad header checksums 0 with size smaller than minimum 0 with data size < data length 0 with ip length > max ip packet size 0 with header length < data size 0 with data length < header length 0 with bad options 0 with incorrect version number 0 fragments received 0 fragments dropped (dup or out of space) 0 fragments dropped after timeout 0 packets reassembled ok 3743 packets for this host 1503 packets for unknown/unsupported protocol 0 packets forwarded (0 packets fast forwarded) 26203 packets not forwardable 35 packets received for unknown multicast group 0 redirects sent 4891 packets sent from this host 0 packets sent with fabricated ip header 0 output packets dropped due to no bufs, etc. 0 output packets discarded due to no route 0 output datagrams fragmented 0 fragments created 0 datagrams that can't be fragmented 0 tunneling packets that can't find gif 0 datagrams with bad address in header icmp: 1502 calls to icmp_error 0 errors not generated 'cuz old message was icmp Output histogram: echo reply: 231 destination unreachable: 1502 0 messages with bad code fields 0 messages < minimum length 0 bad checksums 0 messages with bad length 1 multicast echo requests ignored 0 multicast timestamp requests ignored Input histogram: echo reply: 4 destination unreachable: 1502 echo: 232 231 message responses generated 0 invalid return addresses 0 no return routes ICMP address mask responses are disabled igmp: 0 messages received 0 messages received with too few bytes 0 messages received with bad checksum 0 membership queries received 0 membership queries received with invalid field(s) 0 membership reports received 0 membership reports received with invalid field(s) 0 membership reports received for groups to which we belong 0 membership reports sent -- Bridging statistics (bdg) -- Name In Out Forward Drop Bcast Mcast Local = Unknown dc0:1 155257 296115 136083 0 345 15217 2203 = 1409 vr0:1 315444 153056 114414 0 179526 19433 0 = 2071 # netstat -i Name Mtu Network Address Ipkts Ierrs Opkts Oerrs = Coll dc0 1500 00:01:53:80:e2:40 155605 0 297006 0 = 0 dc0 1500 10/24 10.0.0.1 5273 - 4916 - = - vr0 1500 00:e0:4c:9c:83:1a 316350 0 153370 0 = 0 lp0* 1500 0 0 0 0 = 0 lo0 16384 3104 0 3104 0 = 0 lo0 16384 your-net localhost 48 - 48 - = - ppp0* 1500 0 0 0 0 = 0 sl0* 552 0 0 0 0 = 0 faith 1500 0 0 0 0 = 0 --=_endikos.com-10147-1059547727-0001-2-- From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 18:33:30 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B91AC37B401 for ; Tue, 29 Jul 2003 18:33:30 -0700 (PDT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 23E3C43F75 for ; Tue, 29 Jul 2003 18:33:30 -0700 (PDT) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19) id <305LG03Y>; Tue, 29 Jul 2003 21:33:29 -0400 Message-ID: From: Don Bowman To: 'William Knechtel' , freebsd-net@freebsd.org Date: Tue, 29 Jul 2003 21:33:20 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Subject: RE: Help with FreeBSD Bridged Firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 01:33:31 -0000 > From: William Knechtel [mailto:webmaster@endikos.com] I think you need to allow arp through this device, something like: ipfw add 30 allow layer2 mac-type arp [not sure which rule to insert it at]. I'm guessing your arp cache is timing out. From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 20:45:55 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D684E37B405 for ; Tue, 29 Jul 2003 20:45:55 -0700 (PDT) Received: from smtp0.libero.it (smtp0.libero.it [193.70.192.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id D44F943FA3 for ; Tue, 29 Jul 2003 20:45:52 -0700 (PDT) (envelope-from ml.ventu@flashnet.it) Received: from soth.ventu (151.38.127.191) by smtp0.libero.it (7.0.019) id 3F1D5F8400213090 for freebsd-net@freebsd.org; Wed, 30 Jul 2003 05:45:52 +0200 Received: from mailer (xanatar.ventu [10.1.2.6]) by soth.ventu (8.12.6p2/8.12.6) with SMTP id h6U3jpF3000532 for ; Wed, 30 Jul 2003 05:45:51 +0200 (CEST) (envelope-from ml.ventu@flashnet.it) Message-Id: <200307300345.h6U3jpF3000532@soth.ventu> To: freebsd-net@freebsd.org Priority: Normal X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Wed, 30 Jul 2003 05:45:50 EST From: Andrea Venturoli X-Scanned-By: MIMEDefang 2.35 Subject: Re: xl0 full duplex X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrea Venturoli List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 03:45:56 -0000 ** Reply to note from wpaul@freebsd.org (Bill Paul) Tue, 29 Jul 2003 12:18:33 -0700 (PDT) > If your switch is not managed and doesn't allow you to manually > configure the port settings, then you're out of luck. You'll just > have to live with half duplex mode. Sigh: this is the case. :( Well, I'll guess I can live with that. Thanks for your answer. bye av. From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 23:09:18 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D7E5737B401 for ; Tue, 29 Jul 2003 23:09:18 -0700 (PDT) Received: from jawa.at (jawa.at [213.229.17.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8BCBE43F93 for ; Tue, 29 Jul 2003 23:09:17 -0700 (PDT) (envelope-from mbretter@jawa.at) Received: from dings.jawa.at (dings.jawa.at [192.168.200.60]) by jawa.at (8.12.8p1/8.12.8) with ESMTP id h6U69D3D088220; Wed, 30 Jul 2003 08:09:13 +0200 (CEST) (envelope-from mbretter@jawa.at) Date: Wed, 30 Jul 2003 08:09:15 +0200 (=?ISO-8859-15?Q?Westeurop=E4ische_Normalzeit?=) From: Michael Bretterklieber To: Brett Glass In-Reply-To: <4.3.2.7.2.20030729175603.0395da70@localhost> Message-ID: References: <4.3.2.7.2.20030724225832.02bd6bc0@localhost> <4.3.2.7.2.20030724225832.02bd6bc0@localhost> <4.3.2.7.2.20030729175603.0395da70@localhost> X-X-Sender: mbretter@files.jawa.at MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-milter (http://amavis.org/) X-Spam-Status: No, hits=-27.5 required=5.0 tests=AWL,EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT, REFERENCES,REPLY_WITH_QUOTES,USER_AGENT_PINE autolearn=ham version=2.53 X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp) cc: net@freebsd.org Subject: Re: NAT and PPTP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 06:09:19 -0000 Hi, On Tue, 29 Jul 2003, Brett Glass wrote: > > By the way, is there BSD-licensed code for the enhanced version of MPPE > that does both encryption AND compression (I believe it's called MPPC)? no. MPPC (STAC-compression) is proprietary and patented (www.hifn.com), you can enable MPPC, but you have to buy the sources. > I understand that Microsoft Windows has it built in, and that it's available > for Linux as well. this is a kernel module for linux, however they are violating the US-patent. bye, -- ------------------------------- ---------------------------------- Michael Bretterklieber - http://www.bretterklieber.com JAWA Management Software GmbH - http://www.jawa.at Tel: ++43-(0)316-403274-12 - GSM: ++43-(0)676-84 03 15 712 ------------------------------- ---------------------------------- "...the number of UNIX installations has grown to 10, with more expected..." - Dennis Ritchie and Ken Thompson, June 1972 From owner-freebsd-net@FreeBSD.ORG Tue Jul 29 23:50:12 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 110EB37B401 for ; Tue, 29 Jul 2003 23:50:12 -0700 (PDT) Received: from proton.hexanet.fr (proton.hexanet.fr [81.23.32.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id BDED643FA3 for ; Tue, 29 Jul 2003 23:50:10 -0700 (PDT) (envelope-from c.prevotaux@hexanet.fr) Received: from hexanet.fr (localhost [127.0.0.1]) by proton.hexanet.fr (8.12.9/8.12.9) with SMTP id h6U6o8wa051815; Wed, 30 Jul 2003 08:50:08 +0200 (CEST) (envelope-from c.prevotaux@hexanet.fr) Date: Wed, 30 Jul 2003 08:50:08 +0200 From: Christophe Prevotaux To: Brett Glass Message-Id: <20030730085008.341c4393.c.prevotaux@hexanet.fr> In-Reply-To: <4.3.2.7.2.20030729175603.0395da70@localhost> References: <4.3.2.7.2.20030724225832.02bd6bc0@localhost> <4.3.2.7.2.20030723233055.02ceaa30@localhost> <4.3.2.7.2.20030724225832.02bd6bc0@localhost> <4.3.2.7.2.20030729175603.0395da70@localhost> Organization: HEXANET Sarl X-Mailer: Sylpheed version 0.8.11 (GTK+ 1.2.10; i386-portbld-freebsd4.8) X-NCC-RegID: fr.hexanet Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable cc: net@freebsd.org Subject: Re: NAT and PPTP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 06:50:12 -0000 Thanks for answering my email , even though I am not a programmer I can surely test things out to the best of my abilities. It would be nice to be able to have something like a pptpd integrated into = the FreeBSD tree (STABLE and CURRENT) , it would nice of course to be able to s= etup pptp tunnel dynamically and not only statically like it is the case right n= ow in mpd (AFAIK). My own purpose for using this is securing a bit more 802.11(whatever) in a large WISP setup. One of my question is how many pptp or pppoe sessions=20 can be handled by one FreeBSD box knowing each pptp or pppoe sessions have to be shaped traffic wise symetrically or asymetrically.=20 So having the ability to shape inbound bandwidth and outbound bandwidth dir= ectly inside the pptpd and pppoe thru radius and directly (for some cases) thru p= pp.conf would be really nice (it would require having a special dictionary for radi= us (I think)) I don't know if this is achievable without too much hassle in the current P= PP (PPPOE) code and if it is at all possible in a PPTP environment? On Tue, 29 Jul 2003 18:17:33 -0600 Brett Glass wrote: > Cristophe: >=20 > Nothing was decided in private e-mail. I'd really like to go for this, > but will likely need some help analyzing the existing code, abstracting=20 > the right parts from pppoed and mpd, and gluing everything together. > That's why I was hoping to ask Archie and Brian for help. The code for=20 > both is tricky and not well documented. >=20 > I do agree that a BSD-licensed pptpd that's made to work with FreeBSD's > (and NetBSD's, and OpenBSD's) userland PPP is needed. PoPToP is a Linux- > oriented, GPLed project and cannot be trusted to maintain compatibility > with the BSDs. (The version in the FreeBSD Ports Collection has serious > bugs, too, and is far behind the developers' latest version.) What's more= ,=20 > professional programmers, or ones who work on BSD-licensed projects, can'= t=20 > safely look at the code because it's GPLed and license contamination is > a serious legal threat. >=20 > PPTP is really very close to PPPoE, except that it runs over TCP (for cal= l=20 > setup and control) and GRE (for the PPP session) rather than raw MAC-laye= r=20 > Ethernet. The call control mechnism has no real security, and I've > always thought it wouldn't be too hard to hijack. PPP over SSH would > probably be more secure, but Windows doesn't support that and most of us > need to support Windows clients. >=20 > In any event, the most difficult part of PPTP to implement seems to be th= at > call control mechanism, which has far more features than necessary. This = is=20 > what would be good to extract from mpd, since I'll bet Archie spent a LOT= =20 > of time figuring out how to do it. >=20 > By the way, one thing that surprised me, when I researched it, was that e= ven=20 > though it's supposedly a secure "tunneling" protocol, there's no requirem= ent=20 > that a PPTP session actually use encryption. (In fact, several models of= =20 > Linksys routers have a PPTP implementation that does no encryption. This = is=20 > likely to mislead consumers, who will assume that if they're using PPTP t= hey=20 > have encryption.) On the other hand, PPPoE can be just as secure as PPTP,= =20 > since either can use MPPE to wedge encryption in where PPP normally has=20 > compression. >=20 > By the way, is there BSD-licensed code for the enhanced version of MPPE > that does both encryption AND compression (I believe it's called MPPC)?=20 > I understand that Microsoft Windows has it built in, and that it's availa= ble > for Linux as well. >=20 > --Brett >=20 > At 03:12 AM 7/29/2003, Christophe Prevotaux wrote: > =20 > >Hello, > > > >Any hopes for anything like a pptpd (like the pppoed)=20 > >any time soon ? , discussion stopped in the thread > >so maybe you guys discussed this further privately > >and decided something ?=20 > > > >pptpd is a much needed feature nowdays. > > > >On Thu, 24 Jul 2003 23:00:45 -0600 > >Brett Glass wrote: > > > >> At 08:50 PM 7/24/2003, Archie Cobbs wrote: > >> =20 > >> >I don't have time to do any real work.. however, the PPTP control > >> >layer can be used pretty much as is.. i.e., the files pptp_ctrl.[ch]. > >> >It has a fairly clean API that any PPP daemon could use, and all they > >> >require is some kind of event support. > >>=20 > >> We wouldn't be doing it quite that way; we'd be using it just to > >> steer the call through PPP (which wouldn't know that it was PPTP; > >> it would just think the call was PPP with MPPE on the CCP layer). > >> So, the PPP implementation wouldn't need to know about PPTP call > >> control. > >>=20 > >> --Brett > > > >-- > >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > >Christophe Prevotaux Email: c.prevotaux@hexanet.fr > >HEXANET SARL URL: http://www.hexanet.fr/ > >Z.A.C Les Charmilles Tel: +33 (0)3 26 79 30 05=20 > >3 All=E9e Thierry Sabine Direct: +33 (0)3 26 61 77 72=20 > >BP202 Fax: +33 (0)3 26 79 30 06 > >51686 Reims Cedex 2 =20 > >FRANCE HEXANET Network Operation Center =20 > >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 -- =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Christophe Prevotaux Email: c.prevotaux@hexanet.fr HEXANET SARL URL: http://www.hexanet.fr/ Z.A.C Les Charmilles Tel: +33 (0)3 26 79 30 05=20 3 All=E9e Thierry Sabine Direct: +33 (0)3 26 61 77 72=20 BP202 Fax: +33 (0)3 26 79 30 06 51686 Reims Cedex 2 =20 FRANCE HEXANET Network Operation Center =20 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D From owner-freebsd-net@FreeBSD.ORG Wed Jul 30 02:58:06 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7325637B401 for ; Wed, 30 Jul 2003 02:58:06 -0700 (PDT) Received: from exchange.wan.no (exchange.wan.no [80.86.128.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F60C43F85 for ; Wed, 30 Jul 2003 02:58:05 -0700 (PDT) (envelope-from sten.daniel.sorsdal@wan.no) MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Date: Wed, 30 Jul 2003 11:56:21 +0200 Message-ID: <0AF1BBDF1218F14E9B4CCE414744E70F07DEFA@exchange.wanglobal.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: NAT and PPTP Thread-Index: AcNWZqhI49ihH3BYQk+t5PDrAykTagAGb6xg From: =?iso-8859-1?Q?Sten_Daniel_S=F8rsdal?= To: "Christophe Prevotaux" , "Brett Glass" cc: net@freebsd.org Subject: RE: NAT and PPTP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 09:58:06 -0000 > My own purpose for using this is securing a bit more=20 > 802.11(whatever) in a > large WISP setup. One of my question is how many pptp or=20 > pppoe sessions=20 > can be handled by one FreeBSD box knowing each pptp or pppoe=20 > sessions have > to be shaped traffic wise symetrically or asymetrically.=20 depends on the box, the shaping is very efficient and is in kernel. so it's primarily the pptp and pppoe sessions that will demand = resources. it's almost impossible to answer. if i said at least 30 on a celery 1ghz, you might/might not be happy = with that. im sure you could run twice that on the same hardware (given it's = good hardware and is not the cheapest sh*t you could find). > So having the ability to shape inbound bandwidth and outbound=20 > bandwidth directly > inside the pptpd and pppoe thru radius and directly (for some=20 > cases) thru ppp.conf > would be really nice (it would require having a special=20 > dictionary for radius (I think)) > I don't know if this is achievable without too much hassle in=20 > the current PPP (PPPOE) > code and if it is at all possible in a PPTP environment? >=20 i use a shell script called from ppp.linkup/ppp.linkdown under the = appropriate label (radius supplies label as "Filter-Id"). Need it be simpler? - Sten From owner-freebsd-net@FreeBSD.ORG Wed Jul 30 05:46:15 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C0B137B401 for ; Wed, 30 Jul 2003 05:46:10 -0700 (PDT) Received: from web40614.mail.yahoo.com (web40614.mail.yahoo.com [66.218.78.151]) by mx1.FreeBSD.org (Postfix) with SMTP id 1D43A43FB1 for ; Wed, 30 Jul 2003 05:46:09 -0700 (PDT) (envelope-from pjn0211@yahoo.com) Message-ID: <20030730124609.40316.qmail@web40614.mail.yahoo.com> Received: from [202.183.248.166] by web40614.mail.yahoo.com via HTTP; Wed, 30 Jul 2003 13:46:09 BST Date: Wed, 30 Jul 2003 13:46:09 +0100 (BST) From: =?iso-8859-1?q?Supote=20Leelasupphakorn?= To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-isp@freebsd.org cc: freebsd-net@freebsd.org Subject: Can I subnet my network like this ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 12:46:15 -0000 Hi, all I would like to verify my knowledge by building the network like below but not sure whether it's impossible for subnetting like this - say, from Gateway no2, is divided to 172.16.0.0/16 and 172.17.0.0/16 subnet. I heard that it isn't recommend or impossible (not sure again) to use FIRST or LAST subnet in the allocated IP address pool, is it? Section no.1 is existed and I own the Gateway no.2. My plan is enable NAT on it by following the instruction in FreeBSD handbook. Any comments are welcome. | | if_1 = 202.xx.xx.xx |---------------| | | Gateway no.1 | | section 1 |---------------| | | if_2 = 10.0.0.1 | | ---- | | | if_1 = 10.0.0.254 | |---------------| if_2 = 172.16.0.1/16 | section 2 | Gateway no.2 |---------------- | |---------------| | | if_3 = 172.17.0.1/16 | | | Thanks in advance, ________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://uk.messenger.yahoo.com/ From owner-freebsd-net@FreeBSD.ORG Wed Jul 30 06:01:16 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4836D37B401; Wed, 30 Jul 2003 06:01:16 -0700 (PDT) Received: from dire.bris.ac.uk (dire.bris.ac.uk [137.222.10.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 472AE43FA3; Wed, 30 Jul 2003 06:01:15 -0700 (PDT) (envelope-from Jan.Grant@bristol.ac.uk) Received: from mail.ilrt.bris.ac.uk by dire.bris.ac.uk with SMTP-PRIV with ESMTP; Wed, 30 Jul 2003 14:01:12 +0100 Received: from cmjg (helo=localhost) by mail.ilrt.bris.ac.uk with local-esmtp (Exim 3.16 #1) id 19hqYF-0006bf-00; Wed, 30 Jul 2003 13:59:31 +0100 Date: Wed, 30 Jul 2003 13:59:31 +0100 (BST) From: Jan Grant X-X-Sender: cmjg@mail.ilrt.bris.ac.uk To: =?iso-8859-1?q?Supote=20Leelasupphakorn?= In-Reply-To: <20030730124609.40316.qmail@web40614.mail.yahoo.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: Jan Grant cc: freebsd-isp cc: freebsd-net cc: freebsd-questions@freebsd.org Subject: Re: Can I subnet my network like this ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 13:01:16 -0000 On Wed, 30 Jul 2003, [iso-8859-1] Supote Leelasupphakorn wrote: > Hi, all > > I would like to verify my knowledge > by building the network like below but not > sure whether it's impossible for subnetting > like this - say, from Gateway no2, is divided > to 172.16.0.0/16 and 172.17.0.0/16 subnet. There should be no problems doing what you suggest. > I heard that it isn't recommend or > impossible (not sure again) to use FIRST or > LAST subnet in the allocated IP address pool, > is it? This is no longer the case. It stems from (a misunderstanding of?) the "all zeros" or "all ones" network treatment (and by extension, subnets), but I don't think any kit behaves like that in these CIDR days. In any case, 172.16/16 and 172.17/16 are (were) both "full class B" ranges so anything broken enough to care ought to behave properly anyway. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/ Random act of violence against bread: whole pint. -- extract from the "Hawk the Slayer" drinking game From owner-freebsd-net@FreeBSD.ORG Wed Jul 30 08:47:19 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B9D4937B401; Wed, 30 Jul 2003 08:47:19 -0700 (PDT) Received: from energistic.com (bdsl.66.12.217.106.gte.net [66.12.217.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id C30EC43F3F; Wed, 30 Jul 2003 08:47:14 -0700 (PDT) (envelope-from steve@energistic.com) Received: from energistic.com (steve@localhost [127.0.0.1]) by energistic.com (8.12.9/8.12.9) with ESMTP id h6UFlCXp029050; Wed, 30 Jul 2003 10:47:13 -0500 (EST) (envelope-from steve@energistic.com) Received: (from steve@localhost) by energistic.com (8.12.9/8.12.9/Submit) id h6UFlCPa027436; Wed, 30 Jul 2003 10:47:12 -0500 (EST) (envelope-from steve) Date: Wed, 30 Jul 2003 10:47:12 -0500 From: Steve Ames To: Supote Leelasupphakorn Message-ID: <20030730154712.GA24659@energistic.com> References: <20030730124609.40316.qmail@web40614.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030730124609.40316.qmail@web40614.mail.yahoo.com> User-Agent: Mutt/1.5.4i cc: freebsd-isp@freebsd.org cc: freebsd-net@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: Can I subnet my network like this ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 15:47:20 -0000 On Wed, Jul 30, 2003 at 01:46:09PM +0100, Supote Leelasupphakorn wrote: > I heard that it isn't recommend or > impossible (not sure again) to use FIRST or > LAST subnet in the allocated IP address pool, > is it? That was true at one time. These days it is acceptable to use all definable subnets (including first and last). If you have some really old (pre 1995) equipment or software it may be a bit iffy. See RFC1878: ftp://ftp.rfc-editor.org/in-notes/rfc1878.txt > Section no.1 is existed and I own the Gateway no.2. > My plan is enable NAT on it by following the > instruction in FreeBSD handbook. Any comments are > welcome. If your NATting on gateway#2 I don't think the info about gateway #1 is really relevent... > | | > | if_1 = 10.0.0.254 | > |---------------| if_2 = 172.16.0.1/16 | section 2 > | Gateway no.2 |---------------- | > |---------------| | > | if_3 = 172.17.0.1/16 | > | | Lets go on the assumption that if_1 is your external interface and the one you'll be running natd on? I'm afraid I don't understand your question then. The subnetting is fine. You have a full /16 on interface 2 and 3 (way overkill for most applications but hey :). All of your interfaces are utilizing valid RFC1918 private IP space. It should all just work. *shrug* -Steve From owner-freebsd-net@FreeBSD.ORG Wed Jul 30 09:08:51 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 214EC37B401; Wed, 30 Jul 2003 09:08:51 -0700 (PDT) Received: from Chow.corp.media.net (rottie.media.net [66.113.65.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6583043FB1; Wed, 30 Jul 2003 09:08:50 -0700 (PDT) (envelope-from max.clark@media.net) Received: from MCLARK (76.0.6.10.IN-ADDR.ARPA [10.6.0.76]) by Chow.corp.media.net (Netscape Messaging Server 4.15) with SMTP id HIUHZG00.TKL; Wed, 30 Jul 2003 09:04:28 -0700 From: "Max Clark" To: "Supote Leelasupphakorn" , Date: Wed, 30 Jul 2003 09:13:59 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20030730124609.40316.qmail@web40614.mail.yahoo.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal cc: freebsd-isp@freebsd.org cc: freebsd-net@freebsd.org Subject: RE: Can I subnet my network like this ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 16:08:51 -0000 The only real concern is if you are using cisco routers in this equation. If so, make sure you enable ip-subnet-zero in the config. Max -----Original Message----- From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Supote Leelasupphakorn Sent: Wednesday, July 30, 2003 5:46 AM To: freebsd-questions@freebsd.org Cc: freebsd-isp@freebsd.org; freebsd-net@freebsd.org Subject: Can I subnet my network like this ? Hi, all I would like to verify my knowledge by building the network like below but not sure whether it's impossible for subnetting like this - say, from Gateway no2, is divided to 172.16.0.0/16 and 172.17.0.0/16 subnet. I heard that it isn't recommend or impossible (not sure again) to use FIRST or LAST subnet in the allocated IP address pool, is it? Section no.1 is existed and I own the Gateway no.2. My plan is enable NAT on it by following the instruction in FreeBSD handbook. Any comments are welcome. | | if_1 = 202.xx.xx.xx |---------------| | | Gateway no.1 | | section 1 |---------------| | | if_2 = 10.0.0.1 | | ---- | | | if_1 = 10.0.0.254 | |---------------| if_2 = 172.16.0.1/16 | section 2 | Gateway no.2 |---------------- | |---------------| | | if_3 = 172.17.0.1/16 | | | Thanks in advance, ________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://uk.messenger.yahoo.com/ _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Wed Jul 30 10:54:51 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0185237B401 for ; Wed, 30 Jul 2003 10:54:51 -0700 (PDT) Received: from endikos.com (endikos.com [216.234.204.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5917A43F3F for ; Wed, 30 Jul 2003 10:54:50 -0700 (PDT) (envelope-from webmaster@endikos.com) Received: from psiuserswknechtel (psi-user-wknechtel.nmsu.edu [::ffff:128.123.211.68]) by endikos.com with esmtp; Wed, 30 Jul 2003 17:19:22 -0600 From: "William Knechtel" To: "'Don Bowman'" , freebsd-net@freebsd.org Date: Wed, 30 Jul 2003 11:54:45 -0600 Message-ID: <004c01c356c3$ab9fe4a0$44d37b80@ad.psinp.org> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal In-Reply-To: Subject: RE: Help with FreeBSD Bridged Firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 17:54:51 -0000 Yeah, the arp cache is the problem, thanks for nailing that one for me. However, the ipfw rule you supplied doesn't seem to want to work for me... I think for the time being I'll just run a cron job every 15 minutes or so that clears the arp cache completely. Thanks again for your help!! I really appreciate it! Kindest Regards, Bill -----Original Message----- From: Don Bowman [mailto:don@sandvine.com] Sent: Tuesday, July 29, 2003 7:33 PM To: 'William Knechtel'; freebsd-net@freebsd.org Subject: RE: Help with FreeBSD Bridged Firewall > From: William Knechtel [mailto:webmaster@endikos.com] I think you need to allow arp through this device, something like: ipfw add 30 allow layer2 mac-type arp [not sure which rule to insert it at]. I'm guessing your arp cache is timing out. From owner-freebsd-net@FreeBSD.ORG Wed Jul 30 11:09:10 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 48D9237B401 for ; Wed, 30 Jul 2003 11:09:10 -0700 (PDT) Received: from mail.redlinenetworks.com (mail.redlinenetworks.com [216.136.145.