From owner-freebsd-net@FreeBSD.ORG Sun Mar 21 03:26:22 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB31816A4CE for ; Sun, 21 Mar 2004 03:26:22 -0800 (PST) Received: from smtp.noos.fr (nan-smtp-17.noos.net [212.198.2.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id A3C5343D2D for ; Sun, 21 Mar 2004 03:26:21 -0800 (PST) (envelope-from spe@selectbourse.net) Received: (qmail 19099 invoked by uid 0); 21 Mar 2004 11:26:20 -0000 Received: from unknown (HELO 192.168.0.3) ([81.64.25.123]) (envelope-sender ) by 212.198.2.117 (qmail-ldap-1.03) with SMTP for ; 21 Mar 2004 11:26:20 -0000 From: Sebastien Petit Organization: BSDShell To: freebsd-net@freebsd.org Date: Sun, 21 Mar 2004 12:26:13 +0100 User-Agent: KMail/1.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200403211226.13690.spe@selectbourse.net> Subject: IPSec and setsockopt MULTICAST_IF interaction X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Mar 2004 11:26:22 -0000 Hi Team, I want to use IPsec engine with AH Security Association and SPD on multicast destination adress. When I comment the setsockopt MULTICAST_IF option, all work fine and destination packets to the multicast adress have AH added before IP Header. But when I use the setsockopt MULTICAST_IF, no packets are sended from the interface (packet seems to be destroyed silently by kernel). Is there an issue about using MUTLICAST_IF option and IPsec ? Any help will be greatly appreciated. Regards, spe. -- spe@selectbourse.net From owner-freebsd-net@FreeBSD.ORG Sun Mar 21 07:02:12 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E63D416A4CE for ; Sun, 21 Mar 2004 07:02:12 -0800 (PST) Received: from ar-fdc-dmz-mailserv (unknown [200.73.172.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id C31CC43D31 for ; Sun, 21 Mar 2004 07:02:09 -0800 (PST) (envelope-from alan@aeg.net.ar) Received: from [200.89.154.46] (helo=aeg2k) by ar-fdc-dmz-mailserv with asmtp (Exim 3.33 #1 (Debian)) id 1B54SZ-00054X-00 for ; Sun, 21 Mar 2004 18:01:55 +0300 Message-ID: <000801c40f56$e168c380$2e9a59c8@aeg2k> From: "Alan Glait" To: Date: Sun, 21 Mar 2004 12:12:05 -0300 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: NAT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Mar 2004 15:02:13 -0000 Hi !=20 I want to connect my win to my freebsd. But the nat is not working. How = I check if my kernel have ipfw ?=20 Now, when I start the pc I get something "IP packet filtering enable, = divert Disable, IP forwarding enable" .. What this means ?? Is it = working ??=20 Regards Alan From owner-freebsd-net@FreeBSD.ORG Sun Mar 21 10:34:38 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8EB2416A4CE for ; Sun, 21 Mar 2004 10:34:38 -0800 (PST) Received: from web8205.mail.in.yahoo.com (web8205.mail.in.yahoo.com [203.199.70.126]) by mx1.FreeBSD.org (Postfix) with SMTP id 4946343D41 for ; Sun, 21 Mar 2004 10:34:37 -0800 (PST) (envelope-from manish_6983@yahoo.co.in) Message-ID: <20040321183435.40540.qmail@web8205.mail.in.yahoo.com> Received: from [203.199.146.111] by web8205.mail.in.yahoo.com via HTTP; Sun, 21 Mar 2004 18:34:35 GMT Date: Sun, 21 Mar 2004 18:34:35 +0000 (GMT) From: =?iso-8859-1?q?manish=20gautam?= To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Problem in Netgraph ( TESTING OF MY NODE ) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Mar 2004 18:34:38 -0000 Ist problem ============= i hav created my own node named "m" .and using commands kldload netgraph kldload ng_ether kldload ng_m i also create an ether node and then i attach my "m" node to ether node using ngctl mkpeer ed0: m upper right after that on command ::--> ngctl msg my_m: getstats ( my_m is name of peer to ether i.e my node ) result is as foolows ::--> Rec'd response "getstats" (1) from "my_m:": Args: { right={inOctets=3508 inFrames=54 } left={outOctets=3508 outFrames=54 } } Does that mean my node is working... YES or NO? If yes , is every packet coming through ethernet card pass through my node. If no, how do I check it and made every packet pass through my own node. IInd problem ============ Its a silly problem , i hav downloaded ethereal packages named tethereal.tar.gz tethereal-0.9.10.tar How can I install ethereal on my machine using above said packages,? do i need more packages ? Reply as soon as possible Rgds Manish Gautam ________________________________________________________________________ Yahoo! India Insurance Special: Be informed on the best policies, services, tools and more. Go to: http://in.insurance.yahoo.com/licspecial/index.html From owner-freebsd-net@FreeBSD.ORG Sun Mar 21 12:08:10 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC83116A4CE for ; Sun, 21 Mar 2004 12:08:10 -0800 (PST) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF43443D2F for ; Sun, 21 Mar 2004 12:08:10 -0800 (PST) (envelope-from billf@elvis.mu.org) Received: by elvis.mu.org (Postfix, from userid 1098) id D2D605C7DA; Sun, 21 Mar 2004 12:08:10 -0800 (PST) Date: Sun, 21 Mar 2004 12:08:10 -0800 From: Bill Fumerola To: manish gautam Message-ID: <20040321200810.GB16249@elvis.mu.org> References: <20040321183435.40540.qmail@web8205.mail.in.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040321183435.40540.qmail@web8205.mail.in.yahoo.com> User-Agent: Mutt/1.4.2.1i X-Operating-System: FreeBSD 4.9-MUORG-20031210 i386 cc: freebsd-net@freebsd.org Subject: Re: Problem in Netgraph ( TESTING OF MY NODE ) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: billf@FreeBSD.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Mar 2004 20:08:11 -0000 On Sun, Mar 21, 2004 at 06:34:35PM +0000, manish gautam wrote: > How can I install ethereal on my machine using above > said packages,? do i need more packages ? i have nothing to say regarding netgraph, but... tethereal is the package with just tethereal, ethereal has both tethereal and ethereal (the gtk/x11 binary). use 'pkg_add -r' or 'portupgrade' to take care of the dependencies rather than downloading the packages individually. this is more than adequately covered further in the handbook. on the topic of ethereal dependencies, [t]ethereal-lite ports are forthcoming in the next week to build packages that have no direct dependencies beyond glib for tethereal and gtk for ethereal. -- - bill fumerola / fumerola@yahoo-inc.com / billf@FreeBSD.org From owner-freebsd-net@FreeBSD.ORG Sun Mar 21 12:31:41 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 25DC716A4CE for ; Sun, 21 Mar 2004 12:31:41 -0800 (PST) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1563843D2F for ; Sun, 21 Mar 2004 12:31:41 -0800 (PST) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([24.7.73.28]) by comcast.net (rwcrmhc11) with ESMTP id <2004032120313601300dubqoe>; Sun, 21 Mar 2004 20:31:40 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id MAA24902; Sun, 21 Mar 2004 12:31:35 -0800 (PST) Date: Sun, 21 Mar 2004 12:31:34 -0800 (PST) From: Julian Elischer To: =?iso-8859-1?q?manish=20gautam?= In-Reply-To: <20040321183435.40540.qmail@web8205.mail.in.yahoo.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Problem in Netgraph ( TESTING OF MY NODE ) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Mar 2004 20:31:41 -0000 On Sun, 21 Mar 2004, [iso-8859-1] manish gautam wrote: > Ist problem > ============= > > i hav created my own node named "m" .and using > commands > > kldload netgraph > kldload ng_ether > kldload ng_m > > i also create an ether node and then i attach my "m" > node to ether node using > > ngctl mkpeer ed0: m upper right > > after that on command ::--> > > ngctl msg my_m: getstats ( my_m is name of peer to > ether i.e my node ) > > result is as follows ::--> > > Rec'd response "getstats" (1) from "my_m:": > Args: { right={inOctets=3508 inFrames=54 } > left={outOctets=3508 outFrames=54 } } It means that your module is doing SOMETHING I can not say if it is working as I don't know aything about your node.. I presume it is based on the 'tee' node.. > > Does that mean my node is working... YES or NO? > If yes , is every packet coming through ethernet card > pass through my node. no, you only connected to the 'upper' part of the ethernet interface so you are only capturing outgoing packets I'm not sure if the node correctly does not could bytes going out a disconnected hook or not. you should also do: ngctl connect ng_m: ed0: left lower or something like that I presume you may also want to look at the ng_etf node (and it's man page (man ng_etf) I'm presuming youhave read the man pages.. there should be one for every node type.. ng_tee ng_ether etc. > If no, how do I check it and made every packet pass > through my own node. look at the packets by attaching nghook to the left2right and right2left hooks From owner-freebsd-net@FreeBSD.ORG Sun Mar 21 14:24:59 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92CF716A4CE for ; Sun, 21 Mar 2004 14:24:59 -0800 (PST) Received: from hotmail.com (bay14-dav11.bay14.hotmail.com [64.4.48.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7335343D2F for ; Sun, 21 Mar 2004 14:24:59 -0800 (PST) (envelope-from jamanta_tm@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sun, 21 Mar 2004 14:24:59 -0800 Received: from 200.167.44.51 by bay14-dav11.bay14.hotmail.com with DAV; Sun, 21 Mar 2004 22:24:59 +0000 X-Originating-IP: [200.167.44.51] X-Originating-Email: [jamanta_tm@hotmail.com] X-Sender: jamanta_tm@hotmail.com From: "Julio Maciel" To: Date: Sun, 21 Mar 2004 19:24:58 -0300 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0077_01C40F7A.32B29E50" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: X-OriginalArrivalTime: 21 Mar 2004 22:24:59.0293 (UTC) FILETIME=[5884E4D0:01C40F93] X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: dhclient problem.. im desperate X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Mar 2004 22:24:59 -0000 This is a multi-part message in MIME format. ------=_NextPart_000_0077_01C40F7A.32B29E50 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable there is attached a log containg described details of my problem.. ive been trying to solve this problem for about a week.. help! ------=_NextPart_000_0077_01C40F7A.32B29E50 Content-Type: text/plain; name="logboard.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="logboard.txt" well I just installed freeBSD on my home, (5.2.1), and everything goes ok, = BUT, i cant get dhcp, working... on sysinstall, if I try to make my dhcp to be discovered, it freezes up, = so i skiped this part and then after installing everytime i try to run dhclient i get this: (i use cable modem): DHCPDISCOVER on rl0 to 255.255.255.255 port 67 interval 5 DHCPOFFER from 200.167.40.1 DHCPREQUEST on rl0 to 255.255.255.255 port 67 DHCPREQUEST on rl0 to 255.255.255.255 port 67 DHCPDISCOVER on rl0 to 255.255.255.255 port 67 interval 4 DHCPOFFER from 200.167.40.1 DHCPREQUEST on rl0 to 255.255.255.255 port 67 DHCPREQUEST on rl0 to 255.255.255.255 port 67 and after this, it just goes on a infinite loop i tried tcpdump to help me, but i just understand a line of tcpdump... = here is what is says: any idea of how can i solve this??? tcpdump: listening on rl0 02:11:44.927998 62.34.47.230.2378 > 200.167.44.51.4662: S = 1165485284:1165485284(0) win 16384 (DF) 02:11:45.039756 217.136.155.126.2196 > 200.167.44.51.4662: S = 4287223825:4287223825(0) win 64240 (DF) 02:11:45.124634 80.221.1.154.37375 > 200.167.44.51.4662: S = 1353698121:1353698121(0) win 5808 (DF) 02:11:46.461013 81.249.159.201.4927 > 200.167.44.51.4662: S = 983537944:983537944(0) win 16384 (DF) 02:11:46.481028 69.22.119.192.3838 > 200.167.44.51.4662: S = 3442908908:3442908908(0) win 55168 02:11:47.008052 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0x76168c79 = file ""[|bootp] [tos 0x10] 02:11:47.728761 81.57.115.70.64528 > 200.167.44.51.4662: S = 1906488484:1906488484(0) win 65535 (DF) 02:11:48.416135 200.167.40.1 > 239.255.255.250: igmp query v2 [max resp = time 10] [gaddr 239.255.255.250] [ttl 1] 02:11:50.197610 fe80::2c0:a8ff:fe7a:d270 > ff02::1:ff7a:d270: HBH icmp6: = multicast listener report max resp delay: 0 addr: ff02::1:ff7a:d270 = [hlim 1] 02:11:50.327907 81.57.115.70.64528 > 200.167.44.51.4662: S = 1906488484:1906488484(0) win 65535 (DF) 02:11:51.063034 201.1.35.225.3232 > 200.167.44.51.4662: S = 3984621272:3984621272(0) win 16384 (DF) 02:11:51.257861 80.221.1.154.37375 > 200.167.44.51.4662: S = 1353698121:1353698121(0) win 5808 (DF) [tos 0x38 ] 02:11:52.115398 82.224.181.76.3797 > 200.167.44.51.4662: S = 2009051266:2009051266(0) win 16384 (DF) 02:11:53.430108 82.166.164.74.4644 > 200.167.44.51.4662: S = 2172714527:2172714527(0) win 65280 (DF) 02:11:53.484413 81.57.115.70.64528 > 200.167.44.51.4662: S = 1906488484:1906488484(0) win 65535 (DF) 02:11:53.745042 80.202.19.94.54770 > 200.167.44.51.4662: S = 1468878454:1468878454(0) win 64240 (DF) 02:11:54.123742 201.1.35.225.3232 > 200.167.44.51.4662: S = 3984621272:3984621272(0) win 16384 (DF) 02:11:56.343704 82.166.164.74.4644 > 200.167.44.51.4662: S = 2172714527:2172714527(0) win 65280 (DF) 02:11:56.453808 81.57.115.70.64528 > 200.167.44.51.4662: S = 1906488484:1906488484(0) win 65535 (DF) 02:11:56.820744 80.202.19.94.54770 > 200.167.44.51.4662: S = 1468878454:1468878454(0) win 64240 (DF) 02:11:57.415259 81.53.52.131.4090 > 200.167.44.51.4662: S = 3508821142:3508821142(0) win 16384 (DF) 02:11:58.017734 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0x1a62971a = [|bootp] [tos 0x10] 02:11:58.108558 200.167.40.1.bootps > 200.167.42.15.bootpc: hops:1 = xid:0x1a62971a Y:200.167.42.15 G:200.167.44.1 [|bootp] (DF) [tos = 0x1,ECT(1)] 02:11:58.109200 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0x1a62971a = file ""[|bootp] [tos 0x10] 02:11:58.119341 82.224.181.76.3797 > 200.167.44.51.4662: S = 2009051266:2009051266(0) win 16384 (DF) 02:11:59.502051 81.57.115.70.64528 > 200.167.44.51.4662: S = 1906488484:1906488484(0) win 65535 (DF) 02:12:00.070206 201.1.35.225.3232 > 200.167.44.51.4662: S = 3984621272:3984621272(0) win 16384 (DF) 02:12:00.353545 81.53.52.131.4090 > 200.167.44.51.4662: S = 3508821142:3508821142(0) win 16384 (DF) 02:12:01.017652 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0x1a62971a = [|bootp] [tos 0x10] 02:12:02.164142 82.166.164.74.4644 > 200.167.44.51.4662: S = 2172714527:2172714527(0) win 65280 (DF) 02:12:02.355931 81.57.115.70.64528 > 200.167.44.51.4662: S = 1906488484:1906488484(0) win 65535 (DF) 02:12:02.680533 80.202.19.94.54770 > 200.167.44.51.4662: S = 1468878454:1468878454(0) win 64240 (DF) 02:12:03.243274 80.221.1.154.37375 > 200.167.44.51.4662: S = 1353698121:1353698121(0) win 5808 (DF) [tos 0x38] 02:12:03.774301 80.14.171.164.34603 > 200.167.44.51.4662: S = 52831074:52831074(0) win 64240 (DF) 02:12:04.366570 64.4.60.7.http > 200.167.44.51.4284: R 0:0(0) win 0 02:12:05.774493 81.67.5.68.4009 > 200.167.44.51.4662: S = 3900015774:3900015774(0) win 64240 (DF) 02:12:06.356361 81.53.52.131.4090 > 200.167.44.51.4662: S = 3508821142:3508821142(0) win 16384 (DF) 02:12:06.678863 80.14.171.164.34603 > 200.167.44.51.4662: S = 52831074:52831074(0) win 64240 (DF) 02:12:08.017409 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0x1a62971a = file ""[|bootp] [tos 0x10] 02:12:08.373394 81.57.115.70.64528 > 200.167.44.51.4662: S = 1906488484:1906488484(0) win 65535 (DF) 02:12:08.736375 81.67.5.68.4009 > 200.167.44.51.4662: S = 3900015774:3900015774(0) win 64240 (DF) 02:12:08.815033 200.185.48.72.http > 200.167.44.51.1107: F = 2973168356:2973168356(0) ack 53104227 win 8576 (DF) 02:12:08.820497 61.216.74.9.2481 > 200.167.44.51.4662: S = 1139408918:1139408918(0) win 65535 (DF) 02:12:09.221033 82.66.26.131.4320 > 200.167.44.51.4662: S = 4239262019:4239262019(0) win 14464 (DF) 02:12:09.387867 81.57.115.70.63240 > 200.167.44.51.4662: R = 3671602773:3671602773(0) ack 1867072449 win 65535 (DF) 02:12:11.642543 61.216.74.9.2481 > 200.167.44.51.4662: S = 1139408918:1139408918(0) win 65535 (DF) 02:12:12.235451 82.66.26.131.4320 > 200.167.44.51.4662: S = 4239262019:4239262019(0) win 14464 (DF) 02:12:12.577087 80.14.171.164.34603 > 200.167.44.51.4662: S = 52831074:52831074(0) win 64240 (DF) 02:12:13.951611 82.65.34.203.4662 > 200.167.44.51.4423: F = 3921594838:3921594838(0) ack 1996139887 win 64240 (DF) 02:12:14.561416 212.194.126.163.24390 > 200.167.44.51.4662: S = 840415368:840415368(0) win 16384 (DF) 02:12:14.964678 81.67.5.68.4009 > 200.167.44.51.4662: S = 3900015774:3900015774(0) win 64240 (DF) 02:12:16.199362 62.34.47.230.2396 > 200.167.44.51.4662: S = 1175917423:1175917423(0) win 16384 (DF) 02:12:16.326164 217.136.155.126.2265 > 200.167.44.51.4662: S = 3905803:3905803(0) win 64240 (DF) 02:12:17.468663 212.194.126.163.24390 > 200.167.44.51.4662: S = 840415368:840415368(0) win 16384 (DF) 02:12:17.678225 61.216.74.9.2481 > 200.167.44.51.4662: S = 1139408918:1139408918(0) win 65535 (DF) 02:12:18.184903 81.56.180.109.1791 > 200.167.44.51.4662: S = 2475395534:2475395534(0) win 65535 (DF) 02:12:18.271373 82.66.26.131.4320 > 200.167.44.51.4662: S = 4239262019:4239262019(0) win 14464 (DF) 02:12:19.066911 62.34.47.230.2396 > 200.167.44.51.4662: S = 1175917423:1175917423(0) win 16384 (DF) 02:12:19.294347 217.136.155.126.2265 > 200.167.44.51.4662: S = 3905803:3905803(0) win 64240 (DF) 02:12:20.629854 81.57.115.70.64528 > 200.167.44.51.4662: S = 1906488484:1906488484(0) win 65535 (DF) 02:12:21.283110 81.56.180.109.1791 > 200.167.44.51.4662: S = 2475395534:2475395534(0) win 65535 (DF) 02:12:22.016902 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0xd83d3b6e = [|bootp] [tos 0x10] 02:12:22.104676 200.167.40.1.bootps > 200.167.42.15.bootpc: hops:1 = xid:0xd83d3b6e Y:200.167.42.15 G:200.167.44.1 [|bootp] (DF) [tos = 0x1,ECT(1)] 02:12:22.105488 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0xd83d3b6e = file ""[|bootp] [tos 0x10] 02:12:22.578397 80.221.1.154.37414 > 200.167.44.51.4662: S = 1400948887:1400948887(0) win 5808 (DF) 02:12:23.493891 212.194.126.163.24390 > 200.167.44.51.4662: S = 840415368:840415368(0) win 16384 = (DF)02:12:24.909044 82.48.96.191.2084 > 200.167.44.51.4662: S = 3660059293:3660059293(0) win 16384 (DF) 02:12:25.014998 62.34.47.230.2396 > 200.167.44.51.4662: S = 1175917423:1175917423(0) win 16384 (DF) 02:12:25.322219 217.136.155.126.2265 > 200.167.44.51.4662: S = 3905803:3905803(0) win 64240 (DF) 02:12:25.508895 80.221.1.154.37414 > 200.167.44.51.4662: S = 1400948887:1400948887(0) win 5808 (DF) 02:12:25.528310 81.56.244.244.3797 > 200.167.44.51.4662: S = 825154342:825154342(0) win 16384 (DF) 02:12:26.891085 200.101.233.202.rfa > 200.167.44.51.rfa: udp 20 02:12:27.011149 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0xd83d3b6e = file ""[|bootp] [tos 0x10] 02:12:27.223400 81.56.180.109.1791 > 200.167.44.51.4662: S = 2475395534:2475395534(0) win 65535 (DF) 02:12:27.828851 82.48.96.191.2084 > 200.167.44.51.4662: S = 3660059293:3660059293(0) win 16384 (DF) 02:12:28.470149 81.56.244.244.3797 > 200.167.44.51.4662: S = 825154342:825154342(0) win 16384 (DF) 02:12:31.652685 80.221.1.154.37414 > 200.167.44.51.4662: S = 1400948887:1400948887(0) win 5808 (DF) [tos 0x38] 02:12:32.121133 201.1.35.225.3413 > 200.167.44.51.4662: S = 3999339494:3999339494(0) win 16384 (DF) 02:12:33.157609 200.167.40.1 > 224.0.0.1: igmp query v2 [ttl 1] 02:12:33.779587 82.48.96.191.2084 > 200.167.44.51.4662: S = 3660059293:3660059293(0) win 16384 (DF) 02:12:34.006622 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0x17cdf028 = [|bootp] [tos 0x10] 02:12:34.091892 200.167.40.1.bootps > 200.167.42.15.bootpc: hops:1 = xid:0x17cdf028 Y:200.167.42.15 G:200.167.44.1 [|bootp] (DF) [tos = 0x1,ECT(1)] 02:12:34.092347 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0x17cdf028 = file ""[|bootp] [tos 0x10] 02:12:34.439207 81.56.244.244.3797 > 200.167.44.51.4662: S = 825154342:825154342(0) win 16384 (DF) 02:12:34.639153 81.251.69.223.4494 > 200.167.44.51.4662: S = 354180278:354180278(0) win 65535 (DF) 02:12:35.112207 201.1.35.225.3413 > 200.167.44.51.4662: S = 3999339494:3999339494(0) win 16384 (DF) 02:12:37.029937 200.167.40.1 > 224.0.0.2: igmp v1 report 224.0.0.2 [ttl = 1] 02:12:37.286241 81.251.69.223.4494 > 200.167.44.51.4662: S = 354180278:354180278(0) win 65535 (DF) 02:12:37.546054 80.202.19.94.55223 > 200.167.44.51.4662: S = 1497182876:1497182876(0) win 64240 (DF) 02:12:40.434981 80.202.19.94.55223 > 200.167.44.51.4662: S = 1497182876:1497182876(0) win 64240 (DF) 02:12:41.006553 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0x17cdf028 = file ""[|bootp] [tos 0x10] 02:12:41.114964 201.1.35.225.3413 > 200.167.44.51.4662: S = 3999339494:3999339494(0) win 16384 (DF) 02:12:41.878832 82.166.188.246.rfa > 200.167.44.51.rfa: udp 20 02:12:43.261797 81.251.69.223.4494 > 200.167.44.51.4662: S = 354180278:354180278(0) win 65535 (DF) 02:12:43.371558 81.32.26.198.2330 > 200.167.44.51.4662: S = 3147571481:3147571481(0) win 65535 (DF) 02:12:43.520061 80.221.1.154.37414 > 200.167.44.51.4662: S = 1400948887:1400948887(0) win 5808 (DF) 02:12:44.264778 80.14.171.164.33558 > 200.167.44.51.4662: S = 66547050:66547050(0) win 64240 (DF) 02:12:46.398626 81.32.26.198.2330 > 200.167.44.51.4662: S = 3147571481:3147571481(0) win 65535 (DF) 02:12:46.479287 80.202.19.94.55223 > 200.167.44.51.4662: S = 1497182876:1497182876(0) win 64240 (DF) 02:12:47.480757 80.14.171.164.33558 > 200.167.44.51.4662: S = 66547050:66547050(0) win 64240 (DF) 02:12:48.583606 64.4.48.253.http > 200.167.44.51.4365: R 0:0(0) win 0 02:12:52.369840 217.82.137.228.rfa > 200.167.44.51.rfa: udp 20 02:12:52.404989 81.32.26.198.2330 > 200.167.44.51.4662: S = 3147571481:3147571481(0) win 65535 (DF) 02:12:53.022656 61.216.74.9.2506 > 200.167.44.51.4662: S = 1151835960:1151835960(0) win 65535 (DF) 02:12:53.044930 80.14.171.164.33558 > 200.167.44.51.4662: S = 66547050:66547050(0) win 64240 (DF) 02:12:55.712684 61.216.74.9.2506 > 200.167.44.51.4662: S = 1151835960:1151835960(0) win 65535 (DF) 02:12:56.016275 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0xc407ab6a = [|bootp] [tos 0x10] 02:12:56.105747 200.167.40.1.bootps > 200.167.42.15.bootpc: hops:1 = xid:0xc407ab6a Y:200.167.42.15 G:200.167.44.1 [|bootp] (DF) [tos = 0x1,ECT(1)] 02:12:56.106381 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0xc407ab6a = file ""[|bootp] [tos 0x10] 02:12:56.433710 217.136.155.126.2330 > 200.167.44.51.4662: S = 15506397:15506397(0) win 64240 (DF) 02:12:59.034178 213.8.173.89.rfa > 200.167.44.51.rfa: udp 20 02:12:59.322157 217.136.155.126.2330 > 200.167.44.51.4662: S = 15506397:15506397(0) win 64240 (DF) 02:13:01.761299 61.216.74.9.2506 > 200.167.44.51.4662: S = 1151835960:1151835960(0) win 65535 (DF) 02:13:02.016179 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0xc407ab6a = file ""[|bootp] [tos 0x10] 02:13:02.030281 81.56.180.109.rkinit > 200.167.44.51.4662: S = 2493220947:2493220947(0) win 65535 (DF) 02:13:04.925616 81.56.180.109.rkinit > 200.167.44.51.4662: S = 2493220947:2493220947(0) win 65535 (DF) 02:13:05.500308 217.136.155.126.2330 > 200.167.44.51.4662: S = 15506397:15506397(0) win 64240 (DF) 02:13:06.772976 200.167.234.44.rfa > 200.167.44.51.http: S = 1956253485:1956253485(0) win 16384 (DF) and if i didnt stop.. it would be an endless loop...=20 any ideas?? i just dont know anymore what to do ------=_NextPart_000_0077_01C40F7A.32B29E50-- From owner-freebsd-net@FreeBSD.ORG Sun Mar 21 17:12:56 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BC9D16A4CE for ; Sun, 21 Mar 2004 17:12:56 -0800 (PST) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4A54343D39 for ; Sun, 21 Mar 2004 17:12:56 -0800 (PST) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([24.7.73.28]) by comcast.net (rwcrmhc11) with ESMTP id <2004032201125501300dtgpae>; Mon, 22 Mar 2004 01:12:55 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id RAA27259; Sun, 21 Mar 2004 17:13:09 -0800 (PST) Date: Sun, 21 Mar 2004 17:13:07 -0800 (PST) From: Julian Elischer To: =?iso-8859-1?q?manish=20gautam?= In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Problem in Netgraph ( TESTING OF MY NODE ) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Mar 2004 01:12:56 -0000 On Sun, 21 Mar 2004, Julian Elischer wrote: > > > On Sun, 21 Mar 2004, [iso-8859-1] manish gautam wrote: > > > Ist problem > > ============= > > > > i hav created my own node named "m" .and using > > commands > > > > kldload netgraph > > kldload ng_ether > > kldload ng_m > > > > i also create an ether node and then i attach my "m" > > node to ether node using > > > > ngctl mkpeer ed0: m upper right > > > > after that on command ::--> > > > > ngctl msg my_m: getstats ( my_m is name of peer to > > ether i.e my node ) > > > > result is as follows ::--> > > > > Rec'd response "getstats" (1) from "my_m:": > > Args: { right={inOctets=3508 inFrames=54 } > > left={outOctets=3508 outFrames=54 } } > > > It means that your module is doing SOMETHING > I can not say if it is working as I don't know aything about your node.. > I presume it is based on the 'tee' node.. > > > > > > Does that mean my node is working... YES or NO? > > If yes , is every packet coming through ethernet card > > pass through my node. > > no, you only connected to the 'upper' part of the ethernet > interface so you are only capturing outgoing packets > I'm not sure if the node correctly does not count bytes going out a > disconnected hook or not. Looking at ng_tee I see a bug where bytes are counted even if the output hook is diconnected.. I will commit a fix now.... > > > you should also do: ngctl connect ng_m: ed0: left lower > > or something like that I presume > > you may also want to look at the ng_etf node > (and it's man page (man ng_etf) > > > I'm presuming youhave read the man pages.. there should be one for every > node type.. > ng_tee ng_ether etc. > > > If no, how do I check it and made every packet pass > > through my own node. > > > look at the packets by attaching nghook to the left2right and > right2left hooks > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Sun Mar 21 19:28:24 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9CCBE16A4CE for ; Sun, 21 Mar 2004 19:28:24 -0800 (PST) Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [202.249.10.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id 214A543D2F for ; Sun, 21 Mar 2004 19:28:24 -0800 (PST) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from ocean.jinmei.org (unknown [2001:200:0:8002:200:39ff:fe5e:cfd7]) by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP id 7415015210; Mon, 22 Mar 2004 12:28:22 +0900 (JST) Date: Mon, 22 Mar 2004 12:28:20 +0900 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: "Holger Eitzenberger" In-Reply-To: <20040319230638.A25674@eitzenberger.name> References: <20040319230638.A25674@eitzenberger.name> User-Agent: Wanderlust/2.10.1 (Watching The Wheels) Emacs/21.3 Mule/5.0 (SAKAKI) Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan. MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: IPsec: problems after upgrade 4.8 to 4.9 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Mar 2004 03:28:24 -0000 >>>>> On Fri, 19 Mar 2004 23:06:38 +0100, >>>>> "Holger Eitzenberger" said: > I was sucessfully running FBSD 4.8 with X509 certicate VPN. > After installation of FBSD 4.9 I get the following error messages: > isakmp.c:899:isakmp_ph1begin_r(): begin Identity Protection mode. > ERROR: ipsec_doi.c:1318:get_transform(): Only a single transform payload is allowed during phase 1 processing. > (*) ERROR: ipsec_doi.c:440:print_ph1mismatched(): rejected dh_group: DB(prop#1:trns#1):Peer(prop#0:trns#0) = 1024-bit MODP group:1536-bit MODP group > ERROR: ipsec_doi.c:243:get_ph1approval(): no suitable proposal found. > ERROR: isakmp_ident.c:782:ident_r1recv(): failed to get valid proposal. > ERROR: isakmp.c:913:isakmp_ph1begin_r(): failed to process packet. > The connecting peer is a Linux box (FreeSwan 1.99). > Line (*) looks suspicious to me. Is there some persistant data > between too VPN "sessions", which is now missing on one side of > the link after installation? If you don't mind, could you ask the question at racoon@kame.net please? Right now the primary developer of racoon (it's not me, BTW) is too busy to answer questions, but there are other experts who may be able to help you at the mailing list. JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp From owner-freebsd-net@FreeBSD.ORG Sun Mar 21 22:11:23 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C4C8D16A4CE for ; Sun, 21 Mar 2004 22:11:23 -0800 (PST) Received: from rackman.netvulture.com (adsl-63-197-17-60.dsl.snfc21.pacbell.net [63.197.17.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 684B243D3F for ; Sun, 21 Mar 2004 22:11:23 -0800 (PST) (envelope-from vulture@netvulture.com) Received: from netvulture.com (bigv [192.168.2.130])i2M6B9Pd050381; Sun, 21 Mar 2004 22:11:14 -0800 (PST) Message-ID: <405E8387.70605@netvulture.com> Date: Sun, 21 Mar 2004 22:11:19 -0800 From: Jonathan Feally User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Alan Glait References: <000801c40f56$e168c380$2e9a59c8@aeg2k> In-Reply-To: <000801c40f56$e168c380$2e9a59c8@aeg2k> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean cc: freebsd-net@freebsd.org Subject: Re: NAT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Mar 2004 06:11:23 -0000 You need to compile a custom kernel with as a minimum options IPFIREWALL # puts ipfw statically into kernel options IPDIVERT # see divert Disable - this will enable it which is required for divert rule and natd You may also want this options options IPFIREWALL_FORWARD #enable transparent proxy support options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default options DUMMYNET #traffic shaping options RANDOM_IP_ID #little more protection from hackers Alan Glait wrote: >Hi ! >I want to connect my win to my freebsd. But the nat is not working. How I check if my kernel have ipfw ? >Now, when I start the pc I get something "IP packet filtering enable, divert Disable, IP forwarding enable" .. What this means ?? Is it working ?? > >Regards Alan >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > From owner-freebsd-net@FreeBSD.ORG Sun Mar 21 23:21:42 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA56716A4CE for ; Sun, 21 Mar 2004 23:21:42 -0800 (PST) Received: from mizar.origin-it.net (mizar.origin-it.net [194.8.96.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id E69A743D2D for ; Sun, 21 Mar 2004 23:21:41 -0800 (PST) (envelope-from helge.oldach@atosorigin.com) Received: from matar.hbg.de.int.atosorigin.com (dehsfw3e.origin-it.net [194.8.96.68])i2M7LeJk009658 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 22 Mar 2004 08:21:40 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: from galaxy.hbg.de.ao-srv.com (galaxy.hbg.de.ao-srv.com [161.89.20.4])ESMTP id i2M7LdHt095340; Mon, 22 Mar 2004 08:21:39 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: (from hmo@localhost) by galaxy.hbg.de.ao-srv.com (8.9.3p2/8.9.3/hmo30mar03) id IAA27512; Mon, 22 Mar 2004 08:21:36 +0100 (MET) Message-Id: <200403220721.IAA27512@galaxy.hbg.de.ao-srv.com> In-Reply-To: <20040319230638.A25674@eitzenberger.name> from Holger Eitzenberger at "Mar 19, 2004 11: 6:38 pm" To: Holger.Eitzenberger@t-online.de (Holger Eitzenberger) Date: Mon, 22 Mar 2004 08:21:35 +0100 (MET) From: Helge Oldach X-Address: Atos Origin GmbH, Friesenstraße 13, D-20097 Hamburg, Germany X-Phone: +49 40 7886 7464, Fax: +49 40 7886 9464, Mobile: +49 160 4782517 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: IPsec: problems after upgrade 4.8 to 4.9 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Mar 2004 07:21:42 -0000 Holger Eitzenberger: > (*) ERROR: ipsec_doi.c:440:print_ph1mismatched(): rejected dh_group: >DB(prop#1:trns#1):Peer(prop#0:trns#0) = 1024-bit MODP group:1536-bit MODP >group > proposal { > encryption_algorithm 3des; > hash_algorithm md5; > authentication_method rsasig; > dh_group 2; Try changing the last line to > dh_group 5; or more verbosely to > dh_group modp1536; Helge From owner-freebsd-net@FreeBSD.ORG Mon Mar 22 11:01:33 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 531AF16A4D0 for ; Mon, 22 Mar 2004 11:01:33 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A40A43D48 for ; Mon, 22 Mar 2004 11:01:33 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.10/8.12.10) with ESMTP id i2MJ1Xbv058336 for ; Mon, 22 Mar 2004 11:01:33 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i2MJ1W5r058330 for freebsd-net@freebsd.org; Mon, 22 Mar 2004 11:01:32 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 22 Mar 2004 11:01:32 -0800 (PST) Message-Id: <200403221901.i2MJ1W5r058330@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Mar 2004 19:01:33 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/07/11] kern/54383 net NFS root configurations without dynamic p 1 problem total. From owner-freebsd-net@FreeBSD.ORG Mon Mar 22 13:28:08 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1059616A4CE for ; Mon, 22 Mar 2004 13:28:08 -0800 (PST) Received: from imhotep.yuckfou.org (cust.89.117.adsl.cistron.nl [195.64.89.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3623B43D39 for ; Mon, 22 Mar 2004 13:28:07 -0800 (PST) (envelope-from nivo+sender+8eb026@yuckfou.org) Received: from localhost (localhost [127.0.0.1]) by imhotep.yuckfou.org (Postfix) with ESMTP id CF3B12E0 for ; Mon, 22 Mar 2004 22:31:22 +0100 (CET) Received: from imhotep.yuckfou.org ([127.0.0.1]) by localhost (imhotep.yuckfou.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 59931-02 for ; Mon, 22 Mar 2004 22:31:22 +0100 (CET) Received: by imhotep.yuckfou.org (Postfix, from userid 1000) id 90AAE2D4; Mon, 22 Mar 2004 22:31:22 +0100 (CET) Received: from yuckfou.org (TURBATA-XP.gondel.local [192.168.2.239]) by localhost.yuckfou.org (tmda-ofmipd) with ESMTP; Mon, 22 Mar 2004 22:31:20 +0100 (CET) Message-ID: <405F5AC9.7020304@yuckfou.org> Date: Mon, 22 Mar 2004 22:29:45 +0100 User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit From: Nils Vogels X-Delivery-Agent: TMDA/1.0.2 (Bold Forbes) X-TMDA-Fingerprint: m4sQ1AaXsbMexo35TfWau6GNl2g X-Virus-Scanned: by amavisd-new at yuckfou.org Subject: Pf's 'borrowing' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Nils Vogels List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Mar 2004 21:28:08 -0000 Hi list, I've been readin up on OBSD's pf and have seen that it supports two things that I really like. Unfortunately, pf isn't available within the 4.x branch at this point, so I wonder if there are ways to achieve the same setup using ipfw/ipf/any other queueing mechanism as described below: I would like to define one queue for my complete bandwidth, lets call it the MAIN queue, and it's 8Mbit/s in size. Within this queue, I would like to specify, that my ssh application (tcp/22) receives 100kb/s of bandwith, but it may burst to the complete line if possible. This is queue SSH The rest of the 7.9Mbit/s is available for any other application, that wants to use bandwidth. It may also use the 100kb/s of the SSH queue, unless SSH needs the bandwith. This is called the DUMP queue. Any leads, hints, possibilities, URL's on the subject would be greatly appreciated. Greetings, Nils. -- Simple guidelines to happiness: Work like you don't need the money, love like your heart has never been broken and dance like no one can see you. From owner-freebsd-net@FreeBSD.ORG Tue Mar 23 04:38:35 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 427DC16A4CE for ; Tue, 23 Mar 2004 04:38:35 -0800 (PST) Received: from darkness.comp.waw.pl (unknown [195.117.238.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id E52E143D39 for ; Tue, 23 Mar 2004 04:38:34 -0800 (PST) (envelope-from pjd@darkness.comp.waw.pl) Received: by darkness.comp.waw.pl (Postfix, from userid 1009) id E28BAAC974; Tue, 23 Mar 2004 13:38:31 +0100 (CET) Date: Tue, 23 Mar 2004 13:38:31 +0100 From: Pawel Jakub Dawidek To: freebsd-net@freebsd.org Message-ID: <20040323123831.GM8930@darkness.comp.waw.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Rm5rkB9L8kG9H2n8" Content-Disposition: inline User-Agent: Mutt/1.4.2i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 5.2.1-RC2 i386 Subject: in_pcbbind_setup(), etc. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Mar 2004 12:38:35 -0000 --Rm5rkB9L8kG9H2n8 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hmm. I'm looking at in_pcbbind_setup() and this doesn't looks right in few places. For example: 'td' can be NULL? It is offten tested, but not always, Line 290: if (sin->sin_addr.s_addr !=3D INADDR_ANY) if (prison_ip(td->td_ucred, 0, &sin->sin_addr.s_addr)) return(EINVAL); td_ucred is used, but 'td' is not tested. If this is always current thread, it can't be NULL, right? If this not have to be current thread, we cannot touch td_ucred here, because (from proc.h): [...] * k - only accessed by curthread [...] struct ucred *td_ucred; /* (k) Reference to credentials. */ [...] Not telling that we can just remove this argument if this is always current thread. --=20 Pawel Jakub Dawidek http://www.FreeBSD.org pjd@FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am! --Rm5rkB9L8kG9H2n8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAYC/HForvXbEpPzQRAgp+AJ4r6LeDODuRxJxYRBQkC1j6N3xQ/wCfZAYl MCqAl8qF5KoTxmM//Vjn3cM= =HL/f -----END PGP SIGNATURE----- --Rm5rkB9L8kG9H2n8-- From owner-freebsd-net@FreeBSD.ORG Tue Mar 23 05:55:13 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E3B916A4CE; Tue, 23 Mar 2004 05:55:13 -0800 (PST) Received: from ebb.errno.com (ebb.errno.com [66.127.85.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id 109B143D3F; Tue, 23 Mar 2004 05:55:13 -0800 (PST) (envelope-from sam@errno.com) Received: from [192.168.254.21] (61-229-32-146.HINET-IP.hinet.net [61.229.32.146]) (authenticated bits=0) by ebb.errno.com (8.12.9/8.12.9) with ESMTP id i2NDt95D056717 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO); Tue, 23 Mar 2004 05:55:11 -0800 (PST) (envelope-from sam@errno.com) In-Reply-To: <20040321013533.GA37342@panzer.kdm.org> References: <20040321013533.GA37342@panzer.kdm.org> Mime-Version: 1.0 (Apple Message framework v609) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Sam Leffler Date: Tue, 23 Mar 2004 21:55:05 +0800 To: "Kenneth D. Merry" X-Mailer: Apple Mail (2.609) cc: freebsd-net@freebsd.org cc: freebsd-mobile@freebsd.org Subject: Re: WEP problems with ndis and ath drivers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Mar 2004 13:55:13 -0000 On Mar 21, 2004, at 9:35 AM, Kenneth D. Merry wrote: > > I have a Dell Inspiron 8500 laptop with an onboard TrueMobile 1300 > (Broadcom, b/g chipset) and a Netgear WAG511 cardbus card (Atheros, > a/b/g > chipset). > > I have a Netgear FWAG114 firewall/access point. (Atheros based, does > a, b > and g.) > > I'm running FreeBSD-current from Friday, March 19th. Both cards talk > to > the access point under FreeBSD when I'm not running WEP, and neither > card > works with WEP enabled. (i.e., neither card will associate with the > base > station with WEP enabled.) > > I have tried putting the key in as both hex digits and as the > passphrase I > used on the router to generate the hex key. (The router claims it's a > 128 > bit key, but it only generates 26 hex digits, so it's really a 104 bit > key > I suppose.) > > Both cards work under Windows with WEP, with either the hex key or the > passphrase entered. > > I have attached ifconfig and wicontrol output from both cards, and > dmesg > output from the laptop. > > To enable the adapter, I've been doing things like this: > > ifconfig {ath0|ndis0} ssid [my ssid] wepmode on wepkey `cat wepkey` > > (where wepkey is a file with the 26 digit hex key, starting with 0x) > > For what it's worth, I've tried setting the authmode to shared > (instead of > "open"), but all I get is the following: > > ifconfig ath0 authmode shared > ifconfig: SIOCS80211: Invalid argument > > The ath driver spits out the following diagnostics when I try to > associate > with either the a or g part of the base station with WEP on: > > > ath0: authentication failed (reason 13) for 00:09:5b:66:0d:f9 > ath0: authentication failed (reason 13) for 00:09:5b:66:0d:f9 > ath0: authentication failed (reason 13) for 00:09:5b:66:0d:f9 > ath0: authentication failed (reason 13) for 00:09:5b:66:0d:f9 > ath0: authentication failed (reason 13) for 00:09:5b:66:2c:5c > ath0: authentication failed (reason 13) for 00:09:5b:66:2c:5c > ath0: authentication failed (reason 13) for 00:09:5b:66:2c:5c > ath0: authentication failed (reason 13) for 00:09:5b:66:2c:5c > > (The first mac address is the a base station, the second is the g base > station.) > > The ndis driver (I'm using the Dell/Broadcom Windows drivers for the > onboard chip) doesn't give any error messages, but doesn't associate > either. > > If anyone has any clues on how to get this to work, I'd love to hear > them. > (Or if you have a similar setup and have managed to get it to work with > WEP, that would be > use sg.ath_ndis.out>__ It appears your AP requires shared-key authentication to associate when WEP is enabled. The current code in the tree does not support shared-key authentication (it's actually a bad idea security-wise). I have tested shared-key support in a p4 branch but haven't committed it yet. If you want it you can find it in my sam_sockets branch. Sam From owner-freebsd-net@FreeBSD.ORG Tue Mar 23 06:43:30 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA53016A4CE; Tue, 23 Mar 2004 06:43:30 -0800 (PST) Received: from mail.butovo-online.ru (mail.b-o.ru [212.5.78.