From owner-freebsd-net@FreeBSD.ORG Sun Jun 13 11:26:15 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D8DB16A4CE; Sun, 13 Jun 2004 11:26:15 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id D964043D39; Sun, 13 Jun 2004 11:26:14 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.209] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1BZMz4-00022G-00; Sun, 13 Jun 2004 06:52:42 +0200 Received: from [80.131.157.223] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1BZMz3-0004FE-00; Sun, 13 Jun 2004 06:52:42 +0200 From: Max Laier To: current@freebsd.org Date: Sun, 13 Jun 2004 06:53:30 +0200 User-Agent: KMail/1.6.2 MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_T39yA0DijV64XFm"; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200406130653.39527.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:e28873fbe4dbe612ce62ab869898ff08 cc: pf4freebsd@freelists.org cc: net@freebsd.org Subject: HEADSUP: About to link ALTQ to the build (ABI break) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jun 2004 11:26:15 -0000 --Boundary-02=_T39yA0DijV64XFm Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline All, as some might know, I recently imported the ALTQ framework with the=20 perspective to replace the existing queueing with this advanced system. Whi= le=20 ALTQ is designed in a fashion to be API compatible with the old "struct=20 ifqueue" it does break the ABI by chaning the size of ifnet.if_snd! I am now ready to commit this change. During the first commit I will not=20 change the queueing at all. It will only change the if_snd member of struct= =20 ifnet and bring in new macros and some build glue. In a next step I will convert the various if_output routines (in if_*subr.c= )=20 to use the new ENQUEUE/HANDOFF operations. The final step then is to convert the network drivers to use the new DEQUEU= E=20 operations and to flip the per-driver flag that indicates that the driver i= s=20 ready for ATLQ. The new DEQUEUE operation also bring along some extra candy in terms of=20 reducing locking overhead: It will now be possible to do "bulk dequeues" i.= e.=20 transfering more than one packet from the system to the driver with only on= e=20 lock operation. The amount of packets transfered at once is tuneable.=20 Enabling ALTQ on a device will disable bulk dequeue to avoid irritations wi= th=20 the timing, though. The patch is at: http://people.freebsd.org/~mlaier/altq.patch I plan to commit this Sunday night(CEST) provided that no problems occure w= ith=20 the newly merged socket locking et al. =2D-=20 Best regards, | mlaier@freebsd.org Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet --Boundary-02=_T39yA0DijV64XFm Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAy93TXyyEoT62BG0RAmc1AJ4uAFXap5L+YQRT837vwz09jwyL5wCdEs/I QIpAkX/2yjEiexOQELuVHSE= =C+rD -----END PGP SIGNATURE----- --Boundary-02=_T39yA0DijV64XFm-- From owner-freebsd-net@FreeBSD.ORG Sun Jun 13 20:22:53 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3246D16A4D0; Sun, 13 Jun 2004 20:22:53 +0000 (GMT) Received: from genius.tao.org.uk (genius.tao.org.uk [212.135.162.51]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F8B543D31; Sun, 13 Jun 2004 20:22:51 +0000 (GMT) (envelope-from joe@tao.org.uk) Received: by genius.tao.org.uk (Postfix, from userid 100) id A42D342DA; Sun, 13 Jun 2004 21:22:36 +0100 (BST) Date: Sun, 13 Jun 2004 21:22:36 +0100 From: Josef Karthauser To: hackers@freebsd.org, net@FreeBSD.org Message-ID: <20040613202236.GJ4570@genius.tao.org.uk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="GQS4QOk0ejoUc4Db" Content-Disposition: inline User-Agent: Mutt/1.5.6i Subject: 100mhz Wavelab on -current PCI and PCCARD. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jun 2004 20:22:53 -0000 --GQS4QOk0ejoUc4Db Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Does anyone have wireless experience? I'm off to the US next week and I thought I'd buy some (cheaper) wireless kit whilst I'm out there. I would like to run 100mb wireless (802.11g?) on both my laptop and my home server which I guess means that I'd like a recommendation for both pccard as well as pci. I'm running -current on the laptop and -stable on the server, although this can be upgraded to 5.x if necessary. The server is currently an ethernet bridging firewall (IPFW) and ideally I'd like to be able to filter the wireless segment also. Is it possible to using a wireless card in the machine and be able to filter at a MAC address level? I want a bit of control of the network. Is there a recommended configuration? Joe --=20 Josef Karthauser (joe@tao.org.uk) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D An eclectic mix of fact an= d theory. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --GQS4QOk0ejoUc4Db Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iEYEARECAAYFAkDMt4wACgkQXVIcjOaxUBYlPgCgun9OyKjKaFMmKN147sIZ4sq+ TXMAoL9e1f07AJMC/+beC8RB1khxpxVh =04/b -----END PGP SIGNATURE----- --GQS4QOk0ejoUc4Db-- From owner-freebsd-net@FreeBSD.ORG Mon Jun 14 08:11:47 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 804DB16A4CE for ; Mon, 14 Jun 2004 08:11:47 +0000 (GMT) Received: from diaspar.rdsnet.ro (diaspar.rdsnet.ro [213.157.165.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id A2F4243D4C for ; Mon, 14 Jun 2004 08:11:46 +0000 (GMT) (envelope-from dudu@diaspar.rdsnet.ro) Received: (qmail 88698 invoked by uid 89); 14 Jun 2004 08:13:08 -0000 Received: from unknown (HELO diaspar.rdsnet.ro) (dudu@diaspar.rdsnet.ro@213.157.165.224) by 0 with AES256-SHA encrypted SMTP; 14 Jun 2004 08:13:08 -0000 Date: Mon, 14 Jun 2004 11:13:05 +0300 From: Vlad GALU To: freebsd-net@freebsd.org Message-Id: <20040614111305.4e06f328.dudu@diaspar.rdsnet.ro> X-Mailer: Sylpheed version 0.9.10 (GTK+ 1.2.10; i386-portbld-freebsd4.9) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="Signature=_Mon__14_Jun_2004_11_13_05_+0300_dL7/BCNTB4+mygu=" Subject: Fw: Re: A quagga-related issue X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jun 2004 08:11:47 -0000 --Signature=_Mon__14_Jun_2004_11_13_05_+0300_dL7/BCNTB4+mygu= Content-Type: multipart/mixed; boundary="Multipart=_Mon__14_Jun_2004_11_13_05_+0300_9nthHlJcxcq4Cx5h" --Multipart=_Mon__14_Jun_2004_11_13_05_+0300_9nthHlJcxcq4Cx5h Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit Begin forwarded message: Date: Mon, 14 Jun 2004 09:03:19 +0100 From: Bruce M Simpson To: Vlad GALU Subject: Re: A quagga-related issue Hi, Unfortunately I'm not a quagga developer, so you might have better luck getting an answer to your question by posting to -net or asking on the Quagga forums. I think there may be a configuration option to change the behaviour you're talking about but can't recall what it might be. Regards, BMS On Mon, Jun 14, 2004 at 09:43:43AM +0300, Vlad GALU wrote: > > I've set up a BGP session with a Cisco peer. For some reasons, I > wanted > all connected routes to be redistributed to BGP. On the same system > that ran quagga (a FreeBSD machine) I had openvpn open several hundred > interfaces (btw, about the minor number generation, that was OK. I > don't know why mc kept showing strange numbers) at once. The problems > relies in the fact that tun interfaces can't be removed. Then quagga > parses the list of interfaces to gather the connected routes. Because > the tun interfaces are still there, quagga reports the routes as well. > How would you feel about changing the code a little bit, for quagga > not adding the routes connected to interfaces marked as 'down' ? ---- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it. --Multipart=_Mon__14_Jun_2004_11_13_05_+0300_9nthHlJcxcq4Cx5h Content-Type: application/pgp-signature; name="00000000.mimetmp" Content-Disposition: attachment; filename="00000000.mimetmp" Content-Transfer-Encoding: base64 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KQ29tbWVudDogJycKCmlEOERCUUZBelZ2R3Vl VXBBWVlOdFRzUkFzOC9BSjlpb0kxUXBIblVUd3lPQ08yWG1aV05lMWQ3OEFDZEd5bjEKOHJ2eGV5 eDZQQkZXeVFuelQrdDZxVHc9Cj10aVllCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQoK --Multipart=_Mon__14_Jun_2004_11_13_05_+0300_9nthHlJcxcq4Cx5h-- --Signature=_Mon__14_Jun_2004_11_13_05_+0300_dL7/BCNTB4+mygu= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAzV4UP5WtpVOrzpcRAuC/AJ9ISxyN200WQ2gZfzp1IcWcPfyBcQCfZ5lh N3cTgXcs5t/hSPbhmlP5ntw= =uck0 -----END PGP SIGNATURE----- --Signature=_Mon__14_Jun_2004_11_13_05_+0300_dL7/BCNTB4+mygu=-- From owner-freebsd-net@FreeBSD.ORG Mon Jun 14 11:01:52 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C11416A4CE for ; Mon, 14 Jun 2004 11:01:52 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B29F43D2D for ; Mon, 14 Jun 2004 11:01:52 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i5EB1dAm072594 for ; Mon, 14 Jun 2004 11:01:39 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i5EB1cEV072589 for freebsd-net@freebsd.org; Mon, 14 Jun 2004 11:01:38 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 14 Jun 2004 11:01:38 GMT Message-Id: <200406141101.i5EB1cEV072589@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jun 2004 11:01:52 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/07/11] kern/54383 net NFS root configurations without dynamic p 1 problem total. From owner-freebsd-net@FreeBSD.ORG Mon Jun 14 14:50:02 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E791016A4CE for ; Mon, 14 Jun 2004 14:50:02 +0000 (GMT) Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 89A6943D5F for ; Mon, 14 Jun 2004 14:50:02 +0000 (GMT) (envelope-from jim@thehousleys.net) Received: from thehousleys.net ([24.34.30.131]) by comcast.net (sccrmhc11) with ESMTP id <2004061414484201100ficcte>; Mon, 14 Jun 2004 14:48:43 +0000 Received: from localhost (localhost [127.0.0.1]) by thehousleys.net (8.12.9p2/8.12.9) with ESMTP id i5EEmghk094593 for ; Mon, 14 Jun 2004 10:48:42 -0400 (EDT) (envelope-from jim@Thehousleys.net) Received: from thehousleys.net ([127.0.0.1]) by localhost (cat.int.thehousleys.