From owner-freebsd-net@FreeBSD.ORG Sun Oct 12 07:47:27 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6869D16A4BF for ; Sun, 12 Oct 2003 07:47:27 -0700 (PDT) Received: from smithers.nildram.co.uk (smithers.nildram.co.uk [195.112.4.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 88A3243F75 for ; Sun, 12 Oct 2003 07:47:26 -0700 (PDT) (envelope-from nullentropy@lineone.net) Received: from lineone.net (orbital.gotadsl.co.uk [81.6.215.230]) by smithers.nildram.co.uk (Postfix) with ESMTP id DEB4E253B7F; Sun, 12 Oct 2003 15:47:21 +0100 (BST) Message-ID: <3F896979.6000102@lineone.net> Date: Sun, 12 Oct 2003 15:47:21 +0100 From: Robert Downes User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20030925 X-Accept-Language: ar, es, fr, en, en-us MIME-Version: 1.0 To: Brian Reichert , freebsd-net@freebsd.org References: <3F862EA7.7000402@lineone.net> <20031010162031.GO56167@numachi.com> <3F873F44.4000205@bobulous.net> <20031012060500.GA274@numachi.com> In-Reply-To: <20031012060500.GA274@numachi.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: named sandbox trouble X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Oct 2003 14:47:27 -0000 >>>>I'm trying to setup BIND so that my machine understands its own hostname >>>>(because mySQL refuses to install because the hostname appears invalid >>>>and the --force option seems to do nothing), and because it would be >>>>helpful generally. >>>> >>>> >>>> >>>> >>>This doesn't answer your question, as I don't run BIND, but couldn't >>>you just put an entry in /etc/hosts? >>> >>> >>> >>> >>> >>I have an entry for my machine's IP address and the address of my router >>in /etc/hosts, but still I get complaints. >> >> > >Weird. :/ > >Are the entries fully qualified? >What does your resolv.conf look like? >Do any other apps complain? > >I'd have to look at the MySQL install scripts to be sure, but I >can't fathom why MySQL would go out of it's way to sneak around the >resolver... > > > I've realised that my /etc/resolv.conf is being overwritten on every reboot. I assumed this was because of DHCP, but disabling DHCP meant that my network connection was disabled. I think a lot of the problem is not understanding how to define a home network behind an ADSL-modem/router/switch, so I'm configuring things badly, and that's causing failure. Where can I go to fully educate myself on how to configure my ADSL-modem/router/switch and also FreeBSD behind that router? -- Bob echo Mail fefsensmrrjyaheeoceoq\! | tr "jefroq\!" "@obe.uk" -- Bob From owner-freebsd-net@FreeBSD.ORG Sun Oct 12 08:47:56 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A773D16A4B3 for ; Sun, 12 Oct 2003 08:47:56 -0700 (PDT) Received: from bilver.wjv.com (user38.net339.fl.sprint-hsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5140143FB1 for ; Sun, 12 Oct 2003 08:47:55 -0700 (PDT) (envelope-from bv@bilver.wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by bilver.wjv.com (8.12.10/8.12.9) with ESMTP id h9CFlrHl074216 for ; Sun, 12 Oct 2003 11:47:53 -0400 (EDT) (envelope-from bv@bilver.wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.12.10/8.12.9/Submit) id h9CFlrBL074215 for freebsd-net@freebsd.org; Sun, 12 Oct 2003 11:47:53 -0400 (EDT) (envelope-from bv) Date: Sun, 12 Oct 2003 11:47:53 -0400 From: Bill Vermillion To: freebsd-net@freebsd.org Message-ID: <20031012154753.GD73263@wjv.com> References: <3F862EA7.7000402@lineone.net> <20031010162031.GO56167@numachi.com> <3F873F44.4000205@bobulous.net> <20031012060500.GA274@numachi.com> <3F896979.6000102@lineone.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3F896979.6000102@lineone.net> Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=-4.5 required=5.0 tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES, USER_AGENT_MUTT version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) Subject: Re: named sandbox trouble X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: bv@wjv.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Oct 2003 15:47:56 -0000 On Sun, Oct 12, 2003 at 15:47 , while denying his reply is spam, Robert Downes prattled on endlessly saying: > > >Are the entries fully qualified? > >What does your resolv.conf look like? > >Do any other apps complain? > >I'd have to look at the MySQL install scripts to be sure, but I > >can't fathom why MySQL would go out of it's way to sneak around the > >resolver... > I've realised that my /etc/resolv.conf is being overwritten on every > reboot. I assumed this was because of DHCP, but disabling DHCP meant > that my network connection was disabled. I don't know off hand what is causing that you can keep that from happening by running as root chflags schg /etc/resolv.conf That will buy you time until you figure things out. Anytime you need to modify that file - even as root - you have to run chflags noschg /etc/resolv.conf. See man chflags for further information. > freebsd-net@freebsd.org mailing list Bill -- Bill Vermillion - bv @ wjv . com From owner-freebsd-net@FreeBSD.ORG Sun Oct 12 09:53:38 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 83DE716A4B3 for ; Sun, 12 Oct 2003 09:53:38 -0700 (PDT) Received: from mta4.rcsntx.swbell.net (mta4.rcsntx.swbell.net [151.164.30.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4A70743F93 for ; Sun, 12 Oct 2003 09:53:37 -0700 (PDT) (envelope-from mbsd@pacbell.net) Received: from atlas (adsl-64-168-24-209.dsl.snfc21.pacbell.net [64.168.24.209])h9CGrZw5006521; Sun, 12 Oct 2003 11:53:36 -0500 (CDT) Date: Sun, 12 Oct 2003 09:53:35 -0700 (PDT) From: =?ISO-8859-1?Q?Mikko_Ty=F6l=E4j=E4rvi?= X-X-Sender: mikko@atlas.home To: Robert Downes In-Reply-To: <3F896979.6000102@lineone.net> Message-ID: <20031012094813.U3248@atlas.home> References: <3F862EA7.7000402@lineone.net> <20031010162031.GO56167@numachi.com> <3F873F44.4000205@bobulous.net> <20031012060500.GA274@numachi.com> <3F896979.6000102@lineone.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: named sandbox trouble X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Oct 2003 16:53:38 -0000 On Sun, 12 Oct 2003, Robert Downes wrote: [...] > I've realised that my /etc/resolv.conf is being overwritten on every > reboot. I assumed this was because of DHCP, but disabling DHCP meant > that my network connection was disabled. Create an executable script called /etc/dhclient-enter-hooks, containing the empty function make_resolv_conf() { : } That will prevent dhclient from overwriting resolv.conf. You can insert any code you want to be executed by dhclient when it gets new leases. See dhclient-script(8) for details. $.02, /Mikko > I think a lot of the problem is not understanding how to define a home > network behind an ADSL-modem/router/switch, so I'm configuring things > badly, and that's causing failure. > > Where can I go to fully educate myself on how to configure my > ADSL-modem/router/switch and also FreeBSD behind that router? > -- > Bob > echo Mail fefsensmrrjyaheeoceoq\! | tr "jefroq\!" "@obe.uk" > > -- > Bob > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Sun Oct 12 09:58:06 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4BC2316A4B3 for ; Sun, 12 Oct 2003 09:58:06 -0700 (PDT) Received: from smithers.nildram.co.uk (smithers.nildram.co.uk [195.112.4.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6D30943F85 for ; Sun, 12 Oct 2003 09:58:05 -0700 (PDT) (envelope-from nullentropy@lineone.net) Received: from lineone.net (orbital.gotadsl.co.uk [81.6.215.230]) by smithers.nildram.co.uk (Postfix) with ESMTP id A20B0254122; Sun, 12 Oct 2003 17:58:00 +0100 (BST) Message-ID: <3F898818.8090504@lineone.net> Date: Sun, 12 Oct 2003 17:58:00 +0100 From: Robert Downes User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20030925 X-Accept-Language: ar, es, fr, en, en-us MIME-Version: 1.0 To: bv@wjv.com References: <3F862EA7.7000402@lineone.net> <20031010162031.GO56167@numachi.com> <3F873F44.4000205@bobulous.net> <20031012060500.GA274@numachi.com> <3F896979.6000102@lineone.net> <20031012154753.GD73263@wjv.com> In-Reply-To: <20031012154753.GD73263@wjv.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: named sandbox trouble X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Oct 2003 16:58:06 -0000 Bill Vermillion wrote: >On Sun, Oct 12, 2003 at 15:47 , while denying his reply is >spam, Robert Downes prattled on endlessly saying: > > >>I've realised that my /etc/resolv.conf is being overwritten on every >>reboot. I assumed this was because of DHCP, but disabling DHCP meant >>that my network connection was disabled. >> >> > >I don't know off hand what is causing that you can keep that from >happening by running as root chflags schg /etc/resolv.conf > >That will buy you time until you figure things out. > > I worked it out, by chance. A look into the dhcp man pages, (dhcpclient.conf mainly, I think) revealed that it's possible to create a configuration entry that adds your desired nameserver values before the ones that the DHCP server returns. So you just need to add something like this to dhcpclient.conf (I think that's the file - read the man pages first) interface "rl0" { prepend domain-name-servers 127.0.0.1; } As I say, though, I'm not sure if that's the right file, so do a bit of man-page browsing to check. Once that's in place, "nameserver 127.0.0.1" appears at the top of /etc/resolv.conf every time. So at least one thing is going the right way. -- Bob From owner-freebsd-net@FreeBSD.ORG Sun Oct 12 10:05:27 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E056316A4B3 for ; Sun, 12 Oct 2003 10:05:27 -0700 (PDT) Received: from natto.numachi.com (natto.numachi.com [198.175.254.216]) by mx1.FreeBSD.org (Postfix) with SMTP id C745443F75 for ; Sun, 12 Oct 2003 10:05:26 -0700 (PDT) (envelope-from reichert@numachi.com) Received: (qmail 25172 invoked by uid 1001); 12 Oct 2003 17:05:26 -0000 Date: Sun, 12 Oct 2003 13:05:26 -0400 From: Brian Reichert To: Robert Downes Message-ID: <20031012170526.GB194@numachi.com> References: <3F862EA7.7000402@lineone.net> <20031010162031.GO56167@numachi.com> <3F873F44.4000205@bobulous.net> <20031012060500.GA274@numachi.com> <3F896979.6000102@lineone.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3F896979.6000102@lineone.net> User-Agent: Mutt/1.5.4i cc: freebsd-net@freebsd.org Subject: Re: named sandbox trouble X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Oct 2003 17:05:28 -0000 On Sun, Oct 12, 2003 at 03:47:21PM +0100, Robert Downes wrote: > I've realised that my /etc/resolv.conf is being overwritten on every > reboot. I assumed this was because of DHCP, but disabling DHCP meant > that my network connection was disabled. We're way off topic here, but here's a few quick pointers: See dhclient.conf(5): consider something like: supersede host-name "my.custom.hostname" or send host-name "my.custom.hostname"; It really depends on how that DHCP server is configured... > I think a lot of the problem is not understanding how to define a home > network behind an ADSL-modem/router/switch, so I'm configuring things > badly, and that's causing failure. > > Where can I go to fully educate myself on how to configure my > ADSL-modem/router/switch and also FreeBSD behind that router? By default, FreeBSD used the ICS DHCP client. It's called 'dhclient', it (and it's config file) have a manpage. In my case, I disabled the DHCP server on my ADSL-modem/router/switch, and instead chose to run my own server. The classic counterpart to dhclient is 'dhcpd', which is available via the isc-dhcp3 port. This let me side-step the questions surrounding the configuration of the ADSL-modem's server... 'Fully educate' is otherwise beyond the scope of this document. :) Good luck... > -- > Bob > echo Mail fefsensmrrjyaheeoceoq\! | tr "jefroq\!" "@obe.uk" > > -- > Bob > > -- Brian 'you Bastard' Reichert 37 Crystal Ave. #303 Daytime number: (603) 434-6842 Derry NH 03038-1713 USA BSD admin/developer at large From owner-freebsd-net@FreeBSD.ORG Mon Oct 13 04:11:00 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A29B216A4B3; Mon, 13 Oct 2003 04:11:00 -0700 (PDT) Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id 81C6F43F75; Mon, 13 Oct 2003 04:10:58 -0700 (PDT) (envelope-from eugen@kuzbass.ru) Received: from kuzbass.ru (kost [213.184.65.82])h9DBAss6039064; Mon, 13 Oct 2003 19:10:55 +0800 (KRAST) (envelope-from eugen@kuzbass.ru) Message-ID: <3F8A883E.F2546A7F@kuzbass.ru> Date: Mon, 13 Oct 2003 19:10:54 +0800 From: Eugene Grosbein Organization: SVZServ X-Mailer: Mozilla 4.8 [en] (Win98; U) X-Accept-Language: ru,en MIME-Version: 1.0 To: netchild@freebsd.org References: <20031009171645.33c63fa2.Alexander@Leidinger.net> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit cc: luigi@freebsd.org cc: net@freebsd.org Subject: Re: dummynet "OUCH! pipe should have been idle!"-message in 4.9-RC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Oct 2003 11:11:00 -0000 Alexander Leidinger wrote: > > Hi, > > [please CC me] > > I noticed this log message on a 4.9-RC (src from ~Oct 1): > ---snip--- > Oct 9 15:57:42 Andro-Beta /kernel: dummynet: OUCH! pipe should have been idle! > Oct 9 15:57:56 Andro-Beta /kernel: dummynet: OUCH! pipe should have been idle! > ---snip--- I receive these message sometimes with stateless ipfw2 configuration. They seem harmless to me. Eugene Grosbein From owner-freebsd-net@FreeBSD.ORG Mon Oct 13 04:41:19 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4D8E316A4BF for ; Mon, 13 Oct 2003 04:41:19 -0700 (PDT) Received: from labe.afribone.net.gn (kimbo.afribone.net.gn [216.252.183.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2516A43FA3 for ; Mon, 13 Oct 2003 04:41:09 -0700 (PDT) (envelope-from traore@afribone.net.gn) Received: from localhost (labe.afribone.net.gn [127.0.0.1]) by labe.afribone.net.gn (8.12.9/8.12.8) with ESMTP id h9DBOfu4025579 for ; Mon, 13 Oct 2003 11:24:41 GMT Received: from labe.afribone.net.gn ([127.0.0.1]) by localhost (labe.afribone.net.gn [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 25265-01-6 for ; Mon, 13 Oct 2003 11:24:39 +0000 (GMT) Received: from labe.afribone.net.gn (labe.afribone.net.gn [127.0.0.1]) by labe.afribone.net.gn (8.12.9/8.12.8) with ESMTP id h9DBKFMQ025311 for ; Mon, 13 Oct 2003 11:20:15 GMT Received: (from apache@localhost) by labe.afribone.net.gn (8.12.9/8.12.8/Submit) id h9DBKELq025310 for freebsd-net@freebsd.org; Mon, 13 Oct 2003 11:20:14 GMT X-Authentication-Warning: labe.afribone.net.gn: apache set sender to traore@afribone.net.gn using -f Received: from 10.0.1.12 ([10.0.1.12]) by mail.afribone.net.gn (IMP) with HTTP for ; Mon, 13 Oct 2003 11:20:14 +0000 Message-ID: <1066044014.3f8a8a6e0dcca@mail.afribone.net.gn> Date: Mon, 13 Oct 2003 11:20:14 +0000 From: traore@afribone.net.gn To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.2.1 X-Originating-IP: 10.0.1.12 X-Virus-Scanned: by Admin at afribone.net.gn Subject: ipfw2 on freebsd4.7-release X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Oct 2003 11:41:19 -0000 I want to use ipfw2 on freebsd4.7-release version. But when i compiled kernel, libalias and ipfw with ipfw2 options, this is not work. When i try to add rule, i accured an error message. Regards! From owner-freebsd-net@FreeBSD.ORG Mon Oct 13 06:50:51 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D939716A4B3 for ; Mon, 13 Oct 2003 06:50:51 -0700 (PDT) Received: from mail1.comunitel.net (ns2.comunitel.net [212.145.4.98]) by mx1.FreeBSD.org (Postfix) with ESMTP id B289D43F3F for ; Mon, 13 Oct 2003 06:50:47 -0700 (PDT) (envelope-from castor@vivirasturias.com) Received: from carlosc ([212.145.203.7]) by mail1.comunitel.net (8.9.3/8.9.3) with SMTP id PAA12838 for ; Mon, 13 Oct 2003 15:50:46 +0200 (MET DST) From: "carlos castro" To: Date: Mon, 13 Oct 2003 15:50:47 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: Server VPN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Oct 2003 13:50:52 -0000 Hello I have a server VPN, with application MPD for the connections, and need that the users validate against a domain Windows 2000, when they accede by the VPN say to me that it needs to me to mount this, please? I badly feel it by my english Thanks Carlos Castro Spain From owner-freebsd-net@FreeBSD.ORG Mon Oct 13 07:30:53 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB65A16A4B3 for ; Mon, 13 Oct 2003 07:30:53 -0700 (PDT) Received: from thoth.sbs.de (thoth.sbs.de [192.35.17.