From owner-freebsd-net@FreeBSD.ORG Sun Feb 22 02:06:01 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD3ED16A4CE for ; Sun, 22 Feb 2004 02:06:01 -0800 (PST) Received: from chaos.evolve.za.net (chaos.evolve.za.net [196.34.172.107]) by mx1.FreeBSD.org (Postfix) with ESMTP id 394D043D1F for ; Sun, 22 Feb 2004 02:06:01 -0800 (PST) (envelope-from cole@opteqint.net) Received: from root by chaos.evolve.za.net with scanned-ok (Exim 3.36 #1) id 1AuqUn-000H14-00 for freebsd-net@freebsd.org; Sun, 22 Feb 2004 12:05:57 +0200 Received: from [196.39.126.250] (helo=stalker) by chaos.evolve.za.net with asmtp (TLSv1:RC4-MD5:128) (Exim 3.36 #1) id 1AuqUn-000H0s-00 for freebsd-net@freebsd.org; Sun, 22 Feb 2004 12:05:57 +0200 Message-ID: <003d01c3f92c$02e90a10$4206000a@stalker> From: "Cole" To: Date: Sun, 22 Feb 2004 12:09:41 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Virus-Scanned: by Opteq - www.optec.co.za Subject: Vlan Problem/Bug maybe? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2004 10:06:01 -0000 Hey I run freebsd 4.9-Stable. And i also use vlans and a program called freevrrp for redundancy. For freevrrpd to function, it needs to change the ether MAC addresses of the interfaces it is told to use. I found that if i assign it only to a vlan interfaces such as vlan0 or whatever, that it changes the ether MAC adddress of it fine. The problem then, is that no traffic is ever picked up by that interface after that. After a few dumps and stuff, i realised that it is using the new ether MAC address in the packets it sends out, which is now different from the parent NIC's ether MAC address. So somewhere along when the responses are sent back, they are not being handed back to the Vlan device. As soon as i changed the NIC's ether MAC address to match that of the new vlan ether MAC address, everything works fine again. Now this isnt really a feasible option. So i would like to know if there is anyone that could possibly help with some sort of patch to the vlan driver if_vlan.c so that when it has its ether MAC address updated, it also updates the ether MAC address of the parent device. Ive done a bit of looking and i see that somewhere in the vlan_start function inside if_vlan.c the ether MAC is being changed there, but i would also like to know how to send the new ether MAC address to the parent device driver and have it update itself. If there is a better list to send this too or if anyone could possibly help, it would be much appreciated. Thanx /Cole From owner-freebsd-net@FreeBSD.ORG Sun Feb 22 04:29:34 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2AD8D16A4CF for ; Sun, 22 Feb 2004 04:29:34 -0800 (PST) Received: from web25208.mail.ukl.yahoo.com (web25208.mail.ukl.yahoo.com [217.12.10.68]) by mx1.FreeBSD.org (Postfix) with SMTP id 6C9B443D1F for ; Sun, 22 Feb 2004 04:29:33 -0800 (PST) (envelope-from sylvain_lemasson@yahoo.fr) Message-ID: <20040222122932.65801.qmail@web25208.mail.ukl.yahoo.com> Received: from [213.102.229.141] by web25208.mail.ukl.yahoo.com via HTTP; Sun, 22 Feb 2004 13:29:32 CET Date: Sun, 22 Feb 2004 13:29:32 +0100 (CET) From: =?iso-8859-1?q?Sylvain=20Lemasson?= To: freebsd-config@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org Subject: unable to ping or connect to freebsd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2004 12:29:34 -0000 Hi, I have installed freebsd 5.2.1 and connect it to the network using ppp. it works well. I have access to internet but I am unable to ping the freebsd from another computer. The network card get the ICMP packets but it seems that they are filters whereas no firewall like ipfw are installed. My rc.conf is bellow. As you can see the kernel_secureLevel is disable. Thanks. #network hostname="AMSTERDAMER" network_interfaces="lo0 lp0 sis0 sis1" ifconfig_sis0="inet 192.168.10.1 netmask 255.255.255.0" ifconfig_sis1="inet 10.0.0.1 netmask 255.255.255.255" ppp_enable="YES" ppp_mode="background" ppp_profile="tele2" ppp_nat="yes" gateway_enable="YES" #system kern_securelevel="1" kern_securelevel_enable="NO" keymap="fr.iso.acc" linux_enable="YES" moused_enable="YES" nfs_reserved_port_only="NO" usbd_enable="YES" #service inetd_enable="YES" Yahoo! Mail : votre e-mail personnel et gratuit qui vous suit partout ! Cr閑z votre Yahoo! Mail sur http://fr.benefits.yahoo.com/ From owner-freebsd-net@FreeBSD.ORG Sun Feb 22 05:43:52 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4323E16A4CE; Sun, 22 Feb 2004 05:43:52 -0800 (PST) Received: from mail.zvezda.number.ru (unknown [213.247.150.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0792E43D1D; Sun, 22 Feb 2004 05:43:52 -0800 (PST) (envelope-from blacksir@number.ru) Received: from host212-5-99-220.izmaylovo.ru ([212.5.99.220] helo=blacksir) by mail.zvezda.number.ru with smtp (Exim) id 1AuttZ-000IBn-Px; Sun, 22 Feb 2004 16:43:45 +0300 From: "Vasenin Alexander aka BlackSir" To: "Gleb Smirnoff" , "Julian Elischer" Date: Sun, 22 Feb 2004 16:43:40 +0300 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20040221235815.GA62385@cell.sick.ru> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Importance: Normal X-Spam-Score: -100.0 (---------------------------------------------------) X-Spam-Report: Spam detection software, running on the system "inet.zvezda.number.ru", hasmessageblock similar future email. If you have any questions, see the administrator of that system for details. Content preview: Yep... But it not so obvious for man like me, who thought just a week ago that netgraph is something beetween net & graphics... like MRTG LOL Another question: Is is possible that apologise, that this would require divert implemented as netgraph node? So... I [...] Content analysis details: (-100.0 points, 5.0 required) pts rule name description -------------------------------------------------- -100 USER_IN_WHITELIST From: address is in the user's white-list cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: freebsd-net@freebsd.org Subject: RE: ng_netflow: testers are welcome X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2004 13:43:52 -0000 Yep... But it not so obvious for man like me, who thought just a week ago that netgraph is something beetween net & graphics... like MRTG LOL Another question: Is is possible that ng_netflow take packets _after_ they are diverted by natd? I apologise, that this would require divert implemented as netgraph node? So... I have no idea how this would work with ipfw ruleset... Any ideas? > -----Original Message----- > From: owner-freebsd-isp@freebsd.org > [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Gleb Smirnoff > Sent: Sunday, February 22, 2004 2:58 AM > To: Julian Elischer > Cc: freebsd-isp@freebsd.org; Bjoern A. Zeeb; Vasenin Alexander aka > BlackSir; freebsd-net@freebsd.org > Subject: Re: ng_netflow: testers are welcome > Is it possible to make port dependant on kernel module > shipped with base system? How? > For example sysutils/ips is not dependant on ipfw. It is obvious > that ipfw is required for it, as well as in case of netgraph > and ng_netflow. From owner-freebsd-net@FreeBSD.ORG Sun Feb 22 08:32:17 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D410716A4CE; Sun, 22 Feb 2004 08:32:17 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id E13E743D1D; Sun, 22 Feb 2004 08:32:15 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1MGVoQE066230 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 22 Feb 2004 19:31:51 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1MGVe6q066229; Sun, 22 Feb 2004 19:31:40 +0300 (MSK) Date: Sun, 22 Feb 2004 19:31:40 +0300 From: Gleb Smirnoff To: Vasenin Alexander aka BlackSir Message-ID: <20040222163140.GA66213@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Vasenin Alexander aka BlackSir , Julian Elischer , freebsd-isp@freebsd.org, "Bjoern A. Zeeb" , freebsd-net@freebsd.org References: <20040221235815.GA62385@cell.sick.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.6i cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: Julian Elischer cc: freebsd-net@freebsd.org Subject: Re: ng_netflow: testers are welcome X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2004 16:32:18 -0000 On Sun, Feb 22, 2004 at 04:43:40PM +0300, Vasenin Alexander aka BlackSir wrote: V> Yep... But it not so obvious for man like me, who thought just a week ago V> that netgraph is something beetween net & graphics... like MRTG V> LOL V> V> Another question: V> Is is possible that ng_netflow take packets _after_ they are diverted by V> natd? I apologise, that this would require divert implemented as netgraph V> node? So... I have no idea how this would work with ipfw ruleset... Any V> ideas? The only known workaround is connecting ng_netflow to hook "upper" on inner interface of masquerading router. Any better ideas are welcome. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Sun Feb 22 10:53:43 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0830B16A4CF for ; Sun, 22 Feb 2004 10:53:43 -0800 (PST) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE45B43D2F for ; Sun, 22 Feb 2004 10:53:42 -0800 (PST) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.10/8.12.10) with ESMTP id i1MIrgKD026635; Sun, 22 Feb 2004 13:53:42 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.10/8.12.10/Submit) id i1MIrgxT026634; Sun, 22 Feb 2004 13:53:42 -0500 (EST) (envelope-from barney) Date: Sun, 22 Feb 2004 13:53:42 -0500 From: Barney Wolff To: Sylvain Lemasson Message-ID: <20040222185341.GA26597@pit.databus.com> References: <20040222122932.65801.qmail@web25208.mail.ukl.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040222122932.65801.qmail@web25208.mail.ukl.yahoo.com> User-Agent: Mutt/1.5.6i X-Scanned-By: MIMEDefang 2.39 cc: freebsd-net@freebsd.org Subject: Re: unable to ping or connect to freebsd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2004 18:53:43 -0000 On Sun, Feb 22, 2004 at 01:29:32PM +0100, Sylvain Lemasson wrote: > Hi, > I have installed freebsd 5.2.1 and connect it to the > network using ppp. it works well. I have access to > internet but I am unable to ping the freebsd from > another computer. The network card get the ICMP > packets but it seems that they are filters whereas no > firewall like ipfw are installed. My rc.conf is > bellow. As you can see the kernel_secureLevel is > disable. > > ppp_nat="yes" NAT normally does not allow connections from outside in, or unsolicited UDP or ICMP from outside in. Why do you need to allow that? Or, unless your fbsd box is acting as a router, why do you need NAT? -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Sun Feb 22 12:07:26 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 701DF16A4CE for ; Sun, 22 Feb 2004 12:07:26 -0800 (PST) Received: from ctb-mesg4.saix.net (ctb-mesg4.saix.net [196.25.240.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1BC1F43D1F for ; Sun, 22 Feb 2004 12:07:26 -0800 (PST) (envelope-from karnaugh@karnaugh.za.net) Received: from colin (rrba-ip-nas-1-p143.telkom-ipnet.co.za [155.239.84.143]) by ctb-mesg4.saix.net (Postfix) with SMTP id 736BEAA34; Sun, 22 Feb 2004 22:07:21 +0200 (SAST) Message-ID: <001401c3f97f$8326d970$0499a8c0@colin> From: "Colin Alston" To: "Barney Wolff" , References: <20040222122932.65801.qmail@web25208.mail.ukl.yahoo.com> <20040222185341.GA26597@pit.databus.com> Date: Sun, 22 Feb 2004 22:07:33 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Subject: Re: unable to ping or connect to freebsd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2004 20:07:26 -0000 > On Sun, Feb 22, 2004 at 01:29:32PM +0100, Sylvain Lemasson wrote: > > Hi, > > I have installed freebsd 5.2.1 and connect it to the > > network using ppp. it works well. I have access to > > internet but I am unable to ping the freebsd from > > another computer. The network card get the ICMP > > packets but it seems that they are filters whereas no > > firewall like ipfw are installed. My rc.conf is > > bellow. As you can see the kernel_secureLevel is > > disable. > > > > ppp_nat="yes" > > NAT normally does not allow connections from outside in, or unsolicited > UDP or ICMP from outside in. Why do you need to allow that? Or, unless > your fbsd box is acting as a router, why do you need NAT? > Unless ppp_nat="yes" engages some userland ppp filtering, I see no reason why that would block ICMP. On my userland PPP setup with NAT enabled ('nat enable' in ppp.conf iirc) the router still acts as if it were a normaly connected machine and responds to ICMP echo requests and traceroutes etc. From owner-freebsd-net@FreeBSD.ORG Sun Feb 22 12:21:30 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 718A216A4CE for ; Sun, 22 Feb 2004 12:21:30 -0800 (PST) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 0F6A243D1F for ; Sun, 22 Feb 2004 12:21:30 -0800 (PST) (envelope-from silby@silby.com) Received: (qmail 75930 invoked from network); 22 Feb 2004 20:14:49 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 22 Feb 2004 20:14:49 -0000 X-pair-Authenticated: 209.68.2.70 Date: Sun, 22 Feb 2004 14:14:47 -0600 (CST) From: Mike Silbersack To: David Burns In-Reply-To: <40377CA1.60100@dugeem.net> Message-ID: <20040222141403.K5011@odysseus.silby.com> References: <20040216170733.GA37519@us.svf.stuba.sk> <20040217154148.GA85482@us.svf.stuba.sk> <20040219140509.D32178@odysseus.silby.com> <40377CA1.60100@dugeem.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Solution: TX performance problems with 3Com 905C cards X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2004 20:21:30 -0000 On Sun, 22 Feb 2004, David Burns wrote: > Probably should have someone with more understanding of kernel drivers > check whether it has any application outside my home office... :-) > > David If you have a patch, I'd be glad to merge it into the driver (if it works well, of course.) Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Sun Feb 22 15:17:42 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E1DBB16A4CE; Sun, 22 Feb 2004 15:17:42 -0800 (PST) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id D76F743D1D; Sun, 22 Feb 2004 15:17:42 -0800 (PST) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([24.7.73.28]) by comcast.net (rwcrmhc11) with ESMTP id <2004022223173801300dbfk1e>; Sun, 22 Feb 2004 23:17:42 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id PAA52472; Sun, 22 Feb 2004 15:17:38 -0800 (PST) Date: Sun, 22 Feb 2004 15:17:38 -0800 (PST) From: Julian Elischer To: Vasenin Alexander aka BlackSir In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: freebsd-net@freebsd.org Subject: RE: ng_netflow: testers are welcome X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2004 23:17:43 -0000 you can open a divert socket as a netgraph node by openning a ksocket node with protocol 'divert'. On Sun, 22 Feb 2004, Vasenin Alexander aka BlackSir wrote: > Yep... But it not so obvious for man like me, who thought just a week ago > that netgraph is something beetween net & graphics... like MRTG > LOL > > Another question: > Is is possible that ng_netflow take packets _after_ they are diverted by > natd? I apologise, that this would require divert implemented as netgraph > node? So... I have no idea how this would work with ipfw ruleset... Any > ideas? > > > -----Original Message----- > > From: owner-freebsd-isp@freebsd.org > > [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Gleb Smirnoff > > Sent: Sunday, February 22, 2004 2:58 AM > > To: Julian Elischer > > Cc: freebsd-isp@freebsd.org; Bjoern A. Zeeb; Vasenin Alexander aka > > BlackSir; freebsd-net@freebsd.org > > Subject: Re: ng_netflow: testers are welcome > > > Is it possible to make port dependant on kernel module > > shipped with base system? How? > > For example sysutils/ips is not dependant on ipfw. It is obvious > > that ipfw is required for it, as well as in case of netgraph > > and ng_netflow. > > From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 02:43:36 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0CF2916A4CE; Mon, 23 Feb 2004 02:43:36 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3BFCC43D39; Mon, 23 Feb 2004 02:43:35 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1NAhNQE070002 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 23 Feb 2004 13:43:24 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1NAhMq0070001; Mon, 23 Feb 2004 13:43:22 +0300 (MSK) Date: Mon, 23 Feb 2004 13:43:22 +0300 From: Gleb Smirnoff To: Julian Elischer Message-ID: <20040223104322.GA69982@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Julian Elischer , Vasenin Alexander aka BlackSir , freebsd-isp@freebsd.org, "Bjoern A. Zeeb" , freebsd-net@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.6i cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: Vasenin Alexander aka BlackSir cc: freebsd-net@freebsd.org Subject: Re: ng_netflow: testers are welcome X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 10:43:36 -0000 On Sun, Feb 22, 2004 at 03:17:38PM -0800, Julian Elischer wrote: J> you can open a divert socket as a netgraph node by openning a ksocket J> node with protocol 'divert'. I didn't think of ng_ksocket as a divert socket. Thanks for pointing me at this! Really one can use "ipfw tee" to pass demasqueraded traffic to ng_netflow. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 08:41:16 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B62F716A4CE; Mon, 23 Feb 2004 08:41:16 -0800 (PST) Received: from kozlik.carrier.kiev.ua (kozlik.carrier.kiev.ua [193.193.193.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0FC3443D2D; Mon, 23 Feb 2004 08:41:16 -0800 (PST) (envelope-from news@pandora.alkar.net) Received: from news.lucky.net (IDENT:root@news.lucky.net [193.193.193.102]) by kozlik.carrier.kiev.ua with ESMTP id i2NGfBcl055656; Mon, 23 Feb 2004 18:41:12 +0200 (EET) (envelope-from news@pandora.alkar.net) Received: (from mail@localhost) by news.lucky.net (8.Who.Cares/8.Who.Cares) id SNX13265; Mon, 23 Feb 2004 18:36:09 +0200 (envelope-from news@pandora.alkar.net) From: Alexander Motin To: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Date: Mon, 23 Feb 2004 18:25:49 +0200 Organization: Alkar Teleport News Server Message-ID: References: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------080204090202030100030402" X-Trace: pandora.alkar.net 1077553549 33615 212.86.226.11 (23 Feb 2004 16:25:49 GMT) X-Complaints-To: abuse@alkar.net User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040119 X-Accept-Language: ru, en-us, en In-Reply-To: Sender: Alkar Teleport News Subsystem X-Verify-Sender: verified Subject: Re: Generating 'Fragment Needed but DF was Set' ICMP & Dummynet X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 16:41:16 -0000 This is a multi-part message in MIME format. --------------080204090202030100030402 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Here are my patches for this problem for FreeBSD 4.8 and 5.2. Review them please. Alexander Motin wrote: > I observe a strange thing. When I create dummynet pipe on output router > interface with lower MTU system stops to generate 'Fragment Needed but > DF was Set' ICMP in cases when it must. If I create this pipe on > incoming interface there is no problem. > > I check this on many routers under 4.8 and 5.2 FreeBSD. > > Is this a bug or feature? :) How pipes can be created leaving ICMP > generation working? -- Alexander Motin --------------080204090202030100030402 Content-Type: text/plain; name="dn_df_48.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="dn_df_48.patch" --- ip_dummynet.c.orig Wed May 28 01:36:02 2003 +++ ip_dummynet.c Sat Feb 21 12:49:11 2004 @@ -81,6 +81,7 @@ #include #include #include +#include #include /* for struct arpcom */ #include @@ -407,6 +408,9 @@ transmit_event(struct dn_pipe *pipe) { struct dn_pkt *pkt ; + struct mbuf *mcopy; + struct ip *ip; + int error, type, code; while ( (pkt = pipe->head) && DN_KEY_LEQ(pkt->output_time, curr_time) ) { /* @@ -426,7 +430,39 @@ */ switch (pkt->dn_dir) { case DN_TO_IP_OUT: - (void)ip_output((struct mbuf *)pkt, NULL, NULL, 0, NULL, NULL); + MGET(mcopy, M_DONTWAIT, pkt->dn_m->m_type); + if (mcopy != NULL && !m_dup_pkthdr(mcopy, pkt->dn_m, M_DONTWAIT)) { + m_free(mcopy); + mcopy = NULL; + } + if (mcopy != NULL) { + ip = mtod(pkt->dn_m, struct ip *); + mcopy->m_len = imin((ip->ip_hl << 2) + 8, + (int)ip->ip_len); + m_copydata(pkt->dn_m, 0, mcopy->m_len, mtod(mcopy, caddr_t)); + } + + error = ip_output((struct mbuf *)pkt, NULL, NULL, 0, NULL, NULL); + + if (mcopy != NULL) { + switch (error) { + case ENETUNREACH: + case EHOSTUNREACH: + case ENETDOWN: + case EHOSTDOWN: + type = ICMP_UNREACH; + code = ICMP_UNREACH_HOST; + icmp_error(mcopy, type, code, 0, pkt->ifp); + break; + case EMSGSIZE: + type = ICMP_UNREACH; + code = ICMP_UNREACH_NEEDFRAG; + icmp_error(mcopy, type, code, 0, pkt->ifp); + break; + default: + m_freem(mcopy); + }; + }; rt_unref (pkt->ro.ro_rt) ; break ; --------------080204090202030100030402 Content-Type: text/plain; name="dn_df_52.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="dn_df_52.patch" --- ip_dummynet.c.orig Mon Dec 8 11:50:54 2003 +++ ip_dummynet.c Sat Feb 21 12:17:44 2004 @@ -73,6 +73,7 @@ #include #include #include +#include #include /* for struct arpcom */ #include @@ -426,6 +427,9 @@ transmit_event(struct dn_pipe *pipe) { struct dn_pkt *pkt ; + struct mbuf *mcopy; + struct ip *ip; + int error, type, code; DUMMYNET_LOCK_ASSERT(); @@ -449,7 +453,39 @@ */ switch (pkt->dn_dir) { case DN_TO_IP_OUT: - (void)ip_output((struct mbuf *)pkt, NULL, NULL, 0, NULL, NULL); + MGET(mcopy, M_DONTWAIT, pkt->dn_m->m_type); + if (mcopy != NULL && !m_dup_pkthdr(mcopy, pkt->dn_m, M_DONTWAIT)) { + m_free(mcopy); + mcopy = NULL; + } + if (mcopy != NULL) { + ip = mtod(pkt->dn_m, struct ip *); + mcopy->m_len = imin((ip->ip_hl << 2) + 8, + (int)ip->ip_len); + m_copydata(pkt->dn_m, 0, mcopy->m_len, mtod(mcopy, caddr_t)); + } + + error = ip_output((struct mbuf *)pkt, NULL, NULL, 0, NULL, NULL); + + if (mcopy != NULL) { + switch (error) { + case ENETUNREACH: + case EHOSTUNREACH: + case ENETDOWN: + case EHOSTDOWN: + type = ICMP_UNREACH; + code = ICMP_UNREACH_HOST; + icmp_error(mcopy, type, code, 0, pkt->ifp); + break; + case EMSGSIZE: + type = ICMP_UNREACH; + code = ICMP_UNREACH_NEEDFRAG; + icmp_error(mcopy, type, code, 0, pkt->ifp); + break; + default: + m_freem(mcopy); + }; + }; rt_unref (pkt->ro.ro_rt, __func__) ; break ; --------------080204090202030100030402-- From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 09:02:59 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8246A16A4CF for ; Mon, 23 Feb 2004 09:02:59 -0800 (PST) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id C068643D1D for ; Mon, 23 Feb 2004 09:02:58 -0800 (PST) (envelope-from andre@freebsd.org) Received: (qmail 34009 invoked from network); 23 Feb 2004 17:02:57 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 23 Feb 2004 17:02:57 -0000 Message-ID: <403A323C.A8685981@freebsd.org> Date: Mon, 23 Feb 2004 18:02:52 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Alexander Motin References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: freebsd-ipfw@freebsd.org Subject: Re: Generating 'Fragment Needed but DF was Set' ICMP & Dummynet X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 17:02:59 -0000 Alexander Motin wrote: > > Here are my patches for this problem for FreeBSD 4.8 and 5.2. > Review them please. Doing a mcopy is pretty ugly... but ip_output() doesn't offer any way of saying "don't flush packet but leave it for icmp error messages". So the better fix would be to teach that to ip_output() and change the callers accordingly. Actually I'll have a patch to do that ready in a couple of hours. Then I'll commit your patch w/o the packet copying stuff. Good catch Alexander, send more(1)! :-) -- Andre > Alexander Motin wrote: > > I observe a strange thing. When I create dummynet pipe on output router > > interface with lower MTU system stops to generate 'Fragment Needed but > > DF was Set' ICMP in cases when it must. If I create this pipe on > > incoming interface there is no problem. > > > > I check this on many routers under 4.8 and 5.2 FreeBSD. > > > > Is this a bug or feature? :) How pipes can be created leaving ICMP > > generation working? > > -- > Alexander Motin > > -------------------------------------------------------------------------------- > --- ip_dummynet.c.orig Wed May 28 01:36:02 2003 > +++ ip_dummynet.c Sat Feb 21 12:49:11 2004 > @@ -81,6 +81,7 @@ > #include > #include > #include > +#include > > #include /* for struct arpcom */ > #include > @@ -407,6 +408,9 @@ > transmit_event(struct dn_pipe *pipe) > { > struct dn_pkt *pkt ; > + struct mbuf *mcopy; > + struct ip *ip; > + int error, type, code; > > while ( (pkt = pipe->head) && DN_KEY_LEQ(pkt->output_time, curr_time) ) { > /* > @@ -426,7 +430,39 @@ > */ > switch (pkt->dn_dir) { > case DN_TO_IP_OUT: > - (void)ip_output((struct mbuf *)pkt, NULL, NULL, 0, NULL, NULL); > + MGET(mcopy, M_DONTWAIT, pkt->dn_m->m_type); > + if (mcopy != NULL && !m_dup_pkthdr(mcopy, pkt->dn_m, M_DONTWAIT)) { > + m_free(mcopy); > + mcopy = NULL; > + } > + if (mcopy != NULL) { > + ip = mtod(pkt->dn_m, struct ip *); > + mcopy->m_len = imin((ip->ip_hl << 2) + 8, > + (int)ip->ip_len); > + m_copydata(pkt->dn_m, 0, mcopy->m_len, mtod(mcopy, caddr_t)); > + } > + > + error = ip_output((struct mbuf *)pkt, NULL, NULL, 0, NULL, NULL); > + > + if (mcopy != NULL) { > + switch (error) { > + case ENETUNREACH: > + case EHOSTUNREACH: > + case ENETDOWN: > + case EHOSTDOWN: > + type = ICMP_UNREACH; > + code = ICMP_UNREACH_HOST; > + icmp_error(mcopy, type, code, 0, pkt->ifp); > + break; > + case EMSGSIZE: > + type = ICMP_UNREACH; > + code = ICMP_UNREACH_NEEDFRAG; > + icmp_error(mcopy, type, code, 0, pkt->ifp); > + break; > + default: > + m_freem(mcopy); > + }; > + }; > rt_unref (pkt->ro.ro_rt) ; > break ; > > > -------------------------------------------------------------------------------- > --- ip_dummynet.c.orig Mon Dec 8 11:50:54 2003 > +++ ip_dummynet.c Sat Feb 21 12:17:44 2004 > @@ -73,6 +73,7 @@ > #include > #include > #include > +#include > > #include /* for struct arpcom */ > #include > @@ -426,6 +427,9 @@ > transmit_event(struct dn_pipe *pipe) > { > struct dn_pkt *pkt ; > + struct mbuf *mcopy; > + struct ip *ip; > + int error, type, code; > > DUMMYNET_LOCK_ASSERT(); > > @@ -449,7 +453,39 @@ > */ > switch (pkt->dn_dir) { > case DN_TO_IP_OUT: > - (void)ip_output((struct mbuf *)pkt, NULL, NULL, 0, NULL, NULL); > + MGET(mcopy, M_DONTWAIT, pkt->dn_m->m_type); > + if (mcopy != NULL && !m_dup_pkthdr(mcopy, pkt->dn_m, M_DONTWAIT)) { > + m_free(mcopy); > + mcopy = NULL; > + } > + if (mcopy != NULL) { > + ip = mtod(pkt->dn_m, struct ip *); > + mcopy->m_len = imin((ip->ip_hl << 2) + 8, > + (int)ip->ip_len); > + m_copydata(pkt->dn_m, 0, mcopy->m_len, mtod(mcopy, caddr_t)); > + } > + > + error = ip_output((struct mbuf *)pkt, NULL, NULL, 0, NULL, NULL); > + > + if (mcopy != NULL) { > + switch (error) { > + case ENETUNREACH: > + case EHOSTUNREACH: > + case ENETDOWN: > + case EHOSTDOWN: > + type = ICMP_UNREACH; > + code = ICMP_UNREACH_HOST; > + icmp_error(mcopy, type, code, 0, pkt->ifp); > + break; > + case EMSGSIZE: > + type = ICMP_UNREACH; > + code = ICMP_UNREACH_NEEDFRAG; > + icmp_error(mcopy, type, code, 0, pkt->ifp); > + break; > + default: > + m_freem(mcopy); > + }; > + }; > rt_unref (pkt->ro.ro_rt, __func__) ; > break ; > > > -------------------------------------------------------------------------------- > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 09:07:35 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0103A16A4CE for ; Mon, 23 Feb 2004 09:07:35 -0800 (PST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id C81B943D1D for ; Mon, 23 Feb 2004 09:07:34 -0800 (PST) (envelope-from max@love2party.net) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1AvJYM-0008Vj-00 for freebsd-net@freebsd.org; Mon, 23 Feb 2004 18:07:34 +0100 Received: from [80.131.154.186] (helo=vampire.homelinux.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 1AvJYL-0004JM-00 for freebsd-net@freebsd.org; Mon, 23 Feb 2004 18:07:34 +0100 Received: (qmail 32912 invoked from network); 23 Feb 2004 17:11:49 -0000 Received: from unknown (HELO fbsd52.laiers.local) (192.168.4.88) by 192.168.4.1 with SMTP; 23 Feb 2004 17:11:49 -0000 From: Max Laier To: Alexander Motin , freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Date: Mon, 23 Feb 2004 18:07:29 +0100 User-Agent: KMail/1.5.4 References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200402231807.29317.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:e28873fbe4dbe612ce62ab869898ff08 Subject: Re: Generating 'Fragment Needed but DF was Set' ICMP & Dummynet X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 17:07:35 -0000 On Monday 23 February 2004 17:25, Alexander Motin wrote: > Here are my patches for this problem for FreeBSD 4.8 and 5.2. > Review them please. Looks good, though you might want to make sure to update statistics=20 (ipstat.ips_cantfrag++). And maybe lose the type and code vars - you=20 don't really use them: =2D=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0typ= e =3D ICMP_UNREACH; =2D=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =A0 =A0 =A0 =A0code =3D IC= MP_UNREACH_HOST; =2D=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0icm= p_error(mcopy, type, code, 0, pkt->ifp); + icmp_error(mcopy, ICMP_UNREACH, ICMP_UNREACH_HOST, + 0, pkt->ifp); Also note that this patch will require some work after the MT_TAG remove=20 http://people.freebsd.org/~mlaier/mt_tag_remove.diff as pkt is freed with=20 the mbuf. I'll keep it in mind. =2D-=20 Best regards, | mlaier@freebsd.org Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 09:56:57 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9238B16A4CE; Mon, 23 Feb 2004 09:56:57 -0800 (PST) Received: from mail.alkar.net (mail.alkar.net [195.248.191.95]) by mx1.FreeBSD.org (Postfix) with ESMTP id A1A4E43D1D; Mon, 23 Feb 2004 09:56:56 -0800 (PST) (envelope-from mav@alkar.net) Received: from [195.248.178.122] (HELO alkar.net) by mail.alkar.net (CommuniGate Pro SMTP 4.1.8) with ESMTP id 148536741; Mon, 23 Feb 2004 19:56:55 +0200 Message-ID: <403A3EE8.2000302@alkar.net> Date: Mon, 23 Feb 2004 19:56:56 +0200 From: Alexander Motin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030827 X-Accept-Language: ru, uk, en-us, en MIME-Version: 1.0 To: Max Laier References: <200402231807.29317.max@love2party.net> In-Reply-To: <200402231807.29317.max@love2party.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: freebsd-ipfw@freebsd.org Subject: Re: Generating 'Fragment Needed but DF was Set' ICMP & Dummynet X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 17:56:57 -0000 Max Laier wrote: > On Monday 23 February 2004 17:25, Alexander Motin wrote: > >>Here are my patches for this problem for FreeBSD 4.8 and 5.2. >>Review them please. > > > Looks good, though you might want to make sure to update statistics > (ipstat.ips_cantfrag++). It is already incremented inside ip_output(). > And maybe lose the type and code vars - you > don't really use them: > - type = ICMP_UNREACH; > - code = ICMP_UNREACH_HOST; > - icmp_error(mcopy, type, code, 0, pkt->ifp); > + icmp_error(mcopy, ICMP_UNREACH, ICMP_UNREACH_HOST, > + 0, pkt->ifp); Of course. As you wish. :) > Also note that this patch will require some work after the MT_TAG remove > http://people.freebsd.org/~mlaier/mt_tag_remove.diff as pkt is freed with > the mbuf. I'll keep it in mind. Yes, but this was only the sample to highlight the problem. :) There also some part of code from ip_forward() about IPSEC MTU can be duplicated. -- Alexander Motin mav@alkar.net ISP "Alkar-Teleport" From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 10:03:53 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6885316A4CE; Mon, 23 Feb 2004 10:03:53 -0800 (PST) Received: from mail.alkar.net (mail.alkar.net [195.248.191.95]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3FB2B43D1D; Mon, 23 Feb 2004 10:03:52 -0800 (PST) (envelope-from mav@alkar.net) Received: from [195.248.178.122] (HELO alkar.net) by mail.alkar.net (CommuniGate Pro SMTP 4.1.8) with ESMTP id 148538026; Mon, 23 Feb 2004 20:03:50 +0200 Message-ID: <403A4085.6070202@alkar.net> Date: Mon, 23 Feb 2004 20:03:49 +0200 From: Alexander Motin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030827 X-Accept-Language: ru, uk, en-us, en MIME-Version: 1.0 To: Andre Oppermann References: <403A323C.A8685981@freebsd.org> In-Reply-To: <403A323C.A8685981@freebsd.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: freebsd-ipfw@freebsd.org Subject: Re: Generating 'Fragment Needed but DF was Set' ICMP & Dummynet X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 18:03:53 -0000 Andre Oppermann wrote: > Alexander Motin wrote: > >>Here are my patches for this problem for FreeBSD 4.8 and 5.2. >>Review them please. > > Doing a mcopy is pretty ugly... but ip_output() doesn't offer any way > of saying "don't flush packet but leave it for icmp error messages". > > So the better fix would be to teach that to ip_output() and change > the callers accordingly. Actually I'll have a patch to do that ready > in a couple of hours. Then I'll commit your patch w/o the packet > copying stuff. This was taken from ip_forward(). :) If you say that it can be reworked here then it can be reworked there too for increasing performance. -- Alexander Motin mav@alkar.net ISP "Alkar-Teleport" From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 11:01:44 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 77DA916A5A2 for ; Mon, 23 Feb 2004 11:01:44 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5703243D1F for ; Mon, 23 Feb 2004 11:01:44 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.10/8.12.10) with ESMTP id i1NJ1ibv035259 for ; Mon, 23 Feb 2004 11:01:44 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i1NJ1hBv035253 for freebsd-net@freebsd.org; Mon, 23 Feb 2004 11:01:43 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 23 Feb 2004 11:01:43 -0800 (PST) Message-Id: <200402231901.i1NJ1hBv035253@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 19:01:44 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/07/11] kern/54383 net NFS root configurations without dynamic p 1 problem total. From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 11:32:59 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB8BD16A4CE; Mon, 23 Feb 2004 11:32:59 -0800 (PST) Received: from mail.zvezda.number.ru (unknown [213.247.150.