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 94369-07 for ; Mon, 14 Jun 2004 10:48:39 -0400 (EDT) Received: from Thehousleys.net (baby.int.thehousleys.net [192.168.0.100]) (authenticated bits=0) by thehousleys.net (8.12.9p2/8.12.9) with ESMTP id i5EEmZia094587 for ; Mon, 14 Jun 2004 10:48:35 -0400 (EDT) (envelope-from jim@Thehousleys.net) Message-ID: <40CDBAC2.50403@Thehousleys.net> Date: Mon, 14 Jun 2004 10:48:34 -0400 From: James Housley User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040208 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@FreeBSD.org Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms010605000300010407060502" X-Virus-Scanned: by amavisd-new at thehousleys.net Subject: Using netgraph for filtering/modifing packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jun 2004 14:50:03 -0000 This is a cryptographically signed message in MIME format. --------------ms010605000300010407060502 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit For testing of a product I would like to be able to modify or even drop packets based on their content. What I have in mind is forcing the packets through a firewall that would redirect all packet to a netgraph node that would either pass unchanged, drop or change the contents to assist in testing some corner cases in the code. 1) is this something doable with netgraph, I believe it is. 2) what might be a good place to start? Have done some searching, but haven't found any example code I thought I could start from. Thanks, Jim -- /"\ ASCII Ribbon Campaign . \ / - NO HTML/RTF in e-mail . X - NO Word docs in e-mail . / \ ----------------------------------------------------------------- jeh@FreeBSD.org http://www.FreeBSD.org The Power to Serve jim@TheHousleys.Net http://www.TheHousleys.net --------------------------------------------------------------------- Your mouse has moved. Windows NT must be restarted for the change to take effect! Reboot now? [OK] --------------ms010605000300010407060502 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJIzCC AuwwggJVoAMCAQICAwucmTANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwMTMxMTkxMTAwWhcNMDUwMTMwMTkxMTAw WjBeMRAwDgYDVQQEEwdIb3VzbGV5MQ4wDAYDVQQqEwVKYW1lczEWMBQGA1UEAxMNSmFtZXMg SG91c2xleTEiMCAGCSqGSIb3DQEJARYTamltQHRoZWhvdXNsZXlzLm5ldDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAM70siVrpNeIN29fGXTeZx4DuD8BQDzS4F9QLhypRRv2 aL+B1DvaX3spU9O7TktIKeXwJ4pN7iiL6RFXX53QdyXht96ILFVuSsYxM3vaAI+M446KmMKL 1PT033SFCQVb8/DsbJPGQqMauWfon9hdjx8B+PqZyMDRoprj2mJrlUtaGwUGDMYzsE+qG+dY v20Z9JH1nXVxMpsktz1kON2oFWmemobcoGO2swhb5CmG7KYiKKZW/ItsDwhu5ZebeB63UkUl SL/+GiUPiieGxnptEDYf5RH/wdN/29I7IeZuab8YajAk2WO+68vAYA3+d/nTgX9YCeGdkPS6 9KxDELa7c8MCAwEAAaMwMC4wHgYDVR0RBBcwFYETamltQHRoZWhvdXNsZXlzLm5ldDAMBgNV HRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBALGpfU4DorG1pNJyzuGAeJY0QWUrZMDmryk/ r08DfcBpE/BicfJXEuee41NWh+7Y2Y4fVdaAo5UAtjDjj8novARRt2rtGv9M9+7OKoTsx20O JKNBCiJWc53MscEapsc4fvvCl2Cf/TBl1AESJgTkjHHxoyTDNaadvV0lowHakwhOMIIC7DCC AlWgAwIBAgIDC5yZMA0GCSqGSIb3DQEBBAUAMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxU aGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwg RnJlZW1haWwgSXNzdWluZyBDQTAeFw0wNDAxMzExOTExMDBaFw0wNTAxMzAxOTExMDBaMF4x EDAOBgNVBAQTB0hvdXNsZXkxDjAMBgNVBCoTBUphbWVzMRYwFAYDVQQDEw1KYW1lcyBIb3Vz bGV5MSIwIAYJKoZIhvcNAQkBFhNqaW1AdGhlaG91c2xleXMubmV0MIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAzvSyJWuk14g3b18ZdN5nHgO4PwFAPNLgX1AuHKlFG/Zov4HU O9pfeylT07tOS0gp5fAnik3uKIvpEVdfndB3JeG33ogsVW5KxjEze9oAj4zjjoqYwovU9PTf dIUJBVvz8Oxsk8ZCoxq5Z+if2F2PHwH4+pnIwNGimuPaYmuVS1obBQYMxjOwT6ob51i/bRn0 kfWddXEymyS3PWQ43agVaZ6ahtygY7azCFvkKYbspiIoplb8i2wPCG7ll5t4HrdSRSVIv/4a JQ+KJ4bGem0QNh/lEf/B03/b0jsh5m5pvxhqMCTZY77ry8BgDf53+dOBf1gJ4Z2Q9Lr0rEMQ trtzwwIDAQABozAwLjAeBgNVHREEFzAVgRNqaW1AdGhlaG91c2xleXMubmV0MAwGA1UdEwEB /wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAsal9TgOisbWk0nLO4YB4ljRBZStkwOavKT+vTwN9 wGkT8GJx8lcS557jU1aH7tjZjh9V1oCjlQC2MOOPyei8BFG3au0a/0z37s4qhOzHbQ4ko0EK IlZzncyxwRqmxzh++8KXYJ/9MGXUARImBOSMcfGjJMM1pp29XSWjAdqTCE4wggM/MIICqKAD AgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVy biBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5n MSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtU aGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZy ZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQsw CQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoG A1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJKoZIhvcN AQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2vX8MOmHy v1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9A74r/rsY Pge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEwEgYDVR0T AQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRoYXd0ZS5jb20v VGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYwKQYDVR0RBCIwIKQe MBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEBBQUAA4GBAEiM0VCD 6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCTcDz9reFhYsPZOhl+hLGZ GwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo05RAaWzVNd+NWIXiC 3CEZNd4ksdMdRv9dX2VPMYIDOzCCAzcCAQEwaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFs IEZyZWVtYWlsIElzc3VpbmcgQ0ECAwucmTAJBgUrDgMCGgUAoIIBpzAYBgkqhkiG9w0BCQMx CwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNDA2MTQxNDQ4MzRaMCMGCSqGSIb3DQEJ BDEWBBQkVrNtvAvqZe7fgufCWMwi4St7RjBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMH MA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIB KDB4BgkrBgEEAYI3EAQxazBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29u c3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwg SXNzdWluZyBDQQIDC5yZMHoGCyqGSIb3DQEJEAILMWugaTBiMQswCQYDVQQGEwJaQTElMCMG A1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBl cnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAwucmTANBgkqhkiG9w0BAQEFAASCAQAqCLjv vTYoGU2lHXuYf9Z52p+XbMC25M3Jd7BYcoHPXu/JexoGckr+SZQuS6LrAZzKaCuCsPNd0XZt 9VPoFvzySvkF5QSdqKNk414KnnEYlSDFqy2e3G6NkRkdlx6VOz4ZM+e65SoUv3Q4Z61Hndr3 6sa7ZFn0um5R7XI5mHcSC/gixuR7815unr4hzfmouKVB0C40JZZuJeb5l0g0BAY8M2YoNya5 IUdht4GpIuXBJQ8LDq4AAJOnyXIY3naFSsqN824lRdlYJZd/iG37UV2mdV2mihehQblwx+xT BF6JgPk+vNUgBVswOhlRWih+DWlEBeheGgkKOZtDAkb54n+oAAAAAAAA --------------ms010605000300010407060502-- From owner-freebsd-net@FreeBSD.ORG Mon Jun 14 15:00:53 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1527016A4CE for ; Mon, 14 Jun 2004 15:00:53 +0000 (GMT) Received: from mx01.bos.ma.towardex.com (mx01.bos.ma.towardex.com [65.124.16.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id E0B0643D1F for ; Mon, 14 Jun 2004 15:00:52 +0000 (GMT) (envelope-from haesu@mx01.bos.ma.towardex.com) Received: by mx01.bos.ma.towardex.com (TowardEX ESMTP 3.0p11_DAKN, from userid 1001) id 7297B2F8FA; Mon, 14 Jun 2004 11:00:25 -0400 (EDT) Date: Mon, 14 Jun 2004 11:00:25 -0400 From: James To: Vlad GALU Message-ID: <20040614150025.GA43698@scylla.towardex.com> References: <20040614111305.4e06f328.dudu@diaspar.rdsnet.ro> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040614111305.4e06f328.dudu@diaspar.rdsnet.ro> User-Agent: Mutt/1.4.1i cc: freebsd-net@freebsd.org Subject: Re: Fw: Re: A quagga-related issue X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jun 2004 15:00:53 -0000 can you try running 'sh ip route a.b.c.d', where a.b.c.d is the connected route in question, to an interface that is down? Does it shown down/unavailable? (on zebra telnet port 2601 cli or vtysh) If it shows DOWN/not available, quagga will not redistribute. The problem is that quagga can't know whether tunnel is down or up. if tunnel is up, it passes packets between two endpoints. if its down, it doesn't. i think a solution to this is to provide link detection of tunneling interfaces by providing a heartbeat or keepalives, but thats more work heh. -J On Mon, Jun 14, 2004 at 11:13:05AM +0300, Vlad GALU wrote: > > > Begin forwarded message: > > Date: Mon, 14 Jun 2004 09:03:19 +0100 > From: Bruce M Simpson > To: Vlad GALU > Subject: Re: A quagga-related issue > > > Hi, > > Unfortunately I'm not a quagga developer, so you might have better luck > getting an answer to your question by posting to -net or asking on the > Quagga forums. I think there may be a configuration option to change the > behaviour you're talking about but can't recall what it might be. > > Regards, > BMS > > On Mon, Jun 14, 2004 at 09:43:43AM +0300, Vlad GALU wrote: > > > > I've set up a BGP session with a Cisco peer. For some reasons, I > > wanted > > all connected routes to be redistributed to BGP. On the same system > > that ran quagga (a FreeBSD machine) I had openvpn open several hundred > > interfaces (btw, about the minor number generation, that was OK. I > > don't know why mc kept showing strange numbers) at once. The problems > > relies in the fact that tun interfaces can't be removed. Then quagga > > parses the list of interfaces to gather the connected routes. Because > > the tun interfaces are still there, quagga reports the routes as well. > > How would you feel about changing the code a little bit, for quagga > > not adding the routes connected to interfaces marked as 'down' ? > > > > ---- > If it's there, and you can see it, it's real. > If it's not there, and you can see it, it's virtual. > If it's there, and you can't see it, it's transparent. > If it's not there, and you can't see it, you erased it. -- James Jun TowardEX Technologies, Inc. Technical Lead Network Design, Consulting, IT Outsourcing james@towardex.com Boston-based Colocation & Bandwidth Services cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net From owner-freebsd-net@FreeBSD.ORG Mon Jun 14 16:19:48 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE49B16A4CE for ; Mon, 14 Jun 2004 16:19:48 +0000 (GMT) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 011D343D46 for ; Mon, 14 Jun 2004 16:19:48 +0000 (GMT) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i5EGJTu1019261 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 14 Jun 2004 20:19:30 +0400 (MSD) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i5EGJTNP019260; Mon, 14 Jun 2004 20:19:29 +0400 (MSD) Date: Mon, 14 Jun 2004 20:19:29 +0400 From: Gleb Smirnoff To: James Housley Message-ID: <20040614161929.GA19167@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , James Housley , freebsd-net@freebsd.org References: <40CDBAC2.50403@Thehousleys.net> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <40CDBAC2.50403@Thehousleys.net> User-Agent: Mutt/1.5.6i cc: freebsd-net@freebsd.org Subject: Re: Using netgraph for filtering/modifing packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jun 2004 16:19:48 -0000 On Mon, Jun 14, 2004 at 10:48:34AM -0400, James Housley wrote: J> For testing of a product I would like to be able to modify or even drop J> packets based on their content. What I have in mind is forcing the J> packets through a firewall that would redirect all packet to a netgraph J> node that would either pass unchanged, drop or change the contents to J> assist in testing some corner cases in the code. To pass traffic from ipfw to netgraph and back in you need divert rule and ng_ksocket listening on divert socket. J> 1) is this something doable with netgraph, I believe it is. J> J> 2) what might be a good place to start? Have done some searching, but J> haven't found any example code I thought I could start from. see /usr/src/sys/netgraph/ng_sample.c and article http://www.daemonnews.org/200003/netgraph.html -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Mon Jun 14 17:28:41 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 944FF16A4CE for ; Mon, 14 Jun 2004 17:28:41 +0000 (GMT) Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id 33DAD43D2F for ; Mon, 14 Jun 2004 17:28:41 +0000 (GMT) (envelope-from jim@thehousleys.net) Received: from thehousleys.net ([24.34.30.131]) by comcast.net (sccrmhc12) with SMTP id <20040614172813012002e8o5e>; Mon, 14 Jun 2004 17:28:13 +0000 Received: from localhost (localhost [127.0.0.1]) by thehousleys.net (8.12.9p2/8.12.9) with ESMTP id i5EHSChk000644; Mon, 14 Jun 2004 13:28:12 -0400 (EDT) (envelope-from jim@Thehousleys.net) Received: from thehousleys.net ([127.0.0.1]) by localhost (cat.int.thehousleys.