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 140A743D2F; Tue, 23 Mar 2004 06:43:30 -0800 (PST) (envelope-from resident@b-o.ru) Received: from [192.168.92.185] (helo=192.168.92.185) by mail.butovo-online.ru with esmtp (Exim 4.24) id 1B5n8M-000JE0-54; Tue, 23 Mar 2004 17:44:02 +0300 Date: Tue, 23 Mar 2004 17:45:33 +0300 From: Andrew Riabtsev X-Mailer: The Bat! (v1.62i) Business X-Priority: 3 (Normal) Message-ID: <22470292.20040323174533@b-o.ru> To: freebsd-net@freebsd.org, freebsd-mobile@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: problem with an (4.9-STABLE) and Cisco 340 PCI card X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrew Riabtsev List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Mar 2004 14:43:30 -0000 Hello, I have the following problem with runing AIR-PCI340 on FreeBSD 4.9-STABLE: #ifconfig an0 media autoselect ifconfig: SIOCGAIRONET: Operation not permined #ifconfig -m an0 shows availible media types just as usual. Other parameters sets normal (essid, stationname and so on). But with media and mediaopt "Operation not permited". And ancontrol not working at all. All commands leads to "Operation not permited" even "ancontrol -i an0 -C" or "ancontrol -i an0 -l dd98": ancontrol: SIOCGAIRONET: Operation not permined. I have same problem with ifconfig and AIRO340 on FreeBSD 4.7-STABLE too. But on 4.7 ancontrol works, now, on 4.9, ancontrol not working at all :(. I've tried lot of 340ish cards and with all of them the same. And the last: cards work just perfect in infrastructure mode, as they should. Is anybody faced with problem like mine? Is there any solution? Or maybe 340 no longer supports by an-driver? Or what am i doing wrong? I faced with such problem starting from 4.7-STABLE on 4.6-STABLE all works ok (ifconfig and ancontrol). -- Andrew mailto:resident@b-o.ru From owner-freebsd-net@FreeBSD.ORG Tue Mar 23 12:49:30 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C070616A4CE for ; Tue, 23 Mar 2004 12:49:30 -0800 (PST) Received: from mail.numachi.com (meisai.numachi.com [198.175.254.6]) by mx1.FreeBSD.org (Postfix) with SMTP id 7F7EA43D45 for ; Tue, 23 Mar 2004 12:49:28 -0800 (PST) (envelope-from reichert@numachi.com) Received: (qmail 89409 invoked from network); 23 Mar 2004 20:30:45 -0000 Received: from natto.numachi.com (198.175.254.216) by meisai.numachi.com with SMTP; 23 Mar 2004 20:30:45 -0000 Received: (qmail 65661 invoked by uid 1001); 23 Mar 2004 20:30:45 -0000 Date: Tue, 23 Mar 2004 15:30:45 -0500 From: Brian Reichert To: freebsd-net@freebsd.org Message-ID: <20040323203045.GI29783@numachi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.6i Subject: tricking myself w/ multihoming X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Mar 2004 20:49:30 -0000 I think I'm badly misunderstanding the interaction of ipfw and natd and routing in general. I have a multihomed box: rl0: flags=8943 mtu 1500 inet 198.175.254.11 netmask 0xffffff00 broadcast 198.175.254.255 inet 198.175.254.8 netmask 0xffffffff broadcast 198.175.254.8 ether 00:30:bd:21:e5:e9 media: Ethernet autoselect (100baseTX ) status: active rl1: flags=8843 mtu 1500 inet 24.147.155.114 netmask 0xfffff800 broadcast 255.255.255.255 ether 00:50:ba:8b:64:77 media: Ethernet autoselect (100baseTX ) status: active The rl1 interface has natd associated with it, and it behaves as expected. The default route is also on rl1: # netstat -rn | grep default default 24.147.152.1 UGSc 231 273474 rl1 So far, things are as I wanted, and they've been this way for years. I can get to this box from my LAN just fine, and NAT works just fine, and any TCP tunnels on rl1 I've opened up work fine. I've gotten it in my head that I want to run a mail server on this box, publically available via either interface via 198.175.254.8. I've modified my firewall rules on this box slightly: 00040 fwd 198.175.254.1 tcp from 198.175.254.8 to any 25 00050 divert 8668 ip from any to any via rl1 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 65000 allow ip from any to any 65535 deny ip from any to any (198.175.254.1 is my gateway for the public block.) This setup lets outgoing SMTP transactions go out my public block. But, seemingly, it does not allow incoming SMTP sessions to occur. Tcpdump on this box shows me the incoming packets coming to 198.175.254.8, but I'm not seeing these replies to these packets going out at all, much less to 198.175.254.1. Does anyone have any pointers? Do I need to run the mail server in a jail with a separate default route? Is there some other trick I could/should be considering? -- Brian Reichert 37 Crystal Ave. #303 Daytime number: (603) 434-6842 Derry NH 03038-1713 USA BSD admin/developer at large From owner-freebsd-net@FreeBSD.ORG Tue Mar 23 12:51:08 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 53E0C16A4CE for ; Tue, 23 Mar 2004 12:51:08 -0800 (PST) Received: from mail.numachi.com (meisai.numachi.com [198.175.254.6]) by mx1.FreeBSD.org (Postfix) with SMTP id 7B5FB43D49 for ; Tue, 23 Mar 2004 12:51:07 -0800 (PST) (envelope-from reichert@numachi.com) Received: (qmail 89532 invoked from network); 23 Mar 2004 20:33:04 -0000 Received: from natto.numachi.com (198.175.254.216) by meisai.numachi.com with SMTP; 23 Mar 2004 20:33:04 -0000 Received: (qmail 65702 invoked by uid 1001); 23 Mar 2004 20:33:04 -0000 Date: Tue, 23 Mar 2004 15:33:04 -0500 From: Brian Reichert To: freebsd-net@freebsd.org Message-ID: <20040323203304.GJ29783@numachi.com> References: <20040323203045.GI29783@numachi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040323203045.GI29783@numachi.com> User-Agent: Mutt/1.5.6i Subject: Re: tricking myself w/ multihoming X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Mar 2004 20:51:08 -0000 On Tue, Mar 23, 2004 at 03:30:45PM -0500, Brian Reichert wrote: > I think I'm badly misunderstanding the interaction of ipfw and natd > and routing in general. > > I have a multihomed box: I forgot to mention: this box is running 4.9-RELEASE. I've not compiled the ipfw2 stuff yet, as I don't know if would help me here... -- Brian Reichert 37 Crystal Ave. #303 Daytime number: (603) 434-6842 Derry NH 03038-1713 USA BSD admin/developer at large From owner-freebsd-net@FreeBSD.ORG Tue Mar 23 13:47:24 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E1FA16A4CF for ; Tue, 23 Mar 2004 13:47:24 -0800 (PST) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id E0D2043D2F for ; Tue, 23 Mar 2004 13:47:23 -0800 (PST) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.11/8.12.11) with ESMTP id i2NLlN08021312; Tue, 23 Mar 2004 16:47:23 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.11/8.12.11/Submit) id i2NLlN4C021311; Tue, 23 Mar 2004 16:47:23 -0500 (EST) (envelope-from barney) Date: Tue, 23 Mar 2004 16:47:23 -0500 From: Barney Wolff To: Brian Reichert Message-ID: <20040323214723.GA20982@pit.databus.com> References: <20040323203045.GI29783@numachi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040323203045.GI29783@numachi.com> User-Agent: Mutt/1.5.6i X-Scanned-By: MIMEDefang 2.39 cc: freebsd-net@freebsd.org Subject: Re: tricking myself w/ multihoming X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Mar 2004 21:47:24 -0000 On Tue, Mar 23, 2004 at 03:30:45PM -0500, Brian Reichert wrote: > I think I'm badly misunderstanding the interaction of ipfw and natd > and routing in general. > > I have a multihomed box: > > rl0: flags=8943 mtu 1500 > inet 198.175.254.11 netmask 0xffffff00 broadcast 198.175.254.255 > inet 198.175.254.8 netmask 0xffffffff broadcast 198.175.254.8 > ether 00:30:bd:21:e5:e9 > media: Ethernet autoselect (100baseTX ) > status: active > rl1: flags=8843 mtu 1500 > inet 24.147.155.114 netmask 0xfffff800 broadcast 255.255.255.255 > ether 00:50:ba:8b:64:77 > media: Ethernet autoselect (100baseTX ) > status: active First question, probably irrelevant - how did you get 255.255.255.255 as the broadcast addr on rl1? > The rl1 interface has natd associated with it, and it behaves as expected. > > The default route is also on rl1: > > # netstat -rn | grep default > default 24.147.152.1 UGSc 231 273474 rl1 If 198.175.254.1 is really your external gateway, why is the default route heading inside? Are there so many inside nets that you can't list them as explicit routes? > So far, things are as I wanted, and they've been this way for years. > I can get to this box from my LAN just fine, and NAT works just > fine, and any TCP tunnels on rl1 I've opened up work fine. > > I've gotten it in my head that I want to run a mail server on this box, > publically available via either interface via 198.175.254.8. > > I've modified my firewall rules on this box slightly: > > 00040 fwd 198.175.254.1 tcp from 198.175.254.8 to any 25 > 00050 divert 8668 ip from any to any via rl1 > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 deny ip from 127.0.0.0/8 to any > 65000 allow ip from any to any > 65535 deny ip from any to any > > (198.175.254.1 is my gateway for the public block.) > > This setup lets outgoing SMTP transactions go out my public block. > > But, seemingly, it does not allow incoming SMTP sessions to occur. Try adding 00045 fwd 198.175.254.1 tcp from 198.175.254.8 25 to any . But really, the problem is better solved by setting your default route to 198.175.254.1 rather than playing ipfw games. How is DNS working? Oh, and please do put some more secure rules in if you're really Internet connected. > Tcpdump on this box shows me the incoming packets coming to > 198.175.254.8, but I'm not seeing these replies to these packets > going out at all, much less to 198.175.254.1. Probably going out rl1. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Tue Mar 23 14:53:02 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 06A4616A4CF for ; Tue, 23 Mar 2004 14:53:02 -0800 (PST) Received: from mail.numachi.com (meisai.numachi.com [198.175.254.6]) by mx1.FreeBSD.org (Postfix) with SMTP id 1E4AD43D2D for ; Tue, 23 Mar 2004 14:53:01 -0800 (PST) (envelope-from reichert@numachi.com) Received: (qmail 95934 invoked from network); 23 Mar 2004 22:32:26 -0000 Received: from natto.numachi.com (198.175.254.216) by meisai.numachi.com with SMTP; 23 Mar 2004 22:32:26 -0000 Received: (qmail 66496 invoked by uid 1001); 23 Mar 2004 22:32:25 -0000 Date: Tue, 23 Mar 2004 17:32:25 -0500 From: Brian Reichert To: Barney Wolff Message-ID: <20040323223225.GK29783@numachi.com> References: <20040323203045.GI29783@numachi.com> <20040323214723.GA20982@pit.databus.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040323214723.GA20982@pit.databus.com> User-Agent: Mutt/1.5.6i cc: freebsd-net@freebsd.org Subject: Re: tricking myself w/ multihoming X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Mar 2004 22:53:02 -0000 On Tue, Mar 23, 2004 at 04:47:23PM -0500, Barney Wolff wrote: > First question, probably irrelevant - how did you get 255.255.255.255 as > the broadcast addr on rl1? Good question. Said interface is set via dhclient, and values are provided by my cable company. > If 198.175.254.1 is really your external gateway, why is the default > route heading inside? Are there so many inside nets that you can't > list them as explicit routes? It's not 'inside', it's out my second pipe (the cable modem). This box has been my secondary MX, NS, and my squid cache (outgoing). My public IP is routed over my DSL line. This box, though, is my 'back door'; I vector higher-bandwidth traffic out over it (via NAT and otherwise), and maintain some incoming TCP tunnels, so I can crawl into my net when my primary ISP is having issues. > Try adding 00045 fwd 198.175.254.1 tcp from 198.175.254.8 25 to any . Ok, I'll give that a shot. Hmm, nope, no effect. > But really, the problem is better solved by setting your default > route to 198.175.254.1 rather than playing ipfw games. True enough, but then how to I route squid queries, etc. out that interface? What I want. magically, is 'replies to packets from not-my-net in via rl0 to go out via 198.175.254.1'. I'm having trouble phrasing that in an ipfw-flavored way. > How is DNS > working? Well. :) I have two internal caches (one available on each pipe), and two servers (again, one on each pipe). I also run a pair of keyed NTP servers. Bear in mind, I've gots scads of machines on my net. This is the only dual-homed box, and hence some of my confusion. > Oh, and please do put some more secure rules in if you're really > Internet connected. Oh, 198.175.254.1 is a far more fully developed firewall, no worries there. > > Tcpdump on this box shows me the incoming packets coming to > > 198.175.254.8, but I'm not seeing these replies to these packets > > going out at all, much less to 198.175.254.1. > > Probably going out rl1. Then tcpdump should show that, shouldn't it? # tcpdump -nl host 198.175.254.8 I see packets coming in: 17:19:06.120189 205.206.231.27.45785 > 198.175.254.8.25: S 1457712783:1457712783(0) win 5840 (DF) But no packets going out from 198.175.254.8, on either interface... Is natd rewriting them before tcpdump gets to see them? How do I prevent these packets from being diverted? Thanks for the feedback, BTW... > -- > Barney Wolff http://www.databus.com/bwresume.pdf > I'm available by contract or FT, in the NYC metro area or via the 'Net. -- Brian Reichert 37 Crystal Ave. #303 Daytime number: (603) 434-6842 Derry NH 03038-1713 USA BSD admin/developer at large From owner-freebsd-net@FreeBSD.ORG Tue Mar 23 15:06:31 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE1E916A4CE for ; Tue, 23 Mar 2004 15:06:31 -0800 (PST) Received: from mail.numachi.com (meisai.numachi.com [198.175.254.6]) by mx1.FreeBSD.org (Postfix) with SMTP id 7358543D46 for ; Tue, 23 Mar 2004 15:06:29 -0800 (PST) (envelope-from reichert@numachi.com) Received: (qmail 96920 invoked from network); 23 Mar 2004 22:44:24 -0000 Received: from natto.numachi.com (198.175.254.216) by meisai.numachi.com with SMTP; 23 Mar 2004 22:44:24 -0000 Received: (qmail 66591 invoked by uid 1001); 23 Mar 2004 22:44:24 -0000 Date: Tue, 23 Mar 2004 17:44:24 -0500 From: Brian Reichert To: freebsd-net@freebsd.org Message-ID: <20040323224424.GL29783@numachi.com> References: <20040323203045.GI29783@numachi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040323203045.GI29783@numachi.com> User-Agent: Mutt/1.5.6i Subject: Re: tricking myself w/ multihoming X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Mar 2004 23:06:32 -0000 On Tue, Mar 23, 2004 at 03:30:45PM -0500, Brian Reichert wrote: > I've modified my firewall rules on this box slightly: > > 00040 fwd 198.175.254.1 tcp from 198.175.254.8 to any 25 > 00050 divert 8668 ip from any to any via rl1 > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 deny ip from 127.0.0.0/8 to any > 65000 allow ip from any to any > 65535 deny ip from any to any Lameness on my part; I was neglecting source vs destination ports: > 00040 fwd 198.175.254.1 tcp from 198.175.254.8 to any 25 I've opened this to 00040 fwd 198.175.254.1 tcp from 198.175.254.8 to any and now stuff's flowing. Sorry for the noise... -- Brian Reichert 37 Crystal Ave. #303 Daytime number: (603) 434-6842 Derry NH 03038-1713 USA BSD admin/developer at large From owner-freebsd-net@FreeBSD.ORG Tue Mar 23 15:18:38 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D87316A4CE; Tue, 23 Mar 2004 15:18:38 -0800 (PST) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id BCB4643D2D; Tue, 23 Mar 2004 15:18:37 -0800 (PST) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.10/8.12.10) with ESMTP id i2NNGVxC020681; Tue, 23 Mar 2004 18:16:31 -0500 (EST) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)i2NNGVRK020678; Tue, 23 Mar 2004 18:16:31 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Tue, 23 Mar 2004 18:16:31 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Pawel Jakub Dawidek In-Reply-To: <20040323123831.GM8930@darkness.comp.waw.pl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@FreeBSD.org Subject: Re: in_pcbbind_setup(), etc. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Mar 2004 23:18:38 -0000 On Tue, 23 Mar 2004, Pawel Jakub Dawidek wrote: > I'm looking at in_pcbbind_setup() and this doesn't looks right in few > places. > > For example: 'td' can be NULL? It is offten tested, but not always, > Line 290: > if (sin->sin_addr.s_addr != INADDR_ANY) > if (prison_ip(td->td_ucred, 0, &sin->sin_addr.s_addr)) > return(EINVAL); > td_ucred is used, but 'td' is not tested. > > If this is always current thread, it can't be NULL, right? If this not > have to be current thread, we cannot touch td_ucred here, because (from > proc.h): Prior to FreeBSD 5.x, curproc could be NULL in interrupt context. With the introduction of curthread and the move to interrupt threads, curthread became always non-NULL. However, sometimes the use of curthread may not make sense. :-) I think I'd prefer it if we passed an explicit credential into a number of these situations, which could be NULL if "the system" was requesting a service as opposed to an explicit user process. However, I'm not 100% convinced that is the right approach either. Note that we have some similar "confusions" relating to use of cached credentials in sockets, etc. The whole issue probably needs to be discussed after some detailed analysis, and revisited. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Senior Research Scientist, McAfee Research > > [...] > * k - only accessed by curthread > [...] > struct ucred *td_ucred; /* (k) Reference to credentials. */ > [...] > > Not telling that we can just remove this argument if this is always > current thread. > > -- > Pawel Jakub Dawidek http://www.FreeBSD.org > pjd@FreeBSD.org http://garage.freebsd.pl > FreeBSD committer Am I Evil? Yes, I Am! > From owner-freebsd-net@FreeBSD.ORG Tue Mar 23 19:58:07 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF9FD16A4CE; Tue, 23 Mar 2004 19:58:07 -0800 (PST) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id C02D943D2D; Tue, 23 Mar 2004 19:58:07 -0800 (PST) (envelope-from garycor@comcast.net) Received: from comcast.net (pcp09118143pcs.union01.nj.comcast.net[69.142.234.88]) by comcast.net (rwcrmhc11) with SMTP id <2004032403580401300e03vve> (Authid: garycor); Wed, 24 Mar 2004 03:58:07 +0000 Message-ID: <406108F7.3030704@comcast.net> Date: Tue, 23 Mar 2004 23:05:11 -0500 From: Gary Corcoran User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Sam Leffler References: <20040321013533.GA37342@panzer.kdm.org> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: "Kenneth D. Merry" cc: freebsd-mobile@freebsd.org Subject: Re: WEP problems with ndis and ath drivers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2004 03:58:08 -0000 Sam Leffler wrote: > It appears your AP requires shared-key authentication to associate when > WEP is enabled. The current code in the tree does not support > shared-key authentication (it's actually a bad idea security-wise). I don't claim to be an "expert" on WiFi, but the project I'm on at work involves WiFi, so I've had to learn a few things. One thing I learned is that you have a choice of "open" or "shared-key" authentication, and I eventually found out what "open" means. It is supposedly better described as "no authentication", because your access point is "open", or usable without authentication. This is independent (on at least some access points) of whether you have WEP turned on. That is, with WEP on, you can have either open or shared-key authentication. On other acess points, however, it appears that if you have WEP turned on, then it implies shared-key, rather than the no-authentication "open" mode, which seems to make sense - if you want security, you don't want just anyone "authenticating". Hence I'm curious why, if "open" equates to "no" authentication, you suggest that shared-key authentication is a worse option? Perhaps it is - I'm just trying to learn a bit more... BTW, although I've only played with it a bit on FreeBSD and Linux, thanks for your work on the Atheros drivers, Sam. Gary From owner-freebsd-net@FreeBSD.ORG Tue Mar 23 21:36:39 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 35E0016A4CE; Tue, 23 Mar 2004 21:36:39 -0800 (PST) Received: from cow.home.mshindo.net (usen-221x245x168x210.ap-US01.usen.ad.jp [221.245.168.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3E58A43D41; Tue, 23 Mar 2004 21:36:38 -0800 (PST) (envelope-from mshindo@mshindo.net) Received: from localhost (usen-221x245x168x210.ap-US01.usen.ad.jp [221.245.168.210]) by cow.home.mshindo.net (8.12.6/8.12.6) with ESMTP id i2O5cidN007553; Wed, 24 Mar 2004 14:38:45 +0900 (JST) (envelope-from mshindo@mshindo.net) Date: Wed, 24 Mar 2004 14:36:22 +0900 (JST) Message-Id: <20040324.143622.59463083.mshindo@mshindo.net> To: garycor@comcast.net From: Motonori Shindo In-Reply-To: <406108F7.3030704@comcast.net> References: <20040321013533.GA37342@panzer.kdm.org> <406108F7.3030704@comcast.net> X-Mailer: Mew version 4.0.64 on Emacs 21.2 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: sam@errno.com cc: ken@kdm.org cc: freebsd-mobile@freebsd.org cc: freebsd-net@freebsd.org Subject: Re: WEP problems with ndis and ath drivers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2004 05:36:39 -0000 Gary, From: Gary Corcoran Subject: Re: WEP problems with ndis and ath drivers Date: Tue, 23 Mar 2004 23:05:11 -0500 > Sam Leffler wrote: > > > It appears your AP requires shared-key authentication to associate when > > WEP is enabled. The current code in the tree does not support > > shared-key authentication (it's actually a bad idea security-wise). > > Hence I'm curious why, if "open" equates to "no" authentication, > you suggest that shared-key authentication is a worse option? > Perhaps it is - I'm just trying to learn a bit more... Shared-key authentication is in fact a worse option than open authentication. Basic idea how shared-key authentication works is as follows: Station Access Point Auth Req .... (1) -----------------------> Challenge .... (2) <---------------------- WEP(IV+Key, Challenge) .... (3) -----------------------> Auth OK .... (4) <---------------------- Access Point challenges the Station with random number (128 octets). Station then encrypts it using WEP with a key shared by both Station and Access Point, and send it back to the Access Point. Access Point validates the reply by first decrypting the packet and then calculating the ICV. If ICV tells it is OK, then Access Point grants the access. Suppose that malicious user sniffs this authentication sequence. Malicious Station Access Point Auth Req -----------------------> .... (a) Challenge <---------------------- .... (b) ????? -----------------------> .... (c) Auth OK !! <---------------------- .... (d) The first two steps (step (a) and (b)) is just like the legitimate case (step (1) and (2)). Because malicious user doesn't know the WEP key, it may look that (s)he has no way to send a correct challenge response in step (c). In fact, this is exactly where this authentication scheme is broken!! Because WEP is based on RC4 stream cipher, XORing the messages in step (2) and (3) recovers the "key stream" associated with a given IV (note that this is not the WEP key). Malicious user then computes "(2) XOR (3) XOR (b)" to come up with a challenge response and sends it back to the Access Point with IV observed in step (3). This challenge response will be accepted the Access Point as valid even if malicious user doesn't know the WEP key!! Well, I intentionally omitted a few minor points (e.g. authentication frame format, linearity of CRC32 and XOR, etc.) in this explanation for brevity, but this attack can still be mounted anyway. You can easily see that this authentication scheme is in fact worse than nothing (open authentication). Access Points leaks key stream of first 128 octets every time this authentication is performed just for free to everybody (including malicious users). Considering all this, Access Point should always reject shared-key authentication even if Station requests it. From owner-freebsd-net@FreeBSD.ORG Tue Mar 23 21:39:40 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC3BC16A4CE; Tue, 23 Mar 2004 21:39:39 -0800 (PST) Received: from panzer.kdm.org (panzer.kdm.org [216.160.178.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 28AA943D48; Tue, 23 Mar 2004 21:39:39 -0800 (PST) (envelope-from ken@panzer.kdm.org) Received: from panzer.kdm.org (localhost [127.0.0.1]) by panzer.kdm.org (8.12.9/8.12.5) with ESMTP id i2O5dYLX057833; Tue, 23 Mar 2004 22:39:34 -0700 (MST) (envelope-from ken@panzer.kdm.org) Received: (from ken@localhost) by panzer.kdm.org (8.12.9/8.12.5/Submit) id i2O5dYZL057832; Tue, 23 Mar 2004 22:39:34 -0700 (MST) (envelope-from ken) Date: Tue, 23 Mar 2004 22:39:34 -0700 From: "Kenneth D. Merry" To: Sam Leffler Message-ID: <20040324053934.GA57761@panzer.kdm.org> References: <20040321013533.GA37342@panzer.kdm.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i cc: freebsd-net@freebsd.org cc: freebsd-mobile@freebsd.org Subject: Re: WEP problems with ndis and ath drivers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2004 05:39:40 -0000 On Tue, Mar 23, 2004 at 21:55:05 +0800, Sam Leffler wrote: > On Mar 21, 2004, at 9:35 AM, Kenneth D. Merry wrote: > > > > >I have a Dell Inspiron 8500 laptop with an onboard TrueMobile 1300 > >(Broadcom, b/g chipset) and a Netgear WAG511 cardbus card (Atheros, > >a/b/g > >chipset). > > > >I have a Netgear FWAG114 firewall/access point. (Atheros based, does > >a, b > >and g.) > > > >I'm running FreeBSD-current from Friday, March 19th. Both cards talk > >to > >the access point under FreeBSD when I'm not running WEP, and neither > >card > >works with WEP enabled. (i.e., neither card will associate with the > >base > >station with WEP enabled.) > > > >I have tried putting the key in as both hex digits and as the > >passphrase I > >used on the router to generate the hex key. (The router claims it's a > >128 > >bit key, but it only generates 26 hex digits, so it's really a 104 bit > >key > >I suppose.) > > > >Both cards work under Windows with WEP, with either the hex key or the > >passphrase entered. > > > >I have attached ifconfig and wicontrol output from both cards, and > >dmesg > >output from the laptop. > > > >To enable the adapter, I've been doing things like this: > > > >ifconfig {ath0|ndis0} ssid [my ssid] wepmode on wepkey `cat wepkey` > > > >(where wepkey is a file with the 26 digit hex key, starting with 0x) > > > >For what it's worth, I've tried setting the authmode to shared > >(instead of > >"open"), but all I get is the following: > > > >ifconfig ath0 authmode shared > >ifconfig: SIOCS80211: Invalid argument > > > >The ath driver spits out the following diagnostics when I try to > >associate > >with either the a or g part of the base station with WEP on: > > > > > >ath0: authentication failed (reason 13) for 00:09:5b:66:0d:f9 > >ath0: authentication failed (reason 13) for 00:09:5b:66:0d:f9 > >ath0: authentication failed (reason 13) for 00:09:5b:66:0d:f9 > >ath0: authentication failed (reason 13) for 00:09:5b:66:0d:f9 > >ath0: authentication failed (reason 13) for 00:09:5b:66:2c:5c > >ath0: authentication failed (reason 13) for 00:09:5b:66:2c:5c > >ath0: authentication failed (reason 13) for 00:09:5b:66:2c:5c > >ath0: authentication failed (reason 13) for 00:09:5b:66:2c:5c > > > >(The first mac address is the a base station, the second is the g base > >station.) > > > >The ndis driver (I'm using the Dell/Broadcom Windows drivers for the > >onboard chip) doesn't give any error messages, but doesn't associate > >either. > > > >If anyone has any clues on how to get this to work, I'd love to hear > >them. > >(Or if you have a similar setup and have managed to get it to work with > >WEP, that would be > >use >sg.ath_ndis.out>__ > > It appears your AP requires shared-key authentication to associate when > WEP is enabled. The current code in the tree does not support > shared-key authentication (it's actually a bad idea security-wise). I > have tested shared-key support in a p4 branch but haven't committed it > yet. If you want it you can find it in my sam_sockets branch. I'll check out the branch, thanks! I'm a bit confused about shared key authentication as well, though. My router basically has a couple of radio buttons on the WEP configuration page: Authentication Type: ( ) Open System ( ) Shared Key WEP: ( ) Disable ( ) Enable They say the following about it: "Select your Authentication Type: * Open System (no authentication or encryption) * Shared Key "For easy installation, Open System is the default. However, NETGEAR strongly recommends that you change to Shared Key. If Shared Key is selected, you need to enable the WEP and enter at least one shared key." So I've got Shared Key and Enable, respectively, set. Is there another scheme that's more secure that my router doesn't support? (Perhaps they've got a firmware upgrade for it.) Ken -- Kenneth Merry ken@kdm.org From owner-freebsd-net@FreeBSD.ORG Tue Mar 23 21:52:13 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1456B16A4CE; Tue, 23 Mar 2004 21:52:13 -0800 (PST) Received: from panzer.kdm.org (panzer.kdm.org [216.160.178.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5F39843D31; Tue, 23 Mar 2004 21:52:12 -0800 (PST) (envelope-from ken@panzer.kdm.org) Received: from panzer.kdm.org (localhost [127.0.0.1]) by panzer.kdm.org (8.12.9/8.12.5) with ESMTP id i2O5q5LX057958; Tue, 23 Mar 2004 22:52:05 -0700 (MST) (envelope-from ken@panzer.kdm.org) Received: (from ken@localhost) by panzer.kdm.org (8.12.9/8.12.5/Submit) id i2O5q4Wh057957; Tue, 23 Mar 2004 22:52:04 -0700 (MST) (envelope-from ken) Date: Tue, 23 Mar 2004 22:52:04 -0700 From: "Kenneth D. Merry" To: Motonori Shindo Message-ID: <20040324055204.GB57761@panzer.kdm.org> References: <20040321013533.GA37342@panzer.kdm.org> <406108F7.3030704@comcast.net> <20040324.143622.59463083.mshindo@mshindo.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040324.143622.59463083.mshindo@mshindo.net> User-Agent: Mutt/1.4.1i cc: sam@errno.com cc: garycor@comcast.net cc: freebsd-mobile@freebsd.org cc: freebsd-net@freebsd.org Subject: Re: WEP problems with ndis and ath drivers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2004 05:52:13 -0000 On Wed, Mar 24, 2004 at 14:36:22 +0900, Motonori Shindo wrote: > Gary, > > From: Gary Corcoran > Subject: Re: WEP problems with ndis and ath drivers > Date: Tue, 23 Mar 2004 23:05:11 -0500 > > > Sam Leffler wrote: > > > > > It appears your AP requires shared-key authentication to associate when > > > WEP is enabled. The current code in the tree does not support > > > shared-key authentication (it's actually a bad idea security-wise). > > > > Hence I'm curious why, if "open" equates to "no" authentication, > > you suggest that shared-key authentication is a worse option? > > Perhaps it is - I'm just trying to learn a bit more... > > Shared-key authentication is in fact a worse option than open > authentication. Basic idea how shared-key authentication works is as > follows: > > > Station Access Point > Auth Req .... (1) > -----------------------> > Challenge .... (2) > <---------------------- > WEP(IV+Key, Challenge) .... (3) > -----------------------> > Auth OK .... (4) > <---------------------- > > > Access Point challenges the Station with random number (128 > octets). Station then encrypts it using WEP with a key shared by both > Station and Access Point, and send it back to the Access Point. Access > Point validates the reply by first decrypting the packet and then > calculating the ICV. If ICV tells it is OK, then Access Point grants > the access. > > Suppose that malicious user sniffs this authentication sequence. > > > Malicious > Station Access Point > Auth Req > -----------------------> .... (a) > Challenge > <---------------------- .... (b) > ????? > -----------------------> .... (c) > Auth OK !! > <---------------------- .... (d) > > The first two steps (step (a) and (b)) is just like the legitimate > case (step (1) and (2)). Because malicious user doesn't know the WEP > key, it may look that (s)he has no way to send a correct challenge > response in step (c). In fact, this is exactly where this > authentication scheme is broken!! Because WEP is based on RC4 stream > cipher, XORing the messages in step (2) and (3) recovers the "key > stream" associated with a given IV (note that this is not the WEP > key). Malicious user then computes "(2) XOR (3) XOR (b)" to come up > with a challenge response and sends it back to the Access Point with > IV observed in step (3). This challenge response will be accepted the > Access Point as valid even if malicious user doesn't know the WEP > key!! Well, I intentionally omitted a few minor points > (e.g. authentication frame format, linearity of CRC32 and XOR, etc.) > in this explanation for brevity, but this attack can still be mounted > anyway. > > You can easily see that this authentication scheme is in fact worse > than nothing (open authentication). Access Points leaks key stream of > first 128 octets every time this authentication is performed just for > free to everybody (including malicious users). > > Considering all this, Access Point should always reject shared-key > authentication even if Station requests it. Yikes!! That is bad. So what's the point of WEP then? I knew it was insecure, but that is pretty lame. Is there any other authentication scheme for WEP that won't reveal the key to a malicious 3rd party? I suppose, at least with my router, the best thing to do would be to use WEP for data transmission and control access via MAC address. The next step would probably be to put a firewall on the inside of the router and only allow through traffic that is encrypted with IPSec... Ken -- Kenneth Merry ken@kdm.org From owner-freebsd-net@FreeBSD.ORG Wed Mar 24 02:54:05 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 01CDC16A4CE; Wed, 24 Mar 2004 02:54:05 -0800 (PST) Received: from mail1b.webmessenger.it (mail1.webmessenger.it [193.70.193.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id F1E5143D45; Wed, 24 Mar 2004 02:54:03 -0800 (PST) (envelope-from tortomari@email.it) Received: from email.it (193.70.193.241) by mail1b.webmessenger.it (7.0.019) id 40606B17000075CE; Wed, 24 Mar 2004 11:53:54 +0100 Date: Wed, 24 Mar 2004 11:53:53 +0100 Message-Id: MIME-Version: 1.0 X-Sensitivity: 3 Content-Type: multipart/mixed; boundary="_=__=_XaM3_.1080125633.2A.383416.42.18170.52.42.007.27129" From: "Mariano" To: "freebsd-ipfw" X-XaM3-API-Version: 4.1 (B16) X-type: 0 X-SenderIP: 80.182.104.150 cc: freebsd-net Subject: Request for testing ipfw2/dummynet under ipv6 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2004 10:54:05 -0000 --_=__=_XaM3_.1080125633.2A.383416.42.18170.52.42.007.27129 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Hi, I've develped with my friend Raffaele De Lorenzo a working version = of ipfw2/dummynet with the support of IPv6 protocol, this is an upgrade =0D = of the previous version posted on http://docs.freebsd.org/cgi/getmsg.cg= i?fetch=3D44395+0+archive/2004/freebsd-ipfw/20040118.freebsd-ipfw by my s= upervisor Luigi Rizzo in 14 Jan. THIS IS STILL AN EVALUATION CODE,= DO NOT USE AS REGULAR We have solved the bugs of the previous code = and this seems to work, the semantic of the userland interface is still u= nder development. The "-h" opt will explain the actual status. Cou= ld someone help us in the testing fase? We wait any suggestion and help. = Thanks, Mariano e Raffaele -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Una torcia . Niente batterie. Per caricarla basta AGITARE!!! Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=3D2411&d=3D24-3 --_=__=_XaM3_.1080125633.2A.383416.42.18170.52.42.007.27129 Content-Type: text/x-diff; name="=?iso-8859-1?Q?20040323.diff?=" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="=?iso-8859-1?Q?20040323.diff?=" --- ./originali/ip6_forward.c Wed Jan 14 10:43:54 2004=0A+++ ./sys/netine= t6/ip6_forward.c Tue Mar 23 15:15:52 2004=0A@@ -30,7 +30,7 @@=0A * SUCH = DAMAGE.=0A */=0A =0A-#include "opt_ip6fw.h"=0A+#include "opt_ipfw.h"=0A = #include "opt_inet.h"=0A #include "opt_inet6.h"=0A #include "opt_ipsec.h"= =0A@@ -454,6 +454,8 @@=0A type =3D ND_REDIRECT;=0A }=0A =0A+#ifdef IPF= W2 /* XXX this needs to be filled up */=0A+#else /* !IPFW2 */=0A /*=0A = * Check with the firewall...=0A */=0A@@ -467,7 +469,7 @@=0A if (!m)=0A= goto freecopy;=0A }=0A-=0A+#endif=0A /*=0A * Fake scoped addresse= s. Note that even link-local source or=0A * destinaion can appear, if t= he originating node just sends the=0A--- ./originali/ip6_input.c Wed Jan = 14 10:35:41 2004=0A+++ ./sys/netinet6/ip6_input.c Tue Mar 23 15:15:53 200= 4=0A@@ -65,7 +65,7 @@=0A * @(#)ip_input.c 8.2 (Berkeley) 1/4/94=0A */=0A= =0A-#include "opt_ip6fw.h"=0A+#include "opt_ipfw.h"=0A #include "opt_ine= t.h"=0A #include "opt_inet6.h"=0A #include "opt_ipsec.h"=0A@@ -119,7 +119= ,12 @@=0A #define IPSEC=0A #endif /* FAST_IPSEC */=0A =0A+#ifdef IPFW2=0A= +#include =0A+#include =0A+#else=0A= #include =0A+#endif=0A =0A #include =0A =0A@@ -148,9 +153,11 @@=0A =0A =0A /* firewall hooks */=0A+#ifn= def IPFW2=0A ip6_fw_chk_t *ip6_fw_chk_ptr;=0A ip6_fw_ctl_t *ip6_fw_ctl_pt= r;=0A int ip6_fw_enable =3D 1;=0A+#endif /* !IPFW2 */=0A =0A struct ip6st= at ip6stat;=0A =0A@@ -263,6 +270,53 @@=0A int nxt, ours =3D 0;=0A struc= t ifnet *deliverifp =3D NULL;=0A =0A+#ifdef IPFW2=0A+ int i, hlen;=0A+= #ifdef IPDIVERT=0A+ u_int32_t divert_info =3D 0; /* packet d= ivert/tee info */=0A+#endif=0A+ struct ip_fw_args args;=0A+ args.eh =3D N= ULL;=0A+ args.oif =3D NULL;=0A+ args.rule =3D NULL;=0A+ args.divert_rule = =3D 0; /* divert cookie */=0A+ args.next_hop =3D NULL;=0A= +=0A+ /* Grab info from MT_TAG mbufs prepended to the chain. */=0A+ for = (; m && m->m_type =3D=3D MT_TAG; m =3D m->m_next) {=0A+ switch(m->_m_tag= _id) {=0A+ default:=0A+ printf("ip6_input: unrecognised MT_TAG tag %d\= n",=0A+ m->_m_tag_id);=0A+ break;=0A+=0A+ case PACKET_TAG_DUMMYNET:= =0A+ args.rule =3D ((struct dn_pkt *)m)->rule;=0A+ break;=0A+=0A+ ca= se PACKET_TAG_DIVERT:=0A+ args.divert_rule =3D (int)m->m_hdr.mh_data & = 0xffff;=0A+ break;=0A+=0A+#if 0=0A+ /* The ipfw2 forwarding is not yet= implemented in ipv6 */=0A+ case PACKET_TAG_IPFORWARD:=0A+ args.next_= hop =3D (struct sockaddr_in *)m->m_hdr.mh_data;=0A+ break;=0A+#endif=0A= + }=0A+ }=0A+=0A+ KASSERT(m !=3D NULL && (m->m_flags & M_PKTHDR) !=3D 0,= =0A+ ("ip6_input: no HDR"));=0A+=0A+ if (args.rule) { /* dummyne= t already filtered us */=0A+ ip6 =3D mtod(m, struct ip6_hdr *);=0A+ hle= n =3D sizeof (struct ip6_hdr);=0A+ goto iphack;=0A+ }=0A+#endif /* IPFW2= */=0A+=0A #ifdef IPSEC=0A /*=0A * should the inner packet be consider= ed authentic?=0A@@ -354,6 +408,7 @@=0A goto bad;=0A }=0A =0A+iphack:=0A= /*=0A * Check if we want to allow this packet to be processed.=0A *= Consider it to be bad if not.=0A@@ -375,6 +430,50 @@=0A /*=0A * Check= with the firewall...=0A */=0A+#ifdef IPFW2=0A+ if (fw_enable && IPFW_L= OADED) {=0A+ /*=0A+ * If we've been forwarded from the output side, th= en=0A+ * skip the firewall a second time=0A+ */=0A+=0A+ if (args.nex= t_hop)=0A+ ours=3D1; /* XXX check if this is correct */=0A+=0A+ args.m= =3D m;=0A+ i =3D ip_fw_chk_ptr(&args);=0A+ m =3D args.m;=0A+=0A+ if (= (i & IP_FW_PORT_DENY_FLAG) || m =3D=3D NULL) { /* drop */=0A+ if (m)=0A= + m_freem(m);=0A+ return;=0A+ }=0A+ ip6 =3D mtod(m, struct ip6_hdr= *); /* just in case m changed */=0A+ if (i =3D=3D 0 && args.next_hop =3D= =3D NULL) /* common case */=0A+ goto pass;=0A+ if (DUMMYNET_LOADED = && (i & IP_FW_PORT_DYNT_FLAG) !=3D 0) {=0A+ /* Send packet to the appro= priate pipe */=0A+ ip_dn_io_ptr(m, i & 0xffff, DN_TO_IP6_IN, &args);=0A= + return;=0A+ }=0A+#ifdef IPDIVERT=0A+ if (i !=3D 0 && (i & IP_FW_POR= T_DYNT_FLAG) =3D=3D 0) {=0A+ /* Divert or tee packet */=0A+ divert_in= fo =3D i;=0A+ ours=3D1;=0A+ }=0A+#endif=0A+ if (i =3D=3D 0 && args.ne= xt_hop !=3D NULL)=0A+ goto pass;=0A+ /*=0A+ * if we get here, the pa= cket must be dropped=0A+ */=0A+ m_freem(m);=0A+ return;=0A+ }=0A+pass= :=0A+#else /* !IPFW2, use the old firewall */=0A if (ip6_fw_enable && ip= 6_fw_chk_ptr) {=0A u_short port =3D 0;=0A /* If ipfw says divert, we = have to just drop packet */=0A@@ -386,6 +485,7 @@=0A if (!m)=0A retu= rn;=0A }=0A+#endif /* !IPFW2 */=0A =0A /*=0A * Check against address = spoofing/corruption.=0A--- ./originali/ip6_output.c Wed Jan 14 10:35:41 2= 004=0A+++ ./sys/netinet6/ip6_output.c Tue Mar 23 15:15:52 2004=0A@@ -65,7= +65,7 @@=0A * @(#)ip_output.c 8.3 (Berkeley) 1/21/94=0A */=0A =0A-#inc= lude "opt_ip6fw.h"=0A+#include "opt_ipfw.h"=0A #include "opt_inet.h"=0A #= include "opt_inet6.h"=0A #include "opt_ipsec.h"=0A@@ -107,7 +107,13 @@=0A= #include =0A #endif /* FAST_IPSEC */=0A =0A+#ifdef IPFW2= =0A+#include =0A+#include =0A+#include= =0A+#else /* use old ip6fw */=0A #include =0A+#endif=0A =0A #include =0A =0A@@ -169,6= +175,9 @@=0A struct route_in6 *ro_pmtu =3D NULL;=0A int hdrsplit =3D 0= ;=0A int needipsec =3D 0;=0A+#ifdef IPFW2=0A+ struct ip_fw_args args;=0A= +#endif=0A #ifdef IPSEC=0A int needipsectun =3D 0;=0A struct secpolicy = *sp =3D NULL;=0A@@ -183,6 +192,66 @@=0A ip6 =3D mtod(m, struct ip6_hdr *= );=0A #endif /* FAST_IPSEC */=0A =0A+#ifdef IPFW2=0A+ args.eh =3D NULL;=0A= + args.rule =3D NULL;=0A+ args.next_hop =3D NULL;=0A+ args.divert_rule =3D= 0; /* divert cookie */=0A+=0A+ /* Grab info from MT_TA= G mbufs prepended to the chain. */=0A+ for (; m0 && m0->m_type =3D=3D MT_= TAG; m0 =3D m0->m_next) {=0A+ switch(m0->_m_tag_id) {=0A+ default:=0A+ = printf("ip6_output: unrecognised MT_TAG tag %d\n",=0A+ m0->_m_tag_id= );=0A+ break;=0A+=0A+ case PACKET_TAG_DUMMYNET:=0A+ /*=0A+ * the = packet was already tagged, so part of the=0A+ * processing was already= done, and we need to go down.=0A+ * Get parameters from the header.=0A= + */=0A+ opt =3D NULL;=0A+ ro =3D &((struct dn_pkt *)m0)->ip6opt.r= o_or;=0A+ flags =3D ((struct dn_pkt *)m0)->ip6opt.flags_or;=0A+ = im6o =3D NULL;=0A+ origifp =3D ((struct dn_pkt *)m0)->i= p6opt.origifp_or;=0A+ ifp =3D ((struct dn_pkt *)m0)->ip6opt.ifp_or; =0A= + dst =3D &((struct dn_pkt *)m0)->ip6opt.dst_or;=0A+ args.rule=3D((s= truct dn_pkt *)m0)->rule;=0A+ break;=0A+=0A+ case PACKET_TAG_DIVERT:=0A= + args.divert_rule =3D (int)m0->m_data & 0xffff;=0A+ break;=0A+=0A+#i= f 0=0A+ /* ipfw2 Forwarding is not yet supported in ipv6 */=0A+ case PA= CKET_TAG_IPFORWARD:=0A+ args.next_hop =3D (struct sockaddr_in *)m0->m_d= ata;=0A+ break;=0A+#endif=0A+ }=0A+ }=0A+ m =3D m0; =0A+=0A+ KASSERT(!= m || (m->m_flags & M_PKTHDR) !=3D 0, ("ip6_output: no HDR"));=0A+#ifndef = FAST_IPSEC=0A+ KASSERT(ro !=3D NULL, ("ip6_output: no route\n"));=0A+#end= if=0A+=0A+ if (args.rule ) { /* dummynet already saw us */=0A+ ip= 6 =3D mtod(m, struct ip6_hdr *);=0A+ hlen =3D sizeof (struct ip6_hdr) ;=0A= + if (ro->ro_rt)=0A+ ia =3D ifatoia6(ro->ro_rt->rt_ifa);=0A+ b= zero(&exthdrs, sizeof(exthdrs));=0A+ ro_pmtu =3D ro;=0A+ goto send_afte= r_dummynet;=0A+ }=0A+#endif /* IPFW2 */=0A+=0A #define MAKE_EXTHDR(hp, mp= ) \=0A do { \=0A if (hp) { \=0A@@ -455,7 +524,6 @@= =0A skip_ipsec2:;=0A #endif=0A }=0A-=0A /*=0A * If there is a routing= header, replace destination address field=0A * with the first hop of t= he routing header.=0A@@ -581,7 +649,6 @@=0A exthdrs.ip6e_ip6 =3D m;=0A = }=0A #endif /* IPSEC */=0A-=0A if (!IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst= )) {=0A /* Unicast */=0A =0A@@ -760,7 +827,6 @@=0A goto done;=0A }= =0A }=0A-=0A /*=0A * Fill the outgoing inteface to tell the upper lay= er=0A * to increment per-interface statistics.=0A@@ -768,6 +834,7 @@=0A= if (ifpp)=0A *ifpp =3D ifp;=0A =0A+send_after_dummynet:=0A /*=0A *= Determine path MTU.=0A */=0A@@ -866,10 +933,71 @@=0A in6_clearscope(&= ip6->ip6_src);=0A in6_clearscope(&ip6->ip6_dst);=0A #endif=0A-=0A /*=0A= * Check with the firewall...=0A */=0A+#ifdef IPFW2=0A+ if (fw_enable= && IPFW_LOADED && !args.next_hop) {=0A+ /* =0A+ * Check with the fire= wall IPFW2...=0A+ * but not if we are already being fwd'd from a firewa= ll.=0A+ */=0A+=0A+ struct sockaddr_in6 *old =3D dst;=0A+ args.m =3D m= ;=0A+ args.next_hop =3D (struct sockaddr_in *) dst;=0A+ args.oif =3D if= p;=0A+ off =3D ip_fw_chk_ptr(&args);=0A+ m =3D args.m;=0A+ dst =3D (st= ruct sockaddr_in6 *) args.next_hop;=0A+=0A+ /*=0A+ * On return we must= do the following:=0A+ * m =3D=3D NULL -> drop the pkt (old interfac= e, deprecated)=0A+ * (off & IP_FW_PORT_DENY_FLAG) -> drop the pkt (new = interface)=0A+ * 1<=3Doff<=3D 0xffff -> DIVERT=0A+ * (of= f & IP_FW_PORT_DYNT_FLAG) -> send to a DUMMYNET pipe=0A+ * (off & IP_FW= _PORT_TEE_FLAG) -> TEE the packet=0A+ * dst !=3D old = -> IPFIREWALL_FORWARD=0A+ * off=3D=3D0, dst=3D=3Dold -> ac= cept=0A+ * If some of the above modules are not compiled in, then=0A+ = * we should't have to check the corresponding condition=0A+ * (because= the ipfw control socket should not accept=0A+ * unsupported rules), bu= t better play safe and drop=0A+ * packets in case of doubt.=0A+ */=0A= + if ( (off & IP_FW_PORT_DENY_FLAG) || m =3D=3D NULL) {=0A+ if (m)=0A+= m_freem(m);=0A+ error =3D EACCES;=0A+ goto done;=0A+ }=0A+ ip6 = =3D mtod(m, struct ip6_hdr *); /* XXX check if necessary */=0A+ if (of= f =3D=3D 0 && dst =3D=3D old) /* common case */=0A+ goto pa= ss6;=0A+ if (DUMMYNET_LOADED && (off & IP_FW_PORT_DYNT_FLAG) !=3D 0) {=0A= + /*=0A+ * pass the pkt to dummynet. Need to include=0A+ * pipe n= umber, m, ifp, ro, dst because these are=0A+ * not recomputed in the n= ext pass.=0A+ * All other parameters have been already used and=0A+ = * so they are not needed anymore. =0A+ * XXX note: if the ifp or ro e= ntry are deleted=0A+ * while a pkt is in dummynet, we are in trouble!=0A= + */ =0A+ args.dummypar.ro_or =3D *ro;=0A+ args.dummypar.flags_or = =3D flags;=0A+ args.dummypar.ifp_or =3D ifp;=0A+ args.dummypar.origif= p_or =3D origifp;=0A+ args.dummypar.dst_or =3D *dst;=0A+ args.flags =3D= flags;=0A+ error =3D ip_dn_io_ptr(m, off & 0xffff, DN_TO_IP6_OUT,=0A+ = &args);=0A+ goto done;=0A+ }=0A+ }=0A+pass6:=0A+#else /* !IPFW2 */=0A= if (ip6_fw_enable && ip6_fw_chk_ptr) {=0A u_short port =3D 0;=0A m-= >m_pkthdr.rcvif =3D NULL; /* XXX */=0A@@ -883,7 +1011,7 @@=0A goto don= e;=0A }=0A }=0A-=0A+#endif /* !IPFW2 */=0A /*=0A * If the outgoing = packet contains a hop-by-hop options header,=0A * it must be examined a= nd processed even by the source node.=0A@@ -1115,7 +1243,6 @@=0A if (sp = !=3D NULL)=0A KEY_FREESP(&sp);=0A #endif /* FAST_IPSEC */=0A-=0A retur= n(error);=0A =0A freehdrs:=0A@@ -1548,6 +1675,7 @@=0A break;=0A #endi= f /* KAME IPSEC */=0A =0A+#ifndef IPFW2=0A case IPV6_FW_ADD:=0A cas= e IPV6_FW_DEL:=0A case IPV6_FW_FLUSH:=0A@@ -1568,7 +1696,7 @@=0A m= =3D *mp;=0A }=0A break;=0A-=0A+#endif /* !IPFW2 */=0A defa= ult:=0A error =3D ENOPROTOOPT;=0A break;=0A@@ -1708,6 +1836,7 @@=0A= }=0A #endif /* KAME IPSEC */=0A =0A+#ifndef IPFW2=0A case IPV6_F= W_GET:=0A {=0A struct mbuf *m;=0A@@ -1724,6 +1853,7 @@=0A m= _freem(m);=0A }=0A break;=0A+#endif /* !IPFW2 */=0A =0A defau= lt:=0A error =3D ENOPROTOOPT;=0A@@ -2046,8 +2176,8 @@=0A /*=0A *= If the interface is specified, validate it.=0A */=0A- if (mreq->ipv6= mr_interface < 0=0A- || if_index < mreq->ipv6mr_interface) {=0A+ if (m= req->ipv6mr_interface < 0 ||=0A+ if_index < mreq->ipv6mr_interface) = {=0A error =3D ENXIO; /* XXX EINVAL? */=0A break;=0A }=0A@@ -2097= ,7 +2227,7 @@=0A */=0A if (IN6_IS_ADDR_MC_LINKLOCAL(&mreq->ipv6mr_mu= ltiaddr)) {=0A mreq->ipv6mr_multiaddr.s6_addr16[1]=0A- =3D htons(mr= eq->ipv6mr_interface);=0A+ =3D htons(ifp->if_index);=0A }=0A /*=0A= * See if the membership already exists.=0A--- ./originali/ip_dummynet= .c Wed Jan 14 10:35:41 2004=0A+++ ./sys/netinet/ip_dummynet.c Tue Mar 23 = 15:15:53 2004=0A@@ -85,6 +85,9 @@=0A #include /* for= struct arpcom */=0A #include =0A =0A+#include /* for ip6_input, ip6_output prototypes */=0A+#include =0A+=0A /*=0A * We keep a private variable for the simulation time= , but we could=0A * probably use an existing one ("softticks" in sys/ker= n/kern_timer.c)=0A@@ -435,6 +438,16 @@=0A ip_input((struct mbuf *)pk= t) ;=0A break ;=0A =0A+ case DN_TO_IP6_IN:=0A+ ip6_input((struct= mbuf *)pkt) ; =0A+ break ;=0A+=0A+ case DN_TO_IP6_OUT:=0A+ (void= )ip6_output((struct mbuf *)pkt, NULL, NULL, 0,=0A+ NULL, NULL, NULL); =0A= + rt_unref (pkt->ip6opt.ro_or.ro_rt) ;=0A+ break ;=0A+=0A case D= N_TO_BDG_FWD :=0A if (!BDG_LOADED) {=0A /* somebody unloaded the b= ridge module. Drop pkt */=0A@@ -863,37 +876,80 @@=0A {=0A int i =3D 0= ; /* we need i and q for new allocations */=0A struct dn_flow_queue = *q, *prev;=0A+ int is_v6 =3D IS_IP6_FLOW_ID(id);=0A =0A if ( !(fs-= >flags_fs & DN_HAVE_FLOW_MASK) )=0A q =3D fs->rq[0] ;=0A else {=0A- = /* first, do the masking */=0A- id->dst_ip &=3D fs->flow_mask.dst_ip ;=0A= - id->src_ip &=3D fs->flow_mask.src_ip ;=0A+ /* first, do the masking, th= en hash */=0A id->dst_port &=3D fs->flow_mask.dst_port ;=0A id->src_por= t &=3D fs->flow_mask.src_port ;=0A id->proto &=3D fs->flow_mask.proto ;=0A= id->flags =3D 0 ; /* we don't care about this one */=0A- /* then, hash = function */=0A- i =3D ( (id->dst_ip) & 0xffff ) ^=0A- ( (id->dst_ip >= > 15) & 0xffff ) ^=0A- ( (id->src_ip << 1) & 0xffff ) ^=0A- ( (id= ->src_ip >> 16 ) & 0xffff ) ^=0A- (id->dst_port << 1) ^ (id->src_port= ) ^=0A- (id->proto );=0A+ if (is_v6) {=0A+ APPLY_MASK(&id->dst_ip= 6, &fs->flow_mask.dst_ip6);=0A+ APPLY_MASK(&id->src_ip6, &fs->flow_ma= sk.src_ip6);=0A+ id->flow_id6 &=3D fs->flow_mask.flow_id6;=0A+=0A+ = i =3D ((id->dst_ip6.__u6_addr.__u6_addr32[0]) & 0xffff)^=0A+ ((id->dst= _ip6.__u6_addr.__u6_addr32[1]) & 0xffff)^ =0A+ ((id->dst_ip6.__u6_addr._= _u6_addr32[2]) & 0xffff)^=0A+ ((id->dst_ip6.__u6_addr.__u6_addr32[3]) & = 0xffff)^=0A+=0A+ ((id->dst_ip6.__u6_addr.__u6_addr32[0] >> 15) & 0xffff)= ^=0A+ ((id->dst_ip6.__u6_addr.__u6_addr32[1] >> 15) & 0xffff)^ =0A+ ((i= d->dst_ip6.__u6_addr.__u6_addr32[2] >> 15) & 0xffff)^=0A+ ((id->dst_ip6.= __u6_addr.