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F37143D1D; Mon, 23 Feb 2004 11:32:59 -0800 (PST) (envelope-from blacksir@number.ru) Received: from host212-5-99-220.izmaylovo.ru ([212.5.99.220] helo=blacksir) by mail.zvezda.number.ru with smtp (Exim) id 1AvLow-000GiU-Q9; Mon, 23 Feb 2004 22:32:50 +0300 From: "Vasenin Alexander aka BlackSir" To: "Gleb Smirnoff" , "Julian Elischer" Date: Mon, 23 Feb 2004 22:32:42 +0300 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20040223104322.GA69982@cell.sick.ru> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Importance: Normal X-Spam-Score: -100.0 (---------------------------------------------------) X-Spam-Report: Spam detection software, running on the system "inet.zvezda.number.ru", hasmessageblock similar future email. If you have any questions, see the administrator of that system for details.with inet/rawip/divert hook connected to ng_netflow iface0 hook (mkpeer netflow: ksocket iface0 inet/raw/divert), then "msg netflow: setdlt { iface=0 dlt }" (Raw ip instead of ethernet), then "msg divert: bind inet/0.0.0.0:8888". And after all add ipfw rule "tee 8888 ip from any better, before it). But there is bug in "ipfw tee" - packets is alwaysso denied by ipfw before tee rule). Maybe there is way to use 'divert'? I've tried - packets going to divert socket,then ng_netflow... and never come back... Actually I'm not quite understand mechanism of returning from divert - ng_ksocket have only one hook... [...] Content analysis details: (-100.0 points, 5.0 required) pts rule name description -------------------------------------------------- -100 USER_IN_WHITELIST From: address is in the user's white-list cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: freebsd-net@freebsd.org Subject: RE: ng_netflow: testers are welcome X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 19:33:00 -0000 YES! IT WORKS! All I've need - just create ksocket with inet/rawip/divert hook connected to ng_netflow iface0 hook (mkpeer netflow: ksocket iface0 inet/raw/divert), then "msg netflow: setdlt { iface=0 dlt=12 }" (Raw ip instead of ethernet), then "msg divert: bind inet/0.0.0.0:8888". And after all add ipfw rule "tee 8888 ip from any to any in"(One may need "via $oif") instead of final allow (or, better, before it). But there is bug in "ipfw tee" - packets is always immediately accepted instead of continue going through the ruleset, so tee must be the last rule(So, ng_netflow never see packets that denied by ipfw before tee rule). Maybe there is way to use 'divert'? I've tried - packets going to divert socket,then ng_netflow... and never come back... Actually I'm not quite understand mechanism of returning from divert - ng_ksocket have only one hook... Great thanks to Julian & Gleb & all who helped! 2Gleb: It would be pleasure for me to write a little example based on our discussion for README if you need. Vasenin Alexander aka BlackSir > -----Original Message----- > From: owner-freebsd-isp@freebsd.org > [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Gleb Smirnoff > Sent: Monday, February 23, 2004 1:43 PM > To: Julian Elischer > Cc: freebsd-isp@freebsd.org; Bjoern A. Zeeb; Vasenin Alexander aka > BlackSir; freebsd-net@freebsd.org > Subject: Re: ng_netflow: testers are welcome > On Sun, Feb 22, 2004 at 03:17:38PM -0800, Julian Elischer wrote: > J> you can open a divert socket as a netgraph node by openning a ksocket > J> node with protocol 'divert'. > Really one can use "ipfw tee" to pass demasqueraded traffic to > ng_netflow. From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 11:47:16 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EFDC016A4CE; Mon, 23 Feb 2004 11:47:16 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1642543D2D; Mon, 23 Feb 2004 11:47:16 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1NJknQE072686 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 23 Feb 2004 22:46:49 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1NJkmr2072685; Mon, 23 Feb 2004 22:46:49 +0300 (MSK) Date: Mon, 23 Feb 2004 22:46:48 +0300 From: Gleb Smirnoff To: Vasenin Alexander aka BlackSir Message-ID: <20040223194648.GB72475@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Vasenin Alexander aka BlackSir , Julian Elischer , freebsd-isp@freebsd.org, "Bjoern A. Zeeb" , freebsd-net@freebsd.org References: <20040223104322.GA69982@cell.sick.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.6i cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: Julian Elischer cc: freebsd-net@freebsd.org Subject: Re: ng_netflow: testers are welcome X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 19:47:17 -0000 On Mon, Feb 23, 2004 at 10:32:42PM +0300, Vasenin Alexander aka BlackSir wrote: V> But there is bug in "ipfw tee" - packets is always immediately accepted V> instead of continue going through the ruleset, so tee must be the last V> rule(So, ng_netflow never see packets that denied by ipfw before tee rule). V> Maybe there is way to use 'divert'? I've tried - packets going to divert V> socket,then ng_netflow... and never come back... Actually I'm not quite V> understand mechanism of returning from divert - ng_ksocket have only one V> hook... This behavior of "ipfw tee" is even mentioned in BUGS. However there have been posted a fix in kern/61259. I have not tested it, you can try. Another way of solving "ipfw tee" problem would be writing a netgraph node with 2 hooks, first one sends received data back into itself and a copy towards second hook. ng_ksocket with divert should be connected to first hook, and ng_netflow to second one. You can call this node ng_echotee :) :))) When I typed it, I've understood that this behavior can be achieved combining ng_tee and ng_echo from base system. Really netgraph rocks! V> 2Gleb: It would be pleasure for me to write a little example based on our V> discussion for README if you need. I'd be glad if you show me your current netgraph setup script. Surely I can reproduce it myself, but live example would be better than imaginary. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 15:22:40 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E833216A4CE for ; Mon, 23 Feb 2004 15:22:40 -0800 (PST) Received: from web25207.mail.ukl.yahoo.com (web25207.mail.ukl.yahoo.com [217.12.10.67]) by mx1.FreeBSD.org (Postfix) with SMTP id 30C3143D1D for ; Mon, 23 Feb 2004 15:22:40 -0800 (PST) (envelope-from sylvain_lemasson@yahoo.fr) Message-ID: <20040223232239.6942.qmail@web25207.mail.ukl.yahoo.com> Received: from [80.170.10.202] by web25207.mail.ukl.yahoo.com via HTTP; Tue, 24 Feb 2004 00:22:39 CET Date: Tue, 24 Feb 2004 00:22:39 +0100 (CET) From: =?iso-8859-1?q?Sylvain=20Lemasson?= To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: unable to ping or connect to freebsd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 23:22:41 -0000 > > Hi, > > I have installed freebsd 5.2.1 and connect it to the > > network using ppp. it works well. I have access to > > internet but I am unable to ping the freebsd from > > another computer. The network card get the ICMP > > packets but it seems that they are filters whereas no > > firewall like ipfw are installed. My rc.conf is > > bellow. As you can see the kernel_secureLevel is > > disable. Thank you for all who have reply to my email. They thank that the problem came from the NAT ant it was so. In the ppp.conf file the option nat deny_incoming was set to yes. I change it to no and now incoming pacquets are not filtered. Best regards. Yahoo! Mail - Votre e-mail personnel et gratuit qui vous suit partout ! Cr閑z votre adresse sur http://mail.yahoo.fr From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 15:48:03 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F37A616A4CE; Mon, 23 Feb 2004 15:48:02 -0800 (PST) Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id A9AB543D1F; Mon, 23 Feb 2004 15:48:02 -0800 (PST) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([24.7.73.28]) by comcast.net (sccrmhc11) with ESMTP id <2004022323475901100oigcve>; Mon, 23 Feb 2004 23:48:01 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id PAA67529; Mon, 23 Feb 2004 15:47:57 -0800 (PST) Date: Mon, 23 Feb 2004 15:47:55 -0800 (PST) From: Julian Elischer To: Vasenin Alexander aka BlackSir In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: freebsd-net@freebsd.org Subject: RE: ng_netflow: testers are welcome X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 23:48:03 -0000 On Mon, 23 Feb 2004, Vasenin Alexander aka BlackSir wrote: > YES! IT WORKS! > All I've need - just create ksocket with inet/rawip/divert hook connected to > ng_netflow iface0 hook (mkpeer netflow: ksocket iface0 inet/raw/divert), > then "msg netflow: setdlt { iface=0 dlt=12 }" (Raw ip instead of ethernet), > then "msg divert: bind inet/0.0.0.0:8888". And after all add ipfw rule "tee > 8888 ip from any to any in"(One may need "via $oif") instead of final allow > (or, better, before it). > But there is bug in "ipfw tee" - packets is always immediately accepted > instead of continue going through the ruleset, so tee must be the last > rule(So, ng_netflow never see packets that denied by ipfw before tee rule). > Maybe there is way to use 'divert'? I've tried - packets going to divert > socket,then ng_netflow... and never come back... Actually I'm not quite > understand mechanism of returning from divert - ng_ksocket have only one > hook... Ok, THEORETICALLY, the sockaddr of the packet read from a divert socket has a 'port number' set to the ipfw rule that caused the diversion. i.e. if you do a recvfrom() the port number of the sender address should include the rule number of the diversion.. when you do a "sendto()" into a divert socket, the port number in the destination addr is supposed to be a rule number AFTER WHICH processing should restart.. in other words teh packet is injected into teh IP stack, and when it enters ipfw it should IMMEDIATLY do a "skipto NNN+1" where NNN is the last rule numbe ryou want to skip over.. if you get a sockaddr with port 8686 becasue it was diverted by rule 8686 then re-using that sockaddr should ensure that processing in the ipfw list should start at teh first rule number AFTER 8686. This used to work but I have not tried it for some time and it may have been broken in ipfw2, as I never tested it.. natd is supposed to do this.. Since you can not do a "sendto()" in netgraph, you have to have done a "connect" on the socket to set the port number ahead of time.. Other things are also in the sockaddr.. in the 8 "unused" bytes of the sockaddr we "hide" the incoming interface name (for example) netgraph cannot change that but it should not need this as it has the actual mbufs and can just set th eiface pointer in the packet header.. (assuming divert doesn't clear it.. once again, you'll need to look at the code). > > Great thanks to Julian & Gleb & all who helped! > 2Gleb: It would be pleasure for me to write a little example based on our > discussion for README if you need. > Vasenin Alexander aka BlackSir > > > -----Original Message----- > > From: owner-freebsd-isp@freebsd.org > > [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Gleb Smirnoff > > Sent: Monday, February 23, 2004 1:43 PM > > To: Julian Elischer > > Cc: freebsd-isp@freebsd.org; Bjoern A. Zeeb; Vasenin Alexander aka > > BlackSir; freebsd-net@freebsd.org > > Subject: Re: ng_netflow: testers are welcome > > > On Sun, Feb 22, 2004 at 03:17:38PM -0800, Julian Elischer wrote: > > J> you can open a divert socket as a netgraph node by openning a ksocket > > J> node with protocol 'divert'. > > > Really one can use "ipfw tee" to pass demasqueraded traffic to > > ng_netflow. > > From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 15:50:43 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F3C616A4CE; Mon, 23 Feb 2004 15:50:43 -0800 (PST) Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id B8E8F43D1D; Mon, 23 Feb 2004 15:50:42 -0800 (PST) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([24.7.73.28]) by comcast.net (sccrmhc12) with ESMTP id <20040223235041012009h34ve>; Mon, 23 Feb 2004 23:50:41 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id PAA67580; Mon, 23 Feb 2004 15:50:40 -0800 (PST) Date: Mon, 23 Feb 2004 15:50:39 -0800 (PST) From: Julian Elischer To: Gleb Smirnoff In-Reply-To: <20040223194648.GB72475@cell.sick.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: Vasenin Alexander aka BlackSir cc: freebsd-net@freebsd.org Subject: Re: ng_netflow: testers are welcome X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2004 23:50:43 -0000 > :))) When I typed it, I've understood that this behavior can be achieved > combining ng_tee and ng_echo from base system. Really netgraph rocks! > please remeber this next time someone tries to have it deleted from the system :-) From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 16:44:17 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B1FE16A4CE for ; Mon, 23 Feb 2004 16:44:17 -0800 (PST) Received: from ns1.unixmexico.net (ns1.unixmexico.net [69.10.138.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 53C7D43D2F for ; Mon, 23 Feb 2004 16:44:17 -0800 (PST) (envelope-from nbari@unixmexico.com) Received: (qmail 49535 invoked by uid 85); 24 Feb 2004 00:46:08 -0000 Received: from nbari@unixmexico.com by ns1.unixmexico.net by uid 82 with qmail-scanner-1.16 (hbedv: 6.22.0.1/6.22.0.6. Clear:. Processed in 0.360658 secs); 24 Feb 2004 00:46:08 -0000 Received: from ns1.unixmexico.net (HELO mail.unixmexico.com) ([69.10.138.161]) (envelope-sender ) by ns1.unixmexico.net (qmail-ldap-1.03) with SMTP for ; 24 Feb 2004 00:46:07 -0000 Received: from 200.57.40.53 (SquirrelMail authenticated user nbari@unixmexico.com) by mail.unixmexico.com with HTTP; Mon, 23 Feb 2004 18:46:07 -0600 (CST) Message-ID: <1480.200.57.40.53.1077583567.squirrel@mail.unixmexico.com> Date: Mon, 23 Feb 2004 18:46:07 -0600 (CST) From: =?iso-8859-1?Q?Nicol=E1s_de_Bari_Embr=EDz_G._R.?= To: freebsd-net@freebsd.org User-Agent: SquirrelMail/1.4.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: ftp Redirect problems using RDR X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 00:44:17 -0000 Hi all. I am having some problems redirecting a ftp using rrd, i am using ipfilter and ipnat my ipnat.rules on Server 1 file has some thing like: map fxp0 192.168.50.1/24 -> 148.243.246.2/32 portmap tcp/udp auto map fxp0 192.168.50.1/24 -> 148.243.246.2/32 rdr fxp0 148.243.246.2/32 port 21 -> 192.168.60.1/32 port 21024 My net is something like: server 1 server 2 148.243.246.2 200.50.59.30 --------- --------------------------- | FreBSD | <----IPSEC tunnel---> | FTP (pureftp port 11021) | --------- --------------------------- 192.168.50.1 192.168.60.1 | | | | ----- ----- | NAT | | NAT | ----- ----- | | 192.168.50.0/24 192.168.60.0/24 I want to redirect ftp connections on server 1 (port 21) to server 2 (port 11021) so when a user, ftp to 148.243.246.2 he gets redirected to server 200.50.59.30, but using the IPSEC tunnel. ftp 148.243.246.2 port 21 ----> redirect to 192.168.60.1 port 11021 right now the IPSEC tunnel works fine i can ping an see machines from 192.168.50.0/24 to 192.168.60.0/24 Any idea on how could i fix this ? both servers are using FreeBSD 4.9-STABLE -- nbari@unixmexico.com key ID 1EF56FDC From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 18:38:19 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E46FC16A4CE; Mon, 23 Feb 2004 18:38:19 -0800 (PST) Received: from hotmail.com (law11-f23.law11.hotmail.com [64.4.17.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 96C9043D39; Mon, 23 Feb 2004 18:38:19 -0800 (PST) (envelope-from weiwuzhang@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 23 Feb 2004 18:38:19 -0800 Received: from 218.85.105.53 by lw11fd.law11.hotmail.msn.com with HTTP; Tue, 24 Feb 2004 02:38:19 GMT X-Originating-IP: [218.85.105.53] X-Originating-Email: [weiwuzhang@hotmail.com] X-Sender: weiwuzhang@hotmail.com From: "Zhang Weiwu" To: freebsd-net@freebsd.org, freebsd-bluetooth@freebsd.org Date: Tue, 24 Feb 2004 10:38:19 +0800 Mime-Version: 1.0 Content-Type: text/plain; charset=gb2312; format=flowed Message-ID: X-OriginalArrivalTime: 24 Feb 2004 02:38:19.0424 (UTC) FILETIME=[43599200:01C3FA7F] cc: tfrank@optushome.com.au cc: spacenet@xmu.edu.cn Subject: [a bit OT] bluetooth with MAC OS X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: zhangweiwu@realss.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 02:38:20 -0000 If you have tracked bluetooth list you know I am trying to setup a bluetooth LAN. Let me explain what I achieved so far: now I have setup a bluetooth LAN access server, rfcomm_pppd runs and listen to channel 7, accepting ppp connection without authentication (I didn't figure out how to accept multiple connection yet, but now a single computer can DUN to me.) Now I can have FreeBSD/Windows computer connect me and samba each other:) Now the problem comes with MAC OS. Someone in my office is using notebook running MAC OS X. She is a typical designer, don't know a bit about bluetooth/ppp; and I don't know a bit about MAC OS. On her network configuration -> bluetooth -> ppp there is a button "connect now", click on the button I am prompted with username/password, fill with random username/password I am rejected with "modem doesn't response". In bluetooth ppp configuration there is a modem selection list, about 50 modems, oops what is the modem for a FreeBSD server? I guess it must be a hard problem to work on, perhaps I need suggestions from people who know both MAC OS and FreeBSD, but I don't even know which forum/mailing list where MAC OS gurus usually meet. I googled around without luck: on google they are mostly talking about MAC OS <-> bluetooth cell phones. If you can simple guide me to a good MAC OS list that would be helpful! Thank you. _________________________________________________________________ 与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 18:43:45 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E3F0E16A4CE for ; Mon, 23 Feb 2004 18:43:45 -0800 (PST) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.86]) by mx1.FreeBSD.org (Postfix) with ESMTP id D58C943D1D for ; Mon, 23 Feb 2004 18:43:45 -0800 (PST) (envelope-from justin@mac.com) Received: from mac.com (smtpin08-en2 [10.13.10.153]) by smtpout.mac.com (Xserve/MantshX 2.0) with ESMTP id i1O2hjeu018069; Mon, 23 Feb 2004 18:43:45 -0800 (PST) Received: from mac.com (c-24-6-87-110.client.comcast.net [24.6.87.110]) (authenticated bits=0) by mac.com (Xserve/smtpin08/MantshX 3.0) with ESMTP id i1O2hh1o013285 (version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=NO); Mon, 23 Feb 2004 18:43:44 -0800 (PST) Date: Mon, 23 Feb 2004 18:43:41 -0800 Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v553) To: zhangweiwu@realss.com From: Justin Walker In-Reply-To: Message-Id: <41C97E3C-6673-11D8-B1E0-00306544D642@mac.com> Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.553) cc: freebsd-net@freebsd.org Subject: Re: [a bit OT] bluetooth with MAC OS X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 02:43:46 -0000 On Monday, February 23, 2004, at 06:38 PM, Zhang Weiwu wrote: > If you have tracked bluetooth list you know I am trying to setup a > bluetooth LAN. Let me explain what I achieved so far: now I have setup > a bluetooth LAN access server, rfcomm_pppd runs and listen to channel > 7, accepting ppp connection without authentication (I didn't figure > out how to accept multiple connection yet, but now a single computer > can DUN to me.) Now I can have FreeBSD/Windows computer connect me and > samba each other:) > > Now the problem comes with MAC OS. Someone in my office is using > notebook running MAC OS X. She is a typical designer, don't know a bit > about bluetooth/ppp; and I don't know a bit about MAC OS. On her > network configuration -> bluetooth -> ppp there is a button "connect > now", click on the button I am prompted with username/password, fill > with random username/password I am rejected with "modem doesn't > response". In bluetooth ppp configuration there is a modem selection > list, about 50 modems, oops what is the modem for a FreeBSD server? > I guess it must be a hard problem to work on, perhaps I need > suggestions from people who know both MAC OS and FreeBSD, but I don't > even know which forum/mailing list where MAC OS gurus usually meet. I > googled around without luck: on google they are mostly talking about > MAC OS <-> bluetooth cell phones. If you can simple guide me to a good > MAC OS list that would be helpful! Try either darwin-development@lists.apple.com, or macosx-admin@omnigroup.com. I think you need to register for each (lists.apple.com or omnigroup.com). Regards, Jusitn -- Justin C. Walker, Curmudgeon-At-Large * Institute for General Semantics | When LuteFisk is outlawed | Only outlaws will have | LuteFisk *--------------------------------------*-------------------------------* From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 19:23:52 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 59C2F16A4CE for ; Mon, 23 Feb 2004 19:23:52 -0800 (PST) Received: from segfault.monkeys.com (segfault.monkeys.com [66.60.159.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 316AB43D2D for ; Mon, 23 Feb 2004 19:23:50 -0800 (PST) (envelope-from rfg@monkeys.com) Received: from monkeys.com (unknown [127.0.0.1]) by segfault.monkeys.com (Postfix) with ESMTP id 92CB842031 for ; Mon, 23 Feb 2004 19:23:49 -0800 (PST) To: freebsd-net@freebsd.org Date: Mon, 23 Feb 2004 19:23:49 -0800 Message-ID: <46780.1077593029@monkeys.com> From: "Ronald F. Guilmette" Subject: default socket receive buffer size, net.inet.tcp.recvspace (?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 03:23:52 -0000 I have just now found out that the kernel default value for net.inet.tcp.recvspace, i.e. the default amount of receive buffer space associated with a new socket is set to 56kB, at least on the specific version of FreeBSD (4.7) that I'm running. Just curious: why? 56kB seems like a somewhat odd number to pick for the default. Why not 32kB or else 64kB? From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 19:27:10 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 65E2516A4CE for ; Mon, 23 Feb 2004 19:27:10 -0800 (PST) Received: from segfault.monkeys.com (segfault.monkeys.com [66.60.159.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 48DCC43D1F for ; Mon, 23 Feb 2004 19:27:10 -0800 (PST) (envelope-from rfg@monkeys.com) Received: from monkeys.com (unknown [127.0.0.1]) by segfault.monkeys.com (Postfix) with ESMTP id 2865342036 for ; Mon, 23 Feb 2004 19:27:10 -0800 (PST) To: freebsd-net@freebsd.org Date: Mon, 23 Feb 2004 19:27:10 -0800 Message-ID: <46800.1077593230@monkeys.com> From: "Ronald F. Guilmette" Subject: Finding all IPv4 addresses associated with INADDR_ANY (?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 03:27:10 -0000 Greetings, Given a socket which has been properly created, opened, and then bound to some port and the special INADDR_ANY ``wildcard'' address, I need to be able to them programatically find all of the IPv4 addresses that the socket was just bound to. Can anyone suggest a way to do this? Can anyone suggest a way to do this easily? Can anyone suggest a way to do this portably? From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 19:41:38 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A88B16A4CE for ; Mon, 23 Feb 2004 19:41:38 -0800 (PST) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F1F943D1F for ; Mon, 23 Feb 2004 19:41:38 -0800 (PST) (envelope-from justin@mac.com) Received: from mac.com (smtpin07-en2 [10.13.10.152]) by smtpout.mac.com (8.12.6/MantshX 2.0) with ESMTP id i1O3fc0a029803 for ; Mon, 23 Feb 2004 19:41:38 -0800 (PST) Received: from mac.com (c-24-6-87-110.client.comcast.net [24.6.87.110]) (authenticated bits=0) by mac.com (Xserve/smtpin07/MantshX 3.0) with ESMTP id i1O3faXq026262 (version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=NO) for ; Mon, 23 Feb 2004 19:41:37 -0800 (PST) Date: Mon, 23 Feb 2004 19:41:35 -0800 Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v553) From: Justin Walker To: freebsd-net@freebsd.org Content-Transfer-Encoding: 7bit In-Reply-To: <46800.1077593230@monkeys.com> Message-Id: <585B0E50-667B-11D8-B1E0-00306544D642@mac.com> X-Mailer: Apple Mail (2.553) Subject: Re: Finding all IPv4 addresses associated with INADDR_ANY (?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 03:41:38 -0000 On Monday, February 23, 2004, at 07:27 PM, Ronald F. Guilmette wrote: > Given a socket which has been properly created, opened, and then bound > to some port and the special INADDR_ANY ``wildcard'' address, I need > to be able to them programatically find all of the IPv4 addresses that > the socket was just bound to. > > Can anyone suggest a way to do this? > > Can anyone suggest a way to do this easily? > > Can anyone suggest a way to do this portably? So I understand what you want, I'll rephrase: you want to find all the IPv4 addresses that have been assigned to devices on the local host. To pick nits, that socket was just bound to INADDR_ANY, not "all the address" on the host. Once a connection is accepted, that socket is bound based, probably, on the interface that accepted the request, or the destination address of that request. You can find the addresses on the host, in recent BSDs and Linux (AFAIK) with 'getifaddrs()', which is fairly easy to use, and fairly portable (although it's relatively new). Check the man page. You don't need to fuss with sockets to do this (but I'm not sure that is important to you). Does that help? Regards, Justin -- Justin C. Walker, Curmudgeon-At-Large * Institute for General Semantics | Men are from Earth. | Women are from Earth. | Deal with it. *--------------------------------------*-------------------------------* From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 20:12:56 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1922A16A4CE for ; Mon, 23 Feb 2004 20:12:56 -0800 (PST) Received: from segfault.monkeys.com (segfault.monkeys.com [66.60.159.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id DAF6543D1D for ; Mon, 23 Feb 2004 20:12:55 -0800 (PST) (envelope-from rfg@monkeys.com) Received: from monkeys.com (unknown [127.0.0.1]) by segfault.monkeys.com (Postfix) with ESMTP id 6180C42031 for ; Mon, 23 Feb 2004 20:12:55 -0800 (PST) To: freebsd-net@freebsd.org Date: Mon, 23 Feb 2004 20:12:55 -0800 Message-ID: <46967.1077595975@monkeys.com> From: "Ronald F. Guilmette" Subject: Two modest kernel features I wish I had X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 04:12:56 -0000 Greetings, I've been writing a specialized daemon process that will act as a sort-of intelligent shim/proxy between SMTP clients and some user-designated SMTP server(s), perhaps located elsewhere. The details of what the shim/proxy will do aren't really important here, so I'll just skip straight to my question(s). While writing this daemon program, a couple of ideas came to mind relating to kernel calls which, as far as I know, do not exist, but which would have been very nice to have, had they existed. (Then again, I'm ignorant, and maybe something like the kernel calls that I'm about to ask for do exist, but I just don't know about them. If so, I hope that somebody will tell me.) Anyway, one feature that I would have liked to have been able to include in my shim/proxy daemon would have been the ability of the daemon to act as a kind of multiplexer, i.e. to have it be able to accept incoming con- nections from one host:port but then proxy each of of those thru to some other ("real server") host:port selected from a set of "real server" host:port pairs, where the specific real server selected is any one of the available ones that can itself accept an incoming connection (from the shim/proxy daemon) immediately, or else, if none can accept a con- nection immediately, then whichever one can accept a connection soonest. Anyway, yes, I could _almost_ get what I want just by initiating a whole set of outbound "no wait" asynchronous connect() attempts, and by then doing a select() or poll() on all of the relevant fd's, to see which one(s) come ready soonest, and then I could just use the "soonest responder" and just close() all of the _other_ completed connections, but that seems rather ugly and wasteful, and more importantly, it might even cause the log files of the various real servers to get all clogged up with error messages about prematurely-aborted connections. So anyway, what I was thinking, is that what would REALLY be nice to have here would be a "multi-connect" kernel call. Let's call it `mconnect' for short. Basically, and unlike the regular connect(2) call, for mconnect(2) one would pass an entire list or vector of (struct sockaddr *) pointers (and also a list or vector of socklen_t length values) to mconnect() and it would then send out an initial SYN packet to all of the designated hosts/ports in the vector. Then... and this is the kicker... the calling process would be stalled until at least one host/port responds with a SYN+ACK. The first one that does so respond is the one that actually gets connected to (i.e. by the kernel finishing the three-way TCP hand- shake, but JUST with that one host:port) and all of the other responses from all of the other hosts/ports that reply later would instead get back something like a SYN+NAK or a reset or some ICMP "unreachable" error packet, or at any rate _something_ to just make them go away. So? What do y'all think? Is there any merit to this idea? My own feeling is that an `mconnect' kernel call could be quite useful for constructing all manner of multiplexer daemons. But then what do I know? The important point here is that for `mconnect' the three-way TCP connect handshake is fully completed for only at most _one_ of the designated host:port pairs that we have attempted (in parallel, with mconnect) to connect to. (The parallelism is of course the _other_ important point... I'd like to be able to effectively _try_ to connect to a whole bunch of other servers elsewhere, all at the same time. But I want to do that sometimes *even though* I really only need to complete one of the con- nections that I'm trying.) So anyway, the second thing that kind-of would have been nice to have would have been another kernel-call feature which is pretty much the exact opposite of what I just described above, i.e. a "multi-bind" feature, (let's call it `mbind') where mbind would accept a list or vector of (struct sockaddr *) pointers and then listen for incoming connects on _all_ of the specified host:port pairs, but just using one single socket FD, just as the regular bind(2) kernel call does. In a way, it seems really rather strange to me that we don't have this exact kind of feature. I mean hay! Isn't this almost what we are doing anyway when we bind to the address INADDR_ANY (and where the local machine does have two or more IP addresses associated with it)? OK, so since the kernel already knows how to listen on multiple host:port pairs for incoming TCP connects, and since it knows how to do this using only a single userland socket FD, why not export a more generalized and flexible form of this same functionality from the kernel and out to where mere mortals like me could make use of it? Well, that's my argument anyway, such as it is. Whadaya think? OK, I now brace for the inevitable slings and arrows that almost always befall any crackpot (such as myself) who goes 'round suggesting new kernel enhancements without having read the relevant kernel code. :-) Please try to be nice and don't whack me too hard. I am effectively pre-shielded by the fact that I have already openly admitted to being fundamentally kernel-ignorant. (It is not permitted to be mean to anybody this humble. :-) P.S. It you try replying to me via personal e-mail, and if that bounces, please accept my advance apologies for my over-agressive local spam filters, and then just use the form here: http://www.monkeys.com/contact.html Tanks. From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 20:36:23 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E379A16A4CE for ; Mon, 23 Feb 2004 20:36:23 -0800 (PST) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 91F7643D31 for ; Mon, 23 Feb 2004 20:36:23 -0800 (PST) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.10/8.12.10) with ESMTP id i1O4ZYDL049645; Mon, 23 Feb 2004 23:35:34 -0500 (EST) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)i1O4ZYDu049642; Mon, 23 Feb 2004 23:35:34 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Mon, 23 Feb 2004 23:35:34 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: "Ronald F. Guilmette" In-Reply-To: <46800.1077593230@monkeys.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Finding all IPv4 addresses associated with INADDR_ANY (?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 04:36:24 -0000 On Mon, 23 Feb 2004, Ronald F. Guilmette wrote: > Given a socket which has been properly created, opened, and then bound > to some port and the special INADDR_ANY ``wildcard'' address, I need to > be able to them programatically find all of the IPv4 addresses that the > socket was just bound to. > > Can anyone suggest a way to do this? > > Can anyone suggest a way to do this easily? > > Can anyone suggest a way to do this portably? In another e-mail, it's recommended that you try out getifaddrs(). This is almost certainly the best thing to do, but I wanted to point out one thing about the question you asked: when you bind a socket to INADDR_ANY, you're actually not saying "bind to all addresses available at the moment of binding", you're saying "bind to all addresses available at the moment of comparison". I.e., the PCB in kernel retains the value INADDR_ANY, and will match new IP addresses added to interfaces at some later time also. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Senior Research Scientist, McAfee Research From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 21:40:20 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C1C616A504 for ; Mon, 23 Feb 2004 21:40:20 -0800 (PST) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 1067343D2D for ; Mon, 23 Feb 2004 21:40:20 -0800 (PST) (envelope-from silby@silby.com) Received: (qmail 2999 invoked from network); 24 Feb 2004 05:40:18 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 24 Feb 2004 05:40:18 -0000 X-pair-Authenticated: 209.68.2.70 Date: Mon, 23 Feb 2004 23:40:17 -0600 (CST) From: Mike Silbersack To: "Ronald F. Guilmette" In-Reply-To: <46780.1077593029@monkeys.com> Message-ID: <20040223233906.O5783@odysseus.silby.com> References: <46780.1077593029@monkeys.