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id B090643F75 for ; Wed, 30 Jul 2003 11:09:09 -0700 (PDT) (envelope-from sreekanth@redlinenetworks.com) Received: from SREELAPTOP (dhcp-174.redlinenetworks.com [192.168.40.174]) by mail.redlinenetworks.com (8.11.6/8.11.1) with ESMTP id h6UI99W62973 for ; Wed, 30 Jul 2003 11:09:09 -0700 (PDT) (envelope-from sreekanth@redlinenetworks.com) From: "Sreekanth" To: Date: Wed, 30 Jul 2003 11:09:09 -0700 Message-ID: <002301c356c5$ac7487d0$ae28a8c0@SREELAPTOP> MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Fast retransmit problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 18:09:10 -0000 I am facing a peculiar problem. Here is the scenario. During a tcp data transfer.An intermediate data packet(Say X) from server to client is lost.The client sends an ack with ACK no. corresponding to the lost segment.Now this continues till the no. of duplicate acks reach the threshold.But Just before the threshold is reached, the server sent a fin to Client.After the FIN is sent the server realized that the packet X is lost and it retransmits the packet.Now if we assume that the Sequence no. of FIN packet is 100.The client should actually send the Final ACK with ACK no. as 101.But because of a bug , the client sends the Last ACK with ACK no. 100.In ideal cases since the FIN is not acked..the server should be retransmitting the FIN.But it does not.Upon investigating the Scene, i found that the retransmit timer is not running anymore.This is easily reproducible in my environment.I know that the timer is stopped just before the Fast retransmit happens, i think that the timer should be restarted once the ack is received but i am not able to figure out where it should be restarted..Did anybody face this problem already? Is this a known bug ?. Server is a FreeBSD 4.6 machine and the client is Windows 2000 Thanks in advance Sreekanth From owner-freebsd-net@FreeBSD.ORG Wed Jul 30 11:24:07 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A47937B401 for ; Wed, 30 Jul 2003 11:24:07 -0700 (PDT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6031843F85 for ; Wed, 30 Jul 2003 11:24:06 -0700 (PDT) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19) id <305LHA00>; Wed, 30 Jul 2003 14:24:05 -0400 Message-ID: From: Don Bowman To: 'William Knechtel' , Don Bowman , freebsd-net@freebsd.org Date: Wed, 30 Jul 2003 14:24:04 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Subject: RE: Help with FreeBSD Bridged Firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 18:24:07 -0000 > From: William Knechtel [mailto:webmaster@endikos.com] > Yeah, the arp cache is the problem, thanks for nailing that > one for me. > However, the ipfw rule you supplied doesn't seem to want to work for > me... I think for the time being I'll just run a cron job every 15 > minutes or so that clears the arp cache completely. Thanks again for > your help!! I really appreciate it! you can, with sysctl, change the arp timeout period. sysctl net.link.ether to see all of them. net.link.ether.inet.prune_intvl/net.link.ether.inet.max_age changes the arp cache age time. From owner-freebsd-net@FreeBSD.ORG Wed Jul 30 12:15:39 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6FC8D37B401 for ; Wed, 30 Jul 2003 12:15:39 -0700 (PDT) Received: from imf16aec.mail.bellsouth.net (imf16aec.mail.bellsouth.net [205.152.59.64]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8084643FAF for ; Wed, 30 Jul 2003 12:15:36 -0700 (PDT) (envelope-from dngor@bellsouth.net) Received: from eyrie.homenet ([68.213.211.142]) by imf16aec.mail.bellsouth.netESMTP <20030730191535.BKJX7604.imf16aec.mail.bellsouth.net@eyrie.homenet> for ; Wed, 30 Jul 2003 15:15:35 -0400 Received: from eyrie.homenet (abuse@localhost [127.0.0.1]) by eyrie.homenet (8.12.9/8.12.9) with ESMTP id h6UJFVvu037230 for ; Wed, 30 Jul 2003 15:15:31 -0400 (EDT) (envelope-from troc@eyrie.homenet) Received: (from troc@localhost) by eyrie.homenet (8.12.9/8.12.9/Submit) id h6UJFVET037229 for freebsd-net@freebsd.org; Wed, 30 Jul 2003 15:15:31 -0400 (EDT) (envelope-from troc) Date: Wed, 30 Jul 2003 15:15:30 -0400 From: Rocco Caputo To: freebsd-net@freebsd.org Message-ID: <20030730191530.GD36116@eyrie.homenet> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i Subject: pppoe, can't ping tun0, ipfnat ftp proxy "doesn't work" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 19:15:39 -0000 [Originally posted to freebsd-questions, but someone suggested freebsd-net instead.] I've acquired DSL. My modem's PPPoE and NAT have a tendency to remap ports, so I switched it to bridged Ethernet. Now I'm using ppp(8) for PPPoE. I'm using ipfw2 for QOS things (pipes and queues). I'm using ipf for firewalling and ftp proxying. Almost everything works well, except (so far) active FTP and pinging the tun0 interface. tcpdump shows ICMP echo requests and responses, but ping does not see them. Opening ipf (pass in all, pass out all) "fixes" ping. ipfnat's active ftp proxy sees the PORT request and punches a hole through the firewall, but incoming packets don't arrive. Opening ipf "fixes" this, too. Other incoming connections seem to work fine. DNS works fine. TCP works fine. I've read the handbook, the howtos, searched the list archives, usenet, and the web. Nothing solved it. So. What have I overlooked? Where have I gone wrong? Would you like to see my cling-film collection? How about an extensive (but perhaps not exhaustive) collection of excerpts from my system configuration files? Ok, it is included. -- Rocco Caputo - rcaputo@pobox.com - http://poe.perl.org/ === ppp.conf default: ident user-ppp VERSION (built COMPILATIONDATE) set log CBCP CCP Chat Connect Command IPCP tun Phase Warning papchap: add default HISADDR disable ipv6cp disable vjcomp enable iface-alias enable lqr enable tcpmssfixup nat enable yes nat log yes nat same_ports yes set authkey ***** set authname ***** set cd 5 set crtscts off set device PPPoE:dc0 set dia set ifaddr 68.213.211.142/0 192.168.36.176/0 set login set lqrperiod 1 set mru 1492 set mtu 1492 set redial 1 0 set server /var/run/tun0 "" 0177 set speed sync set timeout 0 === netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.36.176 UGSc 80 1377475 tun0 10 link#2 UC 4 0 rl0 10.0.0.7 link#2 UHLW 0 8 rl0 10.0.0.18 00:e0:18:0b:ac:22 UHLW 1 115334 rl0 303 10.0.0.25 00:e0:18:30:68:32 UHLW 0 292874 lo0 10.0.0.100 00:e0:18:30:65:f6 UHLW 1 111019 rl0 163 127.0.0.1 127.0.0.1 UH 6 196295 lo0 192.168.1 link#1 UC 2 0 dc0 192.168.1.25 00:04:5a:59:8e:92 UHLW 0 142112 lo0 192.168.1.254 00:60:0f:31:c7:86 UHLW 0 75153 dc0 865 192.168.36.176 68.213.211.142 UH 76 71059 tun0 === ipfstat -i block in quick on tun0 from 0.0.0.0/8 to any block in quick on tun0 from 127.0.0.0/8 to any block in quick on tun0 from 169.254.0.0/16 to any block in quick on tun0 from 172.16.0.0/12 to any block in quick on tun0 from 192.0.2.0/24 to any block in quick on tun0 from 192.168.0.0/16 to any block in quick on tun0 from 224.0.0.0/4 to any block in quick on tun0 from 240.0.0.0/4 to any pass in quick on lo0 from any to any pass in quick on rl0 from any to any pass in quick on dc0 from any to any pass in quick on tun0 proto tcp from any to any port = 80 flags S/FSRPAU keep state keep frags pass in quick on tun0 proto tcp from any to any port = 113 flags S/FSRPAU keep state keep frags pass in quick on tun0 proto tcp from any to any port = 433 flags S/FSRPAU keep state keep frags pass in quick on tun0 proto tcp from any to any port 6881 >< 6999 flags S/FSRPAU keep state keep frags pass in quick on tun0 proto tcp from any to any port = 11512 flags S/FSRPAU keep state keep frags pass in quick on tun0 proto tcp from any to any port 32000 >< 32100 flags S/FSRPAU keep state keep frags block in quick from any to any === ipfstat -o block out quick on tun0 from 0.0.0.0/8 to any block out quick on tun0 from 127.0.0.0/8 to any block out quick on tun0 from 169.254.0.0/16 to any block out quick on tun0 from 172.16.0.0/12 to any block out quick on tun0 from 192.0.2.0/24 to any block out quick on tun0 from 192.168.0.0/16 to any block out quick on tun0 from 224.0.0.0/4 to any block out quick on tun0 from 240.0.0.0/4 to any pass out quick on lo0 from any to any pass out quick on rl0 from any to any pass out quick on dc0 from any to any pass out quick on tun0 proto icmp from any to any keep state pass out quick on tun0 proto tcp from any to any flags S/FSRPAU keep state keep frags pass out quick on tun0 proto udp from any to any keep state keep frags block out quick from any to any === ipnat -l List of active MAP/Redirect filters: map tun0 68.213.211.142/32 -> 68.213.211.142/32 proxy port ftp ftp/tcp List of active sessions: (none) === various rc.conf bits ifconfig_dc0="inet 192.168.1.25 netmask 255.255.255.0" network_interfaces="lo0 rl0 dc0 tun0" firewall_enable="YES" firewall_logging="YES" firewall_type="/etc/rc.firewall.custom" firewall_flags="-p /usr/bin/cpp" ipfilter_enable="YES" ipfilter_program="/sbin/ipf" ipfilter_rules="/etc/ipf.rules" ipnat_enable="YES" ppp_enable="yes" ppp_mode="ddial" ppp_nat="yes" ppp_profile="papchap" === ipfw show 01110 queue 18 icmp from any to any in via tun0 01110 queue 18 ip from any to any in via tun0 iptos lowdelay,throughput 01120 queue 18 tcp from any to any in via tun0 tcpflags ack 01120 queue 18 tcp from any to any in via tun0 tcpflags ack 01300 queue 14 ip from any to any in via tun0 iptos lowdelay 01310 queue 14 tcp from any 6666-6669 to any in via tun0 01320 queue 14 tcp from any 80 to any in via tun0 01400 queue 11 tcp from any 119 to any in via tun0 01410 queue 11 tcp from any 5999 to any in via tun0 01420 queue 11 tcp from any to any in via tun0 iplen 1500 01430 queue 11 tcp from any 6881-6889 to any in via tun0 01440 queue 11 tcp from any to any dst-port 6881-6889 in via tun0 01900 queue 12 ip from any to any in via tun0 02100 queue 28 icmp from any to any out via tun0 02110 queue 28 ip from any to any out via tun0 iptos lowdelay,throughput 02120 queue 28 tcp from any to any out via tun0 tcpflags ack 02130 queue 28 tcp from any to any out via tun0 setup 02300 queue 24 ip from any to any out via tun0 iptos lowdelay 02310 queue 24 tcp from any to any dst-port 6666-6669 out via tun0 02400 queue 21 tcp from any 80 to any out via tun0 02410 queue 21 tcp from any 443 to any out via tun0 02420 queue 21 tcp from any 11512 to any out via tun0 02430 queue 21 tcp from any to any dst-port 119 out via tun0 02440 queue 21 tcp from any to any dst-port 5999 out via tun0 02450 queue 21 tcp from any to any out via tun0 iplen 1500 02460 queue 21 tcp from any 6881-6889 to any out via tun0 02470 queue 21 tcp from any to any dst-port 6881-6889 out via tun0 02900 queue 22 ip from any to any out via tun0 60000 allow ip from any to any via lo0 60010 allow ip from any to any via rl0 60020 allow ip from any to any via dc0 60030 allow ip from any to any via tun0 60040 allow ip from any to any 65535 deny ip from any to any === ipfw queue show 00010: 368.000 Kbit/s 0 ms 36 KB 0 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 00011: 736.000 Kbit/s 0 ms 73 KB 0 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 00012: 1.472 Mbit/s 0 ms 147 KB 0 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 00020: 64.000 Kbit/s 0 ms 6144 B 0 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 00021: 128.000 Kbit/s 0 ms 12 KB 0 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 00022: 256.000 Kbit/s 0 ms 25 KB 0 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 === end From owner-freebsd-net@FreeBSD.ORG Wed Jul 30 12:51:36 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A07037B401 for ; Wed, 30 Jul 2003 12:51:36 -0700 (PDT) Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9DDFC43FBF for ; Wed, 30 Jul 2003 12:51:35 -0700 (PDT) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([12.233.125.100]) by attbi.com (rwcrmhc13) with ESMTP id <2003073019513401500o8cdpe>; Wed, 30 Jul 2003 19:51:35 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id MAA24276; Wed, 30 Jul 2003 12:51:33 -0700 (PDT) Date: Wed, 30 Jul 2003 12:51:32 -0700 (PDT) From: Julian Elischer To: Rocco Caputo In-Reply-To: <20030730191530.GD36116@eyrie.homenet> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: pppoe, can't ping tun0, ipfnat ftp proxy "doesn't work" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 19:51:36 -0000 You are complicating things by running both ipfw and ipf. can you not do just one of them? On Wed, 30 Jul 2003, Rocco Caputo wrote: > [Originally posted to freebsd-questions, but someone suggested > freebsd-net instead.] > > I've acquired DSL. My modem's PPPoE and NAT have a tendency to remap > ports, so I switched it to bridged Ethernet. Now I'm using ppp(8) for > PPPoE. I'm using ipfw2 for QOS things (pipes and queues). I'm using > ipf for firewalling and ftp proxying. > > Almost everything works well, except (so far) active FTP and pinging the > tun0 interface. > > tcpdump shows ICMP echo requests and responses, but ping does not see > them. Opening ipf (pass in all, pass out all) "fixes" ping. > > ipfnat's active ftp proxy sees the PORT request and punches a hole > through the firewall, but incoming packets don't arrive. Opening ipf > "fixes" this, too. > > Other incoming connections seem to work fine. DNS works fine. TCP > works fine. > > I've read the handbook, the howtos, searched the list archives, usenet, > and the web. Nothing solved it. > > So. What have I overlooked? Where have I gone wrong? Would you like > to see my cling-film collection? How about an extensive (but perhaps > not exhaustive) collection of excerpts from my system configuration > files? Ok, it is included. > > -- > Rocco Caputo - rcaputo@pobox.com - http://poe.perl.org/ > > === ppp.conf > > default: > ident user-ppp VERSION (built COMPILATIONDATE) > set log CBCP CCP Chat Connect Command IPCP tun Phase Warning > > papchap: > add default HISADDR > disable ipv6cp > disable vjcomp > enable iface-alias > enable lqr > enable tcpmssfixup > nat enable yes > nat log yes > nat same_ports yes > set authkey ***** > set authname ***** > set cd 5 > set crtscts off > set device PPPoE:dc0 > set dia > set ifaddr 68.213.211.142/0 192.168.36.176/0 > set login > set lqrperiod 1 > set mru 1492 > set mtu 1492 > set redial 1 0 > set server /var/run/tun0 "" 0177 > set speed sync > set timeout 0 > > === netstat -rn > > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif Expire > default 192.168.36.176 UGSc 80 1377475 tun0 > 10 link#2 UC 4 0 rl0 > 10.0.0.7 link#2 UHLW 0 8 rl0 > 10.0.0.18 00:e0:18:0b:ac:22 UHLW 1 115334 rl0 303 > 10.0.0.25 00:e0:18:30:68:32 UHLW 0 292874 lo0 > 10.0.0.100 00:e0:18:30:65:f6 UHLW 1 111019 rl0 163 > 127.0.0.1 127.0.0.1 UH 6 196295 lo0 > 192.168.1 link#1 UC 2 0 dc0 > 192.168.1.25 00:04:5a:59:8e:92 UHLW 0 142112 lo0 > 192.168.1.254 00:60:0f:31:c7:86 UHLW 0 75153 dc0 865 > 192.168.36.176 68.213.211.142 UH 76 71059 tun0 > > === ipfstat -i > > block in quick on tun0 from 0.0.0.0/8 to any > block in quick on tun0 from 127.0.0.0/8 to any > block in quick on tun0 from 169.254.0.0/16 to any > block in quick on tun0 from 172.16.0.0/12 to any > block in quick on tun0 from 192.0.2.0/24 to any > block in quick on tun0 from 192.168.0.0/16 to any > block in quick on tun0 from 224.0.0.0/4 to any > block in quick on tun0 from 240.0.0.0/4 to any > pass in quick on lo0 from any to any > pass in quick on rl0 from any to any > pass in quick on dc0 from any to any > pass in quick on tun0 proto tcp from any to any port = 80 flags S/FSRPAU keep state keep frags > pass in quick on tun0 proto tcp from any to any port = 113 flags S/FSRPAU keep state keep frags > pass in quick on tun0 proto tcp from any to any port = 433 flags S/FSRPAU keep state keep frags > pass in quick on tun0 proto tcp from any to any port 6881 >< 6999 flags S/FSRPAU keep state keep frags > pass in quick on tun0 proto tcp from any to any port = 11512 flags S/FSRPAU keep state keep frags > pass in quick on tun0 proto tcp from any to any port 32000 >< 32100 flags S/FSRPAU keep state keep frags > block in quick from any to any > > === ipfstat -o > > block out quick on tun0 from 0.0.0.0/8 to any > block out quick on tun0 from 127.0.0.0/8 to any > block out quick on tun0 from 169.254.0.0/16 to any > block out quick on tun0 from 172.16.0.0/12 to any > block out quick on tun0 from 192.0.2.0/24 to any > block out quick on tun0 from 192.168.0.0/16 to any > block out quick on tun0 from 224.0.0.0/4 to any > block out quick on tun0 from 240.0.0.0/4 to any > pass out quick on lo0 from any to any > pass out quick on rl0 from any to any > pass out quick on dc0 from any to any > pass out quick on tun0 proto icmp from any to any keep state > pass out quick on tun0 proto tcp from any to any flags S/FSRPAU keep state keep frags > pass out quick on tun0 proto udp from any to any keep state keep frags > block out quick from any to any > > === ipnat -l > > List of active MAP/Redirect filters: > map tun0 68.213.211.142/32 -> 68.213.211.142/32 proxy port ftp ftp/tcp > > List of active sessions: > (none) > > === various rc.conf bits > > ifconfig_dc0="inet 192.168.1.25 netmask 255.255.255.0" > network_interfaces="lo0 rl0 dc0 tun0" > > firewall_enable="YES" > firewall_logging="YES" > firewall_type="/etc/rc.firewall.custom" > firewall_flags="-p /usr/bin/cpp" > > ipfilter_enable="YES" > ipfilter_program="/sbin/ipf" > ipfilter_rules="/etc/ipf.rules" > > ipnat_enable="YES" > > ppp_enable="yes" > ppp_mode="ddial" > ppp_nat="yes" > ppp_profile="papchap" > > === ipfw show > > 01110 queue 18 icmp from any to any in via tun0 > 01110 queue 18 ip from any to any in via tun0 iptos lowdelay,throughput > 01120 queue 18 tcp from any to any in via tun0 tcpflags ack > 01120 queue 18 tcp from any to any in via tun0 tcpflags ack > 01300 queue 14 ip from any to any in via tun0 iptos lowdelay > 01310 queue 14 tcp from any 6666-6669 to any in via tun0 > 01320 queue 14 tcp from any 80 to any in via tun0 > 01400 queue 11 tcp from any 119 to any in via tun0 > 01410 queue 11 tcp from any 5999 to any in via tun0 > 01420 queue 11 tcp from any to any in via tun0 iplen 1500 > 01430 queue 11 tcp from any 6881-6889 to any in via tun0 > 01440 queue 11 tcp from any to any dst-port 6881-6889 in via tun0 > 01900 queue 12 ip from any to any in via tun0 > 02100 queue 28 icmp from any to any out via tun0 > 02110 queue 28 ip from any to any out via tun0 iptos lowdelay,throughput > 02120 queue 28 tcp from any to any out via tun0 tcpflags ack > 02130 queue 28 tcp from any to any out via tun0 setup > 02300 queue 24 ip from any to any out via tun0 iptos lowdelay > 02310 queue 24 tcp from any to any dst-port 6666-6669 out via tun0 > 02400 queue 21 tcp from any 80 to any out via tun0 > 02410 queue 21 tcp from any 443 to any out via tun0 > 02420 queue 21 tcp from any 11512 to any out via tun0 > 02430 queue 21 tcp from any to any dst-port 119 out via tun0 > 02440 queue 21 tcp from any to any dst-port 5999 out via tun0 > 02450 queue 21 tcp from any to any out via tun0 iplen 1500 > 02460 queue 21 tcp from any 6881-6889 to any out via tun0 > 02470 queue 21 tcp from any to any dst-port 6881-6889 out via tun0 > 02900 queue 22 ip from any to any out via tun0 > 60000 allow ip from any to any via lo0 > 60010 allow ip from any to any via rl0 > 60020 allow ip from any to any via dc0 > 60030 allow ip from any to any via tun0 > 60040 allow ip from any to any > 65535 deny ip from any to any > > === ipfw queue show > > 00010: 368.000 Kbit/s 0 ms 36 KB 0 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > 00011: 736.000 Kbit/s 0 ms 73 KB 0 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > 00012: 1.472 Mbit/s 0 ms 147 KB 0 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > 00020: 64.000 Kbit/s 0 ms 6144 B 0 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > 00021: 128.000 Kbit/s 0 ms 12 KB 0 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > 00022: 256.000 Kbit/s 0 ms 25 KB 0 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > > === end > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Wed Jul 30 13:26:11 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E44337B40C for ; Wed, 30 Jul 2003 13:26:11 -0700 (PDT) Received: from laptop.tenebras.com (laptop.tenebras.com [66.92.188.18]) by mx1.FreeBSD.org (Postfix) with SMTP id BBEDE43F93 for ; Wed, 30 Jul 2003 13:26:10 -0700 (PDT) (envelope-from kudzu@tenebras.com) Received: (qmail 52889 invoked from network); 30 Jul 2003 20:26:07 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (192.168.188.241) by 0 with SMTP; 30 Jul 2003 20:26:07 -0000 Message-ID: <3F2829DE.3080000@tenebras.com> Date: Wed, 30 Jul 2003 13:26:06 -0700 From: Michael Sierchio User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.3.1) Gecko/20030425 X-Accept-Language: en-us, zh-tw, zh-cn, fr, en, de-de MIME-Version: 1.0 To: William Knechtel References: <004c01c356c3$ab9fe4a0$44d37b80@ad.psinp.org> In-Reply-To: <004c01c356c3$ab9fe4a0$44d37b80@ad.psinp.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Help with FreeBSD Bridged Firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 20:26:11 -0000 William Knechtel wrote: > Yeah, the arp cache is the problem, thanks for nailing that one for me. > However, the ipfw rule you supplied doesn't seem to want to work for > me... I think for the time being I'll just run a cron job every 15 > minutes or so that clears the arp cache completely. Thanks again for > your help!! I really appreciate it! > ipfw add 30 allow layer2 mac-type arp ACQJS (AFAIK) you need to use ipfw2 to support layer2 rules. From owner-freebsd-net@FreeBSD.ORG Wed Jul 30 14:17:14 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3F8D337B41A; Wed, 30 Jul 2003 14:17:14 -0700 (PDT) Received: from apollo.laserfence.net (apollo.laserfence.net [196.44.69.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 16B0B43F3F; Wed, 30 Jul 2003 14:17:11 -0700 (PDT) (envelope-from will@unfoldings.net) Received: from localhost ([127.0.0.1]) by apollo.laserfence.net with esmtp (Exim 4.10) id 19hyJe-000Mhl-00; Wed, 30 Jul 2003 23:16:58 +0200 Received: from prometheus-p0.datel.laserfence.net ([192.168.255.1] helo=prometheus.home.laserfence.net) by apollo.laserfence.net with esmtp (Exim 4.10) id 19hyJO-000Mhd-00; Wed, 30 Jul 2003 23:16:44 +0200 Received: from phoenix.home.laserfence.net ([192.168.0.2]) by prometheus.home.laserfence.net with esmtp (Exim 4.10) id 19hyJK-0004ic-00; Wed, 30 Jul 2003 23:16:38 +0200 Received: from will by phoenix.home.laserfence.net with local (Exim 4.10) id 19hyJJ-0000oO-00; Wed, 30 Jul 2003 23:16:37 +0200 From: Willie Viljoen To: freebsd-questions@freebsd.org Date: Wed, 30 Jul 2003 23:16:37 +0200 User-Agent: KMail/1.5.1 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200307302316.37892.will@unfoldings.net> Sender: Willie Viljoen X-Spam-Score: (/) X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/) *19hyJO-000Mhd-00*j/h/3o8K.5Y* X-Virus-Scanned: by AMaViS snapshot-20020422 cc: freebsd-net@freebsd.org Subject: Strange dial-up related DNS problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 21:17:14 -0000 This gets a 10.0 on my weird-o-meter. I have a FreeBSD 4.7-RELEASE machine sitting at a client which dials in and collects their mail via POP3, and sends outgoing mail via a smarthost which points to an SMTP server at their ISP. This machine has worked fine since late last year, but started giving a strange problem this week. When connected to their ISP, SAIX, the machine can ping any live internet IP and it can traceroute to anywhere, but, it can not talk to any DNS server. Any traffic to port 53 UDP simply seems to dissapear. The same with firewalling enabled as normal, or even with ipfw add 1 allow ip from any to any When connected to any other ISP we have tried dialing, all works perfectly. When dialed from another FreeBSD box with the same username/password, the SAIX connection works perfectly. Yet, this single machine absolutely flat out refuses to talk to any name server while connected to SAIX, firewalling, no firewalling, no difference. I have tried running tcpdump -i ppp0 udp port 53 in an attempt at capturing these packets, nothing, I also looked at rl0 just for interest's sake, nothing. I have run out of ideas, what am I missing? PS: Please CC me in the reply, I get so much list mail I might miss a reply there. -- Willie Viljoen Freelance IT Consultant 214 Paul Kruger Avenue, Universitas Bloemfontein 9321 South Africa +27 51 522 15 60 +27 82 404 03 27 (mobile) will@unfoldings.net From owner-freebsd-net@FreeBSD.ORG Wed Jul 30 14:32:32 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7053E37B401 for ; Wed, 30 Jul 2003 14:32:32 -0700 (PDT) Received: from imf24aec.mail.bellsouth.net (imf24aec.mail.bellsouth.net [205.152.59.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id 661EC43F3F for ; Wed, 30 Jul 2003 14:32:31 -0700 (PDT) (envelope-from dngor@bellsouth.net) Received: from eyrie.homenet ([68.213.211.142]) by imf24aec.mail.bellsouth.netESMTP <20030730213230.LEDL19510.imf24aec.mail.bellsouth.net@eyrie.homenet> for ; Wed, 30 Jul 2003 17:32:30 -0400 Received: from eyrie.homenet (abuse@localhost [127.0.0.1]) by eyrie.homenet (8.12.9/8.12.9) with ESMTP id h6ULWTvu038221 for ; Wed, 30 Jul 2003 17:32:29 -0400 (EDT) (envelope-from troc@eyrie.homenet) Received: (from troc@localhost) by eyrie.homenet (8.12.9/8.12.9/Submit) id h6ULWTmn038220 for freebsd-net@freebsd.org; Wed, 30 Jul 2003 17:32:29 -0400 (EDT) (envelope-from troc) Date: Wed, 30 Jul 2003 17:32:29 -0400 From: Rocco Caputo To: freebsd-net@freebsd.org Message-ID: <20030730213229.GA37634@eyrie.homenet> References: <20030730191530.GD36116@eyrie.homenet> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i Subject: Re: pppoe, can't ping tun0, ipfnat ftp proxy "doesn't work" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 21:32:32 -0000 On Wed, Jul 30, 2003 at 12:51:32PM -0700, Julian Elischer wrote: > > You are complicating things by running both ipfw and ipf. > can you not do just one of them? I'm not sure. The literature I've read so far says neither firewall does traffic shaping AND supports active FTP in a deny-by-default setting. If google's to be believed, the generally accepted solution is to use ipfw2 for DUMMYNET and ipf/ipfnat for firewalling and active FTP proxying. The combination served me well when I was using ppp(8) to drive a serial modem. Now that I've switched to ADSL and PPPoE, things seem subtly broken. I blame the user (myself), but I haven't found a solution after beating on the problem for several days. -- Rocco Caputo - rcaputo@pobox.com - http://poe.perl.org/ From owner-freebsd-net@FreeBSD.ORG Wed Jul 30 14:58:29 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5052137B404 for ; Wed, 30 Jul 2003 14:58:29 -0700 (PDT) Received: from cowbert.2y.net (d46h180.public.uconn.edu [137.99.46.180]) by mx1.FreeBSD.org (Postfix) with SMTP id 205A843FB1 for ; Wed, 30 Jul 2003 14:58:28 -0700 (PDT) (envelope-from sirmoo@cowbert.2y.net) Received: (qmail 387 invoked by uid 1001); 30 Jul 2003 21:58:23 -0000 Date: Wed, 30 Jul 2003 17:58:23 -0400 From: "Peter C. Lai" To: freebsd-net@freebsd.org Message-ID: <20030730215823.GA361@cowbert.2y.