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id EC00C43F85 for ; Mon, 13 Oct 2003 07:30:51 -0700 (PDT) (envelope-from andre.albsmeier@siemens.com) Received: from mail3.siemens.de (mail3.siemens.de [139.25.208.14]) by thoth.sbs.de (8.11.7/8.11.7) with ESMTP id h9DEUi726610; Mon, 13 Oct 2003 16:30:44 +0200 (MEST) Received: from mars.cert.siemens.de (ust.mchp.siemens.de [139.23.201.17]) by mail3.siemens.de (8.11.7/8.11.7) with ESMTP id h9DEUdT11158; Mon, 13 Oct 2003 16:30:39 +0200 (MEST) Received: from curry.mchp.siemens.de (curry.mchp.siemens.de [139.25.42.7]) mail/cert.mc.pre,v 1.51 2003/10/08 13:21:15 ust Exp $) with ESMTP id h9DEUYPj076348; Mon, 13 Oct 2003 16:30:35 +0200 (CEST) Received: (from localhost) by curry.mchp.siemens.de (8.12.9p2/8.12.9) id h9DEUYaG020431; Date: Mon, 13 Oct 2003 16:30:32 +0200 From: Andre Albsmeier To: KIMURA Yasuhiro Message-ID: <20031013143032.GA24640@curry.mchp.siemens.de> References: <20031012.064710.49662944.yasu@utahime.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031012.064710.49662944.yasu@utahime.org> X-Echelon: 727, jihad, Undercover, NCSA, CIA X-Advice: Drop that crappy M$-Outlook, I'm tired of your viruses! User-Agent: Mutt/1.5.4i cc: freebsd-net@freebsd.org Subject: Re: DNS lookup failure by host or dig X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Oct 2003 14:30:53 -0000 On Sun, 12-Oct-2003 at 06:47:10 +0900, KIMURA Yasuhiro wrote: > I found DNS lookup by host or dig fails if (1) kernel is built without > "options INET6" and (2) DNS server has both v4 and v6 address. > > % host -t ns kame.net > kame.net name server orange.kame.net > kame.net name server ns1.itojun.org > % host orange.kame.net > orange.kame.net has address 203.178.141.194 > orange.kame.net has address 2001:200:0:8002:203:47ff:fea5:3085 > % host orange.kame.net orange.kame.net > Using domain server: > Name: orange.kame.net > Addresses: 2001:200:0:8002:203:47ff:fea5:3085 203.178.141.194 > > Host not found, try again. > % dig @orange.kame.net orange.kame.net > > ; <<>> DiG 8.3 <<>> @orange.kame.net orange.kame.net > ; (2 servers found) > ;; res options: init recurs defnam dnsrch > ;; res_nsend to server orange.kame.net 2001:200:0:8002:203:47ff:fea5:3085: Protocol not supported > % > > This happens on both 4.8R and 5.1R. What's wrong with this failure? > Bug of FreeBSD or any configuration error of my machines? This has bugged me as well a couple of times. I assume it comes from the fact that host and dig use the code in contrib/bind. This code doesn't have the necessary "#ifdef INET6" in it. I fixed it here with the patch below but this is bad since: - it patches contrib stuff - I assume this is the wrong way to do it - it is ugly But it works :-) --- contrib/bind/lib/irs/getaddrinfo.c.ORI Tue Aug 26 09:31:19 2003 +++ contrib/bind/lib/irs/getaddrinfo.c Tue Aug 26 09:32:25 2003 @@ -339,6 +339,7 @@ case PF_UNSPEC: case PF_INET: case PF_INET6: +((struct addrinfo*)hints)->ai_family = PF_INET; break; default: ERR(EAI_FAMILY); -Andre From owner-freebsd-net@FreeBSD.ORG Mon Oct 13 11:01:48 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1643016A4B3 for ; Mon, 13 Oct 2003 11:01:48 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0449943FEA for ; Mon, 13 Oct 2003 11:01:37 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h9DI1bFY044373 for ; Mon, 13 Oct 2003 11:01:37 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h9DI1bQl044367 for freebsd-net@freebsd.org; Mon, 13 Oct 2003 11:01:37 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 13 Oct 2003 11:01:37 -0700 (PDT) Message-Id: <200310131801.h9DI1bQl044367@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Oct 2003 18:01:48 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2002/05/04] kern/37761 net process exits but socket is still ESTABLI 1 problem total. From owner-freebsd-net@FreeBSD.ORG Mon Oct 13 12:17:40 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F89016A4B3 for ; Mon, 13 Oct 2003 12:17:40 -0700 (PDT) Received: from brisefer.cediti.be (porquepix.cediti.be [213.189.188.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1DDD843FAF for ; Mon, 13 Oct 2003 12:17:39 -0700 (PDT) (envelope-from Olivier.Cherrier@cediti.be) Received: by brisefer.nat.cediti.be with Internet Mail Service (5.5.2653.19) id <4FVJYSYD>; Mon, 13 Oct 2003 21:12:16 +0200 Message-ID: From: Olivier Cherrier To: 'carlos castro' , freebsd-net@freebsd.org Date: Mon, 13 Oct 2003 21:12:05 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Subject: RE: Server VPN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Oct 2003 19:17:40 -0000 > I have a server VPN, with application MPD for the connections, and > need that the users validate against a domain Windows 2000, when > they accede by the VPN > > say to me that it needs to me to mount this, please? Look at the archives. oc From owner-freebsd-net@FreeBSD.ORG Mon Oct 13 12:20:54 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DCEB116A4B3 for ; Mon, 13 Oct 2003 12:20:54 -0700 (PDT) Received: from mail.a-quadrat.at (mail.a-quadrat.at [81.223.141.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 897B043FBF for ; Mon, 13 Oct 2003 12:20:53 -0700 (PDT) (envelope-from mbretter@a-quadrat.at) Received: from BRUTUS (ras01.a-quadrat.at [192.168.90.200]) by files.a-quadrat.at (Postfix) with ESMTP id 948265C0D4 for ; Mon, 13 Oct 2003 21:22:01 +0200 (CEST) Date: Mon, 13 Oct 2003 21:20:49 +0200 (=?ISO-8859-15?Q?Westeurop=E4ische_Sommerzeit?=) From: Michael Bretterklieber Cc: freebsd-net@freebsd.org In-Reply-To: Message-ID: References: X-X-Sender: mbretter@mail MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: Server VPN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Oct 2003 19:20:55 -0000 Hi, On Mon, 13 Oct 2003, carlos castro wrote: > > I have a server VPN, with application MPD for the connections, and > need that the users validate against a domain Windows 2000, when > they accede by the VPN > > say to me that it needs to me to mount this, please? > MPD's RADIUS authentication module can do this for you. Take a look at the docs and at the sample configs. You should use at least MPD 3.14. bye, -- ------------------------------- ---------------------------------- Michael Bretterklieber - http://www.bretterklieber.com A-Quadrat Automation GmbH - http://www.a-quadrat.at Tel: ++43-(0)3172-41679 - GSM: ++43-(0)699 12861847 ------------------------------- ---------------------------------- "...the number of UNIX installations has grown to 10, with more expected..." - Dennis Ritchie and Ken Thompson, June 1972 From owner-freebsd-net@FreeBSD.ORG Mon Oct 13 17:49:13 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2833E16A4B3 for ; Mon, 13 Oct 2003 17:49:13 -0700 (PDT) Received: from vineyard.net (k1.vineyard.net [204.17.195.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id ADFF643FB1 for ; Mon, 13 Oct 2003 17:49:10 -0700 (PDT) (envelope-from ericx_lists@vineyard.net) Received: from localhost (loopback [127.0.0.1]) by vineyard.net (Postfix) with ESMTP id B7E7091CDD for ; Mon, 13 Oct 2003 20:43:31 -0400 (EDT) Received: from vineyard.net ([127.0.0.1]) by localhost (king1.vineyard.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 53579-01 for ; Mon, 13 Oct 2003 20:43:31 -0400 (EDT) Received: from alice (alice.ericx.net [204.128.227.62]) by vineyard.net (Postfix) with SMTP id 6B2DD91971 for ; Mon, 13 Oct 2003 20:43:31 -0400 (EDT) Message-ID: <02df01c391ec$ce67bbc0$3ee380cc@alice> From: "Eric W. Bates" To: Date: Mon, 13 Oct 2003 20:47:55 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Virus-Scanned: by AMaViS at Vineyard.NET Subject: Where do ipfw kern:emerg logs come from? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 00:49:13 -0000 4.8-RELEASE-p10 ipfw2 I have a firewall which appears to be behaving well. I have quite a few 'log' instructions for the sake of debugging. However, I seem to be generating quite a few kern:emerg messages as well as security:info messages. Oct 13 14:11:26 brock /kernel: .132:80 out via de0 Oct 13 14:11:26 brock /kernel: 00 UNKNOWN TCP 208.172.16.132:80 192.168.1.91:1104 in via de0 Oct 13 14:11:26 brock /kernel: 00 UNKNOWN TCP 192.168.1.91:1104 208.172.16.132:80 out via de0 Oct 13 14:11:27 brock /kernel: in via de0 Oct 13 14:11:28 brock /kernel: pfw: 65000 Accept TCP 208.172.16.132:80 192.168.1.91:1104 in via de0 Oct 13 14:11:29 brock /kernel: 300 Divert 8668 TCP 208.172.16.132:80 207.218.155.34:1104 in via de0 The messages actually appear to be truncated versions of the security.info messages: Oct 13 14:11:26 brock /kernel: ipfw: 400 UNKNOWN TCP 192.168.1.91:1104 208.172.16.132:80 out via de0 Oct 13 14:11:26 brock /kernel: ipfw: 500 SkipTo 10000 TCP 192.168.1.91:1104 208.172.16.132:80 out via de0 Oct 13 14:11:26 brock /kernel: ipfw: 10000 Divert 8668 TCP 192.168.1.91:1104 208.172.16.132:80 out via de0 I found ipfw logging code sys/netinet/in ip_fw.c; but there doesn't seem to be anything using LOG_KERN or LOG_EMERG. Is this a bug? -- ericx From owner-freebsd-net@FreeBSD.ORG Mon Oct 13 22:37:26 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 48CDC16A4B3 for ; Mon, 13 Oct 2003 22:37:26 -0700 (PDT) Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E20543F93 for ; Mon, 13 Oct 2003 22:37:24 -0700 (PDT) (envelope-from eugen@kuzbass.ru) Received: from kuzbass.ru (kost [213.184.65.82])h9E5bHs6051599; Tue, 14 Oct 2003 13:37:18 +0800 (KRAST) (envelope-from eugen@kuzbass.ru) Message-ID: <3F8B8B8B.4D778985@kuzbass.ru> Date: Tue, 14 Oct 2003 13:37:15 +0800 From: Eugene Grosbein Organization: SVZServ X-Mailer: Mozilla 4.8 [en] (Win98; U) X-Accept-Language: ru,en MIME-Version: 1.0 To: "Eric W. Bates" References: <02df01c391ec$ce67bbc0$3ee380cc@alice> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Where do ipfw kern:emerg logs come from? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 05:37:26 -0000 "Eric W. Bates" wrote: > The messages actually appear to be truncated versions of the security.info > messages: > > Oct 13 14:11:26 brock /kernel: ipfw: 400 UNKNOWN TCP > 192.168.1.91:1104 208.172.16.132:80 out via de0 > Oct 13 14:11:26 brock /kernel: ipfw: 500 SkipTo 10000 TCP > 192.168.1.91:1104 208.172.16.132:80 out via de0 > Oct 13 14:11:26 brock /kernel: ipfw: 10000 Divert 8668 TCP > 192.168.1.91:1104 208.172.16.132:80 out via de0 > > I found ipfw logging code sys/netinet/in ip_fw.c; but there doesn't seem to > be anything using LOG_KERN or LOG_EMERG. > > Is this a bug? I guess syslogd is guilty. Eugene Grosbein From owner-freebsd-net@FreeBSD.ORG Tue Oct 14 12:50:26 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 49F9716A4BF for ; Tue, 14 Oct 2003 12:50:26 -0700 (PDT) Received: from boole.cs.uh.edu (Boole.cs.uh.edu [129.7.240.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F90243FD7 for ; Tue, 14 Oct 2003 12:50:25 -0700 (PDT) (envelope-from mzu@cs.uh.edu) Received: from mail.cs.uh.edu (pascal [129.7.240.15]) by boole.cs.uh.edu (Postfix) with SMTP id E23FEF976 for ; Tue, 14 Oct 2003 14:50:24 -0500 (CDT) Received: from 63.172.179.2 (SquirrelMail authenticated user mzu) by mail.cs.uh.edu with HTTP; Tue, 14 Oct 2003 14:50:24 -0500 (CDT) Message-ID: <14759.63.172.179.2.1066161024.squirrel@mail.cs.uh.edu> Date: Tue, 14 Oct 2003 14:50:24 -0500 (CDT) From: mzu@cs.uh.edu To: freebsd-net@freebsd.org User-Agent: SquirrelMail/1.4.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: HELP!!! DummyNet causing machine dead! X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 19:50:26 -0000 I have three Squid machines working together as a cache array. I used Dummynet to control the inter-cache bandwidth. My three squid is 10.12.0.1, 10.12.0.2 and 10.12.0.3 I used the following commands to create pipes in each squid For example, in Squid1: ipfw add pipe 1 IP from 10.12.0.1 to 10.12.0.2 out ipfw add pipe 2 IP from 10.12.0.1 to 10.12.0.3 out ipfw pipe 1 config bw 10Mbit/s queue 75Kbytes ipfw pipe 2 config bw 10Mbit/s queue 75Kbytes I have another program to change the bandwidth of each pipe every half an hour, with a lot of traffic going through the caches at the same time. So that the configeration for a pipe can change FROM: ipfw pipe 1 config bw 10Mbit/s queue 73Kbytes TO: ipfw pipe 1 config bw 2Mbit/s queue 25Kbytes Then in very short time, the machine is dead. I think the problem might because of the setting of "queue". But I don't know how much should be correct. I was using "bw x Mbit/s queue 6*x+13 Kbytes". Oh, when bandwidth change from 5M to 3M ,or 8M to 5M (smaller difference), the machines will run just fine with my 6*x+13 setting. Only steep jump like from 8M to 2M will always cause death. Please help me out!!! This is emergency!!!! From owner-freebsd-net@FreeBSD.ORG Tue Oct 14 12:57:29 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E4CF16A4B3 for ; Tue, 14 Oct 2003 12:57:29 -0700 (PDT) Received: from boole.cs.uh.edu (Boole.cs.uh.edu [129.7.240.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6DDFE43FBD for ; Tue, 14 Oct 2003 12:57:28 -0700 (PDT) (envelope-from mzu@cs.uh.edu) Received: from mail.cs.uh.edu (pascal [129.7.240.15]) by boole.cs.uh.edu (Postfix) with SMTP id 84E42F978 for ; Tue, 14 Oct 2003 14:57:27 -0500 (CDT) Received: from 63.172.179.2 (SquirrelMail authenticated user mzu) by mail.cs.uh.edu with HTTP; Tue, 14 Oct 2003 14:57:27 -0500 (CDT) Message-ID: <14759.63.172.179.2.1066161447.squirrel@mail.cs.uh.edu> Date: Tue, 14 Oct 2003 14:57:27 -0500 (CDT) From: mzu@cs.uh.edu To: freebsd-net@freebsd.org User-Agent: SquirrelMail/1.4.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: Help Dummynet causing machines dead X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 19:57:29 -0000 I have three Squid machines working together as a cache array. I used Dummynet to control the inter-cache bandwidth. My three squid is 10.12.0.1, 10.12.0.2 and 10.12.0.3 I used the following commands to create pipes in each squid For example, in Squid1: ipfw add pipe 1 IP from 10.12.0.1 to 10.12.0.2 out ipfw add pipe 2 IP from 10.12.0.1 to 10.12.0.3 out ipfw pipe 1 config bw 10Mbit/s queue 75Kbytes ipfw pipe 2 config bw 10Mbit/s queue 75Kbytes I have another program to change the bandwidth of each pipe every half an hour, with a lot of traffic going through the caches at the same time. So that the configeration for a pipe can change FROM: ipfw pipe 1 config bw 10Mbit/s queue 73Kbytes TO: ipfw pipe 1 config bw 2Mbit/s queue 25Kbytes Then in very short time, the machine is dead. I think the problem might because of the setting of "queue". But I don't know how much should be correct. I was using "bw x Mbit/s queue 6*x+13 Kbytes". Oh, when bandwidth change from 5M to 3M ,or 8M to 5M (smaller difference), the machines will run just fine with my 6*x+13 setting. Only steep jump like from 8M to 2M will cause death. Please help me out!!! This is emergency!!!! Thanks, Ming From owner-freebsd-net@FreeBSD.ORG Tue Oct 14 13:54:22 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8257516A4B3 for ; Tue, 14 Oct 2003 13:54:22 -0700 (PDT) Received: from mtiwmhc13.worldnet.att.net (mtiwmhc13.worldnet.att.net [204.127.131.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 15FA243F93 for ; Tue, 14 Oct 2003 13:54:17 -0700 (PDT) (envelope-from cmascott@att.net) Received: from callisto.local (46.cambridge-01rh16rt.ma.dial-access.att.net[12.91.17.46]) by worldnet.att.net (mtiwmhc13) with ESMTP id <2003101420541311300p78qfe>; Tue, 14 Oct 2003 20:54:14 +0000 Received: from callisto.local (localhost.local [127.0.0.1]) by callisto.local (8.12.8p1/8.12.8) with ESMTP id h9EKs5gi006742 for ; Tue, 14 Oct 2003 16:54:05 -0400 (EDT) (envelope-from cmascott@callisto.local) Received: (from cmascott@localhost) by callisto.local (8.12.8p1/8.12.8/Submit) id h9EKs2uw006741 for freebsd-net@freebsd.org; Tue, 14 Oct 2003 16:54:02 -0400 (EDT) Date: Tue, 14 Oct 2003 16:54:02 -0400 (EDT) From: Carl Mascott Message-Id: <200310142054.h9EKs2uw006741@callisto.local> To: freebsd-net@freebsd.org Subject: tcp.recvspace=56K causes dropped packets with V.90 PPP link X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 20:54:22 -0000 FreeBSD 4.8-R kernel.GENERIC user ppp P II - 400 128 MB RAM 56K ext. modem, 45.3K connection The following is something I posted to freebsd-net about a week ago. Since then I have pinpointed the cause of the problem. It's not a bug, it's a configuration problem. >From running tcpdump on an ftp transfer I discovered that the ftp client stalls on receive due to a dropped packet. The dropped packet is not retransmitted until the socket receive buffer has filled up with packets following the dropped packet. Until the dropped packet is retransmitted the next chunk of data is not available to the ftp client. The cause of the dropped packet is a combination of a slow link (5 KB/s V.90 PPP link) and a large TCP receive window. At 56 KB the window is sufficiently large to allow the sender to more than fill the queue of some router in the path (probably the router at my ISP's POP). Keep in mind that this dropped-packet situation is 100% repeatable, with the same packet getting dropped. It's not just Internet congestion somwehere. Upon closer inspection I've also seen dropped packets with a 48 KB receive window. 