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: default socket receive buffer size, net.inet.tcp.recvspace (?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 05:40:20 -0000 On Mon, 23 Feb 2004, Ronald F. Guilmette wrote: > I have just now found out that the kernel default value for > net.inet.tcp.recvspace, i.e. the default amount of receive > buffer space associated with a new socket is set to 56kB, > at least on the specific version of FreeBSD (4.7) that I'm > running. > > Just curious: why? > > 56kB seems like a somewhat odd number to pick for the default. > > Why not 32kB or else 64kB? Because once you hit 64K, you need to use TCP window scaling, and older versions of IPFilter had problems with window scaling. Once this was discovered, the value was reduced to 56K. I think that IPFilter was updated and the value was changed back, but I don't recall exactly. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 22:49:06 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B030816A4CE for ; Mon, 23 Feb 2004 22:49:06 -0800 (PST) Received: from out002.verizon.net (out002pub.verizon.net [206.46.170.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5D23543D2F for ; Mon, 23 Feb 2004 22:49:06 -0800 (PST) (envelope-from cswiger@mac.com) Received: from mac.com ([68.160.202.196]) by out002.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20040224064905.LRVE23576.out002.verizon.net@mac.com>; Tue, 24 Feb 2004 00:49:05 -0600 Message-ID: <403AF3D9.5070506@mac.com> Date: Tue, 24 Feb 2004 01:48:57 -0500 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Ronald F. Guilmette" References: <46800.1077593230@monkeys.com> In-Reply-To: <46800.1077593230@monkeys.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at out002.verizon.net from [68.160.202.196] at Tue, 24 Feb 2004 00:49:05 -0600 cc: freebsd-net@freebsd.org Subject: Re: Finding all IPv4 addresses associated with INADDR_ANY (?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 06:49:06 -0000 Ronald F. Guilmette wrote: > Given a socket which has been properly created, opened, and then bound > to some port and the special INADDR_ANY ``wildcard'' address, I need > to be able to them programatically find all of the IPv4 addresses that > the socket was just bound to. Try something like the following: struct ifaddrs *if_ptr, *ifap; if (getifaddrs(&ifap) == -1) { fatal(strerror(errno)); /*NOTREACHED*/ } /* iterate over the list of interfaces on the machine */ for (if_ptr = ifap; if_ptr; if_ptr = if_ptr->ifa_next) { switch (if_ptr->ifa_addr->sa_family) { case AF_INET: /* check that the interface is UP before we try to use it */ flags = if_ptr->ifa_flags; if (!(flags & IFF_UP)) break; /* do something here using if_ptr->ifa_addr */ case AF_INET6: /* do something else for IPv6... */ } } ...although be sure to call ntohl() on the address to get things in the local byte-ordering... -- -Chuck From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 23:30:13 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 146BE16A4CE; Mon, 23 Feb 2004 23:30:13 -0800 (PST) Received: from rms04.rommon.net (rms04.rommon.net [212.54.2.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id B745843D1D; Mon, 23 Feb 2004 23:30:11 -0800 (PST) (envelope-from pete@he.iki.fi) Received: from he.iki.fi (h81.vuokselantie10.fi [193.64.42.129]) by rms04.rommon.net (8.12.9p1/8.12.9) with ESMTP id i1O7T4cM018854; Tue, 24 Feb 2004 09:29:09 +0200 (EET) (envelope-from pete@he.iki.fi) Message-ID: <403AFD52.7030508@he.iki.fi> Date: Tue, 24 Feb 2004 09:29:22 +0200 From: Petri Helenius User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Julian Elischer References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: Vasenin Alexander aka BlackSir cc: freebsd-net@freebsd.org Subject: Re: ng_netflow: testers are welcome X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 07:30:13 -0000 Julian Elischer wrote: > > > >please remeber this next time someone tries to have it deleted from the >system :-) > > > I tried to google for such a discussion but fortunately couldn磘 find any. Why somebody would want to take away netgraph? Pete From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 23:47:09 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0026416A4CE; Mon, 23 Feb 2004 23:47:08 -0800 (PST) Received: from mail.zvezda.number.ru (unknown [213.247.150.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8207E43D1F; Mon, 23 Feb 2004 23:47:08 -0800 (PST) (envelope-from blacksir@number.ru) Received: from host212-5-99-220.izmaylovo.ru ([212.5.99.220] helo=blacksir) by mail.zvezda.number.ru with smtp (Exim) id 1AvXHC-000C4G-Tk; Tue, 24 Feb 2004 10:46:46 +0300 From: "Vasenin Alexander aka BlackSir" To: "Gleb Smirnoff" Date: Tue, 24 Feb 2004 10:46:44 +0300 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20040223194648.GB72475@cell.sick.ru> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 X-Spam-Score: -100.0 (---------------------------------------------------) X-Spam-Report: Spam detection software, running on the system "inet.zvezda.number.ru", hasmessageblock similar future email. If you have any questions, see the administrator of that system for details. Content preview: > Content analysis details: (-100.0 points, 5.0 required) pts rule name description -------------------------------------------------- -100 USER_IN_WHITELIST From: address is in the user's white-list cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: Julian Elischer cc: freebsd-net@freebsd.org Subject: RE: ng_netflow: testers are welcome X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 07:47:09 -0000 > -----Original Message----- > From: owner-freebsd-isp@freebsd.org > [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Gleb Smirnoff > Sent: Monday, February 23, 2004 10:47 PM > To: Vasenin Alexander aka BlackSir > Cc: freebsd-isp@freebsd.org; Bjoern A. Zeeb; Julian Elischer; > freebsd-net@freebsd.org > Subject: Re: ng_netflow: testers are welcome > I'd be glad if you show me your current netgraph setup script. Surely > I can reproduce it myself, but live example would be better than > imaginary. Here it is(latest version - 'echotee'): ---cut--- # Create ng_tee node mkpeer . tee dummy left name .dummy tee # Create ng_netflow node mkpeer tee: netflow left2right iface0 name tee:.left2right netflow msg netflow: setifindex { iface=0 index=1 } msg netflow: setdlt { iface=0 dlt=12 } # Create ng_ksocket for exporting netflow data mkpeer netflow: ksocket export inet/dgram/udp name netflow:.export export_ksocket msg export_ksocket: connect inet/127.0.0.1:8000 # Create ng_echo node for returning data from divert socket mkpeer tee: echo right echo_hook name tee:.right echo # Destroy dummy hook rmhook dummy # Create divert ng_ksocket mkpeer tee: ksocket left inet/raw/divert name tee:.left divert_ksocket msg divert_ksocket: bind inet/0.0.0.0:8888 ---cut--- This config assumes that packets needed to catch via ng_netflow is simply diverted by ipfw rule: divert 8888 ip from any to any in - or something like that Seems everything works fine! (I'm using ipfw2 in 4.9) Packets going throught divert and reinjected in ipfw ;-) but I've not tested this in production yet... Thanks again! Vasenin Alexander aka BlackSir From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 00:03:58 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3B65A16A4CE for ; Tue, 24 Feb 2004 00:03:58 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 47E5943D2F for ; Tue, 24 Feb 2004 00:03:57 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1O83sQE076320 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 24 Feb 2004 11:03:54 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1O83rPS076319 for freebsd-net@freebsd.org; Tue, 24 Feb 2004 11:03:53 +0300 (MSK) Date: Tue, 24 Feb 2004 11:03:53 +0300 From: Gleb Smirnoff To: freebsd-net@freebsd.org Message-ID: <20040224080353.GA76272@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.5.6i Subject: rtalloc()/rtfree() problems on CURRENT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 08:03:58 -0000 Dear sirs, please take a look at the following problem. I've been successfully using the following code on STABLE and 5.1-RELEASE: struct route ro; struct sockaddr_in *sin; bzero((caddr_t)&ro, sizeof(ro)); sin = (struct sockaddr_in *)&ro.ro_dst; sin->sin_len = sizeof(*sin); sin->sin_family = AF_INET; sin->sin_addr = fle->r.r_dst; rtalloc(&ro); if (ro.ro_rt != NULL) { struct rtentry *rt = ro.ro_rt; /* here some read-only things are done with rt */ rtfree(ro.ro_rt); } But on CURRENT rtfree() causes panic. Here is backtrace: #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 #1 0xc0527749 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:374 #2 0xc0527b48 in __panic () at /usr/src/sys/kern/kern_shutdown.c:552 #3 0xc0678ee6 in trap_fatal (frame=0xcdae3a44, eva=0) at /usr/src/sys/i386/i386/trap.c:819 #4 0xc0678503 in trap (frame={tf_fs = 24, tf_es = 16, tf_ds = -844234736, tf_edi = -1023635456, tf_esi = 0, tf_ebp = -844219772, tf_isp = -844219792, tf_ebx = -1023665052, tf_edx = -1051741536, tf_ecx = -1051741536, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1068166506, tf_cs = 8, tf_eflags = 65666, tf_esp = -844219736, tf_ss = -1068381542}) at /usr/src/sys/i386/i386/trap.c:250 #5 0xc0551296 in turnstile_head (ts=0x0) at /usr/src/sys/kern/subr_turnstile.c:709 #6 0xc051ca9a in _mtx_unlock_sleep (m=0xc2fc1c64, opts=0, file=0x0, line=0) at /usr/src/sys/kern/kern_mutex.c:645 #7 0xc05a3fd6 in rtfree (rt=0xc2fc1c64) at /usr/src/sys/net/route.c:289 #8 0xc2f8834b in flow_add () from /boot/kernel/ng_netflow.ko #9 0xc2f87a08 in ng_netflow_rcvdata () from /boot/kernel/ng_netflow.ko #10 0xc2f794c9 in ng_apply_item () from /boot/kernel/netgraph.ko #11 0xc2f79054 in ng_snd_item () from /boot/kernel/netgraph.ko #12 0xc2bab79e in ngt_rcvdata () from /boot/kernel/ng_tee.ko #13 0xc2f794c9 in ng_apply_item () from /boot/kernel/netgraph.ko #14 0xc2f7babb in ngintr () from /boot/kernel/netgraph.ko #15 0xc05a1c2f in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:255 #16 0xc0511048 in ithread_loop (arg=0xc14f8480) at /usr/src/sys/kern/kern_intr.c:547 #17 0xc050fca8 in fork_exit (callout=0xc0510e70 , arg=0x0, frame=0x0) at /usr/src/sys/kern/kern_fork.c:802 Does this mean that something is broken in CURRENT or I am doing something wrong? -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 00:33:09 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C974516A4CE; Tue, 24 Feb 2004 00:33:09 -0800 (PST) Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [204.127.202.64]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F31043D1D; Tue, 24 Feb 2004 00:33:07 -0800 (PST) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([24.7.73.28]) by comcast.net (sccrmhc13) with ESMTP id <2004022408330501600d0g7ne>; Tue, 24 Feb 2004 08:33:06 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id AAA72329; Tue, 24 Feb 2004 00:33:05 -0800 (PST) Date: Tue, 24 Feb 2004 00:33:03 -0800 (PST) From: Julian Elischer To: Petri Helenius In-Reply-To: <403AFD52.7030508@he.iki.fi> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: Vasenin Alexander aka BlackSir cc: freebsd-net@freebsd.org Subject: Re: ng_netflow: testers are welcome X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 08:33:09 -0000 On Tue, 24 Feb 2004, Petri Helenius wrote: > Julian Elischer wrote: >=20 > > =20 > > > > > >please remeber this next time someone tries to have it deleted from the > >system :-) > > > > =20 > > > I tried to google for such a discussion but fortunately couldn=B4t find= =20 > any. Why somebody would want to take away netgraph? It's my impression that there are some of the "old school" who don't like the feel of it.. >=20 > Pete >=20 >=20 From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 01:02:12 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E2C516A4CE; Tue, 24 Feb 2004 01:02:12 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id C34EA43D1F; Tue, 24 Feb 2004 01:02:11 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1O91qQE076624 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 24 Feb 2004 12:01:53 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1O91q3r076623; Tue, 24 Feb 2004 12:01:52 +0300 (MSK) Date: Tue, 24 Feb 2004 12:01:52 +0300 From: Gleb Smirnoff To: Vasenin Alexander aka BlackSir Message-ID: <20040224090152.GD76272@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Vasenin Alexander aka BlackSir , freebsd-isp@freebsd.org, "Bjoern A. Zeeb" , Julian Elischer , freebsd-net@freebsd.org References: <20040223194648.GB72475@cell.sick.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.6i cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: Julian Elischer cc: freebsd-net@freebsd.org Subject: Re: ng_netflow: testers are welcome X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 09:02:12 -0000 On Tue, Feb 24, 2004 at 10:46:44AM +0300, Vasenin Alexander aka BlackSir wrote: V> > I'd be glad if you show me your current netgraph setup script. Surely V> > I can reproduce it myself, but live example would be better than V> > imaginary. V> V> Here it is(latest version - 'echotee'): Thanks for netgraph setup script. Could you please also send important parts of your firewall config, where packets are diverted towards netgraph? It is important to divert only _incoming_ traffic on _particular_ interface, otherwise netflow exports will contain some incorrect data. V> This config assumes that packets needed to catch via ng_netflow is simply V> diverted by ipfw rule: V> divert 8888 ip from any to any in - or something like that V> Seems everything works fine! (I'm using ipfw2 in 4.9) Packets going throught V> divert and reinjected in ipfw ;-) V> but I've not tested this in production yet... And also it is important to check that ng_ksocket reinjects packet into the ipfw with rule number set (see Julian's mail). -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 02:15:07 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C1FF16A4CE for ; Tue, 24 Feb 2004 02:15:07 -0800 (PST) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9B42243D1F for ; Tue, 24 Feb 2004 02:15:06 -0800 (PST) (envelope-from andre@freebsd.org) Received: (qmail 35268 invoked from network); 24 Feb 2004 10:15:05 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.54]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 24 Feb 2004 10:15:05 -0000 Message-ID: <403B2423.DABF2E48@freebsd.org> Date: Tue, 24 Feb 2004 11:14:59 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Gleb Smirnoff References: <20040224080353.GA76272@cell.sick.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: rtalloc()/rtfree() problems on CURRENT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 10:15:07 -0000 Gleb Smirnoff wrote: > > Dear sirs, > > please take a look at the following problem. I've been > successfully using the following code on STABLE and 5.1-RELEASE: > > struct route ro; > struct sockaddr_in *sin; > > bzero((caddr_t)&ro, sizeof(ro)); > sin = (struct sockaddr_in *)&ro.ro_dst; > sin->sin_len = sizeof(*sin); > sin->sin_family = AF_INET; > sin->sin_addr = fle->r.r_dst; > rtalloc(&ro); Most of the time, if you don't need a cloned route allocated, you can just use rtalloc_ign(&ro, RTF_CLONING) to just get a reference to the existing rtentry. Not allocating a new cloned route saves work and time for the rtalloc code. > if (ro.ro_rt != NULL) { > struct rtentry *rt = ro.ro_rt; > > /* here some read-only things are done with rt */ Maybe you do some nasty things to rt here? > rtfree(ro.ro_rt); > } > > But on CURRENT rtfree() causes panic. Here is backtrace: ... > Does this mean that something is broken in CURRENT or I am doing something wrong? rtalloc() and rtfree() are used quite often in the network code and otherwise work fine. The odds are high that you are doing something wrong. -- Andre From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 02:21:18 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA5CE16A4CE; Tue, 24 Feb 2004 02:21:18 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id A4D3543D2F; Tue, 24 Feb 2004 02:21:17 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1OALEQE077509 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 24 Feb 2004 13:21:14 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1OALDeA077508; Tue, 24 Feb 2004 13:21:14 +0300 (MSK) Date: Tue, 24 Feb 2004 13:21:13 +0300 From: Gleb Smirnoff To: Andre Oppermann Message-ID: <20040224102113.GB77406@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Andre Oppermann , freebsd-net@freebsd.org References: <20040224080353.GA76272@cell.sick.ru> <403B2423.DABF2E48@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <403B2423.DABF2E48@freebsd.org> User-Agent: Mutt/1.5.6i cc: freebsd-net@freebsd.org Subject: Re: rtalloc()/rtfree() problems on CURRENT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 10:21:18 -0000 Dear Andre, first, thanks for your feedback. On Tue, Feb 24, 2004 at 11:14:59AM +0100, Andre Oppermann wrote: A> Most of the time, if you don't need a cloned route allocated, you can A> just use rtalloc_ign(&ro, RTF_CLONING) to just get a reference to the A> existing rtentry. Not allocating a new cloned route saves work and A> time for the rtalloc code. Thanks for this hint. So if using rtalloc_ign() I do not need to call rtfree()? Why does this situation is not clear in manpage? :) A> > if (ro.ro_rt != NULL) { A> > struct rtentry *rt = ro.ro_rt; A> > A> > /* here some read-only things are done with rt */ A> A> Maybe you do some nasty things to rt here? Really, I don't :) Exact code is given at end of the mail. A> > rtfree(ro.ro_rt); A> > } A> > A> > But on CURRENT rtfree() causes panic. Here is backtrace: A> ... A> > Does this mean that something is broken in CURRENT or I am doing something wrong? A> A> rtalloc() and rtfree() are used quite often in the network code and A> otherwise work fine. The odds are high that you are doing something A> wrong. Here is exact code: bzero((caddr_t)&ro, sizeof(ro)); sin = (struct sockaddr_in *)&ro.ro_dst; sin->sin_len = sizeof(*sin); sin->sin_family = AF_INET; sin->sin_addr = fle->r.r_dst; rtalloc(&ro); if (ro.ro_rt != NULL) { struct rtentry *rt = ro.ro_rt; /* This is cloned route, use its parent */ if (ro.ro_rt->rt_flags & RTF_WASCLONED && ro.ro_rt->rt_parent) rt = ro.ro_rt->rt_parent; fle->o_ifx = rt->rt_ifp->if_index; if (rt->rt_flags & RTF_GATEWAY && rt->rt_gateway->sa_family == AF_INET) fle->next_hop = ((struct sockaddr_in *)(rt->rt_gateway))->sin_addr; if (rt_mask(rt)) fle->dst_mask = bit_count(((struct sockaddr_in *)rt_mask(rt))->sin_addr.s_a ddr); else if (rt->rt_flags & RTF_HOST) /* Give up. We can't determine mask :( */ fle->dst_mask = 32; rtfree(ro.ro_rt); } -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 02:25:31 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5788116A4CE; Tue, 24 Feb 2004 02:25:31 -0800 (PST) Received: from mail.zvezda.number.ru (unknown [213.247.150.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1429D43D1D; Tue, 24 Feb 2004 02:25:31 -0800 (PST) (envelope-from blacksir@number.ru) Received: from host212-5-99-220.izmaylovo.ru ([212.5.99.220] helo=blacksir) by mail.zvezda.number.ru with smtp (Exim) id 1AvZkW-000MY0-0T; Tue, 24 Feb 2004 13:25:12 +0300 From: "Vasenin Alexander aka BlackSir" To: "Gleb Smirnoff" Date: Tue, 24 Feb 2004 13:25:08 +0300 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20040224090152.GD76272@cell.sick.ru> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 X-Spam-Score: -100.0 (---------------------------------------------------) X-Spam-Report: Spam detection software, running on the system "inet.zvezda.number.ru", hasmessageblock similar future email. If you have any questions, see the administrator of that system for details. Content preview: I'm sorry, my mistake, seems like they are not reinjected on my test system - they are acceped :-( I'll continue to dig in the evening and post the results closer to local night... BlackSir > Content analysis details: (-100.0 points, 5.0 required) pts rule name description -------------------------------------------------- -100 USER_IN_WHITELIST From: address is in the user's white-list cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: Julian Elischer cc: freebsd-net@freebsd.org Subject: RE: ng_netflow: testers are welcome X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 10:25:31 -0000 I'm sorry, my mistake, seems like they are not reinjected on my test system - they are acceped :-( I'll continue to dig in the evening and post the results closer to local night... BlackSir > -----Original Message----- > From: owner-freebsd-isp@freebsd.org > [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Gleb Smirnoff > Sent: Tuesday, February 24, 2004 12:02 PM > To: Vasenin Alexander aka BlackSir > Cc: freebsd-isp@freebsd.org; Bjoern A. Zeeb; Julian Elischer; > freebsd-net@freebsd.org > Subject: Re: ng_netflow: testers are welcome > And also it is important to check that ng_ksocket reinjects packet > into the ipfw with rule number set (see Julian's mail). From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 03:40:50 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB14016A4CE for ; Tue, 24 Feb 2004 03:40:50 -0800 (PST) Received: from mail.finsystem.net (unknown [212.141.243.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id B66D543D1D for ; Tue, 24 Feb 2004 03:40:49 -0800 (PST) (envelope-from dpphln@tin.it) Received: from wks16.finsystem.net ([192.168.0.52]) by mail.finsystem.net (8.11.6/8.11.6) with SMTP id i1OBemS02307 for ; Tue, 24 Feb 2004 12:40:48 +0100 Date: Tue, 24 Feb 2004 12:47:34 +0000 From: DrumFire To: freebsd-net@freebsd.org Message-Id: <20040224124734.77e8835b.dpphln@tin.it> X-Mailer: Sylpheed version 0.8.11claws (GTK+ 1.2.10; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: ifconfig and route problem. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 11:40:50 -0000 Hi, this is my configuration: rl0: flags=8843 mtu 1500 options=8 inet 192.168.100.1 netmask 0xffffff00 broadcast 192.168.100.255 ether 00:30:84:9e:9d:26 media: Ethernet autoselect (100baseTX ) status: active and this is my default route default 192.168.100.254 UGS 0 0 rl0 If I write something of this: # ifconfig rl0 $ip (where ip can be also 192.168.100.1), my default route is deleted, cut off server for my net. There's a way to avoid ifconfig delete my default route when I modify a ipaddress? From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 03:51:40 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F4DF16A4CE; Tue, 24 Feb 2004 03:51:40 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id A93D043D3F; Tue, 24 Feb 2004 03:51:39 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1OBpbQE078253 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 24 Feb 2004 14:51:37 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1OBpauS078252; Tue, 24 Feb 2004 14:51:37 +0300 (MSK) Date: Tue, 24 Feb 2004 14:51:36 +0300 From: Gleb Smirnoff To: Andre Oppermann Message-ID: <20040224115136.GA78223@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Andre Oppermann , freebsd-net@freebsd.org References: <20040224080353.GA76272@cell.sick.ru> <403B2423.DABF2E48@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <403B2423.DABF2E48@freebsd.org> User-Agent: Mutt/1.5.6i cc: freebsd-net@freebsd.org Subject: Re: rtalloc()/rtfree() problems on CURRENT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 11:51:40 -0000 Andre, I can provide you with any additional information, since I have crashdump saved. I can dig into the problem myself if you give me some pointers where to look at. On Tue, Feb 24, 2004 at 11:14:59AM +0100, Andre Oppermann wrote: A> Gleb Smirnoff wrote: A> > A> > Dear sirs, A> > A> > please take a look at the following problem. I've been A> > successfully using the following code on STABLE and 5.1-RELEASE: A> > A> > struct route ro; A> > struct sockaddr_in *sin; A> > A> > bzero((caddr_t)&ro, sizeof(ro)); A> > sin = (struct sockaddr_in *)&ro.ro_dst; A> > sin->sin_len = sizeof(*sin); A> > sin->sin_family = AF_INET; A> > sin->sin_addr = fle->r.r_dst; A> > rtalloc(&ro); A> A> Most of the time, if you don't need a cloned route allocated, you can A> just use rtalloc_ign(&ro, RTF_CLONING) to just get a reference to the A> existing rtentry. Not allocating a new cloned route saves work and A> time for the rtalloc code. A> A> > if (ro.ro_rt != NULL) { A> > struct rtentry *rt = ro.ro_rt; A> > A> > /* here some read-only things are done with rt */ A> A> Maybe you do some nasty things to rt here? A> A> > rtfree(ro.ro_rt); A> > } A> > A> > But on CURRENT rtfree() causes panic. Here is backtrace: A> ... A> > Does this mean that something is broken in CURRENT or I am doing something wrong? A> A> rtalloc() and rtfree() are used quite often in the network code and A> otherwise work fine. The odds are high that you are doing something A> wrong. A> A> -- A> Andre -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 04:20:27 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C49B916A4CE for ; Tue, 24 Feb 2004 04:20:27 -0800 (PST) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id ED34043D2D for ; Tue, 24 Feb 2004 04:20:26 -0800 (PST) (envelope-from andre@freebsd.org) Received: (qmail 62198 invoked from network); 24 Feb 2004 12:20:25 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 24 Feb 2004 12:20:25 -0000 Message-ID: <403B4182.F6BD7101@freebsd.org> Date: Tue, 24 Feb 2004 13:20:18 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Gleb Smirnoff References: <20040224080353.GA76272@cell.sick.ru> <403B2423.DABF2E48@freebsd.org> <20040224102113.GB77406@cell.sick.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: rtalloc()/rtfree() problems on CURRENT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 12:20:27 -0000 Gleb Smirnoff wrote: > > Dear Andre, > > first, thanks for your feedback. > > On Tue, Feb 24, 2004 at 11:14:59AM +0100, Andre Oppermann wrote: > A> Most of the time, if you don't need a cloned route allocated, you can > A> just use rtalloc_ign(&ro, RTF_CLONING) to just get a reference to the > A> existing rtentry. Not allocating a new cloned route saves work and > A> time for the rtalloc code. > > Thanks for this hint. So if using rtalloc_ign() I do not need to call rtfree()? You still have to call rtfree() to decrement the refcount of the rtentry. > Why does this situation is not clear in manpage? :) I should update it. > A> > if (ro.ro_rt != NULL) { > A> > struct rtentry *rt = ro.ro_rt; > A> > > A> > /* here some read-only things are done with rt */ > A> > A> Maybe you do some nasty things to rt here? > > Really, I don't :) Exact code is given at end of the mail. You indeed do some nasty things. > A> > rtfree(ro.ro_rt); > A> > } > A> > > A> > But on CURRENT rtfree() causes panic. Here is backtrace: > A> ... > A> > Does this mean that something is broken in CURRENT or I am doing something wrong? > A> > A> rtalloc() and rtfree() are used quite often in the network code and > A> otherwise work fine. The odds are high that you are doing something > A> wrong. > > Here is exact code: > > bzero((caddr_t)&ro, sizeof(ro)); > sin = (struct sockaddr_in *)&ro.ro_dst; > sin->sin_len = sizeof(*sin); > sin->sin_family = AF_INET; > sin->sin_addr = fle->r.r_dst; > rtalloc(&ro); > if (ro.ro_rt != NULL) { > struct rtentry *rt = ro.ro_rt; > > /* This is cloned route, use its parent */ > if (ro.ro_rt->rt_flags & RTF_WASCLONED && > ro.ro_rt->rt_parent) > rt = ro.ro_rt->rt_parent; With rtalloc() you get a cloned route essentially every time. Use rtalloc_ign(&ro, RTF_CLONING) to get the parent route directly. > fle->o_ifx = rt->rt_ifp->if_index; > > if (rt->rt_flags & RTF_GATEWAY && > rt->rt_gateway->sa_family == AF_INET) > fle->next_hop = > ((struct sockaddr_in *)(rt->rt_gateway))->sin_addr; > > if (rt_mask(rt)) > fle->dst_mask = > bit_count(((struct sockaddr_in *)rt_mask(rt))->sin_addr.s_addr); > else if (rt->rt_flags & RTF_HOST) > /* Give up. We can't determine mask :( */ > fle->dst_mask = 32; > > rtfree(ro.ro_rt); Use the macro RTFREE() instead of rtfree(), it will take care of some locking issues. > } -- Andre From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 04:34:30 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E2EDB16A4CE; Tue, 24 Feb 2004 04:34:30 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id EF53543D1D; Tue, 24 Feb 2004 04:34:29 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1OCYRQE078523 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 24 Feb 2004 15:34:28 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1OCYRM9078522; Tue, 24 Feb 2004 15:34:27 +0300 (MSK) Date: Tue, 24 Feb 2004 15:34:27 +0300 From: Gleb Smirnoff To: Andre Oppermann Message-ID: <20040224123427.GA78495@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Andre Oppermann , freebsd-net@freebsd.org References: <20040224080353.GA76272@cell.sick.ru> <403B2423.DABF2E48@freebsd.org> <20040224102113.GB77406@cell.sick.ru> <403B4182.F6BD7101@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <403B4182.F6BD7101@freebsd.org> User-Agent: Mutt/1.5.6i cc: freebsd-net@freebsd.org Subject: Re: rtalloc()/rtfree() problems on CURRENT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 12:34:31 -0000 On Tue, Feb 24, 2004 at 01:20:18PM +0100, Andre Oppermann wrote: A> > Thanks for this hint. So if using rtalloc_ign() I do not need to call rtfree()? A> You still have to call rtfree() to decrement the refcount of the rtentry. Thanks. A> > A> Maybe you do some nasty things to rt here? A> > A> > Really, I don't :) Exact code is given at end of the mail. A> A> You indeed do some nasty things. Please point me at 'em. I'm only reading some values from parent structure. A> > Here is exact code: A> > A> > bzero((caddr_t)&ro, sizeof(ro)); A> > sin = (struct sockaddr_in *)&ro.ro_dst; A> > sin->sin_len = sizeof(*sin); A> > sin->sin_family = AF_INET; A> > sin->sin_addr = fle->r.r_dst; A> > rtalloc(&ro); A> > if (ro.ro_rt != NULL) { A> > struct rtentry *rt = ro.ro_rt; A> > A> > /* This is cloned route, use its parent */ A> > if (ro.ro_rt->rt_flags & RTF_WASCLONED && A> > ro.ro_rt->rt_parent) A> > rt = ro.ro_rt->rt_parent; A> A> With rtalloc() you get a cloned route essentially every time. Use A> rtalloc_ign(&ro, RTF_CLONING) to get the parent route directly. A> A> > fle->o_ifx = rt->rt_ifp->if_index; A> > A> > if (rt->rt_flags & RTF_GATEWAY && A> > rt->rt_gateway->sa_family == AF_INET) A> > fle->next_hop = A> > ((struct sockaddr_in *)(rt->rt_gateway))->sin_addr; A> > A> > if (rt_mask(rt)) A> > fle->dst_mask = A> > bit_count(((struct sockaddr_in *)rt_mask(rt))->sin_addr.s_addr); A> > else if (rt->rt_flags & RTF_HOST) A> > /* Give up. We can't determine mask :( */ A> > fle->dst_mask = 32; A> > A> > rtfree(ro.ro_rt); A> A> Use the macro RTFREE() instead of rtfree(), it will take care of some A> locking issues. This should be present in manpage, too. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 04:46:11 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7325E16A4CE for ; Tue, 24 Feb 2004 04:46:11 -0800 (PST) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id CF56843D2D for ; Tue, 24 Feb 2004 04:46:10 -0800 (PST) (envelope-from andre@freebsd.org) Received: (qmail 67967 invoked from network); 24 Feb 2004 12:46:08 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 24 Feb 2004 12:46:08 -0000 Message-ID: <403B478A.CA894505@freebsd.org> Date: Tue, 24 Feb 2004 13:46:02 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Gleb Smirnoff References: <20040224080353.GA76272@cell.sick.ru> <403B2423.DABF2E48@freebsd.org> <20040224102113.GB77406@cell.sick.ru> <403B4182.F6BD7101@freebsd.org> <20040224123427.GA78495@cell.sick.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: rtalloc()/rtfree() problems on CURRENT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 12:46:11 -0000 Gleb Smirnoff wrote: > A> Use the macro RTFREE() instead of rtfree(), it will take care of some > A> locking issues. > > This should be present in manpage, too. Yes, Sam and I did some heavy lifting in the network and routing code in the past few month. Unfortunatly we seem to have neglected to keep the documentation in sync. I've put this to the top of my TODO list. -- Andre From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 05:04:12 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C5D816A4CE; Tue, 24 Feb 2004 05:04:12 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9273943D1D; Tue, 24 Feb 2004 05:04:11 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1OD49QE078682 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 24 Feb 2004 16:04:09 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1OD48hP078681; Tue, 24 Feb 2004 16:04:08 +0300 (MSK) Date: Tue, 24 Feb 2004 16:04:08 +0300 From: Gleb Smirnoff To: Andre Oppermann Message-ID: <20040224130408.GA78658@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Andre Oppermann , freebsd-net@freebsd.org References: <20040224080353.GA76272@cell.sick.ru> <403B2423.DABF2E48@freebsd.org> <20040224102113.GB77406@cell.sick.ru> <403B4182.F6BD7101@freebsd.org> <20040224123427.GA78495@cell.sick.ru> <403B47D4.6F783F4F@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <403B47D4.6F783F4F@freebsd.org> User-Agent: Mutt/1.5.6i cc: freebsd-net@freebsd.org Subject: Re: rtalloc()/rtfree() problems on CURRENT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 13:04:12 -0000 On Tue, Feb 24, 2004 at 01:47:16PM +0100, Andre Oppermann wrote: A> > A> > A> Maybe you do some nasty things to rt here? A> > A> > A> > A> > Really, I don't :) Exact code is given at end of the mail. A> > A> A> > A> You indeed do some nasty things. A> > A> > Please point me at 'em. I'm only reading some values from parent structure. A> A> Ah, sorry, forgot that in my last email. The only thing is to use RTFREE(). A> At first I thought your reassigning of rt is a problem, but you free the A> correct ro.ro_rt later. Thank you! I'll try everything you suggested today night. I have one more question if you don't mind: This code is running on 5.1 and STABLE as well. Is it safe to move to RTFREE() everywhere? -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 05:16:50 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9662E16A4CE for ; Tue, 24 Feb 2004 05:16:50 -0800 (PST) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id C820E43D2D for ; Tue, 24 Feb 2004 05:16:49 -0800 (PST) (envelope-from andre@freebsd.org) Received: (qmail 74905 invoked from network); 24 Feb 2004 13:16:49 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 24 Feb 2004 13:16:49 -0000 Message-ID: <403B4EBA.C8168542@freebsd.org> Date: Tue, 24 Feb 2004 14:16:42 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Gleb Smirnoff References: <20040224080353.GA76272@cell.sick.ru> <403B2423.DABF2E48@freebsd.org> <20040224102113.GB77406@cell.sick.ru> <403B4182.F6BD7101@freebsd.org> <20040224123427.GA78495@cell.sick.ru> <403B47D4.6F783F4F@freebsd.org> <20040224130408.GA78658@cell.sick.