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00574-04; Mon, 14 Jun 2004 13:28:09 -0400 (EDT) Received: from Thehousleys.net (baby.int.thehousleys.net [192.168.0.100]) (authenticated bits=0) by thehousleys.net (8.12.9p2/8.12.9) with ESMTP id i5EHS7ia000636; Mon, 14 Jun 2004 13:28:07 -0400 (EDT) (envelope-from jim@Thehousleys.net) Message-ID: <40CDE026.3040502@Thehousleys.net> Date: Mon, 14 Jun 2004 13:28:06 -0400 From: James Housley User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040208 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@FreeBSD.org References: In-Reply-To: Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms000506070009080700090807" X-Virus-Scanned: by amavisd-new at thehousleys.net Subject: Re: Using netgraph for filtering/modifing packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jun 2004 17:28:41 -0000 This is a cryptographically signed message in MIME format. --------------ms000506070009080700090807 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Julian Elischer wrote: > > On Mon, 14 Jun 2004, James Housley wrote: > > >>For testing of a product I would like to be able to modify or even drop >>packets based on their content. What I have in mind is forcing the >>packets through a firewall that would redirect all packet to a netgraph >>node that would either pass unchanged, drop or change the contents to >>assist in testing some corner cases in the code. >> >>1) is this something doable with netgraph, I believe it is. > > > yes > > > >>2) what might be a good place to start? Have done some searching, but >>haven't found any example code I thought I could start from. > > > What sort of filter do you need? > > you can pass packets to netgraph from ipfw by diverting them and > openning a divert socket with teh ksocket node.. > > Or you can pick them directly from the network interface > and filter yourself using the 'bpf' node type to select > on something. > or you can use the etf type of node to filter on a particular > ethertype.. > > there are a lot of options but I don't knw your application enough :-) > I have a product that is connected to a PC via eithernet. The product runs FBSD, but I would likely put another FBSD box in the middle. I want to be able modify packets for good and evil based on the data portion of the packet. For example to ocasionally drop a packet that is acking some command. Or send an ack for a command that was never sent. Or just change data to be invalid. Then after messing with the data portion put it back in the queue to be sent, if it wasn't just dropped. Jim -- /"\ ASCII Ribbon Campaign . \ / - NO HTML/RTF in e-mail . X - NO Word docs in e-mail . / \ ----------------------------------------------------------------- jeh@FreeBSD.org http://www.FreeBSD.org The Power to Serve jim@TheHousleys.Net http://www.TheHousleys.net --------------------------------------------------------------------- "Eagles may soar, but weasels don't get sucked into jet engines" -- Anon --------------ms000506070009080700090807 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJIzCC AuwwggJVoAMCAQICAwucmTANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwMTMxMTkxMTAwWhcNMDUwMTMwMTkxMTAw WjBeMRAwDgYDVQQEEwdIb3VzbGV5MQ4wDAYDVQQqEwVKYW1lczEWMBQGA1UEAxMNSmFtZXMg SG91c2xleTEiMCAGCSqGSIb3DQEJARYTamltQHRoZWhvdXNsZXlzLm5ldDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAM70siVrpNeIN29fGXTeZx4DuD8BQDzS4F9QLhypRRv2 aL+B1DvaX3spU9O7TktIKeXwJ4pN7iiL6RFXX53QdyXht96ILFVuSsYxM3vaAI+M446KmMKL 1PT033SFCQVb8/DsbJPGQqMauWfon9hdjx8B+PqZyMDRoprj2mJrlUtaGwUGDMYzsE+qG+dY v20Z9JH1nXVxMpsktz1kON2oFWmemobcoGO2swhb5CmG7KYiKKZW/ItsDwhu5ZebeB63UkUl SL/+GiUPiieGxnptEDYf5RH/wdN/29I7IeZuab8YajAk2WO+68vAYA3+d/nTgX9YCeGdkPS6 9KxDELa7c8MCAwEAAaMwMC4wHgYDVR0RBBcwFYETamltQHRoZWhvdXNsZXlzLm5ldDAMBgNV HRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBALGpfU4DorG1pNJyzuGAeJY0QWUrZMDmryk/ r08DfcBpE/BicfJXEuee41NWh+7Y2Y4fVdaAo5UAtjDjj8novARRt2rtGv9M9+7OKoTsx20O JKNBCiJWc53MscEapsc4fvvCl2Cf/TBl1AESJgTkjHHxoyTDNaadvV0lowHakwhOMIIC7DCC AlWgAwIBAgIDC5yZMA0GCSqGSIb3DQEBBAUAMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxU aGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwg RnJlZW1haWwgSXNzdWluZyBDQTAeFw0wNDAxMzExOTExMDBaFw0wNTAxMzAxOTExMDBaMF4x EDAOBgNVBAQTB0hvdXNsZXkxDjAMBgNVBCoTBUphbWVzMRYwFAYDVQQDEw1KYW1lcyBIb3Vz bGV5MSIwIAYJKoZIhvcNAQkBFhNqaW1AdGhlaG91c2xleXMubmV0MIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAzvSyJWuk14g3b18ZdN5nHgO4PwFAPNLgX1AuHKlFG/Zov4HU O9pfeylT07tOS0gp5fAnik3uKIvpEVdfndB3JeG33ogsVW5KxjEze9oAj4zjjoqYwovU9PTf dIUJBVvz8Oxsk8ZCoxq5Z+if2F2PHwH4+pnIwNGimuPaYmuVS1obBQYMxjOwT6ob51i/bRn0 kfWddXEymyS3PWQ43agVaZ6ahtygY7azCFvkKYbspiIoplb8i2wPCG7ll5t4HrdSRSVIv/4a JQ+KJ4bGem0QNh/lEf/B03/b0jsh5m5pvxhqMCTZY77ry8BgDf53+dOBf1gJ4Z2Q9Lr0rEMQ trtzwwIDAQABozAwLjAeBgNVHREEFzAVgRNqaW1AdGhlaG91c2xleXMubmV0MAwGA1UdEwEB /wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAsal9TgOisbWk0nLO4YB4ljRBZStkwOavKT+vTwN9 wGkT8GJx8lcS557jU1aH7tjZjh9V1oCjlQC2MOOPyei8BFG3au0a/0z37s4qhOzHbQ4ko0EK IlZzncyxwRqmxzh++8KXYJ/9MGXUARImBOSMcfGjJMM1pp29XSWjAdqTCE4wggM/MIICqKAD AgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVy biBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5n MSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtU aGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZy ZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQsw CQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoG A1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJKoZIhvcN AQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2vX8MOmHy v1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9A74r/rsY Pge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEwEgYDVR0T AQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRoYXd0ZS5jb20v VGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYwKQYDVR0RBCIwIKQe MBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEBBQUAA4GBAEiM0VCD 6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCTcDz9reFhYsPZOhl+hLGZ GwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo05RAaWzVNd+NWIXiC 3CEZNd4ksdMdRv9dX2VPMYIDOzCCAzcCAQEwaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFs IEZyZWVtYWlsIElzc3VpbmcgQ0ECAwucmTAJBgUrDgMCGgUAoIIBpzAYBgkqhkiG9w0BCQMx CwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNDA2MTQxNzI4MDdaMCMGCSqGSIb3DQEJ BDEWBBQ0ImqciWgqokQMUu2aXxQol30eSDBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMH MA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIB KDB4BgkrBgEEAYI3EAQxazBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29u c3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwg SXNzdWluZyBDQQIDC5yZMHoGCyqGSIb3DQEJEAILMWugaTBiMQswCQYDVQQGEwJaQTElMCMG A1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBl cnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAwucmTANBgkqhkiG9w0BAQEFAASCAQA8Tol3 +QoAOCENab4Auny3IwcirOI9PKpZmZk2KbgodPl/aB9sEp0kobVU7GVFkwvWiVpIUv2uoGR4 1kdbzlUFvWyHmM9FQX3GPe+ZFWFxIWUnzoBP2nBsf/drPvqJCx7fVzTIReyUfl4LXspNolB+ bUHKzMeCGqg6YWgE/EXjSH1QhXYHXcovb4cE/BN3XYN5dwwpFwyC7ii1J4VvN02KSBwFSboU QwYILOwMeL+yU4IZ09BbT1NJ/L7c9yj+0vUDQf3bTXZs47dZBAoA/VYFiO2gzFWUgYGi1uHb BmWEV2L+TaW4ie7SMa2ry9/9oP5RxJKCL7gVmS+iyZIF2w4DAAAAAAAA --------------ms000506070009080700090807-- From owner-freebsd-net@FreeBSD.ORG Mon Jun 14 17:35:56 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BEEBA16A4CE for ; Mon, 14 Jun 2004 17:35:56 +0000 (GMT) Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B16F43D41 for ; Mon, 14 Jun 2004 17:35:56 +0000 (GMT) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([24.7.73.28]) by comcast.net (sccrmhc11) with ESMTP id <2004061417192301100ff07je>; Mon, 14 Jun 2004 17:19:23 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id KAA30773; Mon, 14 Jun 2004 10:19:22 -0700 (PDT) Date: Mon, 14 Jun 2004 10:19:20 -0700 (PDT) From: Julian Elischer To: James Housley In-Reply-To: <40CDBAC2.50403@Thehousleys.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@FreeBSD.org Subject: Re: Using netgraph for filtering/modifing packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jun 2004 17:35:56 -0000 On Mon, 14 Jun 2004, James Housley wrote: > For testing of a product I would like to be able to modify or even drop > packets based on their content. What I have in mind is forcing the > packets through a firewall that would redirect all packet to a netgraph > node that would either pass unchanged, drop or change the contents to > assist in testing some corner cases in the code. > > 1) is this something doable with netgraph, I believe it is. yes > > 2) what might be a good place to start? Have done some searching, but > haven't found any example code I thought I could start from. What sort of filter do you need? you can pass packets to netgraph from ipfw by diverting them and openning a divert socket with teh ksocket node.. Or you can pick them directly from the network interface and filter yourself using the 'bpf' node type to select on something. or you can use the etf type of node to filter on a particular ethertype.. there are a lot of options but I don't knw your application enough :-) Julian > > Thanks, > Jim > > -- > /"\ ASCII Ribbon Campaign . > \ / - NO HTML/RTF in e-mail . > X - NO Word docs in e-mail . > / \ ----------------------------------------------------------------- > jeh@FreeBSD.org http://www.FreeBSD.org The Power to Serve > jim@TheHousleys.Net http://www.TheHousleys.net > --------------------------------------------------------------------- > Your mouse has moved. > Windows NT must be restarted for the change to take effect! > > Reboot now? [OK] > From owner-freebsd-net@FreeBSD.ORG Mon Jun 14 17:45:12 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1553F16A4D0 for ; Mon, 14 Jun 2004 17:45:12 +0000 (GMT) Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id C5EF243D4C for ; Mon, 14 Jun 2004 17:45:11 +0000 (GMT) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([24.7.73.28]) by comcast.net (sccrmhc12) with ESMTP id <20040614174510012002jc5te>; Mon, 14 Jun 2004 17:45:10 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id KAA30988; Mon, 14 Jun 2004 10:38:29 -0700 (PDT) Date: Mon, 14 Jun 2004 10:38:27 -0700 (PDT) From: Julian Elischer To: James Housley In-Reply-To: <40CDE026.3040502@Thehousleys.