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Subject: dc TX underrun leads to delayed crash X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: peter.lai@uconn.edu List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 21:58:29 -0000 I'm noticing on a moderately loaded system, that sometimes when the kernel increases the TX threshold (/kernel: dc0: TX underrun -- increasing TX threshold), a few minutes later, the system hardlocks requiring a reset. This routinely happens when I'm streaming MP3s over the network and the box suddenly hardlocks; after I go back to inspect the logs, the TX buffer underrun is the only thing in the log before the start of the kernel reboot messages. This is occuring on 4.8-STABLE as of July 7, 2003 on an AMD K6-2 500 with 348 Mb RAM and VIA Apollo MVP3 chipset. When the lockups occur, the system temperatures are below 40C, with little disk activity, moderate ram and cpu usage; the NIC (linksys LNE-100TX A) is usually doing a steady 50K/s at this point. -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/ From owner-freebsd-net@FreeBSD.ORG Wed Jul 30 15:06:40 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A31E737B401 for ; Wed, 30 Jul 2003 15:06:40 -0700 (PDT) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id E4ED143FBD for ; Wed, 30 Jul 2003 15:06:39 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 63698 invoked from network); 30 Jul 2003 22:06:38 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 30 Jul 2003 22:06:38 -0000 X-pair-Authenticated: 209.68.2.70 Date: Wed, 30 Jul 2003 17:05:49 -0500 (CDT) From: Mike Silbersack To: peter.lai@uconn.edu In-Reply-To: <20030730215823.GA361@cowbert.2y.net> Message-ID: <20030730170024.K88169@odysseus.silby.com> References: <20030730215823.GA361@cowbert.2y.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: dc TX underrun leads to delayed crash X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 22:06:41 -0000 On Wed, 30 Jul 2003, Peter C. Lai wrote: > I'm noticing on a moderately loaded system, that sometimes when the kernel > increases the TX threshold (/kernel: dc0: TX underrun -- increasing TX > threshold), a few minutes later, the system hardlocks requiring a reset. > This routinely happens when I'm streaming MP3s over the network and the box > suddenly hardlocks; after I go back to inspect the logs, the TX buffer underrun > is the only thing in the log before the start of the kernel reboot messages. > This is occuring on 4.8-STABLE as of July 7, 2003 on an AMD K6-2 500 with > 348 Mb RAM and VIA Apollo MVP3 chipset. When the lockups occur, the system > temperatures are below 40C, with little disk activity, moderate ram and cpu > usage; the NIC (linksys LNE-100TX A) is usually doing a steady 50K/s at this point. > -- > Peter C. Lai Rev 1.9.2.47 of if_dc.c (committed July 14th) should fix this problem for you. MBUF_STRESS_TEST showed similar symptoms as mbuf chain lengths were increased, which is how I detected the problem. Try grabbing the new if_dc.c: http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/src/sys/pci/if_dc.c?rev=1.9.2.47&content-type=text/plain And see how things go. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Wed Jul 30 15:16:46 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 301AF37B401; Wed, 30 Jul 2003 15:16:46 -0700 (PDT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 47E8243F85; Wed, 30 Jul 2003 15:16:43 -0700 (PDT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.9/8.12.9) with ESMTP id h6UMGV2A079386; Wed, 30 Jul 2003 18:16:31 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9/8.12.9/Submit) id h6UMGVS4079385; Wed, 30 Jul 2003 18:16:31 -0400 (EDT) (envelope-from barney) Date: Wed, 30 Jul 2003 18:16:31 -0400 From: Barney Wolff To: Willie Viljoen Message-ID: <20030730221631.GA79233@pit.databus.com> References: <200307302316.37892.will@unfoldings.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200307302316.37892.will@unfoldings.net> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.35 cc: freebsd-net@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: Strange dial-up related DNS problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 22:16:46 -0000 On Wed, Jul 30, 2003 at 11:16:37PM +0200, Willie Viljoen wrote: > > When connected to their ISP, SAIX, the machine can ping any live internet IP > and it can traceroute to anywhere, but, it can not talk to any DNS server. > Any traffic to port 53 UDP simply seems to dissapear. Sheer guess, but perhaps the PPP negotiation is giving them something weird (eg, 127.0.0.1) as the nameserver address. Have a look at /etc/resolv.conf while they're connected and at the ppp log. Have you tried dig @server.ip some.host? Any internal firewall in place? What do its logs/stats show? -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Wed Jul 30 15:23:00 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 38DFE37B401; Wed, 30 Jul 2003 15:23:00 -0700 (PDT) Received: from apollo.laserfence.net (apollo.laserfence.net [196.44.69.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6B3C643F3F; Wed, 30 Jul 2003 15:22:58 -0700 (PDT) (envelope-from will@unfoldings.net) Received: from localhost ([127.0.0.1]) by apollo.laserfence.net with esmtp (Exim 4.10) id 19hzLO-000N62-00; Thu, 31 Jul 2003 00:22:51 +0200 Received: from prometheus-p0.datel.laserfence.net ([192.168.255.1] helo=prometheus.home.laserfence.net) by apollo.laserfence.net with esmtp (Exim 4.10) id 19hzL2-000N5Y-00; Thu, 31 Jul 2003 00:22:30 +0200 Received: from phoenix.home.laserfence.net ([192.168.0.2]) by prometheus.home.laserfence.net with esmtp (Exim 4.10) id 19hzKq-0004nZ-00; Thu, 31 Jul 2003 00:22:16 +0200 Received: from will by phoenix.home.laserfence.net with local (Exim 4.10) id 19hzKq-0000xw-00; Thu, 31 Jul 2003 00:22:16 +0200 From: Willie Viljoen To: Barney Wolff Date: Thu, 31 Jul 2003 00:22:16 +0200 User-Agent: KMail/1.5.1 References: <200307302316.37892.will@unfoldings.net> <20030730221631.GA79233@pit.databus.com> In-Reply-To: <20030730221631.GA79233@pit.databus.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200307310022.16375.will@unfoldings.net> Sender: Willie Viljoen X-Spam-Score: (/) X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/) *19hzL2-000N5Y-00*G7hALSsHNaU* X-Virus-Scanned: by AMaViS snapshot-20020422 cc: freebsd-net@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: Strange dial-up related DNS problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 22:23:00 -0000 On Thursday 31 July 2003 0:16, someone, possibly Barney Wolff, typed: > On Wed, Jul 30, 2003 at 11:16:37PM +0200, Willie Viljoen wrote: > > When connected to their ISP, SAIX, the machine can ping any live > > internet IP and it can traceroute to anywhere, but, it can not talk to > > any DNS server. Any traffic to port 53 UDP simply seems to dissapear. > > Sheer guess, but perhaps the PPP negotiation is giving them something > weird (eg, 127.0.0.1) as the nameserver address. Have a look at > /etc/resolv.conf while they're connected and at the ppp log. > > Have you tried dig @server.ip some.host? > Any internal firewall in place? What do its logs/stats show? Yes, from the other ISPs, dig @their.servers and dig @my.own.servers works fine. On SAIX, dig @anybody.server only gives me a timeout. The box uses ipfw in a stateful setup, but even with that comletely out of the way, there's no difference. /etc/resolv.conf is static, but the address in there is correct. -- Willie Viljoen Freelance IT Consultant 214 Paul Kruger Avenue, Universitas Bloemfontein 9321 South Africa +27 51 522 15 60 +27 82 404 03 27 (mobile) will@unfoldings.net From owner-freebsd-net@FreeBSD.ORG Thu Jul 31 00:53:22 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3153C37B401; Thu, 31 Jul 2003 00:53:22 -0700 (PDT) Received: from apollo.laserfence.net (apollo.laserfence.net [196.44.69.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0143D43FAF; Thu, 31 Jul 2003 00:53:18 -0700 (PDT) (envelope-from will@unfoldings.net) Received: from localhost ([127.0.0.1]) by apollo.laserfence.net with esmtp (Exim 4.10) id 19i8FN-000Png-00; Thu, 31 Jul 2003 09:53:13 +0200 Received: from prometheus-p0.datel.laserfence.net ([192.168.255.1] helo=prometheus.home.laserfence.net) by apollo.laserfence.net with esmtp (Exim 4.10) id 19i8F5-000PnQ-00; Thu, 31 Jul 2003 09:52:57 +0200 Received: from phoenix.home.laserfence.net ([192.168.0.2]) by prometheus.home.laserfence.net with esmtp (Exim 4.10) id 19i8F1-0005M6-00; Thu, 31 Jul 2003 09:52:51 +0200 Received: from will by phoenix.home.laserfence.net with local (Exim 4.10) id 19i8F0-0001Zp-00; Thu, 31 Jul 2003 09:52:50 +0200 From: Willie Viljoen To: freebsd-questions@freebsd.org Date: Thu, 31 Jul 2003 09:52:49 +0200 User-Agent: KMail/1.5.1 MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200307310952.49995.will@unfoldings.net> Sender: Willie Viljoen X-Spam-Score: (/) X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/) *19i8F5-000PnQ-00*Yf2/Eo7Y3Sc* X-Virus-Scanned: by AMaViS snapshot-20020422 cc: freebsd-net@freebsd.org Subject: (Solved) Strange dial-up related DNS problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2003 07:53:22 -0000 I got it fixed (or atleast, as good as it can be fixed) For future reference, here's what went wrong. During the weekend, SAIX upgraded and repaired all Cisco equipment on their network. During this repair, they somehow managed to break something major. The /etc/ppp/options file on the offending BSD box contained the asyncmap 0 option. This tells pppd not to escape characters leaving as part of packets that could be misunderstood as being controle characters by the other side. This has been woking fine for a long time. however, during SAIX's tinkering, they managed to get their PPP gateways to not ignore controle characters coming in as part of IP packets, as they should be doing. What was going wrong was that some part of the DNS query must have been seen as some arb. controle character. The machine then handled the packet incorrectly, and it never reached the NS it was meant for. To fix this, just remove asyncmap 0 from your config file. This gives a slight performance hit, but with the wonderful resourcefullness of some ISPs, what can you do... Origional message follows: This gets a 10.0 on my weird-o-meter. I have a FreeBSD 4.7-RELEASE machine sitting at a client which dials in and collects their mail via POP3, and sends outgoing mail via a smarthost which points to an SMTP server at their ISP. This machine has worked fine since late last year, but started giving a strange problem this week. When connected to their ISP, SAIX, the machine can ping any live internet IP and it can traceroute to anywhere, but, it can not talk to any DNS server. Any traffic to port 53 UDP simply seems to dissapear. The same with firewalling enabled as normal, or even with ipfw add 1 allow ip from any to any When connected to any other ISP we have tried dialing, all works perfectly. When dialed from another FreeBSD box with the same username/password, the SAIX connection works perfectly. Yet, this single machine absolutely flat out refuses to talk to any name server while connected to SAIX, firewalling, no firewalling, no difference. I have tried running tcpdump -i ppp0 udp port 53 in an attempt at capturing these packets, nothing, I also looked at rl0 just for interest's sake, nothing. I have run out of ideas, what am I missing? PS: Please CC me in the reply, I get so much list mail I might miss a reply there. -- Willie Viljoen Freelance IT Consultant 214 Paul Kruger Avenue, Universitas Bloemfontein 9321 South Africa +27 51 522 15 60 +27 82 404 03 27 (mobile) will@unfoldings.net From owner-freebsd-net@FreeBSD.ORG Thu Jul 31 01:21:12 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 81D7237B401 for ; Thu, 31 Jul 2003 01:21:12 -0700 (PDT) Received: from epita.fr (hermes.epita.fr [163.5.255.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id ABF1143FA3 for ; Thu, 31 Jul 2003 01:21:10 -0700 (PDT) (envelope-from le-hen_j@epita.fr) Received: from carpediem (carpediem.epita.fr [10.42.42.5]) by epita.fr id h6V8L4208166 Thu, 31 Jul 2003 10:21:04 +0200 (CEST) Date: Thu, 31 Jul 2003 10:21:03 +0200 From: jeremie le-hen To: Rocco Caputo Message-ID: <20030731082103.GA17861@carpediem.epita.fr> References: <20030730191530.GD36116@eyrie.homenet> <20030730213229.GA37634@eyrie.homenet> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030730213229.GA37634@eyrie.homenet> User-Agent: Mutt/1.4i cc: freebsd-net@freebsd.org Subject: Re: pppoe, can't ping tun0, ipfnat ftp proxy "doesn't work" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2003 08:21:12 -0000 > > You are complicating things by running both ipfw and ipf. > > can you not do just one of them? > > I'm not sure. The literature I've read so far says neither firewall > does traffic shaping AND supports active FTP in a deny-by-default > setting. If google's to be believed, the generally accepted solution is > to use ipfw2 for DUMMYNET and ipf/ipfnat for firewalling and active FTP > proxying. That's exactly what I use on my personal DSL gateway, and it just works fine. I use the IPFilter framework for firewalling and NAT, since I found it quite simple and efficient. Furthermore NAT is done in kernel, reducing context swiches overhead, and it is also supposed to be an application-layer firewall for FTP, altough I've never succeeded in making it work (probably due to lack of documentation, it is still considered as an experimental feature). And, ping works, I even forward it :-) ! I use ipfw(8) for fine grained firewalling (things I can't unfortunately do with IPFilter, such as filtering on TCP options), and, in conjunction with dummynet(4), traffic shapping. The latter is indeed very simple to employ and there is no context switches overhead since everything is done in kernel. I know it is possible to use ALTQ with IPFilter for a more precise traffic shapping, but I've never found any documentation on it (I would be grateful if someone could point me to). > The combination served me well when I was using ppp(8) to drive a serial > modem. Now that I've switched to ADSL and PPPoE, things seem subtly > broken. I blame the user (myself), but I haven't found a solution after > beating on the problem for several days. Could you show us your ipf(8), ipnat(8) and ipfw(8) configuration files ? Foolish note: You can see echo requets leaving your box, and even echo replies comine back; for me, it smells you forgot to use the "keep state" statement in the rule which allows outgoing echo requests. But maybe I am missing something. Regards, -- Jeremie aka TtZ/TataZ jeremie.le-hen@epita.fr From owner-freebsd-net@FreeBSD.ORG Thu Jul 31 07:33:35 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8544537B422 for ; Thu, 31 Jul 2003 07:33:34 -0700 (PDT) Received: from imf22aec.mail.bellsouth.net (imf22aec.mail.bellsouth.net [205.152.59.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 11FED43F75 for ; Thu, 31 Jul 2003 07:33:33 -0700 (PDT) (envelope-from dngor@bellsouth.net) Received: from eyrie.homenet ([68.213.211.142]) by imf22aec.mail.bellsouth.netESMTP <20030731143332.ZFBW4586.imf22aec.mail.bellsouth.net@eyrie.homenet> for ; Thu, 31 Jul 2003 10:33:32 -0400 Received: from eyrie.homenet (abuse@localhost [127.0.0.1]) by eyrie.homenet (8.12.9/8.12.9) with ESMTP id h6VEXVvu087850 for ; Thu, 31 Jul 2003 10:33:31 -0400 (EDT) (envelope-from troc@eyrie.homenet) Received: (from troc@localhost) by eyrie.homenet (8.12.9/8.12.9/Submit) id h6VEXVfU087849 for freebsd-net@freebsd.org; Thu, 31 Jul 2003 10:33:31 -0400 (EDT) (envelope-from troc) Date: Thu, 31 Jul 2003 10:33:31 -0400 From: Rocco Caputo To: freebsd-net@freebsd.org Message-ID: <20030731143331.GD37634@eyrie.homenet> References: <20030730191530.GD36116@eyrie.homenet> <20030730213229.GA37634@eyrie.homenet> <20030731082103.GA17861@carpediem.epita.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030731082103.GA17861@carpediem.epita.fr> User-Agent: Mutt/1.4.1i Subject: Re: pppoe, can't ping tun0, ipfnat ftp proxy "doesn't work" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2003 14:33:35 -0000 On Thu, Jul 31, 2003 at 10:21:03AM +0200, jeremie le-hen wrote: > Rocco Caputo wrote: > > The combination served me well when I was using ppp(8) to drive a serial > > modem. Now that I've switched to ADSL and PPPoE, things seem subtly > > broken. I blame the user (myself), but I haven't found a solution after > > beating on the problem for several days. > > Could you show us your ipf(8), ipnat(8) and ipfw(8) configuration files ? > Foolish note: You can see echo requets leaving your box, and even echo replies > comine back; for me, it smells you forgot to use the "keep state" statement > in the rule which allows outgoing echo requests. But maybe I am missing > something. I think you're right about "keep state" being a problem. ipfstat -t shows several open states for tun0 -> tun0. The 10sec interval is how often I ping it. 68.213.211.142 68.213.211.142 0/0 icmp 4 116 0:50 68.213.211.142 68.213.211.142 0/0 icmp 4 116 0:30 68.213.211.142 68.213.211.142 0/0 icmp 4 116 0:00 68.213.211.142 68.213.211.142 0/0 icmp 4 116 0:10 68.213.211.142 68.213.211.142 0/0 icmp 4 116 0:40 68.213.211.142 68.213.211.142 0/0 icmp 4 116 0:20 It looks like state is being kept, but the echo replies aren't matching. I've verified that the packets cross tun0: 3) eyrie:/home/troc/firewall# tcpdump -i tun0 \ > 'src 68.213.211.142 and dst 68.213.211.142 and icmp' tcpdump: listening on tun0 10:23:44.035184 68.213.211.142 > 68.213.211.142: icmp: echo request 10:23:44.037761 68.213.211.142 > 68.213.211.142: icmp: echo request 10:23:44.037843 68.213.211.142 > 68.213.211.142: icmp: echo reply 10:23:44.038069 68.213.211.142 > 68.213.211.142: icmp: echo reply That's odd, though. I'm only pinging the address once every ten seconds, but tcpdump shows two requests and replies. The firewall configurations were included at the start of this thread, but I'm including them again. The other files are omitted. === ipfstat -i block in quick on tun0 from 0.0.0.0/8 to any block in quick on tun0 from 127.0.0.0/8 to any block in quick on tun0 from 169.254.0.0/16 to any block in quick on tun0 from 172.16.0.0/12 to any block in quick on tun0 from 192.0.2.0/24 to any block in quick on tun0 from 192.168.0.0/16 to any block in quick on tun0 from 224.0.0.0/4 to any block in quick on tun0 from 240.0.0.0/4 to any pass in quick on lo0 from any to any pass in quick on rl0 from any to any pass in quick on dc0 from any to any pass in quick on tun0 proto tcp from any to any port = 80 flags S/FSRPAU keep state keep frags pass in quick on tun0 proto tcp from any to any port = 113 flags S/FSRPAU keep state keep frags pass in quick on tun0 proto tcp from any to any port = 433 flags S/FSRPAU keep state keep frags pass in quick on tun0 proto tcp from any to any port 6881 >< 6999 flags S/FSRPAU keep state keep frags pass in quick on tun0 proto tcp from any to any port = 11512 flags S/FSRPAU keep state keep frags pass in quick on tun0 proto tcp from any to any port 32000 >< 32100 flags S/FSRPAU keep state keep frags block in quick from any to any === ipfstat -o block out quick on tun0 from 0.0.0.0/8 to any block out quick on tun0 from 127.0.0.0/8 to any block out quick on tun0 from 169.254.0.0/16 to any block out quick on tun0 from 172.16.0.0/12 to any block out quick on tun0 from 192.0.2.0/24 to any block out quick on tun0 from 192.168.0.0/16 to any block out quick on tun0 from 224.0.0.0/4 to any block out quick on tun0 from 240.0.0.0/4 to any pass out quick on lo0 from any to any pass out quick on rl0 from any to any pass out quick on dc0 from any to any pass out quick on tun0 proto icmp from any to any keep state pass out quick on tun0 proto tcp from any to any flags S/FSRPAU keep state keep frags pass out quick on tun0 proto udp from any to any keep state keep frags block out quick from any to any === ipnat -l List of active MAP/Redirect filters: map tun0 68.213.211.142/32 -> 68.213.211.142/32 proxy port ftp ftp/tcp List of active sessions: (none) === ipfw show 01110 queue 18 icmp from any to any in via tun0 01110 queue 18 ip from any to any in via tun0 iptos lowdelay,throughput 01120 queue 18 tcp from any to any in via tun0 tcpflags ack 01120 queue 18 tcp from any to any in via tun0 tcpflags ack 01300 queue 14 ip from any to any in via tun0 iptos lowdelay 01310 queue 14 tcp from any 6666-6669 to any in via tun0 01320 queue 14 tcp from any 80 to any in via tun0 01400 queue 11 tcp from any 119 to any in via tun0 01410 queue 11 tcp from any 5999 to any in via tun0 01420 queue 11 tcp from any to any in via tun0 iplen 1500 01430 queue 11 tcp from any 6881-6889 to any in via tun0 01440 queue 11 tcp from any to any dst-port 6881-6889 in via tun0 01900 queue 12 ip from any to any in via tun0 02100 queue 28 icmp from any to any out via tun0 02110 queue 28 ip from any to any out via tun0 iptos lowdelay,throughput 02120 queue 28 tcp from any to any out via tun0 tcpflags ack 02130 queue 28 tcp from any to any out via tun0 setup 02300 queue 24 ip from any to any out via tun0 iptos lowdelay 02310 queue 24 tcp from any to any dst-port 6666-6669 out via tun0 02400 queue 21 tcp from any 80 to any out via tun0 02410 queue 21 tcp from any 443 to any out via tun0 02420 queue 21 tcp from any 11512 to any out via tun0 02430 queue 21 tcp from any to any dst-port 119 out via tun0 02440 queue 21 tcp from any to any dst-port 5999 out via tun0 02450 queue 21 tcp from any to any out via tun0 iplen 1500 02460 queue 21 tcp from any 6881-6889 to any out via tun0 02470 queue 21 tcp from any to any dst-port 6881-6889 out via tun0 02900 queue 22 ip from any to any out via tun0 60000 allow ip from any to any via lo0 60010 allow ip from any to any via rl0 60020 allow ip from any to any via dc0 60030 allow ip from any to any via tun0 60040 allow ip from any to any 65535 deny ip from any to any === ipfw queue show 00010: 368.000 Kbit/s 0 ms 36 KB 0 queues (1 buckets) droptail 00011: 736.000 Kbit/s 0 ms 73 KB 0 queues (1 buckets) droptail 00012: 1.472 Mbit/s 0 ms 147 KB 0 queues (1 buckets) droptail 00020: 64.000 Kbit/s 0 ms 6144 B 0 queues (1 buckets) droptail 00021: 128.000 Kbit/s 0 ms 12 KB 0 queues (1 buckets) droptail 00022: 256.000 Kbit/s 0 ms 25 KB 0 queues (1 buckets) droptail === end -- Rocco Caputo - rcaputo@pobox.com - http://poe.perl.org/ From owner-freebsd-net@FreeBSD.ORG Thu Jul 31 09:41:07 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABF4537B401 for ; Thu, 31 Jul 2003 09:41:07 -0700 (PDT) Received: from helpdesk.altn.com (mail.helpdesk.altn.com [67.95.82.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id C854E43FB1 for ; Thu, 31 Jul 2003 09:41:06 -0700 (PDT) (envelope-from bryce@bryce.net) Received: from BRYCE ([10.1.1.101]) (authenticated user bryce@bryce.net) by helpdesk.altn.com (helpdesk.altn.com [67.95.82.132]) (MDaemon.PRO.v6.8.4.R) with ESMTP id 13-md50000000250.tmp for ; Thu, 31 Jul 2003 11:41:04 -0500 Message-ID: <01a801c35782$8886b380$6501010a@gis2.com> From: "Bryce Edwards" To: Date: Thu, 31 Jul 2003 11:41:04 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Authenticated-Sender: bryce@bryce.net X-Spam-Processed: helpdesk.altn.com, Thu, 31 Jul 2003 11:41:04 -0500 (not processed: message from valid local sender) X-MDRemoteIP: 10.1.1.101 X-Return-Path: bryce@bryce.net X-MDaemon-Deliver-To: freebsd-net@freebsd.org Subject: Multiple Interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2003 16:41:08 -0000 I have two interfaces and the following info in rc.conf. The first one is setup properly but the second one never gets configured. ifconfig_fxp0="inet a.b.c.186 netmask 255.255.255.192" ifconfig_fxp1="inet a.c.c.187 netmask 255.255.255.192" I'm running 4.8-STABLE FreeBSD 4.8-STABLE #0: Mon Jul 14 15:41:24 CDT 2003 When I run 'ifconfig -l', I get the following, so leaving network_interfaces="auto" should work. fxp0 fxp1 faith0 lo0 ppp0 sl0 What am I missing? TIA, Bryce From owner-freebsd-net@FreeBSD.ORG Thu Jul 31 09:59:18 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 68CB037B401 for ; Thu, 31 Jul 2003 09:59:18 -0700 (PDT) Received: from helpdesk.altn.com (mail.helpdesk.altn.com [67.95.82.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8FDD343F85 for ; Thu, 31 Jul 2003 09:59:17 -0700 (PDT) (envelope-from bryce@bryce.net) Received: from BRYCE ([10.1.1.101]) (authenticated user bryce@bryce.net) by helpdesk.altn.com (helpdesk.altn.com [67.95.82.132]) (MDaemon.PRO.v6.8.4.R) with ESMTP id 63-md50000000250.tmp for ; Thu, 31 Jul 2003 11:59:15 -0500 Message-ID: <01ae01c35785$127d1500$6501010a@gis2.com> From: "Bryce Edwards" To: Date: Thu, 31 Jul 2003 11:59:14 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Authenticated-Sender: bryce@bryce.net X-Spam-Processed: helpdesk.altn.com, Thu, 31 Jul 2003 11:59:15 -0500 (not processed: message from valid local sender) X-MDRemoteIP: 10.1.1.101 X-Return-Path: bryce@bryce.net X-MDaemon-Deliver-To: freebsd-net@freebsd.org Subject: freevrrp X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2003 16:59:18 -0000 I'm trying to run freevrrpd on a server with two interfaces for redundancy. I want them both to act as one IP in a master/slave setup. Here's the errors I'm getting: Jul 31 11:07:34 ns freevrrpd[207]: launching daemon in background mode Jul 31 11:07:34 ns freevrrpd[208]: initializing threads and all VRID Jul 31 11:07:34 ns freevrrpd[208]: reading configuration file /usr/local/etc/freevrrpd.conf Jul 31 11:07:34 ns freevrrpd[208]: cannot set ip addr a.b.c.131 for interface fxp0 (ioctl SIOCAIFADDR): File exists Jul 31 11:07:34 ns freevrrpd[208]: send ip = a.b.c.186, eth = xxxxxxxxxxx Jul 31 11:07:34 ns freevrrpd[208]: server state vrid 10: master Jul 31 11:07:34 ns freevrrpd[208]: server state vrid 10: backup Jul 31 11:07:37 ns freevrrpd[208]: cannot set ip addr a.b.c.131 for interface fxp1 (ioctl SIOCAIFADDR): File exists Jul 31 11:07:37 ns freevrrpd[208]: server state vrid 10: master Jul 31 11:07:37 ns freevrrpd[208]: send ip = a.b.c.186, eth = xxxxxxxxxxx Jul 31 11:08:08 ns last message repeated 30 times Jul 31 11:10:09 ns last message repeated 120 times Jul 31 11:19:03 ns last message repeated 529 times Jul 31 11:19:03 ns freevrrpd[208]: server state vrid 10: backup Jul 31 11:19:03 ns freevrrpd[208]: server state vrid 10: backup Jul 31 11:19:03 ns freevrrpd[208]: select on readfds fd_set failed: Interrupted system call Jul 31 11:19:04 ns freevrrpd[208]: cannot set ip addr a.b.c.131 for interface fxp1 (ioctl SIOCAIFADDR): File exists Jul 31 11:19:04 ns freevrrpd[208]: server state vrid 10: master Jul 31 11:21:13 ns freevrrpd[208]: restoring real MAC address: xxxxxxxxxxx for interface fxp0 Jul 31 11:21:13 ns freevrrpd[208]: restoring real MAC address: xxxxxxxxxxx for interface fxp1 Here's my config: [VRID] serverid = 10 interface = fxp0 priority = 255 addr = a.b.c.131/26 password = test [VRID] serverid = 10 interface = fxp1 priority = 254 addr = a.b.c.131/26 password = test And in rc.conf: ifconfig_fxp0="inet a.b.c.186 netmask 255.255.255.192" ifconfig_fxp1="inet a.b.c.187 netmask 255.255.255.192" TIA, Bryce From owner-freebsd-net@FreeBSD.ORG Thu Jul 31 10:01:06 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 81BB137B401 for ; Thu, 31 Jul 2003 10:01:06 -0700 (PDT) Received: from mail.starblanket.ca (s142-179-220-105.ab.hsia.telus.net [142.179.220.105]) by mx1.FreeBSD.org (Postfix) with SMTP id 8180043F85 for ; Thu, 31 Jul 2003 10:01:05 -0700 (PDT) (envelope-from bob@starblanket.ca) Received: (qmail 18208 invoked from network); 31 Jul 2003 10:15:30 -0000 Received: from unknown (HELO occ6rh5vpruoln) (192.168.1.14) by mail.starblanket.ca with SMTP; 31 Jul 2003 10:15:30 -0000 From: "Bob" To: Date: Thu, 31 Jul 2003 11:07:18 -0600 Organization: Starblanket Internet Security Corp Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 In-Reply-To: <01a801c35782$8886b380$6501010a@gis2.