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: rtalloc()/rtfree() problems on CURRENT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 13:16:50 -0000 Gleb Smirnoff wrote: > > On Tue, Feb 24, 2004 at 01:47:16PM +0100, Andre Oppermann wrote: > A> > A> > A> Maybe you do some nasty things to rt here? > A> > A> > > A> > A> > Really, I don't :) Exact code is given at end of the mail. > A> > A> > A> > A> You indeed do some nasty things. > A> > > A> > Please point me at 'em. I'm only reading some values from parent structure. > A> > A> Ah, sorry, forgot that in my last email. The only thing is to use RTFREE(). > A> At first I thought your reassigning of rt is a problem, but you free the > A> correct ro.ro_rt later. > > Thank you! I'll try everything you suggested today night. > > I have one more question if you don't mind: > This code is running on 5.1 and STABLE as well. Is it safe to move > to RTFREE() everywhere? Yes, I think so. Be aware that 5.1 is only a technology preview release and it is lacking in many areas compared to 5.2.1. -- Andre From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 06:14:58 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B3A8F16A4CE; Tue, 24 Feb 2004 06:14:58 -0800 (PST) Received: from pony.its.uwo.ca (pony.its.uwo.ca [129.100.2.63]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5AB8843D39; Tue, 24 Feb 2004 06:14:58 -0800 (PST) (envelope-from clai33@uwo.ca) Received: from spork.its.uwo.ca (ride.its.uwo.ca [10.10.10.10]) by pony.its.uwo.ca (8.12.10/8.12.10) with ESMTP id i1OEEuh6011671; Tue, 24 Feb 2004 09:14:56 -0500 (EST) Received: from panther.uwo.ca (panther.uwo.ca [129.100.2.14]) by spork.its.uwo.ca (8.12.10/8.12.10) with ESMTP id i1OEEg3l021595; Tue, 24 Feb 2004 09:14:42 -0500 Date: Tue, 24 Feb 2004 09:14:42 -0500 (EST) From: "C.L. Lai [ALAN]" To: freebsd-bugs@freebsd.org, freebsd-bugbusters@freebsd.org, freebsd-hardware@freebsd.org, freebsd-net@freebsd.org In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Score: 0.999 () FROM_ENDS_IN_NUMS X-Scanned-By: MIMEDefang 2.39 Subject: Re: famous 'mac read failed 5' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 14:14:59 -0000 On Tue, 24 Feb 2004, C.L. Lai [ALAN] wrote: > > i m not the only one... google says > but there still isn't a solution. > > the problem is, i m using a pcmcia-pci bridge (plx pci9052) w/ a wireless > pcmcia card(prism2.5) > together w/ fbsd5.2rc2-sparc64's if_wi driver > right after the module loading, displaying a few wi0 words, and then says > 'mac read failed 5' > then it failed to inilize my wireless device. > > so my question is, is there anyway to solve this problem or other ways to > get my pci9052 + prism2.5 working on my fbsd > > thank u for reading > > alan > > From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 06:23:10 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0D4E716A4CE for ; Tue, 24 Feb 2004 06:23:10 -0800 (PST) Received: from exchange.wan.no (exchange.wan.no [80.86.128.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3BF5D43D1D for ; Tue, 24 Feb 2004 06:23:09 -0800 (PST) (envelope-from sten.daniel.sorsdal@wan.no) Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Tue, 24 Feb 2004 15:23:07 +0100 X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: ifconfig and route problem. thread-index: AcP6y2B20Tj1c4R4SRi9hoFBtsI1HgAFc+fQ From: =?iso-8859-1?Q?Sten_Daniel_S=F8rsdal?= To: "DrumFire" , Subject: RE: ifconfig and route problem. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 14:23:10 -0000 > # ifconfig rl0 $ip (where ip can be also 192.168.100.1), my=20 > default route is deleted, cut off server for my net. >=20 Say you wanted to change from 192.168.100.1/24 to 10.0.0.1/24 With default gateway changed from 192.168.100.254 to 10.0.0.254 ifconfig rl0 inet 10.0.0.1/24 alias route change default 10.0.0.254 ifconfig rl0 inet 192.168.100.1/24 -alias _// Sten Daniel S=F8rsdal From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 06:43:27 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 073FC16A4CF for ; Tue, 24 Feb 2004 06:43:27 -0800 (PST) Received: from juergen.edv-winter.de (juergen.edv-winter.de [195.226.65.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4FBCB43D1F for ; Tue, 24 Feb 2004 06:43:25 -0800 (PST) (envelope-from ar@g23.org) Received: from localhost (localhost [127.0.0.1]) by juergen.edv-winter.de (8.12.10/8.12.9) with ESMTP id i1OEgcST096796 for ; Tue, 24 Feb 2004 15:42:48 +0100 (CET) (envelope-from ar@g23.org) Date: Tue, 24 Feb 2004 15:42:38 +0100 (CET) From: Andre Rein X-X-Sender: ar@juergen.edv-winter.de To: freebsd-net@freebsd.org Message-ID: <20040224152136.S97179@juergen.edv-winter.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: different traffic accounting trafd vs. ipcad X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 14:43:27 -0000 Hi ML, I'm running two different accounting programs at the firewall (ipcad & trafd) and it looks like that trafd doesn't account the whole traffic, because the sum of the individual tcp/udp/icmp traffic doesn't match the ipcad accounting. There are differences in between 0-50 MB a day. One time trafd accounts more outgoing traffic than ipcad but the incoming is much lesser. If I compare the accounting from our local provider with the ipcad traffic I get nearly the same results. So it must be trafd or a wrong config i did. So my question, does anybody run into the same trouble with trafd and solved it or is there any other Software wich can count port based traffic and is more documented and tested? here some network/trafd related stuff: processes: /bin/trafd -r -O -i fxp0 /sbin/natd -l -a 195.226.65.125 -unregistered_only nic's: fxp0: flags=8943 mtu 1500 inet 192.168.55.74 netmask 0xfffffffc broadcast 192.168.55.75 inet6 fe80::260:b0ff:fe67:e801%fxp0 prefixlen 64 scopeid 0x1 ether 00:60:b0:67:e8:01 media: Ethernet autoselect (100baseTX ) status: active fxp1: flags=8843 mtu 1500 inet 195.226.65.125 netmask 0xffffffc0 broadcast 195.226.65.127 inet6 fe80::290:27ff:fe22:b7e8%fxp1 prefixlen 64 scopeid 0x2 ether 00:90:27:22:b7:e8 media: Ethernet autoselect (100baseTX ) status: active Routing tables: Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.55.73 UGSc 28 96501173 fxp0 ...... kind regards -- "And some greetings from the Toaster" From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 06:47:47 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 73F0D16A4CE for ; Tue, 24 Feb 2004 06:47:47 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9151C43D1D for ; Tue, 24 Feb 2004 06:47:46 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1OElhQE079498 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 24 Feb 2004 17:47:44 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1OElh8H079497; Tue, 24 Feb 2004 17:47:43 +0300 (MSK) Date: Tue, 24 Feb 2004 17:47:43 +0300 From: Gleb Smirnoff To: Andre Rein Message-ID: <20040224144743.GA79478@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Andre Rein , freebsd-net@freebsd.org References: <20040224152136.S97179@juergen.edv-winter.de> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20040224152136.S97179@juergen.edv-winter.de> User-Agent: Mutt/1.5.6i cc: freebsd-net@freebsd.org Subject: Re: different traffic accounting trafd vs. ipcad X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 14:47:47 -0000 Dear Andre, On Tue, Feb 24, 2004 at 03:42:38PM +0100, Andre Rein wrote: A> I'm running two different accounting programs at the firewall (ipcad & A> trafd) and it looks like that trafd doesn't account the whole traffic, A> because the sum of the individual tcp/udp/icmp traffic doesn't match the A> ipcad accounting. A> trafd itself is very buggy. I'd better do not trust its data. Use ipcad, ipacct or ng_ipacct. trafd'd bugginess was discussed a lot in different russian-speaking mailinglists. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 06:59:28 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C20CB16A4CE for ; Tue, 24 Feb 2004 06:59:28 -0800 (PST) Received: from c7.campus.utcluj.ro (c7.campus.utcluj.ro [193.226.6.226]) by mx1.FreeBSD.org (Postfix) with SMTP id C7AE443D1D for ; Tue, 24 Feb 2004 06:59:27 -0800 (PST) (envelope-from veedee@c7.campus.utcluj.ro) Received: (qmail 96914 invoked by uid 1008); 24 Feb 2004 14:59:24 -0000 From: veedee@c7.campus.utcluj.ro Date: Tue, 24 Feb 2004 16:59:24 +0200 To: Gleb Smirnoff , Andre Rein , freebsd-net@freebsd.org Message-ID: <20040224145924.GA96892@c7.campus.utcluj.ro> References: <20040224152136.S97179@juergen.edv-winter.de> <20040224144743.GA79478@cell.sick.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040224144743.GA79478@cell.sick.ru> Subject: Re: different traffic accounting trafd vs. ipcad X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 14:59:28 -0000 On Tue, Feb 24, 2004 at 05:47:43PM +0300, Gleb Smirnoff wrote: > Dear Andre, > > On Tue, Feb 24, 2004 at 03:42:38PM +0100, Andre Rein wrote: > A> I'm running two different accounting programs at the firewall (ipcad & > A> trafd) and it looks like that trafd doesn't account the whole traffic, > A> because the sum of the individual tcp/udp/icmp traffic doesn't match the > A> ipcad accounting. > A> > > trafd itself is very buggy. I'd better do not trust > its data. Use ipcad, ipacct or ng_ipacct. trafd'd bugginess was discussed a > lot in different russian-speaking mailinglists. Can you please be more specific? What do you mean by buggy? I haven't seen anything about that on the WWW, but then again, I do not speak russian :( > -- > Totus tuus, Glebius. > GLEBIUS-RIPN GLEB-RIPE Thanks. -- | Radu Bogdan 'veedee' Rusu | NetSysAdm at campus dot utcluj dot ro | Personal gallery at http://www.rbrusu.com | ...mirroring FreeBSD and coffee From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 07:11:24 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C1A7016A4CE for ; Tue, 24 Feb 2004 07:11:24 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA56943D1F for ; Tue, 24 Feb 2004 07:11:23 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1OFBKQE079702 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 24 Feb 2004 18:11:21 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1OFBKi1079701; Tue, 24 Feb 2004 18:11:20 +0300 (MSK) Date: Tue, 24 Feb 2004 18:11:20 +0300 From: Gleb Smirnoff To: veedee@c7.campus.utcluj.ro Message-ID: <20040224151120.GA79679@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , veedee@c7.campus.utcluj.ro, Andre Rein , freebsd-net@freebsd.org References: <20040224152136.S97179@juergen.edv-winter.de> <20040224144743.GA79478@cell.sick.ru> <20040224145924.GA96892@c7.campus.utcluj.ro> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20040224145924.GA96892@c7.campus.utcluj.ro> User-Agent: Mutt/1.5.6i cc: Andre Rein cc: freebsd-net@freebsd.org Subject: Re: different traffic accounting trafd vs. ipcad X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 15:11:24 -0000 On Tue, Feb 24, 2004 at 04:59:24PM +0200, veedee@c7.campus.utcluj.ro wrote: v> > trafd itself is very buggy. I'd better do not trust v> > its data. Use ipcad, ipacct or ng_ipacct. trafd'd bugginess was discussed a v> > lot in different russian-speaking mailinglists. v> v> Can you please be more specific? What do you mean by buggy? I haven't v> seen anything about that on the WWW, but then again, I do not speak russian v> :( Look at ports/net/trafd/files/patch-ah. This will make your opinion about code quality :) -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 07:12:17 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EAD1D16A4CE for ; Tue, 24 Feb 2004 07:12:17 -0800 (PST) Received: from mail.finsystem.net (unknown [212.141.243.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9B7DB43D2F for ; Tue, 24 Feb 2004 07:12:16 -0800 (PST) (envelope-from dpphln@tin.it) Received: from wks16.finsystem.net ([192.168.0.52]) by mail.finsystem.net (8.11.6/8.11.6) with SMTP id i1OFBfS05552; Tue, 24 Feb 2004 16:11:42 +0100 Date: Tue, 24 Feb 2004 16:18:28 +0000 From: DrumFire To: Sten Daniel =?ISO-8859-1?Q?S=F8rsdal?= Message-Id: <20040224161828.59c308d4.dpphln@tin.it> In-Reply-To: References: X-Mailer: Sylpheed version 0.8.11claws (GTK+ 1.2.10; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable cc: freebsd-net@freebsd.org Subject: Re: ifconfig and route problem. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 15:12:18 -0000 On Tue, 24 Feb 2004 15:23:07 +0100 Sten Daniel S=F8rsdal wrote: >=20 > > # ifconfig rl0 $ip (where ip can be also 192.168.100.1), my=20 > > default route is deleted, cut off server for my net. > >=20 >=20 > Say you wanted to change from 192.168.100.1/24 to 10.0.0.1/24 > With default gateway changed from 192.168.100.254 to 10.0.0.254 ?? My ask is simple: There's a way to avoid ifconfig reset default route also when newipaddress is the same of old ipaddress? I don't understand your example, and I didn't change my ip address from 192.168.100.1/24 to 10.0.0.1/24 =20 From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 07:25:50 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABE5F16A4CE for ; Tue, 24 Feb 2004 07:25:50 -0800 (PST) Received: from mail.butovo-online.ru (mail.b-o.ru [212.5.78.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 017AB43D1F for ; Tue, 24 Feb 2004 07:25:50 -0800 (PST) (envelope-from resident@b-o.ru) Received: from [192.168.92.185] (helo=192.168.92.185) by mail.butovo-online.ru with esmtp (Exim 4.24) id 1Aveb7-000AAC-7O for freebsd-net@freebsd.org; Tue, 24 Feb 2004 18:35:49 +0300 Date: Tue, 24 Feb 2004 18:27:39 +0300 From: Andrew Riabtsev X-Mailer: The Bat! (v1.62i) Business X-Priority: 3 (Normal) Message-ID: <10425218782.20040224182739@b-o.ru> To: freebsd-net@freebsd.org In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re[2]: ifconfig and route problem. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrew Riabtsev List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 15:25:50 -0000 >> # ifconfig rl0 $ip (where ip can be also 192.168.100.1), my >> default route is deleted, cut off server for my net. >> SDS> Say you wanted to change from 192.168.100.1/24 to 10.0.0.1/24 SDS> With default gateway changed from 192.168.100.254 to 10.0.0.254 SDS> ifconfig rl0 inet 10.0.0.1/24 alias SDS> route change default 10.0.0.254 SDS> ifconfig rl0 inet 192.168.100.1/24 -alias What if I need to change ip from 192.168.100.1/24 to 192.168.100.2/24? Can I alias IP-address from same subnet? I think no. Andrew mailto:resident@b-o.ru From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 07:33:37 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6BCF216A4CE for ; Tue, 24 Feb 2004 07:33:37 -0800 (PST) Received: from juergen.edv-winter.de (juergen.edv-winter.de [195.226.65.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE78143D1F for ; Tue, 24 Feb 2004 07:33:36 -0800 (PST) (envelope-from ar@g23.org) Received: from localhost (localhost [127.0.0.1])i1OFWdST005275; Tue, 24 Feb 2004 16:32:49 +0100 (CET) (envelope-from ar@g23.org) Date: Tue, 24 Feb 2004 16:32:39 +0100 (CET) From: Andre Rein X-X-Sender: ar@juergen.edv-winter.de To: Andrew Riabtsev In-Reply-To: <10425218782.20040224182739@b-o.ru> Message-ID: <20040224163021.F97179@juergen.edv-winter.de> References: <10425218782.20040224182739@b-o.ru> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re[2]: ifconfig and route problem. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 15:33:37 -0000 On Tue, 24 Feb 2004, Andrew Riabtsev wrote: > > >> # ifconfig rl0 $ip (where ip can be also 192.168.100.1), my > >> default route is deleted, cut off server for my net. > >> > > SDS> Say you wanted to change from 192.168.100.1/24 to 10.0.0.1/24 > SDS> With default gateway changed from 192.168.100.254 to 10.0.0.254 > > SDS> ifconfig rl0 inet 10.0.0.1/24 alias > SDS> route change default 10.0.0.254 > SDS> ifconfig rl0 inet 192.168.100.1/24 -alias > > What if I need to change ip from 192.168.100.1/24 to 192.168.100.2/24? > Can I alias IP-address from same subnet? I think no. > iirc: ifconfig rl0 inet 10.0.0.1 netmask 255.255.255.255 alias -- "And some greetings from the Toaster" From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 07:36:47 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C4EA16A4CE for ; Tue, 24 Feb 2004 07:36:47 -0800 (PST) Received: from juergen.edv-winter.de (juergen.edv-winter.de [195.226.65.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id E881743D1F for ; Tue, 24 Feb 2004 07:36:46 -0800 (PST) (envelope-from ar@g23.org) Received: from localhost (localhost [127.0.0.1]) by juergen.edv-winter.de (8.12.10/8.12.9) with ESMTP id i1OFa0ST006104 for ; Tue, 24 Feb 2004 16:36:10 +0100 (CET) (envelope-from ar@g23.org) Date: Tue, 24 Feb 2004 16:36:00 +0100 (CET) From: Andre Rein X-X-Sender: ar@juergen.edv-winter.de To: freebsd-net@freebsd.org In-Reply-To: <20040224163021.F97179@juergen.edv-winter.de> Message-ID: <20040224163434.T97179@juergen.edv-winter.de> References: <20040224163021.F97179@juergen.edv-winter.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re[2]: ifconfig and route problem. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 15:36:47 -0000 On Tue, 24 Feb 2004, Andre Rein wrote: > > >> # ifconfig rl0 $ip (where ip can be also 192.168.100.1), my > > >> default route is deleted, cut off server for my net. > > >> > > > > SDS> Say you wanted to change from 192.168.100.1/24 to 10.0.0.1/24 > > SDS> With default gateway changed from 192.168.100.254 to 10.0.0.254 > > > > SDS> ifconfig rl0 inet 10.0.0.1/24 alias > > SDS> route change default 10.0.0.254 > > SDS> ifconfig rl0 inet 192.168.100.1/24 -alias > > > > What if I need to change ip from 192.168.100.1/24 to 192.168.100.2/24? > > Can I alias IP-address from same subnet? I think no. > > > > iirc: ifconfig rl0 inet 10.0.0.1 netmask 255.255.255.255 alias damn copy'n paste s/10.0.0.1/192.168.0.2 ;) regards -- "And some greetings from the Toaster" From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 08:11:25 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 59F1A16A4CE for ; Tue, 24 Feb 2004 08:11:25 -0800 (PST) Received: from smtp3.libero.it (smtp3.libero.it [193.70.192.127]) by mx1.FreeBSD.org (Postfix) with ESMTP id E927A43D2D for ; Tue, 24 Feb 2004 08:11:24 -0800 (PST) (envelope-from ml.ventu@flashnet.it) Received: from soth.ventu (151.37.23.42) by smtp3.libero.it (7.0.020-DD01) id 401D5C59009B2593 for freebsd-net@freebsd.org; Tue, 24 Feb 2004 17:11:23 +0100 Received: from mailer (xanatar.ventu [10.1.2.6]) by soth.ventu (8.12.6p3/8.12.6) with SMTP id i1OGBMmY026274 for ; Tue, 24 Feb 2004 17:11:22 +0100 (CET) (envelope-from ml.ventu@flashnet.it) Message-Id: <200402241611.i1OGBMmY026274@soth.ventu> To: freebsd-net@freebsd.org Priority: Normal X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Tue, 24 Feb 2004 17:11:22 EST From: Andrea Venturoli Subject: Bad loopback traffic not stopped by ipfw. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrea Venturoli List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 16:11:25 -0000 Hello. 4.8-RELEASE-p15: In /var/log/all.log I get a lot of: snort: [1:528:4] BAD-TRAFFIC loopback traffic [Classification: Potentially Bad Traffic] [Priority: 2]: {TCP} 127.0.0.1:80 -> xx.xx.xx.xx:1055 (src port is always 80, dst port changes, xx.xx.xx.xx is my tun0 IP.) ifconfig -a gives: sis0: flags=8843 mtu 1500 inet 192.168.100.55 netmask 0xffffff00 broadcast 192.168.100.255 ether 00:10:5c:db:ee:c3 media: Ethernet autoselect (100baseTX ) status: active rl0: flags=8943 mtu 1500 inet 192.168.106.1 netmask 0xffffff00 broadcast 192.168.106.255 ether 00:50:fc:ac:b1:db media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 tun0: flags=8151 mtu 1492 inet xx.xx.xx.xx --> 192.168.100.1 netmask 0xffffffff Opened by PID 58 tcpdumping all interfaces one by one shows the packet only on tun0: tcpdump -i tun0 -l src or dst 127.0.0.1 17:03:17.069193 127.0.0.1.http > 82.48.28.67.us-gv: R 0:0(0) ack 1889337345 win 0 17:03:18.034467 127.0.0.1.http > 82.48.28.67.tcp-id-port: R 0:0(0) ack 142009958 5 win 0 .. ipfw -a l (relevant parts): 00050 1152 388408 divert 8668 ip from any to any via tun0 .. 01000 6 1248 allow ip from any to any via lo0 (this is really local ntp traffic) .. 01000 0 0 deny log ip from 127.0.0.0/8 to any in recv tun0 IMHO opinion wrong packets are arriving from the upstream router (for which it would be useless to ask for a fix), snort and tcpdump correctly report them, but I think I should also see ipfw blocking them. At least this is what I read, googling around, on a previous thread on freebsd-stable. I also tried removing rule 50, just in case natd could have a role in this, but the behaviour did not change. What's wrong? bye & Thanks av. From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 08:58:00 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C99D16A4CE for ; Tue, 24 Feb 2004 08:58:00 -0800 (PST) Received: from access.lozenetz.net (access.lozenetz.net [80.72.64.115]) by mx1.FreeBSD.org (Postfix) with SMTP id E487D43D2D for ; Tue, 24 Feb 2004 08:57:57 -0800 (PST) (envelope-from valqk@lozenetz.net) Received: (qmail 10040 invoked from network); 24 Feb 2004 16:57:53 -0000 Received: from unknown (HELO ?192.168.0.1?) (192.168.0.1) by upper.lan with SMTP; 24 Feb 2004 16:57:53 -0000 From: Anton Blajev To: freebsd-net@freebsd.org Content-Type: text/plain Message-Id: <1077641871.1046.10.camel@valqk.upper.lan> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Tue, 24 Feb 2004 18:57:51 +0200 Content-Transfer-Encoding: 7bit Subject: RE: ifconfig and route problem. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: valqk@lozenetz.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 16:58:00 -0000 Please stop flooding. :) RTFM -> man ifconfig ; man route you CAN'T change your NIC's ip whithough deleteing your default route. why's that? well... route add default 192.168.0.1 when you add default gw it must be reachable on your network. when you change ip, you have to add ne w route because you;ve changed network. aka you can patch ifconfig command to check if you change ip address to other form your network(192.168.0.0 for example) and don't delete default route... dunno ... I think ifconfig deletes it. not pretty sure. a simple desicion will be a bash script: ---- ./chaddr.sh rl0 192.168.0.50 255.255.255.0 192.168.0.1 ###############i-face ip nmask gw #!/bin/sh /sbin/ifconfig $0 $1 $3 /sbin/route add default 1$4 From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 09:30:24 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A999D16A4D5 for ; Tue, 24 Feb 2004 09:30:24 -0800 (PST) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 30F9443D1F for ; Tue, 24 Feb 2004 09:30:24 -0800 (PST) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.10/8.12.10) with ESMTP id i1OHUNKD095306; Tue, 24 Feb 2004 12:30:23 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.10/8.12.10/Submit) id i1OHUN9J095305; Tue, 24 Feb 2004 12:30:23 -0500 (EST) (envelope-from barney) Date: Tue, 24 Feb 2004 12:30:23 -0500 From: Barney Wolff To: Andrea Venturoli Message-ID: <20040224173023.GA94632@pit.databus.com> References: <200402241611.i1OGBMmY026274@soth.ventu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200402241611.i1OGBMmY026274@soth.ventu> User-Agent: Mutt/1.5.6i X-Scanned-By: MIMEDefang 2.39 cc: freebsd-net@freebsd.org Subject: Re: Bad loopback traffic not stopped by ipfw. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 17:30:25 -0000 On Tue, Feb 24, 2004 at 05:11:22PM -0500, Andrea Venturoli wrote: > IMHO opinion wrong packets are arriving from the upstream router (for which it would be useless to ask for a fix), Your first three rules, before anything else, should be: allow ip from any to any via lo0 deny log logamount 1000 ip from any to 127.0.0.0/8 deny log logamount 1000 ip from 127.0.0.0/8 to any then see what ipfw says. Your ruleset does not block packets from 127 outbound. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 09:44:50 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A384F16A4CE for ; Tue, 24 Feb 2004 09:44:50 -0800 (PST) Received: from smtp1.libero.it (smtp1.libero.it [193.70.192.51]) by mx1.FreeBSD.org (Postfix) with ESMTP id EEDCB43D1F for ; Tue, 24 Feb 2004 09:44:47 -0800 (PST) (envelope-from ml.ventu@flashnet.it) Received: from soth.ventu (151.37.23.42) by smtp1.libero.it (7.0.020-DD01) id 401D5FAE009C4E24 for freebsd-net@freebsd.org; Tue, 24 Feb 2004 18:45:16 +0100 Received: from mailer (xanatar.ventu [10.1.2.6]) by soth.ventu (8.12.6p3/8.12.6) with SMTP id i1OHikmZ026736 for ; Tue, 24 Feb 2004 18:44:46 +0100 (CET) (envelope-from ml.ventu@flashnet.it) Message-Id: <200402241744.i1OHikmZ026736@soth.ventu> To: freebsd-net@freebsd.org Priority: Normal X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Tue, 24 Feb 2004 18:44:46 EST From: Andrea Venturoli Subject: Re: Bad loopback traffic not stopped by ipfw. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrea Venturoli List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 17:44:50 -0000 ** Reply to note from Barney Wolff Tue, 24 Feb 2004 12:30:23 -0500 >> IMHO opinion wrong packets are arriving >> from the upstream router (for which it >> would be useless to ask for a fix), > Your first three rules, before anything else, should be: > allow ip from any to any via lo0 > deny log logamount 1000 ip from any to 127.0.0.0/8 > deny log logamount 1000 ip from 127.0.0.0/8 to any > then see what ipfw says. > Your ruleset does not block packets from 127 > outbound. I though it did! These are just not the first rules, but they should anyway. In any case, I tried your suggestion: now ipfw -a l gives: 00030 2 416 allow ip from any to any via lo0 00031 0 0 deny log ip from any to 127.0.0.0/8 00032 0 0 deny log ip from 127.0.0.0/8 to any And I've had snort reporting bas loopback traffic in the meanwhile. So this is not a problem with my rules. bye & Thanks av. From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 11:41:20 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EFDC216A4CE for ; Tue, 24 Feb 2004 11:41:20 -0800 (PST) Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id 396D243D39 for ; Tue, 24 Feb 2004 11:41:18 -0800 (PST) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.3) with SMTP id GAA06678; Wed, 25 Feb 2004 06:41:08 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Wed, 25 Feb 2004 06:41:08 +1100 (EST) From: Ian Smith To: Andrea Venturoli In-Reply-To: <200402241611.i1OGBMmY026274@soth.ventu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Bad loopback traffic not stopped by ipfw. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 19:41:21 -0000 On Tue, 24 Feb 2004, Andrea Venturoli wrote: > 4.8-RELEASE-p15: ipfw1? > In /var/log/all.log I get a lot of: > > snort: [1:528:4] BAD-TRAFFIC loopback traffic [Classification: > Potentially Bad Traffic] [Priority: 2]: {TCP} > 127.0.0.1:80 -> xx.xx.xx.xx:1055 > > (src port is always 80, dst port changes, xx.xx.xx.xx is my tun0 IP.) There's a bit of that about; been seeing such here for some weeks now: Feb 18 04:53:19 [..] ipfw: 60020 Deny TCP 127.0.0.1:80 w.x.y.z:1612 in via tun0 Feb 18 05:02:36 [..] ipfw: 60020 Deny TCP 127.0.0.1:80 w.x.y.z:1785 in via tun0 Feb 18 05:02:36 [..] ipfw: limit reached on rule #60020 # ipfw -t sh|grep -1 60020 60000 408814 51012356 Wed Feb 25 05:36:00 2004 \ allow ip from any to any via lo0 60020 390 15600 Wed Feb 25 02:05:17 2004 \ <<<<<----- deny log ip from 127.0.0.0/8 to any 60030 0 0 \ deny log ip from any to 127.0.0.0/8 .. still dribbling in I see. Yawn. But they're being denied ok here. > tcpdumping all interfaces one by one shows the packet only on tun0: > > tcpdump -i tun0 -l src or dst 127.0.0.1 > > 17:03:17.069193 127.0.0.1.http > 82.48.28.67.us-gv: R 0:0(0) ack 1889337345 win 0 > 17:03:18.034467 127.0.0.1.http > 82.48.28.67.tcp-id-port: R 0:0(0) ack 142009958 5 win 0 > .. > > ipfw -a l (relevant parts): > > 00050 1152 388408 divert 8668 ip from any to any via tun0 > .. > 01000 6 1248 allow ip from any to any via lo0 (this is really local ntp traffic) > .. > 01000 0 0 deny log ip from 127.0.0.0/8 to any in recv tun0 Try just 'deny log ip from 127.0.0.0/8 to any' (and as mentioned, 'deny log ip from any to 127.0.0.1/8' outbound also. Works here. Not sure if the diversion for NAT above might affect whether they're appearing to ipfw as still being 'in recv tun0' or not at rule(s) 1000, but you'd want to block these on any interface, in or out, wouldn't you? > IMHO opinion wrong packets are arriving from the upstream router (for > which it would be useless to ask for a fix), Indeed, it's probably not paying attention to source addresses anyway. > snort and tcpdump correctly report them, but I think I should also > see ipfw blocking them. At least this is what I read, googling > around, on a previous thread on freebsd-stable. You should indeed, but maybe some other rule between 50 and 1000 is either blocking or allowing them? Anyway, try the more general rule? (Caveat: the above are on a 2.2.6 router/gw that's still chugging along; I assume it's more likely a config prob than an issue with 4.8 ipfw(n)) Cheers, Ian From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 12:35:02 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF15716A4CE; Tue, 24 Feb 2004 12:35:02 -0800 (PST) Received: from segfault.monkeys.com (segfault.monkeys.com [66.60.159.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A06F43D1D; Tue, 24 Feb 2004 12:35:00 -0800 (PST) (envelope-from rfg@monkeys.com) Received: from monkeys.com (unknown [127.0.0.1]) by segfault.monkeys.com (Postfix) with ESMTP id 4B01D42031; Tue, 24 Feb 2004 12:35:00 -0800 (PST) To: Robert Watson In-reply-to: Your message of Mon, 23 Feb 2004 23:35:34 -0500. Date: Tue, 24 Feb 2004 12:35:00 -0800 Message-ID: <74400.1077654900@monkeys.com> From: "Ronald F. Guilmette" cc: freebsd-net@freebsd.org Subject: Re: Finding all IPv4 addresses associated with INADDR_ANY (?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 20:35:02 -0000 In message , you wrote: > >On Mon, 23 Feb 2004, Ronald F. Guilmette wrote: > >> Given a socket which has been properly created, opened, and then bound >> to some port and the special INADDR_ANY ``wildcard'' address, I need to >> be able to them programatically find all of the IPv4 addresses that the >> socket was just bound to. >> >> Can anyone suggest a way to do this? >> >> Can anyone suggest a way to do this easily? >> >> Can anyone suggest a way to do this portably? > >In another e-mail, it's recommended that you try out getifaddrs(). This >is almost certainly the best thing to do, but I wanted to point out one >thing about the question you asked: when you bind a socket to INADDR_ANY, >you're actually not saying "bind to all addresses available at the moment >of binding", you're saying "bind to all addresses available at the moment >of comparison". I.e., the PCB in kernel retains the value INADDR_ANY, and >will match new IP addresses added to interfaces at some later time also. Thank you for pointing that out. I certainly did not know that interesting fact. For me at least, this distinction is rarely important in practice, because I personally don't tend to ifconfig new interfaces all that often... like hardly ever... but it is Good for me to know the implications of what you just said. From owner-freebsd-net@FreeBSD.ORG Tue Feb 24 15:15:39 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 910B716A4CE for ; Tue, 24 Feb 2004 15:15:39 -0800 (PST) Received: from smtp2.libero.it (smtp2.libero.it [193.70.192.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id F39B643D31 for ; Tue, 24 Feb 2004 15:15:38 -0800 (PST) (envelope-from ml.ventu@flashnet.it) Received: from soth.ventu (151.37.23.42) by smtp2.libero.it (7.0.020-DD01) id 401CAD6A00A1F817 for freebsd-net@freebsd.org; Wed, 25 Feb 2004 00:16:20 +0100 Received: from mailer (xanatar.ventu [10.1.2.6]) by soth.ventu (8.12.6p3/8.12.6) with SMTP id i1ONFbmZ028103 for ; Wed, 25 Feb 2004 00:15:37 +0100 (CET) (envelope-from ml.ventu@flashnet.it) Message-Id: <200402242315.i1ONFbmZ028103@soth.ventu> To: freebsd-net@freebsd.org Priority: Normal X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Wed, 25 Feb 2004 00:15:37 EST From: Andrea Venturoli Subject: Re: Bad loopback traffic not stopped by ipfw. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrea Venturoli List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 23:15:39 -0000 ** Reply to note from Ian Smith Wed, 25 Feb 2004 06:41:08 +1100 (EST) > ... still dribbling in I see. Yawn. But they're being denied ok here. But it is not so here! And also someone else reported the same problem... > Try just 'deny log ip from 127.0.0.0/8 to any' (and as mentioned, 'deny > log ip from any to 127.0.0.1/8' outbound also. Works here. As I said in another reply I tried this too: ipfw -a l gives: 00030 2 416 allow ip from any to any via lo0 00031 0 0 deny log ip from any to 127.0.0.0/8 00032 0 0 deny log ip from 127.0.0.0/8 to any .. But the counts are still 0, no log is displayed and tcpdumps keeps showing packets coming in. > Not sure if the diversion for NAT above might affect whether they're > appearing to ipfw as still being 'in recv tun0' or not at rule(s) 1000, > but you'd want to block these on any interface, in or out, wouldn't you? As I previously said, I tried it also without diversion to natd. > > snort and tcpdump correctly report them, but I think I should also > > see ipfw blocking them. At least this is what I read, googling > > around, on a previous thread on freebsd-stable. > > You should indeed, but maybe some other rule between 50 and 1000 is > either blocking or allowing them? Anyway, try the more general rule? See above. > (Caveat: the above are on a 2.2.6 router/gw that's still chugging along; > I assume it's more likely a config prob than an issue with 4.8 ipfw(n)) I *hope* it is a config problem, but I can assure it is not a trivial one, at least for me. Not an ipfw rules related one, at least. Either there is some setup I am not aware of or something is not working properly. bye & Thanks av. From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 02:32:05 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 138AA16A4CE for ; Wed, 25 Feb 2004 02:32:05 -0800 (PST) Received: from xiplan (unknown [196.31.69.