32 KB doesn't give me dropped packets, though. One moral of the story is that there is such a thing as a too-large TCP receive window, and for me >= 48 KB is too large. Another moral of the story is that on a machine with both very fast and very slow network interfaces there may be no single receive window size that is optimal for all interfaces. P.S. I struck out trying to set a smaller-than-default size for the receive window of the default route (my PPP link) due to a bug in tcp_input.c that was introduced when PR 11966 was fixed. The new bug does not allow for shrinking the send/receive window sizes beneath their current value, even if that current value was NOT set by an application (i.e., it's the system-wide default value). But that's another problem. http://www.freebsd.org/cgi/query-pr.cgi?pr=11966 ------------------------------------------------------------------ Something in the socket/proto/network interface area doesn't work correctly when tcp.recvspace=56K, the default value in 4.8-R. It DOES work correctly when tcp.recvspace= 16K, 32K, 48K. I see the following repeatable problem. At the same point in the ftp reception of a 218K .gz file, received data stops getting delivered to the ftp client and starts stacking up in mbufs. The ftp client reports "stalled". When the recvspace limit is reached, the entire socket receive buffer is delivered to the ftp client as fast as the client can take it. For the remainder of the file transfer there are no further ftp client stalls. Note that the stall occurs at approx. 2 * tcp.recvspace. Please note that this stall would not be perceptible on a LAN: the 56K socket receive buffer would fill up too quickly. This would be mostly harmless were it not for the extra mbufs being consumed. On a system with many TCP connections the supply of mbufs might be exhausted. Following is a log of my activities in trying to track down this problem. I haven't been able to pinpoint it. Does anyone have any idea what it might be or how to further track it down? 10/05/03 Start: tcp.recvspace=48K ftp receive 218K .gz file no ftp client stalls netstat -m 191/224/6016 mbufs in use (current/peak/max): 189 mbufs allocated to data 2 mbufs allocated to packet headers 130/146/1504 mbuf clusters in use (current/peak/max) 348 Kbytes allocated to network (7% of mb_map in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines Change tcp.recvspace=56K (default) ftp receive 218K .gz file ftp client stalls @ 113K for ~10 seconds, then jumps to 170K ftp client reports "stalled" no modem RxD stall netstat -w 2 -I tun0 shows no stall in tun0 input. netstat -m 192/464/6016 mbufs in use (current/peak/max): 190 mbufs allocated to data 2 mbufs allocated to packet headers 130/146/1504 mbuf clusters in use (current/peak/max) 408 Kbytes allocated to network (9% of mb_map in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines Consumed 464-224=240 extra mbufs, no extra mbuf clusters 408-348=60 KB additional RAM allocated to network Note: MSIZE=256 (machine/param.h) Note: No stall w/ tcp.recvspace = 16K, 32K, 48K. Tried ftp -d: echoed all commands sent to host, but didn't appear to produce any socket/proto debug output. From owner-freebsd-net@FreeBSD.ORG Tue Oct 14 14:30:11 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7FD8816A4B3 for ; Tue, 14 Oct 2003 14:30:11 -0700 (PDT) Received: from mail.sewamaye.net (host81-152-150-226.range81-152.btcentralplus.com [81.152.150.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 49C4543FBD for ; Tue, 14 Oct 2003 14:30:07 -0700 (PDT) (envelope-from freebsd-net@aliceclarke.org) Received: from [127.0.0.1] (helo=laptop) by mail.sewamaye.net with esmtp (Exim 4.24) id 1A9Wl9-0004ZV-Ls for freebsd-net@freebsd.org; Tue, 14 Oct 2003 22:31:15 +0100 From: "Steve Wilson" To: Date: Tue, 14 Oct 2003 22:30:04 +0100 Message-ID: <000201c3929a$557e5f30$6500a8c0@laptop> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Speedtouch internal PCI card support X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 21:30:11 -0000 I have a freebsd 4.8 machine currently using an old speedtouch USB device to connect to DSL service. This works fine so maybe I should leave it alone .. But heyho. I have notice that Alcatel have now brought out a PCI version of the speedtouch and I wondered if it is supported by the freebsd driver, but cannot find any mention of it for freebsd, quite a bit for linux which suggests it is supported. Anybody know, or got it working already? Thanks Steve Wilson From owner-freebsd-net@FreeBSD.ORG Tue Oct 14 14:38:22 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D0A0616A4B3 for ; Tue, 14 Oct 2003 14:38:22 -0700 (PDT) Received: from relay.macomnet.ru (relay.macomnet.ru [195.128.64.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 646E643F85 for ; Tue, 14 Oct 2003 14:38:21 -0700 (PDT) (envelope-from maxim@macomnet.ru) Received: from news1.macomnet.ru (mcfss2mv@news1.macomnet.ru [195.128.64.14]) by relay.macomnet.ru (8.12.10/8.12.10) with ESMTP id h9ELcFDt18688665; Wed, 15 Oct 2003 01:38:15 +0400 (MSD) Date: Wed, 15 Oct 2003 01:38:15 +0400 (MSD) From: Maxim Konovalov To: mzu@cs.uh.edu In-Reply-To: <14759.63.172.179.2.1066161024.squirrel@mail.cs.uh.edu> Message-ID: <20031015013736.V58734@news1.macomnet.ru> References: <14759.63.172.179.2.1066161024.squirrel@mail.cs.uh.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: HELP!!! DummyNet causing machine dead! X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 21:38:22 -0000 On Tue, 14 Oct 2003, 14:50-0500, mzu@cs.uh.edu wrote: > > I have three Squid machines working together as a cache array. > I used Dummynet to control the inter-cache bandwidth. > > My three squid is 10.12.0.1, 10.12.0.2 and 10.12.0.3 > > I used the following commands to create pipes in each squid > For example, in Squid1: > ipfw add pipe 1 IP from 10.12.0.1 to 10.12.0.2 out > ipfw add pipe 2 IP from 10.12.0.1 to 10.12.0.3 out > ipfw pipe 1 config bw 10Mbit/s queue 75Kbytes > ipfw pipe 2 config bw 10Mbit/s queue 75Kbytes > > I have another program to change the bandwidth of each pipe every half an > hour, with a lot of traffic going through the caches at the same time. So > that the configeration for a pipe can change > > FROM: ipfw pipe 1 config bw 10Mbit/s queue 73Kbytes > > TO: ipfw pipe 1 config bw 2Mbit/s queue 25Kbytes > > Then in very short time, the machine is dead. I think the problem might > because of the setting of "queue". But I don't know how much should be > correct. I was using "bw x Mbit/s queue 6*x+13 Kbytes". > > Oh, when bandwidth change from 5M to 3M ,or 8M to 5M (smaller difference), > the machines will run just fine with my 6*x+13 setting. Only steep jump > like from 8M to 2M will always cause death. > > Please help me out!!! This is emergency!!!! ... and uname -a says? From owner-freebsd-net@FreeBSD.ORG Tue Oct 14 20:04:19 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 43EAF16A4B3 for ; Tue, 14 Oct 2003 20:04:19 -0700 (PDT) Received: from relay.macomnet.ru (relay.macomnet.ru [195.128.64.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id E306443F93 for ; Tue, 14 Oct 2003 20:04:17 -0700 (PDT) (envelope-from maxim@macomnet.ru) Received: from news1.macomnet.ru (4v0l1p3o@news1.macomnet.ru [195.128.64.14]) by relay.macomnet.ru (8.12.10/8.12.10) with ESMTP id h9F34DDt18766957; Wed, 15 Oct 2003 07:04:13 +0400 (MSD) Date: Wed, 15 Oct 2003 07:04:13 +0400 (MSD) From: Maxim Konovalov To: mzu@cs.uh.edu In-Reply-To: <3492.24.160.121.78.1066176268.squirrel@mail.cs.uh.edu> Message-ID: <20031015065950.J62589@news1.macomnet.ru> References: <14759.63.172.179.2.1066161024.squirrel@mail.cs.uh.edu> <3492.24.160.121.78.1066176268.squirrel@mail.cs.uh.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: HELP!!! DummyNet causing machine dead! X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Oct 2003 03:04:19 -0000 On Tue, 14 Oct 2003, 19:04-0500, mzu@cs.uh.edu wrote: > > >uname -a for three machines are: > > >FreeBSD squid1.my.com 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE #0: Thu Mar 27 > 15:47:56 CST 2003 root@squid1.my.com:/usr/obj/usr/src/sys/DUMMYNET > i386 > > >FreeBSD squid2.my.com 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE #0: Mon Jan 28 > 13:44:38 CST 2002 root@squid2.my.com:/usr/obj/usr/src/sys/MYKERNEL > i386 > > >FreeBSD squid3.my.com 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE #0: Mon Jan 28 > 13:54:53 GMT 2002 root@squid3.my.com:/usr/obj/usr/src/sys/MYKERNEL > i386 I believe we fixed this bug several months ago. http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_dummynet.c rev. 1.61 and rev. 1.67. From owner-freebsd-net@FreeBSD.ORG Wed Oct 15 00:49:10 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BB7416A4B3 for ; Wed, 15 Oct 2003 00:49:10 -0700 (PDT) Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6D6A643FE0 for ; Wed, 15 Oct 2003 00:49:08 -0700 (PDT) (envelope-from eugen@kuzbass.ru) Received: from kuzbass.ru (kost [213.184.65.82])h9F7n3s6009268; Wed, 15 Oct 2003 15:49:04 +0800 (KRAST) (envelope-from eugen@kuzbass.ru) Message-ID: <3F8CFBEA.469C078D@kuzbass.ru> Date: Wed, 15 Oct 2003 15:48:58 +0800 From: Eugene Grosbein Organization: SVZServ X-Mailer: Mozilla 4.8 [en] (Win98; U) X-Accept-Language: ru,en MIME-Version: 1.0 To: John Polstra References: Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit cc: net@freebsd.org Subject: Re: routed(8) and static routes X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Oct 2003 07:49:10 -0000 At the other point, I cannot make routed(8) to announce default route without introducing total mess. I tried to set non-zero hopcount to the static default route or to run 'routed -s -g'. In both cases routed starts to announce default route and stops to keep (and announce) many of specific routes. I have no_ag and no_super_ag in /etc/gateways. Eugene Grosbein From owner-freebsd-net@FreeBSD.ORG Wed Oct 15 01:06:12 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5554516A4B3; Wed, 15 Oct 2003 01:06:12 -0700 (PDT) Received: from obsecurity.dyndns.org (adsl-63-207-60-234.dsl.lsan03.pacbell.net [63.207.60.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1ADD743F3F; Wed, 15 Oct 2003 01:06:09 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5]) by obsecurity.dyndns.org (Postfix) with ESMTP id 6D51266E5A; Wed, 15 Oct 2003 01:06:07 -0700 (PDT) Received: by rot13.obsecurity.org (Postfix, from userid 1000) id 21972B8C; Wed, 15 Oct 2003 01:06:07 -0700 (PDT) Date: Wed, 15 Oct 2003 01:06:07 -0700 From: Kris Kennaway To: Eugene Grosbein Message-ID: <20031015080606.GA53102@rot13.obsecurity.org> References: <20031009171645.33c63fa2.Alexander@Leidinger.net> <3F8A883E.F2546A7F@kuzbass.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="pWyiEgJYm5f9v55/" Content-Disposition: inline In-Reply-To: <3F8A883E.F2546A7F@kuzbass.ru> User-Agent: Mutt/1.4.1i cc: luigi@freebsd.org cc: netchild@freebsd.org cc: net@freebsd.org Subject: Re: dummynet "OUCH! pipe should have been idle!"-message in 4.9-RC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Oct 2003 08:06:12 -0000 --pWyiEgJYm5f9v55/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 13, 2003 at 07:10:54PM +0800, Eugene Grosbein wrote: > Alexander Leidinger wrote: > >=20 > > Hi, > >=20 > > [please CC me] > >=20 > > I noticed this log message on a 4.9-RC (src from ~Oct 1): > > ---snip--- > > Oct 9 15:57:42 Andro-Beta /kernel: dummynet: OUCH! pipe should have be= en idle! > > Oct 9 15:57:56 Andro-Beta /kernel: dummynet: OUCH! pipe should have be= en idle! > > ---snip--- >=20 > I receive these message sometimes with stateless ipfw2 configuration. > They seem harmless to me. I got this on 4.8-STABLE from July 16 the other day while playing with dummynet configuration. I also managed to put tun0 into an unusable state on my firewall (running ppp(8) with netgraph pppoe on a dsl modem) by using ipfw pipe 1 bw config tun0 as suggested by the ipfw manpage. Whereupon nothing at all was transmitted through the pipe even after I reconfigured it back to the previous (working) setting. Restarting ppp, ifconfig down/up, had no effect and I had to reboot the machine to get it to transmit packets through the interface again. Kris --pWyiEgJYm5f9v55/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/jP/uWry0BWjoQKURAl1AAJ4+AN9wAeZcX1c9xxjetuE1LFXUDgCgkmAx tVEQ56WBz6WQRTTflwR/AcE= =9hEB -----END PGP SIGNATURE----- --pWyiEgJYm5f9v55/-- From owner-freebsd-net@FreeBSD.ORG Wed Oct 15 01:07:04 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 54B6D16A4BF for ; Wed, 15 Oct 2003 01:07:04 -0700 (PDT) Received: from obsecurity.dyndns.org (adsl-63-207-60-234.dsl.lsan03.pacbell.net [63.207.60.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8A23F43FCB for ; Wed, 15 Oct 2003 01:07:02 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5]) by obsecurity.dyndns.org (Postfix) with ESMTP id 907D366E67; Wed, 15 Oct 2003 01:07:00 -0700 (PDT) Received: by rot13.obsecurity.org (Postfix, from userid 1000) id 6E7A5B8F; Wed, 15 Oct 2003 01:07:00 -0700 (PDT) Date: Wed, 15 Oct 2003 01:07:00 -0700 From: Kris Kennaway To: traore@afribone.net.gn Message-ID: <20031015080700.GB53102@rot13.obsecurity.org> References: <1066044014.3f8a8a6e0dcca@mail.afribone.net.gn> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="f2QGlHpHGjS2mn6Y" Content-Disposition: inline In-Reply-To: <1066044014.3f8a8a6e0dcca@mail.afribone.net.gn> User-Agent: Mutt/1.4.1i cc: freebsd-net@freebsd.org Subject: Re: ipfw2 on freebsd4.7-release X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Oct 2003 08:07:04 -0000 --f2QGlHpHGjS2mn6Y Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 13, 2003 at 11:20:14AM +0000, traore@afribone.net.gn wrote: >=20 >=20 > I want to use ipfw2 on freebsd4.7-release version. But when i compiled ke= rnel,=20 > libalias and ipfw with ipfw2 options, this is not work. When i try to add= rule,=20 > i accured an error message. Provide more details, like the commands you tried and the errors you got in return. Kris --f2QGlHpHGjS2mn6Y Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/jQAjWry0BWjoQKURAmqrAKCLurSZpVzY2/8lMGVr3y+Quz/5MwCgwzk4 0vVP0fFZ2N2xMwIJVFZ0jb8= =ckjz -----END PGP SIGNATURE----- --f2QGlHpHGjS2mn6Y-- From owner-freebsd-net@FreeBSD.ORG Wed Oct 15 14:33:34 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 23BA116A4B3 for ; Wed, 15 Oct 2003 14:33:34 -0700 (PDT) Received: from mailout06.sul.t-online.com (mailout06.sul.t-online.com [194.25.134.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id 980C043F3F for ; Wed, 15 Oct 2003 14:33:32 -0700 (PDT) (envelope-from Alexander@Leidinger.net) Received: from fwd03.aul.t-online.de by mailout06.sul.t-online.com with smtp id 1A9tGn-0004DB-03; Wed, 15 Oct 2003 23:33:25 +0200 Received: from Andro-Beta.Leidinger.net (VOgduZZBQe6yGt7Kn0R6hx4IcVzC4PGPqoc4W+rs8P62piVecmcG8v@[217.229.221.199]) by fmrl03.sul.t-online.com with esmtp id 1A9tGd-1kB5to0; Wed, 15 Oct 2003 23:33:15 +0200 Received: from Magelan.Leidinger.net (Magellan [192.168.1.1]) h9FLXEf5066111; Wed, 15 Oct 2003 23:33:14 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Received: from Magelan.Leidinger.net (netchild@localhost [127.0.0.1]) h9FLXEvd003236; Wed, 15 Oct 2003 23:33:14 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Date: Wed, 15 Oct 2003 23:33:14 +0200 From: Alexander Leidinger To: Kris Kennaway Message-Id: <20031015233314.3304d33c.Alexander@Leidinger.net> In-Reply-To: <20031015080606.GA53102@rot13.obsecurity.org> References: <20031009171645.33c63fa2.Alexander@Leidinger.net> <3F8A883E.F2546A7F@kuzbass.ru> <20031015080606.GA53102@rot13.obsecurity.org> X-Mailer: Sylpheed version 0.9.6claws (GTK+ 1.2.10; i386-portbld-freebsd5.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Seen: false X-ID: VOgduZZBQe6yGt7Kn0R6hx4IcVzC4PGPqoc4W+rs8P62piVecmcG8v@t-dialin.net cc: net@freebsd.org Subject: Re: dummynet "OUCH! pipe should have been idle!"