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal cc: 'Bryce Edwards' Subject: RE: Multiple Interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: bob@starblanket.ca List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2003 17:01:06 -0000 Greets > I have two interfaces and the following info in rc.conf. The > first one is > setup properly but the second one never gets configured. I just went through this process myself. The word I have is that FreeBSD cannot run two NICs on the same subnet, which is what your included config shows. So try as you may it will not work. I also tested 4.7, 5.0 and 5.1 with similar results. Here is a snippet of an email I received on this topic: Begin Well, as long as I can tell, one can't have 2 ifaces on the same subnet on FreeBSD. This seems to be regarded as a feature by the guys who have written the code. "It's arguable that it should be done any other way, since it will put questions like what interface will be used for outgoing segments to the subnet ? etc. which will require to manually assign the arp table as log as you have the rest of the nodes of the subnet connected throu some kind of switches or to still have all outgoing connections throu a preferred interface which will require a SRC (IP+MAC) addresses of the other interface and will unnecessary complicated the hole thing". So the result will be a gain in the speed of incoming segments but more load on the system. END >What am I missing? All you are missing is the fact FreeBSD cannot handle two NICs the same subnet. OpenBSD does, NetBSD does and Linux does. Regards Bob D From owner-freebsd-net@FreeBSD.ORG Thu Jul 31 10:03:22 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DCDC137B401 for ; Thu, 31 Jul 2003 10:03:21 -0700 (PDT) Received: from phoenix.gargantuan.com (rrcs-se-24-73-171-238.biz.rr.com [24.73.171.238]) by mx1.FreeBSD.org (Postfix) with ESMTP id 045C543FB1 for ; Thu, 31 Jul 2003 10:03:21 -0700 (PDT) (envelope-from michael@gargantuan.com) Received: from cyclops.gargantuan.com (cyclops.gargantuan.com [3ffe:c00:8034:a00::300]) by phoenix.gargantuan.com (Postfix) with ESMTP id 334B02B4; Thu, 31 Jul 2003 13:03:20 -0400 (EDT) From: "Michael W. Oliver" To: "Bryce Edwards" , Date: Thu, 31 Jul 2003 13:03:01 -0400 User-Agent: KMail/1.5.2 References: <01ae01c35785$127d1500$6501010a@gis2.com> In-Reply-To: <01ae01c35785$127d1500$6501010a@gis2.com> MIME-Version: 1.0 Content-Type: Text/Plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable Content-Description: clearsigned data Content-Disposition: inline Message-Id: <200307311303.18950.michael@gargantuan.com> Subject: Re: freevrrp X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: michael@gargantuan.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2003 17:03:22 -0000 =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +--- On Thursday, July 31, 2003 12:59, | Bryce Edwards proclaimed: | | I'm trying to run freevrrpd on a server with two interfaces for | redundancy. I want them both to act as one IP in a master/slave setup.=20 | Here's the errors I'm getting: | | Jul 31 11:07:34 ns freevrrpd[207]: launching daemon in background mode | Jul 31 11:07:34 ns freevrrpd[208]: initializing threads and all VRID | Jul 31 11:07:34 ns freevrrpd[208]: reading configuration file | /usr/local/etc/freevrrpd.conf | Jul 31 11:07:34 ns freevrrpd[208]: cannot set ip addr a.b.c.131 for | interface fxp0 (ioctl SIOCAIFADDR): File exists | Jul 31 11:07:34 ns freevrrpd[208]: send ip =3D a.b.c.186, eth =3D xxxxxxx= xxxx | Jul 31 11:07:34 ns freevrrpd[208]: server state vrid 10: master | Jul 31 11:07:34 ns freevrrpd[208]: server state vrid 10: backup | Jul 31 11:07:37 ns freevrrpd[208]: cannot set ip addr a.b.c.131 for | interface fxp1 (ioctl SIOCAIFADDR): File exists | Jul 31 11:07:37 ns freevrrpd[208]: server state vrid 10: master | Jul 31 11:07:37 ns freevrrpd[208]: send ip =3D a.b.c.186, eth =3D xxxxxxx= xxxx | Jul 31 11:08:08 ns last message repeated 30 times | Jul 31 11:10:09 ns last message repeated 120 times | Jul 31 11:19:03 ns last message repeated 529 times | Jul 31 11:19:03 ns freevrrpd[208]: server state vrid 10: backup | Jul 31 11:19:03 ns freevrrpd[208]: server state vrid 10: backup | Jul 31 11:19:03 ns freevrrpd[208]: select on readfds fd_set failed: | Interrupted system call | Jul 31 11:19:04 ns freevrrpd[208]: cannot set ip addr a.b.c.131 for | interface fxp1 (ioctl SIOCAIFADDR): File exists | Jul 31 11:19:04 ns freevrrpd[208]: server state vrid 10: master | Jul 31 11:21:13 ns freevrrpd[208]: restoring real MAC address: | xxxxxxxxxxx for interface fxp0 | Jul 31 11:21:13 ns freevrrpd[208]: restoring real MAC address: | xxxxxxxxxxx for interface fxp1 | | Here's my config: | | [VRID] | serverid =3D 10 | interface =3D fxp0 | priority =3D 255 | addr =3D a.b.c.131/26 | password =3D test | | [VRID] | serverid =3D 10 | interface =3D fxp1 | priority =3D 254 | addr =3D a.b.c.131/26 | password =3D test | | And in rc.conf: | | ifconfig_fxp0=3D"inet a.b.c.186 netmask 255.255.255.192" | ifconfig_fxp1=3D"inet a.b.c.187 netmask 255.255.255.192" | | TIA, | | Bryce Ni Bryce, Try setting the mask on the VIP to /32 instead of /26. IIRC, an alias=20 address must have a /32 mask, as the routing table already has an entry for= =20 a.b.c.128/26 (in your case), which is why it is rejecting the VIP address=20 assignment. =2D --=20 +-------------------------------------+------------------------------+ | Michael W. Oliver, CCNP | "The tree of liberty must be | | IPv6 & FreeBSD mark | refreshed from time to time | | michael@gargantuan.com | with the blood of patriots | | http://michael.gargantuan.com/ | and tyrants." | | ASpath-tree, Looking Glass, etc. | - President Thomas Jefferson | | +------------------------------+ | gpg key - http://michael.gargantuan.com/gnupg/pubkey.asc | +--------------------------------------------------------------------+ =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/KUvWsWv7q8X6o8kRAk49AJ9LRes55+k+HHyzciVY9GSYdXlwpgCfZN8O =46DovoIyfgFXTKtcP6vDlmLQ=3D =3DJ2vb =2D----END PGP SIGNATURE----- From owner-freebsd-net@FreeBSD.ORG Thu Jul 31 10:46:40 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E45E137B404 for ; Thu, 31 Jul 2003 10:46:40 -0700 (PDT) Received: from hysteria.spc.org (hysteria.spc.org [195.206.69.234]) by mx1.FreeBSD.org (Postfix) with SMTP id DC8C343FDD for ; Thu, 31 Jul 2003 10:46:37 -0700 (PDT) (envelope-from bms@hysteria.spc.org) Received: (qmail 1691 invoked by uid 5013); 31 Jul 2003 17:44:08 -0000 Date: Thu, 31 Jul 2003 18:44:08 +0100 From: Bruce M Simpson To: freebsd-net@freebsd.org Message-ID: <20030731174408.GD24526@spc.org> Mail-Followup-To: Bruce M Simpson , freebsd-net@freebsd.org, fenner@freebsd.org, jmallett@freebsd.org, sam@freebsd.org, sjg@freebsd.org, jesper@freebsd.org, imp@bsdimp.com, raja@moselle.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i Organization: SPC cc: raja@moselle.com cc: sjg@freebsd.org cc: sam@freebsd.org cc: jesper@freebsd.org cc: fenner@freebsd.org cc: imp@bsdimp.com Subject: [PATCH] AODV (RFC 3561) support for tcpdump X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2003 17:46:41 -0000 Hi all, I send you this patch in order that I may have your advice. I've added a module to tcpdump to decode AODV packets as per RFC 3561. The only extension currently understood is HELLO. I've submitted this to tcpdump@sourceforge, but I've been working with a number of you on wi(4) related things, or have met you in person recently, thus giving you 'heads up' and opportunity to review. [Tracker ID 780993] I haven't been able to test this extensively because: I have 3 LocustWorld MeshBoxes here which don't seem to be speaking to each other, and the solitary machine which does send AODV traffic is sending type 69, which doesn't inspire confidence (but it seems someone's made off with the passwords for them, too - all will probably be resolved when someone gets back from holiday). Yes, Dorothy, this is in lieu of a possible forthcoming BSD aodvd daemon. Regards, BMS From owner-freebsd-net@FreeBSD.ORG Thu Jul 31 11:02:01 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B7EE37B401 for ; Thu, 31 Jul 2003 11:02:01 -0700 (PDT) Received: from hysteria.spc.org (hysteria.spc.org [195.206.69.234]) by mx1.FreeBSD.org (Postfix) with SMTP id 0CA8243F75 for ; Thu, 31 Jul 2003 11:01:57 -0700 (PDT) (envelope-from bms@hysteria.spc.org) Received: (qmail 2108 invoked by uid 5013); 31 Jul 2003 17:59:27 -0000 Date: Thu, 31 Jul 2003 18:59:27 +0100 From: Bruce M Simpson To: freebsd-net@freebsd.org Message-ID: <20030731175927.GE24526@spc.org> Mail-Followup-To: Bruce M Simpson , freebsd-net@freebsd.org, fenner@freebsd.org, jmallett@freebsd.org, sam@freebsd.org, jesper@freebsd.org, sjg@evilcode.net Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="qGV0fN9tzfkG3CxV" Content-Disposition: inline User-Agent: Mutt/1.4.1i Organization: SPC cc: fenner@freebsd.org cc: sjg@evilcode.net cc: sam@freebsd.org cc: jesper@freebsd.org Subject: On demand routing redux (RFC 3561 AODV preparatory) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2003 18:02:01 -0000 --qGV0fN9tzfkG3CxV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi all, Here's some more stuff I'd like review on. I've written a simple bit of code which just sits there listening for RTM_RESOLVE and redirects destination cloned route using RTM_CHANGE. I wrote this to prove we could implement in-demand routing protocols, in userland, without any of the stupid kernel modifications we've seen for Linux implementations. Specify a CIDR network on the command line; it will configure a disc(4) interface and add a network route via that interface. Currently, the netmask code is broken; Bill Fenner has given me feedback on how to fix this. You can sidestep this by creating the disc0 route before running rtmhack: # ifconfig disc0 create # route -n add 10.0.0.0/8 -iface disc0 The name 'disc0' was not chosen deliberately. Needless to say, this code is really hackish, and will be getting cleaned up thoroughly before it is anywhere near production quality. Please let me know your thoughts. Comments and feedback solicited. BMS --qGV0fN9tzfkG3CxV Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=README The proof of concept code simply updates the route to point to a loopback interface (which deliberately creates a local routing loop for the purposes of demonstration). A cloning XRESOLVE route is bound to a local 'bit bucket' interface, disc0, for a given network prefix. Any use of this route will cause a child route to be created via the CLONING mechanism, and an RTM_RESOLVE message will be generated which we later reply to. The only information delivered in an RTM_RESOLVE message is the address for which the kernel is requesting routing information. Therefore it will be necessary to check the sockaddr against the list of addresses for hosts and/or networks which we manage, and discard the message if it doesn't match. It looks as though we can't send an RTM_RESOLVE back to the kernel. Instead, we have to use RTM_CHANGE to modify the cloned route. The CLONING mechanism sets the IFP. So we must reset that when sending an RTM_CHANGE to the kernel, by using an empty sockaddr_dl for the IFP; this means that it will be inferred from RTAX_GATEWAY. The required fields for an RTM_CHANGE are: destination, gateway, flags (and genmask if specifying a network route). ifa/ifp should also be specified if changing an interface route. RTA_AUTHOR doesn't appear to be used anywhere in the kernel. This attribute could be potentially useful for recording the originator of AODV routes in-kernel; for now, this information shall reside only in aodvd's MIB. --qGV0fN9tzfkG3CxV Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="rtmhack.c" /* $FreeBSD$ */ /* * This is a hack to demonstrate the concept of hooking for the * RTM_RESOLVE message being sent from the FreeBSD routing code, * as a means of looking up routes on demand using a routing protocol * such as AODV. * This code will probably be vastly cleaned up and tested more thoroughly * before being used as the basis for a user-space BSD AODV implementation. */ /* * Copyright (c) 2003 Bruce M. Simpson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Bruce M. Simpson. * 4. Neither the name of Bruce M. Simpson nor the names of co- * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY Bruce M. Simpson AND CONTRIBUTORS * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL Bruce M. Simpson OR CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include void usage(void); int add_xresolve_route(char *ifname, struct sockaddr_in *sin, int bits); int inet_cidr_aton(char *s, struct in_addr *pin, int *bits); int get_if_index(char *ifname); int create_if(char *ifname); int destroy_if(char *ifname); int if2sockaddr(char *ifname, struct sockaddr_dl *sdl); int handle_rtmsg(struct rt_msghdr *rtm, int msglen); int handle_rtmsg_resolve(struct rt_msghdr *rtm, int msglen); int reply_rtmsg_resolve(struct sockaddr_in *sin); /* * We check for the existence of _IFNAME. */ #if 1 #define _IFNAME "disc0" #else #define _IFNAME "lo0" #endif int rtsock; int main(int argc, char *argv[]) { int n; int bits; char msg[2048]; struct sockaddr_in sin; if (geteuid() != 0) errx(1, "must be root to alter routing table"); memset(&sin, 0, sizeof(sin)); sin.sin_family = AF_INET; sin.sin_len = sizeof(sin); /* Parse network argument */ if ((argc != 2) || (inet_cidr_aton(argv[1], &sin.sin_addr, &bits) != 1)) usage(); /* Open routing socket */ rtsock = socket(PF_ROUTE, SOCK_RAW, 0); if (rtsock == -1) err(EX_OSERR, "socket"); /* Check that the target interface exists; create it if it doesn't. */ if (get_if_index(_IFNAME) == -1) { warnx("interface %s does not exist, creating.", _IFNAME); create_if(_IFNAME); add_xresolve_route(_IFNAME, &sin, bits); } /* Routing event loop */ for (;;) { n = read(rtsock, msg, sizeof(msg)); handle_rtmsg((struct rt_msghdr *)msg, n); } if (rtsock != -1) close(rtsock); exit (EXIT_SUCCESS); } void usage(void) { fprintf(stderr, "usage: rtmhack \n" " specifies the test network in CIDR notation\n"); exit(EXIT_FAILURE); } /* * Like inet_aton(), but handle an optional CIDR prefix. */ int inet_cidr_aton(char *s, struct in_addr *pin, int *bits) { char *q; q = NULL; *bits = 32; if ((q = strchr(s, '/')) != NULL) { *bits = strtoul(q+1, 0, 0); *q = '\0'; } return (inet_aton(s, pin)); } /* * Return the index of a named interface in the MIB, or -1 if it does * not exist. */ int get_if_index(char *ifname) { int name[6]; int i; size_t len; int maxifno; int indx; struct ifmibdata ifmd; int ifnamelen; ifnamelen = strlen(ifname); indx = -1; name[0] = CTL_NET; name[1] = PF_LINK; name[2] = NETLINK_GENERIC; name[3] = IFMIB_SYSTEM; name[4] = IFMIB_IFCOUNT; len = sizeof(maxifno); if (sysctl(name, 5, &maxifno, &len, 0, 0) < 0) err(1, "sysctl net.link.generic.system.ifcount"); name[3] = IFMIB_IFDATA; name[5] = IFDATA_GENERAL; len = sizeof(ifmd); for (i = 1; i <= maxifno; i++) { name[4] = i; if (sysctl(name, 6, &ifmd, &len, 0, 0) < 0) { if (errno == ENOENT) continue; err(1, "sysctl"); } if (strncmp(ifname, ifmd.ifmd_name, ifnamelen) == 0) { indx = i; break; } } return (indx); } /* * create an instance of a named clonable interface. * Return 0 if successful, or -1 if an error occurred. */ int create_if(char *ifname) { int s, retval; struct ifreq ifr; retval = 0; s = socket(AF_INET, SOCK_DGRAM, 0); if (s == -1) err(1, "socket"); memset(&ifr, 0, sizeof(ifr)); (void) strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); if (ioctl(s, SIOCIFCREATE, &ifr) < 0) { retval = -1; warn("SIOCIFCREATE"); } close(s); return (retval); } /* * destroy an instance of a named clonable interface. * Return 0 if successful, or -1 if an error occurred. */ int destroy_if(char *ifname) { int s, retval; struct ifreq ifr; retval = 0; s = socket(AF_INET, SOCK_DGRAM, 0); if (s == -1) err(1, "socket"); memset(&ifr, 0, sizeof(ifr)); (void) strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); if (ioctl(s, SIOCIFDESTROY, &ifr) < 0) { retval = -1; warn("SIOCIFDESTROY"); } close(s); return (retval); } /* * Copy the sockaddr_dl structure corresponding to the named interface * into the structure pointed to by sdl. * Returns 0 if successful, or -1 if the structure found was not valid. */ int if2sockaddr(char *ifname, struct sockaddr_dl *sdl) { struct ifaddrs *ifap, *ifa; struct sockaddr_dl *isdl; if (getifaddrs(&ifap)) err(1, "getifaddrs"); isdl = NULL; for (ifa = ifap; ifa; ifa = ifa->ifa_next) { if (ifa->ifa_addr->sa_family != AF_LINK) continue; if (strcmp(ifname, ifa->ifa_name)) continue; isdl = (struct sockaddr_dl *)ifa->ifa_addr; } if (sdl) memcpy(sdl, isdl, isdl->sdl_len); return ((isdl != NULL) ? 0 : -1); } /* * Bind an cloning XRESOLVE route, for the given network/host, * to a named interface. * Return 0 if successful, or -1 if an error occurred. * * XXX there is a glaring bug here - the netmask is not set correctly * when adding the route. what could be the problem? this is a real mess. */ int add_xresolve_route(char *ifname, struct sockaddr_in *sin, int bits) { int len; struct { struct rt_msghdr rtm; struct sockaddr addrs[RTAX_MAX]; } r; char *cp; int l; struct sockaddr_dl sdl; struct sockaddr_in sin_mask; unsigned long mask; #define ROUNDUP(a) \ ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long)) #define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len)) #define NEXTADDR(rtm, w, u) \ if (rtm.rtm_addrs & (w)) {\ l = ROUNDUP(u.sa.sa_len); memmove(cp, &(u), l); cp += l;\ } /* RTM_ADD: Add Route: len 172, pid: 31485, seq 1, errno 0 flags: locks: inits: sockaddrs: 1.0.0.0 disc0 (0) 0 ff */ cp = (char *) &r.addrs[0]; memset(&r, 0, sizeof(r)); r.rtm.rtm_version = RTM_VERSION; r.rtm.rtm_type = RTM_ADD; r.rtm.rtm_msglen = sizeof(r); r.rtm.rtm_pid = getpid(); r.rtm.rtm_seq = 0; r.rtm.rtm_flags = RTF_XRESOLVE | RTF_CLONING | RTF_UP; r.rtm.rtm_addrs = RTA_DST | RTA_GATEWAY | RTA_NETMASK; if2sockaddr(ifname, &sdl); memmove(&r.addrs[RTAX_DST], sin, sin->sin_len); memmove(&r.addrs[RTAX_GATEWAY], &sdl, sdl.sdl_len); #if 0 NEXTADDR(RTA_DST, sin); NEXTADDR(RTA_GATEWAY, sdl); NEXTADDR(RTA_NETMASK, sin_mask); #endif memset(&sin_mask, 0x0, sizeof(sin_mask)); mask = 0xffffffff << (32 - bits); sin_mask.sin_addr.s_addr = htonl(mask); cp = (char *)(&sin_mask.sin_addr + 1); while (*--cp == 0 && cp > (char *)&sin_mask) ; sin->sin_len = 1 + cp - (char *)&sin_mask; fprintf(stderr, "sin_len %d\n", sin_mask.sin_len); fprintf(stderr, "sin_family %d\n", sin_mask.sin_family); fprintf(stderr, "sin_port %d\n", sin_mask.sin_port); fprintf(stderr, "sin_addr %s\n", inet_ntoa(sin_mask.sin_addr)); memmove(&r.addrs[RTAX_NETMASK], &sin_mask, sin_mask.sin_len); len = write(rtsock, &r, r.rtm.rtm_msglen); if (len != r.rtm.rtm_msglen) warn("write"); return ((len > 0) ? 0 : -1); #undef NEXTADDR #undef ADVANCE #undef ROUNDUP } /* * routing socket message dispatcher */ int handle_rtmsg(struct rt_msghdr *rtm, int msglen) { if (rtm->rtm_version != RTM_VERSION) { (void) printf("bad routing message version %d\n", rtm->rtm_version); return (-1); } switch (rtm->rtm_type) { case RTM_RESOLVE: (void) printf("rtm_type %d: RTM_RESOLVE\n", rtm->rtm_type); handle_rtmsg_resolve(rtm, msglen); break; default: (void) printf("rtm_type %d: ignored\n", rtm->rtm_type); } return (0); } /* * Dispatch routine for RTM_RESOLVE routing messages. * Return 0 if successful; otherwise, return -1 if an error occurred. */ int handle_rtmsg_resolve(struct rt_msghdr *rtm, int msglen) { void *sp; struct sockaddr *sa; struct sockaddr_in *sin; /* * ignore messages from ourselves */ if (rtm->rtm_pid == getpid()) { printf("heard own message, ignoring\n"); return (0); } printf("rtm_index: %04x rtm_addrs: %08x\n", rtm->rtm_index, rtm->rtm_addrs); /* * The message must contain the address for which a route is * being requested, otherwise it is invalid. */ if (!(rtm->rtm_addrs & RTA_DST)) { warnx("RTM_RESOLVE message does not contain destination"); return (-1); } sa = sp = (rtm + 1); if (sa->sa_family != AF_INET) { warnx("RTM_RESOLVE contains non-AF_INET destination %d", sa->sa_family); return (-1); } sin = (struct sockaddr_in *)sa; printf("route requested for %s\n", inet_ntoa(sin->sin_addr)); /* * XXX: Should check if the requested destination is within the * network prefix specified on the command line. */ reply_rtmsg_resolve(sin); printf("route resolved for %s\n", inet_ntoa(sin->sin_addr)); return (0); } /* * Modify a given route in response to an RTM_RESOLVE message from the kernel. * Return 0 if successful; otherwise, return -1. */ int reply_rtmsg_resolve(struct sockaddr_in *sin) { int len; struct { struct rt_msghdr rtm; struct sockaddr addrs[RTAX_MAX]; } r; struct sockaddr_dl sdl; memset(&r, 0, sizeof(r)); r.rtm.rtm_version = RTM_VERSION; r.rtm.rtm_type = RTM_CHANGE; r.rtm.rtm_pid = getpid(); r.rtm.rtm_seq = 0; if2sockaddr("lo0", &sdl); memcpy(&r.addrs[RTAX_DST], sin, sin->sin_len); memcpy(&r.addrs[RTAX_GATEWAY], &sdl, sdl.sdl_len); memset(&r.addrs[RTAX_IFP], 0, sizeof(r.addrs[RTAX_IFP])); memset(&r.addrs[RTAX_IFA], 0, sizeof(r.addrs[RTAX_IFA])); r.rtm.rtm_addrs = RTA_DST | RTA_GATEWAY | RTA_IFP | RTA_IFA; r.rtm.rtm_flags = RTF_DONE; r.rtm.rtm_msglen = sizeof(r); len = write(rtsock, &r, r.rtm.rtm_msglen); if (len != r.rtm.rtm_msglen) warn("write"); return ((len > 0) ? 0 : -1); } --qGV0fN9tzfkG3CxV-- From owner-freebsd-net@FreeBSD.ORG Thu Jul 31 11:13:49 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 85D3937B401 for ; Thu, 31 Jul 2003 11:13:49 -0700 (PDT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id B4F8143FB1 for ; Thu, 31 Jul 2003 11:13:48 -0700 (PDT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.9/8.12.9) with ESMTP id h6VIDG2A090510; Thu, 31 Jul 2003 14:13:16 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9/8.12.9/Submit) id h6VIDGqb090509; Thu, 31 Jul 2003 14:13:16 -0400 (EDT) (envelope-from barney) Date: Thu, 31 Jul 2003 14:13:16 -0400 From: Barney Wolff To: Bob Message-ID: <20030731181316.GA90414@pit.databus.com> References: <01a801c35782$8886b380$6501010a@gis2.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.35 cc: freebsd-net@freebsd.org cc: 'Bryce Edwards' Subject: Re: Multiple Interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2003 18:13:49 -0000 On Thu, Jul 31, 2003 at 11:07:18AM -0600, Bob wrote: > > All you are missing is the fact FreeBSD cannot handle > two NICs the same subnet. OpenBSD does, NetBSD does and Linux does. Wrong. As already stated, make the netmask on the second one /32. Re freevrrpd, so far as I know it's intended for the case of two machines where one backs up the other, not two interfaces on one machine taking over for each other. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Thu Jul 31 11:21:45 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 755A437B401 for ; Thu, 31 Jul 2003 11:21:45 -0700 (PDT) Received: from web10407.mail.yahoo.com (web10407.mail.yahoo.com [216.136.130.99]) by mx1.FreeBSD.org (Postfix) with SMTP id E930F43FB1 for ; Thu, 31 Jul 2003 11:21:44 -0700 (PDT) (envelope-from opolyakov@yahoo.com) Message-ID: <20030731182144.95446.qmail@web10407.mail.yahoo.com> Received: from [67.112.212.200] by web10407.mail.yahoo.com via HTTP; Thu, 31 Jul 2003 11:21:44 PDT Date: Thu, 31 Jul 2003 11:21:44 -0700 (PDT) From: Oleg Polyakov To: bob@starblanket.ca, freebsd-net@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: 'Bryce Edwards' Subject: RE: Multiple Interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2003 18:21:45 -0000 --- Bob wrote: > Greets > > > I have two interfaces and the following info in rc.conf. The > > first one is > > setup properly but the second one never gets configured. > > I just went through this process myself. > > The word I have is that FreeBSD cannot run two NICs on > the same subnet, which is what your included config shows. > So try as you may it will not work. I also tested 4.7, 5.0 > and 5.1 with similar results. The trick is to configure second interface with netmask 255.255.255.255. That interface can't be default gateway. But if anything listen to that address than it responds on that address. You may see log messages like this: arp: 10.13.1.2 is on fxp0 but got reply from 00:00:0c:61:2e:c0 on fxp1 To disable it run: sysctl net.link.ether.inet.log_arp_wrong_iface=0 > Here is a snippet of an email I received on this topic: > > Begin > > Well, as long as I can tell, one can't have 2 ifaces on the same subnet > on FreeBSD. This seems to be regarded as a feature by the guys who have > written the code. "It's arguable that it should be done any other way, > since it will put questions like what interface will be used for > outgoing segments to the subnet ? etc. which will require to manually > assign the arp table as log as you have the rest of the nodes of the > subnet connected throu some kind of switches or to still have all > outgoing connections throu a preferred interface which will require a > SRC (IP+MAC) addresses of the other interface and will unnecessary > complicated the hole thing". So the result will be a gain in the speed > of incoming segments but more load on the system. > > END > > >What am I missing? > > All you are missing is the fact FreeBSD cannot handle > two NICs the same subnet. OpenBSD does, NetBSD does and Linux does. That sounds misleading. FreeBSD handles two or more NICS on one subnet. You just can't configure them with same netmask or have them behave identically. Only one can be default gateway. > Regards > > Bob D > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From owner-freebsd-net@FreeBSD.ORG Thu Jul 31 11:36:47 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A0FAC37B401 for ; Thu, 31 Jul 2003 11:36:47 -0700 (PDT) Received: from phoenix.gargantuan.com (rrcs-se-24-73-171-238.biz.rr.com [24.73.171.238]) by mx1.FreeBSD.org (Postfix) with ESMTP id E333E43FBD for ; Thu, 31 Jul 2003 11:36:46 -0700 (PDT) (envelope-from michael@gargantuan.com) Received: from cyclops.gargantuan.com (cyclops.gargantuan.com [3ffe:c00:8034:a00::300]) by phoenix.gargantuan.com (Postfix) with ESMTP id 201B7292; Thu, 31 Jul 2003 14:36:46 -0400 (EDT) From: "Michael W. Oliver" To: Barney Wolff , Bob Date: Thu, 31 Jul 2003 14:36:36 -0400 User-Agent: KMail/1.5.2 References: <01a801c35782$8886b380$6501010a@gis2.com> <20030731181316.GA90414@pit.databus.com> In-Reply-To: <20030731181316.GA90414@pit.databus.com> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: clearsigned data Content-Disposition: inline Message-Id: <200307311436.45134.michael@gargantuan.com> cc: freebsd-net@freebsd.org Subject: Multihomed Routing (was Re: Multiple Interfaces) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: michael@gargantuan.