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id E931343D1D for ; Wed, 25 Feb 2004 02:32:03 -0800 (PST) (envelope-from garethb@xiplan.com) Received: from xiplan ([196.31.69.30]) by xiplan with Microsoft SMTPSVC(6.0.3790.0); Wed, 25 Feb 2004 12:32:03 +0200 Message-ID: <002d01c3fb8a$9ba7cd30$1e451fc4@xiplan> From: "gareth bailey" To: Date: Wed, 25 Feb 2004 12:32:03 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.0 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0 X-OriginalArrivalTime: 25 Feb 2004 10:32:03.0203 (UTC) FILETIME=[9BA7CD30:01C3FB8A] Subject: Wireless USB adapter X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 10:32:05 -0000 I have an X-Micro wireless USB Adapter that prints "ugen0: vendor 0x0ace USB WLAN, rev 1.10/1.01, addr 2" when i plug it in. Is there any way i can get this device to work under FreeBSD? Gareth From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 04:16:01 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8833116A4CE; Wed, 25 Feb 2004 04:16:01 -0800 (PST) Received: from hotmail.com (law11-f120.law11.hotmail.com [64.4.17.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C1D143D2F; Wed, 25 Feb 2004 04:16:01 -0800 (PST) (envelope-from weiwuzhang@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 25 Feb 2004 04:16:00 -0800 Received: from 218.85.105.104 by lw11fd.law11.hotmail.msn.com with HTTP; Wed, 25 Feb 2004 12:16:00 GMT X-Originating-IP: [218.85.105.104] X-Originating-Email: [weiwuzhang@hotmail.com] X-Sender: weiwuzhang@hotmail.com From: "Zhang Weiwu" To: freebsd-net@freebsd.org Date: Wed, 25 Feb 2004 20:16:00 +0800 Mime-Version: 1.0 Content-Type: text/plain; charset=gb2312; format=flowed Message-ID: X-OriginalArrivalTime: 25 Feb 2004 12:16:00.0950 (UTC) FILETIME=[21A47560:01C3FB99] cc: freebsd-questions@freebsd.org Subject: ppp server: arp proxy things? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: zhangweiwu@realss.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 12:16:01 -0000 Hello. I think this problem really go out of my English language ability, I'm trying my best to explain it: Now I just built a bluetooth based LAN access server, that is to run several serial connection over bluetooth, so you can think they are many simple serial connection, and ppp runs over the connections through tun. The network is like this: [gateway/firewall: 10.0.0.138] --- [many hosts, 10.0.0.1 - 10.0.0.8] | | +-- [10.0.0.10 <-tun-> 10.0.0.11] -- [bc1] [bs: 10.0.0.9] -- [10.0.0.12 <-tun-> 10.0.0.13] -- [bc2] +-- [10.0.0.14 <-tun-> 10.0.0.15] -- [bc3] 10.0.0.138 is also the DHCP/DNS server. bs means bluetooth LAN access server, bc1 is a notebook computer with bluetooth, bc2 is another, and bc3 yet another. I have pppd running on bs. I'm pretty dumb with ppp, to get it working I setup three ppp lables in /etc/ppp/ppp.conf, holding the address from 10.0.0.10 to 10.0.0.15. Currently bc1, bc2, bc3 connect to bs correctly, I don't have any route/proxy to let bc to connect to other computers in the LAN, say 10.0.0.1. Now I wish to make the network really transparent, that is as if bc1, bc2, bc3 is in the LAN, to be pinged and sshed. I wish to make: * upon each ppp connection, bs ask 10.0.0.138 to assign an IP address from address pool to bc, also let 10.0.0.138 give other dhcp information like dns server, search domain etc. If bc love to register a DNS entry it should be able to do so. * When someone in LAN (say 10.0.0.5) wish to ssh to bc2, bs should be smart enough to make it happen. Is it the so-called arp proxy? * And bc2 connects (ssh or ftp) to any other hosts in the LAN as well. I hope I'm clear. Am I still far away from getting that work? Where to find guide to achieve that? Thank you! _________________________________________________________________ 享用世界上最大的电子邮件系统— MSN Hotmail。 http://www.hotmail.com From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 04:37:25 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE89616A4CE for ; Wed, 25 Feb 2004 04:37:25 -0800 (PST) Received: from mail.otel.net (gw3.OTEL.net [212.36.8.151]) by mx1.FreeBSD.org (Postfix) with ESMTP id AA03343D31 for ; Wed, 25 Feb 2004 04:37:25 -0800 (PST) (envelope-from tbyte@OTEL.net) Received: from dragon.otel.net ([212.36.8.135] helo=OTEL.net) by mail.otel.net with esmtp (Exim 4.30; FreeBSD) id 1AvyI0-000AQM-6z; Wed, 25 Feb 2004 14:37:24 +0200 Message-ID: <403C9705.3060108@OTEL.net> Date: Wed, 25 Feb 2004 14:37:25 +0200 From: Iasen Kostov User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040224 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Andrea Venturoli References: <200402242315.i1ONFbmZ028103@soth.ventu> In-Reply-To: <200402242315.i1ONFbmZ028103@soth.ventu> Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Bad loopback traffic not stopped by ipfw. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 12:37:26 -0000 netstat -s -p ip . . . 3575124 datagrams with bad address in header Could it be this that drops "bad" packets before they enter the IPFW ? From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 04:51:54 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 05EDA16A4CE for ; Wed, 25 Feb 2004 04:51:54 -0800 (PST) Received: from smtp3.libero.it (smtp3.libero.it [193.70.192.127]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9050643D1F for ; Wed, 25 Feb 2004 04:51:53 -0800 (PST) (envelope-from ml.ventu@flashnet.it) Received: from soth.ventu (151.37.23.42) by smtp3.libero.it (7.0.020-DD01) id 401D5C59009F27FA for freebsd-net@freebsd.org; Wed, 25 Feb 2004 13:51:52 +0100 Received: from mailer (xanatar.ventu [10.1.2.6]) by soth.ventu (8.12.6p3/8.12.6) with SMTP id i1PCppmZ031547 for ; Wed, 25 Feb 2004 13:51:52 +0100 (CET) (envelope-from ml.ventu@flashnet.it) Message-Id: <200402251251.i1PCppmZ031547@soth.ventu> To: freebsd-net@freebsd.org Priority: Normal X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Wed, 25 Feb 2004 13:51:52 EST From: Andrea Venturoli Subject: Re: Bad loopback traffic not stopped by ipfw. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrea Venturoli List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 12:51:54 -0000 ** Reply to note from Iasen Kostov Wed, 25 Feb 2004 14:37:25 +0200 >netstat -s -p ip >.. >.. >.. > 3575124 datagrams with bad address in header > > Could it be this that drops "bad" packets before they enter the IPFW ? Nice, it could be, but I'm not so expert as to tell for sure. Can someone with more insight confirm? And possibly provide a pointer on why it is so, who blocks them, which are the criteria, ...? In fact I think they ARE blocked, because otherwise I would see "Connection attempt ..." log entries. Here it shows: 72641 datagrams with bad address in header bye & Thanks av. From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 05:42:37 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 52AA416A506 for ; Wed, 25 Feb 2004 05:42:37 -0800 (PST) Received: from tigra.ip.net.ua (tigra.ip.net.ua [82.193.96.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 38C7543D2F for ; Wed, 25 Feb 2004 05:42:36 -0800 (PST) (envelope-from ru@ip.net.ua) Received: from heffalump.office.ipnet (heffalump.office.ipnet [10.71.1.80]) by tigra.ip.net.ua (8.12.10/8.12.9) with ESMTP id i1PDiV7I006510 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 25 Feb 2004 15:44:32 +0200 (EET) (envelope-from ru@ip.net.ua) Received: (from ru@localhost) by heffalump.office.ipnet (8.12.11/8.12.11) id i1PDgS8V025015; Wed, 25 Feb 2004 15:42:28 +0200 (EET) (envelope-from ru) Date: Wed, 25 Feb 2004 15:42:28 +0200 From: Ruslan Ermilov To: DrumFire Message-ID: <20040225134228.GB24810@ip.net.ua> References: <20040224124734.77e8835b.dpphln@tin.it> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="61jdw2sOBCFtR2d/" Content-Disposition: inline In-Reply-To: <20040224124734.77e8835b.dpphln@tin.it> User-Agent: Mutt/1.5.6i X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: freebsd-net@FreeBSD.org Subject: Re: ifconfig and route problem. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 13:42:37 -0000 --61jdw2sOBCFtR2d/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 24, 2004 at 12:47:34PM +0000, DrumFire wrote: > Hi, >=20 > this is my configuration: >=20 > rl0: flags=3D8843 mtu 1500 > options=3D8 > inet 192.168.100.1 netmask 0xffffff00 broadcast 192.168.100.255 > ether 00:30:84:9e:9d:26 > media: Ethernet autoselect (100baseTX ) > status: active >=20 > and this is my default route=20 >=20 > default 192.168.100.254 UGS 0 0 rl0 >=20 > If I write something of this: >=20 > # ifconfig rl0 $ip (where ip can be also 192.168.100.1), my default > route is deleted, cut off server for my net. >=20 The reason why this is done is because each route has a pointer to one of the interface's address, and when this adress gets deleted, we invalidate the entry too. Not doing this caused us many problems before. You can see this linkage by using the following command: route -vn get default > There's a way to avoid ifconfig delete my default route when I modify=20 > a ipaddress? >=20 Unfortunately not, because there's no such operation like modifying an IP address -- you essentially remove one address and replace it with a new one (there's no such thing like SIOCCIFADDR). Cheers, --=20 Ruslan Ermilov FreeBSD committer ru@FreeBSD.org --61jdw2sOBCFtR2d/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAPKZEUkv4P6juNwoRAr+7AJ0ff1M9aG5LDyYxBoOr2VWlJmPuPQCfa8Wg vyqf5zqW70uRn3iASEB4d6A= =8qbE -----END PGP SIGNATURE----- --61jdw2sOBCFtR2d/-- From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 05:45:22 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD84B16A4D3 for ; Wed, 25 Feb 2004 05:45:22 -0800 (PST) Received: from mail.butovo-online.ru (mail.b-o.ru [212.5.78.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 41D8B43D55 for ; Wed, 25 Feb 2004 05:45:18 -0800 (PST) (envelope-from resident@b-o.ru) Received: from [192.168.92.185] (helo=192.168.92.185) by mail.butovo-online.ru with esmtp (Exim 4.24) id 1AvzVS-000B26-Ql; Wed, 25 Feb 2004 16:55:22 +0300 Date: Wed, 25 Feb 2004 16:47:03 +0300 From: Andrew Riabtsev X-Mailer: The Bat! (v1.62i) Business X-Priority: 3 (Normal) Message-ID: <10324604148.20040225164703@b-o.ru> To: Iasen Kostov In-Reply-To: <403C9705.3060108@OTEL.net> References: <200402242315.i1ONFbmZ028103@soth.ventu> <403C9705.3060108@OTEL.net> MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1251 Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org Subject: Re[2]: Bad loopback traffic not stopped by ipfw. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrew Riabtsev List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 13:45:22 -0000 橡桠弪 Iasen, Wednesday, February 25, 2004, 3:37:25 PM, you wrote: IK> netstat -s -p ip IK> . IK> . IK> . IK> 3575124 datagrams with bad address in header IK> Could it be this that drops "bad" packets before they enter the IPFW ? To me it would be also interesting to know where this traffic comes from. I have same on my local net: # tcpdump -neifxp0 src or dst 127.0.0.1 tcpdump: listening on fxp0 16:26:23.280737 0:50:fc:ed:d4:4 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > 192.168.141.148.1928: R 0:0(0) ack 1986723841 win 0 16:26:23.285831 0:d:61:e:3f:c3 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > 192.168.213.167.1571: R 0:0(0) ack 812253185 win 0 16:26:23.287642 0:1:2:9c:cf:e2 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > 192.168.118.205.1046: R 0:0(0) ack 1959723009 win 0 16:26:23.297289 0:4:79:68:14:9c 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > 192.168.214.208.1997: R 0:0(0) ack 1905917953 win 0 16:26:23.297555 0:c0:df:13:87:c4 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > 192.168.53.212.1836: R 0:0(0) ack 1137442817 win 0 dst mac-address is mac of fxp0 and src addresses is macs from local net not just nonexistent macs. It could be some kind of attack or it is flood from broken device in local net or maybe something else, i'll try to find it out. Let me know if You find out something new. Andrew mailto:resident@b-o.ru From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 06:12:18 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F381E16A4CE for ; Wed, 25 Feb 2004 06:12:17 -0800 (PST) Received: from mail.otel.net (gw3.OTEL.net [212.36.8.151]) by mx1.FreeBSD.org (Postfix) with ESMTP id ACCA743D41 for ; Wed, 25 Feb 2004 06:12:17 -0800 (PST) (envelope-from tbyte@OTEL.net) Received: from dragon.otel.net ([212.36.8.135] helo=OTEL.net) by mail.otel.net with esmtp (Exim 4.30; FreeBSD) id 1Avzln-000DLp-Iz; Wed, 25 Feb 2004 16:12:15 +0200 Message-ID: <403CAD41.10401@OTEL.net> Date: Wed, 25 Feb 2004 16:12:17 +0200 From: Iasen Kostov User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040224 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Andrew Riabtsev References: <200402242315.i1ONFbmZ028103@soth.ventu> <403C9705.3060108@OTEL.net> <10324604148.20040225164703@b-o.ru> In-Reply-To: <10324604148.20040225164703@b-o.ru> Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org Subject: Re: Bad loopback traffic not stopped by ipfw. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 14:12:18 -0000 Andrew Riabtsev wrote: >橡桠弪 Iasen, > >Wednesday, February 25, 2004, 3:37:25 PM, you wrote: > >IK> netstat -s -p ip >IK> . >IK> . >IK> . >IK> 3575124 datagrams with bad address in header > >IK> Could it be this that drops "bad" packets before they enter the IPFW ? > >To me it would be also interesting to know where this traffic comes >from. I have same on my local net: > ># tcpdump -neifxp0 src or dst 127.0.0.1 >tcpdump: listening on fxp0 >16:26:23.280737 0:50:fc:ed:d4:4 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > 192.168.141.148.1928: R 0:0(0) ack 1986723841 win 0 >16:26:23.285831 0:d:61:e:3f:c3 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > 192.168.213.167.1571: R 0:0(0) ack 812253185 win 0 >16:26:23.287642 0:1:2:9c:cf:e2 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > 192.168.118.205.1046: R 0:0(0) ack 1959723009 win 0 >16:26:23.297289 0:4:79:68:14:9c 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > 192.168.214.208.1997: R 0:0(0) ack 1905917953 win 0 >16:26:23.297555 0:c0:df:13:87:c4 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > 192.168.53.212.1836: R 0:0(0) ack 1137442817 win 0 > >dst mac-address is mac of fxp0 and src addresses is macs from local >net not just nonexistent macs. It could be some kind of attack or it >is flood from broken device in local net or maybe something else, i'll >try to find it out. Let me know if You find out something new. > > Andrew mailto:resident@b-o.ru > > > > Yes I see milions of packets of that type too ... What is the OS of the computer sending this packets ? It could be a trojan-flooder or something like that or a broken wind0ze driver ... From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 06:13:31 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CBBDD16A4CE; Wed, 25 Feb 2004 06:13:31 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id E371D43D39; Wed, 25 Feb 2004 06:13:30 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1PEDQQE086309 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 25 Feb 2004 17:13:27 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1PEDQbB086308; Wed, 25 Feb 2004 17:13:26 +0300 (MSK) Date: Wed, 25 Feb 2004 17:13:26 +0300 From: Gleb Smirnoff To: Andre Oppermann , freebsd-net@freebsd.org Message-ID: <20040225141326.GA86194@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Andre Oppermann , freebsd-net@freebsd.org References: <20040224080353.GA76272@cell.sick.ru> <403B2423.DABF2E48@freebsd.org> <20040224102113.GB77406@cell.sick.ru> <403B4182.F6BD7101@freebsd.org> <20040224123427.GA78495@cell.sick.ru> <403B47D4.6F783F4F@freebsd.org> <20040224130408.GA78658@cell.sick.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20040224130408.GA78658@cell.sick.ru> User-Agent: Mutt/1.5.6i Subject: Re: rtalloc()/rtfree() problems on CURRENT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 14:13:31 -0000 On Tue, Feb 24, 2004 at 04:04:08PM +0300, Gleb Smirnoff wrote: T> A> Ah, sorry, forgot that in my last email. The only thing is to use RTFREE(). T> A> At first I thought your reassigning of rt is a problem, but you free the T> A> correct ro.ro_rt later. T> T> Thank you! I'll try everything you suggested today night. Thanks again. Using RTFREE() fixed the problem. It works OK both on STABLE and CURRENT. If you don't mind I have one more question, though. Looking through kernel code, seeking for examples, I have found following in in_gif.c: rt = rtalloc1((struct sockaddr *)&sin, 0, 0UL); if (!rt || rt->rt_ifp != ifp) { #if 0 log(LOG_WARNING, "%s: packet from 0x%x dropped " "due to ingress filter\n", if_name(&sc->gif_if), (u_int32_t)ntohl(sin.sin_addr.s_addr)); #endif if (rt) rtfree(rt); return 0; } rtfree(rt); And it doesn't crash. Looking through the code I understood that in case of rtalloc()/rtfree() or rtalloc_ign()/rtfree() macro RT_UNLOCK is called twice, and this leads to panic. But in case of rtalloc1()/rtfree() everything is OK, since RT_UNLOCK is called once. So, the question is: if I need some readonly access to routing table can I use rtalloc1()/rtfree() or not? Will RTFREE be mandatory in future? This will save some small amount of CPU time, but this code is executed really often. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 06:16:45 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD91216A4CE for ; Wed, 25 Feb 2004 06:16:45 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id DEE9043D1D for ; Wed, 25 Feb 2004 06:16:44 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1PEGgQE086380 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 25 Feb 2004 17:16:43 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1PEGgW2086379; Wed, 25 Feb 2004 17:16:42 +0300 (MSK) Date: Wed, 25 Feb 2004 17:16:42 +0300 From: Gleb Smirnoff To: Andrew Riabtsev Message-ID: <20040225141642.GB86194@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Andrew Riabtsev , Iasen Kostov , freebsd-net@freebsd.org References: <200402242315.i1ONFbmZ028103@soth.ventu> <403C9705.3060108@OTEL.net> <10324604148.20040225164703@b-o.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <10324604148.20040225164703@b-o.ru> User-Agent: Mutt/1.5.6i cc: Iasen Kostov cc: freebsd-net@freebsd.org Subject: Re: Bad loopback traffic not stopped by ipfw. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 14:16:45 -0000 On Wed, Feb 25, 2004 at 04:47:03PM +0300, Andrew Riabtsev wrote: A> To me it would be also interesting to know where this traffic comes A> from. I have same on my local net: A> A> # tcpdump -neifxp0 src or dst 127.0.0.1 A> tcpdump: listening on fxp0 A> 16:26:23.280737 0:50:fc:ed:d4:4 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > 192.168.141.148.1928: R 0:0(0) ack 1986723841 win 0 > 16:26:23.287642 0:1:2:9>c:cf:e2 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > 192.168.118.205.1046: R 0:0(0) ack 1959723009 win 0 This is some kind of Win32 virus. This floods can be easily stopped by ipfw rule: deny tcp from any to any tcpflags rst,ack -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 06:19:51 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1BD8816A4CE for ; Wed, 25 Feb 2004 06:19:51 -0800 (PST) Received: from mail.otel.net (gw3.OTEL.net [212.36.8.151]) by mx1.FreeBSD.org (Postfix) with ESMTP id CAD8543D2D for ; Wed, 25 Feb 2004 06:19:50 -0800 (PST) (envelope-from tbyte@OTEL.net) Received: from dragon.otel.net ([212.36.8.135] helo=OTEL.net) by mail.otel.net with esmtp (Exim 4.30; FreeBSD) id 1Avzt7-000Dat-60; Wed, 25 Feb 2004 16:19:49 +0200 Message-ID: <403CAF07.5040906@OTEL.net> Date: Wed, 25 Feb 2004 16:19:51 +0200 From: Iasen Kostov User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040224 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Gleb Smirnoff References: <200402242315.i1ONFbmZ028103@soth.ventu> <403C9705.3060108@OTEL.net> <10324604148.20040225164703@b-o.ru> <20040225141642.GB86194@cell.sick.ru> In-Reply-To: <20040225141642.GB86194@cell.sick.ru> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Bad loopback traffic not stopped by ipfw. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 14:19:51 -0000 Gleb Smirnoff wrote: >On Wed, Feb 25, 2004 at 04:47:03PM +0300, Andrew Riabtsev wrote: >A> To me it would be also interesting to know where this traffic comes >A> from. I have same on my local net: >A> >A> # tcpdump -neifxp0 src or dst 127.0.0.1 >A> tcpdump: listening on fxp0 >A> 16:26:23.280737 0:50:fc:ed:d4:4 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > 192.168.141.148.1928: R 0:0(0) ack 1986723841 win 0 > > >>16:26:23.287642 0:1:2:9>c:cf:e2 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > 192.168.118.205.1046: R 0:0(0) ack 1959723009 win 0 >> >> > >This is some kind of Win32 virus. This floods can be easily >stopped by ipfw rule: > >deny tcp from any to any tcpflags rst,ack > > > These packets never reach IPFW as we can see. From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 06:21:37 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1DE7B16A4CE for ; Wed, 25 Feb 2004 06:21:37 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D7B343D1D for ; Wed, 25 Feb 2004 06:21:36 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1PELYQE086454 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 25 Feb 2004 17:21:35 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1PELYHt086453; Wed, 25 Feb 2004 17:21:34 +0300 (MSK) Date: Wed, 25 Feb 2004 17:21:34 +0300 From: Gleb Smirnoff To: Iasen Kostov Message-ID: <20040225142134.GA86436@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Iasen Kostov , freebsd-net@freebsd.org References: <200402242315.i1ONFbmZ028103@soth.ventu> <403C9705.3060108@OTEL.net> <10324604148.20040225164703@b-o.ru> <20040225141642.GB86194@cell.sick.ru> <403CAF07.5040906@OTEL.net> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <403CAF07.5040906@OTEL.net> User-Agent: Mutt/1.5.6i cc: freebsd-net@freebsd.org Subject: Re: Bad loopback traffic not stopped by ipfw. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 14:21:37 -0000 On Wed, Feb 25, 2004 at 04:19:51PM +0200, Iasen Kostov wrote: I> >>16:26:23.287642 0:1:2:9>c:cf:e2 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > I> >>192.168.118.205.1046: R 0:0(0) ack 1959723009 win 0 I> > I> >This is some kind of Win32 virus. This floods can be easily I> >stopped by ipfw rule: I> > I> >deny tcp from any to any tcpflags rst,ack I> > I> > I> > I> These packets never reach IPFW as we can see. Ughu. Really. But I have millions of them from non-localhost addresses. P.S. This is really off-topic already. We should move to -isp@ may be. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 06:28:36 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 093A716A4CE for ; Wed, 25 Feb 2004 06:28:36 -0800 (PST) Received: from hotmail.com (law11-f41.law11.hotmail.com [64.4.17.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id F224343D1D for ; Wed, 25 Feb 2004 06:28:35 -0800 (PST) (envelope-from weiwuzhang@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 25 Feb 2004 06:28:34 -0800 Received: from 218.85.102.39 by lw11fd.law11.hotmail.msn.com with HTTP; Wed, 25 Feb 2004 14:28:34 GMT X-Originating-IP: [218.85.102.39] X-Originating-Email: [weiwuzhang@hotmail.com] X-Sender: weiwuzhang@hotmail.com From: "Zhang Weiwu" To: freebsd-net@freebsd.org Date: Wed, 25 Feb 2004 22:28:34 +0800 Mime-Version: 1.0 Content-Type: text/plain; charset=gb2312; format=flowed Message-ID: X-OriginalArrivalTime: 25 Feb 2004 14:28:34.0910 (UTC) FILETIME=[A6926FE0:01C3FBAB] Subject: register DNS entry with dhclient X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: zhangweiwu@realss.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 14:28:36 -0000 I have a ADSL modem (domain name: modem.lan) also acting as DNS/dhcp server (pretty smart toy). The Windows computers in the office, after boot up and requested an ip addresss, also registere a DNS name in the modem (netbiosname.lan), but FreeBSD and Linux computers don't register their DNS name. So everyday we keep asking "Jerry what's your ip address I need to scp a file ..." :( I thought it won't be difficult to let FreeBSD register domain name. after read the specific part of dhclient.conf(5), I created a /etc/dhclient.conf file: ------ #my hostname is thinkpad.lan, 'lan' is our default search domain send fqdn.fqdn "thinkpad.lan"; send fqdn.server-update on; ------ Still my thinkpad runing FreeBSD 5.2 don't seem to have registered: zhangweiwu@thinkpad:~>nslookup windowsbox.lan Server: modem.lan Address: 10.0.0.138 Non-authoritative answer: Name: windowsbox.lan Address: 10.0.0.6 zhangweiwu@thinkpad:~>nslookup thinkpad.lan Server: modem.lan Address: 10.0.0.138 *** modem.lan can't find thinkpad: Non-existent host/domain I am not sure of the mechnism in domain name registeration; I cannot debug it. Is there any obvious wrong operation I am taking? _________________________________________________________________ 与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 06:48:47 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 84DB016A4CE for ; Wed, 25 Feb 2004 06:48:47 -0800 (PST) Received: from smtp1.libero.it (smtp1.libero.it [193.70.192.51]) by mx1.FreeBSD.org (Postfix) with ESMTP id 206E643D1D for ; Wed, 25 Feb 2004 06:48:47 -0800 (PST) (envelope-from ml.ventu@flashnet.it) Received: from soth.ventu (151.37.23.42) by smtp1.libero.it (7.0.020-DD01) id 401D5FAE00A07345 for freebsd-net@freebsd.org; Wed, 25 Feb 2004 15:49:14 +0100 Received: from mailer (xanatar.ventu [10.1.2.6]) by soth.ventu (8.12.6p3/8.12.6) with SMTP id i1PEmjmZ032110 for ; Wed, 25 Feb 2004 15:48:45 +0100 (CET) (envelope-from ml.ventu@flashnet.it) Message-Id: <200402251448.i1PEmjmZ032110@soth.ventu> To: freebsd-net@freebsd.org Priority: Normal X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Wed, 25 Feb 2004 15:48:45 EST From: Andrea Venturoli Subject: Re: Bad loopback traffic not stopped by ipfw. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrea Venturoli List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 14:48:47 -0000 ** Reply to note from Gleb Smirnoff Wed, 25 Feb 2004 17:21:34 +0300 > P.S. This is really off-topic already. We should move to -isp@ may be. I don't really think so, why would it be? It's concerning ipfw, netstat, traffic and the IP stack in general, I believe. N.B. I'm obviously willing to move if it is decided so. bye av. From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 06:53:41 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2DC1316A4CE for ; Wed, 25 Feb 2004 06:53:41 -0800 (PST) Received: from mail.otel.net (gw3.OTEL.net [212.36.8.151]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC6F743D2D for ; Wed, 25 Feb 2004 06:53:40 -0800 (PST) (envelope-from tbyte@OTEL.net) Received: from dragon.otel.net ([212.36.8.135] helo=OTEL.net) by mail.otel.net with esmtp (Exim 4.30; FreeBSD) id 1Aw0Pr-000Ecj-2T; Wed, 25 Feb 2004 16:53:39 +0200 Message-ID: <403CB6F4.9000502@OTEL.net> Date: Wed, 25 Feb 2004 16:53:40 +0200 From: Iasen Kostov User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040224 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Andrea Venturoli References: <200402251448.i1PEmjmZ032110@soth.ventu> In-Reply-To: <200402251448.i1PEmjmZ032110@soth.ventu> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Bad loopback traffic not stopped by ipfw. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 14:53:41 -0000 Andrea Venturoli wrote: >** Reply to note from Gleb Smirnoff Wed, 25 Feb 2004 17:21:34 +0300 > > > > >>P.S. This is really off-topic already. We should move to -isp@ may be. >> >> > >I don't really think so, why would it be? >It's concerning ipfw, netstat, traffic and the IP stack in general, I believe. > >N.B. I'm obviously willing to move if it is decided so. > > bye > av. > > I think thar Gleb talks about the "virus thing" :). From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 10:44:34 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E569E16A4CF for ; Wed, 25 Feb 2004 10:44:34 -0800 (PST) Received: from lakecmmtao02.coxmail.com (lakecmmtao02.coxmail.com [68.99.120.69]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C04643D1D for ; Wed, 25 Feb 2004 10:44:34 -0800 (PST) (envelope-from steve@freeslacker.net) Received: from freeslacker.net ([68.110.170.205]) by lakecmmtao02.coxmail.comESMTP <20040225184432.WKDI2211.lakecmmtao02.coxmail.com@freeslacker.net>; Wed, 25 Feb 2004 13:44:32 -0500 Message-ID: <403CED1A.7030704@freeslacker.net> Date: Wed, 25 Feb 2004 11:44:42 -0700 From: Steven Stremciuc User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207) X-Accept-Language: en-us, en MIME-Version: 1.0 To: zhangweiwu@realss.com References: In-Reply-To: Content-Type: text/plain; charset=GB2312 Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: register DNS entry with dhclient X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 18:44:35 -0000 Zhang Weiwu wrote: > I thought it won't be difficult to let FreeBSD register domain name. > after read the specific part of dhclient.conf(5), I created a > /etc/dhclient.conf file: > ------ > #my hostname is thinkpad.lan, 'lan' is our default search domain > send fqdn.fqdn "thinkpad.lan"; > send fqdn.server-update on; > ------ As I understand it the FreeBSD dhclient is not registering the domain name with the DNS server. It just sends it to the DHCPd and the DHCPd updates the DNS server. At least that's how it works on my LAN. I'm running FreeBSD 4.9. here's my entire /etc/dhclient.conf: ------- interface "em0" { send host-name "professorfrink"; } ------- note: according to man pages this expects hostname in rc.conf to be blank example entry in /etc/rc.conf: hostname="" my dhcp server updates the dns entry and it works out great. here's me pinging professorfrink from another box: barney# ping professorfrink PING professorfrink.home.freeslacker.net (192.168.100.185): 56 data bytes 64 bytes from 192.168.100.185: icmp_seq=0 ttl=63 time=0.584 ms 64 bytes from 192.168.100.185: icmp_seq=1 ttl=63 time=0.409 ms 64 bytes from 192.168.100.185: icmp_seq=2 ttl=63 time=0.459 ms hope that helps and good luck, Steven Stremciuc From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 14:11:51 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC37516A4CF for ; Wed, 25 Feb 2004 14:11:51 -0800 (PST) Received: from web41306.mail.yahoo.com (web41306.mail.yahoo.com [66.218.93.55]) by mx1.FreeBSD.org (Postfix) with SMTP id B9AB043D1D for ; Wed, 25 Feb 2004 14:11:51 -0800 (PST) (envelope-from alohaguy123@yahoo.com) Message-ID: <20040225221151.91486.qmail@web41306.mail.yahoo.com> Received: from [208.201.244.225] by web41306.mail.yahoo.com via HTTP; Wed, 25 Feb 2004 14:11:51 PST Date: Wed, 25 Feb 2004 14:11:51 -0800 (PST) From: Aloha Guy To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: freebsd-net@freebsd.org Subject: FreeBSD box as router adding latency X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 22:11:51 -0000 Greetings everyone: I'm using a FreeBSD based notebook (P4-M2.6Ghz, 2GB RAM) on the built in 3COM 920c (905c compatible) using the xl0 driver with the firewall enabled and set to open and rc.conf basically has: xl0 configured as 208.204.x.224 netmask 255.255.255.0 with the alias 192.168.0.1 netmask 255.255.0.0. natd is enabled with the natd interface as 208.204.x.224 tcp_extensions/RFC1323 is enabled log_in_vain is set to 1 tcp_keepalive is set to YES tcp_drop_synfin="NO" icmp_drop_redirect="NO" icmp_log_redirect="NO" defaultrouter="208.201.x.1" gateway_enable="YES" forward_sourceroute="YES" accept_sourceroute="YES" I also have the following set: # Don't respond to smurf-type icmp requests /sbin/sysctl -w net.inet.icmp.bmcastecho=0 # Enhance Performance /sbin/sysctl -w kern.maxfiles=65536 /sbin/sysctl -w kern.maxfilesperproc=32768 /sbin/sysctl -w kern.ipc.somaxconn=1024 /sbin/sysctl -w net.inet.ip.redirect=1 /sbin/sysctl -w net.inet6.ip6.redirect=1 /sbin/sysctl -w net.link.ether.inet.max_age=1200 The NIC is connected to a HP 2848 Managed 48 port Gigabit switch. My rc.firewall basically has the following which is for traffic shaping as well: setup_loopback () { ${fwcmd} add 48 skipto 100 ip from 208.201.x.224/29 to any ${fwcmd} add 49 skipto 100 ip from any to 208.201.x.224/29 ${fwcmd} add 50 divert natd all from any to any via ${natd_interface} ${fwcmd} add 100 pass all from any to any via lo0 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any ${fwcmd} enable one_pass ${fwcmd} pipe 1 config bw 608Kbit/s ${fwcmd} queue 1 config pipe 1 weight 30 ${fwcmd} queue 2 config pipe 1 weight 29 ${fwcmd} queue 3 config pipe 1 weight 28 ${fwcmd} queue 4 config pipe 1 weight 27 ${fwcmd} add 63000 allow all from any to 10.0.0.0/8 out ${fwcmd} add 63001 allow all from any to 172.16.0.0/12 out ${fwcmd} add 63002 allow all from any to 192.168.0.0/16 out ${fwcmd} add 63003 allow all from any to 208.201.x.224/29 out ${fwcmd} add 63004 set 0 queue 1 tcp from any to any tcpflags ack iplen 0-80 out xmit xl0 ${fwcmd} add 63005 set 0 queue 2 tcp from any to any 22,23 out xmit xl0 ${fwcmd} add 63006 set 0 queue 2 udp from any to any not 80,443 out xmit xl0 ${fwcmd} add 63007 set 0 queue 3 all from any to any 80,443 out xmit xl0 ${fwcmd} add 63008 set 0 queue 4 all from any to any out xmit xl0 ${fwcmd} add 65000 pass all from any to any and I guess FreeBSD adds the following rule by default: ${fwcmd} add 65535 deny ip from any to any So anyways, here is the problem, if I traceroute from the FreeBSD machine: traceroute to yahoo.com (66.218.71.198), 64 hops max, 40 byte packets 1 adsl-208-201-x-1.sonic.net (208.201.x.1) 7.274 ms 8.060 ms 7.384 ms 2 fast1-0-0.border.sr.sonic.net (208.201.224.194) 8.900 ms 8.921 ms 9.584 ms 3 fast0-0.gw.equinix-sj.sonic.net (64.142.0.14) 15.327 ms 14.889 ms 13.765 ms 4 exchange-cust1.sjo.equinix.net (206.223.116.16) 33.692 ms 34.501 ms 33.398 ms 5 ae0-p907.pat1.pao.yahoo.com (216.115.100.17) 19.431 ms 15.831 ms 14.858 ms 6 vlan26.bas1.scd.yahoo.com (216.115.101.34) 15.178 ms 20.284 ms vlan29.bas2.scd.yahoo.com (216.115.101.38) 15.301 ms 7 UNKNOWN-66-218-82-234.yahoo.com (66.218.82.234) 15.442 ms UNKNOWN-66-218-82-238.yahoo.com (66.218.82.238) 18.271 ms UNKNOWN-66-218-82-234.yahoo.com (66.218.82.234) 17.795 ms 8 alteon4.68.scd.yahoo.com (66.218.68.13) 17.168 ms 23.280 ms 19.143 ms However, if I do the same traceroute from 208.201.x.225 (Intel PRO/1000CT CSA NIC connected to the same HP switch) or 208.201.x.226 (3Com 920c (905 compatible connected to the same HP switch), it seems to add some latency and timeout between hop 1 and two and beyond which is the FreeBSD box and other side of the DSL link as shown below: Tracing route to yahoo.com [66.218.71.198] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms adsl-208-201-x-224.sonic.net [208.201.x.224] 2 19 ms * 8 ms adsl-208-201-x-1.sonic.net [208.201.x.1] 3 9 ms 18 ms 10 ms fast1-0-0.border.sr.sonic.net [208.201.224.194] 4 17 ms 14 ms 15 ms fast0-0.gw.equinix-sj.sonic.net [64.142.0.14] 5 40 ms 34 ms 38 ms exchange-cust1.sjo.equinix.net [206.223.116.16] 6 15 ms 16 ms 23 ms ae0-p907.pat1.pao.yahoo.com [216.115.100.17] 7 17 ms 17 ms 18 ms vlan29.bas2.scd.yahoo.com [216.115.101.38] 8 16 ms 18 ms 16 ms UNKNOWN-66-218-82-234.yahoo.com [66.218.82.234] 9 18 ms 17 ms 23 ms w1.rc.vip.scd.yahoo.com [66.218.71.198] Trace complete. Any ideas what is causing this? Is it the xl0 driver because I've used FreeBSD machines as ethernet routers before with a similar setup except there was no NAT involved and used the fxp drivers and it never had this problem. Thanks for your help in advance! John --------------------------------- Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 14:52:02 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9D86C16A4CE for ; Wed, 25 Feb 2004 14:52:02 -0800 (PST) Received: from uk-server1.anon-dns.net (uk-server1.anon-dns.net [193.111.226.