-message in 4.9-RC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Oct 2003 21:33:34 -0000 On Wed, 15 Oct 2003 01:06:07 -0700 Kris Kennaway wrote: > I got this on 4.8-STABLE from July 16 the other day while playing with > dummynet configuration. > > I also managed to put tun0 into an unusable state on my firewall > (running ppp(8) with netgraph pppoe on a dsl modem) by using I use the same setting. > ipfw pipe 1 bw config tun0 > > as suggested by the ipfw manpage. So either I don't try it to not have to reboot the machine (I wanted to try it), or I try it to see if this is broken on 4.9-RC... > Whereupon nothing at all was transmitted through the pipe even after I > reconfigured it back to the previous (working) setting. Restarting Can you share the pipe specific rules with me? It doesn't behaves here as I think it should behave and I want to rule out "it sits in front of the monitor"-problem. I've HZ set to 1000. My intended ruleset is to have 3 pipes: high, med and low priority. ACKs and ssh should flow through the high priority pipe, some other data through the low priority pipe, and all other data through the medium priority pipe. As soon as I enable this behavior, the data flow for the low priority data drops down to half or a quarter of the previous throughput. I wouldn't mind if there's an outgoing ssh or medium priority data flow, but there isn't, so the throughput of the low priority data flow should drop down. Bye, Alexander. -- Speak softly and carry a cellular phone. http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7 From owner-freebsd-net@FreeBSD.ORG Thu Oct 16 02:05:54 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 67C3C16A4B3 for ; Thu, 16 Oct 2003 02:05:54 -0700 (PDT) Received: from karm.dyndns.org (213-182-117-102.teleos-web.de [213.182.117.102]) by mx1.FreeBSD.org (Postfix) with SMTP id 337EA43F75 for ; Thu, 16 Oct 2003 02:05:52 -0700 (PDT) (envelope-from mark@removetomailme.reidel.info) Received: (qmail 71955 invoked by uid 0); 16 Oct 2003 09:05:50 -0000 Received: from unknown (HELO removetomailme.reidel.info) (192.168.42.12) by karm.dyndns.org with SMTP; 16 Oct 2003 09:05:50 -0000 Message-ID: <3F8E5F6E.4090105@removetomailme.reidel.info> Date: Thu, 16 Oct 2003 11:05:50 +0200 From: Mark Daniel Reidel User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031016 Thunderbird/0.3 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: VLANs and bridging X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2003 09:05:54 -0000 Hello, I'm having a network-problem I cannot solve myself and am hoping you could point me in the right direction. I'm currently hosting a lot of computers, all in the same subnet. Since there are administrative servers, hosting-servers, ans so on, I want to limit access from one logical group to the other. However, the computers are at physically totally scattered locations, some in the same rack, some not. It's impossible for me to divide the network into subnets, keep that in mind. My idea was to install several VLANs, each of them holding a group of computers, and connecting them via a filtering bridge. So my setup looks like this: +--------+ +--------+ +--------+ | Switch |---| Switch |---| Switch | +--------+ +--------+ +--------+ | | | | | | | | | | | | Conputers | Computers | FreeBSD Machine | \-- Internet The obvious drawback is that all the traffic between the VLANs would have to pass through this bridge, but most of the traffic will pass to the internet and back, the traffic between the VLANs is not that much but nevertheless important. For testing, I used a FXP-card and did NOT connect the box to the internet, just to the switch. The switch was configured to give tagged packets to the BSD-machine and non-tagged to all other ports. I compiled the BRIDGE into the kernel and set up to VLANs to test: ifconfig fxp0 up ifconfig vlan1 create ifconfig vlan2 create ifconfig vlan1 vlan 1 vlandev fxp0 ifconfig vlan2 vlan 2 vlandev fxp0 The next step was to setup a bridge between vlan1 and vlan2: sysctl net.link.ether.bridge=1 sysctl net.link.ether.bridge_cfg=vlan1,vlan2 And then: nothing happens. It simply doesn't work. Using tcpdump shows me that there are ARP-packets trying to be sent and the bridge seems to be forwarding those, but I never get an answer-packet. There was no packet-filter active at this moment, so I assume there is a problem with bridging VLANs (since bridging fxp0 to rl0 works flawlessly). My question now is: I've read in some mails that bridging between tagged VLANs is currently not working really well. So what am I to do? Is there a better solution (besides subnets and using a gateway)? Is there a way to make it work? I also read about netgraph bridging but as I understand, there's no way to make it filter packets. Any suggestions or hints? - Mark From owner-freebsd-net@FreeBSD.ORG Thu Oct 16 04:10:59 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 12E0B16A4B3 for ; Thu, 16 Oct 2003 04:10:59 -0700 (PDT) Received: from karm.dyndns.org (213-182-117-102.teleos-web.de [213.182.117.102]) by mx1.FreeBSD.org (Postfix) with SMTP id 9D05F43F3F for ; Thu, 16 Oct 2003 04:10:57 -0700 (PDT) (envelope-from mark@reidel.info) Received: (qmail 74197 invoked by uid 0); 16 Oct 2003 11:10:57 -0000 Received: from unknown (HELO reidel.info) (192.168.42.12) by karm.dyndns.org with SMTP; 16 Oct 2003 11:10:57 -0000 Message-ID: <3F8E7CC0.8090808@reidel.info> Date: Thu, 16 Oct 2003 13:10:56 +0200 From: Mark Daniel Reidel User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031016 Thunderbird/0.3 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <3F8E5F6E.4090105@removetomailme.reidel.info> In-Reply-To: <3F8E5F6E.4090105@removetomailme.reidel.info> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: VLANs and bridging X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2003 11:10:59 -0000 Mark Daniel Reidel wrote: > ifconfig fxp0 up Just if someone is interested: The problem was this line. After changing it to: ifconfig fxp0 link0 up everything worked fine. Thanks, Kevin, for pointing this out :o) - Mark From owner-freebsd-net@FreeBSD.ORG Thu Oct 16 06:23:28 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EDBC216A4B3 for ; Thu, 16 Oct 2003 06:23:28 -0700 (PDT) Received: from epita.fr (hermes.epita.fr [163.5.255.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 47BE343F75 for ; Thu, 16 Oct 2003 06:23:27 -0700 (PDT) (envelope-from le-hen_j@epita.fr) Received: from carpediem (carpediem.epita.fr [10.42.42.5]) by epita.fr id h9GDNPX28563 Thu, 16 Oct 2003 15:23:25 +0200 (CEST) Date: Thu, 16 Oct 2003 15:23:24 +0200 From: jeremie le-hen To: Mark Daniel Reidel Message-ID: <20031016132324.GC9940@carpediem.epita.fr> References: <3F8E5F6E.4090105@removetomailme.reidel.info> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3F8E5F6E.4090105@removetomailme.reidel.info> User-Agent: Mutt/1.4i cc: freebsd-net@freebsd.org Subject: Re: VLANs and bridging X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2003 13:23:29 -0000 > And then: nothing happens. It simply doesn't work. Using tcpdump shows > me that there are ARP-packets trying to be sent and the bridge seems to > be forwarding those, but I never get an answer-packet. There was no > packet-filter active at this moment, so I assume there is a problem with > bridging VLANs (since bridging fxp0 to rl0 works flawlessly). Some switches, like HP ProCurve, do not allow having the same MAC address on multiple VLANs. It's maybe your case. Regards, -- Jeremie LE HEN aka TtZ/TataZ jeremie.le-hen@epita.fr ttz@epita.fr Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread! From owner-freebsd-net@FreeBSD.ORG Thu Oct 16 11:02:45 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0606F16A4B3 for ; Thu, 16 Oct 2003 11:02:45 -0700 (PDT) Received: from yoda.suceava.rdsnet.ro (yoda.suceava.rdsnet.ro [217.156.25.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id EF1B843FE3 for ; Thu, 16 Oct 2003 11:02:42 -0700 (PDT) (envelope-from ady@freebsd.ady.ro) Received: from yoda.suceava.rdsnet.ro (localhost [127.0.0.1]) h9GI2eb1016288; Thu, 16 Oct 2003 21:02:40 +0300 (EEST) (envelope-from ady@freebsd.ady.ro) Received: from localhost (ady@localhost)h9GI2eoj016285; Thu, 16 Oct 2003 21:02:40 +0300 (EEST) (envelope-from ady@freebsd.ady.ro) X-Authentication-Warning: yoda.suceava.rdsnet.ro: ady owned process doing -bs Date: Thu, 16 Oct 2003 21:02:40 +0300 (EEST) From: Adrian Penisoara X-X-Sender: ady@yoda.suceava.rdsnet.ro To: freebsd-altq list Message-ID: <20031016205712.E16176@yoda.suceava.rdsnet.ro> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-RAVMilter-Version: 8.4.2(snapshot 20021212) (yoda.suceava.rdsnet.ro) cc: freebsd-net@freebsd.org Subject: New sys-altw patchset for FreeBSD 4.9-[PRE]RELEASE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2003 18:02:45 -0000 Hi, I have rebuilt the sys-altq patches against the sources of FreeBSD 4.9-RC as of 9th October. As the RELENG_4 branch has entered the 4.9 pre-release stage, I assume that no critical changes will occur until official release time which would broke this patchset. You can download the patchsed from the FreeBSD/ALTQ's project page: http://www.rofug.ro/projects/freebsd-altq/ Or directly from here: http://www.rofug.ro/projects/freebsd-altq/sys-altq-freebsd-4.9-RELEASE.patch.gz Side-notes: * No major modifications, just driver updates * dev/em/if_em.c, dev/ie/if_ie.c fixups * pci/if_dc.c fixup which needs review * This patchsed has been used in production for about one week using the rl(4) newtork interface with no problems -- Adrian Penisoara Ady (@freebsd.ady.ro) www.rofug.ro From owner-freebsd-net@FreeBSD.ORG Thu Oct 16 12:52:48 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 73AFA16A4B3 for ; Thu, 16 Oct 2003 12:52:48 -0700 (PDT) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8A8BA43FBD for ; Thu, 16 Oct 2003 12:52:47 -0700 (PDT) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id CEF15653AC; Thu, 16 Oct 2003 20:52:46 +0100 (BST) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 55457-01-2; Thu, 16 Oct 2003 20:52:46 +0100 (BST) Received: from saboteur.dek.spc.org (unknown [212.19.93.15]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id B38376538E; Thu, 16 Oct 2003 20:52:45 +0100 (BST) Received: by saboteur.dek.spc.org (Postfix, from userid 1001) id 1216425; Thu, 16 Oct 2003 20:52:43 +0100 (BST) Date: Thu, 16 Oct 2003 20:52:43 +0100 From: Bruce M Simpson To: Mark Daniel Reidel Message-ID: <20031016195243.GA907@saboteur.dek.spc.org> Mail-Followup-To: Mark Daniel Reidel , freebsd-net@freebsd.org References: <3F8E5F6E.4090105@removetomailme.reidel.info> <3F8E7CC0.8090808@reidel.info> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3F8E7CC0.8090808@reidel.info> cc: freebsd-net@freebsd.org Subject: Re: VLANs and bridging X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2003 19:52:48 -0000 On Thu, Oct 16, 2003 at 01:10:56PM +0200, Mark Daniel Reidel wrote: > Mark Daniel Reidel wrote: > > >ifconfig fxp0 up > > Just if someone is interested: The problem was this line. After changing > it to: > > ifconfig fxp0 link0 up > > everything worked fine. Bizarre. Why would uploading the interrupt coalescing microcode fix that problem? Hrrrm... Perhaps jmg or jlemon can shed light on this... BMS From owner-freebsd-net@FreeBSD.ORG Thu Oct 16 13:06:04 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B499916A4B3 for ; Thu, 16 Oct 2003 13:06:04 -0700 (PDT) Received: from web41501.mail.yahoo.com (web41501.mail.yahoo.com [66.218.93.84]) by mx1.FreeBSD.org (Postfix) with SMTP id 374A343FE1 for ; Thu, 16 Oct 2003 13:06:04 -0700 (PDT) (envelope-from feapaulo@yahoo.com) Message-ID: <20031016200604.72938.qmail@web41501.mail.yahoo.com> Received: from [208.7.226.189] by web41501.mail.yahoo.com via HTTP; Thu, 16 Oct 2003 13:06:04 PDT Date: Thu, 16 Oct 2003 13:06:04 -0700 (PDT) From: "Fernando A. Paulo" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: Question about bridging code X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2003 20:06:04 -0000 hi all, this is about the thread regarding the use of a freebsd bridge and tap(4) to change the contents of the frames. the solution proposed in the list was to use: net.link.ether.bridge_cfg=fxp0:0,tap0:0,tap1:1,fxp1:1 then you'd write and application to bridge between clusters 0 and 1. i have a couple of questions, hopefully you can help me: 1) wont the userland bridge kill your application because of all the context-switches and copies? 2) are you using any library to rebuild your frames (crc, etc)? i'm thinking about libnet. i'd be very glad if you could help me with these doubts. thanks, fernando. __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com From owner-freebsd-net@FreeBSD.ORG Thu Oct 16 13:19:49 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 71F6416A4B3 for ; Thu, 16 Oct 2003 13:19:49 -0700 (PDT) Received: from mta03-svc.ntlworld.com (mta03-svc.ntlworld.com [62.253.162.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8D1B943F75 for ; Thu, 16 Oct 2003 13:19:39 -0700 (PDT) (envelope-from dan@ntlbusiness.com) Received: from cpc3-ches1-4-0-cust213.lutn.cable.ntl.com ([213.105.213.213]) by mta03-svc.ntlworld.comESMTP <20031016201937.MIWB6394.mta03-svc.ntlworld.com@cpc3-ches1-4-0-cust213.lutn.cable.ntl.com> for ; Thu, 16 Oct 2003 21:19:37 +0100 From: Dan To: freebsd-net@FreeBSD.ORG Date: Thu, 16 Oct 2003 21:18:21 +0100 User-Agent: KMail/1.5 MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200310162118.21786.dan@ntlbusiness.com> Subject: Query. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2003 20:19:49 -0000 Hi, Thanks for reading. I'm running FreeBSD 4.x. Basically, the problem i'm having - is that when I boot my Laptop - with the Netgear HA501 wireless card, all traffic on my FreeBSD box - which acts as the Gateway "stops". If I'm on IRC I ping timeout, browsing the net becomes impossible, etc. The setup of my LAN, is that my business cable modem (which uses DHCP) connects to sis0 ethernet, the Access point (netgear HE102) connects via crossover to sis1 ethernet, and then the HA501 works wirelessley to the HE102 AP. I set in config that it wouldnt use DHCP for the laptop, as hte laptop just uses the freebsd box as a gateway. My "ifconfig" output is: sis0: flags=8843 mtu 1500 inet6 fe80::209:5bff:fe22:47d4%sis0 prefixlen 64 scopeid 0x1 inet my.public.IP netmask 0xffffff00 broadcast 255.255.255.255 ether 00:09:5b:22:47:d4 media: Ethernet autoselect (100baseTX ) status: active sis1: flags=8843 mtu 1500 inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::240:f4ff:fe3b:ba91%sis1 prefixlen 64 scopeid 0x2 ether 00:40:f4:3b:ba:91 media: Ethernet autoselect (100baseTX ) status: active lp0: flags=8810 mtu 1500 lo0: flags=8049 mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff000000 ppp0: flags=8010 mtu 1500 sl0: flags=c010 mtu 552 faith0: flags=8002 mtu 1500 I have in /etc/rc.conf the following (as I'm using NAT): ifconfig_sis0="DHCP" kern_securelevel_enable="NO" moused_enable="YES" nfs_reserved_port_only="YES" sshd_enable="NO" usbd_enable="YES" gateway_enable="YES" firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" natd_interface="sis0" natd_flags="" firewall_script="/etc/firewall/fwrules" SENDMAIL_ENABLE="NONE" ifconfig_sis1="inet 192.168.0.1 netmask 255.255.255.0" To make sure NAT was running, before, the "ps" output is: $ ps -auxw | grep natd root 77 0.0 0.7 1976 1716 ?? Ss 3:02PM 50:24.68 /sbin/natd -n sis0 To setup my FreeBSD box as a gateway, i did these steps: I loaded IPFIREWALL and IPIDIVERT modules, to the Kernel, and recompiled it. I added the stuff I pasted to rc.conf and on the laptop (running WinXP) I put the following as the Network options: IP address: 192.168.0.2 Subnet mask: 255.255.255.0 Default gateway: 192.168.0.1 and my ISP's nameservers. Some logging: Before turning laptop on: Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 213.105.213.254 UGSc 23 3088576 sis0 127.0.0.1 127.0.0.1 UH 7 6799 lo0 192.168.0 link#2 UC 0 0 sis1 213.105.213 link#1 UC 1 0 sis0 213.105.213.213 127.0.0.1 UGHS 0 0 lo0 213.105.213.254 00:05:74:f7:58:70 UHLW 23 0 sis0 1200 After turning laptop on, before requesting a website etc (when the problems begin to occur) Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 213.105.213.254 UGSc 25 3089500 sis0 127.0.0.1 127.0.0.1 UH 7 6826 lo0 192.168.0 link#2 UC 1 0 sis1 192.168.0.2 00:09:5b:30:71:0a UHLW 0 5 sis1 1193 213.105.213 link#1 UC 1 0 sis0 213.105.213.213 127.0.0.1 UGHS 0 0 lo0 213.105.213.254 00:05:74:f7:58:70 UHLW 23 0 sis0 1199 Problem time: Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 213.105.213.254 UGSc 24 3095736 sis0 127.0.0.1 127.0.0.1 UH 7 6832 lo0 192.168.0 link#2 UC 1 0 sis1 192.168.0.2 00:09:5b:30:71:0a UHLW 0 6 sis1 1161 213.105.213 link#1 UC 1 0 sis0 213.105.213.213 127.0.0.1 UGHS 0 0 lo0 213.105.213.254 00:05:74:f7:58:70 UHLW 22 0 sis0 1199 Finally, my FWRULES: #!