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@FreeBSD.org Subject: Re: Using netgraph for filtering/modifing packets. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jun 2004 17:45:12 -0000 On Mon, 14 Jun 2004, James Housley wrote: > > I have a product that is connected to a PC via eithernet. The product > runs FBSD, but I would likely put another FBSD box in the middle. I want > to be able modify packets for good and evil based on the data portion of > the packet. > > For example to ocasionally drop a packet that is acking some command. Or > send an ack for a command that was never sent. Or just change data to be > invalid. > > Then after messing with the data portion put it back in the queue to be > sent, if it wasn't just dropped. > > Jim > Is this product running over.. 1/ your own low-level protocol use netgraph etf node to divert packets to userland for processing by a program (using 'socket' node) example: nghook or 2/ IP? 2a/ UDP? or 2b/ some proprietary IP protocol? use ipfw and 'divert' to divert to a userland program for manipulation example: natd or tcpmssd (in ports/net) From owner-freebsd-net@FreeBSD.ORG Mon Jun 14 17:46:17 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E56E16A4CE for ; Mon, 14 Jun 2004 17:46:17 +0000 (GMT) Received: from ciar.org (adsl-63-201-134-205.dsl.snfc21.pacbell.net [63.201.134.205]) by mx1.FreeBSD.org (Postfix) with SMTP id 0920643D39 for ; Mon, 14 Jun 2004 17:46:17 +0000 (GMT) (envelope-from robp@hardpoint.ciar.org) Received: (qmail 17532 invoked by uid 1022); 14 Jun 2004 17:43:18 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 14 Jun 2004 17:43:18 -0000 Date: Mon, 14 Jun 2004 10:43:18 -0700 (PDT) From: Rob Pascual To: freebsd-net@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: DWL-650 RevP and OLDCARD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jun 2004 17:46:17 -0000 Hi. Sorry if this has been covered before. I purchased a D-Link DWL-650, and it turned out to be the newer RevP model. I built the NDIS wrapper around drivers from the windows CD, but it doesn't seem to pick up the card. I tried using that both as a module, and built into my kernel. My laptop is old enough that it only works with OLDCARD, could this be a problem? I tried adding an appropriate entry to pccard.conf telling it to use the ndis driver, but still nothing. Does anyone have any tips to get this working? My laptop is running -current as of about a couple days ago. Any help is appreciated! From owner-freebsd-net@FreeBSD.ORG Mon Jun 14 18:44:48 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C5BE16A4CF for ; Mon, 14 Jun 2004 18:44:48 +0000 (GMT) Received: from ganymede.hub.org (u46n208.hfx.eastlink.ca [24.222.46.208]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC62943D54 for ; Mon, 14 Jun 2004 18:44:47 +0000 (GMT) (envelope-from scrappy@hub.org) Received: by ganymede.hub.org (Postfix, from userid 1000) id C645F60E80; Mon, 14 Jun 2004 15:43:58 -0300 (ADT) Received: from localhost (localhost [127.0.0.1]) by ganymede.hub.org (Postfix) with ESMTP id B938B60E78 for ; Mon, 14 Jun 2004 15:43:58 -0300 (ADT) Date: Mon, 14 Jun 2004 15:43:58 -0300 (ADT) From: "Marc G. Fournier" To: freebsd-net@freebsd.org Message-ID: <20040614153339.N53657@ganymede.hub.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: snmpwalk from jail -> snmp server ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jun 2004 18:44:48 -0000 Have a jail setup that I want to be able to do a snmpwalk from to another server ... but, for some reason, I get a 'sendto' error: zabbix# snmpwalk -v 1 -c public jupiter.hub.org system SNMPv2-MIB::sysDescr.0 = STRING: FreeBSD jupiter.hub.org 4.10-STABLE FreeBSD 4.10-STABLE #8: Fri Jun i386 snmpwalk: Failure in sendto (Invalid argument) zabbix# jupiter is a different machine then zabbix, and I have an rocommunity set in the snmpd.conf file ... the rest is pretty much defaults ... If I run the same command on neptune (zabbix's base server), I get the full MIB as expected ... its only from the jail that it doesn't appear to work ... thoughts? ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664 From owner-freebsd-net@FreeBSD.ORG Mon Jun 14 18:52:04 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 74CC716A4CF for ; Mon, 14 Jun 2004 18:52:04 +0000 (GMT) Received: from cmsrelay02.mx.net (cmsrelay02.mx.net [165.212.11.111]) by mx1.FreeBSD.org (Postfix) with SMTP id 0A31343D2D for ; Mon, 14 Jun 2004 18:52:04 +0000 (GMT) (envelope-from noackjr@alumni.rice.edu) Received: from uadvg128.cms.usa.net (165.212.11.128) by cmsoutbound.mx.net with SMTP; 14 Jun 2004 18:51:20 -0000 Received: from optimator.noacks.org [70.240.243.152] by uadvg128.cms.usa.net (ASMTP/noackjr@usa.net) via mtad (C8.MAIN.3.13N) with ESMTP id 240iFNszs0120M28; Mon, 14 Jun 2004 18:51:17 GMT X-USANET-Auth: 70.240.243.152 AUTH noackjr@usa.net optimator.noacks.org Received: from localhost (localhost [127.0.0.1]) by optimator.noacks.org (Postfix) with ESMTP id 35AE06171; Mon, 14 Jun 2004 13:51:17 -0500 (CDT) Received: from optimator.noacks.org ([127.0.0.1]) by localhost (optimator.noacks.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 04520-07; Mon, 14 Jun 2004 13:51:16 -0500 (CDT) Received: from compgeek.noacks.org (compgeek [192.168.1.10]) by optimator.noacks.org (Postfix) with ESMTP id EA1D96114; Mon, 14 Jun 2004 13:51:15 -0500 (CDT) Received: from [127.0.0.1] (localhost.noacks.org [127.0.0.1]) by compgeek.noacks.org (8.12.11/8.12.11) with ESMTP id i5EIpFr8004120; Mon, 14 Jun 2004 13:51:15 -0500 (CDT) (envelope-from noackjr@alumni.rice.edu) Message-ID: <40CDF3A3.7000608@alumni.rice.edu> Date: Mon, 14 Jun 2004 13:51:15 -0500 From: Jon Noack User-Agent: Mozilla Thunderbird 0.6 (X11/20040531) X-Accept-Language: en-us, en MIME-Version: 1.0 To: James Housley References: <40CDE026.3040502@Thehousleys.net> In-Reply-To: <40CDE026.3040502@Thehousleys.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at noacks.org cc: freebsd-net@FreeBSD.org Subject: Re: Using netgraph for filtering/modifing packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: noackjr@alumni.rice.edu List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jun 2004 18:52:04 -0000 On 06/14/04 12:28, James Housley wrote: > Julian Elischer wrote: >> On Mon, 14 Jun 2004, James Housley wrote: >>> For testing of a product I would like to be able to modify or even drop >>> packets based on their content. What I have in mind is forcing the >>> packets through a firewall that would redirect all packet to a netgraph >>> node that would either pass unchanged, drop or change the contents to >>> assist in testing some corner cases in the code. >>> >>> 1) is this something doable with netgraph, I believe it is. >> >> yes >> >>> 2) what might be a good place to start? Have done some searching, but >>> haven't found any example code I thought I could start from. >> >> What sort of filter do you need? >> >> you can pass packets to netgraph from ipfw by diverting them and >> openning a divert socket with teh ksocket node.. >> >> Or you can pick them directly from the network interface >> and filter yourself using the 'bpf' node type to select on something. >> or you can use the etf type of node to filter on a particular ethertype.. >> >> there are a lot of options but I don't knw your application enough :-) > > I have a product that is connected to a PC via eithernet. The product > runs FBSD, but I would likely put another FBSD box in the middle. I > want to be able modify packets for good and evil based on the data > portion of the packet. > > For example to ocasionally drop a packet that is acking some command. > Or send an ack for a command that was never sent. Or just change data > to be invalid. > > Then after messing with the data portion put it back in the queue to be > sent, if it wasn't just dropped.sys/net/bridge.c This will only get you the first of the three requirements you mentioned, but it is quite easy to setup: You can simulate a lossy link with dummynet. A few years ago I setup a test environment on a machine with 8 network ports acting as a bridge. With a few scripts I could set each port to simulate a modem, dsl, cable, or t1-connected client (independent up and down bandwidth, delay, packet loss rate, etc.). I also had an "overseas" option to increase the delay. The product we were testing was a peer-to-peer networking engine with failover capability. It worked quite well (after applying a patch from Luigi to allow bridge to work without one_pass -- reminded him about the patch and he finally committed it in rev. 1.55 of sys/net/bridge.c). It was quite a success, and uncovered many timing related issues with our product. Handling modem clients gracefully was the hardest part, and made me feel a bit nostalgic; using a simulated modem link was just as frustrating as the real thing! Jon Noack From owner-freebsd-net@FreeBSD.ORG Mon Jun 14 23:40:22 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9D43116A4CE for ; Mon, 14 Jun 2004 23:40:22 +0000 (GMT) Received: from spooky.eis.net.au (spooky.eis.net.au [203.12.171.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id E5D7C43D48 for ; Mon, 14 Jun 2004 23:40:21 +0000 (GMT) (envelope-from ernie@spooky.eis.net.au) Received: (from ernie@localhost) by spooky.eis.net.au (8.12.11/8.12.11) id i5ENeBNe059409 for freebsd-net@freebsd.org; Tue, 15 Jun 2004 09:40:11 +1000 (EST) (envelope-from ernie) From: User Ernie Message-Id: <200406142340.i5ENeBNe059409@spooky.eis.net.au> To: freebsd-net@freebsd.org Date: Tue, 15 Jun 2004 09:40:11 +1000 (EST) X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Subject: QOLSR X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jun 2004 23:40:22 -0000 Anybody tried to port QOLSR across to FreeBSD? http://qolsr.lri.fr/desc/qolsr.html It's basically OLSR with QoS, looks very interesting. - Ernie. From owner-freebsd-net@FreeBSD.ORG Tue Jun 15 08:45:50 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D0D616A4CE for ; Tue, 15 Jun 2004 08:45:50 +0000 (GMT) Received: from proton.hexanet.fr (proton.hexanet.fr [81.23.32.