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4B33043D3F for ; Wed, 25 Feb 2004 14:52:02 -0800 (PST) (envelope-from steve@softgreen.co.uk) Received: from host81-129-9-191.in-addr.btopenworld.com ([81.129.9.191] helo=SOFTGREEN) by uk-server1.anon-dns.net with smtp (Exim 4.30) id 1Aw7sn-0000qk-Ge for freebsd-net@freebsd.org; Wed, 25 Feb 2004 22:52:01 +0000 Message-ID: <006d01c3fbf2$0b3b9f20$c832a8c0@SOFTGREEN> From: "Steve Greenshaw" To: "Freebsd-Net" Date: Wed, 25 Feb 2004 22:52:27 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: FreeBSD (Racoon) / Draytek Setup X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 22:52:02 -0000 Hi, I'm having trouble attempting to set up a lan to lan VPN between FreeBSD 4.9 and a Draytek 'Vigor2900 router'. I'm trying to use IPSec tunnelling. My aim is to connect 192.168.32.0/24 (FreeBSD) to 192.168.1.0/24 (Draytek) On the FreeBSD box I've gone ahead and created a tunnel (gif) AAA.AAA.AAA.AAA => BBB.BBB.BBB.BBB This tunnel joins 192.168.32.1 and 192.168.1.1 There's a route to 192.168.1.0/24 via 192.168.1.1 added and present in the routing table. I've completd the VPN setup on the Draytek Vigor2900. I've removed all firewall or filtering rules so these are not an issue. Running racoon in verbose mode, when I try to start the connection from the Draytek I see: 2004-02-24 21:46:36: INFO: isakmp.c:892:isakmp_ph1begin_r(): respond new phase 1 negotiation: AAA.AAA.AAA.AAA[500]<=>BBB.BBB.BBB.BBB[500] 2004-02-24 21:46:36: INFO: isakmp.c:897:isakmp_ph1begin_r(): begin Aggressive mode. 2004-02-24 21:46:36: NOTIFY: oakley.c:2084:oakley_skeyid(): couldn't find the proper pskey, try to get one by the peer's address. 2004-02-24 21:46:38: INFO: isakmp.c:2410:log_ph1established(): ISAKMP-SA established AAA.AAA.AAA.AAA[500]-BBB.BBB.BBB.BBB[500] spi:361b8dc6e371b85c:30034bf29701e1a1 2004-02-24 21:46:38: INFO: isakmp.c:1047:isakmp_ph2begin_r(): respond new phase 2 negotiation: AAA.AAA.AAA.AAA[0]<=>BBB.BBB.BBB.BBB[0] 2004-02-24 21:46:38: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA established: ESP/Tunnel BBB.BBB.BBB.BBB->AAA.AAA.AAA.AAA spi=227581104(0xd909cb0) 2004-02-24 21:46:38: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA established: ESP/Tunnel AAA.AAA.AAA.AAA>BBB.BBB.BBB.BBB spi=4193511423(0xf9f3e7ff) The Draytek also tells me that I have a VPN up and running and that data is encrypted. The problem is that this is as far as it gets. I can't ping either of my private networks from the other etc., etc. I get 100% packet loss. This is really bugging me as the tunnel *has* to be there for the keys to be set, doesn't it? If that's the case then there must be a route? I use exactly this method FreeBSD - FreeBSD all the time ... Anyway. I'm really stuck now and was hoping that maybe somebody might be able to shed some light on this for me? Has anybody ever set up a FreeBSD/Draytek lan to lan VPN using IPSec? Does anybody know if it's possible? Below is the security policy that I use for setkey and also my racoon.conf, just in case that is useful ... ################ spdadd 192.168.32.0/24 192.168.1.0/24 ipencap -P out ipsec esp/tunnel/AAA.AAA.AAA.AAA-BBB.BBB.BBB.BBB/require; spdadd 192.168.1.0/24 192.168.32.0/24 ipencap -P in ipsec esp/tunnel/BBB.BBB.BBB.BBB-AAA.AAA.AAA.AAA/require; ################ ################ path include "/usr/local/etc/racoon" ; path pre_shared_key "/usr/local/etc/racoon/psk.txt" ; listen { isakmp AAA.AAA.AAA.AAA [500]; } padding { maximum_length 20; randomize off; strict_check off; exclusive_tail off; } timer { counter 5; interval 20 sec; persend 1; phase1 2800 sec; phase2 3600 sec; } remote anonymous { exchange_mode aggressive,main; situation identity_only; nonce_size 16; lifetime time 24 hour; initial_contact on; support_proxy on; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key ; dh_group 2 ; } } sainfo anonymous { pfs_group 2; lifetime time 12 hour ; encryption_algorithm 3des, blowfish, des, rijndael ; authentication_algorithm hmac_md5, hmac_sha1; compression_algorithm deflate ; } ################ Regards, Steve From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 14:56:48 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 970FC16A4D1; Wed, 25 Feb 2004 14:56:47 -0800 (PST) Received: from mail.wolves.k12.mo.us (duey.wolves.k12.mo.us [207.160.214.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 638EA43D1F; Wed, 25 Feb 2004 14:56:47 -0800 (PST) (envelope-from cdillon@wolves.k12.mo.us) Received: from localhost (localhost [127.0.0.1]) by mail.wolves.k12.mo.us (Postfix) with ESMTP id D83281FE4A; Wed, 25 Feb 2004 16:56:46 -0600 (CST) Received: from mail.wolves.k12.mo.us ([127.0.0.1]) by localhost (duey.wolves.k12.mo.us [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 09532-03; Wed, 25 Feb 2004 16:56:46 -0600 (CST) Received: by mail.wolves.k12.mo.us (Postfix, from userid 1001) id F26491FE43; Wed, 25 Feb 2004 16:56:45 -0600 (CST) Received: from localhost (localhost [127.0.0.1]) by mail.wolves.k12.mo.us (Postfix) with ESMTP id F0C6E1A91F; Wed, 25 Feb 2004 16:56:45 -0600 (CST) Date: Wed, 25 Feb 2004 16:56:45 -0600 (CST) From: Chris Dillon To: Aloha Guy In-Reply-To: <20040225221151.91486.qmail@web41306.mail.yahoo.com> Message-ID: <20040225165031.N10233@duey.wolves.k12.mo.us> References: <20040225221151.91486.qmail@web41306.mail.yahoo.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at wolves.k12.mo.us cc: freebsd-net@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD box as router adding latency X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 22:56:48 -0000 On Wed, 25 Feb 2004, Aloha Guy wrote: > Any ideas what is causing this? Is it the xl0 driver because I've > used FreeBSD machines as ethernet routers before with a similar > setup except there was no NAT involved and used the fxp drivers and > it never had this problem. Thanks for your help in advance! Additional delay while adding a hop is to be expected, no matter how fast your network or router is. You only added about 1ms on average, which is about right. The lost packet in the second traceroute might be due to a full/half-duplex mismatch between one of the NICs and the switch. -- Chris Dillon - cdillon(at)wolves.k12.mo.us FreeBSD: The fastest, most open, and most stable OS on the planet - Available for IA32, IA64, AMD64, PC98, Alpha, and UltraSPARC architectures - PowerPC, ARM, MIPS, and S/390 under development - http://www.freebsd.org Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon? From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 15:33:34 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 080A816A4CE for ; Wed, 25 Feb 2004 15:33:34 -0800 (PST) Received: from web41305.mail.yahoo.com (web41305.mail.yahoo.com [66.218.93.54]) by mx1.FreeBSD.org (Postfix) with SMTP id EFEDB43D39 for ; Wed, 25 Feb 2004 15:33:33 -0800 (PST) (envelope-from alohaguy123@yahoo.com) Message-ID: <20040225233333.46897.qmail@web41305.mail.yahoo.com> Received: from [208.201.244.225] by web41305.mail.yahoo.com via HTTP; Wed, 25 Feb 2004 15:33:33 PST Date: Wed, 25 Feb 2004 15:33:33 -0800 (PST) From: Aloha Guy To: Chris Dillon In-Reply-To: <20040225165031.N10233@duey.wolves.k12.mo.us> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: freebsd-net@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD box as router adding latency X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 23:33:34 -0000 Chris Dillon wrote: On Wed, 25 Feb 2004, Aloha Guy wrote: > Any ideas what is causing this? Is it the xl0 driver because I've > used FreeBSD machines as ethernet routers before with a similar > setup except there was no NAT involved and used the fxp drivers and > it never had this problem. Thanks for your help in advance! Additional delay while adding a hop is to be expected, no matter how fast your network or router is. You only added about 1ms on average, which is about right. The lost packet in the second traceroute might be due to a full/half-duplex mismatch between one of the NICs and the switch. You're right that additional delay while adding a hop is to be expected, which is less than 0.1ms to the FreeBSD box but everything past the FreeBSD machine is adding atleast 5ms up to 300ms in the traceroutes when the normal is no more than 20ms for the same traceroute. I've already checked the NICs and they are all configured at their full rated speeds and full duplex. I even try using a Cardbus PCMCIA fxp0 Intel Pro/100S card on the FreeBSD box and it still had the same problem. I am using a September 2003 -CURRENT so I don't know if it's a issue with the current networking code back then or not. John --------------------------------- Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 15:58:21 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F65C16A4CE; Wed, 25 Feb 2004 15:58:21 -0800 (PST) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5C46843D1F; Wed, 25 Feb 2004 15:58:21 -0800 (PST) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 8E7E7654B5; Wed, 25 Feb 2004 23:58:20 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 49283-03-4; Wed, 25 Feb 2004 23:58:20 +0000 (GMT) Received: from saboteur.dek.spc.org (82-147-17-88.dsl.uk.rapidplay.com [82.147.17.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 780AE654B2; Wed, 25 Feb 2004 23:58:19 +0000 (GMT) Received: by saboteur.dek.spc.org (Postfix, from userid 1001) id 9E70C37; Wed, 25 Feb 2004 23:58:18 +0000 (GMT) Date: Wed, 25 Feb 2004 23:58:18 +0000 From: Bruce M Simpson To: freebsd-current@freebsd.org, freebsd-net@freebsd.org Message-ID: <20040225235818.GC8762@saboteur.dek.spc.org> Mail-Followup-To: freebsd-current@freebsd.org, freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="TB36FDmn/VVEgNH/" Content-Disposition: inline Subject: HEADS UP: routed(8) source update X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 23:58:21 -0000 --TB36FDmn/VVEgNH/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, I've just merged version 2.27 of rhyolite.com's routed into the tree. If you track -CURRENT and use the MD5 authentication feature, note that it is no longer compatible with previous versions of FreeBSD; however it is now compatible with the Sun Solaris and Cisco implementations. I have added a note about this to src/UPDATING. Thanks, BMS --TB36FDmn/VVEgNH/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: '' iD8DBQFAPTaZueUpAYYNtTsRApWoAJ4iPKDINB4G35Znkp9YnVEWBQmZTQCfUryL 2jz0ozl+spzbjBor33xzbM0= =xXRG -----END PGP SIGNATURE----- --TB36FDmn/VVEgNH/-- From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 20:30:04 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 953FD16A4CE for ; Wed, 25 Feb 2004 20:30:04 -0800 (PST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5C78C43D31 for ; Wed, 25 Feb 2004 20:30:04 -0800 (PST) (envelope-from mlaier@vampire.homelinux.org) Received: from [212.227.126.206] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1AwD9w-000436-00 for net@freebsd.org; Thu, 26 Feb 2004 05:30:04 +0100 Received: from [80.131.150.236] (helo=vampire.homelinux.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 1AwD9v-0005es-00 for net@freebsd.org; Thu, 26 Feb 2004 05:30:03 +0100 Received: (qmail 68459 invoked by uid 1001); 26 Feb 2004 04:34:18 -0000 Date: Thu, 26 Feb 2004 05:34:18 +0100 From: Max Laier To: current@freebsd.org Message-ID: <20040226043418.GA68438@router.laiers.local> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="UugvWAfsgieZRqgk" Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:e28873fbe4dbe612ce62ab869898ff08 cc: hackers@freebsd.org cc: net@freebsd.org Subject: HEADS UP: pf import X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 04:30:04 -0000 --UugvWAfsgieZRqgk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, we started importing OpenBSD's packet filter (pf) from it's port=20 (security/pf). The kernel parts are done, though not linked to any=20 automatic build. If you want to build it already, you can build from the=20 corresponding module directories:=20 sys/modules/{pf, pflog, pfsync} Make sure to install new and modified headers. User of the port should hold off until this is done. The port will no=20 longer build with the new headers installed! There is no userland in the=20 tree, yet! This brings pf from OpenBSD 3.4 with the complete OpenBSD 3.4 function=20 set. It was tested from the port for a long time now and brings some=20 features that were not available to FreeBSD before. We have reports from=20 people successfully running the port (and a preliminarily version of the=20 changes committed now) on production-use firewalls and servers. To get an idea of pf's power I suggest reading the OpenBSD FAQ about it: http://www.openbsd.org/faq/pf/index.html or if you prefer a summarize, check out the port status report: http://www.freebsd.org/news/status/report-oct-2003-dec-2003.html#Porting-Op= enBSD's-pf --=20 Best regards, | max@love2party.net Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet --UugvWAfsgieZRqgk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAPXdGXyyEoT62BG0RAoF+AJ0YUaNIYEP607L6yUs8wrT3tIZjnACfd0Mp r8eAqQzpi95FnnR+g9RErf8= =pV+Y -----END PGP SIGNATURE----- --UugvWAfsgieZRqgk-- From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 23:40:25 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9B76C16A4F7 for ; Wed, 25 Feb 2004 23:40:25 -0800 (PST) Received: from mizar.origin-it.net (mizar.origin-it.net [194.8.96.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id B571443D1F for ; Wed, 25 Feb 2004 23:40:24 -0800 (PST) (envelope-from helge.oldach@atosorigin.com) Received: from matar.hbg.de.int.atosorigin.com (dehsfw3e.origin-it.net [194.8.96.68])i1Q7eMVC099344 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 26 Feb 2004 08:40:23 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: from galaxy.hbg.de.ao-srv.com (galaxy.hbg.de.ao-srv.com [161.89.20.4])ESMTP id i1Q7eMcc028144; Thu, 26 Feb 2004 08:40:22 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: (from hmo@localhost) by galaxy.hbg.de.ao-srv.com (8.9.3p2/8.9.3/hmo30mar03) id IAA18872; Thu, 26 Feb 2004 08:40:21 +0100 (MET) Message-Id: <200402260740.IAA18872@galaxy.hbg.de.ao-srv.com> In-Reply-To: <006d01c3fbf2$0b3b9f20$c832a8c0@SOFTGREEN> from Steve Greenshaw at "Feb 25, 2004 11:52:27 pm" To: steve@softgreen.co.uk (Steve Greenshaw) Date: Thu, 26 Feb 2004 08:40:21 +0100 (MET) From: Helge Oldach X-Address: Atos Origin GmbH, Friesenstra遝 13, D-20097 Hamburg, Germany X-Phone: +49 40 7886 7464, Fax: +49 40 7886 9464, Mobile: +49 160 4782517 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: FreeBSD (Racoon) / Draytek Setup X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 07:40:25 -0000 Steve Greenshaw: >################ >spdadd 192.168.32.0/24 192.168.1.0/24 ipencap -P out ipsec >esp/tunnel/AAA.AAA.AAA.AAA-BBB.BBB.BBB.BBB/require; >spdadd 192.168.1.0/24 192.168.32.0/24 ipencap -P in ipsec >esp/tunnel/BBB.BBB.BBB.BBB-AAA.AAA.AAA.AAA/require; >################ Try using "any" instead of "ipencap". (AFAIK gif(4) implements "ipip" encapsulation ((protocol 94)) and not "ipip" ((protocol 4)). But this is just meaningless here as the gif interface just acts as a routing placeholder and doesn't actually transport traffic.) The other thing you might want to try is using "unique" instead of "require". This is necessary for ESP tunnel mode against Cisco boxes, and probably will catch your case as well. Maybe someone can explain the difference between these two? The manpage isn't really verbose... Regards, Helge From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 23:43:28 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3459116A4CE; Wed, 25 Feb 2004 23:43:28 -0800 (PST) Received: from mizar.origin-it.net (mizar.origin-it.net [194.8.96.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id 71EF443D3F; Wed, 25 Feb 2004 23:43:27 -0800 (PST) (envelope-from helge.oldach@atosorigin.com) Received: from matar.hbg.de.int.atosorigin.com (dehsfw3e.origin-it.net [194.8.96.68])i1Q7hQUF099565 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 26 Feb 2004 08:43:26 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: from galaxy.hbg.de.ao-srv.com (galaxy.hbg.de.ao-srv.com [161.89.20.4])ESMTP id i1Q7hPgX028291; Thu, 26 Feb 2004 08:43:25 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: (from hmo@localhost) by galaxy.hbg.de.ao-srv.com (8.9.3p2/8.9.3/hmo30mar03) id IAA18903; Thu, 26 Feb 2004 08:43:25 +0100 (MET) Message-Id: <200402260743.IAA18903@galaxy.hbg.de.ao-srv.com> In-Reply-To: <20040218220230.GF47727@madman.celabo.org> from "Jacques A. Vidrine" at "Feb 18, 2004 11: 2:30 pm" To: nectar@freebsd.org (Jacques A. Vidrine) Date: Thu, 26 Feb 2004 08:43:24 +0100 (MET) From: Helge Oldach X-Address: Atos Origin GmbH, Friesenstra遝 13, D-20097 Hamburg, Germany X-Phone: +49 40 7886 7464, Fax: +49 40 7886 9464, Mobile: +49 160 4782517 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: security-team@freebsd.org cc: freebsd-net@freebsd.org Subject: Re: Fwd: [is this mbuf problem real?] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 07:43:28 -0000 All, maybe someone can comment on the status of this alert? There have been some comments about fixing it on freebsd-net@ but I haven't seen a CVS log - or I just missed it. Thanks. Helge Jacques A. Vidrine: >Does anyone have time to investigate? I will try to get more >information from iDEFENSE. > >Cheers, >-- >Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / >nectar@freebsd.org > >----- Forwarded message from Baby Peanut ----- > >Date: Wed, 18 Feb 2004 06:21:25 -0800 (PST) >From: Baby Peanut >To: freebsd-security@freebsd.org >Subject: is this mbuf problem real? >Message-ID: <20040218142125.49433.qmail@web41902.mail.yahoo.com> > >BM_207650 >MEDIUM >Vulnerability >Version: 1 2/18/2004@03:47:29 GMT >Initial report > >ID#207650: >FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability >(iDEFENSE Exclusive): Remote exploitation of a denial of service (DoS) >vulnerability in FreeBSD's memory buffers (mbufs) could allow attackers >to launch a DoS attack. > >By sending many out-of-sequence packets, a low bandwidth denial of >service attack is possible against FreeBSD. When the targeted system >runs out of memory buffers (mbufs), it is no longer able to accept or >create new connections. > > >Analysis: (iDEFENSE US) Exploitation of this vulnerability requires >that the targeted system has at least one open TCP port. > >The DoS will last until the port is closed, either by the attacker or >the target machine. > >Detection: iDEFENSE has confirmed this vulnerability exists in FreeBSD >5.1 (default install from media). It is expected that it also exists >in earlier versions. > >Exploit: iDEFENSE has proof of concept exploit code demonstrating the >impact of this vulnerability. > > >Vulnerability Types: Design Error - Denial of Service >Prevalence and Popularity: Almost always >Evidence of Active Exploitation or Probing: No known exploitation or >spike in probing >Ease of Exploitation: Remotely Exploitable >Existence and Availability of Exploit Code: An Exploit exists and is >closely traded. >Vulnerability Consequence: Availability > >__________________________________ >Do you Yahoo!? >Yahoo! Mail SpamGuard - Read only the mail you want. >http://antispam.yahoo.com/tools >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > >----- End forwarded message ----- > >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Thu Feb 26 00:07:17 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CAF7616A4CE; Thu, 26 Feb 2004 00:07:17 -0800 (PST) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 45D4643D1D; Thu, 26 Feb 2004 00:07:17 -0800 (PST) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 50E616542D; Thu, 26 Feb 2004 08:07:15 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 54389-04; Thu, 26 Feb 2004 08:07:14 +0000 (GMT) Received: from saboteur.dek.spc.org (82-147-17-88.dsl.uk.rapidplay.com [82.147.17.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 93A386542C; Thu, 26 Feb 2004 08:07:14 +0000 (GMT) Received: by saboteur.dek.spc.org (Postfix, from userid 1001) id 47A8738; Thu, 26 Feb 2004 08:07:13 +0000 (GMT) Date: Thu, 26 Feb 2004 08:07:12 +0000 From: Bruce M Simpson To: Helge Oldach Message-ID: <20040226080712.GA16446@saboteur.dek.spc.org> Mail-Followup-To: Helge Oldach , "Jacques A. Vidrine" , security-team@freebsd.org, freebsd-net@freebsd.org References: <20040218220230.GF47727@madman.celabo.org> <200402260743.IAA18903@galaxy.hbg.de.ao-srv.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200402260743.IAA18903@galaxy.hbg.de.ao-srv.com> cc: "Jacques A. Vidrine" cc: security-team@freebsd.org cc: freebsd-net@freebsd.org Subject: Re: Fwd: [is this mbuf problem real?] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 08:07:17 -0000 On Thu, Feb 26, 2004 at 08:43:24AM +0100, Helge Oldach wrote: > maybe someone can comment on the status of this alert? There have been > some comments about fixing it on freebsd-net@ but I haven't seen a CVS > log - or I just missed it. Dealt with in andre@'s recent commit to make the TCP reassembly queue use an UMA zone allocator. Thanks, BMS From owner-freebsd-net@FreeBSD.ORG Thu Feb 26 00:11:16 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3CEFA16A4CE; Thu, 26 Feb 2004 00:11:16 -0800 (PST) Received: from smtp.des.no (flood.des.no [217.116.83.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 032FF43D2F; Thu, 26 Feb 2004 00:11:16 -0800 (PST) (envelope-from des@des.no) Received: by smtp.des.no (Pony Express, from userid 666) id ED7555310; Thu, 26 Feb 2004 09:11:14 +0100 (CET) Received: from dwp.des.no (des.no [80.203.228.37]) by smtp.des.no (Pony Express) with ESMTP id AA8ED530D; Thu, 26 Feb 2004 09:11:06 +0100 (CET) Received: by dwp.des.no (Postfix, from userid 2602) id 8E4B133C71; Thu, 26 Feb 2004 09:11:06 +0100 (CET) To: Helge Oldach References: <200402260743.IAA18903@galaxy.hbg.de.ao-srv.com> From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=) Date: Thu, 26 Feb 2004 09:11:06 +0100 In-Reply-To: <200402260743.IAA18903@galaxy.hbg.de.ao-srv.com> (Helge Oldach's message of "Thu, 26 Feb 2004 08:43:24 +0100 (MET)") Message-ID: User-Agent: Gnus/5.090024 (Oort Gnus v0.24) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on flood.des.no X-Spam-Level: X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.63 cc: "Jacques A. Vidrine" cc: security-team@freebsd.org cc: freebsd-net@freebsd.org Subject: Re: Fwd: [is this mbuf problem real?] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 08:11:16 -0000 Helge Oldach writes: > maybe someone can comment on the status of this alert? There have been > some comments about fixing it on freebsd-net@ but I haven't seen a CVS > log - or I just missed it. It's been fixed, look for log messages about using uma for reassembly queues. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no From owner-freebsd-net@FreeBSD.ORG Thu Feb 26 00:16:35 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E104316A4CE for ; Thu, 26 Feb 2004 00:16:35 -0800 (PST) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 623EE43D1F for ; Thu, 26 Feb 2004 00:16:35 -0800 (PST) (envelope-from silby@silby.com) Received: (qmail 28574 invoked from network); 26 Feb 2004 08:16:34 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 26 Feb 2004 08:16:34 -0000 X-pair-Authenticated: 209.68.2.70 Date: Thu, 26 Feb 2004 02:16:32 -0600 (CST) From: Mike Silbersack To: Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?= In-Reply-To: Message-ID: <20040226021524.R741@odysseus.silby.com> References: <200402260743.IAA18903@galaxy.hbg.de.ao-srv.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=iso-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE cc: "Jacques A. Vidrine" cc: security-team@freebsd.org cc: freebsd-net@freebsd.org Subject: Re: Fwd: [is this mbuf problem real?] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 08:16:36 -0000 On Thu, 26 Feb 2004, Dag-Erling [iso-8859-1] Sm=F8rgrav wrote: > Helge Oldach writes: > > maybe someone can comment on the status of this alert? There have been > > some comments about fixing it on freebsd-net@ but I haven't seen a CVS > > log - or I just missed it. > > It's been fixed, look for log messages about using uma for reassembly > queues. > > DES > -- > Dag-Erling Sm=F8rgrav - des@des.no But not MFC'd to 4.x or the security branches yet, that is being worked on by the security officer team. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Thu Feb 26 00:45:16 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A0FA16A4CE; Thu, 26 Feb 2004 00:45:16 -0800 (PST) Received: from math.teaser.net (math.teaser.net [213.91.2.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 02E7F43D1D; Thu, 26 Feb 2004 00:45:16 -0800 (PST) (envelope-from e-masson@kisoft-services.com) Received: from t39bsdems.interne.kisoft-services.com (nantes.kisoft-services.com [193.56.60.243]) by math.teaser.net (Postfix) with ESMTP id C08066C826; Thu, 26 Feb 2004 09:45:14 +0100 (CET) Received: by t39bsdems.interne.kisoft-services.com (Postfix, from userid 1001) id D4AA35C20C; Thu, 26 Feb 2004 09:44:48 +0100 (CET) To: Max Laier From: Eric Masson In-Reply-To: <20040226043418.GA68438@router.laiers.local> (Max Laier's message of "Thu, 26 Feb 2004 05:34:18 +0100") References: <20040226043418.GA68438@router.laiers.local> X-Operating-System: FreeBSD 4.9-STABLE i386 Date: Thu, 26 Feb 2004 09:44:48 +0100 Message-ID: <863c8y8c1r.fsf@t39bsdems.interne.kisoft-services.com> User-Agent: Gnus/5.110002 (No Gnus v0.2) XEmacs/21.4 (Portable Code, berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: hackers@freebsd.org cc: current@freebsd.org cc: net@freebsd.org Subject: Re: HEADS UP: pf import X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 08:45:16 -0000 >>>>> "Max" == Max Laier writes: Hello Max, Max> The kernel parts are done, though not linked to any automatic Max> build. If you want to build it already, you can build from the Max> corresponding module directories: sys/modules/{pf, pflog, pfsync} Nice to hear, is Altq integration in the plan too ? Eric Masson -- BS> Tavergiste, c'est ma tourn閑 ! Je prendrais une girafe. -+- TT in www.le-gnu.net : Press閑 ou frapp閑 -+- From owner-freebsd-net@FreeBSD.ORG Thu Feb 26 01:33:17 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 930C316A4CE for ; Thu, 26 Feb 2004 01:33:17 -0800 (PST) Received: from webmail.emre.de (webmail.emre.de [194.8.203.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4771343D1F for ; Thu, 26 Feb 2004 01:33:16 -0800 (PST) (envelope-from info@emre.de) Received: by webmail.emre.de (Postfix, from userid 80) id C725C3A23E; Thu, 26 Feb 2004 10:33:13 +0100 (CET) Received: from sys-125.netcologne.de (sys-125.netcologne.de [194.8.193.125]) by webmail.emre.de (Horde) with HTTP for ; Thu, 26 Feb 2004 10:33:12 +0100 Message-ID: <1077787992.8b42fbc6cab56@webmail.emre.de> Date: Thu, 26 Feb 2004 10:33:12 +0100 From: Emre Bastuz To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) 4.0-cvs Subject: unable to set ip address during/after PPP? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 09:33:17 -0000 Hi, I=B4m trying to run a 4.X box with multiple PPPoE connections (_not_ as a PP= P bundle or something like that). Only about 5 connections come up, all further connections fail with the error message: Warning: iface add: ioctl(SIOCAIFADDR, x.x.x.x -> y.y.y.y): File exists Error: ipcp_InterfaceUp: unable to set ip address I know that this _used_ to work so I=B4m really wondering what goes wrong. Here=B4s the relevant parts of ppp.conf: test3: set log Phase Chat LCP IPCP CCP tun command set device PPPoE:vlan3: set phone 1234 set authname test3@something set authkey my_pw set mru 1492 set mtu 1492 set timeout 0 set speed sync set dial enable dns set ifaddr 10.0.0.1/0 10.0.0.2/0 0.0.0.0 0.0.0.0 add 195.24.114.101/32 HISADDR test4: set log Phase Chat LCP IPCP CCP tun command set device PPPoE:vlan4: set phone 1234 set authname test4@something set authkey my_pw set mru 1492 set mtu 1492 set timeout 0 set speed sync set dial enable dns set ifaddr 10.0.0.1/0 10.0.0.2/0 0.0.0.0 0.0.0.0 add 195.24.114.102/32 HISADDR test5: set log Phase Chat LCP IPCP CCP tun command set device PPPoE:vlan5: set phone 1234 set authname test5@something set authkey my_pw set mru 1492 set mtu 1492 set timeout 0 set speed sync set dial enable dns set ifaddr 10.0.0.1/0 10.0.0.2/0 0.0.0.0 0.0.0.0 add 195.24.114.103/32 HISADDR [etc] Some explanation: basically the box is connected to about 12 DSL modems. I want to have traffi= c through all of them and do some statistical analysis. In order to send data through all those particular modems I need to set one default route and multiple host routes to the gateway HISADDR - in case you are wondering abou= t the routing line. Some more details from the ppp.log: Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: deflink: SendConfigReq(38) s= tate =3D Req-Sent Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: IPADDR[6] 0.0.0.0 Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: PRIDNS[6] 213.168.112.60 Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: SECDNS[6] 194.8.194.60 Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: deflink: RecvConfigReq(46) s= tate =3D Req-Sent Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: IPADDR[6] 195.14.247.94 Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: deflink: SendConfigAck(46) s= tate =3D Req-Sent Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: IPADDR[6] 195.14.247.94 Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: deflink: State change Req-Se= nt --> Ack-Sent Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: deflink: RecvConfigNak(38) s= tate =3D Ack-Sent Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: IPADDR[6] 81.173.153.228 Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: IPADDR[6] changing address: 0.0.0.0 --> 81.173.153.228 Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: deflink: SendConfigReq(39) s= tate =3D Ack-Sent Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: IPADDR[6] 81.173.153.228 Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: PRIDNS[6] 213.168.112.60 Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: SECDNS[6] 194.8.194.60 Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: deflink: RecvConfigAck(39) s= tate =3D Ack-Sent Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: IPADDR[6] 81.173.153.228 Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: PRIDNS[6] 213.168.112.60 Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: SECDNS[6] 194.8.194.60 Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: deflink: State change Ack-Se= nt --> Opened Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: deflink: LayerUp. Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: myaddr 81.173.153.228 hisadd= r =3D 195.14.247.94 Feb 26 10:25:50 localhost ppp[305]: tun6: Warning: iface add: ioctl(SIOCAIFA= DDR, 81.173.153.228 -> 195.14.247.94): File exists Feb 26 10:25:50 localhost ppp[305]: tun6: Error: ipcp_InterfaceUp: unable to= set ip address Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: deflink: LayerDown: 81.173.153.228 Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: Using trigger address 0.0.0.= 0 Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: deflink: SendTerminateReq(40= ) state =3D Opened Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: deflink: State change Opened= --> Closing Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: deflink: RecvTerminateAck(40= ) state =3D Closing Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: deflink: LayerFinish. Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: Connect time: 0 secs: 0 octe= ts in, 0 octets out Feb 26 10:25:50 localhost ppp[305]: tun6: IPCP: 0 packets in, 0 packets out Everything seems to work fine in PPP but when it comes to assignin the negotiated IP adress to a tun interface something seems to go wrong. I=B4m really lost here ... anyone have an idea? Thanks, Emre -- http://www.emre.de UIN: 561260 PGP Key ID: 0xAFAC77FD I don't see why some people even HAVE cars. -- Calvin ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From owner-freebsd-net@FreeBSD.ORG Thu Feb 26 03:13:25 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1554816A4CF for ; Thu, 26 Feb 2004 03:13:25 -0800 (PST) Received: from uk-server1.anon-dns.net (uk-server1.anon-dns.net [193.111.226.