/bin/sh # Copyright (c) 1996 Poul-Henning Kamp # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD: src/etc/rc.firewall,v 1.30.2.16 2003/02/10 05:45:06 trhodes Exp $ # # # Setup system for firewall service. # # Suck in the configuration variables. if [ -z "${source_rc_confs_defined}" ]; then if [ -r /etc/defaults/rc.conf ]; then . /etc/defaults/rc.conf source_rc_confs elif [ -r /etc/rc.conf ]; then . /etc/rc.conf fi fi ############ # Define the firewall type in /etc/rc.conf. Valid values are: # open - will allow anyone in # client - will try to protect just this machine # simple - will try to protect a whole network # closed - totally disables IP services except via lo0 interface # UNKNOWN - disables the loading of firewall rules. # filename - will load the rules in the given filename (full path required) # # For ``client'' and ``simple'' the entries below should be customized # appropriately. ############ # # If you don't know enough about packet filtering, we suggest that you # take time to read this book: # # Building Internet Firewalls, 2nd Edition # Brent Chapman and Elizabeth Zwicky # # O'Reilly & Associates, Inc # ISBN 1-56592-871-7 # http://www.ora.com/ # http://www.oreilly.com/catalog/fire2/ # # For a more advanced treatment of Internet Security read: # # Firewalls & Internet Security # Repelling the wily hacker # William R. Cheswick, Steven M. Bellowin # # Addison-Wesley # ISBN 0-201-63357-4 # http://www.awl.com/ # http://www.awlonline.com/product/0%2C2627%2C0201633574%2C00.html # setup_loopback () { ############ # Only in rare cases do you want to change these rules # ${fwcmd} add 100 pass all from any to any via lo0 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any } if [ -n "${1}" ]; then firewall_type="${1}" fi ############ # Set quiet mode if requested # case ${firewall_quiet} in [Yy][Ee][Ss]) fwcmd="/sbin/ipfw -q" ;; *) fwcmd="/sbin/ipfw" ;; esac ############ # Flush out the list before we begin. # ${fwcmd} -f flush ############ # Network Address Translation. All packets are passed to natd(8) # before they encounter your remaining rules. The firewall rules # will then be run again on each packet after translation by natd # starting at the rule number following the divert rule. # # For ``simple'' firewall type the divert rule should be put to a # different place to not interfere with address-checking rules. # case ${firewall_type} in [Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt]) case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then ${fwcmd} add 50 divert natd all from any to any via ${natd_interface} fi ;; esac esac ############ # If you just configured ipfw in the kernel as a tool to solve network # problems or you just want to disallow some particular kinds of traffic # then you will want to change the default policy to open. You can also # do this as your only action by setting the firewall_type to ``open''. # # ${fwcmd} add 65000 pass all from any to any # Prototype setups. # case ${firewall_type} in [Oo][Pp][Ee][Nn]) setup_loopback ${fwcmd} add 65000 pass all from any to any ;; [Cc][Ll][Ii][Ee][Nn][Tt]) ############ # This is a prototype setup that will protect your system somewhat # against people from outside your own network. ############ # set these to your network and netmask and ip net="192.0.2.0" mask="255.255.255.0" ip="192.0.2.1" setup_loopback # Allow any traffic to or from my own net. ${fwcmd} add pass all from ${ip} to ${net}:${mask} ${fwcmd} add pass all from ${net}:${mask} to ${ip} # Allow TCP through if setup succeeded ${fwcmd} add pass tcp from any to any established # Allow IP fragments to pass through ${fwcmd} add pass all from any to any frag # Allow setup of incoming email ${fwcmd} add pass tcp from any to ${ip} 25 setup # Allow setup of outgoing TCP connections only ${fwcmd} add pass tcp from ${ip} to any setup # Disallow setup of all other TCP connections ${fwcmd} add deny tcp from any to any setup # Allow DNS queries out in the world ${fwcmd} add pass udp from ${ip} to any 53 keep-state # Allow NTP queries out in the world ${fwcmd} add pass udp from ${ip} to any 123 keep-state # Everything else is denied by default, unless the # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel # config file. ;; [Ss][Ii][Mm][Pp][Ll][Ee]) ############ # This is a prototype setup for a simple firewall. Configure this # machine as a named server and ntp server, and point all the machines # on the inside at this machine for those services. ############ # set these to your outside interface network and netmask and ip oif="ed0" onet="192.0.2.0" omask="255.255.255.240" oip="192.0.2.1" # set these to your inside interface network and netmask and ip iif="ed1" inet="192.0.2.16" imask="255.255.255.240" iip="192.0.2.17" setup_loopback # Stop spoofing ${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif} ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif} # Stop RFC1918 nets on the outside interface ${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif} ${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif} ${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif} # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1, # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E) # on the outside interface ${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif} ${fwcmd} add deny all from any to 169.254.0.0/16 via ${oif} ${fwcmd} add deny all from any to 192.0.2.0/24 via ${oif} ${fwcmd} add deny all from any to 224.0.0.0/4 via ${oif} ${fwcmd} add deny all from any to 240.0.0.0/4 via ${oif} # Network Address Translation. This rule is placed here deliberately # so that it does not interfere with the surrounding address-checking # rules. If for example one of your internal LAN machines had its IP # address set to 192.0.2.1 then an incoming packet for it after being # translated by natd(8) would match the `deny' rule above. Similarly # an outgoing packet originated from it before being translated would # match the `deny' rule below. case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then ${fwcmd} add divert natd all from any to any via ${natd_interface} fi ;; esac # Stop RFC1918 nets on the outside interface ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif} ${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif} ${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif} # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1, # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E) # on the outside interface ${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif} ${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif} ${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif} ${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif} ${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif} # Allow TCP through if setup succeeded ${fwcmd} add pass tcp from any to any established # Allow IP fragments to pass through ${fwcmd} add pass all from any to any frag # Allow setup of incoming email ${fwcmd} add pass tcp from any to ${oip} 25 setup # Allow access to our DNS ${fwcmd} add pass tcp from any to ${oip} 53 setup ${fwcmd} add pass udp from any to ${oip} 53 ${fwcmd} add pass udp from ${oip} 53 to any # Allow access to our WWW ${fwcmd} add pass tcp from any to ${oip} 80 setup # Reject&Log all setup of incoming connections from the outside ${fwcmd} add deny log tcp from any to any in via ${oif} setup # Allow setup of any other TCP connection ${fwcmd} add pass tcp from any to any setup # Allow DNS queries out in the world ${fwcmd} add pass udp from ${oip} to any 53 keep-state # Allow NTP queries out in the world ${fwcmd} add pass udp from ${oip} to any 123 keep-state # Everything else is denied by default, unless the # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel # config file. ;; [Cc][Ll][Oo][Ss][Ee][Dd]) setup_loopback ;; [Uu][Nn][Kk][Nn][Oo][Ww][Nn]) ;; *) if [ -r "${firewall_type}" ]; then ${fwcmd} ${firewall_flags} ${firewall_type} fi ;; esac From owner-freebsd-net@FreeBSD.ORG Thu Oct 16 13:24:47 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A366316A4B3 for ; Thu, 16 Oct 2003 13:24:47 -0700 (PDT) Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [204.127.202.64]) by mx1.FreeBSD.org (Postfix) with ESMTP id C40CE43FE3 for ; Thu, 16 Oct 2003 13:24:46 -0700 (PDT) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([12.233.125.100]) by comcast.net (sccrmhc13) with ESMTP id <2003101620244501600hlan5e>; Thu, 16 Oct 2003 20:24:45 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id NAA19938; Thu, 16 Oct 2003 13:24:42 -0700 (PDT) Date: Thu, 16 Oct 2003 13:24:41 -0700 (PDT) From: Julian Elischer To: "Fernando A. Paulo" In-Reply-To: <20031016200604.72938.qmail@web41501.mail.yahoo.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Question about bridging code X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2003 20:24:47 -0000 this is a really complicatged way of doing this.. why not just use divert sockets, like natd? or, altenatively, if you must do it at link layer, use netgraph to directly deliver the packets to your daemon.. as to packet delay, if the daemon has a high priority then, no, it shouldn't slow it down much.. (natd does this and doesn't make a huge difference..) it may even be easier to write a netgraph in-kernel kernel module to do the munging.. see one of the many sample netgraph modules... On Thu, 16 Oct 2003, Fernando A. Paulo wrote: > > hi all, > > this is about the thread regarding the use of a > freebsd bridge and tap(4) to change the contents > of the frames. > > the solution proposed in the list was to use: > > net.link.ether.bridge_cfg=fxp0:0,tap0:0,tap1:1,fxp1:1 > > then you'd write and application to bridge between > clusters 0 and 1. > > i have a couple of questions, hopefully you can help > me: > > 1) wont the userland bridge kill your application > because of all the context-switches and copies? > > 2) are you using any library to rebuild your frames > (crc, etc)? i'm thinking about libnet. > > i'd be very glad if you could help me with these > doubts. > > thanks, > fernando. > > > > > > __________________________________ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product search > http://shopping.yahoo.com > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Thu Oct 16 14:19:02 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0D57116A4B3 for ; Thu, 16 Oct 2003 14:19:02 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C01B43F85 for ; Thu, 16 Oct 2003 14:19:01 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.9p2/8.12.9) with ESMTP id h9GLIOMg067229; Thu, 16 Oct 2003 17:18:24 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)h9GLIOMJ067226; Thu, 16 Oct 2003 17:18:24 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Thu, 16 Oct 2003 17:18:24 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: "Fernando A. Paulo" In-Reply-To: <20031016200604.72938.qmail@web41501.mail.yahoo.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Question about bridging code X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2003 21:19:02 -0000 On Thu, 16 Oct 2003, Fernando A. Paulo wrote: > this is about the thread regarding the use of a freebsd bridge and > tap(4) to change the contents of the frames. > > the solution proposed in the list was to use: > > net.link.ether.bridge_cfg=fxp0:0,tap0:0,tap1:1,fxp1:1 > > then you'd write and application to bridge between clusters 0 and 1. > > i have a couple of questions, hopefully you can help me: > > 1) wont the userland bridge kill your application because of all the > context-switches and copies? > > 2) are you using any library to rebuild your frames (crc, etc)? i'm > thinking about libnet. > > i'd be very glad if you could help me with these doubts. I've done something very like this before for some research I did a few years ago. We built a user process ethernet bridge using BPF -- the process opened a BPF descriptor per interface that needed to be bridged, and then read/write frames using them, rewriting as needed. We implemented both link layer and IP-layer filtering. Because you have to copy every packet in and out of the kernel, it is fairly expensive -- however, if you just have a single process running on the system most of the time, there isn't a lot of context switching going on. The same is true of natd: natd hurts a lot worse from being in userspace if you simultaneously run tcpdump or trafshow on the host, since you force frequent context switches. My conclusion from my BPF bridge experience was that prototyping in userspace made it a lot easier to experiment with changes, and dramatically reduced the development time. On the other hand, it did terrible things to performance on high bandwidth tests, and because we weren't using mbufs in userspace, made it harder to port to the kernel. One nice benefit, though, was that we had TCP/IP people programming TCP/IP stuff without having to teach them about mbuf semantics or kernel debugging :-). Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories From owner-freebsd-net@FreeBSD.ORG Thu Oct 16 15:13:24 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9FA3816A4BF for ; Thu, 16 Oct 2003 15:13:24 -0700 (PDT) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id B18E643FBD for ; Thu, 16 Oct 2003 15:13:23 -0700 (PDT) (envelope-from brett@lariat.org) Received: from runaround.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id QAA19994 for ; Thu, 16 Oct 2003 16:13:19 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <6.0.0.22.2.20031016160155.038eca38@localhost> X-Sender: brett@localhost (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Thu, 16 Oct 2003 16:13:19 -0600 To: net@freebsd.org From: Brett Glass Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Connecting to Cisco VPN concentrator X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2003 22:13:24 -0000 Here's an interesting problem that I'm not sure how to solve. A user, whose machine runs Windows, connects to his ISP via PPTP (he can also use PPPoE, but there's no change in what happens). Once on the Internet, he wants to use the Cisco VPN client software to tunnel into a LAN at the office. Trouble is, as soon as the Cisco VPN client fires up on his Windows machine, it blocks the PPTP or PPPoE connection. In short, it strangles itself by cutting off the link over which it must connect. With the machine no longer able to reach the Internet, the VPN connection can't work, and everything falls apart. Cisco's literature hints that the Cisco VPN client contains a built-in firewall which downloads rules from the Cisco VPN router (which Cisco calls a "concentrator") as it connects. But I've explored the configuration of the concentrator, and the rules appear to allow pretty much everything through, including GRE and PPTP. I've also tried to see if the user can connect to the VPN concentrator using the built-in VPN software in Windows rather than the special Cisco VPN client software. So far, the answer is "Yes, but not in a way that's useful." I can only connect to the VPN concentrator via PPTP when encryption is turned off, thus defeating the purpose of having a VPN in the first place. When I tell the Windows system to require encryption, the connection fails. Does anyone have experience with connecting to Cisco VPN concentrators -- using either Cisco's VPN client software for Windows or a the PPTP or L2TP client software built into Windows? --Brett From owner-freebsd-net@FreeBSD.ORG Thu Oct 16 16:00:11 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 38A7B16A4B3; Thu, 16 Oct 2003 16:00:11 -0700 (PDT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E05D43FBD; Thu, 16 Oct 2003 16:00:10 -0700 (PDT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.9p2/8.12.9) with ESMTP id h9GN09YL010584; Thu, 16 Oct 2003 19:00:09 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9p2/8.12.9/Submit) id h9GN09lY010583; Thu, 16 Oct 2003 19:00:09 -0400 (EDT) (envelope-from barney) Date: Thu, 16 Oct 2003 19:00:09 -0400 From: Barney Wolff To: Robert Watson Message-ID: <20031016230009.GB10115@pit.databus.com> References: <20031016200604.72938.qmail@web41501.