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2003 18:36:48 -0000 =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +--- On Thursday, July 31, 2003 14:13, | Barney Wolff proclaimed: | | On Thu, Jul 31, 2003 at 11:07:18AM -0600, Bob wrote: | > All you are missing is the fact FreeBSD cannot handle | > two NICs the same subnet. OpenBSD does, NetBSD does and Linux does. | | Wrong. As already stated, make the netmask on the second one /32. | | Re freevrrpd, so far as I know it's intended for the case of two machines | where one backs up the other, not two interfaces on one machine taking | over for each other. I may be wrong here, but the problem lies in having duplicate routes in the= =20 routing table, which is what would happen if two interfaces were in the=20 same network and had the same mask (/26 for example). This is solved by=20 having a different mask for the second interface (much like using the /32=20 for VRRPd), but it is only a band-aid. I am no programmer, so forgive my ignorance in that respect, but why can't = a=20 metric be used to differentiate routes to the same destination network=20 within the routing table? I happened to be googling and found: http://daily.daemonnews.org/view_story.php3?story_id=3D3878 which describes exactly what I am talking about. Is there any reason why=20 this shouldn't be implemented by default in the OS? Personally, I would=20 very much like the ability of Zebra to feed the kernel the same route to=20 multiple destinations, differentiating those routes by metric value. Comments? =2D --=20 +-------------------------------------+------------------------------+ | Michael W. Oliver, CCNP | "The tree of liberty must be | | IPv6 & FreeBSD mark | refreshed from time to time | | michael@gargantuan.com | with the blood of patriots | | http://michael.gargantuan.com/ | and tyrants." | | ASpath-tree, Looking Glass, etc. | - President Thomas Jefferson | | +------------------------------+ | gpg key - http://michael.gargantuan.com/gnupg/pubkey.asc | +--------------------------------------------------------------------+ =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/KWG9sWv7q8X6o8kRAvsBAJwMhuja+N/U/W9Oqbb406Al1dI5MgCgjIQz aQxPupNElWciMWw9cXLMYjo=3D =3Dkg2R =2D----END PGP SIGNATURE----- From owner-freebsd-net@FreeBSD.ORG Thu Jul 31 12:25:16 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 969DE37B401 for ; Thu, 31 Jul 2003 12:25:16 -0700 (PDT) Received: from smtp2.libero.it (smtp2.libero.it [193.70.192.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9E13B43F75 for ; Thu, 31 Jul 2003 12:25:15 -0700 (PDT) (envelope-from ml.ventu@flashnet.it) Received: from soth.ventu (151.38.127.191) by smtp2.libero.it (7.0.012) id 3E9BEBC302323CAC for freebsd-net@freebsd.org; Thu, 31 Jul 2003 21:25:18 +0200 Received: from mailer (xanatar.ventu [10.1.2.6]) by soth.ventu (8.12.6p2/8.12.6) with SMTP id h6VJP9MD003337 for ; Thu, 31 Jul 2003 21:25:13 +0200 (CEST) (envelope-from ml.ventu@flashnet.it) Message-Id: <200307311925.h6VJP9MD003337@soth.ventu> To: Priority: Normal X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Thu, 31 Jul 2003 21:25:09 EST From: Andrea Venturoli X-Scanned-By: MIMEDefang 2.35 Subject: freevrrp X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrea Venturoli List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2003 19:25:16 -0000 ** Reply to note from "Bryce Edwards" Thu, 31 Jul 2003 11:59:14 -0500 > I'm trying to run freevrrpd on a server with two interfaces for redundancy. > I want them both to act as one IP in a master/slave setup. Here's the > errors I'm getting: > > Jul 31 11:07:34 ns freevrrpd[208]: cannot set ip addr a.b.c.131 for > interface fxp0 (ioctl SIOCAIFADDR): File exists > > Here's my config: > > addr = a.b.c.131/26 > > addr = a.b.c.131/26 Try /32 instead. bye av. From owner-freebsd-net@FreeBSD.ORG Thu Jul 31 12:55:08 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B96537B405 for ; Thu, 31 Jul 2003 12:55:08 -0700 (PDT) Received: from epita.fr (hermes.epita.fr [163.5.255.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C78743FAF for ; Thu, 31 Jul 2003 12:55:04 -0700 (PDT) (envelope-from le-hen_j@epita.fr) Received: from carpediem (carpediem.epita.fr [10.42.42.5]) by epita.fr id h6VJspA06635 Thu, 31 Jul 2003 21:54:51 +0200 (CEST) Date: Thu, 31 Jul 2003 21:54:50 +0200 From: jeremie le-hen To: Rocco Caputo Message-ID: <20030731195450.GB17861@carpediem.epita.fr> References: <20030730191530.GD36116@eyrie.homenet> <20030730213229.GA37634@eyrie.homenet> <20030731082103.GA17861@carpediem.epita.fr> <20030731143331.GD37634@eyrie.homenet> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030731143331.GD37634@eyrie.homenet> User-Agent: Mutt/1.4i cc: freebsd-net@freebsd.org Subject: Re: pppoe, can't ping tun0, ipfnat ftp proxy "doesn't work" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2003 19:55:08 -0000 Your problem looks very strange. I didn't succeed in reproducing the same behaviour on my personal gateway. But I noticed that, although you use ipnat(8), nat is also enabled in your ppp(8) configuration, this *may* explains some of your problems, such as seeing double packets. Try to remove all "nat*" lines. -- Jeremie aka TtZ/TataZ jeremie.le-hen@epita.fr From owner-freebsd-net@FreeBSD.ORG Thu Jul 31 14:13:14 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C76EC37B42A; Thu, 31 Jul 2003 14:13:13 -0700 (PDT) Received: from vsmtp1.tin.it (vsmtp1.tin.it [212.216.176.221]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F7B143FA3; Thu, 31 Jul 2003 14:13:12 -0700 (PDT) (envelope-from flag@tin.it) Received: from newluxor.skynet.org (80.182.24.132) by vsmtp1.tin.it (7.0.019) id 3F17CBF9004958E0; Thu, 31 Jul 2003 23:13:10 +0200 Received: by newluxor.skynet.org (Postfix, from userid 1002) id 615A937C; Thu, 31 Jul 2003 23:14:52 +0200 (CEST) Date: Thu, 31 Jul 2003 23:14:52 +0200 From: Paolo Pisati To: FreeBSD_Hackers Message-ID: <20030731211452.GA210@newluxor.skynet.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Useless-Header: Look ma, it's a # sign! X-Operating-System: FreeBSD newluxor.skynet.org 4.8-STABLE FreeBSD 4.8-STABLE cc: FreeBSD_Net Subject: Netgraph node, first steps in kernel land and a bloody crash dump X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2003 21:13:14 -0000 Hi guys, still here with my netgraph node. Today, after a couple of nice days without a problem, i spent the last 4 hours trying to understand why the hell, my module crash my stable box. DISCLAIMER: this is my first real attempt to work in kernel land, so it's quite possibile that i did something so stupid to not recognize it... =P anyway, this is a crash dump: (kgdb) exec-file /var/crash/kernel.0 (kgdb) core-file /var/crash/vmcore.0 IdlePTD at phsyical address 0x0033c000 initial pcb at physical address 0x0026bb20 panicstr: page fault panic messages: --- Fatal trap 12: page fault while in kernel mode fault virtual address = 0x310 fault code = supervisor read, page not present instruction pointer = 0x8:0x310 stack pointer = 0x10:0xccf7ece4 frame pointer = 0x10:0xccf7ecf0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 620 (thesis) interrupt mask = trap number = 12 panic: page fault syncing disks... 13 1 done Uptime: 13m29s dumping to dev #ad/0x20001, offset 230752 dump ata0: resetting devices .. done 128 127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111 110 109 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61 60 59 5 8 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 --- #0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487 487 if (dumping++) { (kgdb) where #0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487 #1 0xc0157b9f in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:316 #2 0xc0157fc4 in poweroff_wait (junk=0xc023f64c, howto=-1071386289) at /usr/src/sys/kern/kern_shutdown.c:595 #3 0xc02056a6 in trap_fatal (frame=0xccf7eca4, eva=784) at /usr/src/sys/i386/i386/trap.c:974 #4 0xc0205379 in trap_pfault (frame=0xccf7eca4, usermode=0, eva=784) at /usr/src/sys/i386/i386/trap.c:867 #5 0xc0204f63 in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16, tf_edi = -856166976, tf_esi = 0, tf_ebp = -856167184, tf_isp = -856167216, tf_ebx = 69, tf_edx = 0, tf_ecx = 0, tf_eax = -6422529, tf_trapno = 12, tf_err = 0, tf_eip = 784, tf_cs = 8, tf_eflags = 66118, tf_esp = -1071208512, tf_ss = 1861}) at /usr/src/sys/i386/i386/trap.c:466 #6 0x310 in ?? () #7 0xc0163e70 in putchar (c=69, arg=0xccf7edc0) at /usr/src/sys/kern/subr_prf.c:355 #8 0xc0164086 in kvprintf (fmt=0xc0e24baa "AF NODE\n", func=0xc0163dd0 , arg=0xccf7edc0, radix=10, ap=0xccf7edd8 "") at /usr/src/sys/kern/subr_prf.c:532 #9 0xc0163d4c in printf (fmt=0xc0e24ba8 "LEAF NODE\n") at /usr/src/sys/kern/subr_prf.c:305 #10 0xc0e2348a in ?? () #11 0xc0e23354 in ?? () #12 0xc019bc15 in ng_send_data (hook=0xc0cf4a40, m=0xc0748d00, meta=0x0) at /usr/src/sys/netgraph/ng_base.c:1649 #13 0xc0de12be in ?? () #14 0xc01769e3 in sosend (so=0xcc6e0580, addr=0xc0bc44c0, uio=0xccf80ed8, top=0xc0748d00, control=0x0, flags=0, p=0xc7bd9080) at /usr/src/sys/kern/uipc_socket.c:609 #15 0xc0179e27 in sendit (p=0xc7bd9080, s=4, mp=0xccf80f18, flags=0) at /usr/src/sys/kern/uipc_syscalls.c:590 #16 0xc0179ee6 in sendto (p=0xc7bd9080, uap=0xccf80f80) at /usr/src/sys/kern/uipc_syscalls.c:643 #17 0xc02058ca in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = -1077937886, tf_esi = 671679608, tf_ebp = -1077937864, tf_isp = -856158252, tf_ebx = 671679968, tf_edx = 134565966, tf_ecx = -9, tf_eax = 133, tf_trapno = 0, tf_err = 2, tf_eip = 671912972, tf_cs = 31, tf_eflags = 643, tf_esp = -1077937956, tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1175 #18 0xc01f9615 in Xint0x80_syscall () #19 0x80522c4 in ?? () #20 0x80523b0 in ?? () #22 0x805251a in ?? () #23 0x805251a in ?? () #24 0x805251a in ?? () #25 0x805251a in ?? () #26 0x80495ce in ?? () #27 0x8048ada in ?? () Ok, i'm not a guru, but it looks like the culprit is printf in kernel land, or at least, a bad use of it from myself... (see #9). I would like to fill the missing ?? in this dump, but i couldn't find how to load the symbols from my node (and yes, i've tried what's written in the handbook about the modules and it didn't work). Ok, enough for today, i wish someone could shed some light here, cause i really gave up... =( on a side note: [flag@newluxor flag]$ man 9 printf No entry for printf in section 9 of the manual [flag@newluxor flag]$ what's happened to the man page? thank you. -- Paolo GUFI: http://www.gufi.org From owner-freebsd-net@FreeBSD.ORG Thu Jul 31 16:06:40 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 776F537B401 for ; Thu, 31 Jul 2003 16:06:40 -0700 (PDT) Received: from smtp.omnis.com (smtp.omnis.com [216.239.128.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id CB68243FBD for ; Thu, 31 Jul 2003 16:06:39 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from salty.rapid.stbernard.com (corp-2.ipinc.com [199.245.188.2]) by smtp-relay.omnis.com (Postfix) with ESMTP id 5D4655B6B6; Thu, 31 Jul 2003 16:06:38 -0700 (PDT) From: Wes Peters Organization: Softweyr.com To: Oleg Polyakov , bob@starblanket.ca, freebsd-net@freebsd.org Date: Thu, 31 Jul 2003 16:06:37 -0700 User-Agent: KMail/1.5.2 References: <20030731182144.95446.qmail@web10407.mail.yahoo.com> In-Reply-To: <20030731182144.95446.qmail@web10407.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200307311606.37766.wes@softweyr.com> cc: 'Bryce Edwards' Subject: Re: Multiple Interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2003 23:06:40 -0000 On Thursday 31 July 2003 11:21, Oleg Polyakov wrote: > --- Bob wrote: > > Greets > > > > > I have two interfaces and the following info in rc.conf. The > > > first one is > > > setup properly but the second one never gets configured. > > > > I just went through this process myself. > > > > The word I have is that FreeBSD cannot run two NICs on > > the same subnet, which is what your included config shows. > > So try as you may it will not work. I also tested 4.7, 5.0 > > and 5.1 with similar results. > > The trick is to configure second interface with netmask > 255.255.255.255. That interface can't be default gateway. But if > anything listen to that address than it responds on that address. Right. The problem is, you have two interfaces on the same network. This isn't an error per se, but only one of them is going to be used because there can only be one route to the associated network. By giving the second interface an all-ones netmask, you've effectively placed it into a different network. This prevents the ifconfig command from trying to duplicate the route to the local network. You can add other routes through this interface now, for instance as a dedicated interface for another IP network. What you haven't told us is what you're attempting to accomplish with this second interface. By the way, this topic of conversation is actually more appropriate for freebsd-questions, this list is supposedly for discussing implementation details on the various FreeBSD network stacks. > You may see log messages like this: > arp: 10.13.1.2 is on fxp0 but got reply from 00:00:0c:61:2e:c0 on > fxp1 > > To disable it run: > sysctl net.link.ether.inet.log_arp_wrong_iface=0 Yeah, that'll turn off the messages but not the errors. ;^) > > Here is a snippet of an email I received on this topic: > > > > Begin > > > > Well, as long as I can tell, one can't have 2 ifaces on the same > > subnet on FreeBSD. This seems to be regarded as a feature by the > > guys who have written the code. Yup, it is. In the absence of being able to do something sensible, a warning message seems like a good alternative. > > "It's arguable that it should be > > done any other way, since it will put questions like what > > interface will be used for outgoing segments to the subnet ? etc. Uh, no, that's exactly the questions that come up when you DO try to configure two interfaces on the same network. Look at it this way: if I have two interfaces on a 192.168.1 network and I open a socket, bind the local address to INADDR_ANY and the remote address to something else on the 192.168.1 network, which interface do I pick for outgoing packets? The dark secret in OpenBSD and NetBSD here is that they always pick the same one. You think you're "load balancing" by putting two interfaces in there, but the general truth is that you're just pouring electrons into unused hardware unless you've carefully configured the system to make use of both interfaces. > > which will require to manually assign the arp table as log as you > > have the rest of the nodes of the subnet connected throu some kind > > of switches or to still have all outgoing connections throu a > > preferred interface which will require a SRC (IP+MAC) addresses of > > the other interface and will unnecessary complicated the hole > > thing". So the result will be a gain in the speed of incoming > > segments but more load on the system. This has nothing to the with the ARP table and everything to do with the routing table. > > >What am I missing? > > > > All you are missing is the fact FreeBSD cannot handle > > two NICs the same subnet. OpenBSD does, NetBSD does and Linux does. > > That sounds misleading. FreeBSD handles two or more NICS on one > subnet. You just can't configure them with same netmask or have them > behave identically. > Only one can be default gateway. In point of fact, it's just completely wrong. I guess it depends on what you mean by "cannot handle", it certainly doesn't crash the kernel or halt networking or anything like that. In fact, the first interface you brought up continues to work just fine. FreeBSD does the same thing OpenBSD and NetBSD do, it just tells you that you've done something stupid while the other two merrily let you configure hardware that isn't going to be used. -- "Where am I, and what am I doing in this handbasket?" Wes Peters wes@softweyr.com From owner-freebsd-net@FreeBSD.ORG Thu Jul 31 18:09:17 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4DEDF37B401 for ; Thu, 31 Jul 2003 18:09:17 -0700 (PDT) Received: from phoenix.gargantuan.com (rrcs-se-24-73-171-238.biz.rr.com [24.73.171.238]) by mx1.FreeBSD.org (Postfix) with ESMTP id A1C9143F3F for ; Thu, 31 Jul 2003 18:09:16 -0700 (PDT) (envelope-from michael@gargantuan.com) Received: from cyclops.gargantuan.com (cyclops.gargantuan.com [3ffe:c00:8034:a00::300]) by phoenix.gargantuan.com (Postfix) with ESMTP id CE228299 for ; Thu, 31 Jul 2003 21:09:15 -0400 (EDT) From: "Michael W. Oliver" To: freebsd-net@freebsd.org Date: Thu, 31 Jul 2003 21:09:01 -0400 User-Agent: KMail/1.5.2 MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_42bK/6Dg7+w4lg7"; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200307312109.12903.michael@gargantuan.com> Subject: Multipath Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: michael@gargantuan.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 01:09:17 -0000 --Boundary-02=_42bK/6Dg7+w4lg7 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline [this was posted under another thread, so I am reposting as a new thread to= =20 hopefully generate some responses. thanks.] I am no programmer, so forgive my ignorance in that respect, but why can't = a=20 metric be used to differentiate routes to the same destination network=20 within the routing table? I happened to be googling and found: http://daily.daemonnews.org/view_story.php3?story_id=3D3878 which describes a patch to -STABLE that does exactly what I am talking=20 about. Is there any reason why this shouldn't be implemented by default in the OS?= =20 I am not being critical of the FreeBSD operating system by any means, just= =20 curious. Personally, I would very much like the ability of Zebra to feed the kernel= =20 the same route via multiple gateways, differentiating those routes by=20 metric value. Comments? =2D-=20 +-------------------------------------+------------------------------+ | Michael W. Oliver, CCNP | "The tree of liberty must be | | IPv6 & FreeBSD mark | refreshed from time to time | | michael@gargantuan.com | with the blood of patriots | | http://michael.gargantuan.com/ | and tyrants." | | ASpath-tree, Looking Glass, etc. | - President Thomas Jefferson | | +------------------------------+ | gpg key - http://michael.gargantuan.com/gnupg/pubkey.asc | +--------------------------------------------------------------------+ --Boundary-02=_42bK/6Dg7+w4lg7 Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQA/Kb24sWv7q8X6o8kRAtREAJ9Tt76WCKYpPbeYljBycTW0Sx4UgACgsLHL q+ZY5rMKq0VkzyniQjFNu3M= =brYT -----END PGP SIGNATURE----- --Boundary-02=_42bK/6Dg7+w4lg7-- From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 00:05:56 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92CDC37B401 for ; Fri, 1 Aug 2003 00:05:56 -0700 (PDT) Received: from mizar.origin-it.net (mizar.origin-it.net [194.8.96.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id 49E1343FA3 for ; Fri, 1 Aug 2003 00:05:53 -0700 (PDT) (envelope-from Helge.Oldach@atosorigin.com) Received: from matar.hbg.de.int.atosorigin.com (dehsfw3e.origin-it.net [194.8.96.68])h716v2JU042110 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 1 Aug 2003 09:04:21 +0200 (CEST) (envelope-from Helge.Oldach@atosorigin.com) Received: from dehhx004.hbg.de.int.atosorigin.com (dehhx004.hbg.de.int.atosorigin.com [161.90.164.40]) ESMTP id h716uLPm095339; Fri, 1 Aug 2003 08:56:26 +0200 (CEST) (envelope-from Helge.Oldach@atosorigin.com) Received: by dehhx004.hbg.de.int.atosorigin.com with Internet Mail Service (5.5.2653.19) id ; Fri, 1 Aug 2003 08:56:00 +0200 Message-ID: From: "Oldach, Helge" To: "'Bryce Edwards'" , freebsd-net@freebsd.org Date: Thu, 31 Jul 2003 21:00:09 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="windows-1252" Subject: RE: freevrrp X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 07:05:56 -0000 > From: Bryce Edwards [mailto:bryce@bryce.net] > Sent: Donnerstag, 31. Juli 2003 18:59 > To: freebsd-net@freebsd.org > Subject: freevrrp > > I'm trying to run freevrrpd on a server with two interfaces > for redundancy. I would prefer a layer 2 based approach ("EtherChannel") instead because of the much better convergence in case of failure, and you also get load sharing in both directions. Bundling two or more interfaces by means of netgraph would probably serve the job. Are there any off-the-shelf, i.e. native FEC solutions available? Helge From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 05:22:44 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B26F037B407 for ; Fri, 1 Aug 2003 05:22:44 -0700 (PDT) Received: from teamware-gmbh.de (mail.camelot.de [212.29.0.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 688BA43FAF for ; Fri, 1 Aug 2003 05:22:43 -0700 (PDT) (envelope-from ThomasZauner@gmx.de) Received: from [217.19.166.6] (HELO line-b-06.camelot.de) by teamware-gmbh.de (CommuniGate Pro SMTP 4.0.6) with ESMTP id 8774286 for freebsd-net@freebsd.org; Fri, 01 Aug 2003 14:22:41 +0200 From: Thomas Zauner To: freebsd-net@freebsd.org Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3 (1.0.3-4) Date: 01 Aug 2003 14:22:48 +0200 Message-Id: <1059740569.6846.1.camel@Tom1> Mime-Version: 1.0 Subject: freeBSD NIS-server - LINUX NIS-client auth/login probs X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 12:22:45 -0000 hi, i set up a NIS server on freebsd(5.1) excactly like in the handbook and then started the NIS client on linux (RH-9). (i just have 1 test user for now) 1) here's the output from ypcat passwd: the client binds the server ok: [root@linux]# ypcat passwd testo:*:1003:1003:User &:/home/testo/:/usr/local/bin/bash (the home dir does exist on the client -- via NFS) also in the RH user-manager i can see the user testo but i CANT LOGIN i think its an auth problem. on the freeBSD side i use md5 as default encrypt. but thats ok with linux i think.(on the freebsd side in /etc/login.conf defined) 2) there is a option in /var/yp/Makefile on the FREEBSD side "UNSECURE=true" but its commented out. here'S the discription of this option: ------------------------------ # If you want to use a FreeBSD NIS server to serve non-FreeBSD clients # (i.e. clients who expect the password field in the passwd maps to be # valid) then uncomment this line. This will cause $YPDIR/passwd to # be generated with valid password fields. This is insecure: FreeBSD # normally only serves the master.passwd maps (which have real encrypted # passwords in them) to the superuser on other FreeBSD machines, but # non-FreeBSD clients (e.g. SunOS, Solaris (without NIS+), IRIX, HP-UX, # etc...) will only work properly in 'unsecure' mode. # #UNSECURE="True" -------------------------------- DO I need this ? 3) also i am not shure what config to use in nsswitch.conf on linux because i dunno what NIS(1/2/+) freebsd is using so is this ok? -----SNIP (/etc/nsswitch.conf)------ passwd: compat group: compat shadow: nis files # i think there is no compat for shadow passwd_compat: nis group_compat: nis -------------------------------------- and then add the "+::::::" stuff to /etc/shadow passwd and groups or just: ---------------------------- passwd: nis files shadow: nis files group: nis files ------------------------------- and NOT use the +::: stuff in the passwd,group.shadow files ? or sth with nis+ in nsswitch.conf ? i am soooooo confused ! 5) what about the diffrent styles of the "shadowed" password file of LINUX(/etc/shadow) and FREEBSD (/etc/master.passwd) the freebsd master.passwd has more fields then the linux equivalent here'an example: -----------FREBSD(/etc/master.passwd)-- man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin -------------------------------------- nine ":"'s right ------------LINUX(/etc/shadow)---------- daemon:*:11833:0:99999:7::: ---------------------------------- eight ":"'s i think linux is missing the class thing from BSD but that shouldn't be a prob for NIS because thats ecaxtly what it is there for, distrubution passwd+logins for diff. systems RIGHT. 