__u6_addr32[3] >> 15) & 0xffff)^=0A+=0A+ ((id->src_ip6.__u6_ad= dr.__u6_addr32[0] << 1) & 0xfffff)^=0A+ ((id->src_ip6.__u6_addr.__u6_add= r32[1] << 1) & 0xfffff)^ =0A+ ((id->src_ip6.__u6_addr.__u6_addr32[2] << = 1) & 0xfffff)^=0A+ ((id->src_ip6.__u6_addr.__u6_addr32[3] << 1) & 0xffff= f)^=0A+=0A+ ((id->src_ip6.__u6_addr.__u6_addr32[0] << 16) & 0xffff)^=0A+= ((id->src_ip6.__u6_addr.__u6_addr32[1] << 16) & 0xffff)^ =0A+ ((id->sr= c_ip6.__u6_addr.__u6_addr32[2] << 16) & 0xffff)^=0A+ ((id->src_ip6.__u6_= addr.__u6_addr32[3] << 16) & 0xffff)^=0A+=0A+ (id->dst_port << 1) ^ (id-= >src_port) ^=0A+ (id->proto ) ^=0A+ (id->flow_id6);=0A+ } else {=0A+ = id->dst_ip &=3D fs->flow_mask.dst_ip ;=0A+ id->src_ip &=3D fs->flow= _mask.src_ip ;=0A+=0A+ i =3D ( (id->dst_ip) & 0xffff ) ^=0A+ ( (id->= dst_ip >> 15) & 0xffff ) ^=0A+ ( (id->src_ip << 1) & 0xffff ) ^=0A+ ( (= id->src_ip >> 16 ) & 0xffff ) ^=0A+ (id->dst_port << 1) ^ (id->src_port)= ^=0A+ (id->proto );=0A+ }=0A i =3D i % fs->rq_size ;=0A /* finally, s= can the current list for a match */=0A searches++ ;=0A for (prev=3DNULL= , q =3D fs->rq[i] ; q ; ) {=0A search_steps++;=0A- if (id->dst_i= p =3D=3D q->id.dst_ip &&=0A+ if (is_v6 &&=0A+ IN6_ARE_ADDR_EQUAL= (&id->dst_ip6,&q->id.dst_ip6) &&=0A+ IN6_ARE_ADDR_EQUAL(&id->src_ip6= ,&q->id.src_ip6) &&=0A+ id->dst_port =3D=3D q->id.dst_port &&=0A+ = id->src_port =3D=3D q->id.src_port &&=0A+ id->proto =3D=3D q->id.= proto &&=0A+ id->flags =3D=3D q->id.flags &&=0A+ id->flow_id6 =3D= =3D q->id.flow_id6)=0A+ break ; /* found */=0A+=0A+ if (!is_v6 && id= ->dst_ip =3D=3D q->id.dst_ip &&=0A id->src_ip =3D=3D q->id.src_ip &= &=0A id->dst_port =3D=3D q->id.dst_port &&=0A id->src_port =3D= =3D q->id.src_port &&=0A id->proto =3D=3D q->id.proto &&=0A i= d->flags =3D=3D q->id.flags)=0A break ; /* found */=0A- else if (pi= pe_expire && q->head =3D=3D NULL && q->S =3D=3D q->F+1 ) {=0A+=0A+ /*= No match. Check if we can expire the entry */=0A+ if (pipe_expire &&= q->head =3D=3D NULL && q->S =3D=3D q->F+1 ) {=0A /* entry is idle and = not in any heap, expire it */=0A struct dn_flow_queue *old_q =3D q ;=0A= =0A@@ -917,7 +973,7 @@=0A if (q =3D=3D NULL) { /* no match, need to = allocate a new entry */=0A q =3D create_queue(fs, i);=0A if (q !=3D NUL= L)=0A- q->id =3D *id ;=0A+ q->id =3D *id ;=0A }=0A return q ;= =0A }=0A@@ -1030,7 +1086,7 @@=0A {=0A #if IPFW2=0A struct dn_flow_set= *fs;=0A- ipfw_insn *cmd =3D rule->cmd + rule->act_ofs;=0A+ ipfw_in= sn *cmd =3D ACTION_PTR(rule);=0A =0A if (cmd->opcode =3D=3D O_LOG)=0A= cmd +=3D F_LEN(cmd);=0A@@ -1099,7 +1155,7 @@=0A int s =3D splimp();= =0A int is_pipe;=0A #if IPFW2=0A- ipfw_insn *cmd =3D fwa->rule->cm= d + fwa->rule->act_ofs;=0A+ ipfw_insn *cmd =3D ACTION_PTR(fwa->rule);=0A= =0A if (cmd->opcode =3D=3D O_LOG)=0A cmd +=3D F_LEN(cmd);=0A@@ -117= 7,6 +1233,15 @@=0A =0A pkt->dn_dst =3D fwa->dst;=0A pkt->flags =3D fwa-= >flags;=0A+ } else if (dir =3D=3D DN_TO_IP6_OUT) {=0A+ pkt->ip6opt.ro_= or =3D fwa->dummypar.ro_or;=0A+ pkt->ip6opt.flags_or =3D fwa->dummypar.fl= ags_or;=0A+ pkt->ip6opt.origifp_or =3D fwa->dummypar.origifp_or;=0A+ pkt-= >ip6opt.ifp_or =3D fwa->dummypar.ifp_or;=0A+ pkt->ip6opt.dst_or =3D fwa->= dummypar.dst_or;=0A+ if (fwa->dummypar.ro_or.ro_rt)=0A+ fwa->dummypar= .ro_or.ro_rt->rt_refcnt++;=0A+ pkt->flags =3D fwa->flags;=0A }=0A = if (q->head =3D=3D NULL)=0A q->head =3D pkt;=0A@@ -1275,6 +1340,7 @@=0A= */=0A #define DN_FREE_PKT(pkt) { \=0A struct dn_pkt *n =3D pkt ; \=0A= + rt_unref ( n->ip6opt.ro_or.ro_rt ); /* XXX */ \=0A rt_unref ( n->ro.ro= _rt ) ; \=0A m_freem(n->dn_m); \=0A pkt =3D DN_NEXT(n) ; \=0A@@ -1= 937,7 +2003,7 @@=0A static void=0A ip_dn_init(void)=0A {=0A- printf("D= UMMYNET initialized (011031)\n");=0A+ printf("DUMMYNET with IPv6 initi= alized (040114)\n");=0A all_pipes =3D NULL ;=0A all_flow_sets =3D= NULL ;=0A ready_heap.size =3D ready_heap.elements =3D 0 ;=0A--- ./or= iginali/ip_dummynet.h Wed Jan 14 10:35:41 2004=0A+++ ./sys/netinet/ip_dum= mynet.h Tue Mar 23 15:15:53 2004=0A@@ -109,6 +109,7 @@=0A struct dn_h= eap_entry *p ; /* really an array of "size" entries */=0A } ;=0A =0A+#ifd= ef _KERNEL=0A /*=0A * struct dn_pkt identifies a packet in the dummynet = queue, but=0A * is also used to tag packets passed back to the various d= estinations=0A@@ -135,13 +136,17 @@=0A #define DN_TO_BDG_FWD 3=0A #define= DN_TO_ETH_DEMUX 4=0A #define DN_TO_ETH_OUT 5=0A+#define DN_TO_IP6_IN 6=0A= +#define DN_TO_IP6_OUT 7=0A =0A dn_key output_time; /* when the pkt = is due for delivery */=0A struct ifnet *ifp; /* interface, for ip_ou= tput */=0A struct sockaddr_in *dn_dst ;=0A struct route ro; /* = route, for ip_output. MUST COPY */=0A int flags ; /* flags, for ip_= output (IPv6 ?) */=0A+ struct _ip6dn_args ip6opt; /* XXX ipv6 options = */=0A };=0A+#endif /* _KERNEL */=0A =0A /*=0A * Overall structure of d= ummynet (with WF2Q+):=0A--- ./originali/ip_fw2.c Wed Jan 14 10:35:41 2004= =0A+++ ./sys/netinet/ip_fw2.c Tue Mar 23 15:15:53 2004=0A@@ -37,6 +37,7 @= @=0A #include "opt_ipdn.h"=0A #include "opt_ipdivert.h"=0A #include "opt_= inet.h"=0A+#include "opt_ipsec.h"=0A #ifndef INET=0A #error IPFIREWALL re= quires INET.=0A #endif /* INET */=0A@@ -76,6 +77,9 @@=0A #include =0A #endif=0A =0A+#include =0A+#include =0A+=0A #include /* XXX for ETHERTYPE_IP *= /=0A =0A #include /* XXX for in_cksum */=0A@@ -234,1= 4 +238,19 @@=0A ip_dn_ruledel_t *ip_dn_ruledel_ptr =3D NULL; /* hook into= dummynet */=0A =0A /*=0A- * This macro maps an ip pointer into a layer3 = header pointer of type T=0A+ * L3HDR maps an ipv4 pointer into a layer3 h= eader pointer of type T=0A+ * Other macros just cast void * into the appr= opriate type=0A */=0A #define L3HDR(T, ip) ((T *)((u_int32_t *)(ip) + (i= p)->ip_hl))=0A+#define TCP(p) ((struct tcphdr *)(p))=0A+#define UDP(p) ((= struct udphdr *)(p))=0A+#define ICMP(p) ((struct icmp *)(p))=0A+#define I= CMP6(p) ((struct icmp6_hdr *)(p))=0A =0A static __inline int=0A-icmptype_= match(struct ip *ip, ipfw_insn_u32 *cmd)=0A+icmptype_match(struct icmp *i= cmp, ipfw_insn_u32 *cmd)=0A {=0A- int type =3D L3HDR(struct icmp,ip)->icm= p_type;=0A+ int type =3D icmp->icmp_type;=0A =0A return (type <=3D ICMP_= MAXTYPE && (cmd->d[0] & (1<icmp_type;=0A+ int type =3D= icmp->icmp_type;=0A+=0A return (type <=3D ICMP_MAXTYPE && (TT & (1<th_off << 2) - sizeof(struct tcphdr);=0A =0A@@ -= 449,6 +458,83 @@=0A return 1;=0A }=0A =0A+/*=0A+ * ipv6 specific rules h= ere...=0A+ */=0A+static __inline int=0A+icmp6type_match (int type, ipfw_i= nsn_u32 *cmd)=0A+{=0A+ return (type <=3D ICMP6_MAXTYPE && (cmd->d[type/32= ] & (1<<(type%32)) ) );=0A+}=0A+=0A+static int=0A+flow6id_match( int curr= _flow, ipfw_insn_u32 *cmd )=0A+{=0A+ int i;=0A+ for (i=3D0; i <=3D cmd->o= .arg1; ++i )=0A+ if (curr_flow =3D=3D cmd->d[i] )=0A+ return 1;=0A+ re= turn 0;=0A+}=0A+=0A+/* support for IP6_*_ME opcodes */=0A+static int=0A+s= earch_ip6_addr_net (struct in6_addr * ip6_addr)=0A+{=0A+ struct ifnet *md= c;=0A+ struct ifaddr *mdc2;=0A+ struct in6_ifaddr *fdm;=0A+ struct in6_ad= dr copia;=0A+=0A+ TAILQ_FOREACH(mdc, &ifnet, if_link)=0A+ for (mdc2 =3D = mdc->if_addrlist.tqh_first; mdc2;=0A+ mdc2 =3D mdc2->ifa_list.tqe_ne= xt) {=0A+ if (!mdc2->ifa_addr)=0A+ continue;=0A+ if (mdc2->ifa_add= r->sa_family =3D=3D AF_INET6) {=0A+ fdm =3D (struct in6_ifaddr *)mdc2;= =0A+ copia =3D fdm->ia_addr.sin6_addr;=0A+ /* need for leaving scop= e_id in the sock_addr */=0A+ in6_clearscope(&copia);=0A+ if (IN6_AR= E_ADDR_EQUAL(ip6_addr, &copia))=0A+ return 1;=0A+ }=0A+ }=0A+ retu= rn 0;=0A+}=0A+=0A+static int=0A+verify_rev_path6(struct in6_addr *src, st= ruct ifnet *ifp)=0A+{=0A+ static struct route_in6 ro;=0A+ struct sockaddr= _in6 *dst;=0A+=0A+ dst =3D (struct sockaddr_in6 * )&(ro.ro_dst);=0A+=0A+ = if ( !(IN6_ARE_ADDR_EQUAL (src, &dst->sin6_addr) )) {=0A+ bzero(dst, siz= eof(*dst));=0A+ dst->sin6_family =3D AF_INET6;=0A+ dst->sin6_len =3D si= zeof(*dst);=0A+ dst->sin6_addr =3D *src;=0A+ rtalloc_ign((struct route = *)&ro, RTF_CLONING | RTF_PRCLONING);=0A+ }=0A+ if ((ro.ro_rt =3D=3D NULL)= || (ifp =3D=3D NULL) ||=0A+ (ro.ro_rt->rt_ifp->if_index !=3D ifp->if= _index))=0A+ return 0;=0A+ return 1;=0A+}=0A+static __inline int=0A+hash= _packet6(struct ipfw_flow_id *id)=0A+{=0A+ u_int32_t i;=0A+ i=3D (id->dst= _ip6.__u6_addr.__u6_addr32[0]) ^=0A+ (id->dst_ip6.__u6_addr.__u6_addr32[1= ]) ^=0A+ (id->dst_ip6.__u6_addr.__u6_addr32[2]) ^=0A+ (id->dst_ip6.__u6_a= ddr.__u6_addr32[3]) ^=0A+ (id->dst_port) ^ (id->src_port) ^ (id->flow_id6= );=0A+ return i;=0A+}=0A+/* end of ipv6 opcodes */=0A =0A static u_int64_= t norule_counter; /* counter for ipfw_log(NULL...) */=0A =0A@@ -653,7 +73= 9,9 @@=0A {=0A u_int32_t i;=0A =0A- i =3D (id->dst_ip) ^ (id->src_ip) ^ = (id->dst_port) ^ (id->src_port);=0A+ i =3D IS_IP6_FLOW_ID(id) ? hash_pack= et6(id):=0A+ (id->dst_ip) ^ (id->src_ip) ^ (id->dst_port) ^ (id->src_por= t);=0A+=0A i &=3D (curr_dyn_buckets - 1);=0A return i;=0A }=0A@@ -778,7= +866,7 @@=0A =0A if (ipfw_dyn_v =3D=3D NULL)=0A goto done; /* not fou= nd */=0A- i =3D hash_packet( pkt );=0A+ i =3D hash_packet(pkt);=0A for (= prev=3DNULL, q =3D ipfw_dyn_v[i] ; q !=3D NULL ; ) {=0A if (q->dyn_type= =3D=3D O_LIMIT_PARENT && q->count)=0A goto next;=0A@@ -788,6 +876,27 = @@=0A }=0A if (pkt->proto =3D=3D q->id.proto &&=0A q->dyn_type = !=3D O_LIMIT_PARENT) {=0A+ if (IS_IP6_FLOW_ID(pkt)) {=0A+ if (IN= 6_ARE_ADDR_EQUAL(&(pkt->src_ip6),=0A+ &(q->id.src_ip6)) &&=0A+ I= N6_ARE_ADDR_EQUAL(&(pkt->dst_ip6),=0A+ &(q->id.dst_ip6)) &&=0A+ = pkt->src_port =3D=3D q->id.src_port &&=0A+ pkt->dst_port =3D=3D q->= id.dst_port ) {=0A+ dir =3D MATCH_FORWARD;=0A+ break;=0A+ }=0A+ = if (IN6_ARE_ADDR_EQUAL(&(pkt->src_ip6),=0A+ &(q->id.dst_ip6)) &&=0A+ = IN6_ARE_ADDR_EQUAL(&(pkt->dst_ip6),=0A+ &(q->id.src_ip6)) &&=0A+= pkt->src_port =3D=3D q->id.dst_port &&=0A+ pkt->dst_port =3D= =3D q->id.src_port ) {=0A+ dir =3D MATCH_REVERSE;=0A+ break;=0A+ = }=0A+=0A+ } else {=0A if (pkt->src_ip =3D=3D q->id.src_ip &&=0A= pkt->dst_ip =3D=3D q->id.dst_ip &&=0A pkt->src_port =3D=3D= q->id.src_port &&=0A@@ -802,6 +911,7 @@=0A dir =3D MATCH_REVERSE;=0A= break;=0A }=0A+ }=0A }=0A next:=0A prev =3D q;=0A@@ -9= 78,15 +1088,25 @@=0A int i;=0A =0A if (ipfw_dyn_v) {=0A- i =3D hash_pa= cket( pkt );=0A+ int is_v6 =3D IS_IP6_FLOW_ID(pkt);=0A+ i =3D hash_pack= et(pkt);=0A for (q =3D ipfw_dyn_v[i] ; q !=3D NULL ; q=3Dq->next)=0A = if (q->dyn_type =3D=3D O_LIMIT_PARENT &&=0A rule=3D=3D q->rule &&= =0A pkt->proto =3D=3D q->id.proto &&=0A- pkt->src_ip =3D=3D = q->id.src_ip &&=0A- pkt->dst_ip =3D=3D q->id.dst_ip &&=0A pk= t->src_port =3D=3D q->id.src_port &&=0A- pkt->dst_port =3D=3D q->id= .dst_port) {=0A+ pkt->dst_port =3D=3D q->id.dst_port &&=0A+ (= =0A+ (is_v6 &&=0A+ IN6_ARE_ADDR_EQUAL(&(pkt->src_ip6),=0A+ &(q= ->id.src_ip6)) &&=0A+ IN6_ARE_ADDR_EQUAL(&(pkt->dst_ip6),=0A+ &(q= ->id.dst_ip6))) ||=0A+ (!is_v6 &&=0A+ pkt->src_ip =3D=3D q->id.src= _ip &&=0A+ pkt->dst_ip =3D=3D q->id.dst_ip)=0A+ )=0A+ ) {=0A = q->expire =3D time_second + dyn_short_lifetime;=0A DEB(printf("ip= fw: lookup_dyn_parent found 0x%p\n",q);)=0A return q;=0A@@ -1052,14 += 1172,21 @@=0A DEB(printf("ipfw: installing dyn-limit rule %d\n",=0A = cmd->conn_limit);)=0A =0A- id.dst_ip =3D id.src_ip =3D 0;=0A- id.dst= _port =3D id.src_port =3D 0;=0A+ bzero (&id, sizeof(id));=0A+=0A id.pr= oto =3D args->f_id.proto;=0A =0A- if (limit_mask & DYN_SRC_ADDR)=0A- i= d.src_ip =3D args->f_id.src_ip;=0A- if (limit_mask & DYN_DST_ADDR)=0A- = id.dst_ip =3D args->f_id.dst_ip;=0A+ if (IS_IP6_FLOW_ID (&(args->f_id))= ) {=0A+ if (limit_mask & DYN_SRC_ADDR)=0A+ id.src_ip6 =3D args->f_id= .src_ip6;=0A+ if (limit_mask & DYN_DST_ADDR)=0A+ id.dst_ip6 =3D args= ->f_id.dst_ip6;=0A+ } else {=0A+ if (limit_mask & DYN_SRC_ADDR)=0A+ = id.src_ip =3D args->f_id.src_ip;=0A+ if (limit_mask & DYN_DST_ADDR)=0A= + id.dst_ip =3D args->f_id.dst_ip;=0A+ }=0A if (limit_mask & DYN_SR= C_PORT)=0A id.src_port =3D args->f_id.src_port;=0A if (limit_mask & = DYN_DST_PORT)=0A@@ -1299,12 +1426,8 @@=0A * consumes the packet because= it calls send_reject().=0A * XXX This has to change, so that ipfw_chk(= ) never modifies=0A * or consumes the buffer.=0A- * ip is simply an al= ias of the value of m, and it is kept=0A- * in sync with it (the packet = is supposed to start with=0A- * the ip header).=0A */=0A struct mbuf = *m =3D args->m;=0A- struct ip *ip =3D mtod(m, struct ip *);=0A =0A /*=0A= * oif | args->oif If NULL, ipfw_chk has been called on the=0A@@ -1321,= 12 +1444,12 @@=0A * hlen The length of the IPv4 header.=0A * hlen >0 = means we have an IPv4 packet.=0A */=0A- u_int hlen =3D 0; /* hlen >0 m= eans we have an IP pkt */=0A+ u_int hlen =3D 0;=0A =0A /*=0A * offset = The offset of a fragment. offset !=3D 0 means that=0A- * we have a fragm= ent at this offset of an IPv4 packet.=0A- * offset =3D=3D 0 means that (= if this is an IPv4 packet)=0A+ * we have a fragmented ip packet.=0A+ * = offset =3D=3D 0 means that (if this is an IP packet)=0A * this is the f= irst or only fragment.=0A */=0A u_short offset =3D 0;=0A@@ -1350,95 +1= 473,197 @@=0A struct in_addr src_ip, dst_ip; /* NOTE: network format */= =0A u_int16_t ip_len=3D0;=0A int pktlen;=0A- int dyn_dir =3D MATCH_UNKN= OWN;=0A- ipfw_dyn_rule *q =3D NULL;=0A =0A- if (m->m_flags & M_SKIP_FIREW= ALL)=0A- return 0; /* accept */=0A /*=0A * dyn_dir =3D MATCH_UNKNOWN = when rules unchecked,=0A * MATCH_NONE when checked and not matched (q = =3D NULL),=0A * MATCH_FORWARD or MATCH_REVERSE otherwise (q !=3D NULL)=0A= */=0A-=0A- pktlen =3D m->m_pkthdr.len;=0A- if (args->eh =3D=3D NULL ||= /* layer 3 packet */=0A- ( m->m_pkthdr.len >=3D sizeof(struct ip) &&=0A= - ntohs(args->eh->ether_type) =3D=3D ETHERTYPE_IP))=0A- hlen =3D i= p->ip_hl << 2;=0A+ int dyn_dir =3D MATCH_UNKNOWN;=0A+ ipfw_dyn_rule *q =3D= NULL;=0A =0A /*=0A- * Collect parameters into local variables for fast= er matching.=0A+ * We store in ulp a pointer to the upper layer protocol= header.=0A+ * In the ipv4 case this is easy to determine from the heade= r,=0A+ * but for ipv6 we might have some additional headers in the middl= e.=0A+ * ulp is NULL if not found.=0A */=0A- if (hlen =3D=3D 0) { /* d= o not grab addresses for non-ip pkts */=0A- proto =3D args->f_id.proto =3D= 0; /* mark f_id invalid */=0A- goto after_ip_checks;=0A- }=0A+ void *ul= p =3D NULL; /* upper layer protocol pointer. */=0A+=0A+ /* XXX ipv6 vari= ables */=0A+ int is_ipv6 =3D 0;=0A+ u_int16_t ext_hd =3D 0; /* bits vec= tor for extension header filtering */=0A+ /* end of ipv6 variables */=0A+= =0A+ if (m->m_flags & M_SKIP_FIREWALL)=0A+ return 0; /* accept */=0A+ pk= tlen =3D m->m_pkthdr.len;=0A+ proto =3D args->f_id.proto =3D 0; /* mark f= _id invalid */=0A+=0A+ /* Identify ipv6 packets and fill up variables. */= =0A+ if (pktlen >=3D sizeof(struct ip6_hdr) &&=0A+ (!args->eh || ntohs(a= rgs->eh->ether_type)=3D=3DETHERTYPE_IPV6) &&=0A+ mtod(m, struct ip *)->i= p_v =3D=3D 6) {=0A+=0A+ is_ipv6 =3D 1;=0A+ args->f_id.addr_type =3D= 6;=0A+ hlen =3D sizeof(struct ip6_hdr);=0A+ proto =3D mtod(m, st= ruct ip6_hdr *)->ip6_nxt;=0A+ args->f_id.src_ip6 =3D (mtod(m, struct = ip6_hdr *))->ip6_src;=0A+ args->f_id.dst_ip6 =3D (mtod(m, struct ip6_= hdr *))->ip6_dst;=0A+ args->f_id.src_ip =3D 0;=0A+ args->f_id.dst= _ip =3D 0;=0A+ args->f_id.flow_id6 =3D ntohs(mtod(m, struct ip6_hdr *= )->ip6_flow);=0A+=0A+ /* XXX where do we find ip_len ??? how do we se= t pktlen ? */=0A+=0A+ /*=0A+ * PULLUP6(len, p, T) makes sure tha= t len + sizeof(T) is=0A+ * contiguous, then it sets p to point at th= e offset "len" in=0A+ * the mbuf. WARNING: the pointer might become = stale after=0A+ * other pullups (but we never use it this way).=0A+ = */=0A+#define PULLUP6(len, p, T) \=0A+ do { \=0A+ i= nt x =3D (len) + sizeof(T); \=0A+ if ((m)->m_len < x) { \=0A+ = args->m =3D m =3D m_pullup(m, x); \=0A+ if (m =3D=3D 0) \=0A+ = goto pullup_failed; \=0A+ } \=0A+ p =3D (mtod(m, = char *) + (len)); \=0A+ } while (0)=0A+=0A+ /* Search extension he= aders to find upper layer protocols */=0A+ while (ulp =3D=3D NULL) {=0A= + switch (proto) {=0A+ case IPPROTO_ICMPV6:=0A+ PULLUP6(hlen, ulp,= struct icmp6_hdr);=0A+ args->f_id.flags =3D ICMP6(ulp)->icmp6_type;= =0A+ break;=0A+=0A+ case IPPROTO_TCP:=0A+ PULLUP6(hlen, ulp, s= truct tcphdr);=0A+ dst_port =3D TCP(ulp)->th_dport;=0A+ src_por= t =3D TCP(ulp)->th_sport;=0A+ args->f_id.flags =3D TCP(ulp)->th_flag= s;=0A+ break;=0A =0A- proto =3D args->f_id.proto =3D ip->ip_p;=0A- s= rc_ip =3D ip->ip_src;=0A- dst_ip =3D ip->ip_dst;=0A- if (args->eh !=3D NU= LL) { /* layer 2 packets are as on the wire */=0A+ case IPPROTO_UDP:=0A+= PULLUP6(hlen, ulp, struct udphdr);=0A+ dst_port =3D UDP(ulp)->= uh_dport;=0A+ src_port =3D UDP(ulp)->uh_sport;=0A+ break;=0A+=0A= + case IPPROTO_HOPOPTS:=0A+ PULLUP6(hlen, ulp, struct ip6_hbh);=0A+= ext_hd |=3D EXT_HOPOPTS;=0A+ hlen +=3D sizeof(struct ip6_hbh);= =0A+ proto =3D ((struct ip6_hbh *)ulp)->ip6h_nxt;=0A+ ulp =3D N= ULL;=0A+ break;=0A+=0A+ case IPPROTO_ROUTING:=0A+ PULLUP6(hlen= , ulp, struct ip6_rthdr);=0A+ ext_hd |=3D EXT_ROUTING;=0A+ hlen= +=3D sizeof(struct ip6_rthdr);=0A+ proto =3D ((struct ip6_rthdr *)u= lp)->ip6r_nxt;=0A+ ulp =3D NULL;=0A+ break;=0A+=0A+ case IPPRO= TO_FRAGMENT:=0A+ PULLUP6(hlen, ulp, struct ip6_frag);=0A+ ext_h= d |=3D EXT_FRAGMENT;=0A+ hlen +=3D sizeof (struct ip6_frag);=0A+ = proto =3D ((struct ip6_frag *)ulp)->ip6f_nxt;=0A+ offset =3D 1;=0A= + ulp =3D NULL; /* XXX is it correct ? */=0A+ break;=0A+=0A+ c= ase IPPROTO_AH:=0A+ case IPPROTO_NONE:=0A+ case IPPROTO_ESP:=0A+ P= ULLUP6(hlen, ulp, struct ip6_ext);=0A+ if (proto =3D=3D IPPROTO_AH)=0A= + ext_hd |=3D EXT_AH;=0A+ else if (proto =3D=3D IPPROTO_ESP)=0A+ = ext_hd |=3D EXT_ESP;=0A+ hlen +=3D ((struct ip6_ext *)ulp)->ip6e_le= n +=0A+ sizeof (struct ip6_ext);=0A+ proto =3D ((struct ip6_e= xt *)ulp)->ip6e_nxt;=0A+ ulp =3D NULL;=0A+ break;=0A+=0A+ defa= ult:=0A+ printf("IPFW2: IPV6 - Unknown Extension Header (%d)\n",=0A+= proto);=0A+ return 0; /* deny */=0A+ break;=0A+ } /*switch= */=0A+ }=0A+=0A+ /* hlen !=3D 0 is used to detect ipv4 packets, = so clear it now */=0A+ hlen =3D 0; /* XXX why? we have args->f_id.add= r_type ... */=0A+=0A+ } else if (pktlen >=3D sizeof(struct ip) &&=0A+ (!= args->eh || ntohs(args->eh->ether_type) =3D=3D ETHERTYPE_IP) &&=0A+ mtod= (m, struct ip *)->ip_v =3D=3D 4) {=0A+ struct ip *ip =3D mtod(m, stru= ct ip *);=0A+=0A+ hlen =3D ip->ip_hl << 2;=0A+ args->f_id.addr_ty= pe =3D 4;=0A+=0A+ /*=0A+ * Collect parameters into local variabl= es for faster matching.=0A+ */=0A+=0A+ proto =3D ip->ip_p;=0A+ = src_ip =3D ip->ip_src;=0A+ dst_ip =3D ip->ip_dst;=0A+ if (args= ->eh !=3D NULL) { /* layer 2 packets are as on the wire */=0A offset =3D= ntohs(ip->ip_off) & IP_OFFMASK;=0A ip_len =3D ntohs(ip->ip_len);=0A- }= else {=0A+ } else {=0A offset =3D ip->ip_off & IP_OFFMASK;=0A ip= _len =3D ip->ip_len;=0A- }=0A- pktlen =3D ip_len < pktlen ? ip_len : pktl= en;=0A-=0A-#define PULLUP_TO(len) \=0A- do { \=0A- if ((m)->= m_len < (len)) { \=0A- args->m =3D m =3D m_pullup(m, (len)); \=0A-= if (m =3D=3D 0) \=0A- goto pullup_failed; \=0A- ip =3D= mtod(m, struct ip *); \=0A- } \=0A- } while (0)=0A+ }=0A+ = pktlen =3D ip_len < pktlen ? ip_len : pktlen;=0A =0A- if (offset =3D=3D= 0) {=0A+ if (offset =3D=3D 0) {=0A switch (proto) {=0A case IPPR= OTO_TCP:=0A- {=0A- struct tcphdr *tcp;=0A-=0A- PULLUP_TO(hlen + = sizeof(struct tcphdr));=0A- tcp =3D L3HDR(struct tcphdr, ip);=0A- dst= _port =3D tcp->th_dport;=0A- src_port =3D tcp->th_sport;=0A- args->f_= id.flags =3D tcp->th_flags;=0A- }=0A+ PULLUP6(hlen, ulp, struct tcphd= r);=0A+ dst_port =3D TCP(ulp)->th_dport;=0A+ src_port =3D TCP(ulp)->t= h_sport;=0A+ args->f_id.flags =3D TCP(ulp)->th_flags;=0A break;=0A =0A= case IPPROTO_UDP:=0A- {=0A- struct udphdr *udp;=0A-=0A- PULLU= P_TO(hlen + sizeof(struct udphdr));=0A- udp =3D L3HDR(struct udphdr, ip= );=0A- dst_port =3D udp->uh_dport;=0A- src_port =3D udp->uh_sport;=0A= - }=0A+ PULLUP6(hlen, ulp, struct udphdr);=0A+ dst_port =3D UDP(ulp= )->uh_dport;=0A+ src_port =3D UDP(ulp)->uh_sport;=0A break;=0A =0A = case IPPROTO_ICMP:=0A- PULLUP_TO(hlen + 4); /* type, code and checksum= . */=0A- args->f_id.flags =3D L3HDR(struct icmp, ip)->icmp_type;=0A+ = /* we only care for 4 bytes: type, code, checksum */=0A+ PULLUP6(hlen, = ulp, struct icmp);=0A+ args->f_id.flags =3D ICMP(ulp)->icmp_type;=0A = break;=0A =0A default:=0A break;=0A }=0A-#undef PULLUP_TO=0A- }=0A= + }=0A =0A- args->f_id.src_ip =3D ntohl(src_ip.s_addr);=0A- args->f_i= d.dst_ip =3D ntohl(dst_ip.s_addr);=0A- args->f_id.src_port =3D src_port =3D= ntohs(src_port);=0A- args->f_id.dst_port =3D dst_port =3D ntohs(dst_port= );=0A+ args->f_id.src_ip =3D ntohl(src_ip.s_addr);=0A+ args->f_id= .dst_ip =3D ntohl(dst_ip.s_addr);=0A+ }=0A+ if (proto) { /* we may have p= ort numbers, store them */=0A+ args->f_id.proto =3D proto;=0A+ ar= gs->f_id.src_port =3D src_port =3D ntohs(src_port);=0A+ args->f_id.ds= t_port =3D dst_port =3D ntohs(dst_port);=0A+ }=0A =0A-after_ip_checks:=0A= if (args->rule) {=0A /*=0A * Packet has already been tagged. Look = for the next rule=0A@@ -1531,13 +1756,11 @@=0A =0A case O_GID:=0A c= ase O_UID:=0A- /*=0A- * We only check offset =3D=3D 0 && proto !=3D= 0,=0A- * as this ensures that we have an IPv4=0A- * packet with = the ports info.=0A- */=0A- if (offset!=3D0)=0A+ if (offset !=3D= 0) /* no port info available */=0A+ break;=0A+ if (is_ipv6) /* XX= X to be fixed later */=0A break;=0A+ /* the check for proto is be= low */=0A {=0A struct inpcbinfo *pi;=0A int wildcard;=0A@@= -1623,7 +1846,7 @@=0A break;=0A =0A case O_FRAG:=0A- match =3D= (hlen > 0 && offset !=3D 0);=0A+ match =3D offset !=3D 0;=0A brea= k;=0A =0A case O_IN: /* "out" is "not in" */=0A@@ -1708,7 +1931,7 @@=0A= case O_IP_DSTPORT:=0A /*=0A * offset =3D=3D 0 && proto !=3D = 0 is enough=0A- * to guarantee that we have an IPv4=0A+ * to guar= antee that we have a=0A * packet with port info.=0A */=0A i= f ((proto=3D=3DIPPROTO_UDP || proto=3D=3DIPPROTO_TCP)=0A@@ -1728,15 +1951= ,25 @@=0A =0A case O_ICMPTYPE:=0A match =3D (offset =3D=3D 0 && pr= oto=3D=3DIPPROTO_ICMP &&=0A- icmptype_match(ip, (ipfw_insn_u32 *)c= md) );=0A+ icmptype_match(ICMP(ulp), (ipfw_insn_u32 *)cmd) );=0A+ = break;=0A+=0A+ case O_ICMP6TYPE:=0A+ match =3D is_ipv6 && offset = =3D=3D 0 &&=0A+ proto=3D=3DIPPROTO_ICMPV6 &&=0A+ icmp6type_= match(=0A+ ((struct icmp6_hdr *)ulp)->icmp6_type,=0A+ (ipfw_insn_= u32 *)cmd);=0A break;=0A =0A case O_IPOPT:=0A- match =3D (hlen = > 0 && ipopts_match(ip, cmd) );=0A+ match =3D (hlen > 0 &&=0A+ = ipopts_match(mtod(m, struct ip *), cmd) );=0A break;=0A =0A case O= _IPVER:=0A- match =3D (hlen > 0 && cmd->arg1 =3D=3D ip->ip_v);=0A+ = match =3D (hlen > 0 &&=0A+ cmd->arg1 =3D=3D mtod(m, struct ip *)->ip_= v);=0A break;=0A =0A case O_IPID:=0A@@ -1750,9 +1983,9 @@=0A = if (cmd->opcode =3D=3D O_IPLEN)=0A x =3D ip_len;=0A else = if (cmd->opcode =3D=3D O_IPTTL)=0A- x =3D ip->ip_ttl;=0A+ x =3D m= tod(m, struct ip *)->ip_ttl;=0A else /* must be IPID */=0A- x= =3D ntohs(ip->ip_id);=0A+ x =3D ntohs(mtod(m, struct ip *)->ip_id);=0A= if (cmdlen =3D=3D 1) {=0A match =3D (cmd->arg1 =3D=3D x);=0A= break;=0A@@ -1767,49 +2000,47 @@=0A =0A case O_IPPRECEDENCE:=0A = match =3D (hlen > 0 &&=0A- (cmd->arg1 =3D=3D (ip->ip_tos & 0xe= 0)) );=0A+ (cmd->arg1 =3D=3D (mtod(m, struct ip *)->ip_tos & 0xe0)= ) );=0A break;=0A =0A case O_IPTOS:=0A match =3D (hlen > 0 &&=0A= - flags_match(cmd, ip->ip_tos));=0A+ flags_match(cmd, mtod(= m, struct ip *)->ip_tos));=0A break;=0A =0A case O_TCPFLAGS:=0A- = match =3D (proto =3D=3D IPPROTO_TCP && offset =3D=3D 0 &&=0A- fl= ags_match(cmd,=0A- L3HDR(struct tcphdr,ip)->th_flags));=0A+ match = =3D proto =3D=3D IPPROTO_TCP && offset =3D=3D 0 &&=0A+ flags_match= (cmd, TCP(ulp)->th_flags);=0A break;=0A =0A case O_TCPOPTS:=0A- = match =3D (proto =3D=3D IPPROTO_TCP && offset =3D=3D 0 &&=0A- tcp= opts_match(ip, cmd));=0A+ match =3D proto =3D=3D IPPROTO_TCP && offset= =3D=3D 0 &&=0A+ tcpopts_match(TCP(ulp), cmd);=0A break;=0A =0A= case O_TCPSEQ:=0A- match =3D (proto =3D=3D IPPROTO_TCP && offset =3D= =3D 0 &&=0A+ match =3D proto =3D=3D IPPROTO_TCP && offset =3D=3D 0 &&=0A= ((ipfw_insn_u32 *)cmd)->d[0] =3D=3D=0A- L3HDR(struct tcphdr,= ip)->th_seq);=0A+ TCP(ulp)->th_seq;=0A break;=0A =0A case O_TC= PACK:=0A- match =3D (proto =3D=3D IPPROTO_TCP && offset =3D=3D 0 &&=0A= + match =3D proto =3D=3D IPPROTO_TCP && offset =3D=3D 0 &&=0A = ((ipfw_insn_u32 *)cmd)->d[0] =3D=3D=0A- L3HDR(struct tcphdr,ip)->th_a= ck);=0A+ TCP(ulp)->th_ack;=0A break;=0A =0A case O_TCPWIN:=0A-= match =3D (proto =3D=3D IPPROTO_TCP && offset =3D=3D 0 &&=0A- = cmd->arg1 =3D=3D=0A- L3HDR(struct tcphdr,ip)->th_win);=0A+ match =3D= proto =3D=3D IPPROTO_TCP && offset =3D=3D 0 &&=0A+ cmd->arg1 =3D=3D= TCP(ulp)->th_win;=0A break;=0A =0A case O_ESTAB:=0A /* reject= packets which have SYN only */=0A /* XXX should i also check for TH_= ACK ? */=0A- match =3D (proto =3D=3D IPPROTO_TCP && offset =3D=3D 0 &&= =0A- (L3HDR(struct tcphdr,ip)->th_flags &=0A- (TH_RST | TH= _ACK | TH_SYN)) !=3D TH_SYN);=0A+ match =3D proto =3D=3D IPPROTO_TCP &= & offset =3D=3D 0 &&=0A+ ( TCP(ulp)->th_flags &=0A+ (TH_RS= T | TH_ACK | TH_SYN)) !=3D TH_SYN;=0A break;=0A =0A case O_LOG:=0A= @@ -1824,8 +2055,11 @@=0A =0A case O_VERREVPATH:=0A /* Outgoing pa= ckets automatically pass/match */=0A- match =3D ((oif !=3D NULL) ||=0A= + match =3D (oif !=3D NULL) ||=0A (m->m_pkthdr.rcvif =3D=3D NU= LL) ||=0A+ (is_ipv6 ?=0A+ verify_rev_path6(&(args->f_id.src_ip= 6),=0A+ m->m_pkthdr.rcvif) :=0A verify_rev_path(src_ip, m->m= _pkthdr.rcvif));=0A break;=0A =0A@@ -1840,6 +2074,63 @@=0A /* oth= erwise no match */=0A break;=0A =0A+ case O_IP6_SRC:=0A+ =0A+ = match =3D is_ipv6 &&=0A+ IN6_ARE_ADDR_EQUAL(&args->f_id.src_ip6,=0A+ = &((ipfw_insn_ip6 *)cmd)->addr6);=0A+/* printf("Match =3D = %d - isip6 =3D %d - srcAddr =3D %d,%d,%d,%d - cmdAddr =3D %d,%d,%d,%d\n",= match, is_ipv6, args->f_id.src_ip6.s6_addr32[0], args->f_id.src_ip6.s6_a= ddr32[1], args->f_id.src_ip6.s6_addr32[2], args->f_id.src_ip6.s6_addr32[3= ], ((ipfw_insn_ip6 *)cmd->addr6).s6_addr32[0], ((ipfw_insn_ip6 *)cmd->add= r6).s6_addr32[1],((ipfw_insn_ip6 *)cmd->addr6).s6_addr32[2], ((ipfw_insn_= ip6 *)cmd->addr6).s6_addr32[3]); */=0A+ break;=0A+=0A+ case O_IP6_DS= T:=0A+ match =3D is_ipv6 &&=0A+ IN6_ARE_ADDR_EQUAL(&args->f_id.dst= _ip6,=0A+ &((ipfw_insn_ip6 *)cmd)->addr6);=0A+ break;=0A= +=0A+ case O_IP6_SRC_MASK:=0A+ if (is_ipv6) {=0A+ ipfw_insn_i= p6 *te =3D (ipfw_insn_ip6 *)cmd;=0A+ struct in6_addr p =3D args->f= _id.src_ip6;=0A+=0A+ APPLY_MASK(&p, &te->mask6);=0A+ match = =3D IN6_ARE_ADDR_EQUAL(&te->addr6, &p);=0A+ }=0A+ break;=0A+=0A+ = case O_IP6_DST_MASK:=0A+ if (is_ipv6) {=0A+ ipfw_insn_ip6 *te =3D= (ipfw_insn_ip6 *)cmd;=0A+ struct in6_addr p =3D args->f_id.dst_ip= 6;=0A+=0A+ APPLY_MASK(&p, &te->mask6);=0A+ match =3D IN6_AR= E_ADDR_EQUAL(&te->addr6, &p);=0A+ }=0A+ break;=0A+=0A+ case O_IP6= _SRC_ME:=0A+ match=3D is_ipv6 && search_ip6_addr_net(&args->f_id.src_i= p6);=0A+ break;=0A+=0A+ case O_IP6_DST_ME:=0A+ match=3D is_ipv6 &= & search_ip6_addr_net(&args->f_id.dst_ip6);=0A+ break;=0A+=0A+ case = O_FLOW6ID:=0A+ match =3D is_ipv6 &&=0A+ flow6id_match(args->f_id.f= low_id6,=0A+ (ipfw_insn_u32 *) cmd);=0A+ break;=0A+=0A+ case O_= EXT_HDR:=0A+ match =3D is_ipv6 &&=0A+ (ext_hd & ((ipfw_insn *) = cmd)->arg1);=0A+ break;=0A+=0A+ case O_IP6:=0A+ match =3D is_ipv6= ;=0A+ break;=0A+=0A /*=0A * The second set of opcodes represent= s 'actions',=0A * i.e. the terminal part of a rule once the packet=0A= @@ -1902,7 +2193,7 @@=0A if (dyn_dir =3D=3D MATCH_UNKNOWN &&=0A = (q =3D lookup_dyn_rule(&args->f_id,=0A &dyn_dir, proto =3D=3D= IPPROTO_TCP ?=0A- L3HDR(struct tcphdr, ip) : NULL))=0A+ TCP(ulp= ) : NULL))=0A !=3D NULL) {=0A /*=0A * Found dynamic entry= , update stats=0A@@ -1967,9 +2258,9 @@=0A */=0A if (hlen > 0 &&=0A= (proto !=3D IPPROTO_ICMP ||=0A- is_icmp_query(ip)) &&=0A= + is_icmp_query(ICMP(ulp))) &&=0A !(m->m_flags & (M_BCAST= |M_MCAST)) &&=0A- !IN_MULTICAST(dst_ip.s_addr)) {=0A+ !IN_M= ULTICAST(ntohl(dst_ip.s_addr))) {=0A send_reject(args, cmd->arg1,=0A= offset,ip_len);=0A m =3D args->m;=0A@@ -2414,6 +2705,10 @@= =0A case O_ESTAB:=0A case O_VERREVPATH:=0A case O_IPSEC:=0A+ case = O_IP6_SRC_ME:=0A+ case O_IP6_DST_ME:=0A+ case O_EXT_HDR:=0A+ case O_IP= 6:=0A if (cmdlen !=3D F_INSN_SIZE(ipfw_insn))=0A goto bad_size;=0A= break;=0A@@ -2527,6 +2822,29 @@=0A return EINVAL;=0A }=0A b= reak;=0A+=0A+ case O_IP6_SRC:=0A+ case O_IP6_DST:=0A+ if (cmdlen !=3D= F_INSN_SIZE(struct in6_addr) + F_INSN_SIZE(ipfw_insn))=0A+ goto bad_s= ize;=0A+ break;=0A+=0A+ case O_FLOW6ID:=0A+ if (cmdlen !=3D F_INSN_S= IZE(ipfw_insn_u32) +=0A+ ((ipfw_insn_u32 *)cmd)->o.arg1)=0A+ goto = bad_size;=0A+ break;=0A+=0A+ case O_IP6_SRC_MASK:=0A+ case O_IP6_DST_= MASK:=0A+ if ( !(cmdlen & 1) || cmdlen > 127)=0A+ goto bad_size;=0A+= break;=0A+ case O_ICMP6TYPE:=0A+ if( cmdlen !=3D F_INSN_SIZE( ipfw_= insn_icmp6 ) )=0A+ goto bad_size;=0A+ break;=0A+=0A default:=0A = printf("ipfw: opcode %d, unknown opcode\n",=0A cmd->opcode);=0A@@ -2= 796,7 +3114,7 @@=0A add_rule(&layer3_chain, &default_rule);=0A =0A ip_f= w_default_rule =3D layer3_chain;=0A- printf("ipfw2 initialized, divert %s= , "=0A+ printf("ipfw2 (+ipv6) initialized, divert %s, "=0A "rule-based = forwarding enabled, default to %s, logging ",=0A #ifdef IPDIVERT=0A "en= abled",=0A--- ./originali/ip_fw2.h Wed Jan 14 10:35:41 2004=0A+++ ./sys/n= etinet/ip_fw2.h Tue Mar 23 15:15:53 2004=0A@@ -126,10 +126,32 @@=0A */=0A= O_IPSEC, /* has ipsec history */=0A =0A+ O_IP6_SRC, /* a= ddress without mask */=0A+ O_IP6_SRC_ME, /* my addresses */=0A+= O_IP6_SRC_MASK, /* address with the mask */=0A+ O_IP6_DST= ,=0A+ O_IP6_DST_ME,=0A+ O_IP6_DST_MASK,=0A+ O_FLOW6ID, /* fo= r flow id tag in the ipv6 pkt */=0A+ O_ICMP6TYPE, /* icmp6 pac= ket type filtering */=0A+ O_EXT_HDR, /* filtering for ipv6 e= xtension header */=0A+ O_IP6,=0A+=0A O_LAST_OPCODE /* not an opcode! *= /=0A };=0A =0A /*=0A+ * The extension header are filtered only for presen= ce using a bit vector=0A+ * with a flag for each header.=0A+ */=0A+=0A+#d= efine EXT_FRAGMENT 0x1=0A+#define EXT_HOPOPTS 0x2=0A+#define EXT_ROUTING = 0x4=0A+#define EXT_AH 0x8=0A+#define EXT_ESP 0x10=0A+=0A+/*=0A * Templ= ate for instructions.=0A *=0A * ipfw_insn is used for all instructions = which require no operands,=0A@@ -265,6 +287,30 @@=0A u_int32_t log_left;= /* how many left to log */=0A } ipfw_insn_log;=0A =0A+/* Apply ipv6 mas= k on ipv6 addr */=0A+#define APPLY_MASK(addr,mask) \=0A+ (addr)->__= u6_addr.__u6_addr32[0] &=3D (mask)->__u6_addr.__u6_addr32[0]; \=0A+ (a= ddr)->__u6_addr.__u6_addr32[1] &=3D (mask)->__u6_addr.__u6_addr32[1]; \=0A= + (addr)->__u6_addr.__u6_addr32[2] &=3D (mask)->__u6_addr.__u6_addr32[= 2]; \=0A+ (addr)->__u6_addr.__u6_addr32[3] &=3D (mask)->__u6_addr.__u6= _addr32[3];=0A+=0A+/* Structure for ipv6 */=0A+typedef struct _ipfw_insn_= ip6 {=0A+ ipfw_insn o;=0A+ struct in6_addr addr6;=0A+ struct in6_addr mas= k6;=0A+} ipfw_insn_ip6;=0A+=0A+/* Used to support icmp6 types */=0A+typed= ef struct _ipfw_insn_icmp6 {=0A+ ipfw_insn o;=0A+ uint32_t d[7]; /* XXX T= his number si related to the netinet/icmp6.h=0A+ * de= fine ICMP6_MAXTYPE=0A+ * as follows: n =3D ICMP6_MAXT= YPE/32 + 1=0A+ * Actually is 203 =0A+ */=0A+= } ipfw_insn_icmp6;=0A+=0A /*=0A * Here we have the structure representin= g an ipfw rule.=0A *=0A@@ -327,8 +373,15 @@=0A u_int16_t src_port;=0A = u_int8_t proto;=0A u_int8_t flags; /* protocol-specific flags */=0A+ uin= t8_t addr_type; /* 4 =3D ipv4, 6 =3D ipv6, 1=3Dether ? */=0A+ uint8_t _= pad;=0A+ struct in6_addr dst_ip6; /* could also store MAC addr! */=0A+ st= ruct in6_addr src_ip6;=0A+ u_int32_t flow_id6;=0A };=0A =0A+#define= IS_IP6_FLOW_ID(id) ((id)->addr_type =3D=3D 6)=0A+=0A /*=0A * Dynamic ip= fw rule.=0A */=0A@@ -383,6 +436,17 @@=0A #define IP_FW_PORT_TEE_FLAG 0x2= 0000=0A #define IP_FW_PORT_DENY_FLAG 0x40000=0A =0A+/* =0A+ * Structure f= or collecting parameters to dummynet for ip6_output forwarding=0A+ */=0A+= struct _ip6dn_args {=0A+ struct route_in6 ro_or;=0A+ int flags_or;=0A+ st= ruct ifnet *origifp_or;=0A+ struct ifnet *ifp_or;=0A+ struct sockaddr_in6= dst_or;=0A+};=0A+=0A /*=0A * Arguments for calling ipfw_chk() and dummy= net_io(). We put them=0A * all into a structure because this way it is e= asier and more=0A@@ -402,6 +466,8 @@=0A struct ipfw_flow_id f_id; /* gra= bbed from IP header */=0A u_int16_t divert_rule; /* divert cookie */=0A= u_int32_t retval;=0A+=0A+ struct _ip6dn_args dummypar; /* dummynet->ip6= _output */=0A };=0A =0A /*=0A--- ./originali/ip_output.c Wed Jan 14 10:38= :41 2004=0A+++ ./sys/netinet/ip_output.c Tue Mar 23 15:15:53 2004=0A@@ -9= 96,6 +996,32 @@=0A ip->ip_sum =3D in_cksum(m, hlen);=0A }=0A }=0A= +#if 1 /* SRCSINK=0A+ * Bits 30..16 of flags are a count used to send = up to count-1=0A+ * additional copies of the packet, and then continue = inline.=0A+ */=0A+ off =3D (flags >> 16) & 0xffff; /* replica count */= =0A+ if (off > 1) {=0A+ int s, sent =3D 0;=0A+ struct mbuf *mi= ne;=0A+=0A+ for (;off > 1; off--) {=0A+ s =3D splimp();=0A+ mine= =3D m_copypacket(m, M_DONTWAIT);=0A+ splx(s);=0A+ error =3D (mine =3D= =3D NULL) ? ENOBUFS :=0A+ (*ifp->if_output)(ifp, mine,=0A+ (st= ruct sockaddr *)dst, ro->ro_rt);=0A+ if (error !=3D 0)=0A+ break;= =0A+ sent++;=0A+ }=0A+ if (!(flags & IP_FORWARDING) && ia) {=0A= + ia->ia_ifa.if_opackets +=3D sent;=0A+ ia->ia_ifa.if_obytes = +=3D sent*m->m_pkthdr.len;=0A+ }=0A+ }=0A+#endif /* SRCSINK */=0A = =0A /* Record statistics for this interface address. */=0A if (!(flag= s & IP_FORWARDING) && ia) {=0A@@ -1568,6 +1594,24 @@=0A switch (sopt->= sopt_name) {=0A =0A case IP_TOS:=0A+#if 1 /* SRCSINK=0A+ * getsockopt= (IP_TOS) with a value above 0xff is used as follows:=0A+ * + bit 23 sets= /clear behaviour as a sink (goes into bit 15=0A+ * of inp_inc.inc_pad;= =0A+ * + bits 22..8 are the replica count (bit 14-0 of inp_inc.inc_pad)=0A= + * copy back the number complemented so the caller knows this=0A+ * is= handled specially.=0A+ */=0A+ error =3D sooptcopyin(sopt, &optval,=0A= + sizeof optval, sizeof optval);=0A+ if (error)=0A+ break;= =0A+ if (optval > 0xff) {=0A+ inp->inp_inc.inc_pad =3D=0A+ = (optval >> 8) & 0xffff;=0A+ optval =3D ~optval;=0A+ } else=0A+#en= dif /* SRCSINK */=0A optval =3D inp->inp_ip_tos;=0A break;=0A =0A= --- ./originali/ipfw2.c Wed Jan 14 10:48:23 2004=0A+++ ./sbin/ipfw/ipfw2.= c Tue Mar 23 15:15:54 2004=0A@@ -53,6 +53,7 @@=0A #include =0A #include =0A #include =0A+#inclu= de =0A =0A int=0A do_resolv, /* Would try to resolve = all */=0A@@ -243,6 +244,13 @@=0A TOK_DROPTAIL,=0A TOK_PROTO,=0A TOK_WE= IGHT,=0A+=0A+ TOK_IPV6,=0A+ TOK_FLOWID,=0A+ TOK_ICMP6TYPES,=0A+ TOK_EXT6H= DR,=0A+ TOK_DSTIP6,=0A+ TOK_SRCIP6,=0A };=0A =0A struct _s_x dummynet_par= ams[] =3D {=0A@@ -265,6 +273,13 @@=0A { "delay", TOK_DELAY },=0A { "pi= pe", TOK_PIPE },=0A { "queue", TOK_QUEUE },=0A+=0A+ { "flow-id", TOK_= FLOWID},=0A+ { "dst-ipv6", TOK_DSTIP6},=0A+ { "dst-ip6", TOK_DSTIP6},=0A= + { "src-ipv6", TOK_SRCIP6},=0A+ { "src-ip6", TOK_SRCIP6},=0A+=0A { "d= ummynet-params", TOK_NULL },=0A { NULL, 0 } /* terminator */=0A };=0A@@ = -339,6 +354,16 @@=0A { "ipsec", TOK_IPSEC },=0A { "//", TOK_COMMENT = },=0A =0A+ { "icmp6type", TOK_ICMP6TYPES },=0A+ { "icmp6types", TOK_ICM= P6TYPES },=0A+ { "ext6hdr", TOK_EXT6HDR},=0A+ { "flow-id", TOK_FLOWID},= =0A+ { "ipv6", TOK_IPV6},=0A+ { "dst-ipv6", TOK_DSTIP6},=0A+ { "dst-ip6= ", TOK_DSTIP6},=0A+ { "src-ipv6", TOK_SRCIP6},=0A+ { "src-ip6", TOK_SR= CIP6},=0A+=0A { "not", TOK_NOT }, /* pseudo option */=0A { "!", /* es= cape ? */ TOK_NOT }, /* pseudo option */=0A { "or", TOK_OR }, /* pse= udo option */=0A@@ -826,6 +851,197 @@=0A }=0A }=0A =0A+/* XXX ipv6 stuff= */=0A+/* =0A+ * Print the ip address contained in a command.=0A+ */=0A+s= tatic void=0A+print_ip6(ipfw_insn_ip6 *cmd, char const *s)=0A+{=0A+ struc= t hostent *he =3D NULL;=0A+ int len =3D F_LEN((ipfw_insn *) cmd) - 1;=0A+= struct in6_addr *a =3D &(cmd->addr6);=0A+ char trad[255];=0A+=0A+ printf= ("%s%s ", cmd->o.len & F_NOT ? " not": "", s);=0A+=0A+ if (cmd->o.opcode = =3D=3D O_IP6_SRC_ME || cmd->o.opcode =3D=3D O_IP6_DST_ME) {=0A+ printf("= me6");=0A+ return;=0A+ }=0A+ if (cmd->o.opcode =3D=3D O_IP6) {=0A+ prin= tf(" ipv6");=0A+ return;=0A+ }=0A+=0A+ /*=0A+ * len =3D=3D 4 indicates = a single IP, whereas lists of 1 or more=0A+ * addr/mask pairs have len =3D= (2n+1). We convert len to n so we=0A+ * use that to count the number of= entries.=0A+ */=0A+=0A+ for (len =3D len / 4; len > 0; len -=3D 2, a +=3D= 2) {=0A+ int mb =3D /* mask length */=0A+ (cmd->o.opcode =3D= =3D O_IP6_SRC || cmd->o.opcode =3D=3D O_IP6_DST) ?=0A+ 128 : contigmask(= (uint8_t *)&(a[1]), 128);=0A+=0A+ if (mb =3D=3D 128 && do_resolv)=0A+= he =3D gethostbyaddr((char *)a, sizeof(*a), AF_INET6);=0A+ if (he != =3D NULL) /* resolved to name */=0A+ printf("%s", he->h_name);=0A+ = else if (mb =3D=3D 0) /* any */=0A+ printf("any");=0A+ else { = /* numeric IP followed by some kind of mask */=0A+ if (inet_ntop(AF_= INET6, a, trad, sizeof( trad ) ) =3D=3D NULL)=0A+ printf("Error nto= p in print_ip6\n");=0A+ printf("%s", trad );=0A+ if (mb < 0) /* XXX no= t really legal... */=0A+ printf(":%s",=0A+ inet_ntop(AF_INET6, &a[= 1], trad, sizeof(trad)));=0A+ else if (mb < 128)=0A+ printf("/%d", = mb);=0A+ }=0A+ if (len > 2)=0A+ printf(",");=0A+ }=0A+}=0A+=0A+s= tatic void=0A+fill_icmp6types(ipfw_insn_icmp6 *cmd, char *av)=0A+{=0A+ ui= nt8_t type;=0A+=0A+ cmd->d[0] =3D 0;=0A+ while (*av) {=0A+ if (*av =3D= =3D ',')=0A+ av++;=0A+ type =3D strtoul(av, &av, 0);=0A+ if (*av= !=3D ',' && *av !=3D '\0')=0A+ errx(EX_DATAERR, "invalid ICMP6 type");=0A= + if (type > ICMP6_MAXTYPE)=0A+ errx(EX_DATAERR, "ICMP6 type out of = range");=0A+ cmd->d[type / 32] |=3D ( 1 << (type % 32));=0A+ }=0A+ cm= d->o.opcode =3D O_ICMP6TYPE;=0A+ cmd->o.len |=3D F_INSN_SIZE(ipfw_insn_ic= mp6);=0A+}=0A+=0A+=0A+static void=0A+print_icmp6types(ipfw_insn_u32 *cmd)= =0A+{=0A+ int i, j;=0A+ char sep=3D ' ';=0A+=0A+ printf(" ipv6 icmp6types= ");=0A+ for (i =3D 0; i < 7; i++)=0A+ for (j=3D0; j < 32; ++j) {=0A+ i= f ( (cmd->d[i] & (1 << (j))) =3D=3D 0)=0A+ continue;=0A+ printf("%c%= d", sep, (i*32 + j));=0A+ sep =3D ',';=0A+ }=0A+}=0A+=0A+static void=0A= +print_flow6id( ipfw_insn_u32 *cmd)=0A+{=0A+ uint16_t i, limit =3D cmd->o= .arg1;=0A+ char sep =3D ',';=0A+=0A+ printf(" flow-id ");=0A+ for( i=3D0;= i < limit; ++i) {=0A+ if (i =3D=3D limit - 1)=0A+ sep =3D ' ';=0A+ p= rintf("%d%c", cmd->d[i], sep);=0A+ }=0A+}=0A+=0A+/* structure and define = for the extension header in ipv6 */=0A+static struct _s_x ext6hdrcodes[] = =3D {=0A+ { "frag", EXT_FRAGMENT },=0A+ { "hopopt", EXT_HOPOPTS },=0A+ { = "route", EXT_ROUTING },=0A+ { "ah", EXT_AH },=0A+ { "esp", EXT_ESP },=0A= + { NULL, 0 }=0A+};=0A+=0A+/* fills command for the extension header fil= tering */=0A+int=0A+fill_ext6hdr( ipfw_insn *cmd, char *av)=0A+{=0A+ int = tok;=0A+ char *s =3D av;=0A+=0A+ cmd->arg1 =3D 0;=0A+=0A+ while(s) {=0A+ = av =3D strsep( &s, ",") ;=0A+ tok =3D match_token(ext6hdrcodes, a= v);=0A+ switch (tok) {=0A+ case EXT_FRAGMENT:=0A+ cmd->arg1 |=3D= EXT_FRAGMENT;=0A+ break;=0A+=0A+ case EXT_HOPOPTS:=0A+ cmd->arg1 |= =3D EXT_HOPOPTS;=0A+ break;=0A+=0A+ case EXT_ROUTING:=0A+ cmd->arg1= |=3D EXT_ROUTING;=0A+ break;=0A+=0A+ case EXT_AH:=0A+ cmd->arg1 |=3D= EXT_AH;=0A+ break;=0A+=0A+ case EXT_ESP:=0A+ cmd->arg1 |=3D EXT_ES= P;=0A+ break;=0A+=0A+ default:=0A+ errx( EX_DATAERR, "invalid optio= n for ipv6 exten=0A+ headear" );=0A+ break;=0A+ }=0A+ }=0A+ if (cmd= ->arg1 =3D=3D 0 )=0A+ return 0;=0A+ cmd->opcode =3D O_EXT_HDR;=0A+ cm= d->len |=3D F_INSN_SIZE( ipfw_insn );=0A+ return 1;=0A+}=0A+=0A+void=0A+p= rint_ext6hdr( ipfw_insn *cmd )=0A+{=0A+ char sep =3D ' ';=0A+=0A+ printf(= " extension header:");=0A+ if (cmd->arg1 & EXT_FRAGMENT ) {=0A+ print= f("%cfragmentation", sep);=0A+ sep =3D ',';=0A+ }=0A+ if (cmd->arg1 &= EXT_HOPOPTS ) {=0A+ printf("%chop options", sep);=0A+ sep =3D ',= ';=0A+ }=0A+ if (cmd->arg1 & EXT_ROUTING ) {=0A+ printf("%crouting op= tions", sep);=0A+ sep =3D ',';=0A+ }=0A+ if (cmd->arg1 & EXT_AH ) {=0A= + printf("%cauthentication header", sep);=0A+ sep =3D ',';=0A+ }=0A= + if (cmd->arg1 & EXT_ESP ) {=0A+ printf("%cencapsulated security pay= load", sep);=0A+ }=0A+}=0A+=0A+/* XXX end of ipv6 stuff */=0A+=0A /*=0A = * show_ipfw() prints the body of an ipfw rule.=0A * Because the standard= rule has at least proto src_ip dst_ip, we use=0A@@ -844,6 +1060,7 @@=0A = #define HAVE_DSTIP 0x0004=0A #define HAVE_MAC 0x0008=0A #define HAVE_MACT= YPE 0x0010=0A+#define HAVE_PROTO6 0x0080=0A #define HAVE_OPTIONS 0x8000=0A= =0A #define HAVE_IP (HAVE_PROTO | HAVE_SRCIP | HAVE_DSTIP)=0A@@ -864,6 = +1081,8 @@=0A return;=0A }=0A if ( !(*flags & HAVE_OPTIONS)) {=0A+ i= f ( !(*flags & HAVE_PROTO) && (want & HAVE_PROTO6))=0A+ printf(" ipv6")= ;=0A if ( !(*flags & HAVE_PROTO) && (want & HAVE_PROTO))=0A printf("= ip");=0A if ( !(*flags & HAVE_SRCIP) && (want & HAVE_SRCIP))=0A@@ -109= 4,6 +1313,37 @@=0A flags |=3D HAVE_DSTIP;=0A break;=0A =0A+ case O= _IP6_SRC:=0A+ case O_IP6_SRC_MASK:=0A+ case O_IP6_SRC_ME:=0A+ show_pr= erequisites(&flags, HAVE_PROTO6, 0);=0A+ if (!(flags & HAVE_SRCIP))=0A+= printf(" from");=0A+ if ((cmd->len & F_OR) && !or_block)=0A+ pri= ntf(" {");=0A+ print_ip6((ipfw_insn_ip6 *)cmd,=0A+ (flags & HAVE_OPT= IONS) ? " src-ip6" : "");=0A+ flags |=3D HAVE_SRCIP | HAVE_PROTO;=0A+ = break;=0A+=0A+ case O_IP6_DST:=0A+ case O_IP6_DST_MASK:=0A+ case O_IP= 6_DST_ME:=0A+ show_prerequisites(&flags, HAVE_PROTO|HAVE_SRCIP, 0);=0A+= if (!(flags & HAVE_DSTIP))=0A+ printf(" to");=0A+ if ((cmd->len &= F_OR) && !or_block)=0A+ printf(" {");=0A+ print_ip6((ipfw_insn_ip6 = *)cmd,=0A+ (flags & HAVE_OPTIONS) ? " dst-ip6" : "");=0A+ flags |=3D= HAVE_DSTIP;=0A+ break;=0A+=0A+ case O_FLOW6ID:=0A+ print_flow6id( (= ipfw_insn_u32 *) cmd );=0A+ flags |=3D HAVE_OPTIONS;=0A+ break;=0A+=0A= case O_IP_DSTPORT:=0A show_prerequisites(&flags, HAVE_IP, 0);=0A = case O_IP_SRCPORT:=0A@@ -1105,14 +1355,15 @@=0A break;=0A =0A case O= _PROTO: {=0A- struct protoent *pe;=0A+ struct protoent *pe =3D NULL;=0A= =0A if ((cmd->len & F_OR) && !or_block)=0A printf(" {");=0A if= (cmd->len & F_NOT)=0A printf(" not");=0A proto =3D cmd->arg1;=0A-= pe =3D getprotobynumber(cmd->arg1);=0A+ if (proto !=3D 41) /* XXX ip= v6 is special */ =0A+ pe =3D getprotobynumber(cmd->arg1);=0A if (fl= ags & HAVE_OPTIONS)=0A printf(" proto");=0A if (pe)=0A@@ -1288,6 += 1539,18 @@=0A }=0A break;=0A =0A+ case O_IP6:=0A+ printf(= " ipv6");=0A+ break;=0A+=0A+ case O_ICMP6TYPE:=0A+ print_icmp6typ= es((ipfw_insn_u32 *)cmd);=0A+ break;=0A+=0A+ case O_EXT_HDR:=0A+ = print_ext6hdr( (ipfw_insn *) cmd );=0A+ break;=0A+=0A default:=0A = printf(" [opcode %d len %d]",=0A cmd->opcode, cmd->len);=0A@@ = -1384,42 +1647,101 @@=0A static void=0A list_queues(struct dn_flow_set *f= s, struct dn_flow_queue *q)=0A {=0A- int l;=0A+ int l, index_print =3D 0;= =0A+ char buff[255];=0A =0A- printf(" mask: 0x%02x 0x%08x/0x%04x -> 0x= %08x/0x%04x\n",=0A- fs->flow_mask.proto,=0A- fs->flow_mask.src_ip= , fs->flow_mask.src_port,=0A- fs->flow_mask.dst_ip, fs->flow_mask.dst= _port);=0A if (fs->rq_elements =3D=3D 0)=0A return;=0A =0A- printf("BK= T Prot ___Source IP/port____ "=0A- "____Dest. IP/port____ Tot_pkt/byt= es Pkt/Byte Drp\n");=0A if (do_sort !=3D 0)=0A heapsort(q, fs->rq_elem= ents, sizeof *q, sort_q);=0A- for (l =3D 0; l < fs->rq_elements; l++) {=0A= - struct in_addr ina;=0A- struct protoent *pe;=0A-=0A- ina.s_addr =3D = htonl(q[l].id.src_ip);=0A- printf("%3d ", q[l].hash_slot);=0A- pe =3D g= etprotobynumber(q[l].id.proto);=0A- if (pe)=0A- printf("%-4s ", pe->p_= name);=0A- else=0A- printf("%4u ", q[l].id.proto);=0A- printf("%15s/%= -5d ",=0A- inet_ntoa(ina), q[l].id.src_port);=0A- ina.s_addr =3D ht= onl(q[l].id.dst_ip);=0A- printf("%15s/%-5d ",=0A- inet_ntoa(ina), q= [l].id.dst_port);=0A- printf("%4qu %8qu %2u %4u %3u\n",=0A- q[l].to= t_pkts, q[l].tot_bytes,=0A- q[l].len, q[l].len_bytes, q[l].drops);=0A= - if (verbose)=0A- printf(" S %20qd F %20qd\n",=0A- q[l].S, q= [l].F);=0A- }=0A+=0A+ /*=0A+ * Do IPv4 stuff=0A+ */=0A+=0A+ for (l =3D = 0; l < fs->rq_elements; l++) =0A+ if (!IS_IP6_FLOW_ID(&(q[l].id))) {=0A+= struct in_addr ina;=0A+ struct protoent *pe;=0A+=0A+ if (!index_pr= int) {=0A+ index_print =3D 1;=0A+ printf("\n mask: 0x%02x 0x= %08x/0x%04x -> 0x%08x/0x%04x\n",=0A+ fs->flow_mask.proto,=0A+ = fs->flow_mask.src_ip, fs->flow_mask.src_port,=0A+ fs->flow_mask= .dst_ip, fs->flow_mask.dst_port);=0A+=0A+ printf(" BKT Prot ___Sour= ce IP/port____ "=0A+ "____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Dr= p\n");=0A+ }=0A+ printf(" %3d ", q[l].hash_slot);=0A+ pe =3D get= protobynumber(q[l].id.proto);=0A+ if (pe)=0A+ printf("%-4s ", pe->p_= name);=0A+ else=0A+ printf("%4u ", q[l].id.proto);=0A+ ina.s_addr = =3D htonl(q[l].id.src_ip);=0A+ printf("%15s/%-5d ",=0A+ inet_ntoa= (ina), q[l].id.src_port);=0A+ ina.s_addr =3D htonl(q[l].id.dst_ip);=0A+= printf("%15s/%-5d ",=0A+ inet_ntoa(ina), q[l].id.dst_port);=0A+ = printf("%4qu %8qu %2u %4u %3u\n",=0A+ q[l].tot_pkts, q[l].tot_by= tes,=0A+ q[l].len, q[l].len_bytes, q[l].drops);=0A+ if (verbose)= =0A+ printf(" S %20qd F %20qd\n",=0A+ q[l].S, q[l].F);=0A+ = }=0A+=0A+ /*=0A+ * Do IPv6 stuff=0A+ */=0A+=0A+ index_print =3D 0;=0A+= for (l =3D 0; l < fs->rq_elements; l++) =0A+ if (IS_IP6_FLOW_ID(&(q[l].