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.37 cc: freebsd-net@freebsd.org Subject: Re: Question about bridging code X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2003 23:00:11 -0000 On Thu, Oct 16, 2003 at 05:18:24PM -0400, Robert Watson wrote: > > My conclusion from my BPF bridge experience was that prototyping in > userspace made it a lot easier to experiment with changes, and > dramatically reduced the development time. On the other hand, it did > terrible things to performance on high bandwidth tests, and because we > weren't using mbufs in userspace, made it harder to port to the kernel. > One nice benefit, though, was that we had TCP/IP people programming TCP/IP > stuff without having to teach them about mbuf semantics or kernel > debugging :-). It's actually not so hard to get kernel mbuf-oriented code running in userspace. I did a userspace PPP implementation in 1994, and when it came time to do VJ compression I took the BSD kernel VJ code (from lbl.gov, if I recall correctly), defined some of the mbuf fields in my own structs, and it compiled and worked correctly without changing a single line of the VJ code. That project would never have survived if every bug had caused a kernel panic. The code is still running in commercial service today. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Thu Oct 16 16:21:24 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC4E416A4B3 for ; Thu, 16 Oct 2003 16:21:24 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id C9E6A43F75 for ; Thu, 16 Oct 2003 16:21:23 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.9p2/8.12.9) with ESMTP id h9GNKkMg068069; Thu, 16 Oct 2003 19:20:46 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)h9GNKkZp068066; Thu, 16 Oct 2003 19:20:46 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Thu, 16 Oct 2003 19:20:46 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Barney Wolff In-Reply-To: <20031016230009.GB10115@pit.databus.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Question about bridging code X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2003 23:21:24 -0000 On Thu, 16 Oct 2003, Barney Wolff wrote: > On Thu, Oct 16, 2003 at 05:18:24PM -0400, Robert Watson wrote: > > > > My conclusion from my BPF bridge experience was that prototyping in > > userspace made it a lot easier to experiment with changes, and > > dramatically reduced the development time. On the other hand, it did > > terrible things to performance on high bandwidth tests, and because we > > weren't using mbufs in userspace, made it harder to port to the kernel. > > One nice benefit, though, was that we had TCP/IP people programming TCP/IP > > stuff without having to teach them about mbuf semantics or kernel > > debugging :-). > > It's actually not so hard to get kernel mbuf-oriented code running in > userspace. I did a userspace PPP implementation in 1994, and when it > came time to do VJ compression I took the BSD kernel VJ code (from > lbl.gov, if I recall correctly), defined some of the mbuf fields in my > own structs, and it compiled and worked correctly without changing a > single line of the VJ code. > > That project would never have survived if every bug had caused a kernel > panic. The code is still running in commercial service today. There are also at least a couple of implementations of a full BSD network stack in userspace (Alpine being one, I believe), as well as the Linux network stack. A number of pretty large product companies also ship network appliances and related products based on userspace network stacks optimized for what they're doing, using the OS basically as a device driver and development framework. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories From owner-freebsd-net@FreeBSD.ORG Thu Oct 16 18:05:54 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC30A16A4B3; Thu, 16 Oct 2003 18:05:54 -0700 (PDT) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5444F43F75; Thu, 16 Oct 2003 18:05:53 -0700 (PDT) (envelope-from brett@lariat.org) Received: from runaround.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id TAA21821; Thu, 16 Oct 2003 19:05:48 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <6.0.0.22.2.20031016190411.0390c6d0@localhost> X-Sender: brett@localhost (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Thu, 16 Oct 2003 19:05:47 -0600 To: Bill Fumerola From: Brett Glass In-Reply-To: <20031016231643.GV53023@elvis.mu.org> References: <6.0.0.22.2.20031016160155.038eca38@localhost> <20031016231643.GV53023@elvis.mu.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" cc: net@FreeBSD.org Subject: Re: Connecting to Cisco VPN concentrator X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Oct 2003 01:05:54 -0000 That's rude, Bill. It is, indeed, relevant. The PPTP/PPPoE server through which the client is connecting is running FreeBSD. --Brett Glass At 05:16 PM 10/16/2003, Bill Fumerola wrote: >[ moved off of -net ] > >On Thu, Oct 16, 2003 at 04:13:19PM -0600, Brett Glass wrote: >> [...] > >i ran your mail through the FreeBSD Relevance Algorithm[1] and these >were my results: > >---Attachment: text/plain -- (all) >Pipe to: grep -v freebsd-net | grep -ci freebsd >0 >Press any key to continue... > >perhaps you were looking for a cisco, windows, or ipsec forum. in the >mean time, i've moved this thread to the general discussion list. > >-- >- bill fumerola / fumerola@yahoo-inc.com / billf@FreeBSD.org > >1. patent pending From owner-freebsd-net@FreeBSD.ORG Thu Oct 16 19:21:05 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E851016A4B3; Thu, 16 Oct 2003 19:21:05 -0700 (PDT) Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5FA2043FAF; Thu, 16 Oct 2003 19:21:05 -0700 (PDT) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([12.233.125.100]) by comcast.net (rwcrmhc12) with ESMTP id <2003101702210401400dnhmfe>; Fri, 17 Oct 2003 02:21:04 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id TAA22205; Thu, 16 Oct 2003 19:21:03 -0700 (PDT) Date: Thu, 16 Oct 2003 19:21:02 -0700 (PDT) From: Julian Elischer To: Brett Glass In-Reply-To: <6.0.0.22.2.20031016190411.0390c6d0@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Bill Fumerola cc: net@FreeBSD.org Subject: Re: Connecting to Cisco VPN concentrator X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Oct 2003 02:21:06 -0000 On Thu, 16 Oct 2003, Brett Glass wrote: > That's rude, Bill. > > It is, indeed, relevant. The PPTP/PPPoE server through > which the client is connecting is running FreeBSD. A fact that you completely failed to mention.. > > --Brett Glass > > At 05:16 PM 10/16/2003, Bill Fumerola wrote: > > >[ moved off of -net ] > > > >On Thu, Oct 16, 2003 at 04:13:19PM -0600, Brett Glass wrote: > >> [...] > > > >i ran your mail through the FreeBSD Relevance Algorithm[1] and these > >were my results: > > > >---Attachment: text/plain -- (all) > >Pipe to: grep -v freebsd-net | grep -ci freebsd > >0 > >Press any key to continue... > > > >perhaps you were looking for a cisco, windows, or ipsec forum. in the > >mean time, i've moved this thread to the general discussion list. > > > >-- > >- bill fumerola / fumerola@yahoo-inc.com / billf@FreeBSD.org > > > >1. patent pending > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Thu Oct 16 19:33:54 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 968FE16A4B3; Thu, 16 Oct 2003 19:33:54 -0700 (PDT) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8102043F3F; Thu, 16 Oct 2003 19:33:53 -0700 (PDT) (envelope-from brett@lariat.org) Received: from runaround.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id UAA22455; Thu, 16 Oct 2003 20:33:46 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <6.0.0.22.2.20031016203143.039165b0@localhost> X-Sender: brett@localhost (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Thu, 16 Oct 2003 20:33:32 -0600 To: Julian Elischer From: Brett Glass In-Reply-To: References: <6.0.0.22.2.20031016190411.0390c6d0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" cc: Bill Fumerola cc: net@FreeBSD.org Subject: Re: Connecting to Cisco VPN concentrator X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Oct 2003 02:33:54 -0000 In any event, if I can't get the client to connect, guess which piece of equipment goes bye-bye? (Hint: It won't be the Cisco.) --Brett At 08:21 PM 10/16/2003, Julian Elischer wrote: >On Thu, 16 Oct 2003, Brett Glass wrote: > >> That's rude, Bill. >> >> It is, indeed, relevant. The PPTP/PPPoE server through >> which the client is connecting is running FreeBSD. > >A fact that you completely failed to mention.. From owner-freebsd-net@FreeBSD.ORG Thu Oct 16 23:57:37 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 98C4A16A4B3 for ; Thu, 16 Oct 2003 23:57:37 -0700 (PDT) Received: from mail.a-quadrat.at (mail.a-quadrat.at [81.223.141.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B53143F3F for ; Thu, 16 Oct 2003 23:57:34 -0700 (PDT) (envelope-from mbretter@a-quadrat.at) Received: from BRUTUS.a-quadrat.at (brutus.a-quadrat.at [192.168.90.60]) by files.a-quadrat.at (Postfix) with ESMTP id AD8455C05D; Fri, 17 Oct 2003 08:58:32 +0200 (CEST) Date: Fri, 17 Oct 2003 08:57:30 +0200 (=?ISO-8859-15?Q?Westeurop=E4ische_Sommerzeit?=) From: Michael Bretterklieber To: Brett Glass In-Reply-To: <6.0.0.22.2.20031016160155.038eca38@localhost> Message-ID: References: <6.0.0.22.2.20031016160155.038eca38@localhost> X-X-Sender: mbretter@mail MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: net@freebsd.org Subject: Re: Connecting to Cisco VPN concentrator X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Oct 2003 06:57:37 -0000 Hi, On Thu, 16 Oct 2003, Brett Glass wrote: > Trouble is, as soon as the Cisco VPN client fires up on his Windows > machine, it blocks the PPTP or PPPoE connection. In short, it strangles > itself by cutting off the link over which it must connect. With the > machine no longer able to reach the Internet, the VPN connection can't > work, and everything falls apart. > maybe the Cisco client is disabling IP-Forwarding on the Windows machine, I've seen this with a similar client software from Checkpoint (it refuses the installation if IP-Fowarding is enabled). One of my customers is using such client software from cisco, but there were no problems, I just had to open UDP port 500 (isakmp), but this customer has a leased line with a router and no PPTP/PPPoE connection must be established when connecting to the internet. sorry, bye, -- ------------------------------- ---------------------------------- Michael Bretterklieber - http://www.bretterklieber.com A-Quadrat Automation GmbH - http://www.a-quadrat.at Tel: ++43-(0)3172-41679 - GSM: ++43-(0)699 12861847 ------------------------------- ---------------------------------- "...the number of UNIX installations has grown to 10, with more expected..." - Dennis Ritchie and Ken Thompson, June 1972 From owner-freebsd-net@FreeBSD.ORG Fri Oct 17 00:08:47 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3C9BD16A4B3 for ; Fri, 17 Oct 2003 00:08:47 -0700 (PDT) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 16A2343F75 for ; Fri, 17 Oct 2003 00:08:46 -0700 (PDT) (envelope-from brett@lariat.org) Received: from runaround.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id BAA24247; Fri, 17 Oct 2003 01:08:38 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <6.0.0.22.2.20031017010804.03b1a268@localhost> X-Sender: brett@localhost (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Fri, 17 Oct 2003 01:08:38 -0600 To: Michael Bretterklieber From: Brett Glass In-Reply-To: References: <6.0.0.22.2.20031016160155.038eca38@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" cc: net@freebsd.org Subject: Re: Connecting to Cisco VPN concentrator X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Oct 2003 07:08:47 -0000 At 12:57 AM 10/17/2003, Michael Bretterklieber wrote: >maybe the Cisco client is disabling IP-Forwarding on the Windows machine, >I've seen this with a similar client software from Checkpoint (it refuses >the installation if IP-Fowarding is enabled). Something like this may be going on. But, if so, how do I reach in and re-enable it? --Brett From owner-freebsd-net@FreeBSD.ORG Thu Oct 16 16:16:44 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B1AEE16A4B3; Thu, 16 Oct 2003 16:16:44 -0700 (PDT) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1151143F93; Thu, 16 Oct 2003 16:16:44 -0700 (PDT) (envelope-from billf@elvis.mu.org) Received: by elvis.mu.org (Postfix, from userid 1098) id 08BC02ED434; Thu, 16 Oct 2003 16:16:44 -0700 (PDT) Date: Thu, 16 Oct 2003 16:16:44 -0700 From: Bill Fumerola To: Brett Glass Message-ID: <20031016231643.GV53023@elvis.mu.org> References: <6.0.0.22.2.20031016160155.038eca38@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6.0.0.22.2.20031016160155.038eca38@localhost> User-Agent: Mutt/1.4.1i X-Operating-System: FreeBSD 4.8-MUORG-20030806 i386 X-Mailman-Approved-At: Fri, 17 Oct 2003 05:09:48 -0700 cc: chat@freebsd.org Subject: Re: Connecting to Cisco VPN concentrator X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: devnull@freebsd.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2003 23:16:44 -0000 [ moved off of -net ] On Thu, Oct 16, 2003 at 04:13:19PM -0600, Brett Glass wrote: > [...] i ran your mail through the FreeBSD Relevance Algorithm[1] and these were my results: ---Attachment: text/plain -- (all) Pipe to: grep -v freebsd-net | grep -ci freebsd 0 Press any key to continue... perhaps you were looking for a cisco, windows, or ipsec forum. in the mean time, i've moved this thread to the general discussion list. -- - bill fumerola / fumerola@yahoo-inc.com / billf@FreeBSD.org 1. patent pending From owner-freebsd-net@FreeBSD.ORG Fri Oct 17 11:30:54 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A87C16A4B3 for ; Fri, 17 Oct 2003 11:30:54 -0700 (PDT) Received: from mtiwmhc13.worldnet.att.net (mtiwmhc13.worldnet.att.net [204.127.131.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9114A43F93 for ; Fri, 17 Oct 2003 11:30:53 -0700 (PDT) (envelope-from cmascott@att.net) Received: from callisto.local (70.cambridge-01rh16rt.ma.dial-access.att.net[12.91.17.70]) by worldnet.att.net (mtiwmhc13) with ESMTP id <2003101718305211300p6iase>; Fri, 17 Oct 2003 18:30:52 +0000 Received: from callisto.local (localhost.local [127.0.0.1]) by callisto.local (8.12.8p1/8.12.8) with ESMTP id h9HIUoxf000573 for ; Fri, 17 Oct 2003 14:30:50 -0400 (EDT) (envelope-from cmascott@callisto.local) Received: (from cmascott@localhost) by callisto.local (8.12.8p1/8.12.8/Submit) id h9HIUnSr000572 for freebsd-net@freebsd.org; Fri, 17 Oct 2003 14:30:49 -0400 (EDT) Date: Fri, 17 Oct 2003 14:30:49 -0400 (EDT) From: Carl Mascott Message-Id: <200310171830.h9HIUnSr000572@callisto.local> To: freebsd-net@freebsd.org Subject: TCP window size issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Oct 2003 18:30:54 -0000 I have a few TCP window size issues. 1. In FreeBSD 4.8-R the kernel default recv window is 56 KB. This is so large that it causes dropped packets due to queue overflow with my V.90 link (BW 5 KB/s on compressed data). 