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 93A6E43D2D for ; Thu, 26 Feb 2004 03:13:24 -0800 (PST) (envelope-from steve@softgreen.co.uk) Received: from [194.83.183.118] (helo=ACM12601) by uk-server1.anon-dns.net with smtp (Exim 4.30) id 1AwJSF-0005ms-MV; Thu, 26 Feb 2004 11:13:23 +0000 Message-ID: <002001c3fc59$4c40f440$76b753c2@ACM12601> From: "Steve Greenshaw" To: "Helge Oldach" References: <200402260740.IAA18872@galaxy.hbg.de.ao-srv.com> Date: Thu, 26 Feb 2004 11:11:34 -0000 Organization: SoftGreen Design Limited MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 cc: freebsd-net@freebsd.org Subject: Re: FreeBSD (Racoon) / Draytek Setup X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 11:13:25 -0000 Thanks. Works fine now when connecting from the Draytek ... getting a 'segmentation fault (cored dump)' from racoon when trying to initiate the connection from the FreeBSD box, but some more fine tuning may be required. Thanks again. Steve. ----- Original Message ----- From: "Helge Oldach" To: "Steve Greenshaw" Cc: Sent: Thursday, February 26, 2004 7:40 AM Subject: Re: FreeBSD (Racoon) / Draytek Setup > Steve Greenshaw: > >################ > >spdadd 192.168.32.0/24 192.168.1.0/24 ipencap -P out ipsec > >esp/tunnel/AAA.AAA.AAA.AAA-BBB.BBB.BBB.BBB/require; > >spdadd 192.168.1.0/24 192.168.32.0/24 ipencap -P in ipsec > >esp/tunnel/BBB.BBB.BBB.BBB-AAA.AAA.AAA.AAA/require; > >################ > > Try using "any" instead of "ipencap". (AFAIK gif(4) implements "ipip" > encapsulation ((protocol 94)) and not "ipip" ((protocol 4)). But this > is just meaningless here as the gif interface just acts as a routing > placeholder and doesn't actually transport traffic.) > > The other thing you might want to try is using "unique" instead of > "require". This is necessary for ESP tunnel mode against Cisco boxes, > and probably will catch your case as well. > > Maybe someone can explain the difference between these two? The manpage > isn't really verbose... > > Regards, > Helge > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Thu Feb 26 08:27:46 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 37E4816A4D1 for ; Thu, 26 Feb 2004 08:27:45 -0800 (PST) Received: from mercury.dgim.crc.ca (unknown [142.92.39.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8169143D1D for ; Thu, 26 Feb 2004 08:27:44 -0800 (PST) (envelope-from don@mainframe.dgrc.crc.ca) Received: from janus.dgrc.crc.ca (janus.dgrc.crc.ca [142.92.34.101]) i1QGRh5N000933 for ; Thu, 26 Feb 2004 11:27:43 -0500 Received: (from don@localhost) by janus.dgrc.crc.ca (8.11.6+Sun/8.11.6) id i1QGRVT02174 for freebsd-net@freebsd.org; Thu, 26 Feb 2004 11:27:31 -0500 (EST) Date: Thu, 26 Feb 2004 11:27:31 -0500 (EST) From: Donald McLachlan Message-Id: <200402261627.i1QGRVT02174@janus.dgrc.crc.ca> To: freebsd-net@freebsd.org Subject: IPv6 multicast sendto() 'operation not supported' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 16:27:47 -0000 Hello, [ I'm new to freebsd. This seems like the most related mailing list. If there is a better mailing list I should post to, please point me in the right direction. ] In preparation for writing an IPv6 multicast application I wrote a little test program (shown below). This program worked on linux (RedHat), but when I try it on a FreeBSD box (5.0, running zebra router and pim6dd) sendto() fails with "Operation not supported" ... ??? To verify my app was OK, I installed a solaris box on the LAN beside the linux box and the app compiled and worked fine. Thinking it might be a bug in 5.0 or an interaction with zebra/pim6dd I installed a FreeBSD 5.2 box on the lan beside the other 2 app boxes and I get the same error again. Anyone know what is missing/wrong in my test app? [ I'm guessing FreeBSD wants some extra socket options set, but I don't know which ones. ] Thanks, Don /* mcast6.c */ #include #include #include #include #include #include #include #include #include #include #include #include #include extern int errno; void start_sender(int sock, struct sockaddr_in6 *sin); void start_listener(int sock); int main(int argc, char *argv[]) { int sock, hops; unsigned int ifindex; struct sockaddr_in6 sin; struct ipv6_mreq mreq; char ifname[IF_NAMESIZE]; static unsigned char the_addr[16]; inet_pton(AF_INET6, "ff05::abcd", the_addr); if ((sock=socket(AF_INET6, SOCK_DGRAM, 0)) < 0) /* connect to socket */ { perror("socket"); exit(3); } bzero((char *)&sin, (int)sizeof(sin)); /* setup address info */ bcopy(the_addr, (char *)&sin.sin6_addr, sizeof(the_addr)); sin.sin6_family = AF_INET6; sin.sin6_port = htons(3000); /* bind addr to sock */ if(bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) { perror("bind"); exit(errno); } hops = 255; if(setsockopt(sock, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &hops, sizeof(hops)) < 0) { perror("setsockopt(IPV6_MULTICAST_HOPS)"); exit(errno); } ifindex = 0; #ifdef ORIG strcpy(ifname, "xl1"); ifindex = if_nametoindex(ifname); if(ifindex == 0) { perror("if_nametoindex()"); exit(errno); } if(setsockopt(sock, IPPROTO_IPV6, IPV6_MULTICAST_IF, &ifindex, sizeof(ifindex)) < 0) { perror("setsockopt(IPV6_MULTICAST_IF)"); exit(errno); } #endif /* setup group info */ bcopy(the_addr, (char *)&mreq.ipv6mr_multiaddr, sizeof(the_addr)); mreq.ipv6mr_interface = ifindex; /* and I/F index */ /* join group */ if(setsockopt(sock, IPPROTO_IPV6, IPV6_JOIN_GROUP, (char *)&mreq, sizeof(mreq)) < 0) { perror("setsockopt(IPV6_JOIN_GROUP)"); exit(21); } start_sender(sock, &sin); start_listener(sock); while(wait((int *)0) != -1); /* wait for all children to die */ return(0); } void start_sender(int sock, struct sockaddr_in6 *sin) { char bitbucket[2000]; pid_t pid; pid = fork(); switch(pid) { case 0: /* child */ while(1) { /* TX mcast PDU */ strcpy(bitbucket, "How now brown cow?"); if(sendto(sock, bitbucket, strlen(bitbucket)+1, 0, (struct sockaddr *)sin, sizeof(*sin)) < 0) { perror("sendto(sender)"); exit(23); } sleep(10); } break; case -1: /* parent fork failed */ printf("fork(sender): failed\n"); fflush(stdout); break; default: /* parent fork passed */ printf("sender PID = %d\n", (int)pid); fflush(stdout); break; } } void start_listener(int sock) { pid_t pid; unsigned int fromlen; struct sockaddr_in6 from; char bitbucket[2000], addrstr[INET6_ADDRSTRLEN]; pid = fork(); switch(pid) { case 0: /* child */ while(1) { bitbucket[0] = '\0'; fromlen = sizeof(from); if(recvfrom(sock, bitbucket, sizeof(bitbucket), 0, (struct sockaddr *)&from, &fromlen) < 0) { perror("listener: recvfrom()"); exit(21); } inet_ntop(AF_INET6, &from.sin6_addr, addrstr, sizeof(addrstr)); printf("< %s : \"%s\"\n", addrstr, bitbucket); fflush(stdout); } break; case -1: /* parent fork failed */ printf("fork(listerner): failed\n"); fflush(stdout); break; default: /* parent fork passed */ printf("listener PID = %d\n", (int)pid); fflush(stdout); break; } } From owner-freebsd-net@FreeBSD.ORG Thu Feb 26 08:35:26 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 108D316A4D0; Thu, 26 Feb 2004 08:35:26 -0800 (PST) Received: from mail.wolves.k12.mo.us (duey.wolves.k12.mo.us [207.160.214.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id C8F8F43D1F; Thu, 26 Feb 2004 08:35:25 -0800 (PST) (envelope-from cdillon@wolves.k12.mo.us) Received: from localhost (localhost [127.0.0.1]) by mail.wolves.k12.mo.us (Postfix) with ESMTP id 2D4EE1FE5C; Thu, 26 Feb 2004 10:35:25 -0600 (CST) Received: from mail.wolves.k12.mo.us ([127.0.0.1]) by localhost (duey.wolves.k12.mo.us [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 21263-01-51; Thu, 26 Feb 2004 10:35:24 -0600 (CST) Received: by mail.wolves.k12.mo.us (Postfix, from userid 1001) id 250E31FE50; Thu, 26 Feb 2004 10:35:24 -0600 (CST) Received: from localhost (localhost [127.0.0.1]) by mail.wolves.k12.mo.us (Postfix) with ESMTP id 234731A92D; Thu, 26 Feb 2004 10:35:24 -0600 (CST) Date: Thu, 26 Feb 2004 10:35:24 -0600 (CST) From: Chris Dillon To: Aloha Guy In-Reply-To: <20040225233333.46897.qmail@web41305.mail.yahoo.com> Message-ID: <20040226102832.I23339@duey.wolves.k12.mo.us> References: <20040225233333.46897.qmail@web41305.mail.yahoo.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at wolves.k12.mo.us cc: freebsd-net@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD box as router adding latency X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 16:35:26 -0000 On Wed, 25 Feb 2004, Aloha Guy wrote: > You're right that additional delay while adding a hop is to be > expected, which is less than 0.1ms to the FreeBSD box but everything > past the FreeBSD machine is adding atleast 5ms up to 300ms in the > traceroutes when the normal is no more than 20ms for the same > traceroute. I've already checked the NICs and they are all > configured at their full rated speeds and full duplex. I even try > using a Cardbus PCMCIA fxp0 Intel Pro/100S card on the FreeBSD box > and it still had the same problem. I am using a September 2003 > -CURRENT so I don't know if it's a issue with the current networking > code back then or not. What do you have HZ set to (see sysctl kern.clockrate)? I think I remember your original message showing you using pipes and queues and the HZ setting can affect those. Also see if your latency improves if you remove all pipe and queue rules (other ipfw rules are OK). -- Chris Dillon - cdillon(at)wolves.k12.mo.us FreeBSD: The fastest, most open, and most stable OS on the planet - Available for IA32, IA64, AMD64, PC98, Alpha, and UltraSPARC architectures - PowerPC, ARM, MIPS, and S/390 under development - http://www.freebsd.org Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon? From owner-freebsd-net@FreeBSD.ORG Thu Feb 26 09:22:46 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 06D7A16A4CE for ; Thu, 26 Feb 2004 09:22:46 -0800 (PST) Received: from nord.interexc.com (nord.interexc.com [193.108.123.135]) by mx1.FreeBSD.org (Postfix) with ESMTP id 01B1643D2F for ; Thu, 26 Feb 2004 09:22:45 -0800 (PST) (envelope-from nick@nord.interexc.com) Received: from nord.interexc.com (localhost.interexc.com [127.0.0.1]) by nord.interexc.com (8.12.10/8.12.10) with ESMTP id i1QHMe8b034769 for ; Thu, 26 Feb 2004 19:22:40 +0200 (EET) (envelope-from nick@nord.interexc.com) Received: (from nick@localhost) by nord.interexc.com (8.12.10/8.12.10/Submit) id i1QHMecH034768 for net@freebsd.org; Thu, 26 Feb 2004 19:22:40 +0200 (EET) (envelope-from nick) Date: Thu, 26 Feb 2004 19:22:39 +0200 From: Nick Strebkov To: net@freebsd.org Message-ID: <20040226172239.GA34508@nord.interexc.com> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-u Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Operating-System: FreeBSD 5.2.1-RELEASE X-Real-Name: =?koi8-u?B?89TSxcLLz9cgSMnLz8zByiDhzsHU?= =?koi8-u?B?z8zYxdfJ3g==?= Subject: rtp jitter control X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 17:22:46 -0000 Hi, I have a kernel-level RTP-poxy and now I need to control a jitter of incoming RTP stream by caching the last incoming RTP packet and sending it in case when the next packet is missed or delayed. RTP-proxy realized as kld module + kernel patch that modify ip_input.c. Patch adds a hook that process all IPv4 unicast UDP packets. In "my" packets it change the dest address and call ip_forward() with source routing simulation. My solution for task above is to start kernel-level process by kthread(9) and make buffering for all "my" packets with real sending it from the started kthread. Here I have three questions: 1. Is this solution posiible? 2. Do I need some special steps to send a cached packet from my kthread? 3. How to "lose" packet in ip_input()? Thanks. -- Nick Strebkov Public key: http://humgat.org/~nick/pubkey.txt fpr: 552C 88D6 895B 6E64 F277 D367 8A70 8132 47F5 C1B6 From owner-freebsd-net@FreeBSD.ORG Thu Feb 26 09:39:40 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D18C16A4CE for ; Thu, 26 Feb 2004 09:39:40 -0800 (PST) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id A43F843D1D for ; Thu, 26 Feb 2004 09:39:39 -0800 (PST) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.10/8.12.10) with ESMTP id i1QHdbKD058968; Thu, 26 Feb 2004 12:39:37 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.10/8.12.10/Submit) id i1QHdbbW058967; Thu, 26 Feb 2004 12:39:37 -0500 (EST) (envelope-from barney) Date: Thu, 26 Feb 2004 12:39:37 -0500 From: Barney Wolff To: Emre Bastuz Message-ID: <20040226173937.GA58572@pit.databus.com> References: <1077787992.8b42fbc6cab56@webmail.emre.de> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1077787992.8b42fbc6cab56@webmail.emre.de> User-Agent: Mutt/1.5.6i X-Scanned-By: MIMEDefang 2.39 cc: freebsd-net@freebsd.org Subject: Re: unable to set ip address during/after PPP? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 17:39:40 -0000 On Thu, Feb 26, 2004 at 10:33:12AM +0100, Emre Bastuz wrote: > > I磎 trying to run a 4.X box with multiple PPPoE connections (_not_ as a PPP > bundle or something like that). > > Warning: iface add: ioctl(SIOCAIFADDR, x.x.x.x -> y.y.y.y): File exists > Error: ipcp_InterfaceUp: unable to set ip address > > I know that this _used_ to work so I磎 really wondering what goes wrong. The usual cause of "File exists" here is a duplicate address on either end. I would not expect to be able to have >1 non-bundled links to/from the same address. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Thu Feb 26 10:33:18 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4D4A316A4CE for ; Thu, 26 Feb 2004 10:33:18 -0800 (PST) Received: from mercury.dgim.crc.ca (mercury.dgim.crc.ca [142.92.39.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D82043D2D for ; Thu, 26 Feb 2004 10:33:17 -0800 (PST) (envelope-from don@mainframe.dgrc.crc.ca) Received: from janus.dgrc.crc.ca (janus.dgrc.crc.ca [142.92.34.101]) i1QIXG5N024484 for ; Thu, 26 Feb 2004 13:33:16 -0500 Received: (from don@localhost) by janus.dgrc.crc.ca (8.11.6+Sun/8.11.6) id i1QIX3w02239 for freebsd-net@freebsd.org; Thu, 26 Feb 2004 13:33:03 -0500 (EST) Date: Thu, 26 Feb 2004 13:33:03 -0500 (EST) Message-Id: <200402261833.i1QIX3w02239@janus.dgrc.crc.ca> To: freebsd-net@freebsd.org From: Donald.McLachlan@crc.ca X-Sun-Charset: US-ASCII Subject: followup: IPv6 multicast sendto() 'operation not supported' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 18:33:18 -0000 Hello again, I think I have found a work around, but it does not explain why my test code works on linux (RedHat) and on Solaris, but not on FreeBSD. I found another test program which is *very* similar to mine. The differences being: - instead of fork()'ing the other program binds to in6addr_any instead of to the multcast group address. - the other program does not fork(). Instead it uses select() to multiplex I/O on the socket. - oh ya, and the other program works. ;) I'm guessing it is fork() that cause the problem. Why? Thanks, Don ----- Begin Included Message ----- >From owner-freebsd-net@freebsd.org Thu Feb 26 11:28:55 2004 From: Donald McLachlan Hello, [ I'm new to freebsd. This seems like the most related mailing list. If there is a better mailing list I should post to, please point me in the right direction. ] In preparation for writing an IPv6 multicast application I wrote a little test program (shown below). This program worked on linux (RedHat), but when I try it on a FreeBSD box (5.0, running zebra router and pim6dd) sendto() fails with "Operation not supported" ... ??? To verify my app was OK, I installed a solaris box on the LAN beside the linux box and the app compiled and worked fine. Thinking it might be a bug in 5.0 or an interaction with zebra/pim6dd I installed a FreeBSD 5.2 box on the lan beside the other 2 app boxes and I get the same error again. Anyone know what is missing/wrong in my test app? [ I'm guessing FreeBSD wants some extra socket options set, but I don't know which ones. ] Thanks, Don /* mcast6.c */ #include #include #include #include #include #include #include #include #include #include #include #include #include extern int errno; void start_sender(int sock, struct sockaddr_in6 *sin); void start_listener(int sock); int main(int argc, char *argv[]) { int sock, hops; unsigned int ifindex; struct sockaddr_in6 sin; struct ipv6_mreq mreq; char ifname[IF_NAMESIZE]; static unsigned char the_addr[16]; inet_pton(AF_INET6, "ff05::abcd", the_addr); if ((sock=socket(AF_INET6, SOCK_DGRAM, 0)) < 0) /* connect to socket */ { perror("socket"); exit(3); } bzero((char *)&sin, (int)sizeof(sin)); /* setup address info */ bcopy(the_addr, (char *)&sin.sin6_addr, sizeof(the_addr)); sin.sin6_family = AF_INET6; sin.sin6_port = htons(3000); /* bind addr to sock */ if(bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) { perror("bind"); exit(errno); } hops = 255; if(setsockopt(sock, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &hops, sizeof(hops)) < 0) { perror("setsockopt(IPV6_MULTICAST_HOPS)"); exit(errno); } ifindex = 0; #ifdef ORIG strcpy(ifname, "xl1"); ifindex = if_nametoindex(ifname); if(ifindex == 0) { perror("if_nametoindex()"); exit(errno); } if(setsockopt(sock, IPPROTO_IPV6, IPV6_MULTICAST_IF, &ifindex, sizeof(ifindex)) < 0) { perror("setsockopt(IPV6_MULTICAST_IF)"); exit(errno); } #endif /* setup group info */ bcopy(the_addr, (char *)&mreq.ipv6mr_multiaddr, sizeof(the_addr)); mreq.ipv6mr_interface = ifindex; /* and I/F index */ /* join group */ if(setsockopt(sock, IPPROTO_IPV6, IPV6_JOIN_GROUP, (char *)&mreq, sizeof(mreq)) < 0) { perror("setsockopt(IPV6_JOIN_GROUP)"); exit(21); } start_sender(sock, &sin); start_listener(sock); while(wait((int *)0) != -1); /* wait for all children to die */ return(0); } void start_sender(int sock, struct sockaddr_in6 *sin) { char bitbucket[2000]; pid_t pid; pid = fork(); switch(pid) { case 0: /* child */ while(1) { /* TX mcast PDU */ strcpy(bitbucket, "How now brown cow?"); if(sendto(sock, bitbucket, strlen(bitbucket)+1, 0, (struct sockaddr *)sin, sizeof(*sin)) < 0) { perror("sendto(sender)"); exit(23); } sleep(10); } break; case -1: /* parent fork failed */ printf("fork(sender): failed\n"); fflush(stdout); break; default: /* parent fork passed */ printf("sender PID = %d\n", (int)pid); fflush(stdout); break; } } void start_listener(int sock) { pid_t pid; unsigned int fromlen; struct sockaddr_in6 from; char bitbucket[2000], addrstr[INET6_ADDRSTRLEN]; pid = fork(); switch(pid) { case 0: /* child */ while(1) { bitbucket[0] = '\0'; fromlen = sizeof(from); if(recvfrom(sock, bitbucket, sizeof(bitbucket), 0, (struct sockaddr *)&from, &fromlen) < 0) { perror("listener: recvfrom()"); exit(21); } inet_ntop(AF_INET6, &from.sin6_addr, addrstr, sizeof(addrstr)); printf("< %s : \"%s\"\n", addrstr, bitbucket); fflush(stdout); } break; case -1: /* parent fork failed */ printf("fork(listerner): failed\n"); fflush(stdout); break; default: /* parent fork passed */ printf("listener PID = %d\n", (int)pid); fflush(stdout); break; } } _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" ----- End Included Message ----- From owner-freebsd-net@FreeBSD.ORG Thu Feb 26 13:53:44 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A52A016A4CF for ; Thu, 26 Feb 2004 13:53:44 -0800 (PST) Received: from web41307.mail.yahoo.com (web41307.mail.yahoo.com [66.218.93.56]) by mx1.FreeBSD.org (Postfix) with SMTP id 82EDE43D1D for ; Thu, 26 Feb 2004 13:53:44 -0800 (PST) (envelope-from alohaguy123@yahoo.com) Message-ID: <20040226215344.65632.qmail@web41307.mail.yahoo.com> Received: from [208.201.244.226] by web41307.mail.yahoo.com via HTTP; Thu, 26 Feb 2004 13:53:44 PST Date: Thu, 26 Feb 2004 13:53:44 -0800 (PST) From: Aloha Guy To: Chris Dillon In-Reply-To: <20040226102832.I23339@duey.wolves.k12.mo.us> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: freebsd-net@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD box as router adding latency X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 21:53:44 -0000 Chris Dillon wrote: On Wed, 25 Feb 2004, Aloha Guy wrote: > You're right that additional delay while adding a hop is to be > expected, which is less than 0.1ms to the FreeBSD box but everything > past the FreeBSD machine is adding atleast 5ms up to 300ms in the > traceroutes when the normal is no more than 20ms for the same > traceroute. I've already checked the NICs and they are all > configured at their full rated speeds and full duplex. I even try > using a Cardbus PCMCIA fxp0 Intel Pro/100S card on the FreeBSD box > and it still had the same problem. I am using a September 2003 > -CURRENT so I don't know if it's a issue with the current networking > code back then or not. What do you have HZ set to (see sysctl kern.clockrate)? I think I remember your original message showing you using pipes and queues and the HZ setting can affect those. Also see if your latency improves if you remove all pipe and queue rules (other ipfw rules are OK). Here is the HZ setting: kern.clockrate: { hz = 100, tick = 10000, profhz = 1024, stathz = 128 } I'm not sure how to remove the pipe since I don't think the pipe works until the queue is defined. When I removed the queues that are configured for the pipe, the latency is back to normal though. Thanks, John --------------------------------- Do you Yahoo!? Get better spam protection with Yahoo! Mail From owner-freebsd-net@FreeBSD.ORG Thu Feb 26 14:02:58 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 173A816A4CE; Thu, 26 Feb 2004 14:02:58 -0800 (PST) Received: from mail.wolves.k12.mo.us (duey.wolves.k12.mo.us [207.160.214.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id E339343D1D; Thu, 26 Feb 2004 14:02:57 -0800 (PST) (envelope-from cdillon@wolves.k12.mo.us) Received: from localhost (localhost [127.0.0.1]) by mail.wolves.k12.mo.us (Postfix) with ESMTP id 848351FE4E; Thu, 26 Feb 2004 16:02:57 -0600 (CST) Received: from mail.wolves.k12.mo.us ([127.0.0.1]) by localhost (duey.wolves.k12.mo.us [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 29196-01-5; Thu, 26 Feb 2004 16:02:46 -0600 (CST) Received: by mail.wolves.k12.mo.us (Postfix, from userid 1001) id E9FAE1FE2B; Thu, 26 Feb 2004 16:02:46 -0600 (CST) Received: from localhost (localhost [127.0.0.1]) by mail.wolves.k12.mo.us (Postfix) with ESMTP id E86371A922; Thu, 26 Feb 2004 16:02:46 -0600 (CST) Date: Thu, 26 Feb 2004 16:02:46 -0600 (CST) From: Chris Dillon To: Aloha Guy In-Reply-To: <20040226215344.65632.qmail@web41307.mail.yahoo.com> Message-ID: <20040226155909.E29441@duey.wolves.k12.mo.us> References: <20040226215344.65632.qmail@web41307.mail.yahoo.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at wolves.k12.mo.us cc: freebsd-net@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD box as router adding latency X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 22:02:58 -0000 On Thu, 26 Feb 2004, Aloha Guy wrote: > > What do you have HZ set to (see sysctl kern.clockrate)? I think I > > remember your original message showing you using pipes and queues > > and the HZ setting can affect those. Also see if your latency > > improves if you remove all pipe and queue rules (other ipfw rules > > are OK). > > > Here is the HZ setting: > > kern.clockrate: { hz = 100, tick = 10000, profhz = 1024, stathz = 128 } > > I'm not sure how to remove the pipe since I don't think the pipe > works until the queue is defined. When I removed the queues that > are configured for the pipe, the latency is back to normal though. Like I said, remove both pipes and queues to test. However, pipes _can_ be used without queues, but that is irrelevant here. Try setting HZ to 1000 in your kernel config, recompile, reboot, and test again. You should see something between a slight improvement to a ten-fold improvement. -- Chris Dillon - cdillon(at)wolves.k12.mo.us FreeBSD: The fastest, most open, and most stable OS on the planet - Available for IA32, IA64, AMD64, PC98, Alpha, and UltraSPARC architectures - PowerPC, ARM, MIPS, and S/390 under development - http://www.freebsd.org Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon? From owner-freebsd-net@FreeBSD.ORG Thu Feb 26 14:56:08 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7219016A537 for ; Thu, 26 Feb 2004 14:56:08 -0800 (PST) Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2402543D39 for ; Thu, 26 Feb 2004 14:56:08 -0800 (PST) (envelope-from mwade@bluehighway.net) Received: from net-ninja.dyndns.org ([68.59.250.193]) by comcast.net (sccrmhc12) with ESMTP id <2004022622560601200ait98e>; Thu, 26 Feb 2004 22:56:06 +0000 Received: from net-ninja.dyndns.org (net-ninja.dyndns.org [192.168.1.10]) by net-ninja.dyndns.org (Postfix) with ESMTP id 55B3F243 for ; Thu, 26 Feb 2004 17:56:05 -0500 (EST) Date: Thu, 26 Feb 2004 17:56:05 -0500 (EST) From: Mike Wade X-X-Sender: mwade@net-ninja.dyndns.org To: freebsd-net@freebsd.org Message-ID: <20040226171125.Q15617@net-ninja.dyndns.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Persistant random receiving packet drops with wi(4) and IBSS X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 22:56:08 -0000 Greetings, I'm experiencing a rather perplexing problem with 2 wireless nodes running FreeBSD 4.9-STABLE utilizing the wi(4) driver in IBSS mode. Periodically I'm unable to receive packets (transmitting packets is fine) but I'm able to see the incoming packets via tcpdump running in promisc mode only. I'm not able to see the incoming packets when it's not in promisc mode. Here's how I'm able to observe/recreate the problem: Node 1 pings Node 2 Node 2 pings Node 1 input (wi0) output packets errs bytes packets errs bytes colls 12 0 1440 12 0 1188 0 12 0 1440 12 0 1188 0 12 0 1440 12 0 1188 0 12 0 1440 12 0 1188 0 All is swell for 1-30 minutes until Node 1 stops receiving packets from Node 2 for 5-60 seconds. This situation always recovers. input (wi0) output packets errs bytes packets errs bytes colls 0 0 0 4 0 460 0 0 0 0 4 0 460 0 0 0 0 4 0 460 0 0 0 0 4 0 460 0 (notice no input errors on Node 1) If I tcpdump -e -vv -i wi0 on Node 1 I can see the packets reaching Node 1 but they are not passed up to the IP layer (I assume): 16:12:53.205704 0:2:6f:8:11:54 0:2:6f:8:11:56 0800 116: 192.168.0.2 > 192.168.0.1: icmp: echo request (ttl 64, id 30741, len 102) 16:12:53.453220 0:2:6f:8:11:54 0:2:6f:8:11:56 0800 116: 192.168.0.2 > 192.168.0.1: icmp: echo request (ttl 64, id 30742, len 102) However, if I turn off promisc mode on wi0 by tcpdump -p -e -vv -i wi0 on Node 1 I don't see the packets reaching Node 2. Any thoughts on what's going on? Is it a possible driver or firmware issue? It's as though the destination MAC address is wrong however tcpdump -e is showing the right MAC address at least. I'm just now getting around to adding some additional debug info into the driver but I'm by no means a device driver expert so I expect progress to be slow. :) I'm able to reliably recreate the problem and would be happy to help assist anyone in debugging this problem if they have any ideas. The vital stats are: OS: FreeBSD 4.9-STABLE Hardware: Soekris 4521 Wireless Adapter on Node 1: wi0 at port 0x240-0x27f irq 10 slot 0 on pccard0 wi0: 802.11 address: 00:02:6f:08:11:56 wi0: using RF:PRISM2.5 MAC:ISL3873 wi0: Intersil Firmware: Primary 1.01.00, Station 1.04.09 Wireless Adapter on Node 2: wi0 at port 0x240-0x27f irq 10 slot 0 on pccard0 wi0: 802.11 address: 00:02:6f:08:11:54 wi0: using RF:PRISM2.5 MAC:ISL3873 wi0: Intersil Firmware: Primary 1.01.00, Station 1.04.09 wicontrol on Node 1: NIC serial number: [ SN028051036 ] Station name: [ FreeBSD WaveLAN/IEEE node ] SSID for IBSS creation: [ test ] Current netname (SSID): [ test ] Desired netname (SSID): [ test ] Current BSSID: [ 02:02:e9:91:11:56 ] Channel list: [ 2047 ] IBSS channel: [ 1 ] Current channel: [ 1 ] Comms quality/signal/noise: [ 28 52 3 ] Promiscuous mode: [ Off ] Process 802.11b Frame: [ Off ] Intersil-Prism2 based card: [ 1 ] Port type (1=BSS, 3=ad-hoc): [ 4 ] MAC address: [ 00:02:6f:08:11:56 ] TX rate (selection): [ 3 ] TX rate (actual speed): [ 1 ] RTS/CTS handshake threshold: [ 2347 ] Create IBSS: [ Off ] Access point density: [ 1 ] Power Mgmt (1=on, 0=off): [ 0 ] Max sleep time: [ 100 ] WEP encryption: [ Off ] TX encryption key: [ 1 ] Encryption keys: [ ][ ][ ][ ] wicontrol on Node 2: NIC serial number: [ SN028051036 ] Station name: [ FreeBSD WaveLAN/IEEE node ] SSID for IBSS creation: [ test ] Current netname (SSID): [ test ] Desired netname (SSID): [ test ] Current BSSID: [ 02:02:e9:91:11:56 ] Channel list: [ 2047 ] IBSS channel: [ 1 ] Current channel: [ 1 ] Comms quality/signal/noise: [ 26 58 6 ] Promiscuous mode: [ Off ] Process 802.11b Frame: [ Off ] Intersil-Prism2 based card: [ 1 ] Port type (1=BSS, 3=ad-hoc): [ 4 ] MAC address: [ 00:02:6f:08:11:54 ] TX rate (selection): [ 3 ] TX rate (actual speed): [ 11 ] RTS/CTS handshake threshold: [ 2347 ] Create IBSS: [ Off ] Access point density: [ 1 ] Power Mgmt (1=on, 0=off): [ 0 ] Max sleep time: [ 100 ] WEP encryption: [ Off ] TX encryption key: [ 1 ] Encryption keys: [ ][ ][ ][ ] --- Mike Wade (mwade@bluehighway.net) Blue Highway Labs, LLC. From owner-freebsd-net@FreeBSD.ORG Thu Feb 26 18:55:00 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 69CA216A4CE for ; Thu, 26 Feb 2004 18:55:00 -0800 (PST) Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [202.249.10.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0033743D1F for ; Thu, 26 Feb 2004 18:54:59 -0800 (PST) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from ocean.jinmei.org (unknown [3ffe:501:100f:1048:200:39ff:fe5e:cfd7]) by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP id 91AEB15210; Fri, 27 Feb 2004 11:54:58 +0900 (JST) Date: Fri, 27 Feb 2004 11:55:10 +0900 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: Donald McLachlan In-Reply-To: <200402261627.i1QGRVT02174@janus.dgrc.crc.ca> References: <200402261627.i1QGRVT02174@janus.dgrc.crc.ca> User-Agent: Wanderlust/2.10.1 (Watching The Wheels) Emacs/21.3 Mule/5.0 (SAKAKI) Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan. MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: IPv6 multicast sendto() 'operation not supported' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 02:55:00 -0000 >>>>> On Thu, 26 Feb 2004 11:27:31 -0500 (EST), >>>>> Donald McLachlan said: > In preparation for writing an IPv6 multicast application I wrote a little > test program (shown below). This program worked on linux (RedHat), but > when I try it on a FreeBSD box (5.0, running zebra router and pim6dd) > sendto() fails with "Operation not supported" ... ??? > To verify my app was OK, I installed a solaris box on the LAN beside the > linux box and the app compiled and worked fine. > Thinking it might be a bug in 5.0 or an interaction with zebra/pim6dd I > installed a FreeBSD 5.2 box on the lan beside the other 2 app boxes and > I get the same error again. Anyone know what is missing/wrong in my test app? > [ I'm guessing FreeBSD wants some extra socket options set, but I don't know > which ones. ] Did your code really succeed the bind(2) call in the main function? > bzero((char *)&sin, (int)sizeof(sin)); /* setup address info */ > bcopy(the_addr, (char *)&sin.sin6_addr, sizeof(the_addr)); > sin.sin6_family = AF_INET6; > sin.sin6_port = htons(3000); > /* bind addr to sock */ > if(bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) > { > perror("bind"); > exit(errno); > } FreeBSD should require a valid sin6_len (which should be sizeof(sockaddr_in6)), so the program should have stopped here. JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp From owner-freebsd-net@FreeBSD.ORG Thu Feb 26 22:36:25 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E285816A4D0 for ; Thu, 26 Feb 2004 22:36:25 -0800 (PST) Received: from web41312.mail.yahoo.com (web41312.mail.yahoo.com [66.218.93.61]) by mx1.FreeBSD.org (Postfix) with SMTP id D448243D1D for ; Thu, 26 Feb 2004 22:36:25 -0800 (PST) (envelope-from alohaguy123@yahoo.com) Message-ID: <20040227063625.54127.qmail@web41312.mail.yahoo.com> Received: from [208.201.244.226] by web41312.mail.yahoo.com via HTTP; Thu, 26 Feb 2004 22:36:25 PST Date: Thu, 26 Feb 2004 22:36:25 -0800 (PST) From: Aloha Guy To: Chris Dillon In-Reply-To: <20040226155909.E29441@duey.wolves.k12.mo.us> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: freebsd-net@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD box as router adding latency X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 06:36:26 -0000 Chris Dillon wrote: On Thu, 26 Feb 2004, Aloha Guy wrote: > > What do you have HZ set to (see sysctl kern.clockrate)? I think I > > remember your original message showing you using pipes and queues > > and the HZ setting can affect those. Also see if your latency > > improves if you remove all pipe and queue rules (other ipfw rules > > are OK). > > > Here is the HZ setting: > > kern.clockrate: { hz = 100, tick = 10000, profhz = 1024, stathz = 128 } > > I'm not sure how to remove the pipe since I don't think the pipe > works until the queue is defined. When I removed the queues that > are configured for the pipe, the latency is back to normal though. Like I said, remove both pipes and queues to test. However, pipes _can_ be used without queues, but that is irrelevant here. Try setting HZ to 1000 in your kernel config, recompile, reboot, and test again. You should see something between a slight improvement to a ten-fold improvement. Already tried that and it did improve things a little. I tried setting the HZ to 1000 and it didn't make much of a difference. Is there a larger number that actually works well? Thanks, John --------------------------------- Do you Yahoo!? Get better spam protection with Yahoo! Mail From owner-freebsd-net@FreeBSD.ORG Fri Feb 27 05:30:24 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BC1116A4CE for ; Fri, 27 Feb 2004 05:30:24 -0800 (PST) Received: from mercury.dgim.crc.ca (mercury.dgim.crc.ca [142.92.39.