= id))) {=0A+ struct protoent *pe;=0A+=0A+ if (!index_print) {=0A+ i= ndex_print =3D 1;=0A+ printf("\n mask: proto: 0x%02x, flow_id: = 0x%08x, ",=0A+ fs->flow_mask.proto, fs->flow_mask.flow_id6 );=0A+ = inet_ntop(AF_INET6, &(fs->flow_mask.src_ip6),=0A+ buff, sizeof(buf= f) );=0A+ printf("%s/0x%04x -> ", buff, fs->flow_mask.src_port);=0A+ = inet_ntop( AF_INET6, &(fs->flow_mask.dst_ip6),=0A+ buff, sizeof(buf= f) );=0A+ printf("%s/0x%04x\n", buff, fs->flow_mask.dst_port);=0A+=0A+= printf(" BKT ___Prot___ _flow-id_ "=0A+ "______________Source = IPv6/port_______________ "=0A+ "_______________Dest. IPv6/port_______= ________ "=0A+ "Tot_pkt/bytes Pkt/Byte Drp\n");=0A+ }=0A+ printf(= " %3d ", q[l].hash_slot);=0A+ pe =3D getprotobynumber(q[l].id.proto)= ;=0A+ if (pe)=0A+ printf("%9s ", pe->p_name);=0A+ else=0A+ prin= tf("%9u ", q[l].id.proto);=0A+ printf("%7d %39s/%-5d ", q[l].id.flow_i= d6,=0A+ inet_ntop(AF_INET6, &(q[l].id.src_ip6),=0A+ buff, sizeof(b= uff)),=0A+ q[l].id.src_port);=0A+ printf(" %39s/%-5d ",=0A+ inet_= ntop(AF_INET6, &(q[l].id.dst_ip6),=0A+ buff, sizeof(buff)),=0A+ q[= l].id.dst_port);=0A+ printf(" %4qu %8qu %2u %4u %3u\n",=0A+ q[l]= .tot_pkts, q[l].tot_bytes,=0A+ q[l].len, q[l].len_bytes, q[l].drops);=0A= + if (verbose)=0A+ printf(" S %20qd F %20qd\n",=0A+ q[l].S, q[= l].F);=0A+ }=0A+ printf("\n");=0A }=0A =0A static void=0A@@ -1802,7 +212= 4,7 @@=0A if (do_dynamic && ndyn) {=0A printf("## Dynamic rules:\n");=0A= for (lac =3D ac, lav =3D av; lac !=3D 0; lac--) {=0A- rnum =3D strto= ul(*lav++, &endptr, 10);=0A+ last =3D rnum =3D strtoul(*lav++, &endptr,= 10);=0A if (*endptr =3D=3D '-')=0A last =3D strtoul(endptr+1, &en= dptr, 10);=0A if (*endptr)=0A@@ -1854,17 +2176,22 @@=0A "ACTION: check= -state | allow | count | deny | reject | skipto N |\n"=0A " {divert|tee}= PORT | forward ADDR | pipe N | queue N\n"=0A "ADDR: [ MAC dst src ether= _type ] \n"=0A-" [ from IPADDR [ PORT ] to IPADDR [ PORTLIST ] ]\n"=0A+"= [ ip from IPADDR [ PORT ] to IPADDR [ PORTLIST ] ]\n"=0A+" [ ipv6 from= IP6ADDR [ PORT ] to IP6ADDR [ PORTLIST ] ]\n"=0A "IPADDR: [not] { any | = me | ip/bits{x,y,z} | IPLIST }\n"=0A "IPLIST: { ip | ip/bits | ip:mask }[= ,IPLIST]\n"=0A+"IP6ADDR: [not] { any | me | me6 | ip6/bits | IP6LIST }\n"= =0A+"IP6LIST: { ip6 | ip6/bits }[,IP6LIST]\n"=0A "OPTION_LIST: OPTION [OP= TION_LIST]\n"=0A-"OPTION: bridged | {dst-ip|src-ip} ADDR | {dst-port|src-= port} LIST |\n"=0A+"OPTION: bridged | {dst-ip|src-ip} IPADDR | {dst-port|= src-port} LIST |\n"=0A " estab | frag | {gid|uid} N | icmptypes LIST | in= | out | ipid LIST |\n"=0A " iplen LIST | ipoptions SPEC | ipprecedence |= ipsec | iptos SPEC |\n"=0A " ipttl LIST | ipversion VER | keep-state | l= ayer2 | limit ... |\n"=0A " mac ... | mac-type LIST | proto LIST | {recv|= xmit|via} {IF|IPADDR} |\n"=0A " setup | {tcpack|tcpseq|tcpwin} NN | tcpfl= ags SPEC | tcpoptions SPEC |\n"=0A-" verrevpath\n"=0A+" verrevpath | icmp= 6types LIST | ext6hdr LIST |\n"=0A+" {dst-ip6|src-ip6|dst-ipv6|src= -ipv6} IP6ADDR |\n"=0A+" flow-id N[,N]\n"=0A );=0A exit(0);=0A }=0A= @@ -2058,6 +2385,227 @@=0A cmd->o.len |=3D len+1;=0A }=0A =0A+/* XXX = more ipv6 stuff */=0A+/* Try to find ipv6 address by hostname */=0A+stati= c int=0A+lookup_host6 (char *host, struct in6_addr *ip6addr)=0A+{=0A+ str= uct hostent *he;=0A+=0A+ if (!inet_pton(AF_INET6, host, ip6addr)) {=0A+ = if ((he =3D gethostbyname2(host, AF_INET6)) =3D=3D NULL)=0A+ return(-1)= ;=0A+ memcpy( ip6addr, he->h_addr_list[0], sizeof( struct in6_addr));=0A= + }=0A+ return(0);=0A+}=0A+=0A+/* n2mask sets n bits of the mask */=0A+=0A= +static void=0A+n2mask(struct in6_addr *mask, int n)=0A+{=0A+ static int = minimask[9] =3D {=0A+ 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe,= 0xff=0A+ };=0A+ u_char *p;=0A+ int i;=0A+=0A+ memset(mask, 0, sizeo= f(struct in6_addr));=0A+ p =3D (u_char *) mask;=0A+ for (i =3D 0; i < 16;= i++, p++, n -=3D 8) {=0A+ if (n >=3D 8) {=0A+ *p =3D 0xff;=0A+ cont= inue;=0A+ }=0A+ *p =3D minimask[n];=0A+ break;=0A+ }=0A+ return;=0A+}=0A= + =0A+/*=0A+ * fills the addr and mask fields in the instruction as ap= propriate from av.=0A+ * Update length as appropriate.=0A+ * The followin= g formats are allowed:=0A+ * any matches any IP6. Actually return= s an empty instruction.=0A+ * me returns O_IP6_*_ME=0A+ *=0A+ * = 03f1::234:123:0342 single IP6 addres=0A+ * 03f1::2= 34:123:0342/24 address/mask=0A+ * 03f1::234:123:0342/24,03= f1::234:123:0343/ List of address=0A+ *=0A+ * Set of addres= s (as in ipv6) not supported because ipv6 address=0A+ * are typically ran= dom past the initial prefix.=0A+ * Return 1 on success, 0 on failure.=0A+= */=0A+=0A+static int=0A+fill_ip6(ipfw_insn_ip6 *cmd, char *av)=0A+{=0A+ = int len =3D 0;=0A+ struct in6_addr *d =3D &(cmd->addr6);=0A+ /* Needed fo= r multiple address.=0A+ * Note d[1] points to struct in6_add r mask6 of = cmd=0A+ */=0A+=0A+ cmd->o.len &=3D ~F_LEN_MASK; /* zero len */=0A+=0A= + if (!strncmp(av, "any", strlen(av)))=0A+ return 1;=0A+=0A+=0A+ if (!st= rncmp(av, "me", strlen(av))) { /* Set the data for "me" opt*/=0A+ cmd->o= .len |=3D F_INSN_SIZE(ipfw_insn);=0A+ return 1;=0A+ }=0A+ if (!strncmp(a= v, "me6", strlen(av))) { /* Set the data for "me" opt*/=0A+ cmd->o.len |= =3D F_INSN_SIZE(ipfw_insn);=0A+ return 1;=0A+ }=0A+=0A+ av =3D strdup(av= );=0A+ while (av) {=0A+ /*=0A+ * After the address we can have '/' ind= icating a mask,=0A+ * or ',' indicating another address follows.=0A+ = */=0A+=0A+ char *p;=0A+ int masklen;=0A+ char md =3D '\0';=0A+=0A+ if= ((p =3D strpbrk( av, "/,")) ) {=0A+ md =3D *p; /* save the separator *= /=0A+ *p =3D '\0'; /* terminate address string */=0A+ p++; /* and sk= ip past it */=0A+ }=0A+ /* now p points to NULL, mask or next entry */=0A= +=0A+ /* lookup stores address in *d as a side effect */=0A+ if (lookup= _host6(av, d) !=3D 0) {=0A+ /* failed. Free memory and go */=0A+ errx= (EX_DATAERR, "bad address \"%s\"", av);=0A+ }=0A+ /* next, look at the = mask, if any */=0A+ masklen =3D (md =3D=3D '/') ? atoi(p) : 128;=0A+ if= (masklen > 128 || masklen < 0)=0A+ errx(EX_DATAERR, "bad width \"%s\''= ", p);=0A+ else=0A+ n2mask( &d[1], masklen);=0A+=0A+ APPLY_MASK( d, &= d[1]) /* mask base address with mask */=0A+=0A+ /* find next separator *= /=0A+=0A+ if (md =3D=3D '/') { /* find separator past the mask */=0A+ = p =3D strpbrk(p, ",");=0A+ if (p)=0A+ p++;=0A+ }=0A+ av =3D p;=0A+= =0A+ /* Check this entry */=0A+ if (masklen =3D=3D 0) {=0A+ /*=0A+= * 'any' turns the entire list into a NOP.=0A+ * 'not any' ne= ver matches, so it is removed from the=0A+ * list unless it is the = only item, in which case we=0A+ * report an error.=0A+ */=0A+= if (cmd->o.len & F_NOT) { /* "not any" never matches */=0A+ if (a= v =3D=3D NULL && len =3D=3D 0) /* only this entry */=0A+ errx(EX_DATAE= RR, "not any never matches");=0A+ }=0A+ /* else do nothing and = skip this entry */=0A+ continue;=0A+ }=0A+=0A+ /*=0A+ * A single= IP can be stored alone=0A+ */=0A+ if (masklen =3D=3D 128 && av =3D=3D= NULL && len =3D=3D 0) {=0A+ len =3D F_INSN_SIZE(struct in6_addr);=0A= + break;=0A+ }=0A+=0A+ /* Update length and pointer to arguments *= /=0A+ len +=3D F_INSN_SIZE(struct in6_addr)*2;=0A+ d +=3D 2;=0A+ } /* e= nd while */=0A+=0A+ /* Total lenght of the command, remember that 1 is th= e size of the base command */=0A+ cmd->o.len |=3D len+1;=0A+ free(av);=0A= + return 1;=0A+}=0A+=0A+/*=0A+ * fills command for ipv6 flow-id filtering= =0A+ * note that the 20 bit flow number is stored in a array of u_int32_t= =0A+ * it's supported lists of flow-id, so in the o.arg1 we store how man= y=0A+ * additional flow-id we want to filter, the basic is 1=0A+ */=0A+vo= id=0A+fill_flow6( ipfw_insn_u32 *cmd, char *av )=0A+{=0A+ u_int32_t type;= /* Current flow number */=0A+ u_int16_t nflow =3D 0; /* Curre= nt flow index */=0A+ char *s =3D av;=0A+ cmd->d[0] =3D 0; /* Ini= tializing the base number*/=0A+=0A+ while (s) {=0A+ av =3D strsep( &= s, ",") ;=0A+ type =3D strtoul(av, &av, 0);=0A+ if (*av !=3D ',' && *av= !=3D '\0')=0A+ errx(EX_DATAERR, "invalid ipv6 flow number %s", av);=0A= + if (type > 0xfffff)=0A+ errx(EX_DATAERR, "flow number out of range %= s", av);=0A+ cmd->d[nflow] |=3D type;=0A+ nflow++;=0A+ }=0A+ if( nflow = > 0 ) {=0A+ cmd->o.opcode =3D O_FLOW6ID;=0A+ cmd->o.len |=3D F_INSN_SIZ= E(ipfw_insn_u32) + nflow;=0A+ cmd->o.arg1 =3D nflow;=0A+ }=0A+ else {=0A= + errx(EX_DATAERR, "invalid ipv6 flow number %s", av);=0A+ }=0A+}=0A+=0A= +static ipfw_insn *=0A+add_srcip6(ipfw_insn *cmd, char *av)=0A+{=0A+ fill= _ip6( (ipfw_insn_ip6 *) cmd, av);=0A+ if (F_LEN(cmd) =3D=3D 0) /* any */=0A= + ;=0A+ if (F_LEN(cmd) =3D=3D F_INSN_SIZE(ipfw_insn)) /* "me" */=0A+ cm= d->opcode =3D O_IP6_SRC_ME;=0A+ else if (F_LEN(cmd) =3D=3D (F_INSN_SIZE(s= truct in6_addr) + F_INSN_SIZE(ipfw_insn)))=0A+ /* single IP, no mask*/=0A= + cmd->opcode =3D O_IP6_SRC;=0A+ else /* addr/mask opt */=0A+ cmd-= >opcode =3D O_IP6_SRC_MASK;=0A+ return cmd;=0A+}=0A+=0A+static ipfw_insn = *=0A+add_dstip6(ipfw_insn *cmd, char *av)=0A+{=0A+ fill_ip6((ipfw_insn_ip= 6 *)cmd, av);=0A+ if (F_LEN(cmd) =3D=3D 0) /* any */=0A+ ;=0A+ if (F_LEN= (cmd) =3D=3D F_INSN_SIZE(ipfw_insn)) /* "me" */=0A+ cmd->opcode =3D O_IP= 6_DST_ME;=0A+ else if (F_LEN(cmd) =3D=3D (F_INSN_SIZE(struct in6_addr) + = F_INSN_SIZE(ipfw_insn)))=0A+ /* single IP, no mask*/=0A+ cmd->opcode =3D= O_IP6_DST;=0A+ else /* addr/mask opt */=0A+ cmd->opcode =3D O_IP6_= DST_MASK;=0A+ return cmd;=0A+}=0A+/* end ipv6 stuff */=0A =0A /*=0A * he= lper function to process a set of flags and set bits in the=0A@@ -2181,7 = +2729,6 @@=0A struct dn_pipe p;=0A int i;=0A char *end;=0A- uint32_t a= ;=0A void *par =3D NULL;=0A =0A memset(&p, 0, sizeof p);=0A@@ -2243,16 = +2790,15 @@=0A */=0A par =3D NULL;=0A =0A- p.fs.flow_mask.dst_ip= =3D 0;=0A- p.fs.flow_mask.src_ip =3D 0;=0A- p.fs.flow_mask.dst_port = =3D 0;=0A- p.fs.flow_mask.src_port =3D 0;=0A- p.fs.flow_mask.proto =3D= 0;=0A+ bzero(&p.fs.flow_mask, sizeof(p.fs.flow_mask));=0A end =3D N= ULL;=0A =0A while (ac >=3D 1) {=0A uint32_t *p32 =3D NULL;=0A = uint16_t *p16 =3D NULL;=0A+ uint32_t *p20 =3D NULL;=0A+ = struct in6_addr *pa6 =3D NULL;=0A+ uint32_t a; /* the mask */=0A = =0A tok =3D match_token(dummynet_params, *av);=0A ac--; av+= +;=0A@@ -2266,6 +2812,9 @@=0A p.fs.flow_mask.dst_port =3D ~0;=0A = p.fs.flow_mask.src_port =3D ~0;=0A p.fs.flow_mask.proto =3D= ~0;=0A+ n2mask( &(p.fs.flow_mask.dst_ip6), 128);=0A+ n2mas= k( &(p.fs.flow_mask.src_ip6), 128);=0A+ p.fs.flow_mask.flow_id6 =3D= ~0;=0A p.fs.flags_fs |=3D DN_HAVE_FLOW_MASK;=0A goto end= _mask;=0A =0A@@ -2277,6 +2826,18 @@=0A p32 =3D &p.fs.flow_mask.sr= c_ip;=0A break;=0A =0A+ case TOK_DSTIP6:=0A+ pa6 =3D= &(p.fs.flow_mask.dst_ip6);=0A+ break;=0A+=0A+ case TOK_SRC= IP6:=0A+ pa6 =3D &(p.fs.flow_mask.src_ip6);=0A+ break;=0A+=0A= + case TOK_FLOWID:=0A+ p20 =3D &p.fs.flow_mask.flow_id6;=0A+= break;=0A+=0A case TOK_DSTPORT:=0A p16 =3D &p.fs.f= low_mask.dst_port;=0A break;=0A@@ -2294,22 +2855,35 @@=0A = }=0A if (ac < 1)=0A errx(EX_USAGE, "mask: value missing");= =0A- if (*av[0] =3D=3D '/') {=0A+ if (*av[0] =3D=3D '/') { /*= mask len */=0A a =3D strtoul(av[0]+1, &end, 0);=0A- a =3D= (a =3D=3D 32) ? ~0 : (1 << a) - 1;=0A- } else=0A+ /* conver= t to a mask for non IPv6 */=0A+ if (pa6 =3D=3D NULL)=0A+ a= =3D (a =3D=3D 32) ? ~0 : (1 << a) - 1;=0A+ } else /* explicit mask= (non IPv6) */=0A a =3D strtoul(av[0], &end, 0);=0A if (p3= 2 !=3D NULL)=0A *p32 =3D a;=0A else if (p16 !=3D NULL) {=0A= - if (a > 65535)=0A+ if (a > 0xffff)=0A errx(EX_DA= TAERR,=0A- "mask: must be 16 bit");=0A+ "port mask must be 16 b= it");=0A *p16 =3D (uint16_t)a;=0A+ } else if (p20 !=3D NULL= ) {=0A+ if (a > 0xfffff)=0A+ errx(EX_DATAERR,=0A+ "flo= w_id mask must be 20 bit");=0A+ *p20 =3D (uint32_t)a;=0A+ } = else if (pa6 !=3D NULL) {=0A+ if (a < 0 || a > 128)=0A+ errx(E= X_DATAERR,=0A+ "in6addr invalid mask len" );=0A+ else=0A+ = n2mask(pa6, a);=0A } else {=0A- if (a > 255)=0A+ = if (a > 0xff)=0A errx(EX_DATAERR,=0A- "mask: must be 8 bit= ");=0A+ "proto mask must be 8 bit");=0A p.fs.flow_mask.proto= =3D (uint8_t)a;=0A }=0A if (a !=3D 0)=0A@@ -2629,21 +3203,= 27 @@=0A }=0A =0A static ipfw_insn *=0A-add_proto(ipfw_insn *cmd, char *a= v)=0A+add_proto(ipfw_insn *cmd, char *av, u_char *proto)=0A {=0A struct = protoent *pe;=0A- u_char proto =3D 0;=0A+ *proto =3D IPPROTO_IP;=0A= =0A if (!strncmp(av, "all", strlen(av)))=0A ; /* same as "ip" */=0A- = else if ((proto =3D atoi(av)) > 0)=0A+ else if ((*proto =3D atoi(av)) > 0= )=0A ; /* all done! */=0A else if ((pe =3D getprotobyname(av)) !=3D NU= LL)=0A- proto =3D pe->p_proto;=0A+ *proto =3D pe->p_proto;=0A+ else if(= !strncmp(av, "ipv6", strlen(av)) ||=0A+ !strncmp(av, "ip6", strle= n(av)) )=0A+ {=0A+ *proto =3D IPPROTO_IPV6;=0A+ return cmd; /* spe= cial case for ipv6 */=0A+ }=0A else=0A return NULL;=0A- if (proto !=3D= IPPROTO_IP)=0A- fill_cmd(cmd, O_PROTO, 0, proto);=0A+ if (*proto !=3D I= PPROTO_IP && *proto !=3D IPPROTO_IPV6)=0A+ fill_cmd(cmd, O_PROTO, 0, *pr= oto);=0A return cmd;=0A }=0A =0A@@ -2690,6 +3270,38 @@=0A return NULL;=0A= }=0A =0A+static ipfw_insn *=0A+add_src(ipfw_insn *cmd, char *av, u_char = proto)=0A+{=0A+ struct in6_addr a;=0A+ if( proto =3D=3D IPPROTO_IP= V6 || strcmp( av, "me6") =3D=3D 0 || inet_pton(AF_INET6, av, &a ))=0A+ = return add_srcip6(cmd, av);=0A+=0A+ if (proto =3D=3D IPPROTO_IP || strcm= p( av, "me") =3D=3D 0 || !inet_pton(AF_INET6, av, &a ) ) =0A+ return ad= d_srcip(cmd, av);=0A+=0A+ if( !strcmp( av, "any") )=0A+ return cmd; =0A= +=0A+ return NULL; /* bad address */=0A+}=0A+=0A+static ipfw_insn *=0A+a= dd_dst(ipfw_insn *cmd, char *av, u_char proto)=0A+{=0A+ struct in6_addr a= ;=0A+ if( proto =3D=3D IPPROTO_IPV6 || strcmp( av, "me6") =3D=3D = 0 || inet_pton(AF_INET6, av, &a ))=0A+ return add_dstip6(cmd, av);=0A+=0A= + if (proto =3D=3D IPPROTO_IP || strcmp( av, "me") =3D=3D 0 || !inet_pton= (AF_INET6, av, &a ) ) =0A+ return add_dstip(cmd, av);=0A+=0A+ if( !strc= mp( av, "any") )=0A+ return cmd; =0A+=0A+ return NULL; /* bad address = */=0A+}=0A+=0A /*=0A * Parse arguments and assemble the microinstruction= s which make up a rule.=0A * Rules are added into the 'rulebuf' and then= copied in the correct order=0A@@ -2713,7 +3325,7 @@=0A */=0A static u= int32_t rulebuf[255], actbuf[255], cmdbuf[255];=0A =0A- ipfw_insn *src, *= dst, *cmd, *action, *prev=3DNULL;=0A+ ipfw_insn *src, *dst, *cmd, *action= , *prev=3DNULL, *retval=3DNULL;=0A ipfw_insn *first_cmd; /* first match = pattern */=0A =0A struct ip_fw *rule;=0A@@ -2985,11 +3597,10 @@=0A O= R_START(get_proto);=0A NOT_BLOCK;=0A NEED1("missing protocol");=0A- if = (add_proto(cmd, *av)) {=0A+ if ( add_proto(cmd, *av, &proto) ) {=0A av+= +; ac--;=0A- if (F_LEN(cmd) =3D=3D 0) /* plain IP */=0A- proto =3D 0;=0A= - else {=0A+ if (F_LEN(cmd) !=3D 0) /* plain IP */=0A+ {=0A proto =3D= cmd->arg1;=0A prev =3D cmd;=0A cmd =3D next_cmd(cmd);=0A@@ -3000,7= +3611,7 @@=0A goto read_options;=0A OR_BLOCK(get_proto);=0A =0A- /= *=0A+ /*=0A * "from", mandatory=0A */=0A if (!ac || strncmp(*= av, "from", strlen(*av)))=0A@@ -3013,13 +3624,17 @@=0A OR_START(sourc= e_ip);=0A NOT_BLOCK; /* optional "not" */=0A NEED1("missing source addr= ess");=0A- if (add_srcip(cmd, *av)) {=0A+ retval =3D add_src( cmd, *av, p= roto );=0A+ =0A+ if( retval ){=0A ac--; av++;=0A if (F_LEN(cmd) !=3D= 0) { /* ! any */=0A prev =3D cmd;=0A cmd =3D next_cmd(cmd);=0A }= =0A- }=0A+ } else =0A+ errx(EX_USAGE, "bad source address %s", *av);=0A+= =0A OR_BLOCK(source_ip);=0A =0A /*=0A@@ -3048,13 +3663,17 @= @=0A OR_START(dest_ip);=0A NOT_BLOCK; /* optional "not" */=0A NEED1= ("missing dst address");=0A- if (add_dstip(cmd, *av)) {=0A+ retval =3D NU= LL;=0A+ retval =3D add_dst(cmd, *av, proto);=0A+=0A+ if( retval ){=0A a= c--; av++;=0A if (F_LEN(cmd) !=3D 0) { /* ! any */=0A prev =3D cmd;=0A= cmd =3D next_cmd(cmd);=0A }=0A- }=0A+ } else=0A+ errx( EX_USAGE, "= bad destination address %s", *av);=0A OR_BLOCK(dest_ip);=0A =0A /*=0A= @@ -3160,6 +3779,12 @@=0A av++; ac--;=0A break;=0A =0A+ case TOK_I= CMP6TYPES:=0A+ NEED1("icmptypes requires list of types");=0A+ fill_ic= mp6types((ipfw_insn_icmp6 *)cmd, *av);=0A+ av++; ac--;=0A+ break;=0A+= =0A case TOK_IPTTL:=0A NEED1("ipttl requires TTL");=0A if (strpbr= k(*av, "-,")) {=0A@@ -3336,8 +3961,9 @@=0A =0A case TOK_PROTO:=0A NE= ED1("missing protocol");=0A- if (add_proto(cmd, *av)) {=0A- proto =3D= cmd->arg1;=0A+ if ( add_proto(cmd, *av, &proto)) {=0A+ if ( proto =3D= =3D IPPROTO_IPV6 )=0A+ fill_cmd(cmd, O_IP6, 0, 0); =0A = ac--; av++;=0A } else=0A errx(EX_DATAERR, "invalid protocol ``%s''= ",=0A@@ -3358,6 +3984,20 @@=0A }=0A break;=0A =0A+ case TOK_SRCIP6= :=0A+ NEED1("missing source IP6");=0A+ if (add_srcip6(cmd, *av)) {=0A= + ac--; av++;=0A+ }=0A+ break;=0A+=0A+ case TOK_DSTIP6:=0A+ NEE= D1("missing destination IP6");=0A+ if (add_dstip6(cmd, *av)) {=0A+ a= c--; av++;=0A+ }=0A+ break;=0A+=0A case TOK_SRCPORT:=0A NEED1("m= issing source port");=0A if (!strncmp(*av, "any", strlen(*av)) ||=0A@@= -3404,6 +4044,23 @@=0A fill_comment(cmd, ac, av);=0A av +=3D ac;=0A= ac =3D 0;=0A+ break;=0A+=0A+ case TOK_IPV6:=0A+ fill_cmd(cmd, O_= IP6, 0, 0);=0A+ ac--; av++;=0A+ break;=0A+ =0A+ case TOK_EXT6HDR:=0A= + fill_ext6hdr( cmd, *av );=0A+ ac--; av++;=0A+ break;=0A+=0A+ cas= e TOK_FLOWID:=0A+ if (proto !=3D IPPROTO_IPV6 ) =0A+ errx( EX_USAGE,= "flow-id filter is active only for ipv6 protocol\n");=0A+ fill_flow6( = (ipfw_insn_u32 *) cmd, *av );=0A+ ac--;av++;=0A break;=0A =0A = default:=0A--- ./originali/raw_ip.c Wed Jan 14 10:41:40 2004=0A+++ ./sys= /netinet/raw_ip.c Tue Mar 23 15:15:54 2004=0A@@ -35,6 +35,7 @@=0A */=0A = =0A #include "opt_inet6.h"=0A+#include "opt_ipfw.h"=0A #include "opt_ipse= c.h"=0A #include "opt_random_ip_id.h"=0A =0A--- ./originali/udp_usrreq.c = Wed Jan 14 10:42:52 2004=0A+++ ./sys/netinet/udp_usrreq.c Tue Mar 23 15:1= 5:54 2004=0A@@ -393,6 +393,13 @@=0A goto bad;=0A #endif /*FAST_IPSEC*/=0A= =0A+#if 1 /* SRCSINK=0A+ * If bit 15 if inp_inc.inc_pad is set, behave = as a sink=0A+ * and discard packet.=0A+ */=0A+ if (inp->inp_inc.inc_pad= & 0x8000)=0A+ goto bad; /* not really bad, just discard it */=0A+#endif= /* SRCSINK */=0A /*=0A * Construct sockaddr format source address.=0A= * Stuff source address and datagram in user buffer.=0A@@ -765,6 +772,1= 3 @@=0A ((struct ip *)ui)->ip_tos =3D inp->inp_ip_tos; /* XXX */=0A udp= stat.udps_opackets++;=0A =0A+#if 1 /* SRCSINK=0A+ * If bits 0-14 of inp_= inc.inc_pad are set, use that as=0A+ * a replica count and pass them in = the upper 16 bits of ipflags.=0A+ */=0A+ if (inp->inp_inc.inc_pad & 0x7f= ff)=0A+ ipflags |=3D (inp->inp_inc.inc_pad & 0x7fff) << 16;=0A+#endif /*= SRCSINK */=0A error =3D ip_output(m, inp->inp_options, &inp->inp_route,= ipflags,=0A inp->inp_moptions, inp);=0A =0A --_=__=_XaM3_.1080125633.2A.383416.42.18170.52.42.007.27129-- From owner-freebsd-net@FreeBSD.ORG Wed Mar 24 06:14:05 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C5A3316A4CE; Wed, 24 Mar 2004 06:14:05 -0800 (PST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8C51E43D2D; Wed, 24 Mar 2004 06:14:05 -0800 (PST) (envelope-from max@love2party.net) Received: from [212.227.126.206] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1B698u-0003B5-00; Wed, 24 Mar 2004 15:14:04 +0100 Received: from [217.83.7.252] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1B698t-0002Ag-00; Wed, 24 Mar 2004 15:14:03 +0100 From: Max Laier To: freebsd-net@freebsd.org Date: Wed, 24 Mar 2004 15:14:44 +0100 User-Agent: KMail/1.6.1 References: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_VfZYAydPbCc6V6/"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200403241514.45104.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:e28873fbe4dbe612ce62ab869898ff08 cc: freebsd-ipfw cc: Mariano Subject: Re: Request for testing ipfw2/dummynet under ipv6 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2004 14:14:06 -0000 --Boundary-02=_VfZYAydPbCc6V6/ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 24 March 2004 11:53, Mariano wrote: > Hi, > I've develped with my friend Raffaele De Lorenzo a working version of > ipfw2/dummynet with the support of IPv6 protocol, this is an upgrade of t= he > previous version posted on > http://docs.freebsd.org/cgi/getmsg.cgi?fetch=3D44395+0+archive/2004/freeb= sd-i >pfw/20040118.freebsd-ipfw by my supervisor Luigi Rizzo in 14 Jan. > > THIS IS STILL AN EVALUATION CODE, DO NOT USE AS REGULAR > > We have solved the bugs of the previous code and this seems to work, the > semantic of the userland interface is still under development. The "-h" o= pt > will explain the actual status. > > Could someone help us in the testing fase? We wait any suggestion and hel= p. Do you plan to provided that patch for -current also? Please do so and get = rid=20 of the MT_TAGs which are gone in -current since a couple of weeks. Thanks. =2D-=20 Best regards, | mlaier@freebsd.org Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet --Boundary-02=_VfZYAydPbCc6V6/ Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAYZfVXyyEoT62BG0RAnkKAJ4nIF0i1NVWU0apOGbmsv0QocrmSgCdGpHV bvgH8crtAmb0Hyk7YIHRYuE= =z8Xr -----END PGP SIGNATURE----- --Boundary-02=_VfZYAydPbCc6V6/-- From owner-freebsd-net@FreeBSD.ORG Wed Mar 24 06:32:56 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB8E816A4CE; Wed, 24 Mar 2004 06:32:56 -0800 (PST) Received: from cow.home.mshindo.net (usen-221x245x168x210.ap-US01.usen.ad.jp [221.245.168.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E8CE43D3F; Wed, 24 Mar 2004 06:32:56 -0800 (PST) (envelope-from mshindo@mshindo.net) Received: from localhost (usen-221x245x168x211.ap-US01.usen.ad.jp [221.245.168.211]) by cow.home.mshindo.net (8.12.6/8.12.6) with ESMTP id i2OEZ2dN009245; Wed, 24 Mar 2004 23:35:03 +0900 (JST) (envelope-from mshindo@mshindo.net) Date: Wed, 24 Mar 2004 23:32:27 +0900 (JST) Message-Id: <20040324.233227.125900342.mshindo@mshindo.net> To: ken@kdm.org From: Motonori Shindo In-Reply-To: <20040324055204.GB57761@panzer.kdm.org> References: <406108F7.3030704@comcast.net> <20040324.143622.59463083.mshindo@mshindo.net> <20040324055204.GB57761@panzer.kdm.org> X-Mailer: Mew version 4.0.64 on Emacs 21.2 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: sam@errno.com cc: garycor@comcast.net cc: freebsd-mobile@freebsd.org cc: freebsd-net@freebsd.org Subject: Re: WEP problems with ndis and ath drivers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2004 14:32:57 -0000 Kenneth, Well, this is a bit off topic of this mailing list but let me continue:-) From: "Kenneth D. Merry" Subject: Re: WEP problems with ndis and ath drivers Date: Tue, 23 Mar 2004 22:52:04 -0700 > > Shared-key authentication is in fact a worse option than open > > authentication. Basic idea how shared-key authentication works is as > > follows: (snip) > > Considering all this, Access Point should always reject shared-key > > authentication even if Station requests it. > > Yikes!! > > That is bad. So what's the point of WEP then? I knew it was insecure, but > that is pretty lame. Is there any other authentication scheme for WEP that > won't reveal the key to a malicious 3rd party? A couple of clarifications I'd like to make: 1) Shared-key Authentication is broken not bcause WEP is insecure. It is broken by design. Any stream cipher with this type of authentication scheme will exhibit the same problem. 2) Shared-key Authentication doesn't reveal the WEP key. What it reveals is the "key stream" that is generated out of RC4. As for authentication scheme, 802.1x with EAP/TLS is considered to be reasonably secure. > I suppose, at least with my router, the best thing to do would be to use > WEP for data transmission and control access via MAC address. The next > step would probably be to put a firewall on the inside of the router and > only allow through traffic that is encrypted with IPSec... WEP is also broken and MAC address spoofing is quite easy. If your router supports neither 802.1x nor WPA, use WEP wisely:-) For example, change the key as frequently as you can, use the longest key length possible, and stay away from automatic key generation from pass phrase, etc. From owner-freebsd-net@FreeBSD.ORG Wed Mar 24 08:01:45 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BAC3C16A4CE for ; Wed, 24 Mar 2004 08:01:45 -0800 (PST) Received: from ganymede.hub.org (u46n208.hfx.eastlink.ca [24.222.46.208]) by mx1.FreeBSD.org (Postfix) with ESMTP id 67CBF43D55 for ; Wed, 24 Mar 2004 08:01:43 -0800 (PST) (envelope-from scrappy@hub.org) Received: by ganymede.hub.org (Postfix, from userid 1000) id 0D0733ADCB; Wed, 24 Mar 2004 12:01:39 -0400 (AST) Received: from localhost (localhost [127.0.0.1]) by ganymede.hub.org (Postfix) with ESMTP id 0C43A3ADCA for ; Wed, 24 Mar 2004 12:01:39 -0400 (AST) Date: Wed, 24 Mar 2004 12:01:39 -0400 (AST) From: "Marc G. Fournier" To: freebsd-net@freebsd.org Message-ID: <20040324120016.Q3456@ganymede.hub.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Simple question, what is an inOctet ... ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2004 16:01:45 -0000 Just setup net-snmp, and zabbix to monitor it ... what exactly is an Octet? 1 byte? ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664 From owner-freebsd-net@FreeBSD.ORG Wed Mar 24 08:09:49 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 07DB416A4CE for ; Wed, 24 Mar 2004 08:09:49 -0800 (PST) Received: from diaspar.rdsnet.ro (diaspar.rdsnet.ro [213.157.165.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3BF7D43D5A for ; Wed, 24 Mar 2004 08:09:48 -0800 (PST) (envelope-from dudu@diaspar.rdsnet.ro) Received: (qmail 98566 invoked by uid 89); 24 Mar 2004 16:09:31 -0000 Received: from unknown (HELO diaspar.rdsnet.ro) (213.157.165.224) by 0 with AES256-SHA encrypted SMTP; 24 Mar 2004 16:09:31 -0000 Date: Wed, 24 Mar 2004 18:09:29 +0200 From: Vlad GALU To: freebsd-net@freebsd.org Message-Id: <20040324180929.505b39a5.dudu@diaspar.rdsnet.ro> In-Reply-To: <20040324120016.Q3456@ganymede.hub.org> References: <20040324120016.Q3456@ganymede.hub.org> Organization: Romania Data Systems X-Mailer: Sylpheed version 0.9.10 (GTK+ 1.2.10; i386-portbld-freebsd4.9) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="Signature=_Wed__24_Mar_2004_18_09_29_+0200_r/KmgJhocbFsLnmP" Subject: Re: Simple question, what is an inOctet ... ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2004 16:09:49 -0000 --Signature=_Wed__24_Mar_2004_18_09_29_+0200_r/KmgJhocbFsLnmP Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit "Marc G. Fournier" writes: | |Just setup net-snmp, and zabbix to monitor it ... what exactly is an |Octet? 1 byte? | Yep. Octet means a tuplet of eight elements. | |---- |Marc G. Fournier Hub.Org Networking Services |(http://www.hub.org) Email: scrappy@hub.org Yahoo!: yscrappy | ICQ: 7615664 |_______________________________________________ |freebsd-net@freebsd.org mailing list |http://lists.freebsd.org/mailman/listinfo/freebsd-net |To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" ---- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it. --Signature=_Wed__24_Mar_2004_18_09_29_+0200_r/KmgJhocbFsLnmP Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAYbK7P5WtpVOrzpcRAnxxAJ9w7kOHa9SfxvbSdv6+Ho5WGVwlQwCffeG+ TVKS1kHxZ3vzXx5L33vfOAc= =vYHM -----END PGP SIGNATURE----- --Signature=_Wed__24_Mar_2004_18_09_29_+0200_r/KmgJhocbFsLnmP-- From owner-freebsd-net@FreeBSD.ORG Wed Mar 24 08:18:30 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 82CA416A4CE for ; Wed, 24 Mar 2004 08:18:30 -0800 (PST) Received: from mailhost.stack.nl (vaak.stack.nl [131.155.140.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5527A43D2D for ; Wed, 24 Mar 2004 08:18:30 -0800 (PST) (envelope-from marcolz@stack.nl) Received: from hammer.stack.nl (hammer.stack.nl [2001:610:1108:5010::153]) by mailhost.stack.nl (Postfix) with ESMTP id 4061B4D5#6EEDB1F00B; Wed, 24 Mar 2004 17:18:29 +0100 (CET) Received: by hammer.stack.nl (Postfix, from userid 333) id D8BCF627F; Wed, 24 Mar 2004 17:18:34 +0100 (CET) Date: Wed, 24 Mar 2004 17:18:34 +0100 From: Marc Olzheim To: "Marc G. Fournier" Message-ID: <20040324161834.GA68806@stack.nl> References: <20040324120016.Q3456@ganymede.hub.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040324120016.Q3456@ganymede.hub.org> X-Operating-System: FreeBSD hammer.stack.nl 5.2-CURRENT FreeBSD 5.2-CURRENT X-URL: http://www.stack.nl/~marcolz/ User-Agent: Mutt/1.5.6i cc: freebsd-net@freebsd.org Subject: Re: Simple question, what is an inOctet ... ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2004 16:18:30 -0000 On Wed, Mar 24, 2004 at 12:01:39PM -0400, Marc G. Fournier wrote: > Just setup net-snmp, and zabbix to monitor it ... what exactly is an > Octet? 1 byte? Jup, one byte, usually from the cable, into the port. Marc From owner-freebsd-net@FreeBSD.ORG Wed Mar 24 08:36:41 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F226916A4CE for ; Wed, 24 Mar 2004 08:36:40 -0800 (PST) Received: from mailhost.stack.nl (vaak.stack.nl [131.155.140.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id BFBFB43D41 for ; Wed, 24 Mar 2004 08:36:40 -0800 (PST) (envelope-from marcolz@stack.nl) Received: from hammer.stack.nl (hammer.stack.nl [2001:610:1108:5010::153]) by mailhost.stack.nl (Postfix) with ESMTP id 4061B918#0CDCC1F00D; Wed, 24 Mar 2004 17:36:40 +0100 (CET) Received: by hammer.stack.nl (Postfix, from userid 333) id 767A9627F; Wed, 24 Mar 2004 17:36:45 +0100 (CET) Date: Wed, 24 Mar 2004 17:36:45 +0100 From: Marc Olzheim To: "Marc G. Fournier" Message-ID: <20040324163645.GA68880@stack.nl> References: <20040324120016.Q3456@ganymede.hub.org> <20040324161834.GA68806@stack.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040324161834.GA68806@stack.nl> X-Operating-System: FreeBSD hammer.stack.nl 5.2-CURRENT FreeBSD 5.2-CURRENT X-URL: http://www.stack.nl/~marcolz/ User-Agent: Mutt/1.5.6i cc: freebsd-net@freebsd.org Subject: Re: Simple question, what is an inOctet ... ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2004 16:36:41 -0000 On Wed, Mar 24, 2004 at 05:18:34PM +0100, Marc Olzheim wrote: > > Just setup net-snmp, and zabbix to monitor it ... what exactly is an > > Octet? 1 byte? > > Jup, one byte, usually from the cable, into the port. Arg, I read 'inOctet' instead of 'an Octet'. Nevermind the direction then. :-P Marc From owner-freebsd-net@FreeBSD.ORG Wed Mar 24 09:58:16 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4942616A4CF for ; Wed, 24 Mar 2004 09:58:16 -0800 (PST) Received: from mailhost.stack.nl (vaak.stack.nl [131.155.140.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id E9E5A43D2D for ; Wed, 24 Mar 2004 09:58:15 -0800 (PST) (envelope-from dean@dragon.stack.nl) Received: from dragon.stack.nl (dragon.stack.nl [2001:610:1108:5011:207:e9ff:fe09:230]) by mailhost.stack.nl (Postfix) with ESMTP id 4061CC37#0CE9A1F00A; Wed, 24 Mar 2004 18:58:15 +0100 (CET) Received: by dragon.stack.nl (Postfix, from userid 1600) id 070245F287; Wed, 24 Mar 2004 18:58:15 +0100 (CET) Date: Wed, 24 Mar 2004 18:58:14 +0100 From: Dean Strik To: Marc Olzheim Message-ID: <20040324175814.GP38695@dragon.stack.nl> References: <20040324120016.Q3456@ganymede.hub.org> <20040324161834.GA68806@stack.nl> <20040324163645.GA68880@stack.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040324163645.GA68880@stack.nl> X-Editor: VIM Rulez! http://www.vim.org/ X-MUD: Outerspace - telnet://mud.stack.nl:3333 X-Really: Yes User-Agent: Mutt/1.5.6i cc: freebsd-net@freebsd.org Subject: Re: Simple question, what is an inOctet ... ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2004 17:58:16 -0000 Marc Olzheim wrote: > On Wed, Mar 24, 2004 at 05:18:34PM +0100, Marc Olzheim wrote: > > > Just setup net-snmp, and zabbix to monitor it ... what exactly is an > > > Octet? 1 byte? > > > > Jup, one byte, usually from the cable, into the port. > > Arg, I read 'inOctet' instead of 'an Octet'. Nevermind the direction > then. :-P Well, it shows you read the mail subject :) -- Dean C. Strik Eindhoven University of Technology dean@stack.nl | dean@ipnet6.org | http://www.ipnet6.org/ "This isn't right. This isn't even wrong." -- Wolfgang Pauli From owner-freebsd-net@FreeBSD.ORG Wed Mar 24 11:59:40 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2163216A4CE for ; Wed, 24 Mar 2004 11:59:40 -0800 (PST) Received: from samodelkin.net (samodelkin.net [81.176.202.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 424FB43D46 for ; Wed, 24 Mar 2004 11:59:39 -0800 (PST) (envelope-from fjoe@samodelkin.net) Received: from samodelkin.net (localhost [127.0.0.1]) by samodelkin.net (8.12.10/8.12.10) with ESMTP id i2OJxZae076324 for ; Thu, 25 Mar 2004 01:59:35 +0600 (NOVT) (envelope-from fjoe@samodelkin.net) Received: (from fjoe@localhost) by samodelkin.net (8.12.10/8.12.10/Submit) id i2OJxZCI076323 for freebsd-net@freebsd.org; Thu, 25 Mar 2004 01:59:35 +0600 (NOVT) (envelope-from fjoe) Date: Thu, 25 Mar 2004 01:59:34 +0600 From: Max Khon To: freebsd-net@freebsd.org Message-ID: <20040324195934.GA76265@samodelkin.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2i Subject: race condition in ipfw restart (please review the fix) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2004 19:59:40 -0000 Hello! ipfw restart has race condition: there is "sleep 2" statement after killall natd but if natd will not die in 2 seconds ipfw can't start nat daemon (natd: Unable to bind divert socket.: Address already in use). I would like to commit the fix for it. Diff and /etc/rc.d/natd script attached. /fjoe #!/bin/sh # # $FreeBSD$ # # PROVIDE: natd # KEYWORD: FreeBSD nostart nojail . /etc/rc.subr . /etc/network.subr name="natd" rcvar=`set_rcvar` command="/sbin/${name}" start_cmd="natd_start" natd_start() { dhcp_list="`list_net_interfaces dhcp`" for ifn in ${dhcp_list}; do case ${natd_interface} in ${ifn}) natd_flags="$natd_flags -dynamic" ;; *) ;; esac done if [ -n "${natd_interface}" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then natd_flags="$natd_flags -a ${natd_interface}" else natd_flags="$natd_flags -n ${natd_interface}" fi fi echo -n ' natd' ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} } load_rc_config $name run_rc_command "$1" Index: ipfw =================================================================== RCS file: /home/ncvs/src/etc/rc.d/ipfw,v retrieving revision 1.6 diff -u -p -r1.6 ipfw --- ipfw 8 Mar 2004 12:25:05 -0000 1.6 +++ ipfw 14 Mar 2004 20:24:37 -0000 @@ -37,31 +37,7 @@ ipfw_start() if [ -r "${firewall_script}" ]; then . "${firewall_script}" echo -n 'Firewall rules loaded, starting divert daemons:' - - # Network Address Translation daemon - # - if checkyesno natd_enable; then - dhcp_list="`list_net_interfaces dhcp`" - for ifn in ${dhcp_list}; do - case ${natd_interface} in - ${ifn}) - natd_flags="$natd_flags -dynamic" - ;; - *) - ;; - esac - done - if [ -n "${natd_interface}" ]; then - if echo ${natd_interface} | \ - grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then - natd_flags="$natd_flags -a ${natd_interface}" - else - natd_flags="$natd_flags -n ${natd_interface}" - fi - fi - echo -n ' natd' - ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} - fi + /etc/rc.d/natd start elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then echo 'Warning: kernel has firewall functionality, but' \ ' firewall rules are not enabled.' @@ -86,8 +62,7 @@ ipfw_stop() # Disable the firewall # ${SYSCTL_W} net.inet.ip.fw.enable=0 - killall natd; - sleep 2; + /etc/rc.d/natd stop } load_rc_config $name ----- End forwarded message ----- From owner-freebsd-net@FreeBSD.ORG Wed Mar 24 13:07:35 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 08F4816A4CE for ; Wed, 24 Mar 2004 13:07:35 -0800 (PST) Received: from web60507.mail.yahoo.com (web60507.mail.yahoo.com [216.109.116.128]) by mx1.FreeBSD.org (Postfix) with SMTP id 8DDDB43D39 for ; Wed, 24 Mar 2004 13:07:34 -0800 (PST) (envelope-from viril29@yahoo.com) Message-ID: <20040324202621.72891.qmail@web60507.mail.yahoo.com> Received: from [69.6.161.81] by web60507.mail.yahoo.com via HTTP; Wed, 24 Mar 2004 12:26:21 PST Date: Wed, 24 Mar 2004 12:26:21 -0800 (PST) From: Jamel Brown To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Setting up NIS X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2004 21:07:35 -0000 freebsd1.compulinux.org 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 root@freebsd-stable.sentex.ca:/usr/obj/usr/src/sys/GENERIC i386 freebsd2.compulinux.org 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 root@freebsd-stable.sentex.ca:/usr/obj/usr/src/sys/GENERIC i386 freebsd3.compulinux.org 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 root@freebsd-stable.sentex.ca:/usr/obj/usr/src/sys/GENERIC i386 FreeBSD freebsd4.compulinux.org 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 root@freebsd-stable.sentex.ca:/usr/obj/usr/src/sys/GENERIC i386 I'm having several problems setting up nis on my system I have 4 computers that I am trying to setup nis on. The roles I would like my computers to play are as follows Freebsd1 Server, Freebsd2 Slave, Freebsd3 Client, and Freebsd4 Client. I have been trying to set up NIS according to what the FreeBSD hand book says several times but all with no luck. Ok here's is another thing I’m new to FreeBSD so I don’t know how to use vi and vipw very well so I always use Pico or edit instead please let me know if I am causing the problem by not using these programs. Also if you notice I have missed anything please let me know. I am not going to explain freebsd4 because freebsd3 is the same as it. Everything I typed in is after a fresh install of FreeBSD this is no other programs running except what is listed in /etc/rc.conf Also Please Type in the exact command needed to fix my problem if at all possible as I have stated before I am new to FreeBSD so please assume I don’t know. This is my output of /etc/rc.conf on Freebsd1 freebsd1# cat /etc/rc.conf kern_securelevel_enable="NO" nfs_reserved_port_only="YES" sendmail_enable="YES" sshd_enable="YES" usbd_enable="YES" moused_port="/dev/psm0" moused_type="auto" moused_enable="YES" named_enable="YES" ifconfig_rl0="inet 192.168.123.1 netmask 255.255.255.0" ipv6_enable="YES" defaultrouter="192.168.123.254" hostname="freebsd1.compulinux.org" nisdomainname="compulinux.org" nis_server_enable="YES" nis_yppasswdd_enable="YES" This is /etc/rc.conf on freebsd2 freebsd2# cat /etc/rc.conf kern_securelevel_enable="NO" nfs_client_enable="YES" nfs_reserved_port_only="YES" sendmail_enable="YES" sshd_enable="YES" usbd_enable="YES" ifconfig_rl0="inet 192.168.123.2 netmask 255.255.255.0" moused_port="/dev/psm0" moused_type="auto" moused_enable="YES" ipv6_enable="YES" defaultrouter="192.168.123.254" hostname="freebsd2.compulinux.org" named_enable="YES" nisdomainname="compulinux.org" nis_yppasswdd_enable="YES" nis_server_enable="YES" This is /etc/rc.conf on Freebsd3 freebsd3# cat /etc/rc.conf kern_securelevel_enable="NO" moused_enable="YES" moused_port="/dev/psm0" moused_type="auto" nfs_reserved_port_only="YES" nfs_server_enable="YES" mountd_flags="-r" sendmail_enable="YES" sshd_enable="YES" usbd_enable="YES" ifconfig_rl0="inet 192.168.123.3 netmask 255.255.255.0" ipv6_enable="YES" defaultrouter="192.168.123.254" hostname="freebsd3.compulinux.org" nis_client_enable="YES" nisdomainname="compulinux.org" This is my /etc/master.passwd on freebsd3 freebsd3# cat /etc/master.passwd # $FreeBSD: src/etc/master.passwd,v 1.25.2.6 2002/06/30 17:57:17 des Exp $ # root:$1$9S9qmgEH$RNedtYvD6KwWd.R09ku2.0:0:0::0:0:Charlie &:/root:/bin/csh toor:*:0:0::0:0:Bourne-again Superuser:/root: daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin operator:*:2:5::0:0:System &:/:/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source:/:/sbin/nologin tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/sbin/nologin smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/sbin/nologin mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/sbin/nologin bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin +::::::::: This is /etc/group on Freebsd3 freebsd3# cat /etc/group # $FreeBSD: src/etc/group,v 1.19.2.3 2002/06/30 17:57:17 des Exp $ # wheel:*:0:root daemon:*:1:daemon kmem:*:2:root sys:*:3:root tty:*:4:root operator:*:5:root mail:*:6: bin:*:7: news:*:8: man:*:9: games:*:13: staff:*:20:root sshd:*:22: smmsp:*:25: mailnull:*:26: guest:*:31:root bind:*:53: uucp:*:66: xten:*:67:xten dialer:*:68: network:*:69: www:*:80: nogroup:*:65533: nobody:*:65534: +:*:: The handbook then tells you to type a couple simple things into the server 1. nisdomainname="compulinux.org" 2. nis_server_enable="YES" 3. nis_yppasswdd_enable="YES" after doing that Instead of running /etc/netstart I just reboot then run the following commands # cp /etc/master.passwd /var/yp/master.passwd # cd /var/yp # edit master.passwd Removing all sytem account # chmod 600 master.passwd freebsd1# ypinit -m compulinux.org Server Type: MASTER Domain: compulinux.org Creating an YP server will require that you answer a few questions. Questions will all be asked at the beginning of the procedure. Do you want this procedure to quit on non-fatal errors? [y/n: n] Ok, please remember to go back and redo manually whatever fails. If you don't, something might not work. At this point, we have to construct a list of this domains YP servers. freebsd1.compulinux.org is already known as master server. Please continue to add any slave servers, one per line. When you are done with the list, type a . master server : freebsd1.compulinux.org next host to add: freebsd2.compulinux.org next host to add: ^D The current list of NIS servers looks like this: freebsd1.compulinux.org freebsd2.compulinux.org Is this correct? [y/n: y] y Building /var/yp/compulinux.org/ypservers... Running /var/yp/Makefile... NIS Map update started on Sun Mar 21 06:04:03 CST 2004 for domain compulinux.org Updating hosts.byname... Creating new /var/yp/passwd file from /var/yp/master.passwd... Updating netid.byname... Updating hosts.byaddr... yp_mkdb: no key -- check source file for blank lines Updating networks.byaddr... yp_mkdb: no key -- check source file for blank lines yp_mkdb: no key -- check source file for blank lines Updating networks.byname... yp_mkdb: no key -- check source file for blank lines yp_mkdb: no key -- check source file for blank lines Updating protocols.bynumber... Updating protocols.byname... Updating rpc.byname... Updating rpc.bynumber... Updating services.byname... yp_mkdb: duplicate key 'compressnet/tcp' - skipping yp_mkdb: duplicate key 'compressnet/udp' - skipping yp_mkdb: duplicate key 'mit-ml-dev/tcp' - skipping yp_mkdb: duplicate key 'mit-ml-dev/udp' - skipping yp_mkdb: duplicate key 'rap/tcp' - skipping yp_mkdb: duplicate key 'rap/udp' - skipping yp_mkdb: duplicate key '351/tcp' - skipping yp_mkdb: duplicate key '351/udp' - skipping yp_mkdb: duplicate key '352/tcp' - skipping yp_mkdb: duplicate key '352/udp' - skipping yp_mkdb: duplicate key '666/tcp' - skipping yp_mkdb: duplicate key '666/udp' - skipping yp_mkdb: duplicate key '751/tcp' - skipping yp_mkdb: duplicate key '751/udp' - skipping yp_mkdb: duplicate key '754/tcp' - skipping yp_mkdb: duplicate key '760/tcp' - skipping yp_mkdb: duplicate key '761/tcp' - skipping yp_mkdb: duplicate key '999/tcp' - skipping yp_mkdb: duplicate key '999/udp' - skipping yp_mkdb: duplicate key 'cadlock/tcp' - skipping yp_mkdb: duplicate key 'csdmbase/tcp' - skipping yp_mkdb: duplicate key 'csdmbase/udp' - skipping yp_mkdb: duplicate key 'csdm/tcp' - skipping yp_mkdb: duplicate key 'csdm/udp' - skipping yp_mkdb: duplicate key '1525/tcp' - skipping yp_mkdb: duplicate key '1525/udp' - skipping yp_mkdb: duplicate key '1529/tcp' - skipping yp_mkdb: duplicate key '1701/tcp' - skipping yp_mkdb: duplicate key '1701/udp' - skipping yp_mkdb: duplicate key '1989/tcp' - skipping yp_mkdb: duplicate key '1989/udp' - skipping yp_mkdb: duplicate key '1992/tcp' - skipping yp_mkdb: duplicate key '1992/udp' - skipping yp_mkdb: duplicate key '3455/udp' - skipping yp_mkdb: duplicate key '4444/tcp' - skipping yp_mkdb: duplicate key '4444/udp' - skipping yp_mkdb: duplicate key '7010/tcp' - skipping yp_mkdb: duplicate key '7010/udp' - skipping yp_mkdb: duplicate key '22273/tcp' - skipping yp_mkdb: duplicate key '22289/tcp' - skipping yp_mkdb: duplicate key '22321/tcp' - skipping yp_mkdb: duplicate key '22305/tcp' - skipping Updating group.byname... Updating group.bygid... Updating passwd.byname... Updating passwd.byuid... Updating master.passwd.byname... Updating master.passwd.byuid... NIS Map update completed. freebsd1.compulinux.org has been setup as an YP master server without any errors I then edit /var/vp/Makefile and make NOPUSH = TRUE to #NOPUSH = TRUE after that i normally reboot just to make sure all changes have taken place. I then add users to the system by typing # freebsd1# adduser Use option ``-silent'' if you don't want to see all warnings and questions. Check /etc/shells Check /etc/master.passwd Check /etc/group User ``+'' has gid but a group with this gid does not exist. Usernames must match regular expression: [^[a-z0-9_][a-z0-9_-]*$]: Enter your default shell: bash csh date no sh tcsh [bash]: Your default shell is: bash -> /usr/local/bin/bash Enter your default HOME partition: [/home]: Copy dotfiles from: /usr/share/skel no [/usr/share/skel]: Send message from file: /etc/adduser.message no [/etc/adduser.message]: Use passwords (y/n) [y]: Ok, let's go. Don't worry about mistakes. I will give you the chance later to correct any input. Enter username [^[a-z0-9_][a-z0-9_-]*$]: nutso Enter full name []: Enter shell bash csh date no sh tcsh [bash]: Enter home directory (full path) [/home/nutso]: Uid [1001]: Enter login class: default []: Login group nutso [nutso]: Login group is ``nutso''. Invite nutso into other groups: guest no [no]: wheel Enter password []: Enter password again []: Name: nutso Password: **** Fullname: nutso Uid: 1001 Gid: 1001 (nutso) Class: Groups: nutso wheel HOME: /home/nutso Shell: /usr/local/bin/bash OK? (y/n) [y]: Added user ``nutso'' Send message to ``nutso'' and: no root second_mail_address [no]: nutso, your account ``nutso'' was created. Have fun! See also chpass(1), finger(1), passwd(1) Add anything to default message (y/n) [n]: Send message (y/n) [y]: Copy files from /usr/share/skel to /home/nutso Add another user? (y/n) [y]: Enter username [^[a-z0-9_][a-z0-9_-]*$]: viril29 Enter