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7322F43D58 for ; Tue, 15 Jun 2004 08:45:49 +0000 (GMT) (envelope-from c.prevotaux@hexanet.fr) Received: from hexanet.fr (localhost [127.0.0.1]) by proton.hexanet.fr (Postfix) with SMTP id 9A93D4C915; Tue, 15 Jun 2004 10:44:42 +0200 (CEST) Date: Tue, 15 Jun 2004 10:44:42 +0200 From: Christophe Prevotaux To: User Ernie Message-Id: <20040615104442.2f6bbdc0.c.prevotaux@hexanet.fr> In-Reply-To: <200406142340.i5ENeBNe059409@spooky.eis.net.au> References: <200406142340.i5ENeBNe059409@spooky.eis.net.au> Organization: HEXANET Sarl X-Mailer: Sylpheed version 0.9.6 (GTK+ 1.2.10; i386-portbld-freebsd4.9) X-NCC-RegID: fr.hexanet Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: QOLSR X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jun 2004 08:45:50 -0000 I am also very interested in this however I know no one who is porting it. On Tue, 15 Jun 2004 09:40:11 +1000 (EST) User Ernie wrote: > Anybody tried to port QOLSR across to FreeBSD? > > http://qolsr.lri.fr/desc/qolsr.html > > It's basically OLSR with QoS, looks very interesting. > > - Ernie. -- Christophe Prevotaux From owner-freebsd-net@FreeBSD.ORG Tue Jun 15 09:01:48 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A980116A4CE for ; Tue, 15 Jun 2004 09:01:48 +0000 (GMT) Received: from phuket.psconsult.nl (ps226.psconsult.nl [213.222.19.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id A180543D49 for ; Tue, 15 Jun 2004 09:01:46 +0000 (GMT) (envelope-from fb-net@psconsult.nl) Received: from phuket.psconsult.nl (localhost [127.0.0.1]) by phuket.psconsult.nl (8.12.8p2/8.12.8) with ESMTP id i5F91ZYe043867 for ; Tue, 15 Jun 2004 11:01:35 +0200 (CEST) (envelope-from fb-net@psconsult.nl) Received: (from paul@localhost) by phuket.psconsult.nl (8.12.8p2/8.12.8/Submit) id i5F91Zfp043866 for freebsd-net@freebsd.org; Tue, 15 Jun 2004 11:01:35 +0200 (CEST) Date: Tue, 15 Jun 2004 11:01:34 +0200 From: Paul Schenkeveld To: freebsd-net@freebsd.org Message-ID: <20040615090134.GA43670@psconsult.nl> Mail-Followup-To: freebsd-net@freebsd.org References: <40CDE026.3040502@Thehousleys.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <40CDE026.3040502@Thehousleys.net> User-Agent: Mutt/1.5.6i Subject: Re: Using netgraph for filtering/modifing packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jun 2004 09:01:48 -0000 On Mon, Jun 14, 2004 at 01:28:06PM -0400, James Housley wrote: > Julian Elischer wrote: > > > >On Mon, 14 Jun 2004, James Housley wrote: > > > > > >>For testing of a product I would like to be able to modify or even drop > >>packets based on their content. What I have in mind is forcing the > >>packets through a firewall that would redirect all packet to a netgraph > >>node that would either pass unchanged, drop or change the contents to > >>assist in testing some corner cases in the code. > >> > >>1) is this something doable with netgraph, I believe it is. > > > > > >yes > > > > > > > >>2) what might be a good place to start? Have done some searching, but > >>haven't found any example code I thought I could start from. > > > > > >What sort of filter do you need? > > > >you can pass packets to netgraph from ipfw by diverting them and > >openning a divert socket with teh ksocket node.. > > > >Or you can pick them directly from the network interface > >and filter yourself using the 'bpf' node type to select > >on something. > >or you can use the etf type of node to filter on a particular > >ethertype.. > > > >there are a lot of options but I don't knw your application enough :-) > > > > I have a product that is connected to a PC via eithernet. The product > runs FBSD, but I would likely put another FBSD box in the middle. I want > to be able modify packets for good and evil based on the data portion of > the packet. > > For example to ocasionally drop a packet that is acking some command. Or > send an ack for a command that was never sent. Or just change data to be > invalid. > > Then after messing with the data portion put it back in the queue to be > sent, if it wasn't just dropped. If you are talking about a TCP based protocol and you want to change the conversation between the client and the server, you probably don't want to drop or alter packets at the network level or you'd have to recalculate sequence numbers and checksums. To modify the client-server conversation (e.g. to see if evil clients can hack your server) it might be much easier to write a small application level proxy to alter or drop packets. With TCP based protocols this is (I think) the easiest solution, with UDP is is probably a bit easier than the netgraph approach. > > Jim Regards, Paul Schenkeveld, Consultant PSconsult ICT Services BV From owner-freebsd-net@FreeBSD.ORG Tue Jun 15 09:03:43 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD40716A4CE for ; Tue, 15 Jun 2004 09:03:43 +0000 (GMT) Received: from tigra.ip.net.ua (tigra.ip.net.ua [82.193.96.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE69A43D2F for ; Tue, 15 Jun 2004 09:03:42 +0000 (GMT) (envelope-from ru@ip.net.ua) Received: from heffalump.ip.net.ua (heffalump.ip.net.ua [82.193.96.213]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id i5F99i1a098492 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 15 Jun 2004 12:09:45 +0300 (EEST) (envelope-from ru@ip.net.ua) Received: (from ru@localhost) by heffalump.ip.net.ua (8.12.11/8.12.11) id i5F93MAv065099; Tue, 15 Jun 2004 12:03:22 +0300 (EEST) (envelope-from ru) Date: Tue, 15 Jun 2004 12:03:22 +0300 From: Ruslan Ermilov To: Jon Noack Message-ID: <20040615090322.GA64885@ip.net.ua> References: <40CDE026.3040502@Thehousleys.net> <40CDF3A3.7000608@alumni.rice.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Qxx1br4bt0+wmkIi" Content-Disposition: inline In-Reply-To: <40CDF3A3.7000608@alumni.rice.edu> User-Agent: Mutt/1.5.6i X-Virus-Scanned: by amavisd-new X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: net@FreeBSD.org Subject: Re: Using netgraph for filtering/modifing packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jun 2004 09:03:43 -0000 --Qxx1br4bt0+wmkIi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 14, 2004 at 01:51:15PM -0500, Jon Noack wrote: > You can simulate a lossy link with dummynet. >=20 A week or so ago, I've written a simple ng_drop(4) module which drops packets with a programmed probability. If this is of any interest to anyone, let me know. There's also a thingie floating around called ng_dummy(4). Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --Qxx1br4bt0+wmkIi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAzrtaqRfpzJluFF4RAkP+AJ0aF0fqGqHXxX/kQe7uIQxK1PYLuQCfUy9/ O03clFj9pB62aGbksCyf8RM= =2g2O -----END PGP SIGNATURE----- --Qxx1br4bt0+wmkIi-- From owner-freebsd-net@FreeBSD.ORG Tue Jun 15 09:57:02 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A400316A4D1 for ; Tue, 15 Jun 2004 09:57:02 +0000 (GMT) Received: from hanoi.cronyx.ru (hanoi.cronyx.ru [144.206.181.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id CAA3F43D49 for ; Tue, 15 Jun 2004 09:57:01 +0000 (GMT) (envelope-from rik@cronyx.ru) Received: (from root@localhost) by hanoi.cronyx.ru id i5F9r8Yk033206 for net@FreeBSD.org.checked; (8.12.8/vak/2.1) Tue, 15 Jun 2004 13:53:08 +0400 (MSD) (envelope-from rik@cronyx.ru) Received: from cronyx.ru (hi.cronyx.ru [144.206.181.94]) by hanoi.cronyx.ru with ESMTP id i5F9qukT033172; (8.12.8/vak/2.1) Tue, 15 Jun 2004 13:52:56 +0400 (MSD) (envelope-from rik@cronyx.ru) Message-ID: <40CEC6B9.6080703@cronyx.ru> Date: Tue, 15 Jun 2004 13:51:53 +0400 From: Roman Kurakin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031208 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Josef Karthauser References: <20040613202236.GJ4570@genius.tao.org.uk> In-Reply-To: <20040613202236.GJ4570@genius.tao.org.uk> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit cc: hackers@freebsd.org cc: net@FreeBSD.org Subject: Re: 100mhz Wavelab on -current PCI and PCCARD. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jun 2004 09:57:02 -0000 Hi, We use SMC cards, and SMS hubs (they have a couple of normal ports). I didn't heard about problems with pccard variant and hubs works just fine. But pci cards works unstable.Since I do not work in that segment and I don't have any in my PCs I can't say why we have problems with them. rik Josef Karthauser wrote: >Does anyone have wireless experience? I'm off to the US next week and I >thought I'd buy some (cheaper) wireless kit whilst I'm out there. I >would like to run 100mb wireless (802.11g?) on both my laptop and my >home server which I guess means that I'd like a recommendation for both >pccard as well as pci. I'm running -current on the laptop and -stable >on the server, although this can be upgraded to 5.x if necessary. The >server is currently an ethernet bridging firewall (IPFW) and ideally I'd >like to be able to filter the wireless segment also. Is it possible to >using a wireless card in the machine and be able to filter at a MAC >address level? I want a bit of control of the network. Is there a >recommended configuration? > >Joe > > From owner-freebsd-net@FreeBSD.ORG Tue Jun 15 15:49:54 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0727B16A4CE for ; Tue, 15 Jun 2004 15:49:54 +0000 (GMT) Received: from mail102.csoft.net (lilly.csoft.net [63.111.22.101]) by mx1.FreeBSD.org (Postfix) with SMTP id 675BB43D45 for ; Tue, 15 Jun 2004 15:49:53 +0000 (GMT) (envelope-from mcc@lilly.csoft.net) Received: (qmail 20625 invoked by uid 2562); 15 Jun 2004 15:49:47 -0000 Message-ID: <20040615154947.20624.qmail@mail102.csoft.net> X-IMAP-Sender: mcc FCC: imap://mcc@mail102.csoft.net/INBOX/Sent X-Identity-Key: id2 Date: Tue, 15 Jun 2004 11:49:26 -0400 From: "Michael C. Cambria" X-Mozilla-Draft-Info: internal/draft; vcard=0; receipt=0; uuencode=0 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: snd_wl1 and the tcp send window X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jun 2004 15:49:54 -0000 Hi, I'm seeing a problem that today that has been discussed on this list in the past according to the freebsd-net archives. However, I can't find any resolution. The archives do suggest several changes to tcp_input.c to "fix" the problem, but those changes are not in 4.10 or 5.2.1. What I see looks like it has been described already in the thread related to: Message-ID: <20020417160045.GQ343@fubar.damon.com> I believe that I'm hitting exactly what is described in the archived message: > In the ack processing code (step 6), the variable snd_wl1 tracks the > newest sequence number that we've seen. It helps prevent snd_wnd from > being reopened on re-transmitted data. If snd_wl1 is greater than > received sequence #, we skip it. [deleted] > > Since snd_wl1 is only updated if the condition is true -- we're stuck. > snd_wl1 is only updated with in SYN/FIN processing code and in step 6. > > So if we process 2GB in the header prediction code -- where the step 6 > never executes, and then somehow reach step 6. snd_wnd collapses and > tcp_output stops sending. That discussion took place ~18 months ago and nothing seems to be different in tcp_input.c related to snd_wl1 and snd_wl2. Is this a real issue or did I just screw something up? It looks like the header prediction case should update snd_wl1 & snd_wl2. I am using GigE, and the application is doing very long message transfers. Both nodes are on the same GigE switch. Should snd_wl1 & snd_wl2 be updated in the header prediction case? Thanks, MikeC From owner-freebsd-net@FreeBSD.ORG Tue Jun 15 15:53:38 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2660F16A4CE for ; Tue, 15 Jun 2004 15:53:38 +0000 (GMT) Received: from mta4.adelphia.net (mta4.adelphia.net [68.168.78.