6) BTW my umask is 0077 do others/group need read-access to and of the files in /var/yp/* ??? ok thats all i can think of right now PLS if someone can help "SAVE MY WEEKEND" and help me. LOL Thomas Zauner From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 05:55:04 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B3BB937B404 for ; Fri, 1 Aug 2003 05:55:04 -0700 (PDT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 563AE43F3F for ; Fri, 1 Aug 2003 05:55:01 -0700 (PDT) (envelope-from sloach@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19) id <305LH1VG>; Fri, 1 Aug 2003 08:55:00 -0400 Message-ID: From: Scot Loach To: "'freebsd-net@freebsd.org'" Date: Fri, 1 Aug 2003 08:54:59 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Subject: TCP socket shutdown race condition X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 12:55:05 -0000 Earlier this week one of our FreeBSD 4.7 boxes panic'd. I've posted the stack trace at the end of this message. Using google, I've found several references to this panic over the past three years, but it seems its never been taken to root cause. The box crashes because the cr_uidinfo pointer in the so_cred structure is null. However, on closer inspection the so_cred structure is corrupted (cr_ref=3279453304 for example), so I'm guessing it has already been freed. Looking closer at the socket, I see that the SS_NOFDREF flag is set, which supports my theory. The tcpcb is in the CLOSED state, and has the SENTFIN flag set. I was able to reproduce this crash, although when I reproduced it it was the 2msl timer that triggered it instead of the rexmt timer, and the socket was in the TIME_WAIT state. To reproduce it, I ran a server on a SMP box that accepts incoming TCP connections, adds each socket to a kqueue, reads data and calls shutdown(), then calls close(), and I had another box making thousands of connections per second. Since kqueue and shutdown were involved, there's a slight chance that this could be related to kern/54331. However I still need to fine-tune my test to narrow down the problem and make it happen faster (it took over 12 hours to reproduce). Any ideas on what the problem might be? Suggestions on how I can debug this? #0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:493 #1 0xc01ba7e8 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:322 #2 0xc01bad11 in panic (fmt=0xc0327ad9 "%s") at /usr/src/sys/kern/kern_shutdown.c:608 #3 0xc02d414e in trap_fatal (frame=0xff807ca8, eva=48) at /usr/src/sys/i386/i386/trap.c:974 #4 0xc02d3d7d in trap_pfault (frame=0xff807ca8, usermode=0, eva=48) at /usr/src/sys/i386/i386/trap.c:867 #5 0xc02d381f in trap (frame={tf_fs = -820445160, tf_es = 16, tf_ds = -8388592, tf_edi = 0, tf_esi = -1070280516, tf_ebp = -8356624, tf_isp = -8356652, tf_ebx = -1, tf_edx = 1778434048, tf_ecx = -93045248, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1071185923, tf_cs = 8, tf_eflags = 66054, tf_esp = -820398592, tf_ss = -820398592}) at /usr/src/sys/i386/i386/trap.c:466 #6 0xc026fffd in acquire_lock (lk=0xc034d0bc) at machine/globals.h:114 #7 0xc02749e4 in softdep_update_inodeblock (ip=0xcf19b600, bp=0xdb8ca0dc, waitfor=0) at /usr/src/sys/ufs/ffs/ffs_softdep.c:3813 #8 0xc026f03a in ffs_update (vp=0xfa743e00, waitfor=0) at /usr/src/sys/ufs/ffs/ffs_inode.c:106 #9 0xc0278437 in ffs_sync (mp=0xcf0cfa00, waitfor=2, cred=0xc387b800, p=0xc0378880) at /usr/src/sys/ufs/ffs/ffs_vfsops.c:1025 #10 0xc01f1e9b in sync (p=0xc0378880, uap=0x0) at /usr/src/sys/kern/vfs_syscalls.c:576 #11 0xc01ba55b in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:241 #12 0xc01bad11 in panic (fmt=0xc0327ad9 "%s") at /usr/src/sys/kern/kern_shutdown.c:608 #13 0xc02d414e in trap_fatal (frame=0xff807e84, eva=8) at /usr/src/sys/i386/i386/trap.c:974 #14 0xc02d3d7d in trap_pfault (frame=0xff807e84, usermode=0, eva=8) at /usr/src/sys/i386/i386/trap.c:867 #15 0xc02d381f in trap (frame={tf_fs = -1071579112, tf_es = -819986416, tf_ds = -818085872, tf_edi = 0, tf_esi = 2147483647, tf_ebp = -8356140, tf_isp = -8356176, tf_ebx = -1, tf_edx = 1644167168, tf_ecx = 0, tf_eax = 1644167168, tf_trapno = 12, tf_err = 0, tf_eip = -1071930883, tf_cs = 8, tf_eflags = 66054, tf_esp = -272018704, tf_ss = -272018816}) at /usr/src/sys/i386/i386/trap.c:466 #16 0xc01ba1fd in chgsbsize (uip=0x0, hiwat=0xefc952f4, to=0, max=9223372036854775807) at /usr/src/sys/kern/kern_resource.c:780 #17 0xc01e0243 in sbrelease (sb=0xefc952f0, so=0xefc95280) at /usr/src/sys/kern/uipc_socket2.c:437 #18 0xc01dd457 in sofree (so=0xefc95280) at /usr/src/sys/kern/uipc_socket.c:262 #19 0xc020d44c in in_pcbdetach (inp=0xf24437e0) at /usr/src/sys/netinet/in_pcb.c:567 #20 0xc021e97a in tcp_close (tp=0xf24438a0) at /usr/src/sys/netinet/tcp_subr.c:754 #21 0xc021e7a3 in tcp_drop (tp=0xf24438a0, errno=60) at /usr/src/sys/netinet/tcp_subr.c:604 #22 0xc0220eb6 in tcp_timer_rexmt (xtp=0xf24438a0) at /usr/src/sys/netinet/tcp_timer.c:379 #23 0xc01c16de in softclock () at /usr/src/sys/kern/kern_timeout.c:131 #24 0xc02c2dfb in doreti_swi () From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 08:14:14 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD4DA37B401 for ; Fri, 1 Aug 2003 08:14:14 -0700 (PDT) Received: from mailman.research.att.com (H-135-207-24-32.research.att.com [135.207.24.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id E5FF143F75 for ; Fri, 1 Aug 2003 08:14:13 -0700 (PDT) (envelope-from misha@research.att.com) Received: from unixmail.research.att.com (unixmail.research.att.com [135.207.26.71])h71F5h3j032293 for ; Fri, 1 Aug 2003 11:05:44 -0400 Received: from chips.research.att.com (chips.research.att.com [135.207.27.139])h71FDgZn005246; Fri, 1 Aug 2003 11:13:42 -0400 (EDT) From: michael rabinovich Received: (from misha@localhost) by chips.research.att.com (SGI-8.9.3/8.8.5) id LAA46005; Fri, 1 Aug 2003 11:14:12 -0400 (EDT) Date: Fri, 1 Aug 2003 11:14:12 -0400 (EDT) Message-Id: <200308011514.LAA46005@chips.research.att.com> To: freebsd-net@freebsd.org cc: misha@research.att.com Subject: T/TCP useless on FreeBSD 4.7? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 15:14:15 -0000 Hi, Does anyone know the status of T/TCP support on FreeBSD 4.7? A simple test using the ttcpcli and ttcpserv examples from Stevens' T/TCP book shows basically the same behavior as described in Sec. 3.7 of the book as "Solaris bug": the server drops the data in the initial SYN segment from the client, causing the client to timeout and retransmit the data. Specifically, tcpdump (see below) shows that both hosts do exchange proper TTCP options (CC + CCecho), so TTCP is indeed used. It's just that the server drops the data and causes a timeout+retransmission on the client side. The source code in /sys/netinet/tcp_syncache.c seems to support this guess (see the snippet below). For the test, I used FreeBSD 4.7 Release 2 as a client and FreeBSD 4.7 Release 0 as the server. Am I missing something (after all, FreeBSD is supposed to be a ref implementation of T/TCP!) and if not is there is a simple way around this problem, short of going back to earlier FreeBSD releases? Thanks so much in advance, Michael Rabinovich ---------------------------------------------------------- Michael Rabinovich misha@research.att.com AT&T Labs - Research (973)360-8778 (voice) 180 Park Ave, (973)360-8871 (fax) Florham Park, NJ 07932 www.research.att.com/~misha ---------------------------------------------------------- ******************************************************* Here is the source code snippet from /sys/netinet/tcp_syncache.c: ******************************************************* /* * Given a LISTEN socket and an inbound SYN request, add * this to the syn cache, and send back a segment: * * to the source. * * IMPORTANT NOTE: We do _NOT_ ACK data that might accompany the SYN. * Doing so would require that we hold onto the data and deliver it * to the application. However, if we are the target of a SYN-flood * DoS attack, an attacker could send data which would eventually * consume all available buffer space if it were ACKed. By not ACKing * the data, we avoid this DoS scenario. */ int syncache_add(inc, to, th, sop, m) struct in_conninfo *inc; struct tcpopt *to; struct tcphdr *th; struct socket **sop; struct mbuf *m; { ********************************************************************** Here is the TCP dump with CC options (I produced it with "-s 0" option but removed some of the packet payloads for brevity): ********************************************************************** 15:40:37.716398 gs1.research.att.com.3000 > cdn2.research.att.com.8888: SFP 2663030787:2663031187(400) win 57600 (DF) 0x0000 4500 01d4 1861 4000 4006 0000 87cf 0e2d E....a@.@......- 0x0010 87cf 0e22 0bb8 22b8 9eba a003 0000 0000 ...".."......... 0x0020 c00b e100 2db4 0000 0204 05b4 0103 0300 ....-........... 0x0030 0101 080a 0e68 4e39 0000 0000 0101 0b06 .....hN9........ 0x0040 0002 8be1 5265 7120 6672 6f6d 2067 7331 ....Req.from.gs1 0x0050 2074 6f20 6364 6e32 00c7 0585 0000 0000 .to.cdn2........ 0x0060 35db 0485 7084 0408 c2f5 0685 1ad8 0485 5...p........... 15:40:37.716695 cdn2.research.att.com.8888 > gs1.research.att.com.3000: S 2005557341:2005557341(0) ack 2663030788 win 57344 (DF) 0x0000 4500 004c d61a 4000 4006 38a4 87cf 0e22 E..L..@.@.8...." 0x0010 87cf 0e2d 22b8 0bb8 778a 605d 9eba a004 ...-"...w.`].... 0x0020 e012 e000 efdf 0000 0204 05b4 0103 0300 ................ 0x0030 0101 080a 0c4c b6e3 0e68 4e39 0101 0b06 .....L...hN9.... 0x0040 0000 0440 0101 0d06 0002 8be1 ...@........ 15:40:37.716715 gs1.research.att.com.3000 > cdn2.research.att.com.8888: F 401:401(0) ack 1 win 57600 (DF) 0x0000 4500 003c 1862 4000 4006 0000 87cf 0e2d E..<.b@.@......- 0x0010 87cf 0e22 0bb8 22b8 9eba a194 778a 605e ..."..".....w.`^ 0x0020 a011 e100 2c1c 0000 0101 080a 0e68 4e39 ....,........hN9 0x0030 0c4c b6e3 0101 0b06 0002 8be1 .L.......... 15:40:37.716843 cdn2.research.att.com.8888 > gs1.research.att.com.3000: . ack 1 win 57600 (DF) 0x0000 4500 003c d61b 4000 4006 38b3 87cf 0e22 E..<..@.@.8...." 0x0010 87cf 0e2d 22b8 0bb8 778a 605e 9eba a004 ...-"...w.`^.... 0x0020 a010 e100 d496 0000 0101 080a 0c4c b6e3 .............L.. 0x0030 0e68 4e39 0101 0b06 0000 0440 .hN9.......@ 15:40:38.913084 gs1.research.att.com.3000 > cdn2.research.att.com.8888: FP 1:401(400) ack 1 win 57600 (DF) 0x0000 4500 01cc 1865 4000 4006 0000 87cf 0e2d E....e@.@......- 0x0010 87cf 0e22 0bb8 22b8 9eba a004 778a 605e ..."..".....w.`^ 0x0020 a019 e100 2dac 0000 0101 080a 0e68 4eb1 ....-........hN. 0x0030 0c4c b6e3 0101 0b06 0002 8be1 5265 7120 .L..........Req. 0x0040 6672 6f6d 2067 7331 2074 6f20 6364 6e32 from.gs1.to.cdn2 0x0050 00c7 0585 0000 0000 35db 0485 7084 0408 ........5...p... 15:40:38.913240 cdn2.research.att.com.8888 > gs1.research.att.com.3000: . ack 402 win 57200 (DF) 0x0000 4500 003c d61c 4000 4006 38b2 87cf 0e22 E..<..@.@.8...." 0x0010 87cf 0e2d 22b8 0bb8 778a 605e 9eba a195 ...-"...w.`^.... 0x0020 a010 df70 d3a5 0000 0101 080a 0c4c b75b ...p.........L.[ 0x0030 0e68 4eb1 0101 0b06 0000 0440 .hN........@ 15:40:38.913678 cdn2.research.att.com.8888 > gs1.research.att.com.3000: FP 1:401(400) ack 402 win 57600 (DF) 0x0000 4500 01cc d61f 4000 4006 371f 87cf 0e22 E.....@.@.7...." 0x0010 87cf 0e2d 22b8 0bb8 778a 605e 9eba a195 ...-"...w.`^.... 0x0020 a019 e100 dedd 0000 0101 080a 0c4c b75b .............L.[ 0x0030 0e68 4eb1 0101 0b06 0000 0440 5265 706c .hN........@Repl 0x0040 2066 726f 6d20 6364 6e32 2074 6f20 6773 .from.cdn2.to.gs 0x0050 313b 2052 6571 2065 6368 6f3a 2052 6571 1;.Req.echo:.Req 0x0060 2066 726f 6d20 6773 3120 746f 2063 646e .from.gs1.to.cdn 0x0070 3200 0000 6c02 0000 f904 0000 c505 0000 2...l........... 15:40:38.913691 gs1.research.att.com.3000 > cdn2.research.att.com.8888: . ack 402 win 57200 (DF) 0x0000 4500 003c 1866 4000 4006 0000 87cf 0e2d E..<.f@.@......- 0x0010 87cf 0e22 0bb8 22b8 9eba a195 778a 61ef ..."..".....w.a. 0x0020 a010 df70 2c1c 0000 0101 080a 0e68 4eb1 ...p,........hN. 0x0030 0c4c b75b 0101 0b06 0002 8be1 .L.[........ From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 08:21:50 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 73A7837B401 for ; Fri, 1 Aug 2003 08:21:50 -0700 (PDT) Received: from laptop.tenebras.com (laptop.tenebras.com [66.92.188.18]) by mx1.FreeBSD.org (Postfix) with SMTP id C686343FD7 for ; Fri, 1 Aug 2003 08:21:49 -0700 (PDT) (envelope-from kudzu@tenebras.com) Received: (qmail 58820 invoked from network); 1 Aug 2003 15:21:48 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (192.168.188.241) by 0 with SMTP; 1 Aug 2003 15:21:48 -0000 Message-ID: <3F2A858C.90903@tenebras.com> Date: Fri, 01 Aug 2003 08:21:48 -0700 From: Michael Sierchio User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.3.1) Gecko/20030425 X-Accept-Language: en-us, zh-tw, zh-cn, fr, en, de-de MIME-Version: 1.0 To: michael rabinovich References: <200308011514.LAA46005@chips.research.att.com> In-Reply-To: <200308011514.LAA46005@chips.research.att.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: T/TCP useless on FreeBSD 4.7? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 15:21:50 -0000 michael rabinovich wrote: > > Am I missing something (after all, FreeBSD is supposed to be a ref > implementation of T/TCP!) and if not is there is a simple way around > this problem, short of going back to earlier FreeBSD releases? sysctl net.inet.tcp | grep -E 'rfc1644|drop_synfin' ? From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 08:26:40 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 767F737B401 for ; Fri, 1 Aug 2003 08:26:40 -0700 (PDT) Received: from hysteria.spc.org (hysteria.spc.org [195.206.69.234]) by mx1.FreeBSD.org (Postfix) with SMTP id 4FBAC43FE1 for ; Fri, 1 Aug 2003 08:26:39 -0700 (PDT) (envelope-from bms@hysteria.spc.org) Received: (qmail 30849 invoked by uid 5013); 1 Aug 2003 15:24:08 -0000 Date: Fri, 1 Aug 2003 16:24:08 +0100 From: Bruce M Simpson To: michael rabinovich Message-ID: <20030801152408.GF27921@spc.org> Mail-Followup-To: Bruce M Simpson , michael rabinovich , freebsd-net@freebsd.org References: <200308011514.LAA46005@chips.research.att.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200308011514.LAA46005@chips.research.att.com> User-Agent: Mutt/1.4.1i Organization: SPC cc: freebsd-net@freebsd.org Subject: Re: T/TCP useless on FreeBSD 4.7? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 15:26:40 -0000 On Fri, Aug 01, 2003 at 11:14:12AM -0400, michael rabinovich wrote: > Does anyone know the status of T/TCP support on FreeBSD 4.7? ... > Am I missing something (after all, FreeBSD is supposed to be a ref > implementation of T/TCP!) and if not is there is a simple way around > this problem, short of going back to earlier FreeBSD releases? I don't use T/TCP on my production 4.8-RELEASE system, and the following sysctl values look fairly default:- net.inet.tcp.rfc1644: 0 net.inet.tcp.syncookies: 1 net.inet.tcp.drop_synfin: 0 SYN cookies and T/TCP can't co-exist. Please do check the above sysctl values; I know RFC 1644 has to be enabled, and syncookies have to be disabled, as well as drop_synfin. HTH, BMS From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 08:29:34 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ADE7C37B401 for ; Fri, 1 Aug 2003 08:29:34 -0700 (PDT) Received: from mailman.research.att.com (H-135-207-24-32.research.att.com [135.207.24.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 40C5643FAF for ; Fri, 1 Aug 2003 08:29:33 -0700 (PDT) (envelope-from misha@research.att.com) Received: from bigmail.research.att.com (bigmail.research.att.com [135.207.30.101])h71FL33j032584; Fri, 1 Aug 2003 11:21:03 -0400 Received: from research.att.com (ha17-4.research.att.com [135.207.26.210]) h71FTWB18178; Fri, 1 Aug 2003 11:29:32 -0400 (EDT) Sender: misha@research.att.com Message-ID: <3F2A782A.677B093F@research.att.com> Date: Fri, 01 Aug 2003 10:24:42 -0400 From: misha Organization: AT&T Labs - Research X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.18-3 i686) X-Accept-Language: en MIME-Version: 1.0 To: Michael Sierchio References: <200308011514.LAA46005@chips.research.att.com> <3F2A858C.90903@tenebras.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: T/TCP useless on FreeBSD 4.7? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 15:29:35 -0000 Michael Sierchio wrote: > michael rabinovich wrote: > > > > Am I missing something (after all, FreeBSD is supposed to be a ref > > implementation of T/TCP!) and if not is there is a simple way around > > this problem, short of going back to earlier FreeBSD releases? > > sysctl net.inet.tcp | grep -E 'rfc1644|drop_synfin' > > ? > > sysctl net.inet.tcp | grep -E 'rfc1644|drop_synfin' net.inet.tcp.rfc1644: 1 > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 08:42:04 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 41B3837B401 for ; Fri, 1 Aug 2003 08:42:04 -0700 (PDT) Received: from laptop.tenebras.com (laptop.tenebras.com [66.92.188.18]) by mx1.FreeBSD.org (Postfix) with SMTP id A3E9843FE0 for ; Fri, 1 Aug 2003 08:42:03 -0700 (PDT) (envelope-from kudzu@tenebras.com) Received: (qmail 58919 invoked from network); 1 Aug 2003 15:42:02 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (192.168.188.241) by 0 with SMTP; 1 Aug 2003 15:42:02 -0000 Message-ID: <3F2A8A4A.8010004@tenebras.com> Date: Fri, 01 Aug 2003 08:42:02 -0700 From: Michael Sierchio User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.3.1) Gecko/20030425 X-Accept-Language: en-us, zh-tw, zh-cn, fr, en, de-de MIME-Version: 1.0 To: Bruce M Simpson References: <200308011514.LAA46005@chips.research.att.com> <20030801152408.GF27921@spc.org> In-Reply-To: <20030801152408.GF27921@spc.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: michael rabinovich Subject: Re: T/TCP useless on FreeBSD 4.7? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 15:42:04 -0000 Bruce M Simpson wrote: > SYN cookies and T/TCP can't co-exist. Right, right, I forgot that one. Thanks. sysctl -a net.inet.tcp ;-) It's less than a screenful. From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 09:44:18 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F55937B401 for ; Fri, 1 Aug 2003 09:44:18 -0700 (PDT) Received: from pcslink.com (pcslink.com [208.145.64.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id C5BED43FBF for ; Fri, 1 Aug 2003 09:44:17 -0700 (PDT) (envelope-from ryan@pcslink.com) Received: (from ryan@localhost) by pcslink.com (8.9.3/8.9.2) id JAA66126; Fri, 1 Aug 2003 09:44:15 -0700 (MST) (envelope-from ryan) Date: Fri, 1 Aug 2003 06:44:15 -1000 From: Ryan Mooney To: "Michael W. Oliver" Message-ID: <20030801164415.GA62005@pcslink.com> References: <200307312109.12903.michael@gargantuan.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200307312109.12903.michael@gargantuan.com> User-Agent: Mutt/1.3.25i cc: freebsd-net@freebsd.org Subject: Re: Multipath Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 16:44:18 -0000 Better yet would be equal cost multi-path, since the code to solve that should (mostly) be able to handle the general case :) ryan@speaks.without.putting.up.the.code.com :) Content-Description: signed data > [this was posted under another thread, so I am reposting as a new thread to > hopefully generate some responses. thanks.] > > I am no programmer, so forgive my ignorance in that respect, but why can't a > metric be used to differentiate routes to the same destination network > within the routing table? I happened to be googling and found: > > http://daily.daemonnews.org/view_story.php3?story_id=3878 > > which describes a patch to -STABLE that does exactly what I am talking > about. > > Is there any reason why this shouldn't be implemented by default in the OS? > I am not being critical of the FreeBSD operating system by any means, just > curious. > > Personally, I would very much like the ability of Zebra to feed the kernel > the same route via multiple gateways, differentiating those routes by > metric value. > > Comments? > > -- > +-------------------------------------+------------------------------+ > | Michael W. Oliver, CCNP | "The tree of liberty must be | > | IPv6 & FreeBSD mark | refreshed from time to time | > | michael@gargantuan.com | with the blood of patriots | > | http://michael.gargantuan.com/ | and tyrants." | > | ASpath-tree, Looking Glass, etc. | - President Thomas Jefferson | > | +------------------------------+ > | gpg key - http://michael.gargantuan.com/gnupg/pubkey.asc | > +--------------------------------------------------------------------+ > > -- >-=-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-=-< Ryan Mooney ryan@pcslink.com <-=-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-=-> From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 12:30:56 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 66AEC37B401 for ; Fri, 1 Aug 2003 12:30:56 -0700 (PDT) Received: from mizar.origin-it.net (mizar.origin-it.net [194.8.96.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1C4DC43FA3 for ; Fri, 1 Aug 2003 12:30:55 -0700 (PDT) (envelope-from Helge.Oldach@atosorigin.com) Received: from matar.hbg.de.int.atosorigin.com (dehsfw3e.origin-it.net [194.8.96.68])h71JUr9U078949 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 1 Aug 2003 21:30:53 +0200 (CEST) (envelope-from Helge.Oldach@atosorigin.com) Received: from dehhx004.hbg.de.int.atosorigin.com (dehhx004.hbg.de.int.atosorigin.com [161.90.164.40]) ESMTP id h71JUrqm031854; Fri, 1 Aug 2003 21:30:53 +0200 (CEST) (envelope-from Helge.Oldach@atosorigin.com) Received: by dehhx004.hbg.de.int.atosorigin.com with Internet Mail Service (5.5.2653.19) id ; Fri, 1 Aug 2003 21:30:53 +0200 Message-ID: From: "Oldach, Helge" To: "Michael W. Oliver" Date: Fri, 1 Aug 2003 21:30:51 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" cc: freebsd-net@freebsd.org Subject: RE: Multipath Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 19:30:56 -0000 > I am no programmer, so forgive my ignorance in that respect, but why can't a > metric be used to differentiate routes to the same destination network > within the routing table? I happened to be googling and found: > > http://daily.daemonnews.org/view_story.php3?story_id=3878 > > which describes a patch to -STABLE that does exactly what I am talking > about. Routing will always follow the better metric. That's the paradigm. So if you have two routes the one with the better metric will always rule. Frankly, I don't quite see the rationale for such a hack. This can be solved using available mechanisms such as VRRP (or HSRP, if the gateways are decent routers). Furthermore: It doesn't detect when remote hosts are down. This is not the job of the kernel. It's not a routing protocol, it's not an automatic failover system. So what is this good for, that cannot be solved by already available mechanisms? Helge From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 12:48:01 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 445F537B401 for ; Fri, 1 Aug 2003 12:48:01 -0700 (PDT) Received: from csmail.commserv.ucsb.edu (cspdc.commserv.ucsb.edu [128.111.251.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 723C343F85 for ; Fri, 1 Aug 2003 12:48:00 -0700 (PDT) (envelope-from steve@expertcity.com) Received: from expertcity.com ([68.111.37.3]) by csmail.commserv.ucsb.edu (Netscape Messaging Server 3.62) with ESMTP id 471 for ; Fri, 1 Aug 2003 12:47:59 -0700 Message-ID: <3F2AC3F5.3010804@expertcity.com> Date: Fri, 01 Aug 2003 12:48:05 -0700 From: Steve Francis User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030612 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: mbuf clusters exhausted w/o reaching max? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 19:48:01 -0000 I have a FreeBSD 4.8-RELEASE #5 system that reported: Aug 1 11:50:39 rack2-101 /kernel: All mbuf clusters exhausted, please see tuning(7). Aug 1 11:50:39 rack2-101 /kernel: All mbufs exhausted, please see tuning(7). Yet its not close to the max allowed for clusters. rack2-101.nyc# netstat -m 1338/4240/131072 mbufs in use (current/peak/max): 1338 mbufs allocated to data 709/3366/32768 mbuf clusters in use (current/peak/max) 7792 Kbytes allocated to network (7% of mb_map in use) 50 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines rack2-101.nyc# I assume the problem is related to "50 requests for memory denied". However, this system has 1G RAM, and about half of it free, as far as I can tell. (ps -axlm ouput below, as well as systat and top.) So from all three tools, I see over 400M of inactive pages. I.e. pages that could be freed for use, and presumably allocated as mbuf clusters, but need to be flushed first. So is this an error in the mbuf cluster allocation code, the vm system not freeing pages fast enough to keep up with the demand for the mbufs, or something else again? Any ideas appreciated. Thanks ps -axlm UID PID PPID CPU PRI NI VSZ RSS WCHAN STAT TT TIME COMMAND 1002 87815 87814 75 2 0 390252 386472 - R ?? 668:11.73 ./bin/cCom_f 0 87829 1 0 2 0 4420 3764 select S p0- 9:50.28 /usr/bin/per 0 87823 1 1 2 0 4408 3752 select S p0- 13:29.65 /usr/bin/per 1002 87817 1 1 2 0 3344 1516 poll S ?? 2:31.43 BrokerLogger 0 87813 1 13 10 0 3256 2596 wait Is ?? 0:00.00 /usr/bin/per 0 62540 62538 0 18 0 1328 840 pause Ss p0 0:00.04 -csh (csh) 0 388 257 0 3 0 1312 712 ttyin I+ d1 0:00.01 -csh (csh) 0 115 1 0 2 0 3048 1756 select Ss ?? 0:05.88 sendmail: ac 0 155 1 83 2 0 3932 2748 select I d1- 13:28.21 /usr/local/s 25 118 1 0 18 0 2920 1576 pause Is ?? 0:00.47 sendmail: Qu 0 87814 87813 12 10 0 632 204 wait I ?? 0:00.00 sh -c ./bin/ 0 1 0 0 10 0 552 112 wait ILs ?? 0:00.01 /sbin/init - 0 101 1 0 2 0 1312 784 select Ss ?? 0:06.99 /usr/sbin/nt 0 142 1 177 10 0 2076 1532 nanslp S d1- 1:09.31 /usr/bin/per 0 62538 110 0 2 0 5708 2180 select S ?? 0:00.21 sshd: root@t 0 64191 62540 0 28 0 428 248 - R+ p0 0:00.00 ps -axlm 0 110 1 0 2 0 3008 1568 select Is ?? 0:03.09 /usr/sbin/ss 0 108 1 0 10 0 1024 660 nanslp Ss ?? 0:00.47 /usr/sbin/cr 1000 168 1 0 10 0 968 528 nanslp S d1- 0:06.88 /usr/local/b 0 257 1 0 10 0 1268 824 wait Is d1 0:00.03 login [pam] 0 23 1 71 18 0 212 44 pause Is ?? 0:00.00 adjkerntz -i 0 97 1 0 2 0 940 580 select Ss ?? 0:00.41 /usr/sbin/sy 0 112 1 0 2 0 924 468 select Ss ?? 0:00.24 /usr/sbin/us 0 249 1 0 3 0 952 544 ttyin Is+ v1 0:00.00 /usr/libexec 0 248 1 0 3 0 952 544 ttyin Is+ v0 0:00.00 /usr/libexec 0 250 1 0 3 0 952 544 ttyin Is+ v2 0:00.00 /usr/libexec 0 251 1 0 3 0 952 544 ttyin Is+ v3 0:00.00 /usr/libexec 0 252 1 0 3 0 952 544 ttyin Is+ v4 0:00.00 /usr/libexec 0 253 1 0 3 0 952 544 ttyin Is+ v5 0:00.00 /usr/libexec 0 254 1 0 3 0 952 544 ttyin Is+ v6 0:00.00 /usr/libexec 0 255 1 0 3 0 952 544 ttyin Is+ v7 0:00.00 /usr/libexec 0 256 1 0 3 0 948 516 siodcd I ?? 0:00.00 /usr/libexec 0 0 0 3 -18 0 0 0 sched DLs ?? 0:00.00 (swapper) 0 6 0 0 -2 0 0 0 vlruwt DL ?? 0:00.61 (vnlru) 0 4 0 0 -18 0 0 0 psleep DL ?? 0:00.63 (bufdaemon) 0 3 0 3 18 0 0 0 psleep DL ?? 0:00.00 (vmdaemon) 0 2 0 0 -18 0 0 0 psleep DL ?? 0:00.24 (pagedaemon 0 5 0 0 18 0 0 0 syncer DL ?? 0:45.58 (syncer) rack2-101.nyc# systat -vmstat: 2 users Load 0.65 0.65 0.61 Aug 1 12:43 Mem:KB REAL VIRTUAL VN PAGER SWAP PAGER Tot Share Tot Share Free in out in out Act 402424 6116 413732 5916 55372 count All 1026416 6792 3985912 7120 pages Interrupts Proc:r p d s w Csw Trp Sys Int Sof Flt 1 cow 8151 total 2 10 6222 617086499 8151 110 11 155608 wire stray irq7 400952 act 7921 mux irq9 16.4%Sys 19.0%Intr 26.3%User 0.0%Nice 38.3%Idl 416452 inact 2 ata0 irq14 | | | | | | | | | | 53404 cache sio0 irq4 ========++++++++++>>>>>>>>>>>>> 1968 free sio1 irq3 daefr 100 clk irq0 Namei Name-cache Dir-cache 6 prcfr 128 rtc irq8 Calls hits % hits % react 756 756 100 pdwake 8 zfod pdpgs Disks ad0 md0 3 ofod intrn KB/t 16.00 0.00 35 %slo-z 114496 buf tps 2 0 15 tfree 17 dirtybuf MB/s 0.03 0.00 70438 desiredvnodes % busy 0 0 17609 numvnodes 3657 freevnodes top: last pid: 64296; load averages: 0.64, 0.65, 0.61 up 2+19:12:20 12:43:41 31 processes: 3 running, 28 sleeping CPU states: 22.1% user, 0.0% nice, 18.0% system, 22.8% interrupt, 37.1% idle Mem: 391M Active, 407M Inact, 152M Wired, 52M Cache, 112M Buf, 1984K Free Swap: 1000M Total, 1000M Free From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 13:12:21 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8036E37B401 for ; Fri, 1 Aug 2003 13:12:21 -0700 (PDT) Received: from linux.research.att.com (H-135-207-24-16.research.att.com [135.207.24.