full name []: Enter shell bash csh date no sh tcsh [bash]: Enter home directory (full path) [/home/viril29]: Uid [1004]: Enter login class: default []: Login group viril29 [viril29]: Login group is ``viril29''. Invite viril29 into other groups: guest no wheel [wheel]: Enter password []: Enter password again []: Name: viril29 Password: **** Fullname: viril29 Uid: 1004 Due to the system not coping these two user to /var/yp/master.passwd i manually copy then into /var/yp/master.passwd Please let me know how to fix that. after editing the /var/yp/passwd file i will type in. #make NIS Map update started on Sun Mar 21 06:35:31 CST 2004 for domain compulinux.org Updating group.byname... yppush: transfer of map group.byname to server freebsd1.compulinux.org failed yppush: status returned by ypxfr: Master's version not newer Pushed group.byname map. Updating group.bygid... yppush: transfer of map group.bygid to server freebsd1.compulinux.org failed yppush: status returned by ypxfr: Master's version not newer Pushed group.bygid map. Creating new /var/yp/passwd file from /var/yp/master.passwd... Updating netid.byname... yppush: transfer of map netid.byname to server freebsd1.compulinux.org failed yppush: status returned by ypxfr: Master's version not newer Pushed netid.byname map. Updating passwd.byname... yppush: transfer of map passwd.byname to server freebsd1.compulinux.org failed yppush: status returned by ypxfr: Master's version not newer Pushed passwd.byname map. Updating passwd.byuid... yppush: transfer of map passwd.byuid to server freebsd1.compulinux.org failed yppush: status returned by ypxfr: Master's version not newer Pushed passwd.byuid map. Updating master.passwd.byname... yppush: transfer of map master.passwd.byname to server freebsd1.compulinux.org failed yppush: status returned by ypxfr: Master's version not newer Pushed master.passwd.byname map. Updating master.passwd.byuid... yppush: transfer of map master.passwd.byuid to server freebsd1.compulinux.org failed yppush: status returned by ypxfr: Master's version not newer Pushed master.passwd.byuid map. NIS Map update completed. I then goto the Slave server I edit /etc/rc.conf place the following in it. 1. nisdomainname="compulinux.org" 2. nis_server_enable="YES" 3. nis_yppasswdd_enable="YES" I then type in freebsd2# ypinit -s freebsd1 compulinux.org Server Type: SLAVE Domain: compulinux.org Master: freebsd1 Creating an YP server will require that you answer a few questions. Questions will all be asked at the beginning of the procedure. Do you want this procedure to quit on non-fatal errors? [y/n: n] Ok, please remember to go back and redo manually whatever fails. If you don't, something might not work. There will be no further questions. The remainder of the procedure should take a few minutes, to copy the databases from freebsd1. Transfering master.passwd.byuid... ypxfr: Exiting: Map successfully transferred Transfering passwd.byuid... ypxfr: Exiting: Map successfully transferred Transfering passwd.byname... ypxfr: Exiting: Map successfully transferred Transfering group.bygid... ypxfr: Exiting: Map successfully transferred Transfering group.byname... ypxfr: Exiting: Map successfully transferred Transfering services.byname... ypxfr: Exiting: Map successfully transferred Transfering rpc.bynumber... ypxfr: Exiting: Map successfully transferred Transfering rpc.byname... ypxfr: Exiting: Map successfully transferred Transfering protocols.byname... ypxfr: Exiting: Map successfully transferred Transfering master.passwd.byname... ypxfr: Exiting: Map successfully transferred Transfering networks.byname... ypxfr: Exiting: Map successfully transferred Transfering protocols.bynumber... ypxfr: Exiting: Map successfully transferred Transfering hosts.byaddr... ypxfr: Exiting: Map successfully transferred Transfering netid.byname... ypxfr: Exiting: Map successfully transferred Transfering hosts.byname... ypxfr: Exiting: Map successfully transferred Transfering networks.byaddr... ypxfr: Exiting: Map successfully transferred Transfering ypservers... ypxfr: Exiting: Map successfully transferred freebsd2.compulinux.org has been setup as an YP slave server without any errors. Don't forget to update map ypservers on freebsd1. I then edit /etc/contab and put the following in it. 20 * * * * root /usr/libexec/ypxfr passwd.byname 21 * * * * root /usr/libexec/ypxfr passwd.byuid Then I reboot that system then goto freebsd3 I edit /etc/rc.conf placing 1. nisdomainname="compulinux.org" 2. nis_client_enable="YES" I edit /etc/master.passwd placing +::::::::: at the end of the file I edit /etc/group placing +:*:: at the end of the file I then reboot that then run the commands freebsd3# ypcat passwd nutso:*:1001:1001:nutso:/home/nutso:/usr/local/bin/bash viril29:*:1004:1004:viril29:/home/viril29:/usr/local/bin/bash freebsd3# su nutso su: unknown login: nutso freebsd3# su viril29 su: unknown login: viril29 Please let me know what i am doing wrong. Thank You Jamel A. Brown I e-mail the above to questions@freebsd.org which they replied by telling me to due the following I added portmap_enable="YES" to /etc/rc.conf on all hosts freebsd1# rpcinfo usage: rpcinfo [-n portnum] -u host prognum [versnum] rpcinfo [-n portnum] -t host prognum [versnum] rpcinfo -p [host] rpcinfo -b prognum versnum rpcinfo -d prognum versnum freebsd1# rpcinfo -p freebsd1 program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100004 1 udp 1021 ypserv 100004 2 udp 1021 ypserv 100004 1 tcp 1023 ypserv 100004 2 tcp 1023 ypserv 100009 1 udp 1011 yppasswdd 100009 1 tcp 1022 yppasswdd freebsd2# rpcinfo -p freebsd2 program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100004 1 udp 1021 ypserv 100004 2 udp 1021 ypserv 100004 1 tcp 1023 ypserv 100004 2 tcp 1023 ypserv freebsd3# rpcinfo -p freebsd3 program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100007 2 udp 1022 ypbind 100007 2 tcp 1023 ypbind 100005 3 udp 1018 mountd 100005 3 tcp 1022 mountd 100005 1 udp 1018 mountd 100005 1 tcp 1022 mountd 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100024 1 udp 1006 status 100024 1 tcp 1021 status freebsd1# ypwhich ypwhich: can't clntudp_create: Can't communicate with ypbind freebsd2# ypwhich ypwhich: can't clntudp_create: Can't communicate with ypbind freebsd3# ypwhich freebsd1.compulinux.org freebsd1# ypcat passwd ypcat: no such map passwd.byname. reason: Can't bind to server which serves this domain freebsd2# ypcat passwd ypcat: no such map passwd.byname. reason: Can't bind to server which serves this domain freebsd3# ypcat passwd nutso:*:1001:1001:nutso:/home/nutso:/usr/local/bin/bash viril29:*:1004:1004:viril29:/home/viril29:/usr/local/bin/bash I also ran freebsd1# pw usermod -n viril29 -m freebsd1# pw usermod -n nutso -m freebsd2# pw usermod -n nutso -m pw: no such user `nutso' freebsd2# pw usermod -n viril29 -m pw: no such user `viril29' freebsd3# pw usermod -n nusto -m pw: no such user `nusto' freebsd3# pw usermod -n viril29 -m pw: no such user `viril29' But i still get freebsd3# su nutso su: unknown login: nutso freebsd3# su viril29 su: unknown login: viril29 When I try to login these accounts From owner-freebsd-net@FreeBSD.ORG Wed Mar 24 13:59:22 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5127C16A4CE for ; Wed, 24 Mar 2004 13:59:22 -0800 (PST) Received: from mailout.stusta.mhn.de (mailout.stusta.mhn.de [141.84.69.5]) by mx1.FreeBSD.org (Postfix) with SMTP id 8380543D2F for ; Wed, 24 Mar 2004 13:59:21 -0800 (PST) (envelope-from akio@despammed.com) Received: (qmail 9936 invoked from network); 24 Mar 2004 21:59:18 -0000 Received: from r065048.stusta.swh.mhn.de (HELO despammed.com) (10.150.65.48) by mailhub.stusta.mhn.de with SMTP; 24 Mar 2004 21:59:18 -0000 Message-ID: <406204AF.5050600@despammed.com> Date: Wed, 24 Mar 2004 22:59:11 +0100 From: Lutz Petersen User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <6686.1079661277@www27.gmx.net> <20040319193514.GB54073@blossom.cjclark.org> In-Reply-To: <20040319193514.GB54073@blossom.cjclark.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: BIND: Lookup of CNAME records X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2004 21:59:22 -0000 Crist J. Clark wrote: > How long does it take to do a reverse-lookup on the result of the > previous lookups? The applications may be trying to resolve a PTR > record for the final IP address they end up with. Reverse lookups work fine. But I do not think PTR lookups are an issue in this case (see below). > You can try the following two tests and compare the difference, > > 1) Put the two external servers in resolv.conf, and run, > > # tcpdump -s512 port 53 > > And try your ftp or telnet. > > 2) Put 127.0.0.1 back into resolv.conf, clear the cache of the local > BIND (not sure of a way to do that other than killing and > restarting in 8.x.x), and run the same thing, > > # tcpdump -s512 port 53 > > And again try the ftp or telnet. I am enclosing the results of these two tests. For better readability I have removed the time offset and replaced my IP number with "me", the forwarder's IP with "fw". (1) 00:00.000000 me.49235 > fw.domain: 1081+ AAAA? ftp.de.freebsd.org. (36) 00:00.235195 fw.domain > me.49235: 1081 2/0/0 CNAME ftp4.de.freebsd.org., CNAME ftp.leo.org. (77) (DF) 00:00.235648 me.49236 > fw.domain: 1082+ A? ftp.de.freebsd.org. (36) 00:00.850987 fw.domain > me.49236: 1082 3/0/0 CNAME ftp4.de.freebsd.org., CNAME ftp.leo.org., A 131.159.72.23 (93) (DF) (2) 00:00.000000 me.domain > fw.domain: 8207+ [1au] AAAA? ftp.de.freebsd.org. (47) 00:00.093818 fw.domain > me.domain: 8207 2/0/0 CNAME ftp4.de.freebsd.org., CNAME ftp.leo.org. (77) (DF) 00:00.094539 me.domain > fw.domain: 30226+ [1au] AAAA? ftp.leo.org. (40) 00:00.183988 fw.domain > me.domain: 30226 0/0/0 (29) (DF) 00:05.184504 me.domain > fw.domain: 52418+ [1au] AAAA? ftp.leo.org. (40) 00:05.278765 fw.domain > me.domain: 52418 0/0/0 (29) (DF) 00:15.278043 me.domain > fw.domain: 24089+ [1au] AAAA? ftp.leo.org. (40) 00:15.377019 fw.domain > me.domain: 24089 0/0/0 (29) (DF) 00:35.374320 me.domain > fw.domain: 31178+ [1au] AAAA? ftp.leo.org. (40) 00:35.978176 fw.domain > me.domain: 31178 0/0/0 (29) (DF) 01:15.970823 me.domain > fw.domain: 53751+ [1au] A? ftp.leo.org. (40) 01:16.064579 fw.domain > me.domain: 53751 1/0/0 A 131.159.72.23 (45) (DF) 01:16.065468 me.domain > fw.domain: 56474+ [1au] AAAA? J.ROOT-SERVERS.NET. (47) 01:16.065915 me.domain > fw.domain: 36905+ [1au] AAAA? K.ROOT-SERVERS.NET. (47) 01:16.066172 me.domain > fw.domain: 38356+ [1au] AAAA? L.ROOT-SERVERS.NET. (47) 01:16.066372 me.domain > fw.domain: 395+ [1au] AAAA? M.ROOT-SERVERS.NET. (47) 01:16.066572 me.domain > fw.domain: 54526+ [1au] AAAA? I.ROOT-SERVERS.NET. (47) 01:16.066771 me.domain > fw.domain: 61085+ [1au] AAAA? E.ROOT-SERVERS.NET. (47) 01:16.066986 me.domain > fw.domain: 38040+ [1au] AAAA? D.ROOT-SERVERS.NET. (47) 01:16.068062 me.domain > fw.domain: 35807+ [1au] AAAA? A.ROOT-SERVERS.NET. (47) 01:16.068664 me.domain > fw.domain: 27426+ [1au] AAAA? H.ROOT-SERVERS.NET. (47) 01:16.069117 me.domain > fw.domain: 39377+ [1au] AAAA? C.ROOT-SERVERS.NET. (47) 01:16.069552 me.domain > fw.domain: 11036+ [1au] AAAA? G.ROOT-SERVERS.NET. (47) 01:16.070036 me.domain > fw.domain: 34035+ [1au] AAAA? F.ROOT-SERVERS.NET. (47) 01:16.070476 me.domain > fw.domain: 33542+ [1au] AAAA? B.ROOT-SERVERS.NET. (47) 01:16.157385 fw.domain > me.domain: 56474 0/0/0 (36) (DF) 01:16.160564 fw.domain > me.domain: 36905 0/0/0 (36) (DF) 01:16.172424 fw.domain > me.domain: 38356 0/0/0 (36) (DF) 01:16.176809 fw.domain > me.domain: 395 0/0/0 (36) (DF) 01:16.188828 fw.domain > me.domain: 54526 0/0/0 (36) (DF) 01:16.193810 fw.domain > me.domain: 61085 0/0/0 (36) (DF) 01:16.202584 fw.domain > me.domain: 38040 0/0/0 (36) (DF) 01:16.209829 fw.domain > me.domain: 35807 0/0/0 (36) (DF) 01:16.217073 fw.domain > me.domain: 27426 0/0/0 (36) (DF) 01:16.238637 fw.domain > me.domain: 39377 0/0/0 (36) (DF) 01:16.240081 fw.domain > me.domain: 11036 0/0/0 (36) (DF) 01:16.241823 fw.domain > me.domain: 34035 0/0/0 (36) (DF) 01:16.246842 fw.domain > me.domain: 33542 0/0/0 (36) (DF) As I thought of an IPv6 problem, I compiled a new kernel with IPNET6. That did not help at all, unfortunately. Any ideas? From owner-freebsd-net@FreeBSD.ORG Wed Mar 24 15:16:21 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 683E316A4CE for ; Wed, 24 Mar 2004 15:16:21 -0800 (PST) Received: from altemaver.xenya.net (ljubljana73.k2.net [192.160.15.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id 27CE943D31 for ; Wed, 24 Mar 2004 15:16:21 -0800 (PST) (envelope-from cuk@cuk.nu) Received: from localhost (naboo.xenya.si [213.143.80.66]) by altemaver.xenya.net (Postfix) with ESMTP id 55D8D66B2B for ; Thu, 25 Mar 2004 00:16:28 +0100 (CET) Received: from altemaver.xenya.net ([192.168.100.249]) by localhost (naboo.xenya.si [213.143.80.66]) (amavisd-new, port 10024) with ESMTP id 00910-13 for ; Thu, 25 Mar 2004 00:19:26 +0100 (CET) Received: from cuk.nu (unknown [192.168.6.60]) by altemaver.xenya.net (Postfix) with ESMTP id 9A58766B1D for ; Thu, 25 Mar 2004 00:16:27 +0100 (CET) Message-ID: <4062170A.4040208@cuk.nu> Date: Thu, 25 Mar 2004 00:17:30 +0100 From: Marko Cuk User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: multipart/mixed; boundary="------------040009060006000805060702" X-Virus-Scanned: by amavisd-new at xenya.si Subject: [Fwd: Linksys VPN and FreeBSD] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2004 23:16:21 -0000 This is a multi-part message in MIME format. --------------040009060006000805060702 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit --------------040009060006000805060702 Content-Type: message/rfc822; name="Linksys VPN and FreeBSD" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="Linksys VPN and FreeBSD" Message-ID: <406216D3.8000004@cuk.nu> Date: Thu, 25 Mar 2004 00:16:35 +0100 From: Marko Cuk User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Linksys VPN and FreeBSD References: <405FFC94.5040506@webexc.com> <4060EB6A.8050607@smxy.org> <4060002A.7090705@webexc.com> In-Reply-To: <4060002A.7090705@webexc.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Does anyone know how to connect FreeBSD to Linksys VPN ( BEFSX41 or BEFVP41 ) and make a VPN tunnel ? Many thanks for hints, info, what / wich software to use for establishing connection, etc, etc... Cuk --------------040009060006000805060702-- From owner-freebsd-net@FreeBSD.ORG Thu Mar 25 02:27:27 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C019B16A4CE for ; Thu, 25 Mar 2004 02:27:27 -0800 (PST) Received: from mail.dti.supsi.ch (mail.die.supsi.ch [193.5.153.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B2FE43D39 for ; Thu, 25 Mar 2004 02:27:26 -0800 (PST) (envelope-from roberto.nunnari@supsi.ch) Received: from supsi.ch (pcm2027.dti.supsi.ch [193.5.152.27]) by mail.dti.supsi.ch (8.11.6/8.11.6) with ESMTP id i2PARPv06407 for ; Thu, 25 Mar 2004 11:27:25 +0100 Message-ID: <4062B48C.5060802@supsi.ch> Date: Thu, 25 Mar 2004 11:29:32 +0100 From: Roberto Nunnari User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Fatal trap in rt_msg2 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2004 10:27:27 -0000 Hello. I'm posting here as I've been told in current it's a better place. On March 18th I did an upgrade from 5.2-p2 to RELENG_5_2 which gave me 5.2.1-p3. cvsup, build and install went well, but when I rebooted I got Fatal trap 12 during network configuration, late in the boot process.. I could boot and get a working system using the old kernel.. Anyways, i did a partial restore /boot, /bin, /etc, /lib, /libexec, /sbin that was enough to get the system back to multiuser mode and running great as usual.. Yet.. I cannot seam to be able to upgrade the system any more.. Please help. Just ask and I'll be glad to give all relevant information you may need in order to solve this problem. I'm new to kernel debugging, but I'll do my best. I just need some help and guidance. Thanks. here is the 5.2-p1 kernel config and dmesg http://www.dti.supsi.ch/~robi/WEB.20040323 http://www.dti.supsi.ch/~robi/dmesg.20040323 and this is the kernel config I used to save the dump. http://www.dti.supsi.ch/~robi/WEB it seams that sa in rt_msg2 (/usr/src/sys/net/rtsock.c:708) is a bogus pointer.. Here is my gdb session: web.dti.supsi.ch# gdb -k kernel.debug /usr/crash/vmcore.1 GNU gdb 5.2.1 (FreeBSD) Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-unknown-freebsd"... panic: page fault panic messages: --- Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0xff70ff70 fault code = supervisor read, page not present instruction pointer = 0x8:0xc0568949 stack pointer = 0x10:0xe40a1b04 frame pointer = 0x10:0xe40a1b28 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 303 (ifconfig) trap number = 12 panic: page fault cpuid = 0; boot() called on cpu#0 syncing disks, buffers remaining... 218 218 216 216 215 215 215 215 215 215 215 215 215 215 215 215 215 215 215 215 215 215 215 215 giving up on 200 buffers Uptime: 46s Dumping 1023 MB 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592 608 624 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880 896 912 928 944 960 976 992 1008 --- Reading symbols from /usr/obj/usr/src/sys/WEB/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done. Loaded symbols for /usr/obj/usr/src/sys/WEB/modules/usr/src/sys/modules/acpi/acpi.ko.debug #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 240 dumping++; (kgdb) list *0xc0568949 0xc0568949 is in rt_msg2 (/usr/src/sys/net/rtsock.c:708). 703 register struct sockaddr *sa; 704 705 if ((sa = rtinfo->rti_info[i]) == 0) 706 continue; 707 rtinfo->rti_addrs |= (1 << i); 708 dlen = ROUNDUP(sa->sa_len); 709 if (cp) { 710 bcopy((caddr_t)sa, cp, (unsigned)dlen); 711 cp += dlen; 712 } (kgdb) backtrace #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 #1 0xc04f1791 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:372 #2 0xc04f1b6e in panic () at /usr/src/sys/kern/kern_shutdown.c:550 #3 0xc062547c in trap_fatal (frame=0xe40a1ac4, eva=0) at /usr/src/sys/i386/i386/trap.c:821 #4 0xc0625122 in trap_pfault (frame=0xe40a1ac4, usermode=0, eva=4285595504) at /usr/src/sys/i386/i386/trap.c:735 #5 0xc0624d33 in trap (frame= {tf_fs = 24, tf_es = -1066860528, tf_ds = 16, tf_edi = 0, tf_esi = 4, tf_ebp = -469099736, tf_isp = -469099792, tf_ebx = -964638720, tf_edx = -9371792, tf_ecx = -469099704, tf_eax = 16, tf_trapno = 12, tf_err = 0, tf_eip = -1068070583, tf_cs = 8, tf_eflags = 66050, tf_esp = -967258976, tf_ss = -964361888}) at /usr/src/sys/i386/i386/trap.c:420 #6 0xc0611f28 in calltrap () at {standard input}:94 #7 0xc0568fe6 in sysctl_iflist (af=0, w=0xe40a1b9c) at /usr/src/sys/net/rtsock.c:981 #8 0xc056943e in sysctl_rtsock (oidp=0xc0694b00, arg1=0xe40a1cb4, arg2=4, req=0xe40a1c10) at /usr/src/sys/net/rtsock.c:1132 #9 0xc04fb89a in sysctl_root (oidp=0x0, arg1=0x16, arg2=-469099504, req=0xe40a1cb8) at /usr/src/sys/kern/kern_sysctl.c:1179 #10 0xc04fbb4d in userland_sysctl (td=0x0, name=0xe40a1cac, namelen=6, old=0xe40a1c10, oldlenp=0xe40a1cb8, inkernel=0, new=0x16, newlen=0, retval=0xe40a1ca8) at /usr/src/sys/kern/kern_sysctl.c:1286 #11 0xc04fb980 in __sysctl (td=0x0, uap=0xe40a1d14) at /usr/src/sys/kern/kern_sysctl.c:1216 #12 0xc06257e0 in syscall (frame= {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 0, tf_esi = -1077940636, tf_ebp = -1077940728, tf_isp = -469099148, tf_ebx = 672416032, tf_edx = 0, tf_ecx = -1077940632, tf_eax = 202, tf_trapno = 12, tf_err = 2, tf_eip = 671908719, tf_cs = 31, tf_eflags = 663, tf_esp = -1077940772, tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1010 #13 0xc0611f7d in Xint0x80_syscall () at {standard input}:136 ---Can't read userspace from dump, or kernel process--- (kgdb) up 7 #7 0xc0568fe6 in sysctl_iflist (af=0, w=0xe40a1b9c) at /usr/src/sys/net/rtsock.c:981 981 len = rt_msg2(RTM_IFINFO, &info, (caddr_t)0, w); (kgdb) print info $1 = {rti_addrs = 16, rti_info = {0x0, 0x0, 0x0, 0x0, 0xff70ff70, 0x0, 0x0, 0x0}, rti_flags = 0, rti_ifa = 0x0, rti_ifp = 0x0} (kgdb) print w $2 = (struct walkarg *) 0xe40a1b9c (kgdb) print *w $3 = {w_tmemsize = 152, w_op = 3, w_arg = 0, w_tmem = 0xc6850100 "\230", w_req = 0xe40a1c10} -- Roberto Nunnari -software engineer- mailto:roberto.nunnari@supsi.ch Scuola Universitaria Professionale della Svizzera Italiana Dipartimento Tecnologie Innovative http://www.dti.supsi.ch SUPSI-DTI Via Cantonale tel: +41-91-6108561 6928 Manno """ fax: +41-91-6108570 Switzerland (o o) =======================oOO==(_)==OOo======================== From owner-freebsd-net@FreeBSD.ORG Thu Mar 25 02:29:30 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0267516A4CE for ; Thu, 25 Mar 2004 02:29:30 -0800 (PST) Received: from hotmail.com (bay16-dav23.bay16.hotmail.com [65.54.186.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id E810343D31 for ; Thu, 25 Mar 2004 02:29:29 -0800 (PST) (envelope-from fuhuayin@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 25 Mar 2004 02:29:29 -0800 Received: from 193.190.247.203 by bay16-dav23.bay16.hotmail.com with DAV; Thu, 25 Mar 2004 10:29:29 +0000 X-Originating-IP: [193.190.247.203] X-Originating-Email: [fuhuayin@hotmail.com] X-Sender: fuhuayin@hotmail.com From: "Fuhua Yin" To: References: <40599ACA.1040506@netli.com> Date: Thu, 25 Mar 2004 11:29:23 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: X-OriginalArrivalTime: 25 Mar 2004 10:29:29.0819 (UTC) FILETIME=[0E3602B0:01C41254] Subject: BSD Packet filter hook, X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2004 10:29:30 -0000 Dear friends, Are there anyone who know about how to use BSD Packet filter hook?, something like netfilter in linux. But I need to find one for FreeBSD. Many thanks IN Advance, fuhua From owner-freebsd-net@FreeBSD.ORG Thu Mar 25 02:34:28 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 94F5E16A4CE for ; Thu, 25 Mar 2004 02:34:28 -0800 (PST) Received: from mail.dti.supsi.ch (mail.die.supsi.ch [193.5.153.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id C321643D45 for ; Thu, 25 Mar 2004 02:34:27 -0800 (PST) (envelope-from roberto.nunnari@supsi.ch) Received: from supsi.ch (pcm2027.dti.supsi.ch [193.5.152.27]) by mail.dti.supsi.ch (8.11.6/8.11.6) with ESMTP id i2PAYQv06731 for ; Thu, 25 Mar 2004 11:34:26 +0100 Message-ID: <4062B632.5090006@supsi.ch> Date: Thu, 25 Mar 2004 11:36:34 +0100 From: Roberto Nunnari User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <4062B48C.5060802@supsi.ch> In-Reply-To: <4062B48C.5060802@supsi.ch> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Fatal trap in rt_msg2 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2004 10:34:28 -0000 Roberto Nunnari wrote: > On March 18th I did an upgrade from 5.2-p2 to RELENG_5_2 which Opps.. mistake.. you should read: from 5.2-p1 to RELENG_5_2 -- Roberto Nunnari -software engineer- mailto:roberto.nunnari@supsi.ch Scuola Universitaria Professionale della Svizzera Italiana Dipartimento Tecnologie Innovative http://www.dti.supsi.ch SUPSI-DTI Via Cantonale tel: +41-91-6108561 6928 Manno """ fax: +41-91-6108570 Switzerland (o o) =======================oOO==(_)==OOo======================== From owner-freebsd-net@FreeBSD.ORG Thu Mar 25 03:00:12 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0E6C116A4D2 for ; Thu, 25 Mar 2004 03:00:12 -0800 (PST) Received: from artis.latnet.lv (artis.latnet.lv [159.148.107.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 862D943D41 for ; Thu, 25 Mar 2004 03:00:11 -0800 (PST) (envelope-from ac-lists@latnet.lv) Received: from artis.latnet.lv (localhost [127.0.0.1]) by artis.latnet.lv (Postfix) with ESMTP id E187CC0CB for ; Thu, 25 Mar 2004 13:00:09 +0200 (EET) To: freebsd-net@freebsd.org References: <40599ACA.1040506@netli.com> Message-ID: From: Artis Caune Organization: Latnet Content-Type: text/plain; format=flowed; charset=utf-8 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Date: Thu, 25 Mar 2004 13:00:09 +0200 In-Reply-To: User-Agent: Opera7.23/FreeBSD M2 build 518 Subject: Re: BSD Packet filter hook, X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2004 11:00:12 -0000 on 4.x you can replace IPFilter hook: ... int my_hook (const struct ip *ip, int ip_hl, struct ifnet *ifp, int out, struct mbuf **m) { /* drop all ;) */ m_freem(*m); *m = NULL; return 1; } /* on load */ fr_checkp = my_hook; /* on unload */ rf_checkp = NULL; ... on 5.x (>501108) there is pfil(9) hooks: ... int my_hook (void *arg, struct mbuf **m, struct ifnet *ifp, int dir) { /* drop all ;) */ m_freem(*m); *m = NULL; return 1; } struct pfil_head *pfh_inet; pfh_inet = pfil_head_get (PFIL_TYPE_AF, AF_INET); if (pfh_inet == NULL) return EINVAL; /* on load */ pfil_add_hook(my_hook, NULL, PFIL_IN | PFIL_OUT, pfh_inet); /* on unload */ pfil_remove_hook(my_hook, NULL, PFIL_IN | PFIL_OUT, pfh_inet); ... -- Artis On Thu, 25 Mar 2004 11:29:23 +0100, Fuhua Yin wrote: > Dear friends, > > Are there anyone who know about how to use BSD Packet filter hook?, > something like netfilter in linux. But I need to find one for FreeBSD. > > Many thanks IN Advance, > fuhua > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Thu Mar 25 03:12:39 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED18316A4CE; Thu, 25 Mar 2004 03:12:39 -0800 (PST) Received: from darkness.comp.waw.pl (unknown [195.117.238.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8C13B43D46; Thu, 25 Mar 2004 03:12:39 -0800 (PST) (envelope-from pjd@darkness.comp.waw.pl) Received: by darkness.comp.waw.pl (Postfix, from userid 1009) id 8925CACAF8; Thu, 25 Mar 2004 12:12:35 +0100 (CET) Date: Thu, 25 Mar 2004 12:12:35 +0100 From: Pawel Jakub Dawidek To: Robert Watson Message-ID: <20040325111235.GY8930@darkness.comp.waw.pl> References: <20040323123831.GM8930@darkness.comp.waw.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xsFQtFdnkC8cTCzR" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 5.2.1-RC2 i386 cc: freebsd-net@FreeBSD.org Subject: Re: in_pcbbind_setup(), etc. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2004 11:12:40 -0000 --xsFQtFdnkC8cTCzR Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 23, 2004 at 06:16:31PM -0500, Robert Watson wrote: +> > For example: 'td' can be NULL? It is offten tested, but not always, +> > Line 290: +> > if (sin->sin_addr.s_addr !=3D INADDR_ANY) +> > if (prison_ip(td->td_ucred, 0, &sin->sin_addr.s_addr)) +> > return(EINVAL); +> > td_ucred is used, but 'td' is not tested. +> >=20 +> > If this is always current thread, it can't be NULL, right? If this not +> > have to be current thread, we cannot touch td_ucred here, because (from +> > proc.h):=20 +>=20 +> Prior to FreeBSD 5.x, curproc could be NULL in interrupt context. With +> the introduction of curthread and the move to interrupt threads, curthre= ad +> became always non-NULL. However, sometimes the use of curthread may not +> make sense. :-) I think I'd prefer it if we passed an explicit +> credential into a number of these situations, which could be NULL if "the +> system" was requesting a service as opposed to an explicit user process. +> However, I'm not 100% convinced that is the right approach either. Note +> that we have some similar "confusions" relating to use of cached +> credentials in sockets, etc. The whole issue probably needs to be +> discussed after some detailed analysis, and revisited. Ok, I've add few line at start of in_pcbbind_setup(): if (td =3D=3D NULL) printf("NULL td in %s\n", __func__); if (td !=3D curthread) printf("td !=3D curthread in %s\n", __func__); And I'm seeing 2nd printf() while mounting NFS file systems. If so, I think using td->td_ucred in this function isn't safe... --=20 Pawel Jakub Dawidek http://www.FreeBSD.org pjd@FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am! --xsFQtFdnkC8cTCzR Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAYr6jForvXbEpPzQRAr47AJ0bBy3kVhkKFBcHy+vwn30O5/icpwCgnoW8 /Cn/X6spWO9oNt/UxLW95wM= =t1Rj -----END PGP SIGNATURE----- --xsFQtFdnkC8cTCzR-- From owner-freebsd-net@FreeBSD.ORG Thu Mar 25 04:54:08 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7DC4416A4CE for ; Thu, 25 Mar 2004 04:54:08 -0800 (PST) Received: from smail2.alcatel.fr (na5.alcatel.fr [194.133.58.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6B6AE43D46 for ; Thu, 25 Mar 2004 04:54:07 -0800 (PST) (envelope-from ciprian.badescu@alcatel.ro) Received: from mrc.mrc.alcatel.ro (web.mrc.alcatel.ro [172.25.128.124]) by smail2.alcatel.fr (ALCANET/NETFR) with ESMTP id i2PCs23A006402; Thu, 25 Mar 2004 13:54:04 +0100 Received: from mcd01paf.mrc.alcatel.ro (elvis [172.25.128.175]) id i2PCuXbB024725; Thu, 25 Mar 2004 14:56:33 +0200 (EET) Date: Thu, 25 Mar 2004 14:52:26 +0200 (EET) From: Ciprian Badescu X-X-Sender: badescu@mcd01paf.mrc.alcatel.ro To: Jamel Brown In-Reply-To: <20040324202621.72891.qmail@web60507.mail.yahoo.com> Message-ID: <20040325145111.P60217@mcd01paf.mrc.alcatel.ro> References: <20040324202621.72891.qmail@web60507.mail.yahoo.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE X-ANSR-MRC-MailScanner-Information: Please contact your local Support Team for more informations X-ANSR-MRC-MailScanner: Found to be clean X-MailScanner-From: ciprian.badescu@alcatel.ro X-Alcanet-MTA-scanned-and-authorized: yes cc: freebsd-net@freebsd.org Subject: Re: Setting up NIS X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2004 12:54:08 -0000 Hi, I don't believe this is the right place for a blank line. And the same for group. =2E...... user:/nonexistent:/sbin/nologin +::::::::: -- Ciprian Badescu On Wed, 24 Mar 2004, Jamel Brown wrote: > Date: Wed, 24 Mar 2004 12:26:21 -0800 (PST) > From: Jamel Brown > To: freebsd-net@freebsd.org > Subject: Setting up NIS > > freebsd1.compulinux.org 4.9-RELEASE FreeBSD > 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 > root@freebsd-stable.sentex.ca:/usr/obj/usr/src/sys/GENERIC > i386 > > freebsd2.compulinux.org 4.9-RELEASE FreeBSD > 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 > root@freebsd-stable.sentex.ca:/usr/obj/usr/src/sys/GENERIC > i386 > > freebsd3.compulinux.org 4.9-RELEASE FreeBSD > 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 > root@freebsd-stable.sentex.ca:/usr/obj/usr/src/sys/GENERIC > i386 > > FreeBSD freebsd4.compulinux.org 4.9-RELEASE FreeBSD > 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 > root@freebsd-stable.sentex.ca:/usr/obj/usr/src/sys/GENERIC > i386 > > I'm having several problems setting up nis on my > system I have 4 computers that I am trying to setup > nis on. The roles I would like my computers to play > are as follows Freebsd1 Server, Freebsd2 Slave, > Freebsd3 Client, and Freebsd4 Client. I have been > trying to set up NIS according to what the FreeBSD > hand book says several times but all with no luck. Ok > here's is another thing I=92m new to FreeBSD so I don=92t > know how to use vi and vipw very well so I always use > Pico or edit instead please let me know if I am > causing the problem by not using these programs. Also > if you notice I have missed anything please let me > know. I am not going to explain freebsd4 because > freebsd3 is the same as it. Everything I typed in is > after a fresh install of FreeBSD this is no other > programs running except what is listed in /etc/rc.conf > Also Please Type in the exact command needed to fix my > problem if at all possible as I have stated before I > am new to FreeBSD so please assume I don=92t know. > > This is my output of /etc/rc.conf on Freebsd1 > freebsd1# cat /etc/rc.conf > kern_securelevel_enable=3D"NO" > nfs_reserved_port_only=3D"YES" > sendmail_enable=3D"YES" > sshd_enable=3D"YES" > usbd_enable=3D"YES" > moused_port=3D"/dev/psm0" > moused_type=3D"auto" > moused_enable=3D"YES" > named_enable=3D"YES" > ifconfig_rl0=3D"inet 192.168.123.1 netmask > 255.255.255.0" > ipv6_enable=3D"YES" > defaultrouter=3D"192.168.123.254" > hostname=3D"freebsd1.compulinux.org" > nisdomainname=3D"compulinux.org" > nis_server_enable=3D"YES" > nis_yppasswdd_enable=3D"YES" > > This is /etc/rc.conf on freebsd2 > freebsd2# cat /etc/rc.conf > kern_securelevel_enable=3D"NO" > nfs_client_enable=3D"YES" > nfs_reserved_port_only=3D"YES" > sendmail_enable=3D"YES" > sshd_enable=3D"YES" > usbd_enable=3D"YES" > ifconfig_rl0=3D"inet 192.168.123.2 netmask > 255.255.255.0" > moused_port=3D"/dev/psm0" > moused_type=3D"auto" > moused_enable=3D"YES" > ipv6_enable=3D"YES" > defaultrouter=3D"192.168.123.254" > hostname=3D"freebsd2.compulinux.org" > named_enable=3D"YES" > nisdomainname=3D"compulinux.org" > nis_yppasswdd_enable=3D"YES" > nis_server_enable=3D"YES" > > This is /etc/rc.conf on Freebsd3 > freebsd3# cat /etc/rc.conf > kern_securelevel_enable=3D"NO" > moused_enable=3D"YES" > moused_port=3D"/dev/psm0" > moused_type=3D"auto" > nfs_reserved_port_only=3D"YES" > nfs_server_enable=3D"YES" > mountd_flags=3D"-r" > sendmail_enable=3D"YES" > sshd_enable=3D"YES" > usbd_enable=3D"YES" > ifconfig_rl0=3D"inet 192.168.123.3 netmask > 255.255.255.0" > ipv6_enable=3D"YES" > defaultrouter=3D"192.168.123.254" > hostname=3D"freebsd3.compulinux.org" > nis_client_enable=3D"YES" > nisdomainname=3D"compulinux.org" > > This is my /etc/master.passwd on freebsd3 > freebsd3# cat /etc/master.passwd > # $FreeBSD: src/etc/master.passwd,v 1.25.2.6 > 2002/06/30 17:57:17 des Exp $ > # > root:$1$9S9qmgEH$RNedtYvD6KwWd.R09ku2.0:0:0::0:0:Charlie > &:/root:/bin/csh > toor:*:0:0::0:0:Bourne-again Superuser:/root: > daemon:*:1:1::0:0:Owner of many system > processes:/root:/sbin/nologin > operator:*:2:5::0:0:System &:/:/sbin/nologin > bin:*:3:7::0:0:Binaries Commands and > Source:/:/sbin/nologin > tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin > kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin > games:*:7:13::0:0:Games > pseudo-user:/usr/games:/sbin/nologin > news:*:8:8::0:0:News Subsystem:/:/sbin/nologin > man:*:9:9::0:0:Mister Man > Pages:/usr/share/man:/sbin/nologin > sshd:*:22:22::0:0:Secure Shell > Daemon:/var/empty:/sbin/nologin > smmsp:*:25:25::0:0:Sendmail Submission > User:/var/spool/clientmqueue:/sbin/nologin > mailnull:*:26:26::0:0:Sendmail Default > User:/var/spool/mqueue:/sbin/nologin > bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin > uucp:*:66:66::0:0:UUCP > pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico > xten:*:67:67::0:0:X-10 > daemon:/usr/local/xten:/sbin/nologin > pop:*:68:6::0:0:Post Office > Owner:/nonexistent:/sbin/nologin > www:*:80:80::0:0:World Wide Web > Owner:/nonexistent:/sbin/nologin > nobody:*:65534:65534::0:0:Unprivileged > user:/nonexistent:/sbin/nologin > > +::::::::: > > This is /etc/group on Freebsd3 > > freebsd3# cat /etc/group > # $FreeBSD: src/etc/group,v 1.19.2.3 2002/06/30 > 17:57:17 des Exp $ > # > wheel:*:0:root > daemon:*:1:daemon > kmem:*:2:root > sys:*:3:root > tty:*:4:root > operator:*:5:root > mail:*:6: > bin:*:7: > news:*:8: > man:*:9: > games:*:13: > staff:*:20:root > sshd:*:22: > smmsp:*:25: > mailnull:*:26: > guest:*:31:root > bind:*:53: > uucp:*:66: > xten:*:67:xten > dialer:*:68: > network:*:69: > www:*:80: > nogroup:*:65533: > nobody:*:65534: > > +:*:: > > The handbook then tells you to type a couple simple > things into the server > 1. nisdomainname=3D"compulinux.org" > 2. nis_server_enable=3D"YES" > 3. nis_yppasswdd_enable=3D"YES" > after doing that Instead of running /etc/netstart I > just reboot > then run the following commands > # cp /etc/master.passwd /var/yp/master.passwd > # cd /var/yp > # edit master.passwd > Removing all sytem account > # chmod 600 master.passwd > freebsd1# ypinit -m compulinux.org > Server Type: MASTER Domain: compulinux.org > > Creating an YP server will require that you answer a > few questions. > Questions will all be asked at the beginning of the > procedure. > > Do you want this procedure to quit on non-fatal > errors? [y/n: n] > > Ok, please remember to go back and redo manually > whatever fails. > If you don't, something might not work. > > At this point, we have to construct a list of this > domains YP servers. > freebsd1.compulinux.org is already known as master > server. > Please continue to add any slave servers, one per > line. When you are > done with the list, type a . > master server : freebsd1.compulinux.org > next host to add: freebsd2.compulinux.org > next host to add: ^D > The current list of NIS servers looks like this: > > freebsd1.compulinux.org > freebsd2.compulinux.org > > Is this correct? [y/n: y] y > Building /var/yp/compulinux.org/ypservers... > Running /var/yp/Makefile... > NIS Map update started on Sun Mar 21 06:04:03 CST 2004 > for domain compulinux.org > Updating hosts.byname... > Creating new /var/yp/passwd file from > /var/yp/master.passwd... > Updating netid.byname... > Updating hosts.byaddr... > yp_mkdb: no key -- check source file for blank lines > Updating networks.byaddr... > yp_mkdb: no key -- check source file for blank lines > yp_mkdb: no key -- check source file for blank lines > Updating networks.byname... > yp_mkdb: no key -- check source file for blank lines > yp_mkdb: no key -- check source file for blank lines > Updating protocols.bynumber... > Updating protocols.byname... > Updating rpc.byname... > Updating rpc.bynumber... > Updating services.byname... > yp_mkdb: duplicate key 'compressnet/tcp' - skipping > yp_mkdb: duplicate key 'compressnet/udp' - skipping > yp_mkdb: duplicate key 'mit-ml-dev/tcp' - skipping > yp_mkdb: duplicate key 'mit-ml-dev/udp' - skipping > yp_mkdb: duplicate key 'rap/tcp' - skipping > yp_mkdb: duplicate key 'rap/udp' - skipping > yp_mkdb: duplicate key '351/tcp' - skipping > yp_mkdb: duplicate key '351/udp' - skipping > yp_mkdb: duplicate key '352/tcp' - skipping > yp_mkdb: duplicate key '352/udp' - skipping > yp_mkdb: duplicate key '666/tcp' - skipping > yp_mkdb: duplicate key '666/udp' - skipping > yp_mkdb: duplicate key '751/tcp' - skipping > yp_mkdb: duplicate key '751/udp' - skipping > yp_mkdb: duplicate key '754/tcp' - skipping > yp_mkdb: duplicate key '760/tcp' - skipping > yp_mkdb: duplicate key '761/tcp' - skipping > yp_mkdb: duplicate key '999/tcp' - skipping > yp_mkdb: duplicate key '999/udp' - skipping > yp_mkdb: duplicate key 'cadlock/tcp' - skipping > yp_mkdb: duplicate key 'csdmbase/tcp' - skipping > yp_mkdb: duplicate key 'csdmbase/udp' - skipping > yp_mkdb: duplicate key 'csdm/tcp' - skipping > yp_mkdb: duplicate key 'csdm/udp' - skipping > yp_mkdb: duplicate key '1525/tcp' - skipping > yp_mkdb: duplicate key '1525/udp' - skipping > yp_mkdb: duplicate key '1529/tcp' - skipping > yp_mkdb: duplicate key '1701/tcp' - skipping > yp_mkdb: duplicate key '1701/udp' - skipping > yp_mkdb: duplicate key '1989/tcp' - skipping > yp_mkdb: duplicate key '1989/udp' - skipping > yp_mkdb: duplicate key '1992/tcp' - skipping > yp_mkdb: duplicate key '1992/udp' - skipping > yp_mkdb: duplicate key '3455/udp' - skipping > yp_mkdb: duplicate key '4444/tcp' - skipping > yp_mkdb: duplicate key '4444/udp' - skipping > yp_mkdb: duplicate key '7010/tcp' - skipping > yp_mkdb: duplicate key '7010/udp' - skipping > yp_mkdb: duplicate key '22273/tcp' - skipping > yp_mkdb: duplicate key '22289/tcp' - skipping > yp_mkdb: duplicate key '22321/tcp' - skipping > yp_mkdb: duplicate key '22305/tcp' - skipping > Updating group.byname... > Updating group.bygid... > Updating passwd.byname... > Updating passwd.byuid... > Updating master.passwd.byname... > Updating master.passwd.byuid... > NIS Map update completed. > > freebsd1.compulinux.org has been setup as an YP master > server without any errors > > I then edit /var/vp/Makefile and make NOPUSH =3D TRUE to > #NOPUSH =3D TRUE > after that i normally reboot just to make sure all > changes have taken place. I then add users to the > system by typing > > # freebsd1# adduser > Use option ``-silent'' if you don't want to see all > warnings and questions. > > Check /etc/shells > Check /etc/master.passwd > Check /etc/group > User ``+'' has gid but a group with this gid does not > exist. > Usernames must match regular expression: > [^[a-z0-9_][a-z0-9_-]*$]: > Enter your default shell: bash csh date no sh tcsh > [bash]: > Your default shell is: bash -> /usr/local/bin/bash > Enter your default HOME partition: [/home]: > Copy dotfiles from: /usr/share/skel no > [/usr/share/skel]: > Send message from file: /etc/adduser.message no > [/etc/adduser.message]: > Use passwords (y/n) [y]: > > Ok, let's go. > Don't worry about mistakes. I will give you the chance > later to correct any input. > Enter username [^[a-z0-9_][a-z0-9_-]*$]: nutso > Enter full name []: > Enter shell bash csh date no sh tcsh [bash]: > Enter home directory (full path) [/home/nutso]: > Uid [1001]: > Enter login class: default []: > Login group nutso [nutso]: > Login group is ``nutso''. Invite nutso into other > groups: guest no > [no]: wheel > Enter password []: > Enter password again []: > > Name: nutso > Password: **** > Fullname: nutso > Uid: 1001 > Gid: 1001 (nutso) > Class: > Groups: nutso wheel > HOME: /home/nutso > Shell: /usr/local/bin/bash > OK? (y/n) [y]: > Added user ``nutso'' > Send message to ``nutso'' and: no root > second_mail_address > [no]: > > nutso, > > your account ``nutso'' was created. > Have fun! > > See also chpass(1), finger(1), passwd(1) > > Add anything to default message (y/n) [n]: > Send message (y/n) [y]: > Copy files from /usr/share/skel to /home/nutso > Add another user? (y/n) [y]: > Enter username [^[a-z0-9_][a-z0-9_-]*$]: viril29 > Enter full name []: > Enter shell bash csh date no sh tcsh [bash]: > Enter home directory (full path) [/home/viril29]: > Uid [1004]: > Enter login class: default []: > Login group viril29 [viril29]: > Login group is ``viril29''. Invite viril29 into other > groups: guest no wheel > [wheel]: > Enter password []: > Enter password again []: > > Name: viril29 > Password: **** > Fullname: viril29 > Uid: 1004 > > Due to the system not coping these two user to > /var/yp/master.passwd i manually copy then into > /var/yp/master.passwd Please let me know how to fix > that. after editing the /var/yp/passwd file i will > type in. > > #make > NIS Map update started on Sun Mar 21 06:35:31 CST 2004 > for domain compulinux.org > Updating group.byname... > yppush: transfer of map group.byname to server > freebsd1.compulinux.org failed > yppush: status returned by ypxfr: Master's version not > newer > Pushed group.byname map. > Updating group.bygid... > yppush: transfer of map group.bygid to server > freebsd1.compulinux.org failed > yppush: status returned by ypxfr: Master's version not > newer > Pushed group.bygid map. > Creating new /var/yp/passwd file from > /var/yp/master.passwd... > Updating netid.byname... > yppush: transfer of map netid.byname to server > freebsd1.compulinux.org failed > yppush: status returned by ypxfr: Master's version not > newer > Pushed netid.byname map. > Updating passwd.byname... > yppush: transfer of map passwd.byname to server > freebsd1.compulinux.org failed > yppush: status returned by ypxfr: Master's version not > newer > Pushed passwd.byname map. > Updating passwd.byuid... > yppush: transfer of map passwd.byuid to server > freebsd1.compulinux.org failed > yppush: status returned by ypxfr: Master's version not > newer > Pushed passwd.byuid map. > Updating master.passwd.byname... > yppush: transfer of map master.passwd.byname to server > freebsd1.compulinux.org failed > yppush: status returned by ypxfr: Master's version not > newer > Pushed master.passwd.byname map. > Updating master.passwd.byuid... > yppush: transfer of map master.passwd.byuid to server > freebsd1.compulinux.org failed > yppush: status returned by ypxfr: Master's version not > newer > Pushed master.passwd.byuid map. > NIS Map update completed. > > I then goto the Slave server I edit /etc/rc.conf place > the following in it. > 1. nisdomainname=3D"compulinux.org" > 2. nis_server_enable=3D"YES" > 3. nis_yppasswdd_enable=3D"YES" > I then type in > freebsd2# ypinit -s freebsd1 compulinux.org > > Server Type: SLAVE Domain: compulinux.org Master: > freebsd1 > > Creating an YP server will require that you answer a > few questions. > Questions will all be asked at the beginning of the > procedure. > > Do you want this procedure to quit on non-fatal > errors? [y/n: n] > > Ok, please remember to go back and redo manually > whatever fails. > If you don't, something might not work. > There will be no further questions. The remainder of > the procedure > should take a few minutes, to copy the databases from > freebsd1. > Transfering master.passwd.byuid... > ypxfr: Exiting: Map successfully transferred > Transfering passwd.byuid... > ypxfr: Exiting: Map successfully transferred > Transfering passwd.byname... > ypxfr: Exiting: Map successfully transferred > Transfering group.bygid... > ypxfr: Exiting: Map successfully transferred > Transfering group.byname... > ypxfr: Exiting: Map successfully transferred > Transfering services.byname... > ypxfr: Exiting: Map successfully transferred > Transfering rpc.bynumber... > ypxfr: Exiting: Map successfully transferred > Transfering rpc.byname... > ypxfr: Exiting: Map successfully transferred > Transfering protocols.byname... > ypxfr: Exiting: Map successfully transferred > Transfering master.passwd.byname... > ypxfr: Exiting: Map successfully transferred > Transfering networks.byname... > ypxfr: Exiting: Map successfully transferred > Transfering protocols.bynumber... > ypxfr: Exiting: Map successfully transferred > Transfering hosts.byaddr... > ypxfr: Exiting: Map successfully transferred > Transfering netid.byname... > ypxfr: Exiting: Map successfully transferred > Transfering hosts.byname... > ypxfr: Exiting: Map successfully transferred > Transfering networks.byaddr... > ypxfr: Exiting: Map successfully transferred > Transfering ypservers... > ypxfr: Exiting: Map successfully transferred > > freebsd2.compulinux.org has been setup as an YP slave > server without any errors. > Don't forget to update map ypservers on freebsd1. > I then edit /etc/contab and put the following in it. > 20 * * * * root /usr/libexec/ypxfr > passwd.byname > 21 * * * * root /usr/libexec/ypxfr > passwd.byuid > > Then I reboot that system then goto freebsd3 > > I edit /etc/rc.conf placing > 1. nisdomainname=3D"compulinux.org" > 2. nis_client_enable=3D"YES" > I edit /etc/master.passwd placing +::::::::: at the > end of the file > I edit /etc/group placing +:*:: at the end of the file > I then reboot that then run the commands > > freebsd3# ypcat passwd > nutso:*:1001:1001:nutso:/home/nutso:/usr/local/bin/bash > viril29:*:1004:1004:viril29:/home/viril29:/usr/local/bin/bash > freebsd3# su nutso > su: unknown login: nutso > freebsd3# su viril29 > su: unknown login: viril29 > > Please let me know what i am doing wrong. > > Thank You > Jamel A. Brown > > > I e-mail the above to questions@freebsd.org which > they replied by telling me to due the following > > I added portmap_enable=3D"YES" to /etc/rc.conf on all > hosts > > freebsd1# rpcinfo > usage: rpcinfo [-n portnum] -u host prognum [versnum] > rpcinfo [-n portnum] -t host prognum [versnum] > rpcinfo -p [host] > rpcinfo -b prognum versnum > rpcinfo -d prognum versnum > freebsd1# rpcinfo -p freebsd1 > program vers proto port > 100000 2 tcp 111 portmapper > 100000 2 udp 111 portmapper > 100004 1 udp 1021 ypserv > 100004 2 udp 1021 ypserv > 100004 1 tcp 1023 ypserv > 100004 2 tcp 1023 ypserv > 100009 1 udp 1011 yppasswdd > 100009 1 tcp 1022 yppasswdd > freebsd2# rpcinfo -p freebsd2 > program vers proto port > 100000 2 tcp 111 portmapper > 100000 2 udp 111 portmapper > 100004 1 udp 1021 ypserv > 100004 2 udp 1021 ypserv > 100004 1 tcp 1023 ypserv > 100004 2 tcp 1023 ypserv > freebsd3# rpcinfo -p freebsd3 > program vers proto port > 100000 2 tcp 111 portmapper > 100000 2 udp 111 portmapper > 100007 2 udp 1022 ypbind > 100007 2 tcp 1023 ypbind > 100005 3 udp 1018 mountd > 100005 3 tcp 1022 mountd > 100005 1 udp 1018 mountd > 100005 1 tcp 1022 mountd > 100003 2 udp 2049 nfs > 100003 3 udp 2049 nfs > 100003 2 tcp 2049 nfs > 100003 3 tcp 2049 nfs > 100024 1 udp 1006 status > 100024 1 tcp 1021 status > freebsd1# ypwhich > ypwhich: can't clntudp_create: Can't communicate with > ypbind > > freebsd2# ypwhich > ypwhich: can't clntudp_create: Can't communicate with > ypbind > > freebsd3# ypwhich > freebsd1.compulinux.org > > freebsd1# ypcat passwd > ypcat: no such map passwd.byname. reason: Can't bind > to server which serves this domain > > freebsd2# ypcat passwd > ypcat: no such map passwd.byname. reason: Can't bind > to server which serves this domain > > freebsd3# ypcat passwd > nutso:*:1001:1001:nutso:/home/nutso:/usr/local/bin/bash > viril29:*:1004:1004:viril29:/home/viril29:/usr/local/bin/bash > > I also ran > > freebsd1# pw usermod -n viril29 -m > > freebsd1# pw usermod -n nutso -m > > freebsd2# pw usermod -n nutso -m > pw: no such user `nutso' > > freebsd2# pw usermod -n viril29 -m > pw: no such user `viril29' > > freebsd3# pw usermod -n nusto -m > pw: no such user `nusto' > > freebsd3# pw usermod -n viril29 -m > pw: no such user `viril29' > > But i still get > > freebsd3# su nutso > su: unknown login: nutso > > freebsd3# su viril29 > su: unknown login: viril29 > > When I try to login these accounts > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Thu Mar 25 05:35:53 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9943016A4CF; Thu, 25 Mar 2004 05:35:53 -0800 (PST) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 28F5943D48; Thu, 25 Mar 2004 05:35:53 -0800 (PST) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.10/8.12.10) with ESMTP id i2PDXfxC052908; Thu, 25 Mar 2004 08:33:42 -0500 (EST) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)i2PDXfCa052905; Thu, 25 Mar 2004 08:33:41 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Thu, 25 Mar 2004 08:33:41 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Pawel Jakub Dawidek In-Reply-To: <20040325111235.GY8930@darkness.comp.waw.pl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@FreeBSD.org Subject: Re: in_pcbbind_setup(), etc. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2004 13:35:53 -0000 On Thu, 25 Mar 2004, Pawel Jakub Dawidek wrote: > +> Prior to FreeBSD 5.x, curproc could be NULL in interrupt context. With > +> the introduction of curthread and the move to interrupt threads, curthread > +> became always non-NULL. However, sometimes the use of curthread may not > +> make sense. :-) I think I'd prefer it if we passed an explicit > +> credential into a number of these situations, which could be NULL if "the > +> system" was requesting a service as opposed to an explicit user process. > +> However, I'm not 100% convinced that is the right approach either. Note > +> that we have some similar "confusions" relating to use of cached > +> credentials in sockets, etc. The whole issue probably needs to be > +> discussed after some detailed analysis, and revisited. > > Ok, I've add few line at start of in_pcbbind_setup(): > > if (td == NULL) > printf("NULL td in %s\n", __func__); We should probably commit a KASSERT(), or perhaps just page fault if td is NULL. > if (td != curthread) > printf("td != curthread in %s\n", __func__); > > And I'm seeing 2nd printf() while mounting NFS file systems. If so, I > think using td->td_ucred in this function isn't safe... Yeah, that sounds fairly dubious. One of the things we've been thinking about for a while on the TrustedBSD Project is adding support for polyinstantiation, which for those who've not bumped into it before, means a virtualization of a service based on security properties. In the case of TCP/IP and UDP/IP, it would mean adding additional matching parameters to the PCB matching process, which currently is based on the address/port pair for the packet and PCB. In particular, adding the label of the packet and label of the PCB. It would also require some changes to the binding mechanism which would require explicit passing of the credential authorizing the bind. So my current leaning is that instead of passing in a thread, we should be passing in a credential reference -- especially as 'td' is only used to reach the credential in the PCB binding routines, not for anything else. Then it becomes the callers responsibility to make sure the reference remains valid and is safe from a locking perspective, which should be a lot easier to do than with a thread reference. How does this sound? It would completely eliminate the issue of "er, which thread is that", which is really an unnecessary issue given that all we're interested in is the credential. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Senior Research Scientist, McAfee Research From owner-freebsd-net@FreeBSD.ORG Thu Mar 25 06:32:58 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6462D16A4CE; Thu, 25 Mar 2004 06:32:58 -0800 (PST) Received: from darkness.comp.waw.pl (unknown [195.117.238.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F04643D2D; Thu, 25 Mar 2004 06:32:57 -0800 (PST) (envelope-from pjd@darkness.comp.waw.pl) Received: by darkness.comp.waw.pl (Postfix, from userid 1009) id 5A3E8AC976; Thu, 25 Mar 2004 15:32:56 +0100 (CET) Date: Thu, 25 Mar 2004 15:32:56 +0100 From: Pawel Jakub Dawidek To: Robert Watson Message-ID: <20040325143256.GA8930@darkness.comp.waw.pl> References: <20040325111235.GY8930@darkness.comp.waw.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="E9b8Qrao4pLwl/2H" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 5.2.1-RC2 i386 cc: freebsd-net@FreeBSD.org Subject: Re: in_pcbbind_setup(), etc. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2004 14:32:58 -0000 --E9b8Qrao4pLwl/2H Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 25, 2004 at 08:33:41AM -0500, Robert Watson wrote: +> > if (td !=3D curthread) +> > printf("td !=3D curthread in %s\n", __func__); +> >=20 +> > And I'm seeing 2nd printf() while mounting NFS file systems. If so, I +> > think using td->td_ucred in this function isn't safe...=20 +>=20 +> Yeah, that sounds fairly dubious. One of the things we've been thinking +> about for a while on the TrustedBSD Project is adding support for +> polyinstantiation, which for those who've not bumped into it before, mea= ns +> a virtualization of a service based on security properties. In the case +> of TCP/IP and UDP/IP, it would mean adding additional matching parameters +> to the PCB matching process, which currently is based on the address/port +> pair for the packet and PCB. In particular, adding the label of the +> packet and label of the PCB. It would also require some changes to the +> binding mechanism which would require explicit passing of the credential +> authorizing the bind. So my current leaning is that instead of passing = in +> a thread, we should be passing in a credential reference -- especially as +> 'td' is only used to reach the credential in the PCB binding routines, n= ot +> for anything else. Then it becomes the callers responsibility to make +> sure the reference remains valid and is safe from a locking perspective, +> which should be a lot easier to do than with a thread reference. +>=20 +> How does this sound? It would completely eliminate the issue of "er, +> which thread is that", which is really an unnecessary issue given that a= ll +> we're interested in is the credential. Sounds good. I can prepare patch with this in p4, but it isn't to heavy change from network locking branches point of view? --=20 Pawel Jakub Dawidek http://www.FreeBSD.org pjd@FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am! --E9b8Qrao4pLwl/2H Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAYu2YForvXbEpPzQRAghOAKC3mEJnltms/iIvlFNJF4UKiCWAQACcDVB4 XbxCaXMs1XdIRCtWHF312dA= =b8GN -----END PGP SIGNATURE----- --E9b8Qrao4pLwl/2H-- From owner-freebsd-net@FreeBSD.ORG Thu Mar 25 06:49:11 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1223316A4CE; Thu, 25 Mar 2004 06:49:11 -0800 (PST) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 886C743D1D; Thu, 25 Mar 2004 06:49:10 -0800 (PST) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.10/8.12.10) with ESMTP id i2PEkxxC053841; Thu, 25 Mar 2004 09:46:59 -0500 (EST) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)i2PEkxXX053838; Thu, 25 Mar 2004 09:46:59 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Thu, 25 Mar 2004 09:46:59 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Pawel Jakub Dawidek In-Reply-To: <20040325143256.GA8930@darkness.comp.waw.pl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@FreeBSD.org Subject: Re: in_pcbbind_setup(), etc. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2004 14:49:11 -0000 On Thu, 25 Mar 2004, Pawel Jakub Dawidek wrote: > +> How does this sound? It would completely eliminate the issue of "er, > +> which thread is that", which is really an unnecessary issue given that all > +> we're interested in is the credential. > > Sounds good. I can prepare patch with this in p4, but it isn't to heavy > change from network locking branches point of view? If anything, it's a simplifying change, since it corrects a potential locking/synchronization nit, and it should be easy to merge. Please go ahead! Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Senior Research Scientist, McAfee Research From owner-freebsd-net@FreeBSD.ORG Thu Mar 25 11:04:22 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D82AE16A4CF for ; Thu, 25 Mar 2004 11:04:22 -0800 (PST) Received: from web25208.mail.ukl.yahoo.com (web25208.mail.ukl.yahoo.com [217.12.10.68]) by mx1.FreeBSD.org (Postfix) with SMTP id EF7C043D41 for ; Thu, 25 Mar 2004 11:04:21 -0800 (PST) (envelope-from sylvain_lemasson@yahoo.fr) Message-ID: <20040325190421.90786.qmail@web25208.mail.ukl.yahoo.com> Received: from [80.170.44.55] by web25208.mail.ukl.yahoo.com via HTTP; Thu, 25 Mar 2004 20:04:21 CET Date: Thu, 25 Mar 2004 20:04:21 +0100 (CET) From: =?iso-8859-1?q?Sylvain=20Lemasson?= To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-config@freebsd.org Subject: SMTP request without response from the smtp server X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2004 19:04:23 -0000 Hi, I use a freebsd 5.2.1 to connect to internet. I use NAT.When I send mail from an other computer but I am unable to reach the server. I use ethereal to look at the request and all the smtp requests are send but no request from the server are received. In a previous version of freebsd I have no problem to send email. I don't know where the point so if someone could give me some advice itwill be helpfull. No firewal is set on freebsd. Bellow is the file ppp.conf. default: set log Phase Chat LCP IPCP CCP tun command # Ensure that "device" references the correct serial port # for your modem. (cuaa0 = COM1, cuaa1 = COM2) set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.255 disable ipv6cp tele2: set device PPPoE:sis1: set speed sync set MRU 1492 set MTU 1492 set cd 5 enable lqr enable dns nat enable yes nat same_ports no nat use_socket yes nat deny_incoming no nat log yes nat unregistered_only no set dial set login add default HISADDR set timeout 0 set server /var/run/internet "" 0177 Yahoo! Mail : votre e-mail personnel et gratuit qui vous suit partout ! Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/ Dialoguez en direct avec vos amis grâce à Yahoo! Messenger !Téléchargez Yahoo! Messenger sur http://fr.messenger.yahoo.com From owner-freebsd-net@FreeBSD.ORG Thu Mar 25 11:18:42 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B46D416A4CE for ; Thu, 25 Mar 2004 11:18:42 -0800 (PST) Received: from bes.amduat.net (bes.amduat.net [206.124.149.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4385743D45 for ; Thu, 25 Mar 2004 11:18:42 -0800 (PST) (envelope-from jbarrett@amduat.net) Received: from [10.0.0.236] ([10.0.0.236]) (AUTH: LOGIN jbarrett, SSL: TLSv1/SSLv3,128bits,RC4-MD5) by bes.amduat.net with esmtp; Thu, 25 Mar 2004 11:18:41 -0800 From: "Jacob S. Barrett" To: freebsd-net@freebsd.org Date: Thu, 25 Mar 2004 11:18:40 -0800 User-Agent: KMail/1.6.1 MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200403251118.40718.jbarrett@amduat.net> Subject: Disabling VLAN_HWTAGGING X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2004 19:18:42 -0000 Can you disable VLAN_HWTAGGING? I am seeing very strange behavior on a if_nge card with VLANs. If i try and connect an if_vlan to it the kernel panics. If I connect a ng_vlan to it tcpdump show that the tagged frames are "leaving" the if_nge interface, but tcpdump running on a remote host that is crossed over (if_em) show no frames leaving the if_nge. I am wondering if it is something to do VLAN_HWTAGGING. The if_em cards I have don't do it and work fine, but the if_nge cards don't work at all. -- Jacob S. Barrett jbarrett@amduat.net www.amduat.net "I don't suffer from insanity, I enjoy every minute of it." From owner-freebsd-net@FreeBSD.ORG Thu Mar 25 15:45:42 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2FD5B16A4CE for ; Thu, 25 Mar 2004 15:45:42 -0800 (PST) Received: from tigra.ip.net.ua (tigra.ip.net.ua [82.193.96.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6B2C843D1D for ; Thu, 25 Mar 2004 15:45:41 -0800 (PST) (envelope-from ru@ip.net.ua) Received: from heffalump.ip.net.ua (heffalump.ip.net.ua [82.193.96.213]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id i2PNmYns027713 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 26 Mar 2004 01:48:35 +0200 (EET) (envelope-from ru@ip.net.ua) Received: (from ru@localhost) by heffalump.ip.net.ua (8.12.11/8.12.11) id i2PNjR6d007053; Fri, 26 Mar 2004 01:45:27 +0200 (EET) (envelope-from ru) Date: Fri, 26 Mar 2004 01:45:27 +0200 From: Ruslan Ermilov To: "Jacob S. Barrett" Message-ID: <20040325234527.GC85417@ip.net.ua> References: <200403251118.40718.jbarrett@amduat.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="yLVHuoLXiP9kZBkt" Content-Disposition: inline In-Reply-To: <200403251118.40718.jbarrett@amduat.net> User-Agent: Mutt/1.5.6i X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: freebsd-net@freebsd.org Subject: Re: Disabling VLAN_HWTAGGING X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2004 23:45:42 -0000 --yLVHuoLXiP9kZBkt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 25, 2004 at 11:18:40AM -0800, Jacob S. Barrett wrote: > Can you disable VLAN_HWTAGGING? >=20 Not without modifying if_nge.c, but it should be pretty trivial. > I am seeing very strange behavior on a if_nge card with VLANs. If i try = and=20 > connect an if_vlan to it the kernel panics. If I connect a ng_vlan to it= =20 > tcpdump show that the tagged frames are "leaving" the if_nge interface, b= ut=20 > tcpdump running on a remote host that is crossed over (if_em) show no fra= mes=20 > leaving the if_nge. >=20 ng_vlan(4) doesn't provide support for hardware VLAN tagging for output frames -- it always emits ETHERTYPE_VLAN type Ethernet frames. > I am wondering if it is something to do VLAN_HWTAGGING. The if_em cards = I=20 > have don't do it and work fine, but the if_nge cards don't work at all. >=20 What FreeBSD version you're seeing the panic on? Cheers, --=20 Ruslan Ermilov FreeBSD committer ru@FreeBSD.org --yLVHuoLXiP9kZBkt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAY28XUkv4P6juNwoRAjDeAJ466Agw2B1lzxfob8G0jsEhAidvuQCeNCzx 5YOGpJGWVmxYtWolIkXvhnw= =7F2R -----END PGP SIGNATURE----- --yLVHuoLXiP9kZBkt-- From owner-freebsd-net@FreeBSD.ORG Thu Mar 25 16:50:38 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2DA9C16A531; Thu, 25 Mar 2004 16:50:38 -0800 (PST) Received: from bes.amduat.net (bes.amduat.net [206.124.149.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id B542643D60; Thu, 25 Mar 2004 16:50:37 -0800 (PST) (envelope-from jbarrett@amduat.net) Received: from [10.0.0.236] ([10.0.0.236]) (AUTH: LOGIN jbarrett, SSL: TLSv1/SSLv3,128bits,RC4-MD5) by bes.amduat.net with esmtp; Thu, 25 Mar 2004 16:50:36 -0800 From: "Jacob S. Barrett" To: Ruslan Ermilov Date: Thu, 25 Mar 2004 16:50:35 -0800 User-Agent: KMail/1.6.1 References: <200403251118.40718.jbarrett@amduat.net> <20040325234527.GC85417@ip.net.ua> In-Reply-To: <20040325234527.GC85417@ip.net.ua> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200403251650.35714.jbarrett@amduat.net> cc: freebsd-net@freebsd.org Subject: Re: Disabling VLAN_HWTAGGING X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 00:50:38 -0000 On Thursday 25 March 2004 03:45 pm, you wrote: > > Can you disable VLAN_HWTAGGING? > > Not without modifying if_nge.c, but it should be pretty trivial. As trivial as setting chaning: ifp->if_capabilities = IFCAP_HWCSUM | IFCAP_VLAN_HWTAGGING; to: ifp->if_capabilities = 0; This didn't solve the problem completely though. On the remote host I can now see tagged frames from the if_nge host, but the reply frames from the if_em host or not visible at all on the if_nge host (via tcpdump). tcpdump on if_em host: 16:41:28.741109 11:22:33:44:55:66 ff:ff:ff:ff:ff:ff 8100 60: 802.1Q vlan#2 P0 arp who-has 10.2.0.2 tell 10.2.0.1 16:41:28.741161 0:90:27:f4:58:1d 11:22:33:44:55:66 8100 60: 802.1Q vlan#2 P0 arp reply 10.2.0.2 is-at 0:90:27:f4:58:1d tcpdump on if_nge host: 16:41:27.079515 11:22:33:44:55:66 ff:ff:ff:ff:ff:ff 8100 46: 802.1Q vlan#2 P0 arp who-has 10.2.0.2 tell 10.2.0.1 ifconfig: nge0: flags=8843 mtu 1500 inet6 fe80::209:5bff:fe1a:7680%nge0 prefixlen 64 scopeid 0x2 ether 00:09:5b:1a:76:80 media: Ethernet 1000baseSX status: active ngeth0: flags=8843 mtu 1500 inet6 fe80::2a0:c9ff:feac:c55c%ngeth0 prefixlen 64 scopeid 0x6 inet 10.2.0.1 netmask 0xffffff00 broadcast 10.2.0.255 ether 11:22:33:44:55:66 script to setup VLAN: ifconfig nge0 up ngctl mkpeer nge0: vlan lower downstream ngctl mkpeer nge0:lower eiface vlan2 ether ngctl msg nge0: setpromisc 1 ngctl msg nge0: setautosrc 0 ngctl msg nge0:lower addfilter "{ vlan=2 hook=\"vlan2\" }" ifconfig ngeth0 link 11:22:33:44:55:66 up > ng_vlan(4) doesn't provide support for hardware VLAN tagging for output > frames -- it always emits ETHERTYPE_VLAN type Ethernet frames. Yeah, that is why I figured disabling VLAN_HWTAGGING might help. > > I am wondering if it is something to do VLAN_HWTAGGING. The if_em cards > > I have don't do it and work fine, but the if_nge cards don't work at all. > > What FreeBSD version you're seeing the panic on? I forgot to mention this was on CURRENT as of 3/24/2004. -- Jacob S. Barrett jbarrett@amduat.net www.amduat.net "I don't suffer from insanity, I enjoy every minute of it." From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 00:54:25 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9FFA816A4CE for ; Fri, 26 Mar 2004 00:54:25 -0800 (PST) Received: from av13-1-sn4.m-sp.skanova.net (av13-1-sn4.m-sp.skanova.net [81.228.10.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id A692643D2F for ; Fri, 26 Mar 2004 00:54:24 -0800 (PST) (envelope-from ertr1013@student.uu.se) Received: by av13-1-sn4.m-sp.skanova.net (Postfix, from userid 502) id C2ECF37E43; Fri, 26 Mar 2004 09:54:23 +0100 (CET) Received: from smtp4-2-sn4.m-sp.skanova.net (smtp4-2-sn4.m-sp.skanova.net [81.228.10.180]) by av13-1-sn4.m-sp.skanova.net (Postfix) with ESMTP id B46FC37E42 for ; Fri, 26 Mar 2004 09:54:23 +0100 (CET) Received: from falcon.midgard.homeip.net (h201n1fls24o1048.bredband.comhem.se [212.181.162.201]) by smtp4-2-sn4.m-sp.skanova.net (Postfix) with SMTP id 4FC5437E46 for ; Fri, 26 Mar 2004 09:54:23 +0100 (CET) Received: (qmail 1402 invoked by uid 1001); 24 Mar 2004 17:34:44 -0000 Date: Wed, 24 Mar 2004 18:34:44 +0100 From: Erik Trulsson To: "Marc G. Fournier" Message-ID: <20040324173443.GA1389@falcon.midgard.homeip.net> Mail-Followup-To: "Marc G. Fournier" , freebsd-net@freebsd.org References: <20040324120016.Q3456@ganymede.hub.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040324120016.Q3456@ganymede.hub.org> User-Agent: Mutt/1.5.6i cc: freebsd-net@freebsd.org Subject: Re: Simple question, what is an inOctet ... ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 08:54:25 -0000 On Wed, Mar 24, 2004 at 12:01:39PM -0400, Marc G. Fournier wrote: > > Just setup net-snmp, and zabbix to monitor it ... what exactly is an > Octet? 1 byte? An octet is eight bits. A byte is also usually eight bits, but this is not universally true. 'Octet' is used in many standards-documents to have an unambigous term for a collection of eight bits, since 'byte' does not have a well-defined size. -- Erik Trulsson ertr1013@student.uu.se From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 01:35:33 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E90D616A4CF for ; Fri, 26 Mar 2004 01:35:33 -0800 (PST) Received: from darkness.comp.waw.pl (unknown [195.117.238.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2B39443D39 for ; Fri, 26 Mar 2004 01:35:33 -0800 (PST) (envelope-from pjd@darkness.comp.waw.pl) Received: by darkness.comp.waw.pl (Postfix, from userid 1009) id 6FD0CACABE; Fri, 26 Mar 2004 10:35:31 +0100 (CET) Date: Fri, 26 Mar 2004 10:35:31 +0100 From: Pawel Jakub Dawidek To: freebsd-net@freebsd.org Message-ID: <20040326093531.GC8930@darkness.comp.waw.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="QU0xYvH/CPhunj+E" Content-Disposition: inline User-Agent: Mutt/1.4.2i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 5.2.1-RC2 i386 Subject: Unused argument in in_pcballoc() function. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 09:35:34 -0000 --QU0xYvH/CPhunj+E Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi. I've found unused argument in in_pcballoc() function: http://people.freebsd.org/~pjd/patches/in_pcballoc.patch Is it possible to commit it, as it affect ipv6 code as well? --=20 Pawel Jakub Dawidek http://www.FreeBSD.org pjd@FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am! --QU0xYvH/CPhunj+E Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAY/ljForvXbEpPzQRAkvfAJwN+xPwpTIZrFYBo5M+Eu61sw1O3ACfWng2 hukmzfGlOmtyfrRnkfHaqkM= =avS/ -----END PGP SIGNATURE----- --QU0xYvH/CPhunj+E-- From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 06:00:53 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1093016A4D1 for ; Fri, 26 Mar 2004 06:00:53 -0800 (PST) Received: from mail.dti.supsi.ch (mail.die.supsi.ch [193.5.153.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 207CE43D39 for ; Fri, 26 Mar 2004 06:00:52 -0800 (PST) (envelope-from roberto.nunnari@supsi.ch) Received: from supsi.ch (pcm2027.dti.supsi.ch [193.5.152.27]) by mail.dti.supsi.ch (8.11.6/8.11.6) with ESMTP id i2QE0ov07284; Fri, 26 Mar 2004 15:00:51 +0100 Message-ID: <40643812.4000307@supsi.ch> Date: Fri, 26 Mar 2004 15:02:58 +0100 From: Roberto Nunnari User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Roberto Nunnari References: <4062B48C.5060802@supsi.ch> In-Reply-To: <4062B48C.5060802@supsi.ch> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Fatal trap in rt_msg2 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 14:00:53 -0000 Also, my kernel is configured without INET6 and my netmask is /23 .. maybe I should try again with INET6 and /24 ?? Roberto Nunnari wrote: > Hello. > > I'm posting here as I've been told in current it's a better place. > > On March 18th I did an upgrade from 5.2-p1 to RELENG_5_2 which > gave me 5.2.1-p3. cvsup, build and install went well, but > when I rebooted I got Fatal trap 12 during network configuration, > late in the boot process.. > > I could boot and get a working system using the old kernel.. > > Anyways, i did a partial restore > /boot, /bin, /etc, /lib, /libexec, /sbin > > that was enough to get the system back to multiuser mode > and running great as usual.. > > Yet.. I cannot seam to be able to upgrade the system any more.. > > Please help. Just ask and I'll be glad to give all relevant > information you may need in order to solve this problem. > I'm new to kernel debugging, but I'll do my best. I just > need some help and guidance. Thanks. > > here is the 5.2-p1 kernel config and dmesg > http://www.dti.supsi.ch/~robi/WEB.20040323 > http://www.dti.supsi.ch/~robi/dmesg.20040323 > > and this is the kernel config I used to save the dump. > http://www.dti.supsi.ch/~robi/WEB > > it seams that sa in rt_msg2 (/usr/src/sys/net/rtsock.c:708) > is a bogus pointer.. > > > Here is my gdb session: > > web.dti.supsi.ch# gdb -k kernel.debug /usr/crash/vmcore.1 > GNU gdb 5.2.1 (FreeBSD) > Copyright 2002 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and you > are > welcome to change it and/or distribute copies of it under certain > conditions. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for details. > This GDB was configured as "i386-unknown-freebsd"... > panic: page fault > panic messages: > --- > Fatal trap 12: page fault while in kernel mode > cpuid = 0; apic id = 00 > fault virtual address = 0xff70ff70 > fault code = supervisor read, page not present > instruction pointer = 0x8:0xc0568949 > stack pointer = 0x10:0xe40a1b04 > frame pointer = 0x10:0xe40a1b28 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 303 (ifconfig) > trap number = 12 > panic: page fault > cpuid = 0; > boot() called on cpu#0 > > syncing disks, buffers remaining... 218 218 216 216 215 215 215 215 215 > 215 215 215 215 215 215 215 215 215 215 215 215 215 215 215 > giving up on 200 buffers > Uptime: 46s > Dumping 1023 MB > 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 > 320 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592 > 608 624 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880 > 896 912 928 944 960 976 992 1008 > --- > Reading symbols from > /usr/obj/usr/src/sys/WEB/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done. > > Loaded symbols for > /usr/obj/usr/src/sys/WEB/modules/usr/src/sys/modules/acpi/acpi.ko.debug > #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 > 240 dumping++; > (kgdb) list *0xc0568949 > 0xc0568949 is in rt_msg2 (/usr/src/sys/net/rtsock.c:708). > 703 register struct sockaddr *sa; > 704 > 705 if ((sa = rtinfo->rti_info[i]) == 0) > 706 continue; > 707 rtinfo->rti_addrs |= (1 << i); > 708 dlen = ROUNDUP(sa->sa_len); > 709 if (cp) { > 710 bcopy((caddr_t)sa, cp, (unsigned)dlen); > 711 cp += dlen; > 712 } > (kgdb) backtrace > #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 > #1 0xc04f1791 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:372 > #2 0xc04f1b6e in panic () at /usr/src/sys/kern/kern_shutdown.c:550 > #3 0xc062547c in trap_fatal (frame=0xe40a1ac4, eva=0) at > /usr/src/sys/i386/i386/trap.c:821 > #4 0xc0625122 in trap_pfault (frame=0xe40a1ac4, usermode=0, > eva=4285595504) at /usr/src/sys/i386/i386/trap.c:735 > #5 0xc0624d33 in trap (frame= > {tf_fs = 24, tf_es = -1066860528, tf_ds = 16, tf_edi = 0, tf_esi = > 4, tf_ebp = -469099736, tf_isp = -469099792, tf_ebx = -964638720, tf_edx > = -9371792, tf_ecx = -469099704, tf_eax = 16, tf_trapno = 12, tf_err = > 0, tf_eip = -1068070583, tf_cs = 8, tf_eflags = 66050, tf_esp = > -967258976, tf_ss = -964361888}) > at /usr/src/sys/i386/i386/trap.c:420 > #6 0xc0611f28 in calltrap () at {standard input}:94 > #7 0xc0568fe6 in sysctl_iflist (af=0, w=0xe40a1b9c) at > /usr/src/sys/net/rtsock.c:981 > #8 0xc056943e in sysctl_rtsock (oidp=0xc0694b00, arg1=0xe40a1cb4, > arg2=4, req=0xe40a1c10) at /usr/src/sys/net/rtsock.c:1132 > #9 0xc04fb89a in sysctl_root (oidp=0x0, arg1=0x16, arg2=-469099504, > req=0xe40a1cb8) at /usr/src/sys/kern/kern_sysctl.c:1179 > #10 0xc04fbb4d in userland_sysctl (td=0x0, name=0xe40a1cac, namelen=6, > old=0xe40a1c10, oldlenp=0xe40a1cb8, inkernel=0, new=0x16, newlen=0, > retval=0xe40a1ca8) at /usr/src/sys/kern/kern_sysctl.c:1286 > #11 0xc04fb980 in __sysctl (td=0x0, uap=0xe40a1d14) at > /usr/src/sys/kern/kern_sysctl.c:1216 > #12 0xc06257e0 in syscall (frame= > {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 0, tf_esi = > -1077940636, tf_ebp = -1077940728, tf_isp = -469099148, tf_ebx = > 672416032, tf_edx = 0, tf_ecx = -1077940632, tf_eax = 202, tf_trapno = > 12, tf_err = 2, tf_eip = 671908719, tf_cs = 31, tf_eflags = 663, tf_esp > = -1077940772, tf_ss = 47}) > at /usr/src/sys/i386/i386/trap.c:1010 > #13 0xc0611f7d in Xint0x80_syscall () at {standard input}:136 > ---Can't read userspace from dump, or kernel process--- > > (kgdb) up 7 > #7 0xc0568fe6 in sysctl_iflist (af=0, w=0xe40a1b9c) at > /usr/src/sys/net/rtsock.c:981 > 981 len = rt_msg2(RTM_IFINFO, &info, (caddr_t)0, w); > (kgdb) print info > $1 = {rti_addrs = 16, rti_info = {0x0, 0x0, 0x0, 0x0, 0xff70ff70, 0x0, > 0x0, 0x0}, rti_flags = 0, rti_ifa = 0x0, rti_ifp = 0x0} > (kgdb) print w > $2 = (struct walkarg *) 0xe40a1b9c > (kgdb) print *w > $3 = {w_tmemsize = 152, w_op = 3, w_arg = 0, w_tmem = 0xc6850100 "\230", > w_req = 0xe40a1c10} > -- Roberto Nunnari -software engineer- mailto:roberto.nunnari@supsi.ch Scuola Universitaria Professionale della Svizzera Italiana Dipartimento Tecnologie Innovative http://www.dti.supsi.ch SUPSI-DTI Via Cantonale tel: +41-91-6108561 6928 Manno """ fax: +41-91-6108570 Switzerland (o o) =======================oOO==(_)==OOo======================== From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 06:34:27 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F40B016A4CE for ; Fri, 26 Mar 2004 06:34:26 -0800 (PST) Received: from serv01.netgain.local (smtp.netgainis.com [65.17.144.113]) by mx1.FreeBSD.org (Postfix) with ESMTP id 755EE43D45 for ; Fri, 26 Mar 2004 06:34:26 -0800 (PST) (envelope-from bmorgan@netgainis.com) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Date: Fri, 26 Mar 2004 09:47:17 -0500 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Xircom REM56G10/100 Thread-Index: AcQTQTs7WevY6FGqR1emVbBk92AIYA== From: "Brian Morgan" To: Subject: Xircom REM56G10/100 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 14:34:27 -0000 Good morning, I spent last night digging through the archives trying to see if this card has been fixed in CURRENT. Does any one know the status of the fix? It is the 'CIS is to long -- truncating' error. I am about to try out the OLDCARD kernelconf and see if that takes care of the problem, but I just wanted to check before I started merging my conf with the OLDCARD one. Thanks, Brian Morgan. From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 08:05:11 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7322116A4CF for ; Fri, 26 Mar 2004 08:05:11 -0800 (PST) Received: from ganymede.hub.org (u46n208.hfx.eastlink.ca [24.222.46.208]) by mx1.FreeBSD.org (Postfix) with ESMTP id 18A4443D2F for ; Fri, 26 Mar 2004 08:05:11 -0800 (PST) (envelope-from scrappy@hub.org) Received: by ganymede.hub.org (Postfix, from userid 1000) id 22AAF3A6D4; Fri, 26 Mar 2004 12:05:10 -0400 (AST) Received: from localhost (localhost [127.0.0.1]) by ganymede.hub.org (Postfix) with ESMTP id 1EBAD3A6D0 for ; Fri, 26 Mar 2004 12:05:10 -0400 (AST) Date: Fri, 26 Mar 2004 12:05:10 -0400 (AST) From: "Marc G. Fournier" To: freebsd-net@freebsd.org Message-ID: <20040326115855.A90406@ganymede.hub.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Looking for switch recommendations ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 16:05:11 -0000 I'm looking at replacing my el'cheapo switch with something better that will allow me to fix my issues with the em/full-duplex problem ... I'm looking for ssomething managed, as well as SNMP aware so that I can tie it into Zabbix for monitoring ... something 8 or 12 port preferred. Cisco, of course, is always a big name ... but also expensive ... oen recommendation is the xl 1900, but I can't find any specs on her at cisco's site, so discontinued product? What about Netgear, which I have easy access to? Or Alcatel? models to stay away from? Thanks ... ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664 From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 08:21:27 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A58C16A4CE for ; Fri, 26 Mar 2004 08:21:27 -0800 (PST) Received: from wjv.com (user38.net339.fl.sprint-hsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id E86FA43D46 for ; Fri, 26 Mar 2004 08:21:26 -0800 (PST) (envelope-from bv@bilver.wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by wjv.com (8.12.10/8.12.11) with ESMTP id i2QGL3hM028308; Fri, 26 Mar 2004 11:21:08 -0500 (EST) (envelope-from bv@bilver.wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.12.10/8.12.11/Submit) id i2QGL3or028307; Fri, 26 Mar 2004 11:21:03 -0500 (EST) (envelope-from bv) Date: Fri, 26 Mar 2004 11:21:02 -0500 From: Bill Vermillion To: "Marc G. Fournier" Message-ID: <20040326162102.GB26872@wjv.com> References: <20040326115855.A90406@ganymede.hub.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040326115855.A90406@ganymede.hub.org> Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.6i X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on bilver.wjv.com cc: freebsd-net@freebsd.org Subject: Re: Looking for switch recommendations ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: bv@wjv.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 16:21:28 -0000 "Bits dont fail me now!" was what Marc G. Fournier muttered as he hastily typed this on Fri, Mar 26, 2004 at 12:05 : > I'm looking at replacing my el'cheapo switch with something > better that will allow me to fix my issues with the > em/full-duplex problem ... > I'm looking for ssomething managed, as well as SNMP aware so > that I can tie it into Zabbix for monitoring ... something 8 or > 12 port preferred. > Cisco, of course, is always a big name ... but also expensive ... oen > recommendation is the xl 1900, but I can't find any specs on her at > cisco's site, so discontinued product? Cisco is expensive - and the used market price stays up too. But the small ISP I work with needed something that did more than their Cisco 2948 [early model]. They got a Foundry Networks Netiron 24 port - used - from eBay. It is is a level 3 switch and it can be turned into router only or router/switch. $400. Not being a name-brand that small business equate like they do Cisco the used prices are just a fraction of the comparable Cisco product. I see similar one for $495 =buy-now= and they have been lower. Bill -- Bill Vermillion - bv @ wjv . com From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 09:46:22 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C26AC16A4CE for ; Fri, 26 Mar 2004 09:46:22 -0800 (PST) Received: from mailbox.wingercom.dk (mailbox.easyspeedy.dk [81.19.240.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C08F43D2F for ; Fri, 26 Mar 2004 09:46:22 -0800 (PST) (envelope-from per@xterm.dk) Received: from mailbox.wingercom.dk (localhost.wingercom.dk [127.0.0.1]) by mailbox.wingercom.dk (Postfix) with SMTP id 0BC1C9323C; Fri, 26 Mar 2004 18:50:06 +0100 (CET) Received: from 62.242.151.142 (SquirrelMail authenticated user per) by mailbox.wingercom.dk with HTTP; Fri, 26 Mar 2004 18:50:06 +0100 (CET) Message-ID: <34629.62.242.151.142.1080323406.squirrel@mailbox.wingercom.dk> Date: Fri, 26 Mar 2004 18:50:06 +0100 (CET) From: "Per Engelbrecht" To: In-Reply-To: <20040326115855.A90406@ganymede.hub.org> References: <20040326115855.A90406@ganymede.hub.org> X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org Subject: Re: Looking for switch recommendations ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 17:46:22 -0000 Hi, Don't know your budget, but HP Procurve 2650 (layer2/layer3 hybrid) works just fine. Full managed, snmp et al. respectfully /per per@xterm.dk > > I'm looking at replacing my el'cheapo switch with something better > that will allow me to fix my issues with the em/full-duplex problem > ... > > I'm looking for ssomething managed, as well as SNMP aware so that I > can tie it into Zabbix for monitoring ... something 8 or 12 port > preferred. > > Cisco, of course, is always a big name ... but also expensive ... > oen recommendation is the xl 1900, but I can't find any specs on > her at cisco's site, so discontinued product? > > What about Netgear, which I have easy access to? Or Alcatel? > > models to stay away from? > > Thanks ... > > ---- > Marc G. Fournier Hub.Org Networking Services > (http://www.hub.org) Email: scrappy@hub.org Yahoo!: > yscrappy ICQ: 7615664 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to > "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 10:29:57 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C56C16A4CE for ; Fri, 26 Mar 2004 10:29:57 -0800 (PST) Received: from ganymede.hub.org (u46n208.hfx.eastlink.ca [24.222.46.208]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0D25343D3F for ; Fri, 26 Mar 2004 10:29:57 -0800 (PST) (envelope-from scrappy@hub.org) Received: by ganymede.hub.org (Postfix, from userid 1000) id D23533A340; Fri, 26 Mar 2004 14:29:56 -0400 (AST) Received: from localhost (localhost [127.0.0.1]) by ganymede.hub.org (Postfix) with ESMTP id CEFBE39D52; Fri, 26 Mar 2004 14:29:56 -0400 (AST) Date: Fri, 26 Mar 2004 14:29:56 -0400 (AST) From: "Marc G. Fournier" To: Per Engelbrecht In-Reply-To: <34629.62.242.151.142.1080323406.squirrel@mailbox.wingercom.dk> Message-ID: <20040326141509.G90406@ganymede.hub.org> References: <20040326115855.A90406@ganymede.hub.org> <34629.62.242.151.142.1080323406.squirrel@mailbox.wingercom.dk> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Looking for switch recommendations ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 18:29:57 -0000 One thing I hate about comparison shopping for computers ... there are sooooo many options :( What is the difference between Layer2 and Layer3, and what does that affect? I see the HP Procurve 2626 (I don't need 50 ports yet) for ~$600 on the web ... while I can pick up the Dell PowerConnect 3324 is ~$500 ... How do I compare the two? They seem to both use different terminologies for what I'd guess are the same thing: HP: Throughput: 2650 - 10.1 mpps (64-byte packets) 2626 - 6.6 mpps (64-byte packets) Switching capacity: 2650 - 13.6 Gbps 2626 - 9.6 Gbps Dell: Switch Fabric Capacity 8.8 Gb/s Forwarding Rate 6.5 Mpps So, in both cases, the HP is faster, but ... is that 6.6mpps "per port" (ie. the pp?) ... right now, I'm seeing max of around 3Mps going out a server, with average being well below 1 ... so I can't see hitting that high any time soon ... Based on the #s for throughput, I can't see a big advantage of HP over Dell to warrant the extra cost, but I see nothing on Dell about the Layer2/3 stuff ... but not sure what that gives either ... Price wise, both the HP and Dell versions look reasonable, and I think the Dell is easier for me to get in Panama (I know there is a local office for them there) ... I've had one + for Dell ... does anyone have any caveats against them? Or kudos too? On Fri, 26 Mar 2004, Per Engelbrecht wrote: > Hi, > Don't know your budget, but HP Procurve 2650 (layer2/layer3 hybrid) > works just fine. Full managed, snmp et al. > > respectfully > /per > per@xterm.dk > > > > > > I'm looking at replacing my el'cheapo switch with something better > > that will allow me to fix my issues with the em/full-duplex problem > > ... > > > > I'm looking for ssomething managed, as well as SNMP aware so that I > > can tie it into Zabbix for monitoring ... something 8 or 12 port > > preferred. > > > > Cisco, of course, is always a big name ... but also expensive ... > > oen recommendation is the xl 1900, but I can't find any specs on > > her at cisco's site, so discontinued product? > > > > What about Netgear, which I have easy access to? Or Alcatel? > > > > models to stay away from? > > > > Thanks ... > > > > ---- > > Marc G. Fournier Hub.Org Networking Services > > (http://www.hub.org) Email: scrappy@hub.org Yahoo!: > > yscrappy ICQ: 7615664 > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to > > "freebsd-net-unsubscribe@freebsd.org" > > > ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664 From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 10:35:15 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 47E9B16A4CE for ; Fri, 26 Mar 2004 10:35:15 -0800 (PST) Received: from out002.verizon.net (out002pub.verizon.net [206.46.170.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id E21E243D2D for ; Fri, 26 Mar 2004 10:35:14 -0800 (PST) (envelope-from cswiger@mac.com) Received: from mac.com ([68.161.120.219]) by out002.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20040326183514.EKHJ9273.out002.verizon.net@mac.com>; Fri, 26 Mar 2004 12:35:14 -0600 Message-ID: <406477E5.2060105@mac.com> Date: Fri, 26 Mar 2004 13:35:17 -0500 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Marc G. Fournier" References: <20040326115855.A90406@ganymede.hub.org> In-Reply-To: <20040326115855.A90406@ganymede.hub.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at out002.verizon.net from [68.161.120.219] at Fri, 26 Mar 2004 12:35:13 -0600 cc: freebsd-net@freebsd.org Subject: Re: Looking for switch recommendations ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 18:35:15 -0000 Marc G. Fournier wrote: > I'm looking for ssomething managed, as well as SNMP aware so that I can > tie it into Zabbix for monitoring ... something 8 or 12 port preferred. The 3com SuperStack 2 line is being replaced by the SS3 (which have gigabit uplinks) so the older models are priced to clear out; you should be able to find a 12-port 3300XM for ~ $400 or so... -- -Chuck From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 10:37:31 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB83216A4CE for ; Fri, 26 Mar 2004 10:37:31 -0800 (PST) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [128.30.28.