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC1BF43D45 for ; Tue, 15 Jun 2004 15:53:37 +0000 (GMT) (envelope-from rneese@adelphia.net) Received: from developer.no-ip.com ([69.160.7.248]) by mta13.adelphia.net (InterMail vM.5.01.06.08 201-253-122-130-108-20031117) with ESMTP id <20040615155203.KAIJ16060.mta13.adelphia.net@developer.no-ip.com> for ; Tue, 15 Jun 2004 11:52:03 -0400 From: Richard Neese To: freebsd-net@freebsd.org Date: Tue, 15 Jun 2004 11:52:07 -0400 User-Agent: KMail/1.6.2 References: <200406142340.i5ENeBNe059409@spooky.eis.net.au> <20040615104442.2f6bbdc0.c.prevotaux@hexanet.fr> In-Reply-To: <20040615104442.2f6bbdc0.c.prevotaux@hexanet.fr> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200406151152.08014.rneese@adelphia.net> Subject: Re: QOLSR X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jun 2004 15:53:38 -0000 I am looking at it now. seeing what I can do... Will give you headsp in the next few days.. From owner-freebsd-net@FreeBSD.ORG Tue Jun 15 16:02:27 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B086616A4CE for ; Tue, 15 Jun 2004 16:02:27 +0000 (GMT) Received: from proton.hexanet.fr (proton.hexanet.fr [81.23.32.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id F2EF043D49 for ; Tue, 15 Jun 2004 16:02:26 +0000 (GMT) (envelope-from c.prevotaux@hexanet.fr) Received: from hexanet.fr (localhost [127.0.0.1]) by proton.hexanet.fr (Postfix) with SMTP id CC9CA4C915 for ; Tue, 15 Jun 2004 18:01:55 +0200 (CEST) Date: Tue, 15 Jun 2004 18:01:55 +0200 From: Christophe Prevotaux To: freebsd-net@freebsd.org Message-Id: <20040615180155.347dcf28.c.prevotaux@hexanet.fr> In-Reply-To: <200406151152.08014.rneese@adelphia.net> References: <200406142340.i5ENeBNe059409@spooky.eis.net.au> <20040615104442.2f6bbdc0.c.prevotaux@hexanet.fr> <200406151152.08014.rneese@adelphia.net> Organization: HEXANET Sarl X-Mailer: Sylpheed version 0.9.6 (GTK+ 1.2.10; i386-portbld-freebsd4.9) X-NCC-RegID: fr.hexanet Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: QOLSR X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jun 2004 16:02:27 -0000 It seems the QOS part of it has not been released yet. On Tue, 15 Jun 2004 11:52:07 -0400 Richard Neese wrote: > I am looking at it now. seeing what I can do... > > Will give you headsp in the next few days.. -- =============================================================== Christophe Prevotaux =============================================================== From owner-freebsd-net@FreeBSD.ORG Tue Jun 15 19:04:04 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 43DDE16A4CE for ; Tue, 15 Jun 2004 19:04:04 +0000 (GMT) Received: from mproxy.gmail.com (rproxy.gmail.com [64.233.170.197]) by mx1.FreeBSD.org (Postfix) with SMTP id E18DE43D49 for ; Tue, 15 Jun 2004 19:04:01 +0000 (GMT) (envelope-from aldrinleal@gmail.com) Received: by mproxy.gmail.com with SMTP id 34so56509rnh for ; Tue, 15 Jun 2004 12:03:52 -0700 (PDT) Received: by 10.38.97.26 with SMTP id u26mr92627rnb; Tue, 15 Jun 2004 11:57:12 -0700 (PDT) Message-ID: <3534b0b3040615115713cc3589@mail.gmail.com> Date: Tue, 15 Jun 2004 15:57:12 -0300 From: Aldrin Leal To: freebsd-net@freebsd.org, freebsd-hackers@freebsd.org, freebsd-ipfw@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Bridging Code - MAC Filtering X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jun 2004 19:04:04 -0000 Hello, Does the bridging code in FreeBSD 5.2-RELEASE have the hability to perform mac checking for a given IP? If it doesn't, does any kernel hacker could point me to places where i could do it myself? Maybe proper pointers on debugging the bridging facilities, tips, general guidance and so forth? Thanks in advance! -- Aldrin Leal, aldrinleal@gmail.com From owner-freebsd-net@FreeBSD.ORG Tue Jun 15 19:18:42 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2786616A4CF; Tue, 15 Jun 2004 19:18:42 +0000 (GMT) Received: from mx.hostarica.com (mx.hostarica.com [196.40.45.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 82CEC43D5E; Tue, 15 Jun 2004 19:18:41 +0000 (GMT) (envelope-from jose@hostarica.com) Received: from localhost (localhost.hostarica.com [127.0.0.1]) by mx.hostarica.com (Postfix) with ESMTP id 1D096F777; Tue, 15 Jun 2004 13:21:55 -0600 (CST) Received: from [192.168.0.69] (unknown [192.168.0.69]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.hostarica.com (Postfix) with ESMTP id 0994AF770; Tue, 15 Jun 2004 13:21:54 -0600 (CST) From: Jose Hidalgo Herrera To: Aldrin Leal In-Reply-To: <3534b0b3040615115713cc3589@mail.gmail.com> References: <3534b0b3040615115713cc3589@mail.gmail.com> Organization: Corp. Hosta Rica Message-Id: <1087327033.65518.3.camel@jose.hostarica.net> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Tue, 15 Jun 2004 13:17:14 -0600 X-Virus-Scanned: by amavisd 0.1 Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: freebsd-net@freebsd.org cc: jose@hostarica.com cc: freebsd-ipfw@freebsd.org Subject: Re: Bridging Code - MAC Filtering X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jose@hostarica.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jun 2004 19:18:42 -0000 I use arpwatch to monitor IPs, because I filter everything via IP address(ipfw) so if any user plays hacker I'm gonna kick his xxx : - ) On Tue, 2004-06-15 at 12:57, Aldrin Leal wrote: > Hello, > > Does the bridging code in FreeBSD 5.2-RELEASE have the hability > to perform mac checking for a given IP? > > If it doesn't, does any kernel hacker could point me to places > where i could do it myself? Maybe proper pointers on debugging the > bridging facilities, tips, general guidance and so forth? > > Thanks in advance! > > -- Aldrin Leal, aldrinleal@gmail.com > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" -- Jose Hidalgo PGP: 15524480 jose at hostarica.com From owner-freebsd-net@FreeBSD.ORG Tue Jun 15 20:01:10 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 84C3716A4CE; Tue, 15 Jun 2004 20:01:10 +0000 (GMT) Received: from deliver.epitech.net (deliver.epitech.net [163.5.0.25]) by mx1.FreeBSD.org (Postfix) with SMTP id 8A41843D48; Tue, 15 Jun 2004 20:01:09 +0000 (GMT) (envelope-from le-hen_j@epita.fr) Received: from epita.fr ([10.42.1.60]) by deliver.epitech.net (SAVSMTP 3.1.2.35) with SMTP id M2004061521554324027 ; Tue, 15 Jun 2004 21:55:43 +0200 Received: from annelo (annelo.epita.fr [10.42.120.68]) by epita.fr id i5FK0iw23071 Tue, 15 Jun 2004 22:00:44 +0200 (CEST) Date: Tue, 15 Jun 2004 22:00:43 +0200 From: Jeremie Le Hen To: Aldrin Leal Message-ID: <20040615200043.GB11154@annelo.epita.fr> References: <3534b0b3040615115713cc3589@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3534b0b3040615115713cc3589@mail.gmail.com> User-Agent: Mutt/1.4i cc: freebsd-net@freebsd.org cc: freebsd-ipfw@freebsd.org cc: freebsd-hackers@freebsd.org Subject: Re: Bridging Code - MAC Filtering X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jun 2004 20:01:10 -0000 > Does the bridging code in FreeBSD 5.2-RELEASE have the hability > to perform mac checking for a given IP? Since you can filter bridged packets using ipfw(8) and the latter is able to match against MAC address, I would say yes. Nevertheless, it may not be suitable enough for your needs, because it requires changing your rules each time you add a machine or change a network card. Regards, -- Jeremie LE HEN aka TtZ/TataZ jeremie.le-hen@epita.fr ttz@epita.fr Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread! From owner-freebsd-net@FreeBSD.ORG Tue Jun 15 20:02:59 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D409016A4CE for ; Tue, 15 Jun 2004 20:02:59 +0000 (GMT) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 52ADD43D45 for ; Tue, 15 Jun 2004 20:02:59 +0000 (GMT) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 4FF9F651FA; Tue, 15 Jun 2004 21:02:36 +0100 (BST) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 83502-02-6; Tue, 15 Jun 2004 21:02:35 +0100 (BST) Received: from empiric.dek.spc.org (82-147-17-88.dsl.uk.rapidplay.com [82.147.17.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 9C626651EB; Tue, 15 Jun 2004 21:02:35 +0100 (BST) Received: by empiric.dek.spc.org (Postfix, from userid 1001) id E4F096119; Tue, 15 Jun 2004 21:02:34 +0100 (BST) Date: Tue, 15 Jun 2004 21:02:34 +0100 From: Bruce M Simpson To: Aldrin Leal Message-ID: <20040615200234.GC26312@empiric.dek.spc.org> Mail-Followup-To: Aldrin Leal , freebsd-net@freebsd.org References: <3534b0b3040615115713cc3589@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3534b0b3040615115713cc3589@mail.gmail.com> cc: freebsd-net@freebsd.org Subject: Re: Bridging Code - MAC Filtering X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jun 2004 20:02:59 -0000 On Tue, Jun 15, 2004 at 03:57:12PM -0300, Aldrin Leal wrote: > Does the bridging code in FreeBSD 5.2-RELEASE have the hability > to perform mac checking for a given IP? Please don't cross-post. You need to look at ipfw2 or pf's layer 2 filtering capabilities; this isn't a function of the bridging code. BMS From owner-freebsd-net@FreeBSD.ORG Tue Jun 15 20:07:11 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8337616A4CE; Tue, 15 Jun 2004 20:07:11 +0000 (GMT) Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11]) by mx1.FreeBSD.org (Postfix) with SMTP id 8AED043D48; Tue, 15 Jun 2004 20:07:10 +0000 (GMT) (envelope-from dwmalone@maths.tcd.ie) Received: from walton.maths.tcd.ie by salmon.maths.tcd.ie with SMTP id ; 15 Jun 2004 21:06:59 +0100 (BST) Date: Tue, 15 Jun 2004 21:06:59 +0100 From: David Malone To: Aldrin Leal Message-ID: <20040615200659.GA97862@walton.maths.tcd.ie> References: <3534b0b3040615115713cc3589@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3534b0b3040615115713cc3589@mail.gmail.com> User-Agent: Mutt/1.5.3i Sender: dwmalone@maths.tcd.ie cc: freebsd-net@freebsd.org cc: freebsd-ipfw@freebsd.org cc: freebsd-hackers@freebsd.org Subject: Re: Bridging Code - MAC Filtering X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jun 2004 20:07:11 -0000 On Tue, Jun 15, 2004 at 03:57:12PM -0300, Aldrin Leal wrote: > Does the bridging code in FreeBSD 5.2-RELEASE have the hability > to perform mac checking for a given IP? You could use ipfw2, which can match both on IP address and MAC address. David. From owner-freebsd-net@FreeBSD.ORG Wed Jun 16 06:58:13 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3AFAC16A510 for ; Wed, 16 Jun 2004 06:58:13 +0000 (GMT) Received: from amaunetsgothique.com (31.amaunetsgothique.com [69.17.34.