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 76EA843F93 for ; Fri, 1 Aug 2003 13:12:20 -0700 (PDT) (envelope-from misha@research.att.com) Received: from bigmail.research.att.com (bigmail.research.att.com [135.207.30.101])h71KVspl012679; Fri, 1 Aug 2003 16:31:54 -0400 Received: from research.att.com (ha17-4.research.att.com [135.207.26.210]) h71KCEB14392; Fri, 1 Aug 2003 16:12:14 -0400 (EDT) Sender: misha@research.att.com Message-ID: <3F2ABA6C.3932CA5@research.att.com> Date: Fri, 01 Aug 2003 15:07:24 -0400 From: misha Organization: AT&T Labs - Research X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.18-3 i686) X-Accept-Language: en MIME-Version: 1.0 To: Bruce M Simpson , Michael Sierchio References: <200308011514.LAA46005@chips.research.att.com> <20030801152408.GF27921@spc.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: T/TCP useless on FreeBSD 4.7? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 20:12:21 -0000 Bruce, Michael: Thanks a lot for the sysctl values tips. While 4.7 release does not seem to have drop_synfin option, syncookies indeed used to be 1 (but now we changed it to 0) on both machines: > sysctl net.inet.tcp | grep -E 'rfc1644|drop_synfin|cook' net.inet.tcp.rfc1644: 1 net.inet.tcp.syncookies: 0 > Unfortunately, setting it to 0 did not help: the tcp dump looks exactly the same. In addition, I tried the following changes on the server (although it was clear this would not make any diff, but just to be diligent) (a) replace "send" call (as in T/TCP book) with "sendto" call according to the ttcp manpage: sendto(sock, buf, len, MSG_EOF, (struct sockaddr *)0, 0) (b) not send any reply at all, just read from the socket and close it. (c) set "TCP_NOPUSH" option on the server's socket before writing response to it (with sendto call above). In all cases, the tcp dump shows a timeout + retransmission by the client... Also, what do you think about that source ode snippet I included into my original mail? It would certainly explain the behavior, except it would also mean that T/TCP is no longer usable. Unless that piece of code is somehow bypassed with proper options... Thanks again, Michael Bruce M Simpson wrote: > On Fri, Aug 01, 2003 at 11:14:12AM -0400, michael rabinovich wrote: > > Does anyone know the status of T/TCP support on FreeBSD 4.7? > ... > > Am I missing something (after all, FreeBSD is supposed to be a ref > > implementation of T/TCP!) and if not is there is a simple way around > > this problem, short of going back to earlier FreeBSD releases? > > I don't use T/TCP on my production 4.8-RELEASE system, and the following > sysctl values look fairly default:- > > net.inet.tcp.rfc1644: 0 > net.inet.tcp.syncookies: 1 > net.inet.tcp.drop_synfin: 0 > > SYN cookies and T/TCP can't co-exist. Please do check the above sysctl > values; I know RFC 1644 has to be enabled, and syncookies have to be disabled, > as well as drop_synfin. > > HTH, > BMS > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 13:30:37 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE5FE37B401 for ; Fri, 1 Aug 2003 13:30:37 -0700 (PDT) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id EC8DF43FBF for ; Fri, 1 Aug 2003 13:30:36 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 9320 invoked from network); 1 Aug 2003 20:30:34 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 1 Aug 2003 20:30:34 -0000 X-pair-Authenticated: 209.68.2.70 Date: Fri, 1 Aug 2003 15:28:35 -0500 (CDT) From: Mike Silbersack To: Steve Francis In-Reply-To: <3F2AC3F5.3010804@expertcity.com> Message-ID: <20030801152510.J2165@odysseus.silby.com> References: <3F2AC3F5.3010804@expertcity.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: mbuf clusters exhausted w/o reaching max? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 20:30:38 -0000 On Fri, 1 Aug 2003, Steve Francis wrote: > I have a FreeBSD 4.8-RELEASE #5 system that reported: > Aug 1 11:50:39 rack2-101 /kernel: All mbuf clusters exhausted, please see tuning(7). > Aug 1 11:50:39 rack2-101 /kernel: All mbufs exhausted, please see tuning(7). > > Yet its not close to the max allowed for clusters. > rack2-101.nyc# netstat -m > 1338/4240/131072 mbufs in use (current/peak/max): > 1338 mbufs allocated to data > 709/3366/32768 mbuf clusters in use (current/peak/max) > 7792 Kbytes allocated to network (7% of mb_map in use) > 50 requests for memory denied > 0 requests for memory delayed > 0 calls to protocol drain routines > rack2-101.nyc# Mbufs & mbuf clusters are allocated from the kernel map, so it's possible for allocations to fail due to the kernel map being relatively full due to other parts of the kernel eating memory. This is probably what's happening in your case; given that only 50 allocations were denied, it probably didn't hurt your system much. Note that the kernel map is not the size of all ram; it's usually only 1/4 of the amount of ram available, with a ceiling of 256MB. You could try playing with those parameters, but you'll probably end up causing other problems in the process. :) (Fair kernel memory management is an area we're still working on in -current.) Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 14:22:07 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8935B37B401 for ; Fri, 1 Aug 2003 14:22:07 -0700 (PDT) Received: from csmail.commserv.ucsb.edu (cspdc.commserv.ucsb.edu [128.111.251.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 66DD243F75 for ; Fri, 1 Aug 2003 14:22:06 -0700 (PDT) (envelope-from steve@expertcity.com) Received: from expertcity.com ([68.111.37.3]) by csmail.commserv.ucsb.edu (Netscape Messaging Server 3.62) with ESMTP id 597; Fri, 1 Aug 2003 14:22:04 -0700 Message-ID: <3F2ADA02.7050304@expertcity.com> Date: Fri, 01 Aug 2003 14:22:10 -0700 From: Steve Francis User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030612 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Mike Silbersack References: <3F2AC3F5.3010804@expertcity.com> <20030801152510.J2165@odysseus.silby.com> In-Reply-To: <20030801152510.J2165@odysseus.silby.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: mbuf clusters exhausted w/o reaching max? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 21:22:07 -0000 THanks for the reply... Question below. Mike Silbersack wrote: >Mbufs & mbuf clusters are allocated from the kernel map, so it's possible >for allocations to fail due to the kernel map being relatively full due to >other parts of the kernel eating memory. This is probably what's >happening in your case; given that only 50 allocations were denied, it >probably didn't hurt your system much. > >Note that the kernel map is not the size of all ram; it's usually only 1/4 >of the amount of ram available, with a ceiling of 256MB. You could try >playing with those parameters, but you'll probably end up causing other >problems in the process. :) > From LINT (see below), the comment says the VM_KMEM_SIZE_MAX is 200M, yet the option says 100M. Comment typo, or typo in the option? Is increasing the VM_KMEM_SIZE_MAX (which should take us to up to 256M given 1G RAM) sufficient to allow extra space for mbuf clusters? I googled and found this from das@freebsd.org on a related question: "Within the kernel's share of this address space, memory is split into submaps, such as the mb_map (for the network), buffer_map for the filesystem buffer cache, and the kmem_map for just about everything else. These submaps are size-limited to prevent any one of them from getting out of hand." I presume I need to increase mb_map, but could not find a specific option for that. Does that scale with an increased VM_KMEM_SIZE_MAX? These servers basically run one process, which is about 500M resident and total size, on 1G RAM machine, and do tons of network IO with lots of packets. Given that, do you still anticipate " causing other problems in the process" if I tune this? Thanks # Tune the kernel malloc area parameters. VM_KMEM_SIZE represents the # minimum, in bytes, and is typically (12*1024*1024) (12MB). # VM_KMEM_SIZE_MAX represents the maximum, typically 200 megabytes. # VM_KMEM_SIZE_SCALE can be set to adjust the auto-tuning factor, which # typically defaults to 4 (kernel malloc area size is physical memory # divided by the scale factor). # options VM_KMEM_SIZE="(10*1024*1024)" options VM_KMEM_SIZE_MAX="(100*1024*1024)" options VM_KMEM_SIZE_SCALE="4" From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 15:56:49 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3506837B401 for ; Fri, 1 Aug 2003 15:56:49 -0700 (PDT) Received: from phoenix.gargantuan.com (rrcs-se-24-73-171-238.biz.rr.com [24.73.171.238]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F73943FB1 for ; Fri, 1 Aug 2003 15:56:48 -0700 (PDT) (envelope-from michael@gargantuan.com) Received: from cyclops.gargantuan.com (cyclops.gargantuan.com [3ffe:c00:8034:a00::300]) by phoenix.gargantuan.com (Postfix) with ESMTP id 3D6D129B; Fri, 1 Aug 2003 18:56:47 -0400 (EDT) From: "Michael W. Oliver" To: "Oldach, Helge" Date: Fri, 1 Aug 2003 18:56:33 -0400 User-Agent: KMail/1.5.2 References: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_sAvK/rSS5P06lyM"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200308011856.45118.michael@gargantuan.com> cc: freebsd-net@freebsd.org Subject: Re: Multipath Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: michael@gargantuan.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 22:56:49 -0000 --Boundary-02=_sAvK/rSS5P06lyM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline +--- On Friday, August 01, 2003 15:30, | Oldach, Helge proclaimed: | | > I am no programmer, so forgive my ignorance in that respect, but why | > can't a | > metric be used to differentiate routes to the same destination network | > within the routing table? I happened to be googling and found: | > | > http://daily.daemonnews.org/view_story.php3?story_id=3D3878 | > | > which describes a patch to -STABLE that does exactly what I am talking | > about. | | Routing will always follow the better metric. That's the paradigm. So | if you have two routes the one with the better metric will always rule. | What exactly is the syntax of entering a network route twice, using the sam= e=20 mask, via two different gateways, using different metrics? | Frankly, I don't quite see the rationale for such a hack. This can be | solved using available mechanisms such as VRRP (or HSRP, if the gateways | are decent routers). | In my case, I am talking about using FreeBSD as the router. For sure,=20 =46reeBSD + Zebra is one VERY powerful combination. | Furthermore: | | It doesn't detect when remote hosts are down. This is not the job of | the kernel. It's not a routing protocol, it's not an automatic failover | system. | | So what is this good for, that cannot be solved by already available | mechanisms? | As stated above, and in my first post, I am using Zebra, which is a suite o= f=20 routing protocols. It is aware of routing path changes. =2D-=20 +-------------------------------------+------------------------------+ | Michael W. Oliver, CCNP | "The tree of liberty must be | | IPv6 & FreeBSD mark | refreshed from time to time | | michael@gargantuan.com | with the blood of patriots | | http://michael.gargantuan.com/ | and tyrants." | | ASpath-tree, Looking Glass, etc. | - President Thomas Jefferson | | +------------------------------+ | gpg key - http://michael.gargantuan.com/gnupg/pubkey.asc | +--------------------------------------------------------------------+ --Boundary-02=_sAvK/rSS5P06lyM Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQA/KvAssWv7q8X6o8kRAuy2AKDA82739IvAGertpGT9G50okdSDbwCeNG+i wU8cGzYF3+bTissTDlJ7w1k= =wWYu -----END PGP SIGNATURE----- --Boundary-02=_sAvK/rSS5P06lyM-- From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 15:57:00 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3159537B40C for ; Fri, 1 Aug 2003 15:57:00 -0700 (PDT) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 2209543F3F for ; Fri, 1 Aug 2003 15:56:59 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 53089 invoked from network); 1 Aug 2003 22:56:58 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 1 Aug 2003 22:56:58 -0000 X-pair-Authenticated: 209.68.2.70 Date: Fri, 1 Aug 2003 17:54:57 -0500 (CDT) From: Mike Silbersack To: Steve Francis In-Reply-To: <3F2ADA02.7050304@expertcity.com> Message-ID: <20030801174106.D2165@odysseus.silby.com> References: <3F2AC3F5.3010804@expertcity.com> <20030801152510.J2165@odysseus.silby.com> <3F2ADA02.7050304@expertcity.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: mbuf clusters exhausted w/o reaching max? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 22:57:00 -0000 On Fri, 1 Aug 2003, Steve Francis wrote: > From LINT (see below), the comment says the VM_KMEM_SIZE_MAX is 200M, > yet the option says 100M. Comment typo, or typo in the option? > Is increasing the VM_KMEM_SIZE_MAX (which should take us to up to 256M > given 1G RAM) sufficient to allow extra space for mbuf clusters? The values listed in LINT are more for illustrative than functional purposes, so you can ignore them for the most part. The default VM_KMEM_SIZE_MAX is actually contained in /usr/src/sys/i386/include/vmparam.h, where it's set to 200 Megs. And I misremembered, the scale factor is 1/3rd, not 1/4th. If you want to change the kmem size, the easiest way to do it would be to edit /boot/loader.conf and set "kern.vm.kmem.size=300M" (Or more, perhaps.) > I googled and found this from das@freebsd.org on a related question: > "Within the kernel's share of this address space, memory is split into > submaps, such as the mb_map (for the network), buffer_map for the > filesystem buffer cache, and the kmem_map for just about everything > else. These submaps are size-limited to prevent any one of them from > getting out of hand." > I presume I need to increase mb_map, but could not find a specific > option for that. Does that scale with an increased VM_KMEM_SIZE_MAX? > > These servers basically run one process, which is about 500M resident > and total size, on 1G RAM machine, and do tons of network IO with lots > of packets. Given that, do you still anticipate " causing other > problems in the process" if I tune this? > > > Thanks The mb_map is allocated as part of the kernel map, so if other kernel users eat up ram before the mbuf subsystem does, then the mbuf subsystem has to starve. Ram for mbufs is not allocated until it is actually used, so if you only ever use 200 clusters, that's all the real ram that will be used. However, ram used by mbufs (and clusters) is never freed back for non-mbuf usage, so if you have a load spike and use 10000 clusters, that ram is unuseable by the rest of the system afterwards. I think if you stay under 400M that you'll probably be ok. The main issues with runaway memory usage occur on 2G and 4G machines, where the kernel map + buffer cache + swap stuff + etc was growing extremely large. However, if 50 failed memory allocations are all that you saw, and everything else is working properly, you might consider leaving things as they are. :) FWIW, Bosko Milekic is working on a new mbuf allocator for 5.x which will allow mbuf memory to be freed back to the common pool, PHK is thinking of ways to remove the memory usage of the buffer cache, and some other memory issues have already been fixed as the result of 5.x's UMA memory allocator. Hopefully by 5.2 or 5.3 you will no longer need to tweak any of these settings. (Very little of this work will be MFC'd to 4.x, due to the size of the changes.) Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 16:59:24 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A3B237B401 for ; Fri, 1 Aug 2003 16:59:24 -0700 (PDT) Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5C2E943FE0 for ; Fri, 1 Aug 2003 16:59:20 -0700 (PDT) (envelope-from ru@sunbay.com) Received: from whale.sunbay.crimea.ua (ru@localhost [127.0.0.1]) h71NxD0U013456 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 2 Aug 2003 02:59:14 +0300 (EEST) (envelope-from ru@sunbay.com) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.12.9/8.12.8/Submit) id h71NxCox013448; Sat, 2 Aug 2003 02:59:12 +0300 (EEST) (envelope-from ru) Date: Sat, 2 Aug 2003 02:59:12 +0300 From: Ruslan Ermilov To: Thomas Zauner Message-ID: <20030801235912.GA11304@sunbay.com> References: <1059740569.6846.1.camel@Tom1> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="K8nIJk4ghYZn606h" Content-Disposition: inline In-Reply-To: <1059740569.6846.1.camel@Tom1> User-Agent: Mutt/1.5.4i cc: freebsd-net@freebsd.org Subject: Re: freeBSD NIS-server - LINUX NIS-client auth/login probs X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 23:59:24 -0000 --K8nIJk4ghYZn606h Content-Type: multipart/mixed; boundary="17pEHd4RhPHOinZp" Content-Disposition: inline --17pEHd4RhPHOinZp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Aug 01, 2003 at 02:22:48PM +0200, Thomas Zauner wrote: > hi, >=20 > i set up a NIS server on freebsd(5.1) excactly like in the handbook and > then started the NIS client on linux (RH-9). >=20 >=20 > (i just have 1 test user for now) >=20 >=20 > 1) >=20 > here's the output from ypcat passwd: > the client binds the server ok: >=20 > [root@linux]# ypcat passwd > testo:*:1003:1003:User &:/home/testo/:/usr/local/bin/bash >=20 > (the home dir does exist on the client -- via NFS) >=20 > also in the RH user-manager i can see the user testo but i CANT LOGIN > i think its an auth problem. >=20 You need a shadow NIS map for Linux. > on the freeBSD side i use md5 as default encrypt. but thats ok with > linux > i think.(on the freebsd side in /etc/login.conf defined) >=20 Yes. > 2) >=20 > there is a option in /var/yp/Makefile on the FREEBSD side > "UNSECURE=3Dtrue" > but its commented out. [...] > DO I need this ? >=20 No. > 3) > also i am not shure what config to use in nsswitch.conf on linux > because i dunno what NIS(1/2/+) freebsd is using so is this ok? >=20 > -----SNIP (/etc/nsswitch.conf)------ > passwd: compat > group: compat > shadow: nis files # i think there is no compat for shadow >=20 There is (the compat for shadow). > passwd_compat: nis > group_compat: nis >=20 These are the defaults, IIRC. > and then add the "+::::::" stuff to /etc/shadow passwd and groups >=20 Yes, if you need to override some fields, which is typical. > passwd: nis files > shadow: nis files > group: nis files > ------------------------------- >=20 > and NOT use the +::: stuff in the passwd,group.shadow files ? >=20 Yes, that's another option (if you don't need to override anything). > or sth with nis+ in nsswitch.conf ? >=20 No. > 5)=20 > what about the diffrent styles of the "shadowed" password file of > LINUX(/etc/shadow) and FREEBSD (/etc/master.passwd) > the freebsd master.passwd has more fields then the linux equivalent >=20 I use the attached patch for /var/yp/Makefile to generate the shadow map. > 6) > BTW my umask is 0077 do others/group need read-access to and of the > files > in /var/yp/* ???=20 > =20 I don't think they need it. > ok thats all i can think of right now > PLS if someone can help "SAVE MY WEEKEND" and help me. LOL >=20 You're welcome! Cheers, --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software Ltd, ru@FreeBSD.org FreeBSD committer --17pEHd4RhPHOinZp Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=p Content-Transfer-Encoding: quoted-printable --- Makefile.dist Fri Mar 7 21:15:21 2003 +++ Makefile Wed Jun 11 20:14:35 2003 @@ -188,6 +190,7 @@ aliases: mail.aliases =20 master.passwd: master.passwd.byname master.passwd.byuid +master.passwd: shadow.byname =20 # # This is a special target used only when doing in-place updates with @@ -559,6 +562,22 @@ $(CAT) $(MASTER) | \ $(AWK) -F: '{ if ($$1 !=3D "" && $$1 !~ "^#.*" && $$1 !=3D "+") \ print $$3"\t"$$0 }' $^ \ + | $(DBLOAD) ${S} -f -i $(MASTER) -o $(YPMAPDIR)/$@ - $(TMP); \ + $(RMV) $(TMP) $@ + @$(DBLOAD) -c + @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi + @if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi +.endif + + +shadow.byname: $(MASTER) + @echo "Updating $@..." +.if ${MASTER} =3D=3D "/dev/null" + @echo "Master.passwd source file not found -- skipping" +.else + $(CAT) $(MASTER) | \ + $(AWK) -F: '{ if ($$1 !=3D "" && $$1 !~ "^#.*" && $$1 !=3D "+") \ + print $$1"\t"$$1":"$$2":::::::" }' $^ \ | $(DBLOAD) ${S} -f -i $(MASTER) -o $(YPMAPDIR)/$@ - $(TMP); \ $(RMV) $(TMP) $@ @$(DBLOAD) -c --17pEHd4RhPHOinZp-- --K8nIJk4ghYZn606h Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE/Kv7QUkv4P6juNwoRAl1AAJ9jeOVKIt4hIFpwJpuNmHkbIOhWjgCfUNSz nmNkrhWGlx/L7tVH2PWUwxQ= =U+ub -----END PGP SIGNATURE----- --K8nIJk4ghYZn606h-- From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 17:36:23 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E38337B405 for ; Fri, 1 Aug 2003 17:36:23 -0700 (PDT) Received: from skywalker.rogness.net (skywalker.rogness.net [64.251.173.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 304E143FCB for ; Fri, 1 Aug 2003 17:36:22 -0700 (PDT) (envelope-from nick@rogness.net) Received: from skywalker.rogness.net (localhost [127.0.0.1]) by skywalker.rogness.net (8.12.5/8.12.5) with ESMTP id h720hQ75053024; Fri, 1 Aug 2003 18:43:26 -0600 (MDT) (envelope-from nick@rogness.net) Received: from localhost (nick@localhost)h720hO41053021; Fri, 1 Aug 2003 18:43:25 -0600 (MDT) X-Authentication-Warning: skywalker.rogness.net: nick owned process doing -bs Date: Fri, 1 Aug 2003 18:43:23 -0600 (MDT) From: Nick Rogness To: "Michael W. Oliver" In-Reply-To: <200308011856.45118.michael@gargantuan.com> Message-ID: <20030801180432.N51833-100000@skywalker.rogness.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org cc: "Oldach, Helge" Subject: Re: Multipath Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Aug 2003 00:36:24 -0000 On Fri, 1 Aug 2003, Michael W. Oliver wrote: > +--- On Friday, August 01, 2003 15:30, > | Oldach, Helge proclaimed: > | > | > I am no programmer, so forgive my ignorance in that respect, but why > | > can't a > | > metric be used to differentiate routes to the same destination network > | > within the routing table? I happened to be googling and found: > | > > | > http://daily.daemonnews.org/view_story.php3?story_id=3878 > | > > | > which describes a patch to -STABLE that does exactly what I am talking > | > about. > | > | Routing will always follow the better metric. That's the paradigm. So > | if you have two routes the one with the better metric will always rule. > | The term 'metric' in the sense of this patch is not referring to routing metrics (like hopcount for route selection preferences). The term 'metric' in the patch looks as if it is just a counter that controls which gateway to send the packet to. If you look at the description in the patch: "Each gateway has a "metric" which is decremented for each packet. When it reaches zero, the next gateway in the list is selected." This use of the term 'metric' in this patch is not meant to mean a traditional routing 'metric' (commonly used in routing tables). Or at least this is what my interpretation of the patch is. > > What exactly is the syntax of entering a network route twice, using the same > mask, via two different gateways, using different metrics? The answer is you can't. You can't add the same route for a single subnet through multiple gateways using route(8)...at least not without this patch. I never have investigated whether this is a restriction enforced by route(8) or the kernel routing code. I would assume it is enforced by the kernel...maybe someone can clarify? If my memory serves me correct, it has to do with the routing tree structure... The reason the patch is not default is: because it is not :-) Many people will tell you to accomplish this use other things such as routing daemons, netgraph modules, etc. FreeBSD is not a router, it is an OS. I guess if it was marketed as a router then maybe this would be default...don't know, have to ask the -core. > > | Frankly, I don't quite see the rationale for such a hack. This can be > | solved using available mechanisms such as VRRP (or HSRP, if the gateways > | are decent routers). > | > > In my case, I am talking about using FreeBSD as the router. For sure, > FreeBSD + Zebra is one VERY powerful combination. There are several good reasons to use Multipath routing, most of which fall into 2 categories: Load Balancing & Redundancy. This patch is for load balancing only. HSRP has nothing to do with load balancing and is Cisco proprietary. VRRP has little to do with outbound load balancing as well. Nick Rogness - How many people here have telekenetic powers? Raise my hand. -Emo Philips From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 19:53:06 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 208FF37B401 for ; Fri, 1 Aug 2003 19:53:06 -0700 (PDT) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 5DC6543FB1 for ; Fri, 1 Aug 2003 19:53:05 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 86112 invoked from network); 2 Aug 2003 02:53:02 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 2 Aug 2003 02:53:02 -0000 X-pair-Authenticated: 209.68.2.70 Date: Fri, 1 Aug 2003 21:51:01 -0500 (CDT) From: Mike Silbersack To: Scot Loach In-Reply-To: Message-ID: <20030801214411.A2165@odysseus.silby.com> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: "'freebsd-net@freebsd.org'" Subject: Re: TCP socket shutdown race condition X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Aug 2003 02:53:06 -0000 On Fri, 1 Aug 2003, Scot Loach wrote: > Earlier this week one of our FreeBSD 4.7 boxes panic'd. I've posted the > stack trace at the end of this message. Using google, I've found several > references to this panic over the past three years, but it seems its never > been taken to root cause. > > The box crashes because the cr_uidinfo pointer in the so_cred structure is > null. However, on closer inspection the so_cred structure is corrupted > (cr_ref=3279453304 for example), so I'm guessing it has already been freed. > Looking closer at the socket, I see that the SS_NOFDREF flag is set, which > supports my theory. The tcpcb is in the CLOSED state, and has the SENTFIN > flag set. About how many concurrent connections are you pushing this machine to? There's an unfortunate problem with uidinfo in 4.x: struct uidinfo { LIST_ENTRY(uidinfo) ui_hash; rlim_t ui_sbsize; /* socket buffer space consumed */ long ui_proccnt; /* number of processes */ uid_t ui_uid; /* uid */ u_short ui_ref; /* reference count */ }; It doesn't look like we have any seatbelts preventing ui_ref from overflowing, thus causing an early free on the way back down, thereby making all the other references to the structure junk. Can you try going into kern_resource.c, finding the function uifind, and changing: if (uip == NULL) uip = uicreate(uid); uip->ui_ref++; return (uip); to if (uip == NULL) uip = uicreate(uid); uip->ui_ref++; if (uip->ui_ref == 0) panic("ui_ref overflowed"); return (uip); That would confirm that it is the problem you're running into. If that is the case, please tell us so that we can transition to the political side of the problem. :) Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 20:01:58 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 81E0737B401 for ; Fri, 1 Aug 2003 20:01:58 -0700 (PDT) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id C72E343F75 for ; Fri, 1 Aug 2003 20:01:57 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 87263 invoked from network); 2 Aug 2003 03:01:57 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 2 Aug 2003 03:01:57 -0000 X-pair-Authenticated: 209.68.2.70 Date: Fri, 1 Aug 2003 21:59:55 -0500 (CDT) From: Mike Silbersack To: michael rabinovich In-Reply-To: <200308011514.LAA46005@chips.research.att.com> Message-ID: <20030801215405.X2165@odysseus.silby.com> References: <200308011514.LAA46005@chips.research.att.