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1A5A943D2F for ; Fri, 27 Feb 2004 05:30:24 -0800 (PST) (envelope-from don@mainframe.dgrc.crc.ca) Received: from janus.dgrc.crc.ca (janus.dgrc.crc.ca [142.92.34.101]) i1RDUN5N032480; Fri, 27 Feb 2004 08:30:23 -0500 Received: (from don@localhost) by janus.dgrc.crc.ca (8.11.6+Sun/8.11.6) id i1RDU9f02740; Fri, 27 Feb 2004 08:30:09 -0500 (EST) Date: Fri, 27 Feb 2004 08:30:09 -0500 (EST) From: Donald McLachlan Message-Id: <200402271330.i1RDU9f02740@janus.dgrc.crc.ca> To: jinmei@isl.rdc.toshiba.co.jp X-Sun-Charset: US-ASCII cc: freebsd-net@freebsd.org Subject: Re: IPv6 multicast sendto() 'operation not supported' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 13:30:24 -0000 Hi, Yes, the bind() succeeded, and in fact the receiver side was able to receive packets. Only sendto() failed. Don > From jinmei@isl.rdc.toshiba.co.jp Thu Feb 26 21:54:52 2004 > > >>>>> On Thu, 26 Feb 2004 11:27:31 -0500 (EST), > >>>>> Donald McLachlan said: > > > In preparation for writing an IPv6 multicast application I wrote a little > > test program (shown below). This program worked on linux (RedHat), but > > when I try it on a FreeBSD box (5.0, running zebra router and pim6dd) > > sendto() fails with "Operation not supported" ... ??? > > > To verify my app was OK, I installed a solaris box on the LAN beside the > > linux box and the app compiled and worked fine. > > > Thinking it might be a bug in 5.0 or an interaction with zebra/pim6dd I > > installed a FreeBSD 5.2 box on the lan beside the other 2 app boxes and > > I get the same error again. Anyone know what is missing/wrong in my test app? > > > [ I'm guessing FreeBSD wants some extra socket options set, but I don't know > > which ones. ] > > Did your code really succeed the bind(2) call in the main function? > > > bzero((char *)&sin, (int)sizeof(sin)); /* setup address info */ > > bcopy(the_addr, (char *)&sin.sin6_addr, sizeof(the_addr)); > > sin.sin6_family = AF_INET6; > > sin.sin6_port = htons(3000); > > /* bind addr to sock */ > > if(bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) > > { > > perror("bind"); > > exit(errno); > > } > > FreeBSD should require a valid sin6_len (which should be > sizeof(sockaddr_in6)), so the program should have stopped here. > > JINMEI, Tatuya > Communication Platform Lab. > Corporate R&D Center, Toshiba Corp. > jinmei@isl.rdc.toshiba.co.jp > From owner-freebsd-net@FreeBSD.ORG Thu Feb 26 14:11:13 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CCC8416A4CF for ; Thu, 26 Feb 2004 14:11:13 -0800 (PST) Received: from mercury.dgim.crc.ca (mercury.dgim.crc.ca [142.92.39.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C5ED43D2F for ; Thu, 26 Feb 2004 14:11:13 -0800 (PST) (envelope-from don@mainframe.dgrc.crc.ca) Received: from janus.dgrc.crc.ca (janus.dgrc.crc.ca [142.92.34.101]) i1QMBC5N027482; Thu, 26 Feb 2004 17:11:12 -0500 Received: (from don@localhost) by janus.dgrc.crc.ca (8.11.6+Sun/8.11.6) id i1QMAxb02374; Thu, 26 Feb 2004 17:10:59 -0500 (EST) Date: Thu, 26 Feb 2004 17:10:59 -0500 (EST) Message-Id: <200402262210.i1QMAxb02374@janus.dgrc.crc.ca> From: Donald.McLachlan@crc.ca X-Sun-Charset: US-ASCII To: undisclosed-recipients: ; X-Mailman-Approved-At: Fri, 27 Feb 2004 05:56:25 -0800 Subject: answer: IPv6 multicast sendto() 'operation not supported' on FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 22:11:13 -0000 Hello, I found the "problem" with the code shown and can explain it as follows: When binding a socket to a unicast address you are saying: - "all received packets with the given unicast dest address and (UDP) port should be delivered to this socket" - "and all packets sent from this socket must be sent with this unicast source address and (UDP) port". The problem is that as written this code is saying the same thing (but substituting unicast with multicast, ie: - "all received packets with the given mulitcast dest address and (UDP) port should be delivered to this socket" [OK] - "and all packets sent from this socket must be sent from this mulitcast source address and (UDP) port". [Strictly speaking this is wrong] Multicast packets must be sent with a unicast source address! - FreeBSD is being pedantic and is not allowing to send pkts with the source address specified in the bind(). - Linux and Solaris "know" this is not allowed, and send the packet using the unicast IP address of the outgoing interface as the source address (instead of the multicast address specified in the bind()). QED. [ hence ssetsockopt(IPV6_MULTICAST_IF) ? ] Don > From: Donald McLachlan > > Hello, > < snip > > > In preparation for writing an IPv6 multicast application I wrote a little > test program (shown below). This program worked on linux (RedHat), but > when I try it on a FreeBSD box (5.0, running zebra router and pim6dd) > sendto() fails with "Operation not supported" ... ??? > > To verify my app was OK, I installed a solaris box on the LAN beside the > linux box and the app compiled and worked fine. > > Thinking it might be a bug in 5.0 or an interaction with zebra/pim6dd I > installed a FreeBSD 5.2 box on the lan beside the other 2 app boxes and > I get the same error again. Anyone know what is missing/wrong in my test app? > > [ I'm guessing FreeBSD wants some extra socket options set, but I don't know > which ones. ] > > Thanks, > Don > > > > > /* > mcast6.c > */ > > #include > #include > #include > #include > #include > #include > #include > #include > #include > #include > #include > #include > #include > > extern int errno; > > void start_sender(int sock, struct sockaddr_in6 *sin); > void start_listener(int sock); > > int main(int argc, char *argv[]) > { > int sock, hops; > unsigned int ifindex; > struct sockaddr_in6 sin; > struct ipv6_mreq mreq; > char ifname[IF_NAMESIZE]; > > static unsigned char the_addr[16]; > > inet_pton(AF_INET6, "ff05::abcd", the_addr); > > if ((sock=socket(AF_INET6, SOCK_DGRAM, 0)) < 0) /* connect to socket */ > { > perror("socket"); > exit(3); > } > > bzero((char *)&sin, (int)sizeof(sin)); /* setup address info */ > bcopy(the_addr, (char *)&sin.sin6_addr, sizeof(the_addr)); > sin.sin6_family = AF_INET6; > sin.sin6_port = htons(3000); > /* bind addr to sock */ > if(bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) > { > perror("bind"); > exit(errno); > } > > hops = 255; > if(setsockopt(sock, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &hops, sizeof(hops)) < 0) > { > perror("setsockopt(IPV6_MULTICAST_HOPS)"); > exit(errno); > } > > ifindex = 0; > #ifdef ORIG > strcpy(ifname, "xl1"); > ifindex = if_nametoindex(ifname); > if(ifindex == 0) > { > perror("if_nametoindex()"); > exit(errno); > } > > if(setsockopt(sock, IPPROTO_IPV6, IPV6_MULTICAST_IF, &ifindex, sizeof(ifindex)) < 0) > { > perror("setsockopt(IPV6_MULTICAST_IF)"); > exit(errno); > } > #endif > /* setup group info */ > bcopy(the_addr, (char *)&mreq.ipv6mr_multiaddr, sizeof(the_addr)); > mreq.ipv6mr_interface = ifindex; /* and I/F index */ > > /* join group */ > if(setsockopt(sock, IPPROTO_IPV6, IPV6_JOIN_GROUP, (char *)&mreq, sizeof(mreq)) < 0) > { > perror("setsockopt(IPV6_JOIN_GROUP)"); > exit(21); > } > > start_sender(sock, &sin); > start_listener(sock); > > while(wait((int *)0) != -1); /* wait for all children to die */ > > return(0); > } > > void start_sender(int sock, struct sockaddr_in6 *sin) > { > char bitbucket[2000]; > pid_t pid; > > pid = fork(); > switch(pid) > { > case 0: /* child */ > while(1) > { /* TX mcast PDU */ > strcpy(bitbucket, "How now brown cow?"); > > if(sendto(sock, bitbucket, strlen(bitbucket)+1, 0, (struct sockaddr *)sin, sizeof(*sin)) < 0) > { > perror("sendto(sender)"); > exit(23); > } > sleep(10); > } > break; > > case -1: /* parent fork failed */ > printf("fork(sender): failed\n"); > fflush(stdout); > break; > > default: /* parent fork passed */ > printf("sender PID = %d\n", (int)pid); > fflush(stdout); > break; > } > } > > void start_listener(int sock) > { > pid_t pid; > unsigned int fromlen; > struct sockaddr_in6 from; > char bitbucket[2000], addrstr[INET6_ADDRSTRLEN]; > > pid = fork(); > switch(pid) > { > case 0: /* child */ > while(1) > { > bitbucket[0] = '\0'; > fromlen = sizeof(from); > if(recvfrom(sock, bitbucket, sizeof(bitbucket), > 0, (struct sockaddr *)&from, > &fromlen) < 0) > { > perror("listener: recvfrom()"); > exit(21); > } > > inet_ntop(AF_INET6, &from.sin6_addr, addrstr, > sizeof(addrstr)); > printf("< %s : \"%s\"\n", addrstr, bitbucket); > fflush(stdout); > } > break; > > case -1: /* parent fork failed */ > printf("fork(listerner): failed\n"); > fflush(stdout); > break; > > default: /* parent fork passed */ > printf("listener PID = %d\n", (int)pid); > fflush(stdout); > break; > } > } > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > > ----- End Included Message ----- > > From owner-freebsd-net@FreeBSD.ORG Fri Feb 27 07:14:31 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D7A8A16A4CE for ; Fri, 27 Feb 2004 07:14:31 -0800 (PST) Received: from mail001.syd.optusnet.com.au (mail001.syd.optusnet.com.au [211.29.132.142]) by mx1.FreeBSD.org (Postfix) with ESMTP id AC64C43D1D for ; Fri, 27 Feb 2004 07:14:30 -0800 (PST) (envelope-from tfrank@optushome.com.au) Received: from marvin.home.local (c211-28-241-189.eburwd5.vic.optusnet.com.au [211.28.241.189])i1RFE5h28248; Sat, 28 Feb 2004 02:14:07 +1100 Received: by marvin.home.local (Postfix, from userid 1001) id 62DF83DE; Sat, 28 Feb 2004 02:14:05 +1100 (EST) Date: Sat, 28 Feb 2004 02:14:05 +1100 From: Tony Frank To: Gleb Smirnoff , Iasen Kostov , freebsd-net@freebsd.org Message-ID: <20040227151405.GA5540@marvin.home.local> References: <200402242315.i1ONFbmZ028103@soth.ventu> <403C9705.3060108@OTEL.net> <10324604148.20040225164703@b-o.ru> <20040225141642.GB86194@cell.sick.ru> <403CAF07.5040906@OTEL.net> <20040225142134.GA86436@cell.sick.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040225142134.GA86436@cell.sick.ru> User-Agent: Mutt/1.4.2.1i Subject: Re: Bad loopback traffic not stopped by ipfw. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 15:14:32 -0000 Hi all, On Wed, Feb 25, 2004 at 05:21:34PM +0300, Gleb Smirnoff wrote: > On Wed, Feb 25, 2004 at 04:19:51PM +0200, Iasen Kostov wrote: > I> >>16:26:23.287642 0:1:2:9>c:cf:e2 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > > I> >>192.168.118.205.1046: R 0:0(0) ack 1959723009 win 0 > I> > > I> >This is some kind of Win32 virus. This floods can be easily > I> >stopped by ipfw rule: > I> > > I> >deny tcp from any to any tcpflags rst,ack > I> > > I> These packets never reach IPFW as we can see. > > Ughu. Really. > But I have millions of them from non-localhost addresses. > This maybe is of interest? http://www.dshield.org/pipermail/list/2004-January/014027.php Regards, Tony From owner-freebsd-net@FreeBSD.ORG Fri Feb 27 09:14:56 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 17B9016A4CE; Fri, 27 Feb 2004 09:14:56 -0800 (PST) Received: from hotmail.com (law11-f60.law11.hotmail.com [64.4.17.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id ECE6343D1F; Fri, 27 Feb 2004 09:14:55 -0800 (PST) (envelope-from weiwuzhang@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 27 Feb 2004 09:14:55 -0800 Received: from 218.85.100.14 by lw11fd.law11.hotmail.msn.com with HTTP; Fri, 27 Feb 2004 17:14:55 GMT X-Originating-IP: [218.85.100.14] X-Originating-Email: [weiwuzhang@hotmail.com] X-Sender: weiwuzhang@hotmail.com From: "Zhang Weiwu" To: freebsd-net@freebsd.org Date: Sat, 28 Feb 2004 01:14:55 +0800 Mime-Version: 1.0 Content-Type: text/plain; charset=gb2312; format=flowed Message-ID: X-OriginalArrivalTime: 27 Feb 2004 17:14:55.0807 (UTC) FILETIME=[3879F4F0:01C3FD55] cc: freebsd-questions@freebsd.org Subject: ppp server: arp proxy things? (re-post) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: zhangweiwu@realss.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 17:14:56 -0000 Hello. I posted this questions three days ago; I didn't get a reply yet. I have been fighting the problem today whole day without any luck, and the more I dig into the problem, the more I feel it should not be a very rare problem. Perhaps I didn't descirbe my problem clear enough in my last email, or did I have etiquette problem? Should I provide more specific information? Now to what I can understand, the biggest problem is the proxy arp. I can have bc compuerts connects to bs, but I cannot let them access other hosts on the LAN. A true example: bc1 is 10.0.0.11, on the other side of the tunnel is 10.0.0.10 (bs). bs also have a NIC address 10.0.0.9. bc1 ping 10.0.0.10 and 10.0.0.9 just fine, ping other hosts gets time out. I do have "enable proxy" (and "enable proxyall") in my ppp.conf; I do have gateway_enable="yes" in my rc.conf. So it is a simple question: ppp connects okay, but proxy arp is not working, what should I do? === Here is my last post === Hello. I think this problem really go out of my English language ability, I'm trying my best to explain it: Now I just built a bluetooth based LAN access server, that is to run several serial connection over bluetooth, so you can think they are many simple serial connection, and ppp runs over the connections through tun. The network is like this: [gateway/firewall: 10.0.0.138] --- [many hosts, 10.0.0.1 - 10.0.0.8] | | +-- [10.0.0.10 <-tun-> 10.0.0.11] -- [bc1] [bs: 10.0.0.9]+-- [10.0.0.12 <-tun-> 10.0.0.13] -- [bc2] +-- [10.0.0.14 <-tun-> 10.0.0.15] -- [bc3] 10.0.0.138 is also the DHCP/DNS server. bs means bluetooth LAN access server, bc1 is a notebook computer with bluetooth, bc2 is another, and bc3 yet another. I have pppd running on bs. I'm pretty dumb with ppp, to get it working I setup three ppp lables in /etc/ppp/ppp.conf, holding the address from 10.0.0.10 to 10.0.0.15. Currently bc1, bc2, bc3 connect to bs correctly, I don't have any route/proxy to let bc to connect to other computers in the LAN, say 10.0.0.1. Now I wish to make the network really transparent, that is as if bc1, bc2, bc3 is in the LAN, to be pinged and sshed. I wish to make: * upon each ppp connection, bs ask 10.0.0.138 to assign an IP address from address pool to bc, also let 10.0.0.138 give other dhcp information like dns server, search domain etc. If bc love to register a DNS entry it should be able to do so. * When someone in LAN (say 10.0.0.5) wish to connect to bc2 it should be no problem (so-called proxy arp). I hope I'm clear. Am I still far away from getting that work? Where to find a guide to achieve that? Thank you! _________________________________________________________________ 享用世界上最大的电子邮件系统— MSN Hotmail。 http://www.hotmail.com From owner-freebsd-net@FreeBSD.ORG Fri Feb 27 10:07:07 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6DC0C16A4D5; Fri, 27 Feb 2004 10:07:07 -0800 (PST) Received: from smtp.netcabo.pt (smtp.netcabo.pt [212.113.174.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 69F6343D39; Fri, 27 Feb 2004 10:07:06 -0800 (PST) (envelope-from max@love2party.net) Received: from mail pickup service by smtp.netcabo.pt with Microsoft SMTPSVC; Fri, 27 Feb 2004 18:07:05 +0000 Received: from rt.dgc.tvcabo.pt ([212.113.163.4]) by smtp.netcabo.pt with Microsoft SMTPSVC(5.0.2195.6713); Thu, 26 Feb 2004 05:30:51 +0000 Received: (qmail 20424 invoked by uid 512); 26 Feb 2004 05:00:03 -0000 Received: from owner-freebsd-current@freebsd.org by legolas.hdi.tvcabo.pt by uid 504 with qmail-scanner-1.20st (clamuko: 0.66. spamassassin: 2.63. Clear:RC:1(212.113.174.9):. Processed in 0.454116 secs); 26 Feb 2004 05:00:03 -0000 X-Antivirus-TVCABO-Mail-From: owner-freebsd-current@freebsd.org via legolas.hdi.tvcabo.pt X-Antivirus-TVCABO: 1.20st (Clear:RC:1(212.113.174.9):. Processed in 0.454116 secs) process 20423 Received: from smtp.netcabo.pt (212.113.174.9) by rt.dgc.tvcabo.pt with SMTP; 26 Feb 2004 05:00:03 -0000 Received: from mx2.freebsd.org ([216.136.204.119]) by smtp.netcabo.pt with Microsoft SMTPSVC(5.0.2195.6713); Thu, 26 Feb 2004 04:59:42 +0000 Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id ACCF5573FA; Wed, 25 Feb 2004 20:30:36 -0800 (PST) (envelope-from owner-freebsd-current@freebsd.org) Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 3280D16A58F; Wed, 25 Feb 2004 20:30:12 -0800 (PST) Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D5D1316A4CE for ; Wed, 25 Feb 2004 20:30:04 -0800 (PST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id A09EF43D31 for ; Wed, 25 Feb 2004 20:30:04 -0800 (PST) (envelope-from mlaier@vampire.homelinux.org) Received: from [212.227.126.179] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1AwD9v-00021b-00 for current@freebsd.org; Thu, 26 Feb 2004 05:30:03 +0100 Received: from [80.131.150.236] (helo=vampire.homelinux.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 1AwD9v-00080H-00 for current@freebsd.org; Thu, 26 Feb 2004 05:30:03 +0100 Received: (qmail 68459 invoked by uid 1001); 26 Feb 2004 04:34:18 -0000 Date: Thu, 26 Feb 2004 05:34:18 +0100 From: Max Laier To: current@freebsd.org Message-ID: <20040226043418.GA68438@router.laiers.local> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="UugvWAfsgieZRqgk" Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:e28873fbe4dbe612ce62ab869898ff08 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Sender: owner-freebsd-current@freebsd.org Errors-To: owner-freebsd-current@freebsd.org X-OriginalArrivalTime: 26 Feb 2004 04:59:42.0600 (UTC) FILETIME=[588B0080:01C3FC25] cc: hackers@freebsd.org cc: net@freebsd.org Subject: HEADS UP: pf import X-BeenThere: freebsd-net@freebsd.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 18:07:07 -0000 --UugvWAfsgieZRqgk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, we started importing OpenBSD's packet filter (pf) from it's port=20 (security/pf). The kernel parts are done, though not linked to any=20 automatic build. If you want to build it already, you can build from the=20 corresponding module directories:=20 sys/modules/{pf, pflog, pfsync} Make sure to install new and modified headers. User of the port should hold off until this is done. The port will no=20 longer build with the new headers installed! There is no userland in the=20 tree, yet! This brings pf from OpenBSD 3.4 with the complete OpenBSD 3.4 function=20 set. It was tested from the port for a long time now and brings some=20 features that were not available to FreeBSD before. We have reports from=20 people successfully running the port (and a preliminarily version of the=20 changes committed now) on production-use firewalls and servers. To get an idea of pf's power I suggest reading the OpenBSD FAQ about it: http://www.openbsd.org/faq/pf/index.html or if you prefer a summarize, check out the port status report: http://www.freebsd.org/news/status/report-oct-2003-dec-2003.html#Porting-Op= enBSD's-pf --=20 Best regards, | max@love2party.net Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet --UugvWAfsgieZRqgk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAPXdGXyyEoT62BG0RAoF+AJ0YUaNIYEP607L6yUs8wrT3tIZjnACfd0Mp r8eAqQzpi95FnnR+g9RErf8= =pV+Y -----END PGP SIGNATURE----- --UugvWAfsgieZRqgk-- From owner-freebsd-net@FreeBSD.ORG Fri Feb 27 10:07:10 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 04E1216A4E2; Fri, 27 Feb 2004 10:07:10 -0800 (PST) Received: from smtp.netcabo.pt (smtp.netcabo.pt [212.113.174.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0324043D2F; Fri, 27 Feb 2004 10:07:09 -0800 (PST) (envelope-from max@love2party.net) Received: from mail pickup service by smtp.netcabo.pt with Microsoft SMTPSVC; Fri, 27 Feb 2004 18:07:08 +0000 Received: from rt.dgc.tvcabo.pt ([212.113.163.4]) by smtp.netcabo.pt with Microsoft SMTPSVC(5.0.2195.6713); Thu, 26 Feb 2004 05:28:20 +0000 Received: (qmail 19886 invoked by uid 512); 26 Feb 2004 04:59:43 -0000 Received: from owner-freebsd-hackers@freebsd.org by legolas.hdi.tvcabo.pt by uid 504 with qmail-scanner-1.20st (clamuko: 0.66. spamassassin: 2.63. Clear:RC:1(212.113.174.9):. Processed in 0.454343 secs); 26 Feb 2004 04:59:43 -0000 X-Antivirus-TVCABO-Mail-From: owner-freebsd-hackers@freebsd.org via legolas.hdi.tvcabo.pt X-Antivirus-TVCABO: 1.20st (Clear:RC:1(212.113.174.9):. Processed in 0.454343 secs) process 19885 Received: from smtp.netcabo.pt (212.113.174.9) by rt.dgc.tvcabo.pt with SMTP; 26 Feb 2004 04:59:43 -0000 Received: from mx2.freebsd.org ([216.136.204.119]) by smtp.netcabo.pt with Microsoft SMTPSVC(5.0.2195.6713); Thu, 26 Feb 2004 04:59:28 +0000 Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id D73A85753A; Wed, 25 Feb 2004 20:30:51 -0800 (PST) (envelope-from owner-freebsd-hackers@freebsd.org) Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 3234C16A63E; Wed, 25 Feb 2004 20:30:17 -0800 (PST) Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EBF3416A4CF for ; Wed, 25 Feb 2004 20:30:04 -0800 (PST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id ABF0243D39 for ; Wed, 25 Feb 2004 20:30:04 -0800 (PST) (envelope-from mlaier@vampire.homelinux.org) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1AwD9v-0004wi-00 for hackers@freebsd.org; Thu, 26 Feb 2004 05:30:03 +0100 Received: from [80.131.150.236] (helo=vampire.homelinux.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 1AwD9v-0004K8-00 for hackers@freebsd.org; Thu, 26 Feb 2004 05:30:03 +0100 Received: (qmail 68459 invoked by uid 1001); 26 Feb 2004 04:34:18 -0000 Date: Thu, 26 Feb 2004 05:34:18 +0100 From: Max Laier To: current@freebsd.org Message-ID: <20040226043418.GA68438@router.laiers.local> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="UugvWAfsgieZRqgk" Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:e28873fbe4dbe612ce62ab869898ff08 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Sender: owner-freebsd-hackers@freebsd.org Errors-To: owner-freebsd-hackers@freebsd.org X-OriginalArrivalTime: 26 Feb 2004 04:59:29.0006 (UTC) FILETIME=[5070B8E0:01C3FC25] cc: hackers@freebsd.org cc: net@freebsd.org Subject: HEADS UP: pf import X-BeenThere: freebsd-net@freebsd.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 18:07:10 -0000 --UugvWAfsgieZRqgk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, we started importing OpenBSD's packet filter (pf) from it's port=20 (security/pf). The kernel parts are done, though not linked to any=20 automatic build. If you want to build it already, you can build from the=20 corresponding module directories:=20 sys/modules/{pf, pflog, pfsync} Make sure to install new and modified headers. User of the port should hold off until this is done. The port will no=20 longer build with the new headers installed! There is no userland in the=20 tree, yet! This brings pf from OpenBSD 3.4 with the complete OpenBSD 3.4 function=20 set. It was tested from the port for a long time now and brings some=20 features that were not available to FreeBSD before. We have reports from=20 people successfully running the port (and a preliminarily version of the=20 changes committed now) on production-use firewalls and servers. To get an idea of pf's power I suggest reading the OpenBSD FAQ about it: http://www.openbsd.org/faq/pf/index.html or if you prefer a summarize, check out the port status report: http://www.freebsd.org/news/status/report-oct-2003-dec-2003.html#Porting-Op= enBSD's-pf --=20 Best regards, | max@love2party.net Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet --UugvWAfsgieZRqgk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAPXdGXyyEoT62BG0RAoF+AJ0YUaNIYEP607L6yUs8wrT3tIZjnACfd0Mp r8eAqQzpi95FnnR+g9RErf8= =pV+Y -----END PGP SIGNATURE----- --UugvWAfsgieZRqgk-- From owner-freebsd-net@FreeBSD.ORG Fri Feb 27 14:27:58 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B998616A4CE for ; Fri, 27 Feb 2004 14:27:58 -0800 (PST) Received: from web60803.mail.yahoo.com (web60803.mail.yahoo.com [216.155.196.66]) by mx1.FreeBSD.org (Postfix) with SMTP id 693C343D1F for ; Fri, 27 Feb 2004 14:27:58 -0800 (PST) (envelope-from richard_bejtlich@yahoo.com) Message-ID: <20040227222757.50041.qmail@web60803.mail.yahoo.com> Received: from [68.50.168.243] by web60803.mail.yahoo.com via HTTP; Fri, 27 Feb 2004 14:27:57 PST Date: Fri, 27 Feb 2004 14:27:57 -0800 (PST) From: Richard Bejtlich To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Question on IEEE802_11_RADIO X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 22:27:58 -0000 Hello, >From what I've read elsewhere on the lists, I'm not seeing what I should using the new IEEE802_11_RADIO link type. Tcpdump is compiled --WITH_RADIOTAP: -- orr:/root# uname -a FreeBSD orr.taosecurity.com 5.2-SECURITY FreeBSD 5.2-SECURITY #0: Thu Feb 5 10:24:52 GMT 2004 root@builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 orr:/root# /usr/local/sbin/tcpdump -V tcpdump version 3.8 libpcap version 0.8 orr:/root# ifconfig wi0 mediaopt monitor channel 6 up orr:/root# ifconfig wi0 wi0: flags=8843 mtu 1500 inet6 fe80::204:e2ff:fe29:3bba%wi0 prefixlen 64 scopeid 0x4 ether 00:04:e2:29:3b:ba media: IEEE 802.11 Wireless Ethernet autoselect (DS/2Mbps ) status: associated ssid "" stationname "FreeBSD WaveLAN/IEEE node" channel 6 authmode OPEN powersavemode OFF powersavesleep 100 wepmode OFF weptxkey 1 orr:/root# /usr/local/sbin/tcpdump -L -i wi0 Data link types (use option -y to set): EN10MB (Ethernet) IEEE802_11 (802.11) IEEE802_11_RADIO (802.11 plus radio information header) orr:/root# /usr/local/sbin/tcpdump -ne -i wi0 -y IEEE802_11_RADIO -vv -s 1515 tcpdump: data link type IEEE802_11_RADIO tcpdump: WARNING: wi0: no IPv4 address assigned tcpdump: listening on wi0, link-type IEEE802_11_RADIO (802.11 plus radio information header), capture size 1515 bytes 17:23:44.825895 [|802.11] 17:23:44.851368 [|802.11] 17:23:44.869122 [|802.11] 17:23:44.888504 [|802.11] I do see what I expect using IEEE802_11: orr:/root# /usr/local/sbin/tcpdump -n -i wi0 -y IEEE802_11 -vv -s 1515 -X tcpdump: data link type IEEE802_11 tcpdump: WARNING: wi0: no IPv4 address assigned tcpdump: listening on wi0, link-type IEEE802_11 (802.11), capture size 1515 byte s 12:26:25.851579 0us Beacon (LIMHOME) [1.0* 2.0* 5.5 11.0 Mbit] ESS CH: 6 0x0000 2571 61c2 d900 0000 6400 0500 0007 4c49 %qa.....d.....LI 0x0010 4d48 4f4d 4501 0482 840b 1603 0106 0406 MHOME........... 0x0020 0102 0000 0000 0504 0001 0000 ............ 12:26:25.910662 0us Beacon (shaolin) [1.0* 2.0* 5.5* 11.0* Mbit] ESS CH: 6, PRIVACY 0x0000 2cc2 0ac7 7d04 0000 6400 1100 0007 7368 ,...}...d.....sh 0x0010 616f 6c69 6e01 0482 848b 9603 0106 0504 aolin........... 0x0020 0001 0000 -- Anyone else seeing similar behavior? Thank you, Richard http://www.taosecurity.com __________________________________ Do you Yahoo!? Get better spam protection with Yahoo! Mail. http://antispam.yahoo.com/tools From owner-freebsd-net@FreeBSD.ORG Fri Feb 27 23:13:57 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DEA1716A4CE for ; Fri, 27 Feb 2004 23:13:57 -0800 (PST) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id B046C43D1F for ; Fri, 27 Feb 2004 23:13:57 -0800 (PST) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id C5327654B9; Sat, 28 Feb 2004 07:13:56 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 82441-07-9; Sat, 28 Feb 2004 07:13:56 +0000 (GMT) Received: from saboteur.dek.spc.org (82-147-17-88.dsl.uk.rapidplay.com [82.147.17.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 5C689654B4; Sat, 28 Feb 2004 07:13:56 +0000 (GMT) Received: by saboteur.dek.spc.org (Postfix, from userid 1001) id 8CDA257; Sat, 28 Feb 2004 07:13:55 +0000 (GMT) Date: Sat, 28 Feb 2004 07:13:55 +0000 From: Bruce M Simpson To: Richard Bejtlich Message-ID: <20040228071355.GM24378@saboteur.dek.spc.org> Mail-Followup-To: Richard Bejtlich , freebsd-net@freebsd.org References: <20040227222757.50041.qmail@web60803.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040227222757.50041.qmail@web60803.mail.yahoo.com> cc: freebsd-net@freebsd.org Subject: Re: Question on IEEE802_11_RADIO X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Feb 2004 07:13:58 -0000 On Fri, Feb 27, 2004 at 02:27:57PM -0800, Richard Bejtlich wrote: > >From what I've read elsewhere on the lists, I'm not > seeing what I should using the new IEEE802_11_RADIO > link type. Tcpdump is compiled --WITH_RADIOTAP: Don't use monitor mode; it's a misnomer. Try without using monitor mode and you should see radiotap headers. BMS From owner-freebsd-net@FreeBSD.ORG Sat Feb 28 04:57:17 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A255E16A4CE for ; Sat, 28 Feb 2004 04:57:17 -0800 (PST) Received: from web60805.mail.yahoo.com (web60805.mail.yahoo.com [216.155.196.68]) by mx1.FreeBSD.org (Postfix) with SMTP id 313E343D1D for ; Sat, 28 Feb 2004 04:57:17 -0800 (PST) (envelope-from richard_bejtlich@yahoo.com) Message-ID: <20040228125716.29304.qmail@web60805.mail.yahoo.com> Received: from [68.50.168.243] by web60805.mail.yahoo.com via HTTP; Sat, 28 Feb 2004 04:57:16 PST Date: Sat, 28 Feb 2004 04:57:16 -0800 (PST) From: Richard Bejtlich To: Bruce M Simpson In-Reply-To: <20040228071355.GM24378@saboteur.dek.spc.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-net@freebsd.org Subject: Re: Question on IEEE802_11_RADIO X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Feb 2004 12:57:17 -0000 --- Bruce M Simpson wrote: > Don't use monitor mode; it's a misnomer. Try without > using monitor > mode and you should see radiotap headers. > > BMS Hi Bruce, Without monitor mode I get worse results for IEEE802_11, but IEEE802_11_RADIO gives the same results. orr:/root# ifconfig wi0 wi0: flags=8802 mtu 1500 ether 00:04:e2:29:3b:ba media: IEEE 802.11 Wireless Ethernet autoselect (none) ssid "" stationname "FreeBSD WaveLAN/IEEE node" channel -1 authmode OPEN powersavemode OFF powersavesleep 100 wepmode OFF weptxkey 1 When I bring the card up it automatically associates with the nearest access point. (Is this correct? I don't have any scripts, etc. to set this up.) orr:/root# ifconfig wi0 up orr:/root# ifconfig wi0 wi0: flags=8843 mtu 1500 inet6 fe80::204:e2ff:fe29:3bba%wi0 prefixlen 64 scopeid 0x4 ether 00:04:e2:29:3b:ba media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps) status: associated ssid shaolin 1:shaolin stationname "FreeBSD WaveLAN/IEEE node" channel 6 authmode OPEN powersavemode OFF powersavesleep 100 wepmode OFF weptxkey 1 This looks the same as before: orr:/root# /usr/local/sbin/tcpdump -n -e -i wi0 -y IEEE802_11_RADIO -vv tcpdump: data link type IEEE802_11_RADIO tcpdump: WARNING: wi0: no IPv4 address assigned tcpdump: listening on wi0, link-type IEEE802_11_RADIO (802.11 plus radio information header), capture size 96 bytes 07:47:26.227651 [|802.11] 07:47:26.321380 [|802.11] 07:47:26.325336 [|802.11] This doesn't look right -- the beacon packets don't seem to be interpreted correctly: orr:/root# /usr/local/sbin/tcpdump -n -e -i wi0 -y IEEE802_11 -vv tcpdump: data link type IEEE802_11 tcpdump: WARNING: wi0: no IPv4 address assigned tcpdump: listening on wi0, link-type IEEE802_11 (802.11), capture size 96 bytes 07:47:44.691348 56185us BSSID:00:a0:c5:59:47:d4 SA:00:06:25:45:74:be DA:00:a0:c5:59:47:d4 LLC, dsap 0xb2, ssap 0x0f, cmd 0x00, sap 0e > sap b2 I (s=0,r=0,R) len=64 07:47:44.791749 56185us BSSID:00:a0:c5:59:47:d4 SA:00:06:25:45:74:be DA:00:a0:c5:59:47:d4 LLC, dsap 0xb3, ssap 0x0f, cmd 0x00, sap 0e > sap b3 I (s=0,r=0,R) len=64 Only by enabling monitor mode and specifying a channel do I see beacons as expected: orr:/root# ifconfig wi0 mediaopt monitor channel 6 up orr:/root# /usr/local/sbin/tcpdump -n -e -i wi0 -y IEEE802_11 -vv -c 2 tcpdump: data link type IEEE802_11 tcpdump: WARNING: wi0: no IPv4 address assigned tcpdump: listening on wi0, link-type IEEE802_11 (802.11), capture size 96 bytes 07:49:50.110446 0us BSSID:00:06:25:5b:21:ab DA:ff:ff:ff:ff:ff:ff SA:00:06:25:5b:21:ab Beacon (Alpha) [1.0* 2.0* 5.5 11.0 Mbit] ESS CH: 6 07:49:50.112603 56185us BSSID:00:a0:c5:59:47:d4 SA:00:06:25:45:74:be DA:00:a0:c5:59:47:d4 LLC, dsap 0x53, ssap 0x10, cmd 0x00, sap 10 > sap 53 I (s=0,r=0,C) len=64 Unfortunately I get the weird RADIO output: orr:/root# /usr/local/sbin/tcpdump -n -e -i wi0 -y IEEE802_11_RADIO -vv -c 2 tcpdump: data link type IEEE802_11_RADIO tcpdump: WARNING: wi0: no IPv4 address assigned tcpdump: listening on wi0, link-type IEEE802_11_RADIO (802.11 plus radio information header), capture size 96 bytes 07:50:52.733414 [|802.11] 07:50:52.751514 [|802.11] Here's what prism2ctl reports after all of this: orr:/root# prism2ctl wi0 Sleep mode: [ Off ] Suppress post back-off delay: [ Off ] Suppress Tx Exception: [ Off ] Monitor mode: [ Off ] LED Test: [ ] Continuous Tx: [ ] Continuous Rx: [ Off ] Signal State: [ ] Automatic level control: [ Off ] orr:/root# prism2ctl wi0 -m orr:/root# prism2ctl wi0 Sleep mode: [ Off ] Suppress post back-off delay: [ Off ] Suppress Tx Exception: [ Off ] Monitor mode: [ On ] LED Test: [ ] Continuous Tx: [ ] Continuous Rx: [ Off ] Signal State: [ ] Automatic level control: [ Off ] At this point I can use prism2dump, but Tcpdump doesn't see anything: orr:/root# prism2dump wi0 prism2dump: listening on wi0 - [ff:ff:ff:ff:ff:ff <- 0:c:41:f6:6c:24 <- 0:c:41:f6:6c:24] - port: 7 ts: 300.510715 0:5 10:0 - sn: 62848 (69:74:59:e7:ac:b0) len: 59 - ** mgmt-beacon ** ts: 230891.417994 int: 100 capinfo: ess + ssid: [linksys] + rates: 1.0 2.0 5.5 11.0 18.0 24.0 36.0 54.0 + ds ch: 6 + dtim c: 0 p: 1 bc: 0 pvb: bfbfea45 Thanks for your help, Richard http://www.taosecurity.com __________________________________ Do you Yahoo!? Get better spam protection with Yahoo! Mail. http://antispam.yahoo.com/tools From owner-freebsd-net@FreeBSD.ORG Sat Feb 28 19:48:32 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E8DBB16A4CE for ; Sat, 28 Feb 2004 19:48:32 -0800 (PST) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id C93D943D39 for ; Sat, 28 Feb 2004 19:48:32 -0800 (PST) (envelope-from mwade@bluehighway.net) Received: from net-ninja.dyndns.org ([68.59.250.193]) by comcast.net (rwcrmhc11) with ESMTP id <2004022903483201300hcov6e>; Sun, 29 Feb 2004 03:48:32 +0000 Received: from net-ninja.dyndns.org (net-ninja.dyndns.org [192.168.1.10]) by net-ninja.dyndns.org (Postfix) with ESMTP id B1F5C1B for ; Sat, 28 Feb 2004 22:48:31 -0500 (EST) Date: Sat, 28 Feb 2004 22:48:31 -0500 (EST) From: Mike Wade X-X-Sender: mwade@net-ninja.dyndns.org To: freebsd-net@freebsd.org In-Reply-To: <20040226171125.Q15617@net-ninja.dyndns.org> Message-ID: <20040228223944.G93302@net-ninja.dyndns.org> References: <20040226171125.Q15617@net-ninja.dyndns.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: Persistant random receiving packet drops with wi(4) and IBSS X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Feb 2004 03:48:33 -0000 On Thu, 26 Feb 2004, Mike Wade wrote: > Greetings, > > I'm experiencing a rather perplexing problem with 2 wireless nodes running > FreeBSD 4.9-STABLE utilizing the wi(4) driver in IBSS mode. Periodically > I'm unable to receive packets (transmitting packets is fine) but I'm able > to see the incoming packets via tcpdump running in promisc mode only. I'm > not able to see the incoming packets when it's not in promisc mode. I've discovered some new facts... If both nodes are in promisc mode then the receiving packet drops go away. However, several input errors show up via netstat and the performance drops from 4.0 mbit/sec to 0.16 mbit/sec. Pretty bizarre stuff... The input errors seems to be coming from if_wi.c: if (rx_frame.wi_status & WI_STAT_ERRSTAT) { ifp->if_ierrors++; return; } Any ideas? --- Mike Wade (mwade@bluehighway.net) Blue Highway Labs, LLC.