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id D998E43D4C for ; Wed, 16 Jun 2004 06:58:12 +0000 (GMT) (envelope-from chort@amaunetsgothique.com) Received: from ([10.8.1.3]) by phalanx.amaunetsgothique.com with ESMTP ; Tue, 15 Jun 2004 23:57:24 -0700 Received: from [10.8.1.3] (abydos.amaunetsgothique.com [10.8.1.3]) by abydos.amaunetsgothique.com (Postfix) with ESMTP id 5BDEC1A43D for ; Tue, 15 Jun 2004 23:57:23 -0700 (PDT) From: Brian Keefer To: FreeBSD Net In-Reply-To: <40C8B906.7000904@mac.com> References: <20040610212709.A1672@eitzenberger.name> <40C8B906.7000904@mac.com> Content-Type: text/plain Organization: Message-Id: <1087369042.8720.21.camel@abydos.amaunetsgothique.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.4 Date: 15 Jun 2004 23:57:23 -0700 Content-Transfer-Encoding: 7bit Subject: Re: choosing another random number generator X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jun 2004 06:58:13 -0000 On Thu, 2004-06-10 at 12:39, Chuck Swiger wrote: > Consider getting something like: > > http://www.soekris.com/vpn1401.htm > > ...which will provide you with a hardware-based RNG. You'll need to enable > some options in the kernel to use it (search for HIFN in LINT)... Recent VIA C3 CPUs also have hardware RNG on-chip, and the very recent C3s actually have AES in hardware. The "to be released soon" C3s will have RSA, SHA1, and SHA256 on-chip. Now that's some pretty amazingly affordable hardware crypto (stand-alone CPUs go for around USD $40, while embedded in a board is anywhere from $160 - $240). I know that OpenBSD and Linux support the RNG and AES. I haven't yet checked to see if FreeBSD does. Would anyone happen to know off the top of their head? Any way, wouldn't RNG and crypto discussion be more relevant to the security list? -- Brian Keefer From owner-freebsd-net@FreeBSD.ORG Wed Jun 16 13:24:07 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DBA4516A4CE for ; Wed, 16 Jun 2004 13:24:07 +0000 (GMT) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6F4243D55 for ; Wed, 16 Jun 2004 13:24:07 +0000 (GMT) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id E9FA865211 for ; Wed, 16 Jun 2004 14:24:06 +0100 (BST) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 94962-01-21 for ; Wed, 16 Jun 2004 14:24:06 +0100 (BST) Received: from empiric.dek.spc.org (82-147-17-88.dsl.uk.rapidplay.com [82.147.17.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 8A3CC6520E for ; Wed, 16 Jun 2004 14:24:06 +0100 (BST) Received: by empiric.dek.spc.org (Postfix, from userid 1001) id AB78B611D; Wed, 16 Jun 2004 14:24:05 +0100 (BST) Date: Wed, 16 Jun 2004 14:24:05 +0100 From: Bruce M Simpson To: freebsd-net@freebsd.org Message-ID: <20040616132405.GB37246@empiric.dek.spc.org> Mail-Followup-To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: Must softc begin with arpcom? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jun 2004 13:24:08 -0000 In if_arp.h: 103 * The code is written so that each *_softc _must_ begin with a 104 * struct arpcom, which in turn _must_ begin with a struct ifnet. It seems to be that this may no longer be the case after luigi's recent cleanups (IFP2AC() and friends) which I nearly ended up duplicating. What say you? BMS From owner-freebsd-net@FreeBSD.ORG Wed Jun 16 13:36:27 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AFC7E16A4CE for ; Wed, 16 Jun 2004 13:36:27 +0000 (GMT) Received: from mail.borderware.com (mail.borderware.com [207.236.65.231]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2BBE043D41 for ; Wed, 16 Jun 2004 13:36:27 +0000 (GMT) (envelope-from fming@borderware.com) Message-ID: <40D04C08.2080703@borderware.com> Date: Wed, 16 Jun 2004 09:32:56 -0400 From: ming fu User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040413 Debian/1.6-5 X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: FreeBSD em ether driver lockup X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jun 2004 13:36:27 -0000 Hi, I have experienced em driver lockup. One of a port on a multi-port Intel Gigbit card would lockup. It can be unlocked by #ifconfig em2 down #ifconfig em2 up I beleive I have been hit by the same bug reported as kern/66634 Looking through the em driver code, I noticed the watchdog function is somewhat strange: static void em_watchdog(struct ifnet *ifp) { struct adapter * adapter; adapter = ifp->if_softc; /* If we are in this routine because of pause frames, then * don't reset the hardware. */ if (E1000_READ_REG(&adapter->hw, STATUS) & E1000_STATUS_TXOFF) { ifp->if_timer = EM_TX_TIMEOUT; return; } if (em_check_for_link(&adapter->hw)) printf("em%d: watchdog timeout -- resetting\n", adapter->unit); ifp->if_flags &= ~IFF_RUNNING; em_stop(adapter); em_init(adapter); ifp->if_oerrors++; return; } Would the if (E1000_READ_REG(&adapter->hw, STATUS) & E1000_STATUS_TXOFF) ever be false on a configured device? I checked several other watchdog function of different ether device drivers (fxp, bge). All pretty much go straight to stop / init the device. I think the watchdog is the last attempt the kernel try to bring back an interface, why subject this desperate action to a bit on the device's hardware? The hardware could be insane at the moment. Is there a suggestion on how to trigger the watchdog to be called. It is really time consuming to diagnose this as it takes hours or dates for the em to lockup once. Regards, Ming From owner-freebsd-net@FreeBSD.ORG Wed Jun 16 14:21:17 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B66A16A4CE for ; Wed, 16 Jun 2004 14:21:17 +0000 (GMT) Received: from smtp-1-relay.ci.uc.pt (smtp.ci.uc.pt [193.136.200.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 215DA43D1F for ; Wed, 16 Jun 2004 14:21:14 +0000 (GMT) (envelope-from camatos@student.dei.uc.pt) Received: from smtp-1.ci.uc.pt (localhost [127.0.0.1]) by smtp-1-relay.ci.uc.pt (Postfix) with ESMTP id 2F4692A979F for ; Wed, 16 Jun 2004 15:21:05 +0100 (WEST) Received: from theonelaptop.mshome.net (nomadix.uc.pt [193.136.202.156]) by smtp-1.ci.uc.pt (Postfix) with ESMTP id A27361728D1 for ; Wed, 16 Jun 2004 15:21:02 +0100 (WEST) Date: Wed, 16 Jun 2004 15:21:05 +0100 From: Carlos Matos X-Mailer: The Bat! (v1.62i) Organization: . X-Priority: 3 (Normal) Message-ID: <661505855.20040616152105@student.dei.uc.pt> To: net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 8bit Subject: Interfaces order X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Carlos Matos List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jun 2004 14:21:17 -0000 Hi, I'm trying to implement a mobile network. My Mobile router have two interfaces (sis0 and wi0). My problem is that the daemon "rtsold" that I am using, need to select the interface wi0, but is selecting the interface sis0. This appens because the sis0 interface appears first in the startup. There is some way to change the order of the interfaces that are configured in the startup? Thanks for the attention ********************************************** * * * Carlos Alberto Matos * * n.º 985011410 * * camatos@student.dei.uc.pt * * * ********************************************** From owner-freebsd-net@FreeBSD.ORG Wed Jun 16 14:34:39 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E02616A4CE for ; Wed, 16 Jun 2004 14:34:39 +0000 (GMT) Received: from av15-1-sn4.m-sp.skanova.net (av15-1-sn4.m-sp.skanova.net [81.228.10.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E55543D64 for ; Wed, 16 Jun 2004 14:34:38 +0000 (GMT) (envelope-from ertr1013@student.uu.se) Received: by av15-1-sn4.m-sp.skanova.net (Postfix, from userid 502) id 8DBF437E4D; Wed, 16 Jun 2004 16:33:16 +0200 (CEST) Received: from smtp4-2-sn4.m-sp.skanova.net (smtp4-2-sn4.m-sp.skanova.net [81.228.10.180]) by av15-1-sn4.m-sp.skanova.net (Postfix) with ESMTP id 7F26E37E43 for ; Wed, 16 Jun 2004 16:33:16 +0200 (CEST) Received: from falcon.midgard.homeip.net (h201n1fls24o1048.bredband.comhem.se [212.181.162.201]) by smtp4-2-sn4.m-sp.skanova.net (Postfix) with SMTP id 1B77D37E43 for ; Wed, 16 Jun 2004 16:33:16 +0200 (CEST) Received: (qmail 9398 invoked by uid 1001); 16 Jun 2004 14:33:15 -0000 Date: Wed, 16 Jun 2004 16:33:15 +0200 From: Erik Trulsson To: Carlos Matos Message-ID: <20040616143315.GA9385@falcon.midgard.homeip.net> Mail-Followup-To: Carlos Matos , net@freebsd.org References: <661505855.20040616152105@student.dei.uc.pt> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <661505855.20040616152105@student.dei.uc.pt> User-Agent: Mutt/1.5.6i cc: net@freebsd.org Subject: Re: Interfaces order X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jun 2004 14:34:39 -0000 On Wed, Jun 16, 2004 at 03:21:05PM +0100, Carlos Matos wrote: > Hi, > > I'm trying to implement a mobile network. My Mobile router have two > interfaces (sis0 and wi0). My problem is that the daemon "rtsold" > that I am using, need to select the interface wi0, but is selecting > the interface sis0. This appens because the sis0 interface appears > first in the startup. There is some way to change the order of the > interfaces that are configured in the startup? > > Thanks for the attention >From the manpage for rtsold it seems as if one of the parameters the daemon takes is which interface to use. Relying on the order in which interfaces are configured seems like a bad idea. -- Erik Trulsson ertr1013@student.uu.se From owner-freebsd-net@FreeBSD.ORG Wed Jun 16 16:14:12 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2F00E16A4CE for ; Wed, 16 Jun 2004 16:14:12 +0000 (GMT) Received: from rms04.rommon.net (rms04.rommon.net [212.54.2.