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 681CA43D1D for ; Fri, 26 Mar 2004 10:37:31 -0800 (PST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: from khavrinen.lcs.mit.edu (localhost [IPv6:::1]) by khavrinen.lcs.mit.edu (8.12.9/8.12.9) with ESMTP id i2QIbTtx092942 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK CN=khavrinen.lcs.mit.edu issuer=SSL+20Client+20CA); Fri, 26 Mar 2004 13:37:30 -0500 (EST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.12.9/8.12.9/Submit) id i2QIbTAI092939; Fri, 26 Mar 2004 13:37:29 -0500 (EST) (envelope-from wollman) Date: Fri, 26 Mar 2004 13:37:29 -0500 (EST) From: Garrett Wollman Message-Id: <200403261837.i2QIbTAI092939@khavrinen.lcs.mit.edu> To: "Marc G. Fournier" In-Reply-To: <20040326141509.G90406@ganymede.hub.org> References: <20040326115855.A90406@ganymede.hub.org> <34629.62.242.151.142.1080323406.squirrel@mailbox.wingercom.dk> <20040326141509.G90406@ganymede.hub.org> X-Spam-Score: -19.8 () IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES X-Scanned-By: MIMEDefang 2.37 cc: freebsd-net@FreeBSD.ORG Subject: Re: Looking for switch recommendations ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 18:37:32 -0000 < said: > What is the difference between Layer2 and Layer3, and what does that > affect? "Layer 2 switch" is a fancy name for a bridge. "Layer 3 switch" is a fancy name for a router. -GAWollman From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 10:45:09 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 67ECC16A4CE for ; Fri, 26 Mar 2004 10:45:09 -0800 (PST) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF35C43D46 for ; Fri, 26 Mar 2004 10:45:08 -0800 (PST) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2657.72) id ; Fri, 26 Mar 2004 13:45:07 -0500 Message-ID: From: Don Bowman To: "'Marc G. Fournier'" , Per Engelbrecht Date: Fri, 26 Mar 2004 13:45:06 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" cc: freebsd-net@freebsd.org Subject: RE: Looking for switch recommendations ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 18:45:09 -0000 From: Marc G. Fournier [mailto:scrappy@hub.org] > One thing I hate about comparison shopping for computers ... there are > sooooo many options :( > > What is the difference between Layer2 and Layer3, and what does that > affect? > > I see the HP Procurve 2626 (I don't need 50 ports yet) for > ~$600 on the > web ... while I can pick up the Dell PowerConnect 3324 is ~$500 ... > > How do I compare the two? They seem to both use different > terminologies > for what I'd guess are the same thing: > > HP: > Throughput: 2650 - 10.1 mpps (64-byte packets) 2626 - 6.6 > mpps (64-byte packets) > Switching capacity: 2650 - 13.6 Gbps 2626 - 9.6 Gbps > > Dell: > Switch Fabric Capacity 8.8 Gb/s > Forwarding Rate 6.5 Mpps > > So, in both cases, the HP is faster, but ... is that 6.6mpps > "per port" > (ie. the pp?) ... right now, I'm seeing max of around 3Mps going out a > server, with average being well below 1 ... so I can't see > hitting that > high any time soon ... > > Based on the #s for throughput, I can't see a big advantage of HP over > Dell to warrant the extra cost, but I see nothing on Dell about the > Layer2/3 stuff ... but not sure what that gives either ... > > Price wise, both the HP and Dell versions look reasonable, > and I think the > Dell is easier for me to get in Panama (I know there is a > local office for > them there) ... > > I've had one + for Dell ... does anyone have any caveats > against them? Or > kudos too? Gigabit ethernet has a maximum rate of ~1.5Mpps. This is millions of packets per second. Your server is likely 3Mbps, which if you figure the average packet size is ~400 bytes, is more like 1kpps. If you are not looking for layer 3 (routing), but just a switch, then look @ something like the dlink or linksys(cisco) layer 2 offers, compared vs e.g. a cisco cat2970. DGS-3224TG is what i use. Something like the linksys SR2024 is probably fine. From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 11:08:49 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 63DF816A4CE for ; Fri, 26 Mar 2004 11:08:49 -0800 (PST) Received: from gate.bitblocks.com (bitblocks.com [209.204.185.216]) by mx1.FreeBSD.org (Postfix) with ESMTP id A0DCD43D4C for ; Fri, 26 Mar 2004 11:08:48 -0800 (PST) (envelope-from bakul@bitblocks.com) Received: from bitblocks.com (localhost [127.0.0.1]) by gate.bitblocks.com (8.12.10/8.12.10) with ESMTP id i2QJ8lHA078562; Fri, 26 Mar 2004 11:08:47 -0800 (PST) (envelope-from bakul@bitblocks.com) Message-Id: <200403261908.i2QJ8lHA078562@gate.bitblocks.com> To: "Marc G. Fournier" In-reply-to: Your message of "Fri, 26 Mar 2004 14:29:56 -0400." <20040326141509.G90406@ganymede.hub.org> Date: Fri, 26 Mar 2004 11:08:47 -0800 From: Bakul Shah cc: freebsd-net@freebsd.org Subject: Re: Looking for switch recommendations ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 19:08:49 -0000 > What is the difference between Layer2 and Layer3, and what does that > affect? Layer3 == routing (based on IP destination address) Layer2 == switching (based on enet dest. address) Layer3 is probably not important for you. > HP: > Throughput: 2650 - 10.1 mpps (64-byte packets) 2626 - 6.6 mpps (64-byte packe > ts) > Switching capacity: 2650 - 13.6 Gbps 2626 - 9.6 Gbps > > Dell: > Switch Fabric Capacity 8.8 Gb/s > Forwarding Rate 6.5 Mpps > > So, in both cases, the HP is faster, but ... is that 6.6mpps "per port" > (ie. the pp?) ... right now, I'm seeing max of around 3Mps going out a > server, with average being well below 1 ... so I can't see hitting that > high any time soon ... For 100Mbps ports, the max packet rate in one direction is 10^8/672 == 148809 pps (packets per sec) per port. So for 24 port full duplex ports you get an aggregate maximum throughput of 148809*24*2 = 7738068 = 7.14Mpps (Million pps). For a 48 port switch it is 14.29Mpps. From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 11:22:11 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 74E8816A4CE for ; Fri, 26 Mar 2004 11:22:11 -0800 (PST) Received: from mailbox.wingercom.dk (mailbox.wingercom.dk [81.19.240.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id D93DE43D39 for ; Fri, 26 Mar 2004 11:22:10 -0800 (PST) (envelope-from per@xterm.dk) Received: from mailbox.wingercom.dk (localhost.wingercom.dk [127.0.0.1]) by mailbox.wingercom.dk (Postfix) with SMTP id 2CAAA93175; Fri, 26 Mar 2004 20:25:52 +0100 (CET) Received: from 62.242.151.142 (SquirrelMail authenticated user per) by mailbox.wingercom.dk with HTTP; Fri, 26 Mar 2004 20:25:52 +0100 (CET) Message-ID: <34426.62.242.151.142.1080329152.squirrel@mailbox.wingercom.dk> Date: Fri, 26 Mar 2004 20:25:52 +0100 (CET) From: "Per Engelbrecht" To: In-Reply-To: <20040326141509.G90406@ganymede.hub.org> References: <20040326141509.G90406@ganymede.hub.org> X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org Subject: Re: Looking for switch recommendations ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 19:22:11 -0000 Hi again > > One thing I hate about comparison shopping for computers ... there > are sooooo many options :( - what are your needs vs. $, kinda answers this. > > What is the difference between Layer2 and Layer3, and what does > that affect? All switching is done in layer2! Layer3 switch 'features' (functionality) is was the vendor put in the box. Depending on the amount of $ you're going to spent, you can have switches that can act as routers. > > I see the HP Procurve 2626 (I don't need 50 ports yet) for ~$600 on > the web ... while I can pick up the Dell PowerConnect 3324 is ~$500 > ... > > How do I compare the two? They seem to both use different > terminologies for what I'd guess are the same thing: > > HP: > Throughput: 2650 - 10.1 mpps (64-byte packets) 2626 - 6.6 mpps > (64-byte packets) Switching capacity: 2650 - 13.6 Gbps 2626 - 9.6 > Gbps > > Dell: > Switch Fabric Capacity 8.8 Gb/s > Forwarding Rate 6.5 Mpps > > So, in both cases, the HP is faster, but ... is that 6.6mpps "per > port" (ie. the pp?) ... right now, I'm seeing max of around 3Mps > going out a server, with average being well below 1 ... so I can't > see hitting that high any time soon ... The mpps is normally what the switch can do in total / back-plan back-bone or whatever the vendor want to call it. > > Based on the #s for throughput, I can't see a big advantage of HP > over Dell to warrant the extra cost, but I see nothing on Dell > about the Layer2/3 stuff ... but not sure what that gives either > ... If you're going to calculate a $ pr. port cost-benefit, then you have to make sure the rest of your setup is balanced accordingly (why spent time on $ pr. port if the nic in the rest of the setup is cheap) > > Price wise, both the HP and Dell versions look reasonable, and I > think the Dell is easier for me to get in Panama (I know there is a > local office for them there) ... There's a lot more to network boxes (router, bridge, switch et al.) than just price and capacity, e.g. management, (I)OS, firmware, support. best of luck. respectfully /per per@xterm.dk > > I've had one + for Dell ... does anyone have any caveats against > them? Or kudos too? > > On Fri, 26 Mar 2004, Per Engelbrecht wrote: > >> Hi, >> Don't know your budget, but HP Procurve 2650 (layer2/layer3 >> hybrid) works just fine. Full managed, snmp et al. >> >> respectfully >> /per >> per@xterm.dk >> >> >> > >> > I'm looking at replacing my el'cheapo switch with something >> > better that will allow me to fix my issues with the >> > em/full-duplex problem ... >> > >> > I'm looking for ssomething managed, as well as SNMP aware so >> > that I can tie it into Zabbix for monitoring ... something 8 or >> > 12 port preferred. >> > >> > Cisco, of course, is always a big name ... but also expensive >> > ... oen recommendation is the xl 1900, but I can't find any >> > specs on her at cisco's site, so discontinued product? >> > >> > What about Netgear, which I have easy access to? Or Alcatel? >> > >> > models to stay away from? >> > >> > Thanks ... >> > >> > ---- >> > Marc G. Fournier Hub.Org Networking Services >> > (http://www.hub.org) Email: scrappy@hub.org Yahoo!: >> > yscrappy ICQ: 7615664 >> > _______________________________________________ >> > freebsd-net@freebsd.org mailing list >> > http://lists.freebsd.org/mailman/listinfo/freebsd-net >> > To unsubscribe, send any mail to >> > "freebsd-net-unsubscribe@freebsd.org" >> >> >> > > ---- > Marc G. Fournier Hub.Org Networking Services > (http://www.hub.org) Email: scrappy@hub.org Yahoo!: > yscrappy ICQ: 7615664 From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 12:25:55 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C54D216A4CE for ; Fri, 26 Mar 2004 12:25:55 -0800 (PST) Received: from ganymede.hub.org (u46n208.hfx.eastlink.ca [24.222.46.208]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8ED8543D2F for ; Fri, 26 Mar 2004 12:25:55 -0800 (PST) (envelope-from scrappy@hub.org) Received: by ganymede.hub.org (Postfix, from userid 1000) id 7AC843AF28; Fri, 26 Mar 2004 16:25:55 -0400 (AST) Received: from localhost (localhost [127.0.0.1]) by ganymede.hub.org (Postfix) with ESMTP id 7281E3A17F; Fri, 26 Mar 2004 16:25:55 -0400 (AST) Date: Fri, 26 Mar 2004 16:25:55 -0400 (AST) From: "Marc G. Fournier" To: Bakul Shah In-Reply-To: <200403261908.i2QJ8lHA078562@gate.bitblocks.com> Message-ID: <20040326162515.F90406@ganymede.hub.org> References: <200403261908.i2QJ8lHA078562@gate.bitblocks.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Looking for switch recommendations ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 20:25:55 -0000 On Fri, 26 Mar 2004, Bakul Shah wrote: > For 100Mbps ports, the max packet rate in one direction is 10^8/672 == > 148809 pps (packets per sec) per port. So for 24 port full duplex ports > you get an aggregate maximum throughput of 148809*24*2 = 7738068 = > 7.14Mpps (Million pps). For a 48 port switch it is 14.29Mpps. so, the closer the Mpps gets to that 7.1Mpps, the better the switch overall? I take it that has to do with the CPU driving the switch itself, or is there other factors that help drive that # up? ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664 From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 12:54:21 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0D96416A4CE for ; Fri, 26 Mar 2004 12:54:21 -0800 (PST) Received: from gate.bitblocks.com (bitblocks.com [209.204.185.216]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA93E43D39 for ; Fri, 26 Mar 2004 12:54:20 -0800 (PST) (envelope-from bakul@bitblocks.com) Received: from bitblocks.com (localhost [127.0.0.1]) by gate.bitblocks.com (8.12.10/8.12.10) with ESMTP id i2QKsKHA079277; Fri, 26 Mar 2004 12:54:20 -0800 (PST) (envelope-from bakul@bitblocks.com) Message-Id: <200403262054.i2QKsKHA079277@gate.bitblocks.com> To: "Marc G. Fournier" In-reply-to: Your message of "Fri, 26 Mar 2004 16:25:55 -0400." <20040326162515.F90406@ganymede.hub.org> Date: Fri, 26 Mar 2004 12:54:20 -0800 From: Bakul Shah cc: freebsd-net@freebsd.org Subject: Re: Looking for switch recommendations ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 20:54:21 -0000 > > For 100Mbps ports, the max packet rate in one direction is 10^8/672 == > > 148809 pps (packets per sec) per port. So for 24 port full duplex ports > > you get an aggregate maximum throughput of 148809*24*2 = 7738068 = > > 7.14Mpps (Million pps). For a 48 port switch it is 14.29Mpps. > > so, the closer the Mpps gets to that 7.1Mpps, the better the switch > overall? I take it that has to do with the CPU driving the switch itself, > or is there other factors that help drive that # up? Well, "better overall" involves a lot more than the max throughput -- you are very very unlikely to see nothing but 64 byte pkts in your network (typically 50% of pkts are acks, the other 50% are MTU size) so 6.6Mbps seems good enough to me. I would look at quality first, and then service, how this switch is to be used and whether there are other features that may be relevant (such as vlan, QoS etc). Also, I would choose a switch to ensure there is about 50% to 100% headroom for growth (in # of ports, etc). In terms of achieving max throughput it depends on how the switch is engineered. CPU driving the switch matters less than whether they have done a balanced design. You also need a backplane fabric that is capable of delivering full b/w no matter what the traffic pattern is (you may not achieve 7.14Mbps for a given pattern but for each pattern one can calculate a theoretical max which should be achievable). In any case, quality of the switch construction probably matters the most. If rj45 ports are flimsy nothing else matters! From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 12:54:55 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F0A3E16A4CE for ; Fri, 26 Mar 2004 12:54:55 -0800 (PST) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id E0CFC43D41 for ; Fri, 26 Mar 2004 12:54:55 -0800 (PST) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.9p1/8.12.8) with ESMTP id i2QKssgd048668; Fri, 26 Mar 2004 12:54:54 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.9p1/8.12.3/Submit) id i2QKssYn048667; Fri, 26 Mar 2004 12:54:54 -0800 (PST) (envelope-from rizzo) Date: Fri, 26 Mar 2004 12:54:54 -0800 From: Luigi Rizzo To: "Marc G. Fournier" Message-ID: <20040326125454.A47939@xorpc.icir.org> References: <200403261908.i2QJ8lHA078562@gate.bitblocks.com> <20040326162515.F90406@ganymede.hub.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20040326162515.F90406@ganymede.hub.org>; from scrappy@hub.org on Fri, Mar 26, 2004 at 04:25:55PM -0400 cc: freebsd-net@freebsd.org Subject: Re: Looking for switch recommendations ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 20:54:56 -0000 On Fri, Mar 26, 2004 at 04:25:55PM -0400, Marc G. Fournier wrote: > On Fri, 26 Mar 2004, Bakul Shah wrote: > > > For 100Mbps ports, the max packet rate in one direction is 10^8/672 == > > 148809 pps (packets per sec) per port. So for 24 port full duplex ports > > you get an aggregate maximum throughput of 148809*24*2 = 7738068 = > > 7.14Mpps (Million pps). For a 48 port switch it is 14.29Mpps. > > so, the closer the Mpps gets to that 7.1Mpps, the better the switch > overall? I take it that has to do with the CPU driving the switch itself, there is no 'cpu driving the switch', forwarding is done in hardware even in the cheapest units. E.g. see http://www.realtek.com.tw/products/products1-1.aspx?lineid=2 a switch (Edimax) based on the 8316 costs here 60 euro incl.VAT and does 16 ports full duplex at full wire speed on all ports. cheers luigi From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 13:05:11 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0177116A4CE for ; Fri, 26 Mar 2004 13:05:11 -0800 (PST) Received: from rms04.rommon.net (rms04.rommon.net [212.54.2.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE05943D2D for ; Fri, 26 Mar 2004 13:05:09 -0800 (PST) (envelope-from pete@he.iki.fi) Received: from he.iki.fi (h81.vuokselantie10.fi [193.64.42.129]) by rms04.rommon.net (8.12.9p1/8.12.9) with ESMTP id i2QL57cM046130; Fri, 26 Mar 2004 23:05:07 +0200 (EET) (envelope-from pete@he.iki.fi) Message-ID: <40649B01.7070201@he.iki.fi> Date: Fri, 26 Mar 2004 23:05:05 +0200 From: Petri Helenius User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Luigi Rizzo References: <200403261908.i2QJ8lHA078562@gate.bitblocks.com> <20040326162515.F90406@ganymede.hub.org> <20040326125454.A47939@xorpc.icir.org> In-Reply-To: <20040326125454.A47939@xorpc.icir.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Looking for switch recommendations ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 21:05:11 -0000 Luigi Rizzo wrote: > >a switch (Edimax) based on the 8316 costs here 60 euro incl.VAT >and does 16 ports full duplex at full wire speed on all ports. > > > > But no counters and no management. Pete From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 13:27:43 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2110216A4CE for ; Fri, 26 Mar 2004 13:27:43 -0800 (PST) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 08C2643D39 for ; Fri, 26 Mar 2004 13:27:43 -0800 (PST) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.9p1/8.12.8) with ESMTP id i2QLJ0gd049492; Fri, 26 Mar 2004 13:19:00 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.9p1/8.12.3/Submit) id i2QLIxv7049491; Fri, 26 Mar 2004 13:18:59 -0800 (PST) (envelope-from rizzo) Date: Fri, 26 Mar 2004 13:18:59 -0800 From: Luigi Rizzo To: Petri Helenius Message-ID: <20040326131859.A49373@xorpc.icir.org> References: <200403261908.i2QJ8lHA078562@gate.bitblocks.com> <20040326162515.F90406@ganymede.hub.org> <20040326125454.A47939@xorpc.icir.org> <40649B01.7070201@he.iki.fi> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <40649B01.7070201@he.iki.fi>; from pete@he.iki.fi on Fri, Mar 26, 2004 at 11:05:05PM +0200 cc: freebsd-net@freebsd.org Subject: Re: Looking for switch recommendations ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 21:27:43 -0000 On Fri, Mar 26, 2004 at 11:05:05PM +0200, Petri Helenius wrote: > Luigi Rizzo wrote: > > > > >a switch (Edimax) based on the 8316 costs here 60 euro incl.VAT > >and does 16 ports full duplex at full wire speed on all ports. > > > > > > > > > But no counters and no management. for that you need to go to the RTL8326, yes. Still very cheap, I think managed units based on this one sell around $250. Anyways the point was, there is no CPU doing the forwarding or stats handling. cheers luigi From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 13:34:52 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3F33716A4CE for ; Fri, 26 Mar 2004 13:34:52 -0800 (PST) Received: from mailout02.sul.t-online.com (mailout02.sul.t-online.com [194.25.134.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id F0D8143D2F for ; Fri, 26 Mar 2004 13:34:51 -0800 (PST) (envelope-from Holger.Eitzenberger@t-online.de) Received: from fwd03.aul.t-online.de by mailout02.sul.t-online.com with smtp id 1B6yyY-0002Kp-07; Fri, 26 Mar 2004 22:34:50 +0100 Received: from kruemel.eitzenberger.name (rAC1QyZJ8eVrb-Ylku97YGq9lSsBCZp2VXs2H3aAaCZnjPXIuuka4a@[62.224.20.159]) by fwd03.sul.t-online.com with esmtp id 1B6yyP-2ESOn20; Fri, 26 Mar 2004 22:34:41 +0100 Received: from jonathan-w.eitzenberger.name ([192.168.11.10] helo=jonathan.eitzenberger.name ident=mail) by kruemel.eitzenberger.name with esmtp (Exim 4.22) id 1B6yy7-0000tT-Pm for freebsd-net@freebsd.org; Fri, 26 Mar 2004 22:34:23 +0100 Received: from holger by jonathan.eitzenberger.name with local (Exim 3.35 #1 (Debian)) id 1B6yzk-0000aJ-00 for ; Fri, 26 Mar 2004 22:36:04 +0100 Date: Fri, 26 Mar 2004 22:36:04 +0100 To: FreeBSD Net Message-ID: <20040326223604.A2235@eitzenberger.name> References: <20040319230638.A25674@eitzenberger.name> <200403220721.IAA27512@galaxy.hbg.de.ao-srv.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i From: Holger.Eitzenberger@t-online.de (Holger Eitzenberger) X-Seen: false X-ID: rAC1QyZJ8eVrb-Ylku97YGq9lSsBCZp2VXs2H3aAaCZnjPXIuuka4a Subject: Re: IPsec: problems after upgrade 4.8 to 4.9 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 21:34:52 -0000 On Mon, Mar 22, 2004 at 08:21:35AM +0100, Helge Oldach wrote: > > (*) ERROR: ipsec_doi.c:440:print_ph1mismatched(): rejected dh_group: > >DB(prop#1:trns#1):Peer(prop#0:trns#0) = 1024-bit MODP group:1536-bit MODP > >group > > dh_group 2; > Try changing the last line to > > dh_group 5; Hi, wow, that works again! Thx alot! However, I still have two error lines in my logs: INFO: isakmp.c:899:isakmp_ph1begin_r(): begin Identity Prot ection mode. ERROR: ipsec_doi.c:1318:get_transform(): Only a single transform payload is allowed during phase 1 processing. INFO: isakmp.c:2412:log_ph1established(): ISAKMP-SA established 192.168.11.1[500]-192.168.11.10[500] spi:0d9434c7440e72ce:751d06200476bf1a INFO: isakmp.c:1049:isakmp_ph2begin_r(): respond new phase 2 negotiation: 192.168.11.1[0]<=>192.168.11.10[0] ERROR: proposal.c:496:cmpsatrns(): authtype mismatched: my: 2 peer:1 Can anyone tell me the cause of this? Thx in advance. /Holger -- ++ GnuPG Key -> http://www.t-online.de/~holger.eitzenberger ++ From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 13:41:56 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 68ECE16A4D2 for ; Fri, 26 Mar 2004 13:41:56 -0800 (PST) Received: from rms04.rommon.net (rms04.rommon.net [212.54.2.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id AB84443D41 for ; Fri, 26 Mar 2004 13:41:55 -0800 (PST) (envelope-from pete@he.iki.fi) Received: from he.iki.fi (h81.vuokselantie10.fi [193.64.42.129]) by rms04.rommon.net (8.12.9p1/8.12.9) with ESMTP id i2QLfrcM046204; Fri, 26 Mar 2004 23:41:53 +0200 (EET) (envelope-from pete@he.iki.fi) Message-ID: <4064A39F.6070406@he.iki.fi> Date: Fri, 26 Mar 2004 23:41:51 +0200 From: Petri Helenius User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Luigi Rizzo References: <200403261908.i2QJ8lHA078562@gate.bitblocks.com> <20040326162515.F90406@ganymede.hub.org> <20040326125454.A47939@xorpc.icir.org> <40649B01.7070201@he.iki.fi> <20040326131859.A49373@xorpc.icir.org> In-Reply-To: <20040326131859.A49373@xorpc.icir.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org Subject: Re: Looking for switch recommendations ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 21:41:56 -0000 Luigi Rizzo wrote: > > >for that you need to go to the RTL8326, yes. Still very cheap, >I think managed units based on this one sell around $250. >Anyways the point was, there is no CPU doing the forwarding >or stats handling. > > > Do you know if this has a fan? I´ve been looking for managed L2 devices without noise but haven´t really located any. Pete From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 14:07:05 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5EE2A16A4CE for ; Fri, 26 Mar 2004 14:07:05 -0800 (PST) Received: from mailhub3.dartmouth.edu (mailhub3.dartmouth.edu [129.170.16.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id ACC7443D48 for ; Fri, 26 Mar 2004 14:07:04 -0800 (PST) (envelope-from Joshua.Y.Stabiner@Dartmouth.EDU) Received: from newdasher.Dartmouth.EDU (newdasher.dartmouth.edu [129.170.208.30])i2QLooeX030821 for ; Fri, 26 Mar 2004 17:06:52 -0500 Message-id: <32550005@newdasher.Dartmouth.EDU> Date: 26 Mar 2004 17:06:52 EST From: Joshua.Y.Stabiner@Dartmouth.EDU (Joshua Y. Stabiner) To: freebsd-net@freebsd.org X-Mailer: BlitzMail=?ISO-8859-1?Q?=AE?= version 2.6.3b19/blitzserv 3.10 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-MailScanner: No virus detected by mailhub3.Dartmouth.EDU Subject: ifconfig causing fatal trap X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 22:07:05 -0000 I have a new thinkpad t40 with Intel PRO/1000 that I use as the em = device and a cisco wireless that I use as the an device. typing /sbin/ifconfig causes a kernel panic (using GENERIC) and = forces a reboot. I followed the directions in the manual and did: nm -n /kernel | grep c039cf (7e are also in the = instruction pointer but returned no results) This shows the fault is caused by: cpystrflt cpystrflt_x copystr bcmp lgdt lidt lldt ltr ssdtosd Anyone have any idea what is causing this and how I can fix it? = Thanks in advance! -Josh From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 14:19:16 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 98C8816A4F4 for ; Fri, 26 Mar 2004 14:19:16 -0800 (PST) Received: from smtp.omnis.com (smtp.omnis.com [216.239.128.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 736BD43D39 for ; Fri, 26 Mar 2004 14:19:16 -0800 (PST) (envelope-from wes@softweyr.com) Received: from salty.rapid.stbernard.com (unknown [198.147.128.71]) by smtp-relay.omnis.com (Postfix) with ESMTP id CB84B101A46; Fri, 26 Mar 2004 14:19:08 -0800 (PST) From: Wes Peters Organization: Softweyr.com To: Bakul Shah , "Marc G. Fournier" Date: Fri, 26 Mar 2004 14:19:37 -0800 User-Agent: KMail/1.5.4 References: <200403261908.i2QJ8lHA078562@gate.bitblocks.com> In-Reply-To: <200403261908.i2QJ8lHA078562@gate.bitblocks.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200403261419.37797.wes@softweyr.com> cc: freebsd-net@freebsd.org Subject: Re: Looking for switch recommendations ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 22:19:16 -0000 On Friday 26 March 2004 11:08 am, Bakul Shah wrote: > > What is the difference between Layer2 and Layer3, and what does that > > affect? > > Layer3 == routing (based on IP destination address) > Layer2 == switching (based on enet dest. address) > > Layer3 is probably not important for you. That depends. For a test network, a VLAN-capable Layer3 switch can be quite a nice tool, because you can partition the switch into 2 or 3 separate virtual networks without buying a bunch of boxes. I write this not because I think VLAN switches are a general necessity, but rather because I have an idea of the kinds of activities Marc gets involved in, and suspect his networking needs are often far beyond ordinary. I'm going to add a testimonial for the HP switches here. Given that I'm a former Xylan/Alcatel employee, this should carry some weight. The Alcatel architecture is fairly good, but it carries a lot of baggage from the Xylan "any to any" switching architecture which tends to drive their cost up a bit. The HP ProCurves perform well and are reliable and (relatively) cheap. -- "Where am I, and what am I doing in this handbasket?" Wes Peters wes@softweyr.com From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 14:25:10 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CBC1D16A4CF for ; Fri, 26 Mar 2004 14:25:10 -0800 (PST) Received: from smtp.omnis.com (smtp.omnis.com [216.239.128.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id BAC7043D49 for ; Fri, 26 Mar 2004 14:25:10 -0800 (PST) (envelope-from wes@softweyr.com) Received: from salty.rapid.stbernard.com (unknown [198.147.128.71]) by smtp-relay.omnis.com (Postfix) with ESMTP id 454B3881CF6; Fri, 26 Mar 2004 14:25:02 -0800 (PST) From: Wes Peters Organization: Softweyr.com To: "Per Engelbrecht" , Date: Fri, 26 Mar 2004 14:25:34 -0800 User-Agent: KMail/1.5.4 References: <20040326141509.G90406@ganymede.hub.org> <34426.62.242.151.142.1080329152.squirrel@mailbox.wingercom.dk> In-Reply-To: <34426.62.242.151.142.1080329152.squirrel@mailbox.wingercom.dk> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200403261425.34253.wes@softweyr.com> cc: freebsd-net@freebsd.org Subject: Re: Looking for switch recommendations ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 22:25:11 -0000 On Friday 26 March 2004 11:25 am, Per Engelbrecht wrote: > > What is the difference between Layer2 and Layer3, and what does > > that affect? > > All switching is done in layer2! Not true! > Layer3 switch 'features' (functionality) is was the vendor put in the > box. Depending on the amount of $ you're going to spent, you can have > switches that can act as routers. In the Xylan (now Alcatel) second-generation switches (The "X-Frame" backplane) the switching hardward was capable of switching on the MAC header *or* other predefined parts of the packet if no MAC header matches were found. This feature was used to implement hardware routing (the HRE-X module), allowing us to route packets between IP networks at a million packets per second. -- "Where am I, and what am I doing in this handbasket?" Wes Peters wes@softweyr.com From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 14:58:58 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E40A16A4CE for ; Fri, 26 Mar 2004 14:58:58 -0800 (PST) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F91443D31 for ; Fri, 26 Mar 2004 14:58:58 -0800 (PST) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.9p1/8.12.8) with ESMTP id i2QMwvgd052706; Fri, 26 Mar 2004 14:58:57 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.9p1/8.12.3/Submit) id i2QMwv0I052705; Fri, 26 Mar 2004 14:58:57 -0800 (PST) (envelope-from rizzo) Date: Fri, 26 Mar 2004 14:58:57 -0800 From: Luigi Rizzo To: Wes Peters Message-ID: <20040326145857.A52363@xorpc.icir.org> References: <20040326141509.G90406@ganymede.hub.org> <34426.62.242.151.142.1080329152.squirrel@mailbox.wingercom.dk> <200403261425.34253.wes@softweyr.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200403261425.34253.wes@softweyr.com>; from wes@softweyr.com on Fri, Mar 26, 2004 at 02:25:34PM -0800 cc: Per Engelbrecht cc: freebsd-net@freebsd.org Subject: Re: Looking for switch recommendations ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 22:58:58 -0000 On Fri, Mar 26, 2004 at 02:25:34PM -0800, Wes Peters wrote: ... > In the Xylan (now Alcatel) second-generation switches (The "X-Frame" > backplane) the switching hardward was capable of switching on the MAC > header *or* other predefined parts of the packet if no MAC header matches > were found. This feature was used to implement hardware routing (the HRE-X > module), allowing us to route packets between IP networks at a million > packets per second. i think you need to tell the full story, such as what was the limit on the routing table, and whether switching packets for which there wasn't a host-specific entry was slower. Finally, cost is not an inessential detail here... I pointed to an L2 switch which can switch around 2.5Mpps and costs Eur 60, retail... An L2 switch has two big advantages over an L3 switch: + only an exact match on the MAC address is necessary, as opposed to the longest prefix match which is required for a router. Surely you need more/different hw to do longest prefix match than the one needed for L2 exact match. Sure, you can install host-specific entries and then use an exact match on those, but the 'miss' case is more expensive, and if you want to do a worst-case rating, then you need to use that number; + in case of a miss, an L2 can flood all ports, a router can't (well, in principle even a router could do that, but i think the reviews wouldn't be so nice if a product did this). So an L2 thing is inherently cheaper as it can play tricks to cut costs down and still behave within the specs. cheers luigi From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 15:41:47 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA48A16A4CE for ; Fri, 26 Mar 2004 15:41:47 -0800 (PST) Received: from mail.dragondata.com (server2-b.dragondata.com [64.202.113.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6FD5C43D39 for ; Fri, 26 Mar 2004 15:41:47 -0800 (PST) (envelope-from toasty@dragondata.com) Received: (qmail 47364 invoked by uid 1092); 26 Mar 2004 23:42:14 -0000 Received: from toasty@dragondata.com by server2.dragondata.com by uid 82 with qmail-scanner-1.20rc3 (uvscan: v4.2.40/v4296. spamassassin: 2.60-cvs. Clear:RC:1:. Processed in 1.08346 secs); 26 Mar 2004 23:42:14 -0000 Received: from ppp045.dhcp.your.org (HELO ?199.165.179.45?) (199.165.179.45) by mail.dragondata.com with RC4-SHA encrypted SMTP; 26 Mar 2004 23:42:13 -0000 Mime-Version: 1.0 (Apple Message framework v613) Content-Transfer-Encoding: 7bit Message-Id: <23E302EC-7F7F-11D8-AA0F-000A95A8A1F2@dragondata.com> Content-Type: text/plain; charset=US-ASCII; format=flowed To: freebsd-net@freebsd.org From: Kevin Day Date: Fri, 26 Mar 2004 17:41:44 -0600 X-Mailer: Apple Mail (2.613) Subject: sendfile returning ENOTCONN under heavy load X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 23:41:47 -0000 I'm using thttpd on a server that pushes 300-400mbps of static content, using sendfile(2). Once the load reaches a certain point (around 800-1000 clients downloading, anywhere from 150-250mbps), sendfile() will start randomly returning ENOTCONN, and the client is disconnected. I've raised kern.ipc.nsfbufs pretty high and that hasn't made any difference. Is there any easy way to tell exactly why the sockets are being closed? I can't seem to find any obvious signs of memory exhaustion or anything. Thanks, Kevin From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 16:05:52 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 677A216A4CE for ; Fri, 26 Mar 2004 16:05:52 -0800 (PST) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D27943D1D for ; Fri, 26 Mar 2004 16:05:52 -0800 (PST) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (IDENT:brdavis@localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.12.10/8.12.3) with ESMTP id i2R05iZa012359; Fri, 26 Mar 2004 16:05:44 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.12.10/8.12.3/Submit) id i2R05hS6012352; Fri, 26 Mar 2004 16:05:43 -0800 Date: Fri, 26 Mar 2004 16:05:43 -0800 From: Brooks Davis To: "Marc G. Fournier" Message-ID: <20040327000542.GA2717@Odin.AC.HMC.Edu> References: <20040326115855.A90406@ganymede.hub.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="k+w/mQv8wyuph6w0" Content-Disposition: inline In-Reply-To: <20040326115855.A90406@ganymede.hub.org> User-Agent: Mutt/1.5.4i X-Virus-Scanned: by amavisd-milter (http://amavis.org/) on odin.ac.hmc.edu cc: freebsd-net@freebsd.org Subject: Re: Looking for switch recommendations ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Mar 2004 00:05:52 -0000 --k+w/mQv8wyuph6w0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 26, 2004 at 12:05:10PM -0400, Marc G. Fournier wrote: >=20 > I'm looking at replacing my el'cheapo switch with something better that > will allow me to fix my issues with the em/full-duplex problem ... >=20 > I'm looking for ssomething managed, as well as SNMP aware so that I can > tie it into Zabbix for monitoring ... something 8 or 12 port preferred. >=20 > Cisco, of course, is always a big name ... but also expensive ... oen > recommendation is the xl 1900, but I can't find any specs on her at > cisco's site, so discontinued product? I've been happy with the Catalyst 2950T-24 (24-10/100 + 2-10/100/100). They make smaller versions in that series. > What about Netgear, which I have easy access to? Or Alcatel? >=20 > models to stay away from? Stay away from the SMC TigerSwitch 8624T. It's got a hugh list of features an looks great on paper, but in practice, most of the features are pretty half-assed. It doesn't even boot reliably. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --k+w/mQv8wyuph6w0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD4DBQFAZMVVXY6L6fI4GtQRAu9QAJUa0K6k7R2dTkWSPDmupIGiS+PYAKCKqSVV X4jsdHyqvM33OehH6F4XvQ== =Q+QV -----END PGP SIGNATURE----- --k+w/mQv8wyuph6w0-- From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 17:04:42 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1600916A4CE for ; Fri, 26 Mar 2004 17:04:42 -0800 (PST) Received: from h236.neville-neil.com (pc1.oakwoodazabu1-unet.ocn.ne.jp [220.110.140.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id CFA7C43D2D for ; Fri, 26 Mar 2004 17:04:39 -0800 (PST) (envelope-from gnn@neville-neil.com) Received: from gnn.local.neville-neil.com (localhost [127.0.0.1]) by h236.neville-neil.com (Postfix) with ESMTP id 4A7DD15EC4C; Sat, 27 Mar 2004 10:04:37 +0900 (JST) Date: Sat, 27 Mar 2004 10:04:37 +0900 Message-ID: From: George V.Neville-Neil To: Joshua.Y.Stabiner@Dartmouth.EDU (Joshua Y. Stabiner) In-Reply-To: <32550005@newdasher.Dartmouth.EDU> References: <32550005@newdasher.Dartmouth.EDU> User-Agent: Wanderlust/2.10.1 (Watching The Wheels) SEMI/1.14.5 (Awara-Onsen) FLIM/1.14.5 (Demachiyanagi) APEL/10.5 Emacs/21.2 (powerpc-apple-darwin) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: ifconfig causing fatal trap X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Mar 2004 01:04:42 -0000 At 26 Mar 2004 17:06:52 EST, Joshua Y. Stabiner wrote: > > I have a new thinkpad t40 with Intel PRO/1000 that I use as the em device and a cisco wireless that I use as the an device. > > typing /sbin/ifconfig causes a kernel panic (using GENERIC) and forces a reboot. I followed the directions in the manual and did: > > nm -n /kernel | grep c039cf (7e are also in the instruction pointer but returned no results) > > This shows the fault is caused by: > cpystrflt > cpystrflt_x > copystr > bcmp > lgdt > lidt > lldt > ltr > ssdtosd > > Anyone have any idea what is causing this and how I can fix it? Thanks in advance! > Which version of FreeBSD are you using? Do you have a kernel dump? Later, George From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 18:44:55 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2F36316A4CE; Fri, 26 Mar 2004 18:44:55 -0800 (PST) Received: from bes.amduat.net (bes.amduat.net [206.124.149.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id 417AB43D41; Fri, 26 Mar 2004 18:44:54 -0800 (PST) (envelope-from jbarrett@amduat.net) Received: from [10.0.0.236] ([10.0.0.236]) (AUTH: LOGIN jbarrett, SSL: TLSv1/SSLv3,128bits,RC4-MD5) by bes.amduat.net with esmtp; Fri, 26 Mar 2004 18:44:53 -0800 From: "Jacob S. Barrett" To: Ruslan Ermilov Date: Fri, 26 Mar 2004 18:44:52 -0800 User-Agent: KMail/1.6.1 References: <200403251118.40718.jbarrett@amduat.net> <20040325234527.GC85417@ip.net.ua> In-Reply-To: <20040325234527.GC85417@ip.net.ua> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200403261844.52324.jbarrett@amduat.net> cc: freebsd-net@freebsd.org Subject: Re: Disabling VLAN_HWTAGGING X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Mar 2004 02:44:55 -0000 I did a little more debugging and placed some printf statements before and after: /* * If we received a packet with a vlan tag, pass it * to vlan_input() instead of ether_input(). */ if (extsts & NGE_RXEXTSTS_VLANPKT) { VLAN_INPUT_TAG(ifp, m, extsts & NGE_RXEXTSTS_VTCI, continue); } What I found is that VLAN tagged frames sent to the interface never get to this line at all. I figured the NIC must be droping it or something before it even gets to the driver. So I commented out the following line: /* * Tell the chip to detect and strip VLAN tag info from * received frames. The tag will be provided in the extsts * field in the RX descriptors. */ NGE_SETBIT(sc, NGE_VLAN_IP_RXCTL, NGE_VIPRXCTL_TAG_DETECT_ENB|NGE_VIPRXCTL_TAG_STRIP_ENB); Now the driver gets the frame but the conditional about is false, presumable because I comment out that line which says it will detect and set the extsts. It does however get delivered to the ng lower hook and therefor the ng_vlan gets it. The ng_eiface tied to vlan2 replies to the arp requests. Strangely though when an ICMP ping request gets to ng_eiface it ignores it. 02:27:16.658526 0:90:27:f4:58:1d ff:ff:ff:ff:ff:ff 0806 56: arp who-has 10.2.0.1 tell 10.2.0.2 02:27:16.658633 11:22:33:44:55:66 0:90:27:f4:58:1d 0806 42: arp reply 10.2.0.1 is-at 11:22:33:44:55:66 02:27:16.659132 0:90:27:f4:58:1d 11:22:33:44:55:66 0800 98: 10.2.0.2 > 10.2.0.1: icmp: echo request 02:27:16.664321 0:90:27:f4:58:1d 11:22:33:44:55:66 0800 98: 10.2.0.2 > 10.2.0.1: icmp: echo request Even more odd, I can ping from the ng_eiface interface and it makes it tagged all the way out and back just fine. The ng_eiface gets the ICMP response just fine. Does any of this make sense to you? Is there possibly something wrong with the logic in that detect and stip flag? Am I just a total tool and missing someting completely obvious here, because it wouldn't be the first time. Does anyone have a 1Gbit fiber NIC that they have tested in and out with VLAN tagging that they could recommend. -- Jacob S. Barrett jbarrett@amduat.net www.amduat.net "I don't suffer from insanity, I enjoy every minute of it." From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 23:42:17 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 78B4D16A4CF for ; Fri, 26 Mar 2004 23:42:17 -0800 (PST) Received: from tigra.ip.net.ua (tigra.ip.net.ua [82.193.96.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 00F3F43D45 for ; Fri, 26 Mar 2004 23:42:16 -0800 (PST) (envelope-from ru@ip.net.ua) Received: from heffalump.ip.net.ua (heffalump.ip.net.ua [82.193.96.213]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id i2R7jFsd059208 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 27 Mar 2004 09:45:16 +0200 (EET) (envelope-from ru@ip.net.ua) Received: (from ru@localhost) by heffalump.ip.net.ua (8.12.11/8.12.11) id i2R7g5WF033025; Sat, 27 Mar 2004 09:42:05 +0200 (EET) (envelope-from ru) Date: Sat, 27 Mar 2004 09:42:05 +0200 From: Ruslan Ermilov To: "Jacob S. Barrett" Message-ID: <20040327074205.GA32984@ip.net.ua> References: <200403251118.40718.jbarrett@amduat.net> <20040325234527.GC85417@ip.net.ua> <200403261844.52324.jbarrett@amduat.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="bg08WKrSYDhXBjb5" Content-Disposition: inline In-Reply-To: <200403261844.52324.jbarrett@amduat.net> User-Agent: Mutt/1.5.6i X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: freebsd-net@freebsd.org Subject: Re: Disabling VLAN_HWTAGGING X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Mar 2004 07:42:17 -0000 --bg08WKrSYDhXBjb5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 26, 2004 at 06:44:52PM -0800, Jacob S. Barrett wrote: > I did a little more debugging and placed some printf statements before an= d=20 > after: > /* > * If we received a packet with a vlan tag, pass it > * to vlan_input() instead of ether_input(). > */ > if (extsts & NGE_RXEXTSTS_VLANPKT) { > VLAN_INPUT_TAG(ifp, m, > extsts & NGE_RXEXTSTS_VTCI, continue); > } >=20 > What I found is that VLAN tagged frames sent to the interface never get t= o=20 > this line at all. I figured the NIC must be droping it or something befo= re=20 > it even gets to the driver. So I commented out the following line: > /* > * Tell the chip to detect and strip VLAN tag info from > * received frames. The tag will be provided in the extsts > * field in the RX descriptors. > */ > NGE_SETBIT(sc, NGE_VLAN_IP_RXCTL, > NGE_VIPRXCTL_TAG_DETECT_ENB|NGE_VIPRXCTL_TAG_STRIP_ENB); >=20 >=20 > Now the driver gets the frame but the conditional about is false, presuma= ble=20 > because I comment out that line which says it will detect and set the ext= sts. =20 > It does however get delivered to the ng lower hook and therefor the ng_vl= an=20 > gets it. The ng_eiface tied to vlan2 replies to the arp requests. Stran= gely=20 > though when an ICMP ping request gets to ng_eiface it ignores it. >=20 > 02:27:16.658526 0:90:27:f4:58:1d ff:ff:ff:ff:ff:ff 0806 56: arp who-has= =20 > 10.2.0.1 tell 10.2.0.2 > 02:27:16.658633 11:22:33:44:55:66 0:90:27:f4:58:1d 0806 42: arp reply 10.= 2.0.1=20 > is-at 11:22:33:44:55:66 > 02:27:16.659132 0:90:27:f4:58:1d 11:22:33:44:55:66 0800 98: 10.2.0.2 >=20 > 10.2.0.1: icmp: echo request > 02:27:16.664321 0:90:27:f4:58:1d 11:22:33:44:55:66 0800 98: 10.2.0.2 >=20 > 10.2.0.1: icmp: echo request >=20 > Even more odd, I can ping from the ng_eiface interface and it makes it ta= gged=20 > all the way out and back just fine. The ng_eiface gets the ICMP response = just=20 > fine. >=20 > Does any of this make sense to you? Is there possibly something wrong wi= th=20 > the logic in that detect and stip flag? Am I just a total tool and missi= ng=20 > someting completely obvious here, because it wouldn't be the first time. >=20 I think so. 11:22:33:44:55:66 is the wrong MAC address -- the first octet should be an odd number, otherwise it's treated as a broadcast/multicast. > Does anyone have a 1Gbit fiber NIC that they have tested in and out with = VLAN=20 > tagging that they could recommend. >=20 I'm in the process of obtaining a NIC. Once I get it, I will look into the issue. What's the ``pciconf -lv'' and dmesg(8) outputs corresponding to yo= ur NIC? Also, is it plugged into the 64-bit PCI slot or not? Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --bg08WKrSYDhXBjb5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAZTBNUkv4P6juNwoRAhNXAJ9Aus3mMRfDaxgt7FuhlVBaNNmoIgCfXIyE PHWbiOuPO06vOBMBEM0FdlQ= =LbCp -----END PGP SIGNATURE----- --bg08WKrSYDhXBjb5-- From owner-freebsd-net@FreeBSD.ORG Sat Mar 27 00:04:54 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A0C9616A4CE for ; Sat, 27 Mar 2004 00:04:54 -0800 (PST) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 3B93443D1D for ; Sat, 27 Mar 2004 00:04:54 -0800 (PST) (envelope-from silby@silby.com) Received: (qmail 27260 invoked from network); 27 Mar 2004 08:04:53 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 27 Mar 2004 08:04:53 -0000 X-pair-Authenticated: 209.68.2.70 Date: Sat, 27 Mar 2004 02:04:52 -0600 (CST) From: Mike Silbersack To: Kevin Day In-Reply-To: <23E302EC-7F7F-11D8-AA0F-000A95A8A1F2@dragondata.com> Message-ID: <20040327020154.S2845@odysseus.silby.com> References: <23E302EC-7F7F-11D8-AA0F-000A95A8A1F2@dragondata.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: sendfile returning ENOTCONN under heavy load X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Mar 2004 08:04:54 -0000 On Fri, 26 Mar 2004, Kevin Day wrote: > I'm using thttpd on a server that pushes 300-400mbps of static content, > using sendfile(2). > > Once the load reaches a certain point (around 800-1000 clients > downloading, anywhere from 150-250mbps), sendfile() will start randomly > returning ENOTCONN, and the client is disconnected. I've raised > kern.ipc.nsfbufs pretty high and that hasn't made any difference. Is > there any easy way to tell exactly why the sockets are being closed? I > can't seem to find any obvious signs of memory exhaustion or anything. > > Thanks, > > Kevin The only place where I see sendfile returning ENOTCONN is: if ((so->so_state & SS_ISCONNECTED) == 0) { error = ENOTCONN; goto done; } So presumably the connection was terminated at the TCP layer, not due to a shortage in sfbufs. Maybe you should set up your testbed that creates this load, then set up one additional test computer. Have that computer tcpdump all of its traffic, hope that one of the dropped connections happens to it, and see if you can find it in the dump. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Sat Mar 27 05:32:57 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 13CF216A4CE for ; Sat, 27 Mar 2004 05:32:57 -0800 (PST) Received: from spooky.eis.net.au (spooky.eis.net.au [203.12.171.