2. The 4.4BSD TCP implementation has never had the correct precedence rules for setting window sizes. App-set values should take precedence over all others. Routing table values should take precedence over kernel default values. The fix for PR 11966 alters the behavior but still doesn't implement these precedence rules. http://www.freebsd.org/cgi/query-pr.cgi?pr=11966 3. RFC 793 (TCP) says that shrinking the receive window after connection is established is "strongly discouraged". I'm currently shrinking the receive window on my default route (PPP link) from 32 KB to 4 KB with settings in /etc/ppp/ppp.conf. (Had to back out patch in PR 11966.) No problems noticed yet. To avoid shrinking the window I believe I'd have to do the following: - set kernel default send & recv windows to smallest values used on any route - modify all other routes on bootup (with script in /usr/local/etc/rc.d ?) to set desired larger window sizes Keeping the script in sync with the routing table would be a new maintenance headache. How likely am I to get into trouble by shrinking the TCP receive window? Likely enough that I should make the changes above? The patch in PR 11966 was kicking around for about a year before the PR was filed. Was this patch originally intended to solve a TCP compatibility problem caused by shrinking the TCP receive window? Thanks! From owner-freebsd-net@FreeBSD.ORG Fri Oct 17 12:20:50 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7FF3716A4B3 for ; Fri, 17 Oct 2003 12:20:50 -0700 (PDT) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 00F8C43FF2 for ; Fri, 17 Oct 2003 12:20:49 -0700 (PDT) (envelope-from oppermann@pipeline.ch) Received: (qmail 89962 invoked from network); 17 Oct 2003 19:23:01 -0000 Received: from unknown (HELO pipeline.ch) ([62.48.0.53]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 17 Oct 2003 19:23:01 -0000 Message-ID: <3F9040AC.7F117AFA@pipeline.ch> Date: Fri, 17 Oct 2003 21:19:08 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Carl Mascott References: <200310171830.h9HIUnSr000572@callisto.local> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: TCP window size issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Oct 2003 19:20:50 -0000 Carl Mascott wrote: > > I have a few TCP window size issues. > > 1. In FreeBSD 4.8-R the kernel default recv window is 56 KB. This > is so large that it causes dropped packets due to queue overflow > with my V.90 link (BW 5 KB/s on compressed data). > > 2. The 4.4BSD TCP implementation has never had the correct precedence > rules for setting window sizes. App-set values should take > precedence over all others. Routing table values should take > precedence over kernel default values. The fix for PR 11966 > alters the behavior but still doesn't implement these precedence > rules. I'll fix this in my tcp_hostcache patch currently under review by Sam Leffler and Ruslan Ermilov (however that is for -CURRENT). > http://www.freebsd.org/cgi/query-pr.cgi?pr=11966 > > 3. RFC 793 (TCP) says that shrinking the receive window after > connection is established is "strongly discouraged". I'm > currently shrinking the receive window on my default route > (PPP link) from 32 KB to 4 KB with settings in > /etc/ppp/ppp.conf. (Had to back out patch in PR 11966.) > No problems noticed yet. To avoid shrinking the window I > believe I'd have to do the following: > > - set kernel default send & recv windows to smallest values > used on any route > > - modify all other routes on bootup (with script in > /usr/local/etc/rc.d ?) to set desired larger window sizes > > Keeping the script in sync with the routing table would be > a new maintenance headache. > > How likely am I to get into trouble by shrinking the TCP > receive window? Likely enough that I should make the > changes above? The patch in PR 11966 was kicking around > for about a year before the PR was filed. Was this patch > originally intended to solve a TCP compatibility problem > caused by shrinking the TCP receive window? -- Andre From owner-freebsd-net@FreeBSD.ORG Fri Oct 17 14:04:18 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 428D816A4B3 for ; Fri, 17 Oct 2003 14:04:18 -0700 (PDT) Received: from mtiwmhc12.worldnet.att.net (mtiwmhc12.worldnet.att.net [204.127.131.116]) by mx1.FreeBSD.org (Postfix) with ESMTP id 493A243FAF for ; Fri, 17 Oct 2003 14:04:17 -0700 (PDT) (envelope-from cmascott@att.net) Received: from callisto.local (197.cambridge-02rh16rt.ma.dial-access.att.net[12.91.19.197]) by worldnet.att.net (mtiwmhc12) with ESMTP id <2003101721041511200ike42e>; Fri, 17 Oct 2003 21:04:15 +0000 Received: from callisto.local (localhost.local [127.0.0.1]) by callisto.local (8.12.8p1/8.12.8) with ESMTP id h9HL4Fxf000734; Fri, 17 Oct 2003 17:04:15 -0400 (EDT) (envelope-from cmascott@callisto.local) Received: (from cmascott@localhost) by callisto.local (8.12.8p1/8.12.8/Submit) id h9HL4EK3000733; Fri, 17 Oct 2003 17:04:14 -0400 (EDT) Date: Fri, 17 Oct 2003 17:04:14 -0400 (EDT) From: Carl Mascott Message-Id: <200310172104.h9HL4EK3000733@callisto.local> To: oppermann@pipeline.ch In-Reply-To: <3F9040AC.7F117AFA@pipeline.ch> cc: freebsd-net@freebsd.org Subject: Re: TCP window size issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Oct 2003 21:04:18 -0000 Actually I have just fixed it in my copy of 4.8-R. I have a document that describes the problem and my solution. I could send you that and/or a set of patches. You might want to sketch out your own solution before you look at mine, though. Also, I'm not done testing mine yet. > Carl Mascott wrote: > > > > 2. The 4.4BSD TCP implementation has never had the correct precedence > > rules for setting window sizes. App-set values should take > > precedence over all others. Routing table values should take > > precedence over kernel default values. The fix for PR 11966 > > alters the behavior but still doesn't implement these precedence > > rules. > > I'll fix this in my tcp_hostcache patch currently under review by > Sam Leffler and Ruslan Ermilov (however that is for -CURRENT). From owner-freebsd-net@FreeBSD.ORG Fri Oct 17 15:07:15 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 11C4016A4B3 for ; Fri, 17 Oct 2003 15:07:15 -0700 (PDT) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id CA38343FDD for ; Fri, 17 Oct 2003 15:07:13 -0700 (PDT) (envelope-from oppermann@pipeline.ch) Received: (qmail 98850 invoked from network); 17 Oct 2003 22:09:26 -0000 Received: from unknown (HELO pipeline.ch) ([62.48.0.53]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 17 Oct 2003 22:09:26 -0000 Message-ID: <3F9067AD.A6551D07@pipeline.ch> Date: Sat, 18 Oct 2003 00:05:33 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Carl Mascott References: <200310172104.h9HL4EK3000733@callisto.local> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: TCP window size issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Oct 2003 22:07:15 -0000 Carl Mascott wrote: > > Actually I have just fixed it in my copy of 4.8-R. I have a document > that describes the problem and my solution. I could send you that > and/or a set of patches. You might want to sketch out your own > solution before you look at mine, though. Also, I'm not done > testing mine yet. The patch in PR11966 has already been applied. It does not fix it. I've fixed it by redoing this check in tcp_input.c::tcp_mss(): if ((bufsize = rt->rt_rmx.rmx_sendpipe) == 0) bufsize = so->sn_snd.sb_hiwat; to: if ((so->so_snd.sb_hiwat == tcp_sendspace) && rt->rt_rmx.rmx_sendpipe) bufsize = rt->rt_rmx.rmx_sendpipe; else bufsize = so->so_snd.sb_hiwat; The theory goes that with default buffers so_snd.sb_hiwat and tcp_sendspace have the same size. If that is actually the case, we use whatever we've got from the metrics. If not, the user did some changes and we take that and ignore the metrics value. This is not yet tested in reality... just theoretical ;-) Anyway, I'm interested in your solutions as well. -- Andre > > Carl Mascott wrote: > > > > > > 2. The 4.4BSD TCP implementation has never had the correct precedence > > > rules for setting window sizes. App-set values should take > > > precedence over all others. Routing table values should take > > > precedence over kernel default values. The fix for PR 11966 > > > alters the behavior but still doesn't implement these precedence > > > rules. > > > > I'll fix this in my tcp_hostcache patch currently under review by > > Sam Leffler and Ruslan Ermilov (however that is for -CURRENT). From owner-freebsd-net@FreeBSD.ORG Fri Oct 17 15:29:40 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5DE4F16A4B3 for ; Fri, 17 Oct 2003 15:29:40 -0700 (PDT) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 224DF43FDF for ; Fri, 17 Oct 2003 15:29:39 -0700 (PDT) (envelope-from oppermann@pipeline.ch) Received: (qmail 99981 invoked from network); 17 Oct 2003 22:31:52 -0000 Received: from unknown (HELO pipeline.ch) ([62.48.0.53]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 17 Oct 2003 22:31:52 -0000 Message-ID: <3F906CEE.21A4DE3B@pipeline.ch> Date: Sat, 18 Oct 2003 00:27:58 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Carl Mascott , freebsd-net@freebsd.org References: <200310172104.h9HL4EK3000733@callisto.local> <3F9067AD.A6551D07@pipeline.ch> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: TCP window size issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Oct 2003 22:29:40 -0000 Andre Oppermann wrote: > > Carl Mascott wrote: > > > > Actually I have just fixed it in my copy of 4.8-R. I have a document > > that describes the problem and my solution. I could send you that > > and/or a set of patches. You might want to sketch out your own > > solution before you look at mine, though. Also, I'm not done > > testing mine yet. > > The patch in PR11966 has already been applied. It does not fix it. > I've fixed it by redoing this check in tcp_input.c::tcp_mss(): > > if ((bufsize = rt->rt_rmx.rmx_sendpipe) == 0) > bufsize = so->sn_snd.sb_hiwat; > > to: > > if ((so->so_snd.sb_hiwat == tcp_sendspace) && rt->rt_rmx.rmx_sendpipe) > bufsize = rt->rt_rmx.rmx_sendpipe; > else > bufsize = so->so_snd.sb_hiwat; > > The theory goes that with default buffers so_snd.sb_hiwat and > tcp_sendspace have the same size. If that is actually the case, > we use whatever we've got from the metrics. If not, the user > did some changes and we take that and ignore the metrics value. > This is not yet tested in reality... just theoretical ;-) Just confirmed that it works. -- Andre From owner-freebsd-net@FreeBSD.ORG Fri Oct 17 15:45:55 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D5B1E16A4B3 for ; Fri, 17 Oct 2003 15:45:55 -0700 (PDT) Received: from smtp.netli.com (ip2-pal-focal.netli.com [66.243.52.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id D9D8943FE0 for ; Fri, 17 Oct 2003 15:45:54 -0700 (PDT) (envelope-from vlm@netli.com) Received: (qmail 11472 invoked by uid 84); 17 Oct 2003 22:45:54 -0000 Received: from vlm@netli.com by l3-1 with qmail-scanner-0.96 (uvscan: v4.1.40/v4121. . Clean. Processed in 0.163551 secs); 17 Oct 2003 22:45:54 -0000 Received: from unknown (HELO netli.com) (172.17.1.12) by mx01-pal-lan.netli.lan with SMTP; 17 Oct 2003 22:45:54 -0000 Message-ID: <3F907152.3080706@netli.com> Date: Fri, 17 Oct 2003 15:46:42 -0700 From: Lev Walkin Organization: Netli, Inc. User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030820 X-Accept-Language: ru, en-us, en MIME-Version: 1.0 To: Carl Mascott References: <200310171830.h9HIUnSr000572@callisto.local> In-Reply-To: <200310171830.h9HIUnSr000572@callisto.local> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: TCP window size issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Oct 2003 22:45:56 -0000 Carl Mascott wrote: > I have a few TCP window size issues. [skip] > 3. RFC 793 (TCP) says that shrinking the receive window after > connection is established is "strongly discouraged". I'm > currently shrinking the receive window on my default route > (PPP link) from 32 KB to 4 KB with settings in > /etc/ppp/ppp.conf. (Had to back out patch in PR 11966.) [skip] > How likely am I to get into trouble by shrinking the TCP > receive window? Likely enough that I should make the RFC793 has nothing to do with the defaults you're setting in ppp.conf. RFC merely says that the TCP implementation _itself_ should not shrink window after establishing a TCP connection. If the default dictates 4k, the TCP implementation will use 4k and will not advertise a much smaller window without having accepted that much data. -- Lev Walkin vlm@netli.com From owner-freebsd-net@FreeBSD.ORG Fri Oct 17 17:16:35 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EAA5316A4BF for ; Fri, 17 Oct 2003 17:16:35 -0700 (PDT) Received: from mtiwmhc11.worldnet.att.net (mtiwmhc11.worldnet.att.net [204.127.131.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id F2CCC43FB1 for ; Fri, 17 Oct 2003 17:16:34 -0700 (PDT) (envelope-from cmascott@att.net) Received: from callisto.local (105.cambridge-01rh15rt.ma.dial-access.att.net[12.91.16.105]) by worldnet.att.net (mtiwmhc11) with ESMTP id <20031018001633111006oigke>; Sat, 18 Oct 2003 00:16:33 +0000 Received: from callisto.local (localhost.local [127.0.0.1]) by callisto.local (8.12.8p1/8.12.8) with ESMTP id h9I0GXxf000982; Fri, 17 Oct 2003 20:16:33 -0400 (EDT) (envelope-from cmascott@callisto.local) Received: (from cmascott@localhost) by callisto.local (8.12.8p1/8.12.8/Submit) id h9I0GWQF000981; Fri, 17 Oct 2003 20:16:32 -0400 (EDT) Date: Fri, 17 Oct 2003 20:16:32 -0400 (EDT) From: Carl Mascott Message-Id: <200310180016.h9I0GWQF000981@callisto.local> To: oppermann@pipeline.ch In-Reply-To: <3F9067AD.A6551D07@pipeline.ch> cc: freebsd-net@freebsd.org Subject: Re: TCP window size issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Oct 2003 00:16:36 -0000 Here's a case that your logic does not handle correctly. 1. Kernel default buffer size = 32 KB 2. Routing table buffer size = 48 KB 3. Application sets buffer size to 32 KB 4. tcp_mss() selects 48 KB buffer size, giving the routing table precedence over the application. I found it necessary to add a new flag with meaning "the application set my size" to struct sockbuf. I'll e-mail you a copy of my document. Note that I have backed out the patch from PR 11966. You may not want to do this. It depends upon the correct answer to Issue #3 (shrinking the receive window) in my original posting. NOTE: AFAIK, 4.4BSD through FreeBSD 4.6-R seem to have done alright without the PR 11966 patch, but if someone knows different, please speak up. Andre Oppermann wrote: > > The patch in PR11966 has already been applied. It does not fix it. > I've fixed it by redoing this check in tcp_input.c::tcp_mss(): > > if ((bufsize = rt->rt_rmx.rmx_sendpipe) == 0) > bufsize = so->sn_snd.sb_hiwat; > > to: > > if ((so->so_snd.sb_hiwat == tcp_sendspace) && rt->rt_rmx.rmx_sendpipe) > bufsize = rt->rt_rmx.rmx_sendpipe; > else > bufsize = so->so_snd.sb_hiwat; > > > The theory goes that with default buffers so_snd.sb_hiwat and > tcp_sendspace have the same size. If that is actually the case, > we use whatever we've got from the metrics. If not, the user > did some changes and we take that and ignore the metrics value. > This is not yet tested in reality... just theoretical ;-) > > Anyway, I'm interested in your solutions as well. > > Carl Mascott wrote: > > > > Actually I have just fixed it in my copy of 4.8-R. I have a document > > that describes the problem and my solution. I could send you that > > and/or a set of patches. You might want to sketch out your own > > solution before you look at mine, though. Also, I'm not done > > testing mine yet. > > > Carl Mascott wrote: > > > > > > > > 2. The 4.4BSD TCP implementation has never had the correct precedence > > > > rules for setting window sizes. App-set values should take > > > > precedence over all others. Routing table values should take > > > > precedence over kernel default values. The fix for PR 11966 > > > > alters the behavior but still doesn't implement these precedence > > > > rules. > > > > > > I'll fix this in my tcp_hostcache patch currently under review by > > > Sam Leffler and Ruslan Ermilov (however that is for -CURRENT). From owner-freebsd-net@FreeBSD.ORG Fri Oct 17 17:35:57 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CCAEA16A4B3 for ; Fri, 17 Oct 2003 17:35:57 -0700 (PDT) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8170843FBF for ; Fri, 17 Oct 2003 17:35:54 -0700 (PDT) (envelope-from oppermann@pipeline.ch) Received: (qmail 6149 invoked from network); 18 Oct 2003 00:38:07 -0000 Received: from unknown (HELO pipeline.ch) ([62.48.0.53]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 18 Oct 2003 00:38:07 -0000 Message-ID: <3F908A85.339EC78A@pipeline.ch> Date: Sat, 18 Oct 2003 02:34:13 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Carl Mascott References: <200310180016.h9I0GWQF000981@callisto.local> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: TCP window size issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Oct 2003 00:35:58 -0000 Carl Mascott wrote: > > Here's a case that your logic does not handle correctly. > > 1. Kernel default buffer size = 32 KB > > 2. Routing table buffer size = 48 KB > > 3. Application sets buffer size to 32 KB > > 4. tcp_mss() selects 48 KB buffer size, giving the routing > table precedence over the application. Tough luck... can't have everything. > I found it necessary to add a new flag with meaning > "the application set my size" to struct sockbuf. I think you are overdoing this thing a little bit. Sendpipe and recvpipe can only be set by root with the route command. There is nothing changing that automagically in the kernel. Actually in my tcp_hostcache patch we still carry sendpipe and recvpipe even though there ain't no way to change it anymore (route has no longer access to it). It comes handy when we get auto-sizing socket buffers... (hint hint!) I don't think there are many people setting the pipesize at all. > I'll e-mail you a copy of my document. Note that I have > backed out the patch from PR 11966. You may not want to > do this. It depends upon the correct answer to Issue #3 > (shrinking the receive window) in my original posting. Got it. Still have to read it. > NOTE: AFAIK, 4.4BSD through FreeBSD 4.6-R seem to have done > alright without the