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: T/TCP useless on FreeBSD 4.7? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Aug 2003 03:01:58 -0000 On Fri, 1 Aug 2003, michael rabinovich wrote: > Hi, > > Does anyone know the status of T/TCP support on FreeBSD 4.7? It's clearly very rarely used, and may indeed be broken. I don't believe that the T/TCP breakage was intentional, but I'm not familiar enough with T/TCP to determine what the problem is. If you've figured out how to fix it, please post patches; we'll look into getting them incorporated into 4.8-stable. Thanks, Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 20:37:55 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5169137B401 for ; Fri, 1 Aug 2003 20:37:55 -0700 (PDT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7162843F3F for ; Fri, 1 Aug 2003 20:37:54 -0700 (PDT) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19) id <305LHG2H>; Fri, 1 Aug 2003 23:37:53 -0400 Message-ID: From: Don Bowman To: 'Mike Silbersack' , Scot Loach Date: Fri, 1 Aug 2003 23:37:48 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" cc: "'freebsd-net@freebsd.org'" Subject: RE: TCP socket shutdown race condition X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Aug 2003 03:37:55 -0000 > From: Mike Silbersack [mailto:silby@silby.com] > On Fri, 1 Aug 2003, Scot Loach wrote: > > > Earlier this week one of our FreeBSD 4.7 boxes panic'd. > I've posted the > > stack trace at the end of this message. Using google, I've > found several > > references to this panic over the past three years, but it > seems its never > > been taken to root cause. > > > > The box crashes because the cr_uidinfo pointer in the > so_cred structure is > > null. However, on closer inspection the so_cred structure > is corrupted > > (cr_ref=3279453304 for example), so I'm guessing it has > already been freed. > > Looking closer at the socket, I see that the SS_NOFDREF > flag is set, which > > supports my theory. The tcpcb is in the CLOSED state, and > has the SENTFIN > > flag set. > > About how many concurrent connections are you pushing this machine to? > > There's an unfortunate problem with uidinfo in 4.x: > > struct uidinfo { > LIST_ENTRY(uidinfo) ui_hash; > rlim_t ui_sbsize; /* socket buffer > space consumed */ > long ui_proccnt; /* number of processes */ > uid_t ui_uid; /* uid */ > u_short ui_ref; /* reference count */ > }; > We are pushing in the ~50-~70K TCP connections to this process. I think i see what you are suggesting :) --don From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 21:59:10 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5EA9937B401 for ; Fri, 1 Aug 2003 21:59:10 -0700 (PDT) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 1E25443FB1 for ; Fri, 1 Aug 2003 21:59:09 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 99655 invoked from network); 2 Aug 2003 04:59:08 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 2 Aug 2003 04:59:08 -0000 X-pair-Authenticated: 209.68.2.70 Date: Fri, 1 Aug 2003 23:57:06 -0500 (CDT) From: Mike Silbersack To: Don Bowman In-Reply-To: Message-ID: <20030801235531.N2165@odysseus.silby.com> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: "'freebsd-net@freebsd.org'" Subject: RE: TCP socket shutdown race condition X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Aug 2003 04:59:10 -0000 On Fri, 1 Aug 2003, Don Bowman wrote: > > u_short ui_ref; /* reference count */ > > }; > > > > We are pushing in the ~50-~70K TCP connections to this process. > > I think i see what you are suggesting :) > > --don Bingo. Change that u_short to a u_int, and see if that causes your problems to go away. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Sat Aug 2 04:30:38 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F41237B401 for ; Sat, 2 Aug 2003 04:30:38 -0700 (PDT) Received: from perrin.int.nxad.com (internal.ext.nxad.com [69.1.70.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id E3E1343F93 for ; Sat, 2 Aug 2003 04:30:37 -0700 (PDT) (envelope-from hmp@nxad.com) Received: by perrin.int.nxad.com (Postfix, from userid 1072) id 96BB820F00; Sat, 2 Aug 2003 03:57:04 -0700 (PDT) Date: Sat, 2 Aug 2003 03:57:04 -0700 From: Hiten Pandya To: "Oldach, Helge" Message-ID: <20030802105704.GA33703@perrin.int.nxad.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD FreeBSD 4.7-STABLE User-Agent: Mutt/1.5.4i cc: freebsd-net@freebsd.org cc: 'Bryce Edwards' Subject: Re: freevrrp X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Aug 2003 11:30:38 -0000 On Thu, Jul 31, 2003 at 09:00:09PM +0200, Oldach, Helge wrote: > > From: Bryce Edwards [mailto:bryce@bryce.net] > > Sent: Donnerstag, 31. Juli 2003 18:59 > > To: freebsd-net@freebsd.org > > Subject: freevrrp > > > > I'm trying to run freevrrpd on a server with two interfaces > > for redundancy. > > I would prefer a layer 2 based approach ("EtherChannel") instead because of > the much better convergence in case of failure, and you also get load > sharing in both directions. Bundling two or more interfaces by means of > netgraph would probably serve the job. > > Are there any off-the-shelf, i.e. native FEC solutions available? Have you tried the Netgraph FEC module? I donno if that's what you want, but worth checking out... -- Hiten M. Pandya hmp@FreeBSD.ORG, hmp@nxad.com http://hmp.serverninjas.com/ From owner-freebsd-net@FreeBSD.ORG Sat Aug 2 06:26:40 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 02D2337B401 for ; Sat, 2 Aug 2003 06:26:40 -0700 (PDT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 464CC43FA3 for ; Sat, 2 Aug 2003 06:26:39 -0700 (PDT) (envelope-from sloach@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19) id <305LHGV5>; Sat, 2 Aug 2003 09:26:37 -0400 Message-ID: From: Scot Loach To: 'Mike Silbersack' Date: Sat, 2 Aug 2003 09:26:31 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" cc: "'freebsd-net@freebsd.org'" Subject: RE: TCP socket shutdown race condition X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Aug 2003 13:26:40 -0000 I don't think that's the problem, although it does seem suspicious. Here's the struct ucred pointed to by the socket: (kgdb) p *so.so_cred $2 = {cr_ref = 3279453304, cr_uid = 3486088556, cr_ngroups = 1, cr_groups = { 0, 3276863080, 3277717504, 21162, 0, 0, 0, 0, 0, 4294967295, 4294967295, 0, 0, 0, 0, 3279496516}, cr_uidinfo = 0x0} This looks like garbage, but the cr_uidinfo pointer is null, and the cr_ref of _this_ structure is 32 bits. This doesn't look to me like a problem with the uidinfo, it looks to me like the ucred structure has already been freed. scot. -----Original Message----- From: Mike Silbersack [mailto:silby@silby.com] Sent: Friday, August 01, 2003 10:51 PM To: Scot Loach Cc: 'freebsd-net@freebsd.org' Subject: Re: TCP socket shutdown race condition On Fri, 1 Aug 2003, Scot Loach wrote: > Earlier this week one of our FreeBSD 4.7 boxes panic'd. I've posted the > stack trace at the end of this message. Using google, I've found several > references to this panic over the past three years, but it seems its never > been taken to root cause. > > The box crashes because the cr_uidinfo pointer in the so_cred structure is > null. However, on closer inspection the so_cred structure is corrupted > (cr_ref=3279453304 for example), so I'm guessing it has already been freed. > Looking closer at the socket, I see that the SS_NOFDREF flag is set, which > supports my theory. The tcpcb is in the CLOSED state, and has the SENTFIN > flag set. About how many concurrent connections are you pushing this machine to? There's an unfortunate problem with uidinfo in 4.x: struct uidinfo { LIST_ENTRY(uidinfo) ui_hash; rlim_t ui_sbsize; /* socket buffer space consumed */ long ui_proccnt; /* number of processes */ uid_t ui_uid; /* uid */ u_short ui_ref; /* reference count */ }; It doesn't look like we have any seatbelts preventing ui_ref from overflowing, thus causing an early free on the way back down, thereby making all the other references to the structure junk. Can you try going into kern_resource.c, finding the function uifind, and changing: if (uip == NULL) uip = uicreate(uid); uip->ui_ref++; return (uip); to if (uip == NULL) uip = uicreate(uid); uip->ui_ref++; if (uip->ui_ref == 0) panic("ui_ref overflowed"); return (uip); That would confirm that it is the problem you're running into. If that is the case, please tell us so that we can transition to the political side of the problem. :) Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Sat Aug 2 10:45:16 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 188AE37B401 for ; Sat, 2 Aug 2003 10:45:16 -0700 (PDT) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id A85B143FEC for ; Sat, 2 Aug 2003 10:45:12 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 90247 invoked from network); 2 Aug 2003 17:45:11 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 2 Aug 2003 17:45:11 -0000 X-pair-Authenticated: 209.68.2.70 Date: Sat, 2 Aug 2003 12:43:06 -0500 (CDT) From: Mike Silbersack To: Scot Loach In-Reply-To: Message-ID: <20030802123049.Y2165@odysseus.silby.com> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: "'freebsd-net@freebsd.org'" Subject: RE: TCP socket shutdown race condition X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Aug 2003 17:45:16 -0000 On Sat, 2 Aug 2003, Scot Loach wrote: > I don't think that's the problem, although it does seem suspicious. > > Here's the struct ucred pointed to by the socket: > > (kgdb) p *so.so_cred > $2 = {cr_ref = 3279453304, cr_uid = 3486088556, cr_ngroups = 1, cr_groups = > { > 0, 3276863080, 3277717504, 21162, 0, 0, 0, 0, 0, 4294967295, 4294967295, > 0, 0, 0, 0, 3279496516}, cr_uidinfo = 0x0} > > This looks like garbage, but the cr_uidinfo pointer is null, and the cr_ref > of _this_ structure is 32 bits. > > This doesn't look to me like a problem with the uidinfo, it looks to me like > the ucred structure has already been freed. > > scot. Well, as ui_ref is the best bet, redoing your tests with it expanded to ui_int is where we need to start before looking further. :) I believe that a uidinfo->ui_ref over/underflow could cause random memory corruption, so maybe the panic you're seeing comes about after a bunch of memory has already been trashed. So anyway, promote ui_ref to a u_int and retest. Tell us what happens. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Sat Aug 2 12:22:42 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4AE8337B401 for ; Sat, 2 Aug 2003 12:22:42 -0700 (PDT) Received: from cowbert.2y.net (d46h180.public.uconn.edu [137.99.46.180]) by mx1.FreeBSD.org (Postfix) with SMTP id 6680E43FA3 for ; Sat, 2 Aug 2003 12:22:41 -0700 (PDT) (envelope-from sirmoo@cowbert.2y.net) Received: (qmail 28197 invoked by uid 1001); 2 Aug 2003 19:22:40 -0000 Date: Sat, 2 Aug 2003 15:22:40 -0400 From: "Peter C. Lai" To: Mike Silbersack Message-ID: <20030802192240.GD419@cowbert.2y.net> References: <20030730215823.GA361@cowbert.2y.net> <20030730170024.K88169@odysseus.silby.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030730170024.K88169@odysseus.silby.com> User-Agent: Mutt/1.4i cc: freebsd-net@freebsd.org cc: peter.lai@uconn.edu Subject: Re: dc TX underrun leads to delayed crash X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: peter.lai@uconn.edu List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Aug 2003 19:22:42 -0000 Patch seems to be working fine. I also seem to be getting better linkage and transfer speeds too but that could just be my imagination *shrug*. Thanks. On Wed, Jul 30, 2003 at 05:05:49PM -0500, Mike Silbersack wrote: > > On Wed, 30 Jul 2003, Peter C. Lai wrote: > > > I'm noticing on a moderately loaded system, that sometimes when the kernel > > increases the TX threshold (/kernel: dc0: TX underrun -- increasing TX > > threshold), a few minutes later, the system hardlocks requiring a reset. > > This routinely happens when I'm streaming MP3s over the network and the box > > suddenly hardlocks; after I go back to inspect the logs, the TX buffer underrun > > is the only thing in the log before the start of the kernel reboot messages. > > This is occuring on 4.8-STABLE as of July 7, 2003 on an AMD K6-2 500 with > > 348 Mb RAM and VIA Apollo MVP3 chipset. When the lockups occur, the system > > temperatures are below 40C, with little disk activity, moderate ram and cpu > > usage; the NIC (linksys LNE-100TX A) is usually doing a steady 50K/s at this point. > > -- > > Peter C. Lai > > Rev 1.9.2.47 of if_dc.c (committed July 14th) should fix this problem for > you. MBUF_STRESS_TEST showed similar symptoms as mbuf chain lengths were > increased, which is how I detected the problem. > > Try grabbing the new if_dc.c: > > http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/src/sys/pci/if_dc.c?rev=1.9.2.47&content-type=text/plain > > And see how things go. > > Mike "Silby" Silbersack -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/ From owner-freebsd-net@FreeBSD.ORG Sat Aug 2 13:01:17 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A950E37B401 for ; Sat, 2 Aug 2003 13:01:17 -0700 (PDT) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id D196443FAF for ; Sat, 2 Aug 2003 13:01:16 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 10241 invoked from network); 2 Aug 2003 20:01:15 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 2 Aug 2003 20:01:15 -0000 X-pair-Authenticated: 209.68.2.70 Date: Sat, 2 Aug 2003 14:59:10 -0500 (CDT) From: Mike Silbersack To: peter.lai@uconn.edu In-Reply-To: <20030802192240.GD419@cowbert.2y.net> Message-ID: <20030802145227.H2165@odysseus.silby.com> References: <20030730215823.GA361@cowbert.2y.net> <20030730170024.K88169@odysseus.silby.com> <20030802192240.GD419@cowbert.2y.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: dc TX underrun leads to delayed crash X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Aug 2003 20:01:17 -0000 On Sat, 2 Aug 2003, Peter C. Lai wrote: > Patch seems to be working fine. I also seem to be getting better linkage and > transfer speeds too but that could just be my imagination *shrug*. Thanks. It's possible that performance would be better under certain situations, but it would take a lot of measurement to really prove it. Either way, I'm glad that the change resolved your problems. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Sat Aug 2 15:06:17 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 454AE37B401 for ; Sat, 2 Aug 2003 15:06:17 -0700 (PDT) Received: from godel.mtl.distributel.net (nat.MTL.distributel.NET [66.38.181.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 80E2643FDF for ; Sat, 2 Aug 2003 15:06:16 -0700 (PDT) (envelope-from bmilekic@technokratis.com) Received: from godel.mtl.distributel.net (localhost [127.0.0.1]) h72I5xqU016868; Sat, 2 Aug 2003 18:05:59 GMT (envelope-from bmilekic@technokratis.com) Received: (from bmilekic@localhost) by godel.mtl.distributel.net (8.12.9/8.12.9/Submit) id h72I5wOR016867; Sat, 2 Aug 2003 18:05:58 GMT X-Authentication-Warning: godel.mtl.distributel.net: bmilekic set sender to bmilekic@technokratis.com using -f Date: Sat, 2 Aug 2003 18:05:58 +0000 From: Bosko Milekic To: Mike Silbersack Message-ID: <20030802180558.GA16831@technokratis.com> References: <3F2AC3F5.3010804@expertcity.com> <20030801152510.J2165@odysseus.silby.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030801152510.J2165@odysseus.silby.com> User-Agent: Mutt/1.4.1i cc: freebsd-net@freebsd.org Subject: Re: mbuf clusters exhausted w/o reaching max? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Aug 2003 22:06:17 -0000 On Fri, Aug 01, 2003 at 03:28:35PM -0500, Mike Silbersack wrote: > > On Fri, 1 Aug 2003, Steve Francis wrote: > > > I have a FreeBSD 4.8-RELEASE #5 system that reported: > > Aug 1 11:50:39 rack2-101 /kernel: All mbuf clusters exhausted, please see tuning(7). > > Aug 1 11:50:39 rack2-101 /kernel: All mbufs exhausted, please see tuning(7). > > > > Yet its not close to the max allowed for clusters. > > rack2-101.nyc# netstat -m > > 1338/4240/131072 mbufs in use (current/peak/max): > > 1338 mbufs allocated to data > > 709/3366/32768 mbuf clusters in use (current/peak/max) > > 7792 Kbytes allocated to network (7% of mb_map in use) > > 50 requests for memory denied > > 0 requests for memory delayed > > 0 calls to protocol drain routines > > rack2-101.nyc# > > Mbufs & mbuf clusters are allocated from the kernel map, so it's possible > for allocations to fail due to the kernel map being relatively full due to > other parts of the kernel eating memory. This is probably what's > happening in your case; given that only 50 allocations were denied, it > probably didn't hurt your system much. Actually, he's not running out of address space here; he's probably run out of free pages and could not block to wait for them. -- Bosko Milekic * bmilekic@technokratis.com * bmilekic@FreeBSD.org TECHNOkRATIS Consulting Services * http://www.technokratis.com/ From owner-freebsd-net@FreeBSD.ORG Sat Aug 2 17:31:43 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3102C37B401 for ; Sat, 2 Aug 2003 17:31:43 -0700 (PDT) Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9C8A243F75 for ; Sat, 2 Aug 2003 17:31:40 -0700 (PDT) (envelope-from mwade@bluehighway.net) Received: from net-ninja.dyndns.org ([68.59.250.36]) by comcast.net (rwcrmhc12) with ESMTP id <2003080300312401400mp891e>; Sun, 3 Aug 2003 00:31:24 +0000 Received: from net-ninja.dyndns.org (net-ninja.dyndns.org [192.168.1.10]) by net-ninja.dyndns.org (Postfix) with ESMTP id 9D56E120 for ; Sat, 2 Aug 2003 20:31:23 -0400 (EDT) Date: Sat, 2 Aug 2003 20:31:23 -0400 (EDT) From: Mike Wade X-X-Sender: mwade@net-ninja.dyndns.org To: freebsd-net@freebsd.org Message-ID: <20030802203114.J4501@net-ninja.dyndns.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: ipfw2 mac address matching weirdness? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Aug 2003 00:31:43 -0000 I'm running FreeBSD 4.8 RELEASE w/ IPFW2 support enabled. I'm running into some weirdness with the mac address matching feature or perhaps it's my lack of understanding how it interacts with other rules. :) My goal is to transparently redirect everything except a few select MAC addresses but it doesn't appear to work properly. For example: net-ninja# ipfw list 00001 skipto 65535 ip from any to any MAC any any in via sis0 00002 fwd 127.0.0.1,8080 tcp from any to any dst-port 80 in via sis0 65535 allow ip from any to any This should allow every MAC address to bypass the transparent redirect but it doesn't. If I change rule #1 to: 00001 skipto 65535 ip from any to any in via sis0 Things work as advertised. Any ideas? --- Mike Wade (mwade@bluehighway.net) Blue Highway Labs, LLC. From owner-freebsd-net@FreeBSD.ORG Sat Aug 2 19:03:00 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF82137B401 for ; Sat, 2 Aug 2003 19:03:00 -0700 (PDT) Received: from mx1.evo6.net (mx1.evo6.net [80.76.194.10]) by mx1.FreeBSD.org (Postfix) with SMTP id 7373743F75 for ; Sat, 2 Aug 2003 19:02:59 -0700 (PDT) (envelope-from andy@mx1.evo6.net) Received: (qmail 50056 invoked by uid 1001); 3 Aug 2003 02:02:57 -0000 Date: Sun, 3 Aug 2003 03:02:57 +0100 From: Andy Gilligan To: Mike Wade Message-ID: <20030803020257.GA79533@vega.evo6.net> References: <20030802203114.J4501@net-ninja.dyndns.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <20030802203114.J4501@net-ninja.dyndns.org> User-Agent: Mutt/1.4.1i X-Spam-Status: No, hits=-5.0 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES, REPLY_WITH_QUOTES,USER_AGENT_MUTT version=2.55-evo6.net X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.55-evo6.net (1.174.2.19-2003-05-19-exp) cc: freebsd-net@freebsd.org Subject: Re: ipfw2 mac address matching weirdness? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Aug 2003 02:03:01 -0000 On Sun, Aug 03, 2003 at 01:31:23AM BST, Mike Wade wrote: > I'm running FreeBSD 4.8 RELEASE w/ IPFW2 support enabled. I'm running > into some weirdness with the mac address matching feature or perhaps it's > my lack of understanding how it interacts with other rules. :) > > My goal is to transparently redirect everything except a few select MAC > addresses but it doesn't appear to work properly. For example: > > net-ninja# ipfw list > 00001 skipto 65535 ip from any to any MAC any any in via sis0 > 00002 fwd 127.0.0.1,8080 tcp from any to any dst-port 80 in via sis0 > 65535 allow ip from any to any > > This should allow every MAC address to bypass the transparent redirect but > it doesn't. If I change rule #1 to: > > 00001 skipto 65535 ip from any to any in via sis0 > > Things work as advertised. Any ideas? Try: sysctl net.link.ether.ipfw=1 Regards, -Andy From owner-freebsd-net@FreeBSD.ORG Sat Aug 2 19:47:01 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C3D1437B401 for ; Sat, 2 Aug 2003 19:47:01 -0700 (PDT) Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0EA9943F3F for ; Sat, 2 Aug 2003 19:47:01 -0700 (PDT) (envelope-from mwade@bluehighway.net) Received: from net-ninja.dyndns.org ([68.59.250.36]) by comcast.net (rwcrmhc13) with ESMTP id <2003080302392401500jvpvce>; Sun, 3 Aug 2003 02:39:24 +0000 Received: from net-ninja.dyndns.org (net-ninja.dyndns.org [192.168.1.10]) by net-ninja.dyndns.org (Postfix) with ESMTP id 7B5F7128; Sat, 2 Aug 2003 22:39:24 -0400 (EDT) Date: Sat, 2 Aug 2003 22:39:24 -0400 (EDT) From: Mike Wade X-X-Sender: mwade@net-ninja.dyndns.org To: Andy Gilligan In-Reply-To: <20030803020257.GA79533@vega.evo6.net> Message-ID: <20030802223846.V4501@net-ninja.dyndns.org> References: <20030802203114.J4501@net-ninja.dyndns.org> <20030803020257.GA79533@vega.evo6.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: ipfw2 mac address matching weirdness? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Aug 2003 02:47:02 -0000 On Sun, 3 Aug 2003, Andy Gilligan wrote: > On Sun, Aug 03, 2003 at 01:31:23AM BST, Mike Wade wrote: > > I'm running FreeBSD 4.8 RELEASE w/ IPFW2 support enabled. I'm running > > into some weirdness with the mac address matching feature or perhaps it's > > my lack of understanding how it interacts with other rules. :) > > > > My goal is to transparently redirect everything except a few select MAC > > addresses but it doesn't appear to work properly. For example: > > > > net-ninja# ipfw list > > 00001 skipto 65535 ip from any to any MAC any any in via sis0 > > 00002 fwd 127.0.0.1,8080 tcp from any to any dst-port 80 in via sis0 > > 65535 allow ip from any to any > > > > This should allow every MAC address to bypass the transparent redirect but > > it doesn't. If I change rule #1 to: > > > > 00001 skipto 65535 ip from any to any in via sis0 > > > > Things work as advertised. Any ideas? > > Try: > > sysctl net.link.ether.ipfw=1 Hmm, it was already set: net-ninja# sysctl net.link.ether.ipfw net.link.ether.ipfw: 1 --- Mike Wade (mwade@bluehighway.net) Blue Highway Labs, LLC. From owner-freebsd-net@FreeBSD.ORG Sat Aug 2 21:45:22 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF6B337B404 for ; Sat, 2 Aug 2003 21:45:22 -0700 (PDT) Received: from mx1.evo6.net (mx1.evo6.net [80.76.194.10]) by mx1.FreeBSD.org (Postfix) with SMTP id 14BF143FAF for ; Sat, 2 Aug 2003 21:45:21 -0700 (PDT) (envelope-from andy@mx1.evo6.net) Received: (qmail 796 invoked by uid 1001); 3 Aug 2003 04:45:19 -0000 Date: Sun, 3 Aug 2003 05:45:19 +0100 From: Andy Gilligan To: Mike Wade Message-ID: <20030803044519.GA32629@vega.evo6.net> References: <20030802203114.J4501@net-ninja.dyndns.org> <20030803020257.GA79533@vega.evo6.net> <20030802223846.V4501@net-ninja.dyndns.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <20030802223846.V4501@net-ninja.dyndns.org> User-Agent: Mutt/1.4.1i X-Spam-Status: No, hits=-5.0 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES, REPLY_WITH_QUOTES,USER_AGENT_MUTT version=2.55-evo6.net X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.55-evo6.net (1.174.2.19-2003-05-19-exp) cc: freebsd-net@freebsd.org Subject: Re: ipfw2 mac address matching weirdness? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Aug 2003 04:45:23 -0000 On Sun, Aug 03, 2003 at 03:39:24AM BST, Mike Wade wrote: > On Sun, 3 Aug 2003, Andy Gilligan wrote: > > > On Sun, Aug 03, 2003 at 01:31:23AM BST, Mike Wade wrote: > > > I'm running FreeBSD 4.8 RELEASE w/ IPFW2 support enabled. I'm running > > > into some weirdness with the mac address matching feature or perhaps it's > > > my lack of understanding how it interacts with other rules. :) > > > > > > My goal is to transparently redirect everything except a few select MAC > > > addresses but it doesn't appear to work properly. For example: > > > > > > net-ninja# ipfw list > > > 00001 skipto 65535 ip from any to any MAC any any in via sis0 > > > 00002 fwd 127.0.0.1,8080 tcp from any to any dst-port 80 in via sis0 > > > 65535 allow ip from any to any > > > > > > This should allow every MAC address to bypass the transparent redirect but > > > it doesn't. If I change rule #1 to: > > > > > > 00001 skipto 65535 ip from any to any in via sis0 > > > > > > Things work as advertised. Any ideas? > > > > Try: > > > > sysctl net.link.ether.ipfw=1 > > Hmm, it was already set: > > net-ninja# sysctl net.link.ether.ipfw > net.link.ether.ipfw: 1 The best advice I can give at the moment is to read the "PACKET FLOW" section in ipfw(8). A brief read over it suggests that it *may* not be possible to do what you ask, due to the rules being parsed twice. (in your case) The first pass is done from ether_demux(), and this will only match the first rule - it won't match tcp or dst-port 80, etc. The second pass will come from ip_input(), which will only match the second rule, as it doesn't know anything about MAC addresses. I could be missing something (it is 4am), so hopefully somebody will step in and tell me I'm wrong :) Sorry I couldn't be of more help. Best regards, -Andy