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7FC8643D39 for ; Sat, 27 Mar 2004 05:32:56 -0800 (PST) (envelope-from ernie@spooky.eis.net.au) Received: (from ernie@localhost) by spooky.eis.net.au (8.12.11/8.12.10) id i2RDWtdF031292 for freebsd-net@freebsd.org; Sat, 27 Mar 2004 23:32:55 +1000 (EST) (envelope-from ernie) From: User Ernie Message-Id: <200403271332.i2RDWtdF031292@spooky.eis.net.au> To: freebsd-net@freebsd.org Date: Sat, 27 Mar 2004 23:32:55 +1000 (EST) X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Subject: PCI ADSL card and PPPoA X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Mar 2004 13:32:57 -0000 Firstly I have to warn you I am a Netgraph newbie,and despite looking for hours, I have not found much of a tutorial on how it all fits together. I recently obtained a PCI ADSl modem card, Pulsar ADSL from Traverse Technologies http://www.traverse.com.au They have some test FreeBSD drivers http://adsl4linux.no-ip.org/pulsar.html that implement a bridge mode ADSL connection using netgraph modules: Id Refs Address Size Name 1 8 0xc0400000 65ab28 kernel 2 1 0xc0a5b000 7794 ng_atm.ko 3 4 0xc0a63000 14abc netgraph.ko 4 1 0xc0a78000 386c ng_eiface.ko 5 2 0xc0a7c000 3030 atm_aal.ko 6 1 0xc0a80000 440dc if_pls.ko 7 1 0xc0ac5000 2d50 ng_atmllc.ko This all seems to work fine, the modules load up and I get an ADSL sync light on the ADSL PCI card. However I need to run PPPoE or PPPoA to connect to my ISP, I tried user ppp and mpd but the both complained that the interface was not ethernet. Is it possible to use some like ng_ppp and mpd to hook to this card so I can establish a PPPoA session? If so can anyone suggest an mpd config? - Ernie. From owner-freebsd-net@FreeBSD.ORG Sat Mar 27 06:05:26 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D9B5C16A4CE for ; Sat, 27 Mar 2004 06:05:26 -0800 (PST) Received: from trueband.net (director.trueband.net [216.163.120.8]) by mx1.FreeBSD.org (Postfix) with SMTP id 55B2E43D58 for ; Sat, 27 Mar 2004 06:05:26 -0800 (PST) (envelope-from jhall@vandaliamo.net) Received: (qmail 30770 invoked by uid 1006); 27 Mar 2004 14:05:22 -0000 Received: from jhall@vandaliamo.net by rs0 by uid 1003 with qmail-scanner-1.16 (spamassassin: 2.44. Clear:SA:0(-4.9/100.0):. Processed in 0.683792 secs); 27 Mar 2004 14:05:22 -0000 X-Spam-Status: No, hits=-4.9 required=100.0 X-Spam-Level: Received: from unknown (HELO trueband.net) (127.0.0.1) by -v with SMTP; 27 Mar 2004 14:05:21 -0000 Received: (qmail 30737 invoked from network); 27 Mar 2004 14:05:21 -0000 Received: from unknown (HELO vandaliamo.net) (12.170.206.13) by -v with SMTP; 27 Mar 2004 14:05:21 -0000 Message-ID: <40658AE2.2080506@vandaliamo.net> Date: Sat, 27 Mar 2004 08:08:34 -0600 From: Jay Hall User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: PPTP mtu X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Mar 2004 14:05:27 -0000 I am using mpd to establish a DSL connection and, once that connection is established, I am brining up a PPTP connection. However, I am having problems keeping the PPTP connection up. In the logs on the remote machine, I am seeing the following error message: Mar 27 00:22:52 ST_CHARLES mpd: [vpn] CCP: rec'd Configure Nak #1 link 0 (Req-Sent) Mar 27 00:22:52 ST_CHARLES mpd: MPPC Mar 27 00:22:52 ST_CHARLES mpd: 0x01000040: MPPE, 128 bit, stateless Mar 27 00:22:52 ST_CHARLES mpd: [vpn] CCP: SendConfigReq #2 Mar 27 00:22:52 ST_CHARLES mpd: MPPC Mar 27 00:22:52 ST_CHARLES mpd: 0x01000040: MPPE, 128 bit, stateless Mar 27 00:22:52 ST_CHARLES mpd: [vpn] error writing len 14 frame to bypass: No route to host Mar 27 00:22:54 ST_CHARLES mpd: [vpn] CCP: rec'd Configure Request #56 link 0 (Req-Sent) Mar 27 00:22:54 ST_CHARLES mpd: MPPC Mar 27 00:22:54 ST_CHARLES mpd: 0x01000060: MPPE, 40 bit, 128 bit, stateless Mar 27 00:22:54 ST_CHARLES mpd: [vpn] CCP: SendConfigNak #56 Mar 27 00:22:54 ST_CHARLES mpd: MPPC Mar 27 00:22:54 ST_CHARLES mpd: 0x01000040: MPPE, 128 bit, stateless Mar 27 00:22:54 ST_CHARLES mpd: [vpn] error writing len 14 frame to bypass: No route to host Mar 27 00:22:54 ST_CHARLES mpd: [vpn] CCP: SendConfigReq #3 Mar 27 00:22:54 ST_CHARLES mpd: MPPC Mar 27 00:22:54 ST_CHARLES mpd: 0x01000040: MPPE, 128 bit, stateless Mar 27 00:22:54 ST_CHARLES mpd: [vpn] error writing len 14 frame to bypass: No route to host Mar 27 00:22:56 ST_CHARLES mpd: [vpn] CCP: rec'd Configure Request #57 link 0 (Req-Sent) Mar 27 00:22:56 ST_CHARLES mpd: MPPC Mar 27 00:22:56 ST_CHARLES mpd: 0x01000060: MPPE, 40 bit, 128 bit, stateless Mar 27 00:22:56 ST_CHARLES mpd: [vpn] CCP: SendConfigNak #57 Mar 27 00:22:56 ST_CHARLES mpd: MPPC Mar 27 00:22:56 ST_CHARLES mpd: 0x01000040: MPPE, 128 bit, stateless Mar 27 00:22:56 ST_CHARLES mpd: [vpn] error writing len 14 frame to bypass: No route to host Mar 27 00:22:56 ST_CHARLES mpd: [vpn] CCP: SendConfigReq #4 Mar 27 00:22:56 ST_CHARLES mpd: MPPC Mar 27 00:22:56 ST_CHARLES mpd: 0x01000040: MPPE, 128 bit, stateless Mar 27 00:22:58 ST_CHARLES mpd: [vpn] CCP: rec'd Configure Request #58 link 0 (Req-Sent) Mar 27 00:22:58 ST_CHARLES mpd: MPPC Mar 27 00:22:58 ST_CHARLES mpd: 0x01000060: MPPE, 40 bit, 128 bit, stateless Mar 27 00:22:58 ST_CHARLES mpd: [vpn] CCP: SendConfigNak #58 Mar 27 00:22:58 ST_CHARLES mpd: MPPC Mar 27 00:22:58 ST_CHARLES mpd: 0x01000040: MPPE, 128 bit, stateless Mar 27 00:22:58 ST_CHARLES mpd: [vpn] CCP: SendConfigReq #5 Mar 27 00:22:58 ST_CHARLES mpd: MPPC Mar 27 00:22:58 ST_CHARLES mpd: 0x01000040: MPPE, 128 bit, stateless Mar 27 00:23:00 ST_CHARLES mpd: [vpn] CCP: rec'd Configure Request #59 link 0 (Req-Sent) Mar 27 00:23:00 ST_CHARLES mpd: MPPC Mar 27 00:23:00 ST_CHARLES mpd: 0x01000060: MPPE, 40 bit, 128 bit, stateless Mar 27 00:23:00 ST_CHARLES mpd: [vpn] CCP: SendConfigNak #59 Mar 27 00:23:00 ST_CHARLES mpd: MPPC Mar 27 00:23:00 ST_CHARLES mpd: 0x01000040: MPPE, 128 bit, stateless Mar 27 00:23:00 ST_CHARLES mpd: [vpn] CCP: SendConfigReq #6 Mar 27 00:23:00 ST_CHARLES mpd: MPPC Mar 27 00:23:00 ST_CHARLES mpd: 0x01000040: MPPE, 128 bit, stateless Mar 27 00:23:02 ST_CHARLES mpd: [vpn] CCP: rec'd Configure Request #60 link 0 (Req-Sent) Mar 27 00:23:02 ST_CHARLES mpd: MPPC Mar 27 00:23:02 ST_CHARLES mpd: 0x01000060: MPPE, 40 bit, 128 bit, stateless Mar 27 00:23:02 ST_CHARLES mpd: [vpn] CCP: SendConfigNak #60 Mar 27 00:23:02 ST_CHARLES mpd: MPPC Mar 27 00:23:02 ST_CHARLES mpd: 0x01000040: MPPE, 128 bit, stateless Mar 27 00:23:02 ST_CHARLES mpd: [vpn] CCP: SendConfigReq #7 Mar 27 00:23:02 ST_CHARLES mpd: MPPC Mar 27 00:23:02 ST_CHARLES mpd: 0x01000040: MPPE, 128 bit, stateless Mar 27 00:23:04 ST_CHARLES mpd: [vpn] CCP: rec'd Configure Request #61 link 0 (Req-Sent) Mar 27 00:23:04 ST_CHARLES mpd: MPPC Mar 27 00:23:04 ST_CHARLES mpd: 0x01000060: MPPE, 40 bit, 128 bit, stateless Mar 27 00:23:04 ST_CHARLES mpd: [vpn] CCP: SendConfigNak #61 Mar 27 00:23:04 ST_CHARLES mpd: MPPC Mar 27 00:23:04 ST_CHARLES mpd: 0x01000040: MPPE, 128 bit, stateless Mar 27 00:23:04 ST_CHARLES mpd: [vpn] CCP: SendConfigReq #8 Mar 27 00:23:04 ST_CHARLES mpd: MPPC Mar 27 00:23:04 ST_CHARLES mpd: 0x01000040: MPPE, 128 bit, stateless Mar 27 00:23:06 ST_CHARLES mpd: [vpn] CCP: SendConfigReq #9 Mar 27 00:23:06 ST_CHARLES mpd: MPPC Mar 27 00:23:06 ST_CHARLES mpd: 0x01000040: MPPE, 128 bit, stateless Mar 27 00:23:08 ST_CHARLES mpd: [vpn] CCP: rec'd Configure Request #63 link 0 (Req-Sent) Mar 27 00:23:08 ST_CHARLES mpd: MPPC Mar 27 00:23:08 ST_CHARLES mpd: 0x01000060: MPPE, 40 bit, 128 bit, stateless Mar 27 00:23:08 ST_CHARLES mpd: [vpn] CCP: not converging Mar 27 00:23:08 ST_CHARLES mpd: [vpn] CCP: parameter negotiation failed Mar 27 00:23:08 ST_CHARLES mpd: [vpn] CCP: Close event Mar 27 00:23:08 ST_CHARLES mpd: [vpn] CCP: state change Req-Sent --> Closing Mar 27 00:23:08 ST_CHARLES mpd: [vpn] CCP: SendTerminateReq #10 Mar 27 00:23:08 ST_CHARLES mpd: [vpn] CCP: encryption required, but MPPE was not negotiated in both directions Mar 27 00:23:08 ST_CHARLES mpd: [vpn] CCP: failed to negotiate required encryption Mar 27 00:23:08 ST_CHARLES mpd: [vpn] CCP: Close event Mar 27 00:23:08 ST_CHARLES mpd: [vpn] CCP: state change Closing --> Closed Mar 27 00:23:08 ST_CHARLES mpd: [vpn] CCP: LayerFinish Mar 27 00:23:08 ST_CHARLES mpd: [vpn] IPCP: failed to negotiate required encryption Mar 27 00:23:08 ST_CHARLES mpd: [vpn] IPCP: LayerFinish Mar 27 00:23:08 ST_CHARLES mpd: [vpn] IPCP: LayerStart On the server I am seeing the following messages: [pptp1] CCP: parameter negotiation failed I think this might be an MTU problem. When the MTU is negotiated at 1456, the connection runs fine. However, at values higher or lower, the connection does not work, and will drop after a few seconds. I am using mpd-3.15 on both ends of the connection. Any suggestions would be greatly appreciated. Thank in advance for your assistance. Jay From owner-freebsd-net@FreeBSD.ORG Sat Mar 27 07:40:46 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E84E816A4CE for ; Sat, 27 Mar 2004 07:40:46 -0800 (PST) Received: from park.rambler.ru (park.rambler.ru [81.19.64.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6811143D2D for ; Sat, 27 Mar 2004 07:40:45 -0800 (PST) (envelope-from is@rambler-co.ru) Received: from is (is.park.rambler.ru [81.19.64.102]) by park.rambler.ru (8.12.6/8.12.6) with ESMTP id i2RFeLgU057843; Sat, 27 Mar 2004 18:40:21 +0300 (MSK) (envelope-from is@rambler-co.ru) Date: Sat, 27 Mar 2004 18:40:21 +0300 (MSK) From: Igor Sysoev X-Sender: is@is To: Kevin Day In-Reply-To: <23E302EC-7F7F-11D8-AA0F-000A95A8A1F2@dragondata.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: sendfile returning ENOTCONN under heavy load X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Mar 2004 15:40:47 -0000 On Fri, 26 Mar 2004, Kevin Day wrote: > I'm using thttpd on a server that pushes 300-400mbps of static content, > using sendfile(2). > > Once the load reaches a certain point (around 800-1000 clients > downloading, anywhere from 150-250mbps), sendfile() will start randomly > returning ENOTCONN, and the client is disconnected. I've raised > kern.ipc.nsfbufs pretty high and that hasn't made any difference. Is > there any easy way to tell exactly why the sockets are being closed? I > can't seem to find any obvious signs of memory exhaustion or anything. It's the sendfile(2) feature. It can return ENOTCONN instead EPIPE. See the message: http://freebsd.rambler.ru/bsdmail/freebsd-hackers_2004/msg00019.html and its follow-ups. Igor Sysoev http://sysoev.ru/en/ From owner-freebsd-net@FreeBSD.ORG Sat Mar 27 07:53:55 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F0CF016A4CE; Sat, 27 Mar 2004 07:53:55 -0800 (PST) Received: from bes.amduat.net (bes.amduat.net [206.124.149.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5555843D31; Sat, 27 Mar 2004 07:53:55 -0800 (PST) (envelope-from jbarrett@amduat.net) Received: from [10.0.0.236] ([10.0.0.236]) (AUTH: LOGIN jbarrett, SSL: TLSv1/SSLv3,128bits,RC4-MD5) by bes.amduat.net with esmtp; Sat, 27 Mar 2004 07:53:54 -0800 From: "Jacob S. Barrett" To: Ruslan Ermilov Date: Sat, 27 Mar 2004 07:53:53 -0800 User-Agent: KMail/1.6.1 References: <200403251118.40718.jbarrett@amduat.net> <200403261844.52324.jbarrett@amduat.net> <20040327074205.GA32984@ip.net.ua> In-Reply-To: <20040327074205.GA32984@ip.net.ua> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200403270753.53476.jbarrett@amduat.net> cc: freebsd-net@freebsd.org Subject: Re: Disabling VLAN_HWTAGGING X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Mar 2004 15:53:56 -0000 On Friday 26 March 2004 11:42 pm, you wrote: > I think so. 11:22:33:44:55:66 is the wrong MAC address -- the first octet > should be an odd number, otherwise it's treated as a broadcast/multicast. Doh! You learn something new every day. See I told you that I can be a tool sometimes. :) Well with a new "correct" MAC that pings go back and forth just fine now. I will back out all my changes and see if they still work with the hardware tagging/detagging enabled. > I'm in the process of obtaining a NIC. Once I get it, I will look into the > issue. What's the ``pciconf -lv'' and dmesg(8) outputs corresponding to > your NIC? Also, is it plugged into the 64-bit PCI slot or not? nge0@pci0:14:0: class=0x020000 card=0x621a1385 chip=0x0022100b rev=0x00 hdr=0x00 vendor = 'National Semiconductor' device = 'DP83820/1 10/100/1000 Gigabit Ethernet Adapter' class = network subclass = ethernet It is plugged into a 32-bit PCI slot. If you want access to my test box to debug that kernel panic issue when attaching if_vlan interfaces you are welcome to. Just email me off list for an account. -- Jacob S. Barrett jbarrett@amduat.net www.amduat.net "I don't suffer from insanity, I enjoy every minute of it." From owner-freebsd-net@FreeBSD.ORG Sat Mar 27 08:48:40 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1FF2916A4CE; Sat, 27 Mar 2004 08:48:40 -0800 (PST) Received: from bes.amduat.net (bes.amduat.net [206.124.149.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id 83BEF43D2D; Sat, 27 Mar 2004 08:48:39 -0800 (PST) (envelope-from jbarrett@amduat.net) Received: from [10.0.0.236] ([10.0.0.236]) (AUTH: LOGIN jbarrett, SSL: TLSv1/SSLv3,128bits,RC4-MD5) by bes.amduat.net with esmtp; Sat, 27 Mar 2004 08:48:38 -0800 From: "Jacob S. Barrett" To: Ruslan Ermilov Date: Sat, 27 Mar 2004 08:48:37 -0800 User-Agent: KMail/1.6.1 References: <200403251118.40718.jbarrett@amduat.net> <20040327074205.GA32984@ip.net.ua> <200403270753.53476.jbarrett@amduat.net> In-Reply-To: <200403270753.53476.jbarrett@amduat.net> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200403270848.37996.jbarrett@amduat.net> cc: freebsd-net@freebsd.org Subject: Re: Disabling VLAN_HWTAGGING X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Mar 2004 16:48:40 -0000 On Saturday 27 March 2004 07:53 am, Jacob S. Barrett wrote: > Well with a new "correct" MAC that pings go back and forth just fine now. > I will back out all my changes and see if they still work with the hardware > tagging/detagging enabled. OK, with the hardware support re-enabled the frame now enters the driver. It is detected as VLAN frame and sent to VLAN_INPUT_TAG. The frame is then delivered via lower hook to the ng_vlan where it doesn't match the vlan tag so it goes out the nomatch hook. I guess with the VLAN tag stripped from the frame that ng_vlan can't match it. Is this the expected behavior with ng_vlan? I can just comment out the VLAN stripping line in the driver if it is the expected behavior. That isn't a big deal really. I haven't done a whole lot with the network interface drivers other than a few minor fixes here and there, but would it be hard to add some sort of flag to enable/disable the tag stripping via ifconfig? I was thinking that could be down through a "linkx" flag right? If the driver got the say "link1" it would down the interface, set clear the stripping config bits, and then re-up the interface. Or would this be better handled by a sysctl option? Does that sound safe and do-able? -- Jacob S. Barrett jbarrett@amduat.net www.amduat.net "I don't suffer from insanity, I enjoy every minute of it." From owner-freebsd-net@FreeBSD.ORG Sat Mar 27 09:00:30 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D2A8B16A4DD for ; Sat, 27 Mar 2004 09:00:30 -0800 (PST) Received: from web13005.mail.yahoo.com (web13005.mail.yahoo.com [216.136.174.15]) by mx1.FreeBSD.org (Postfix) with SMTP id B3BE143D49 for ; Sat, 27 Mar 2004 09:00:30 -0800 (PST) (envelope-from leo_luis99@yahoo.com) Message-ID: <20040327170030.46221.qmail@web13005.mail.yahoo.com> Received: from [198.24.5.10] by web13005.mail.yahoo.com via HTTP; Sat, 27 Mar 2004 09:00:30 PST Date: Sat, 27 Mar 2004 09:00:30 -0800 (PST) From: leo luis To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: MPD multilink with modems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Mar 2004 17:00:31 -0000 HI, I'm trying to configure 2 freeBSD boxes with mpd. I have installed version 3.9. I'm don't really know if it is a failure or just a wrong configuration in the server, because when I do a dialup attempt the first modem answers the call and I can run traffic as well, but the second alway go immediatly in the way that there is no time to start LCP in the client, but LCP start in the server. I could see the server is trying to send LCP packete itselve. Thanks Leo Configuration for server: dialin: new -i ng0 dialin modem2 modem1 set iface addrs 1.1.1.1 2.2.2.2 #set iface idle 900 set debug 8 set bundle enable noretry set bundle enable multilink set ipcp ranges 1.1.1.1/32 2.2.2.2/32 set ipcp yes vjcomp set link enable chap set link enable pap set link disable check-magic set link yes acfcomp protocomp link modem2 set modem idle-script AnswerCall link modem1 set modem idle-script AnswerCall modem1: set link type modem set modem speed 115200 set modem device /dev/cuaa0 modem2: set link type modem set modem speed 115200 set modem device /dev/cuaa1 configuration for client: multi: new -i ng0 multi salida1 salida2 set iface route default #set iface addrs 172.25.10.10 10.0.0.97 set iface disable on-demand set iface idle 900 #set debug 8 set bundle enable multilink set bundle accept multilink set bundle authname admin set ipcp ranges 1.0.0.0/0 1.0.0.0/0 set ipcp yes vjcomp set link disable chap pap set link accept chap pap set link yes acfcomp protocomp link salida2 set modem script DialPeer set modem var $Telephone "40187" link salida1 set modem script DialPeer set modem var $Telephone "40091" open mpd.links file salida1: set link type modem set modem speed 115200 set modem device /dev/cuaa1 set modem var $DialPrefix "DT" salida2: set link type modem set modem speed 115200 set modem device /dev/cuaa0 set modem var $DialPrefix "DT" [dialin] ppp node is "mpd944-dialin" [dialin] using interface ng0 mpd: option "noretry" unknown [dialin:modem1] [modem2] chat: Detected USR Sportster modem. [modem1] chat: Detected USR U.S. Robotics 56K modem. [modem2] chat: Waiting for ring... [modem1] chat: Waiting for ring... [modem1] chat: Incoming call detected... [modem2] chat: Incoming call detected... [modem1] chat: Connected at . [modem1] idle script succeeded, action=answer [modem1] opening link in answer mode [dialin] IPCP: Open event [dialin] IPCP: state change Initial --> Starting [dialin] IPCP: LayerStart [dialin] bundle: OPEN event in state CLOSED [dialin] opening link "modem2"... [dialin] opening link "modem1"... [modem2] link: OPEN event [modem2] LCP: Open event [modem2] LCP: state change Initial --> Starting [modem2] LCP: LayerStart [modem1] link: OPEN event [modem1] LCP: Open event [modem1] LCP: state change Initial --> Starting [modem1] LCP: LayerStart [modem2] device: OPEN event in state DOWN [modem2] device is now in state OPENING [modem1] device: OPEN event in state DOWN [modem1] chat script succeeded [modem1] device is now in state OPENING [modem1] device: UP event in state OPENING [modem1] device is now in state UP [modem1] link: UP event [modem1] link: origination is remote [modem1] LCP: Up event [modem1] LCP: state change Starting --> Req-Sent [modem1] LCP: phase shift DEAD --> ESTABLISH [modem1] LCP: SendConfigReq #1 ACCMAP 0x000a0000 MRU 1500 MAGICNUM 024ce600 AUTHPROTO CHAP MSOFTv2 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem1] LCP: rec'd Configure Reject #172 link 1 (Req-Sent) Wrong id#, expecting 1 [modem1] LCP: rec'd Configure Request #1 link 1 (Req-Sent) ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM 12ee3ecb MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c eb 7c 5c [modem1] LCP: SendConfigRej #1 ACFCOMP PROTOCOMP [modem1] LCP: rec'd Configure Request #2 link 1 (Req-Sent) ACCMAP 0x000a0000 MRU 1500 MAGICNUM 12ee3ecb MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c eb 7c 5c [modem1] LCP: SendConfigAck #2 ACCMAP 0x000a0000 MRU 1500 MAGICNUM 12ee3ecb MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c eb 7c 5c [modem1] LCP: state change Req-Sent --> Ack-Sent [modem1] LCP: SendConfigReq #2 ACCMAP 0x000a0000 MRU 1500 MAGICNUM 024ce600 AUTHPROTO CHAP MSOFTv2 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem1] LCP: rec'd Configure Ack #2 link 1 (Ack-Sent) ACCMAP 0x000a0000 MRU 1500 MAGICNUM 024ce600 AUTHPROTO CHAP MSOFTv2 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem1] LCP: state change Ack-Sent --> Opened [modem1] LCP: phase shift ESTABLISH --> AUTHENTICATE [modem1] LCP: auth: peer wants nothing, I want CHAP [modem1] CHAP: sending CHALLENGE [modem1] LCP: LayerUp [modem1] CHAP: rec'd RESPONSE #1 Name: "admin" Peer name: "admin" Response is valid [modem1] CHAP: sending SUCCESS [modem1] LCP: authorization successful [modem1] LCP: phase shift AUTHENTICATE --> NETWORK [dialin] up: 1 link, total bandwidth 28800 bps [dialin] IPCP: Up event [dialin] IPCP: state change Starting --> Req-Sent [dialin] IPCP: SendConfigReq #1 IPADDR 1.1.1.1 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [dialin] error writing len 20 frame to bypass: Network is down [modem1] LCP: SendIdent #1 MESG: RSG_TCP [dialin] IPCP: rec'd Configure Request #1 link 1 (Req-Sent) IPADDR 1.0.0.0 NAKing with 10.0.0.97 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [dialin] IPCP: SendConfigNak #1 IPADDR 10.0.0.97 [dialin] IPCP: rec'd Configure Request #2 link -1 (Req-Sent) IPADDR 10.0.0.97 10.0.0.97 is OK COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [dialin] IPCP: SendConfigAck #2 IPADDR 10.0.0.97 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [dialin] IPCP: state change Req-Sent --> Ack-Sent [modem2] chat script succeeded [modem2] device: UP event in state OPENING [modem2] device is now in state UP [modem2] link: UP event [modem2] link: origination is remote [modem2] LCP: Up event [modem2] LCP: state change Starting --> Req-Sent [modem2] LCP: phase shift DEAD --> ESTABLISH [modem2] LCP: SendConfigReq #1 ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM 043c7a70 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: rec'd Configure Request #1 link 0 (Req-Sent) ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM 043c7a70 Same magic! Detected loopback condition MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: SendConfigNak #1 MAGICNUM fbc3858f [modem2] LCP: rec'd Configure Nak #1 link 0 (Req-Sent) MAGICNUM fbc3858f [modem2] LCP: SendConfigReq #2 ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM 04df6410 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: rec'd Configure Request #2 link 0 (Req-Sent) ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM 04df6410 Same magic! Detected loopback condition MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: SendConfigNak #2 MAGICNUM fb209bef [modem2] LCP: rec'd Configure Nak #2 link 0 (Req-Sent) MAGICNUM fb209bef [modem2] LCP: SendConfigReq #3 ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM 023ae0f0 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: rec'd Configure Request #3 link 0 (Req-Sent) ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM 023ae0f0 Same magic! Detected loopback condition MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: SendConfigNak #3 MAGICNUM fdc51f0f [modem2] LCP: rec'd Configure Nak #3 link 0 (Req-Sent) MAGICNUM fdc51f0f [modem2] LCP: SendConfigReq #4 ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM 02d81a00 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: rec'd Configure Request #4 link 0 (Req-Sent) ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM 02d81a00 Same magic! Detected loopback condition MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: SendConfigNak #4 MAGICNUM fd27e5ff [modem2] LCP: rec'd Configure Nak #4 link 0 (Req-Sent) MAGICNUM fd27e5ff [modem2] LCP: SendConfigReq #5 ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM ffbb5b50 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: rec'd Configure Request #5 link 0 (Req-Sent) ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM ffbb5b50 Same magic! Detected loopback condition MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: SendConfigNak #5 MAGICNUM 0044a4af [modem2] LCP: rec'd Configure Nak #5 link 0 (Req-Sent) MAGICNUM 0044a4af [modem2] LCP: SendConfigReq #6 ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM ed6d5270 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: rec'd Configure Request #6 link 0 (Req-Sent) ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM ed6d5270 Same magic! Detected loopback condition MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: not converging [modem2] LCP: parameter negotiation failed [modem2] LCP: state change Req-Sent --> Stopped [modem2] LCP: LayerFinish [modem2] device: CLOSE event in state UP [modem2] device is now in state CLOSING [modem2] device: DOWN event in state CLOSING [modem2] device is now in state DOWN [modem2] link: DOWN event [modem2] LCP: Down event [modem2] LCP: state change Stopped --> Starting [modem2] LCP: phase shift ESTABLISH --> DEAD [modem2] LCP: LayerStart [modem2] device: OPEN event in state DOWN [modem2] pausing 7 seconds before open [modem2] device is now in state DOWN [modem2] device: OPEN event in state DOWN [modem2] device is now in state DOWN [dialin] IPCP: SendConfigReq #2 IPADDR 1.1.1.1 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [dialin] IPCP: rec'd Configure Ack #2 link -1 (Ack-Sent) IPADDR 1.1.1.1 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid [dialin] IPCP: state change Ack-Sent --> Opened [dialin] IPCP: LayerUp 1.1.1.1 -> 10.0.0.97 [dialin] IFACE: Up event [dialin] IFACE: Opening [dialin] exec: /sbin/ifconfig ng0 1.1.1.1 10.0.0.97 netmask 0xffffffff -link0 [dialin] IFACE: Up event [modem2] chat: Detected USR Sportster modem. [modem2] chat: Waiting for ring... [modem2] device: OPEN event in state DOWN [modem2] pausing 1 seconds before open [modem2] device is now in state DOWN [modem2] device: OPEN event in state DOWN [modem2] device is now in state OPENING [modem2] chat script succeeded [modem2] device: UP event in state OPENING [modem2] device is now in state UP [modem2] link: UP event [modem2] link: origination is remote [modem2] LCP: Up event [modem2] LCP: state change Starting --> Req-Sent [modem2] LCP: phase shift DEAD --> ESTABLISH [modem2] LCP: SendConfigReq #7 ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM e93d5350 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: rec'd Configure Request #7 link 0 (Req-Sent) ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM e93d5350 Same magic! Detected loopback condition MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: SendConfigNak #7 MAGICNUM 16c2acaf [modem2] LCP: rec'd Configure Nak #7 link 0 (Req-Sent) MAGICNUM 16c2acaf [modem2] LCP: SendConfigReq #8 ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM f4ebd490 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: rec'd Configure Request #8 link 0 (Req-Sent) ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM f4ebd490 Same magic! Detected loopback condition MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: SendConfigNak #8 MAGICNUM 0b142b6f [modem2] LCP: rec'd Configure Nak #8 link 0 (Req-Sent) MAGICNUM 0b142b6f [modem2] LCP: SendConfigReq #9 ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM f5f55840 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: rec'd Configure Request #9 link 0 (Req-Sent) ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM f5f55840 Same magic! Detected loopback condition MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: SendConfigNak #9 MAGICNUM 0a0aa7bf [modem2] LCP: rec'd Configure Nak #9 link 0 (Req-Sent) MAGICNUM 0a0aa7bf [modem2] LCP: SendConfigReq #10 ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM f2ddd7d0 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: rec'd Configure Request #10 link 0 (Req-Sent) ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM f2ddd7d0 Same magic! Detected loopback condition MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: SendConfigNak #10 MAGICNUM 0d22282f [modem2] LCP: rec'd Configure Nak #10 link 0 (Req-Sent) MAGICNUM 0d22282f [modem2] LCP: SendConfigReq #11 ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM f3e9b490 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: rec'd Configure Request #11 link 0 (Req-Sent) ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM f3e9b490 Same magic! Detected loopback condition MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: SendConfigNak #11 MAGICNUM 0c164b6f [modem2] LCP: rec'd Configure Nak #11 link 0 (Req-Sent) MAGICNUM 0c164b6f [modem2] LCP: SendConfigReq #12 ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM f2afe100 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: rec'd Configure Request #12 link 0 (Req-Sent) ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM f2afe100 Same magic! Detected loopback condition MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: not converging [modem2] LCP: parameter negotiation failed [modem2] LCP: state change Req-Sent --> Stopped [modem2] LCP: LayerFinish [modem2] device: CLOSE event in state UP [modem2] device is now in state CLOSING [modem2] device: DOWN event in state CLOSING [modem2] device is now in state DOWN [modem2] link: DOWN event [modem2] LCP: Down event [modem2] LCP: state change Stopped --> Starting [modem2] LCP: phase shift ESTABLISH --> DEAD [modem2] LCP: LayerStart [modem2] device: OPEN event in state DOWN [modem2] pausing 9 seconds before open [modem2] device is now in state DOWN [modem2] device: OPEN event in state DOWN [modem2] device is now in state DOWN [dialin:modem1] [dialin:modem1] [dialin:modem1] [dialin:modem1] [modem2] chat: Detected USR Sportster modem. [modem2] chat: Waiting for ring... [dialin:modem1] [dialin:modem1] [dialin:modem1] [dialin:modem1] [dialin:modem1] [dialin:modem1] [modem2] device: OPEN event in state DOWN [modem2] device is now in state OPENING [modem2] chat script succeeded [modem2] device: UP event in state OPENING [modem2] device is now in state UP [modem2] link: UP event [modem2] link: origination is remote [modem2] LCP: Up event [modem2] LCP: state change Starting --> Req-Sent [modem2] LCP: phase shift DEAD --> ESTABLISH [modem2] LCP: SendConfigReq #13 ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM dd31d390 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: rec'd Configure Request #13 link 0 (Req-Sent) ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM dd31d390 Same magic! Detected loopback condition MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: SendConfigNak #13 MAGICNUM 22ce2c6f [modem2] LCP: rec'd Configure Nak #13 link 0 (Req-Sent) MAGICNUM 22ce2c6f [modem2] LCP: SendConfigReq #14 ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM de3ff6f0 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: rec'd Configure Request #14 link 0 (Req-Sent) ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM de3ff6f0 Same magic! Detected loopback condition MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: SendConfigNak #14 MAGICNUM 21c0090f [modem2] LCP: rec'd Configure Nak #14 link 0 (Req-Sent) MAGICNUM 21c0090f [modem2] LCP: SendConfigReq #15 ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM db25c140 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: rec'd Configure Request #15 link 0 (Req-Sent) ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM db25c140 Same magic! Detected loopback condition MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: SendConfigNak #15 MAGICNUM 24da3ebf [modem2] LCP: rec'd Configure Nak #15 link 0 (Req-Sent) MAGICNUM 24da3ebf [modem2] LCP: SendConfigReq #16 ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM dc369630 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: rec'd Configure Request #16 link 0 (Req-Sent) ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM dc369630 Same magic! Detected loopback condition MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: SendConfigNak #16 MAGICNUM 23c969cf [modem2] LCP: rec'd Configure Nak #16 link 0 (Req-Sent) MAGICNUM 23c969cf [modem2] LCP: SendConfigReq #17 ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM d916fd60 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: rec'd Configure Request #17 link 0 (Req-Sent) ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM d916fd60 Same magic! Detected loopback condition MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: SendConfigNak #17 MAGICNUM 26e9029f [modem2] LCP: rec'd Configure Nak #17 link 0 (Req-Sent) MAGICNUM 26e9029f [modem2] LCP: SendConfigReq #18 ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM e69c7c80 MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: rec'd Configure Request #18 link 0 (Req-Sent) ACFCOMP PROTOCOMP ACCMAP 0x000a0000 MRU 1500 MAGICNUM e69c7c80 Same magic! Detected loopback condition MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 60 8c 34 b4 41 [modem2] LCP: not converging [modem2] LCP: parameter negotiation failed [modem2] LCP: state change Req-Sent --> Stopped [modem2] LCP: LayerFinish [modem2] device: CLOSE event in state UP [modem2] device is now in state CLOSING [modem2] device: DOWN event in state CLOSING [modem2] device is now in state DOWN [modem2] link: DOWN event [modem2] LCP: Down event [modem2] LCP: state change Stopped --> Starting [modem2] LCP: phase shift ESTABLISH --> DEAD [modem2] LCP: LayerStart [modem2] device: OPEN event in state DOWN [modem2] pausing 9 seconds before open [modem2] device is now in state DOWN [modem2] device: OPEN event in state DOWN [modem2] device is now in state DOWN ^Cmpd: caught fatal signal int mpd: fatal error, exiting [dialin] IPCP: Down event [dialin] IPCP: state change Opened --> Starting [dialin] IPCP: LayerDown [dialin] IFACE: Down event [dialin] exec: /sbin/ifconfig ng0 down delete -link0 [dialin] IFACE: Close event [dialin] IPCP: Close event [dialin] IPCP: state change Starting --> Initial [dialin] IPCP: LayerFinish mpd: process 944 terminated Thanks --------------------------------- Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. From owner-freebsd-net@FreeBSD.ORG Sat Mar 27 09:42:04 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 24A4916A4CE for ; Sat, 27 Mar 2004 09:42:04 -0800 (PST) Received: from ns10.hutchtel.net (ds2.hutchtel.net [66.103.161.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id A873543D2F for ; Sat, 27 Mar 2004 09:42:03 -0800 (PST) (envelope-from ant@hutchtel.net) Received: from andromeda (6400b4.hutchtel.net [66.103.161.14]) by ns10.hutchtel.net (8.12.8/) with ESMTP id i2RHg2Pc1419405; Sat, 27 Mar 2004 11:42:02 -0600 (CST) From: "Anthony Anderberg" To: freebsd-net@freebsd.org Date: Sat, 27 Mar 2004 11:44:34 -0600 MIME-Version: 1.0 Message-ID: <40656922.13723.24183307@localhost> Priority: normal In-reply-to: <20040326115855.A90406@ganymede.hub.org> X-mailer: Pegasus Mail for Windows (v4.12a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Subject: Re: Looking for switch recommendations ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ant@hutchtel.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Mar 2004 17:42:04 -0000 I just finished evaluating a large number of switches for work and can share my thoughts, although we're still in price negotiations so it'd be unethical to make recommendations. We use Nortel BayStack 350s and Passport 8600s today, and will be buying almost 400 switches of various kinds over the next 3 years. We only use managed switches, having spent too many hours debugging speed/duplex mismatches and other silliness. I tend not to pay much attention to vendor-supplied performance number since there is a lot of "Enron-style" math that can be done to boost ratings. In the small form-factor market I liked: -Allied Telesyn's 8012M Unlike most of the switches in this group it has a fan, but its not too loud. It also seemed to run fine without the fan (nothing drives like a rental!) It's got a modular slot that can accept GBICs or a 1000TX port, otherwise it's got 12 10/100 ports. -Asante's FM2008 is fairly inexpensive and had decent performance for it's 8 ports. A model with a fiber uplink is also available. -Cisco's 2940 is basically a cut-down 2950 and has a number of mounting options, although its list price is twice that of these other small switches. In my "10/100 user uplink" category I liked: -Notel's BayStack 425 which is the least expensive managed switch they make, it's got 4 SFP slots but a cheesy firewire stacking system. -Hewlett Packard's ProCurve 2626 which has 2 SFP slots, 24 ports, and lots of nice features for port mirroring. Someone mentioned the 48 port version called the 2650 earlier. -Cisco's 2950 Which has decent performance and a reasonable price, although I've always thought IOS to be a clunky interface for simple Ethernet switches where not much configuration is required. In the gigabit category I liked: -Hewlett Packard's 2824: which has 20 copper ports and 4 ports that can be either copper or SFP. It's got many of the same features and look and feel as the 2626. -Nortel's 5510 which is their newest model, its got a rich feature set including neat flow and cable management that'll be in an upcoming software release. There is also going to be a PoE version later this year. I also looked at switches from Dell, Extreme, and Foundry, as well as models from each vendor in each category. Dell and Foundry's workgroup switches are both clones of a switch from some other OEM, I'm not sure who. Hewlett Packard's 9300 line is really just Foundry's stuff with HP stickers, they don't even bother to repaint them. I really liked Extreme's core hardware, but thought they were a little too expensive as an edge solution. I'm hopeing to get me hands on Extreme's BlackDiamond 10K platform later this summer, even if it is based on Linux. :-) Hope this helps, anthony From owner-freebsd-net@FreeBSD.ORG Sat Mar 27 10:13:49 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8029716A4CE for ; Sat, 27 Mar 2004 10:13:49 -0800 (PST) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id EEE6A43D1D for ; Sat, 27 Mar 2004 10:13:48 -0800 (PST) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 64EAD652EC; Sat, 27 Mar 2004 18:13:47 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 99919-02-2; Sat, 27 Mar 2004 18:13:47 +0000 (GMT) Received: from empiric.dek.spc.org (82-147-17-88.dsl.uk.rapidplay.com [82.147.17.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 434E065218; Sat, 27 Mar 2004 18:13:46 +0000 (GMT) Received: by empiric.dek.spc.org (Postfix, from userid 1001) id 8B9CE6108; Sat, 27 Mar 2004 18:13:45 +0000 (GMT) Date: Sat, 27 Mar 2004 18:13:45 +0000 From: Bruce M Simpson To: User Ernie Message-ID: <20040327181345.GD90316@empiric.dek.spc.org> Mail-Followup-To: User Ernie , freebsd-net@freebsd.org References: <200403271332.i2RDWtdF031292@spooky.eis.net.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200403271332.i2RDWtdF031292@spooky.eis.net.au> cc: freebsd-net@freebsd.org Subject: Re: PCI ADSL card and PPPoA X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Mar 2004 18:13:49 -0000 On Sat, Mar 27, 2004 at 11:32:55PM +1000, User Ernie wrote: > Is it possible to use some like ng_ppp and mpd to hook to this card so I > can establish a PPPoA session? If so can anyone suggest an mpd config? Far simpler; if it supports the NATM API, you should be able to run userland ppp to begin with over it. This is documented in the Handbook now. Whilst userland PPP is 'teh suck', for the purposes of verifying that your configuration is working, it's useful. BMS From owner-freebsd-net@FreeBSD.ORG Sat Mar 27 10:14:03 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1CC7516A4D1 for ; Sat, 27 Mar 2004 10:14:03 -0800 (PST) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id DAC9543D66 for ; Sat, 27 Mar 2004 10:14:02 -0800 (PST) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 218BC65216; Sat, 27 Mar 2004 18:14:02 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 99919-02-3; Sat, 27 Mar 2004 18:14:01 +0000 (GMT) Received: from empiric.dek.spc.org (82-147-17-88.dsl.uk.rapidplay.com [82.147.17.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id BBF8B65211; Sat, 27 Mar 2004 18:14:00 +0000 (GMT) Received: by empiric.dek.spc.org (Postfix, from userid 1001) id 0DFFF610C; Sat, 27 Mar 2004 18:14:00 +0000 (GMT) Date: Sat, 27 Mar 2004 18:14:00 +0000 From: Bruce M Simpson To: Wes Peters Message-ID: <20040327181400.GE90316@empiric.dek.spc.org> Mail-Followup-To: Wes Peters , Bakul Shah , "Marc G. Fournier" , freebsd-net@freebsd.org References: <200403261908.i2QJ8lHA078562@gate.bitblocks.com> <200403261419.37797.wes@softweyr.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200403261419.37797.wes@softweyr.com> cc: Bakul Shah cc: freebsd-net@freebsd.org Subject: Re: Looking for switch recommendations ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Mar 2004 18:14:03 -0000 On Fri, Mar 26, 2004 at 02:19:37PM -0800, Wes Peters wrote: > bit. The HP ProCurves perform well and are reliable and (relatively) > cheap. And indeed, the infrastructure for most of the off-shore data-haven HavenCo on the Principality of Sealand was built on ProCurve switches. Not only are they VLAN-capable, but they're SSH-capable, too. Now if only SPC.org had more equipment budget... :-) BMS From owner-freebsd-net@FreeBSD.ORG Sat Mar 27 12:26:06 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE67B16A4CE for ; Sat, 27 Mar 2004 12:26:06 -0800 (PST) Received: from risky.niblet.co.uk (risky.niblet.co.uk [80.177.236.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F20B43D31 for ; Sat, 27 Mar 2004 12:26:06 -0800 (PST) (envelope-from matt@kittycat.co.uk) Received: from sakura.niblet.co.uk ([80.177.236.68] helo=sakura) by risky.niblet.co.uk with smtp (Exim 4.30; FreeBSD) id 1B7KNu-0004q5-BW for freebsd-net@freebsd.org; Sat, 27 Mar 2004 20:26:26 +0000 From: "Matt Sealey" To: Date: Sat, 27 Mar 2004 20:26:15 -0000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <200403271332.i2RDWtdF031292@spooky.eis.net.au> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: RE: PCI ADSL card and PPPoA X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: matt@niblet.co.uk List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Mar 2004 20:26:07 -0000 According to the docs, you don't need to run PPP; http://adsl4linux.no-ip.org/freebsd/pulsar_freebsd_howto ~~~~ Reboot and connect the ADSL line. Once the driver is loaded the Status LED (Yellow) will come an and the Link LED (Green) will flash. After about 20-30seconds the Link LED will stop flashing once line sync is achieved. Now configure the IP address and netmask... ifconfig ngeth0 inet 203.1.2.3 netmask 255.255.255.0 At this point you should be able to ping your ISP's gateway. Now set up your routing and you should have full internet access. ~~~~ -- Matt Sealey > -----Original Message----- > From: owner-freebsd-net@freebsd.org > [mailto:owner-freebsd-net@freebsd.org]On Behalf Of User Ernie > Sent: 27 March 2004 13:33 > To: freebsd-net@freebsd.org > Subject: PCI ADSL card and PPPoA > > > Firstly I have to warn you I am a Netgraph newbie,and despite looking for > hours, I have not found much of a tutorial on how it all fits together. > > I recently obtained a PCI ADSl modem card, Pulsar ADSL from Traverse > Technologies http://www.traverse.com.au > > They have some test FreeBSD drivers http://adsl4linux.no-ip.org/pulsar.html > that implement a bridge mode ADSL connection using netgraph modules: > > Id Refs Address Size Name > 1 8 0xc0400000 65ab28 kernel > 2 1 0xc0a5b000 7794 ng_atm.ko > 3 4 0xc0a63000 14abc netgraph.ko > 4 1 0xc0a78000 386c ng_eiface.ko > 5 2 0xc0a7c000 3030 atm_aal.ko > 6 1 0xc0a80000 440dc if_pls.ko > 7 1 0xc0ac5000 2d50 ng_atmllc.ko > > > This all seems to work fine, the modules load up and I get an ADSL sync > light on the ADSL PCI card. > > However I need to run PPPoE or PPPoA to connect to my ISP, > I tried user ppp and mpd but the both complained that the interface was not > ethernet. > > Is it possible to use some like ng_ppp and mpd to hook to this card so I > can establish a PPPoA session? If so can anyone suggest an mpd config? > > - Ernie. > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Sat Mar 27 12:55:57 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4517016A4CE for ; Sat, 27 Mar 2004 12:55:57 -0800 (PST) Received: from spooky.eis.net.au (spooky.eis.net.au [203.12.171.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9BAF443D39 for ; Sat, 27 Mar 2004 12:55:56 -0800 (PST) (envelope-from ernie@spooky.eis.net.au) Received: (from ernie@localhost) by spooky.eis.net.au (8.12.11/8.12.10) id i2RKts0M078063; Sun, 28 Mar 2004 06:55:54 +1000 (EST) (envelope-from ernie) From: User Ernie Message-Id: <200403272055.i2RKts0M078063@spooky.eis.net.au> In-Reply-To: <20040327181345.GD90316@empiric.dek.spc.org> To: Bruce M Simpson Date: Sun, 28 Mar 2004 06:55:54 +1000 (EST) X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: PCI ADSL card and PPPoA X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Mar 2004 20:55:57 -0000 > On Sat, Mar 27, 2004 at 11:32:55PM +1000, User Ernie wrote: > > Is it possible to use some like ng_ppp and mpd to hook to this card so I > > can establish a PPPoA session? If so can anyone suggest an mpd config? > > Far simpler; if it supports the NATM API, you should be able to run > userland ppp to begin with over it. This is documented in the Handbook > now. Whilst userland PPP is 'teh suck', for the purposes of verifying that > your configuration is working, it's useful. > > BMS > I looked in the handbook orgilginally, chapter 18.6 is where I learnt about mpd. The userland PPP example for PPPoA seemed to use and externam USB modem. Which section is the NATM example in? - Ernie.