PR 11966 patch, but if someone knows > different, please speak up. -- Andre > Andre Oppermann wrote: > > > > The patch in PR11966 has already been applied. It does not fix it. > > I've fixed it by redoing this check in tcp_input.c::tcp_mss(): > > > > if ((bufsize = rt->rt_rmx.rmx_sendpipe) == 0) > > bufsize = so->sn_snd.sb_hiwat; > > > > to: > > > > if ((so->so_snd.sb_hiwat == tcp_sendspace) && rt->rt_rmx.rmx_sendpipe) > > bufsize = rt->rt_rmx.rmx_sendpipe; > > else > > bufsize = so->so_snd.sb_hiwat; > > > > > > The theory goes that with default buffers so_snd.sb_hiwat and > > tcp_sendspace have the same size. If that is actually the case, > > we use whatever we've got from the metrics. If not, the user > > did some changes and we take that and ignore the metrics value. > > This is not yet tested in reality... just theoretical ;-) > > > > Anyway, I'm interested in your solutions as well. > > > > Carl Mascott wrote: > > > > > > Actually I have just fixed it in my copy of 4.8-R. I have a document > > > that describes the problem and my solution. I could send you that > > > and/or a set of patches. You might want to sketch out your own > > > solution before you look at mine, though. Also, I'm not done > > > testing mine yet. > > > > Carl Mascott wrote: > > > > > > > > > > 2. The 4.4BSD TCP implementation has never had the correct precedence > > > > > rules for setting window sizes. App-set values should take > > > > > precedence over all others. Routing table values should take > > > > > precedence over kernel default values. The fix for PR 11966 > > > > > alters the behavior but still doesn't implement these precedence > > > > > rules. > > > > > > > > I'll fix this in my tcp_hostcache patch currently under review by > > > > Sam Leffler and Ruslan Ermilov (however that is for -CURRENT). From owner-freebsd-net@FreeBSD.ORG Fri Oct 17 19:16:53 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C2E9116A4B3 for ; Fri, 17 Oct 2003 19:16:53 -0700 (PDT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id D3AF143FBD for ; Fri, 17 Oct 2003 19:16:50 -0700 (PDT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.9p2/8.12.9) with ESMTP id h9I2GnYL026232; Fri, 17 Oct 2003 22:16:49 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9p2/8.12.9/Submit) id h9I2GmBc026231; Fri, 17 Oct 2003 22:16:48 -0400 (EDT) (envelope-from barney) Date: Fri, 17 Oct 2003 22:16:48 -0400 From: Barney Wolff To: Carl Mascott Message-ID: <20031018021648.GA26182@pit.databus.com> References: <3F9067AD.A6551D07@pipeline.ch> <200310180016.h9I0GWQF000981@callisto.local> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200310180016.h9I0GWQF000981@callisto.local> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.37 cc: freebsd-net@freebsd.org Subject: Re: TCP window size issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Oct 2003 02:16:53 -0000 On Fri, Oct 17, 2003 at 08:16:32PM -0400, Carl Mascott wrote: > > NOTE: AFAIK, 4.4BSD through FreeBSD 4.6-R seem to have done > alright without the PR 11966 patch, but if someone knows > different, please speak up. I'm not really surprised. I would have thought that a well-behaved sender would be using congestion avoidance and limiting its transmit window so that packet drops should be rare, even with an oversize advertised window. What's surprising is that this sort of tweak is ever required, other than as a minor optimization. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Sat Oct 18 11:04:54 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D715416A4B3 for ; Sat, 18 Oct 2003 11:04:54 -0700 (PDT) Received: from mail2.ndsoftware.net (ns2.ndsoftware.net [195.140.149.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id DD40F43F75 for ; Sat, 18 Oct 2003 11:04:53 -0700 (PDT) (envelope-from nicolas.deffayet@ndsoftware.net) Received: from nat.gw1.aub.fr.corp.ndsoftware.net ([195.140.149.50] helo=w1-2-aub.fr.corp.ndsoftware.com) by mail2.ndsoftware.net with esmtp (Exim 3.35 #1 (Debian)) id 1AAvRc-00040B-00 for ; Sat, 18 Oct 2003 20:04:52 +0200 From: Nicolas DEFFAYET To: freebsd-net@freebsd.org Content-Type: text/plain Organization: NDSoftware Message-Id: <1066500348.10046.197.camel@w1-2-aub.fr.corp.ndsoftware.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.4 Date: Sat, 18 Oct 2003 20:05:49 +0200 Content-Transfer-Encoding: 7bit Subject: TCP IPv4 connections problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Oct 2003 18:04:55 -0000 Hello, I have a very strange problem on a router (R1): it stop to reply to TCP IPv4 connections on one of its network interfaces after a random time but it don't stop to reply to TCP IPv6 connections and ICMP IPv4/IPv6. The network is composed of 3 routers with the same hardware and software (FreeBSD 5.0): R1, R2 and R3. Interfaces on R1: ti0: to R2 ti1: to R3 ti2: to LAN1 Interfaces on R2: ti0: to R1 ti1: to LAN2 Interfaces on R3: ti0: to R1 ti1: to LAN3 Each interface have both IPv4 and IPv6 address. R3 <-> R1 <-> R2 When the problem occur (between 3 and 24 hours after reboot): LAN3 <-> R3: ICMP IPv4/IPv6 and TCP IPv4/IPv6 is OK LAN3 <-> R1: ICMP IPv4/IPv6 and TCP IPv6 is OK, TCP IPv4 is not OK LAN3 <-> R2: ICMP IPv4/IPv6 and TCP IPv4/IPv6 is OK R3 <-> R1: ICMP IPv4/IPv6 and TCP IPv6 is OK, TCP IPv4 is not OK R3 <-> R2: ICMP IPv4/IPv6 and TCP IPv4/IPv6 is OK LAN1 <-> R1: ICMP IPv4/IPv6 and TCP IPv4/IPv6 is OK LAN2 <-> R1: ICMP IPv4/IPv6 and TCP IPv4/IPv6 is OK LAN2 <-> R2: ICMP IPv4/IPv6 and TCP IPv4/IPv6 is OK R1 <-> R2: ICMP IPv4/IPv6 and TCP IPv4/IPv6 is OK When i try to establish a TCP IPv4 connection directly to R1 through the ti1 interface of R1 it dont work, but when i try to establish a TCP IPv4 connection directly to R1 through the ti0 or ti2 interface of R1 it work. I can establish from R3 a TCP IPv4 connection directly to R2 through R1. Do you have an idea how fix the problem ? Thanks Best Regards, -- Nicolas DEFFAYET, NDSoftware NDSoftware IP Network: http://www.ip.ndsoftware.net/ FNIX6 (French National Internet Exchange IPv6): http://www.fnix6.net/ EuroNOG: http://www.euronog.org/ From owner-freebsd-net@FreeBSD.ORG Sat Oct 18 11:16:20 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F1C9A16A4B3 for ; Sat, 18 Oct 2003 11:16:20 -0700 (PDT) Received: from mtiwmhc12.worldnet.att.net (mtiwmhc12.worldnet.att.net [204.127.131.116]) by mx1.FreeBSD.org (Postfix) with ESMTP id 12DB943FAF for ; Sat, 18 Oct 2003 11:16:20 -0700 (PDT) (envelope-from cmascott@att.net) Received: from callisto.local (64.cambridge-01rh15rt.ma.dial-access.att.net[12.91.16.64]) by worldnet.att.net (mtiwmhc12) with ESMTP id <2003101818161811200ijc6ce>; Sat, 18 Oct 2003 18:16:18 +0000 Received: from callisto.local (localhost.local [127.0.0.1]) by callisto.local (8.12.8p1/8.12.8) with ESMTP id h9IIGGTb000363; Sat, 18 Oct 2003 14:16:16 -0400 (EDT) (envelope-from cmascott@callisto.local) Received: (from cmascott@localhost) by callisto.local (8.12.8p1/8.12.8/Submit) id h9IIGFjO000362; Sat, 18 Oct 2003 14:16:15 -0400 (EDT) Date: Sat, 18 Oct 2003 14:16:15 -0400 (EDT) From: Carl Mascott Message-Id: <200310181816.h9IIGFjO000362@callisto.local> To: vlm@netli.com In-Reply-To: <3F907152.3080706@netli.com> cc: freebsd-net@freebsd.org Subject: Re: TCP window size issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Oct 2003 18:16:21 -0000 Sorry, but you are mistaken, and I can e-mail you the tcpdump output to prove it. As I said, I'm running 4.8-R with the PR 11966 patch backed out. With this kernel, and with any stock FreeBSD 4.6-R or earlier, the TCP implementation _will_ shrink the receive window after the connection is established _if_ a routing table pipesize entry tells it to. See tcp_input.c:tcp_mss() from 4.6-R or earlier. The following statements in ppp.conf set recvpipe 4096 set sendpipe 4096 result in the following default route route to: default destination: default mask: default gateway: 10.0.0.2 interface: tun0 flags: recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire 4096 4096 0 0 0 0 1500 0 This causes tcp_mss() to shrink the receive window after a connection using the default route is established, as long as the kernel default recv window size is > 4096 (slight simplification here). Lev Walkin wrote: > Carl Mascott wrote: > > I have a few TCP window size issues. > [skip] > > 3. RFC 793 (TCP) says that shrinking the receive window after > > connection is established is "strongly discouraged". I'm > > currently shrinking the receive window on my default route > > (PPP link) from 32 KB to 4 KB with settings in > > /etc/ppp/ppp.conf. (Had to back out patch in PR 11966.) > > [skip] > > > How likely am I to get into trouble by shrinking the TCP > > receive window? Likely enough that I should make the > > RFC793 has nothing to do with the defaults you're setting in ppp.conf. > RFC merely says that the TCP implementation _itself_ should not shrink > window after establishing a TCP connection. If the default dictates 4k, > the TCP implementation will use 4k and will not advertise a much smaller > window without having accepted that much data. From owner-freebsd-net@FreeBSD.ORG Sat Oct 18 11:40:28 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 390A216A4B3 for ; Sat, 18 Oct 2003 11:40:28 -0700 (PDT) Received: from mtiwmhc13.worldnet.att.net (mtiwmhc13.worldnet.att.net [204.127.131.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4EE6643F75 for ; Sat, 18 Oct 2003 11:40:27 -0700 (PDT) (envelope-from cmascott@att.net) Received: from callisto.local (200.cambridge-02rh16rt.ma.dial-access.att.net[12.91.19.200]) by worldnet.att.net (mtiwmhc13) with ESMTP id <2003101818402511300j4f8je>; Sat, 18 Oct 2003 18:40:25 +0000 Received: from callisto.local (localhost.local [127.0.0.1]) by callisto.local (8.12.8p1/8.12.8) with ESMTP id h9IIeNTb000409; Sat, 18 Oct 2003 14:40:23 -0400 (EDT) (envelope-from cmascott@callisto.local) Received: (from cmascott@localhost) by callisto.local (8.12.8p1/8.12.8/Submit) id h9IIeM3o000408; Sat, 18 Oct 2003 14:40:22 -0400 (EDT) Date: Sat, 18 Oct 2003 14:40:22 -0400 (EDT) From: Carl Mascott Message-Id: <200310181840.h9IIeM3o000408@callisto.local> To: oppermann@pipeline.ch In-Reply-To: <3F908A85.339EC78A@pipeline.ch> cc: freebsd-net@freebsd.org Subject: Re: TCP window size issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Oct 2003 18:40:28 -0000 > Andre Oppermann wrote: > Carl Mascott wrote: > > > > Here's a case that your logic does not handle correctly. > > > > 1. Kernel default buffer size = 32 KB > > > > 2. Routing table buffer size = 48 KB > > > > 3. Application sets buffer size to 32 KB > > > > 4. tcp_mss() selects 48 KB buffer size, giving the routing > > table precedence over the application. > > Tough luck... can't have everything. I can have everything, I do have everything, and I'm willing to share. You are free to choose whether you want a simple solution that works correctly in most cases or a slightly more complex solution that works correctly in all cases. Keep in mind that you are choosing for the entire community of FreeBSD users, not just for yourself. > > > I found it necessary to add a new flag with meaning > > "the application set my size" to struct sockbuf. > > I think you are overdoing this thing a little bit. Sendpipe and > recvpipe can only be set by root with the route command. There > is nothing changing that automagically in the kernel. > > Actually in my tcp_hostcache patch we still carry sendpipe and > recvpipe even though there ain't no way to change it anymore > (route has no longer access to it). It comes handy when we get > auto-sizing socket buffers... (hint hint!) > > I don't think there are many people setting the pipesize at all. Are you actually going to make NOPs out of the RTV_[RS]PIPE bits in the rtm_inits field of struct rt_msghdr? Unless you are, any privileged application, not just 'route', will still be able to set pipe sizes. One such application is user ppp. I _need_ this capability in user ppp, BTW, to prevent recv queue overflow with a 5 KB/s PPP link while maintaining a large default recv window on my other routes. With autotuning of pipe sizes I think the PR 11966 patch is going to have to be backed out: autotuning will sometimes want to shrink the pipes. > > > I'll e-mail you a copy of my document. Note that I have > > backed out the patch from PR 11966. You may not want to > > do this. It depends upon the correct answer to Issue #3 > > (shrinking the receive window) in my original posting. > > Got it. Still have to read it. > > > NOTE: AFAIK, 4.4BSD through FreeBSD 4.6-R seem to have done > > alright without the PR 11966 patch, but if someone knows > > different, please speak up. > > -- > Andre > > > > Andre Oppermann wrote: > > > > > > The patch in PR11966 has already been applied. It does not fix it. > > > I've fixed it by redoing this check in tcp_input.c::tcp_mss(): > > > > > > if ((bufsize = rt->rt_rmx.rmx_sendpipe) == 0) > > > bufsize = so->sn_snd.sb_hiwat; > > > > > > to: > > > > > > if ((so->so_snd.sb_hiwat == tcp_sendspace) && rt->rt_rmx.rmx_sendpipe) > > > bufsize = rt->rt_rmx.rmx_sendpipe; > > > else > > > bufsize = so->so_snd.sb_hiwat; > > > > > > > > > The theory goes that with default buffers so_snd.sb_hiwat and > > > tcp_sendspace have the same size. If that is actually the case, > > > we use whatever we've got from the metrics. If not, the user > > > did some changes and we take that and ignore the metrics value. > > > This is not yet tested in reality... just theoretical ;-) > > > > > > Anyway, I'm interested in your solutions as well. > > > > > > Carl Mascott wrote: > > > > > > > > Actually I have just fixed it in my copy of 4.8-R. I have a document > > > > that describes the problem and my solution. I could send you that > > > > and/or a set of patches. You might want to sketch out your own > > > > solution before you look at mine, though. Also, I'm not done > > > > testing mine yet. > > > > > Carl Mascott wrote: > > > > > > > > > > > > 2. The 4.4BSD TCP implementation has never had the correct precedence > > > > > > rules for setting window sizes. App-set values should take > > > > > > precedence over all others. Routing table values should take > > > > > > precedence over kernel default values. The fix for PR 11966 > > > > > > alters the behavior but still doesn't implement these precedence > > > > > > rules. > > > > > > > > > > I'll fix this in my tcp_hostcache patch currently under review by > > > > > Sam Leffler and Ruslan Ermilov (however that is for -CURRENT). > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Sat Oct 18 11:47:01 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B95916A4B3 for ; Sat, 18 Oct 2003 11:47:01 -0700 (PDT) Received: from mtiwmhc11.worldnet.att.net (mtiwmhc11.worldnet.att.net [204.127.131.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4A49B43FAF for ; Sat, 18 Oct 2003 11:47:00 -0700 (PDT) (envelope-from cmascott@att.net) Received: from callisto.local (3.cambridge-02rh16rt.ma.dial-access.att.net[12.91.19.3]) by worldnet.att.net (mtiwmhc11) with ESMTP id <20031018184658111006oru7e>; Sat, 18 Oct 2003 18:46:58 +0000 Received: from callisto.local (localhost.local [127.0.0.1]) by callisto.local (8.12.8p1/8.12.8) with ESMTP id h9IIkuTb000431; Sat, 18 Oct 2003 14:46:56 -0400 (EDT) (envelope-from cmascott@callisto.local) Received: (from cmascott@localhost) by callisto.local (8.12.8p1/8.12.8/Submit) id h9IIktD2000430; Sat, 18 Oct 2003 14:46:55 -0400 (EDT) Date: Sat, 18 Oct 2003 14:46:55 -0400 (EDT) From: Carl Mascott Message-Id: <200310181846.h9IIktD2000430@callisto.local> To: barney@databus.com In-Reply-To: <20031018021648.GA26182@pit.databus.com> cc: freebsd-net@freebsd.org Subject: Re: TCP window size issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Oct 2003 18:47:01 -0000 Ahhh, that may explain why, during FTP receive of a large file over a 5 KB/s link with a 56 KB recv window, I get one or two dropped packets at the same point every time, and then no further dropped packets for the rest of the transfer. Barney Wolff wrote: > On Fri, Oct 17, 2003 at 08:16:32PM -0400, Carl Mascott wrote: > > > > NOTE: AFAIK, 4.4BSD through FreeBSD 4.6-R seem to have done > > alright without the PR 11966 patch, but if someone knows > > different, please speak up. > > I'm not really surprised. I would have thought that a well-behaved > sender would be using congestion avoidance and limiting its transmit > window so that packet drops should be rare, even with an oversize > advertised window. What's surprising is that this sort of tweak is > ever required, other than as a minor optimization.