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1785C43D46 for ; Wed, 16 Jun 2004 16:14:11 +0000 (GMT) (envelope-from pete@he.iki.fi) Received: from he.iki.fi (h86.vuokselantie10.fi [193.64.42.134]) by rms04.rommon.net (8.12.10/8.12.9) with ESMTP id i5GGDg3v041636; Wed, 16 Jun 2004 19:13:44 +0300 (EEST) (envelope-from pete@he.iki.fi) Message-ID: <40D071B6.2040902@he.iki.fi> Date: Wed, 16 Jun 2004 19:13:42 +0300 From: Petri Helenius User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ming fu References: <40D04C08.2080703@borderware.com> In-Reply-To: <40D04C08.2080703@borderware.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: FreeBSD em ether driver lockup X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jun 2004 16:14:12 -0000 ming fu wrote: > > Is there a suggestion on how to trigger the watchdog to be called. It > is really time consuming to diagnose this as it takes hours or dates > for the em to lockup once. Some vendors are kind enough to sell motherboards broken enough for em to never get interrupts. However the current driver does not fire a watchdog on those boards either. Pete From owner-freebsd-net@FreeBSD.ORG Wed Jun 16 16:54:09 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 428DC16A4CE for ; Wed, 16 Jun 2004 16:54:09 +0000 (GMT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id F064F43D49 for ; Wed, 16 Jun 2004 16:54:08 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.9p1/8.12.8) with ESMTP id i5GGrcgd047382; Wed, 16 Jun 2004 09:53:38 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.9p1/8.12.3/Submit) id i5GGrcdK047381; Wed, 16 Jun 2004 09:53:38 -0700 (PDT) (envelope-from rizzo) Date: Wed, 16 Jun 2004 09:53:38 -0700 From: Luigi Rizzo To: freebsd-net@freebsd.org Message-ID: <20040616095338.A46666@xorpc.icir.org> References: <20040616132405.GB37246@empiric.dek.spc.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20040616132405.GB37246@empiric.dek.spc.org>; from bms@spc.org on Wed, Jun 16, 2004 at 02:24:05PM +0100 Subject: Re: Must softc begin with arpcom? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jun 2004 16:54:09 -0000 On Wed, Jun 16, 2004 at 02:24:05PM +0100, Bruce M Simpson wrote: > In if_arp.h: > 103 * The code is written so that each *_softc _must_ begin with a > 104 * struct arpcom, which in turn _must_ begin with a struct ifnet. > > It seems to be that this may no longer be the case after luigi's > recent cleanups (IFP2AC() and friends) which I nearly ended up > duplicating. it is still necessary. Many drivers certainly make this assumption by casting either ifp or sc to (struct arpcom *). One easy way out that does not require to touch all drivers is to move the only remaining arpcom field (one, plus one which is only used by ng_ether and can go into the af_data array) into the struct ifnet and '#define arpcom ifnet' The #define then can be removed after a cleaning pass on all drivers (which i'd postpone to a later time when we know what we want to do with the arpcom field, given that it is supposed to be driver-specific or possibly useless). cheers luigi From owner-freebsd-net@FreeBSD.ORG Wed Jun 16 20:46:58 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4121516A4CE for ; Wed, 16 Jun 2004 20:46:58 +0000 (GMT) Received: from mta10.adelphia.net (mta10.adelphia.net [68.168.78.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id EF2F443D41 for ; Wed, 16 Jun 2004 20:46:57 +0000 (GMT) (envelope-from rneese@adelphia.net) Received: from developer.no-ip.com ([69.160.7.248]) by mta10.adelphia.net (InterMail vM.5.01.06.08 201-253-122-130-108-20031117) with ESMTP id <20040616204641.UZHZ18421.mta10.adelphia.net@developer.no-ip.com> for ; Wed, 16 Jun 2004 16:46:41 -0400 From: Richard Neese To: freebsd-net@freebsd.org Date: Wed, 16 Jun 2004 16:46:49 -0400 User-Agent: KMail/1.6.2 MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200406161646.49893.rneese@adelphia.net> Subject: atw admtek driver X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jun 2004 20:46:58 -0000 Is anyone willing to help with this driver I have a bais for the driver. I have starte dbtu have come to the point where I am stumped and need help with stacks and other problems . If you wish to help email me and I will send you the src. From owner-freebsd-net@FreeBSD.ORG Thu Jun 17 01:13:55 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABA1716A4CE for ; Thu, 17 Jun 2004 01:13:55 +0000 (GMT) Received: from multivac.fatburen.org (multivac.fatburen.org [212.247.27.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8A3A543D31 for ; Thu, 17 Jun 2004 01:13:54 +0000 (GMT) (envelope-from staffan@ulfberg.se) Received: from multivac.fatburen.org (localhost [127.0.0.1]) i5H1DVZS036895 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 17 Jun 2004 03:13:31 +0200 (CEST) (envelope-from staffan@ulfberg.se) Received: (from staffanu@localhost) by multivac.fatburen.org (8.12.9p2/8.12.11/Submit) id i5H1DUGc036892; Thu, 17 Jun 2004 03:13:30 +0200 (CEST) (envelope-from staffan@ulfberg.se) Sender: staffan@ulfberg.se To: freebsd-net@freebsd.org From: Staffan Ulfberg Date: 17 Jun 2004 03:13:30 +0200 In-Reply-To: <200406161646.49893.rneese@adelphia.net> Message-ID: <87zn73kmv9.fsf@multivac.fatburen.org> Lines: 102 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, hits=-0.9 required=5.0 tests=BAYES_10 autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on multivac.fatburen.org Subject: IPFW questions X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jun 2004 01:13:55 -0000 I sent an article similar to this a few days ago to c.u.b.freebsd.misc but didn't get any responses, so I'll try here instead. Please bear with the long mail... And thanks in advance for any new insights! I have an IPFW2 firewall and would like to get a few random things clarified/solved: FIRST QUESTION: I'm currently filtering ip_input, ip_output, and bdg_forward packets. What would the differnce be if I filtered ether_demux and ether_output_frame packets instead of ip_input/ip_output? The ipfw man page says this: Note that as packets flow through the stack, headers can be stripped or added to it, and so they may or may not be available for inspection. E.g., incoming packets will include the MAC header when ipfw is invoked from ether_demux(), but the same packets will have the MAC header stripped off when ipfw is invoked from ip_input(). What headers are added in ip_input/ip_output, compared to the ethernet layer equivalents? What kind of filtering could be problematic if trying to do all filtering on layer2 packets? I've noticed the ip address, at least, is available, since filtering my bridged traffic works as expected. How about natd? Does natd assume that traffic is sent to the divert socket from ip_input/ip_output? SECOND QUESTION: When using IPSEC (tunnel mode), what is the flow of packets through the firewall? My guess (that i'd like to verify) is that when a machine on my internal network transmits a packet that is destined to go through the ipsec tunnel, the packet gets in as usual from fxp3, going through ether_demux and ip_input. Then, the kernel wraps the packet inside an ESP packet, and that packets goes through ip_output and ether_output_frame on fxp0. When receiving an ESP packet, exactly the reverse happens: in through fxp0 ether_demux and ip_input, unwrapped, and then out through ip_output and ehter_output_frame on fxp3. Correct? THIRD QUESTION: I currently use a 1100 MHz Celeron machine with a quad dc card as a firewall. I tried switching that for a 300 MHz Geode GX1 machine with quad fxp interfaces (actually, this machine: http://www.evalue-tech.com/evalueweb/products/specifications/ENA-540.cfm). This doesn't work very well, however, due to bad performance. Would your guess be that tuning the system could make it work well, or is it obvious that the machine is too slow for the task? (I tried ifconfig -link0 and DEVICE_POLLNING, so far without any luck...) I'm using FreeBSD 4.10 and IPFW2 with BRIDGE and IPDIVERT (for natd) support. It's connected like this: Firewall +-----------------+ | fxp1 +------ web/mail server Internet -------+ fxp0 | | fxp3 +------ internal network (4 machines) +-----------------+ (10.0.3.2-10.0.3.5) fxp0 and fxp1 are bridged. Packets to/from fxp3 are routed through natd. All interfaces are 100 Mbps, and the Internet connection is 24 Mbps. This is a snapshot from top, when transferring about 1mbps (total for outgoing and incoming traffic through all ports): CPU states: 1.5% user, 0.0% nice, 44.2% system, 54.3% interrupt, 0.0% idle Mem: 6296K Active, 28M Inact, 11M Wired, 12K Cache, 13M Buf, 10M Free Swap: PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND 71 root 63 0 476K 328K RUN 23.6H 93.07% 93.07% natd I've read and understand that ipfilter or pf might be faster regarding nat, but last I checked, ipfilter could not filter bridged packets. Has this changed, or could pf do that? As a last resort, any way of getting ipfw and ipfilter work concurrently, with ipfw filtering the bridged traffic, and ipfilter doing the other stuff? FOURTH QUESTION: My server (on fxp1) complains like this, about 10 times a day: Apr 22 12:41:47 multivac /kernel: arp: 212.247.27.202 moved from 00:80:c8:b9:1a:fa to 00:80:c8:b9:1a:f9 on fxp0 Apr 22 12:41:47 multivac /kernel: arp: 212.247.27.202 moved from 00:80:c8:b9:1a:f9 to 00:80:c8:b9:1a:fa on fxp0 (Yes, that machine too has an Intel interface--I'm saying this only not to cause any confusion about "fxp0" in the log message.) The ip address is my firewall's external address, and the two ethernet addresses are the addresses of the firewall's fxp0 and fxp1. I assume this has to do with the fact that the two interfaces are bridged, but fxp1 does not even have an IP address... It's not a big problem in itself, but maybe it indicates something wrong with my setup? Staffan From owner-freebsd-net@FreeBSD.ORG Thu Jun 17 13:28:50 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 250E116A4CE; Thu, 17 Jun 2004 13:28:50 +0000 (GMT) Received: from mailhub.intercaf.ru (mailhub.intercaf.ru [195.96.167.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 52D0F43D54; Thu, 17 Jun 2004 13:28:49 +0000 (GMT) (envelope-from lesha@intercaf.ru) Received: from [195.96.167.70] (sick@[195.96.167.70]) (authenticated bits=0) by mailhub.intercaf.ru (8.12.10/8.12.10) with ESMTP id i5HDRn16086522; Thu, 17 Jun 2004 17:27:49 +0400 (MSD) (envelope-from lesha@intercaf.ru) From: AK Organization: InterCAF To: asterisk-users@lists.digium.com Date: Thu, 17 Jun 2004 17:28:00 +0400 User-Agent: KMail/1.6.2 MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200406171728.00139.lesha@intercaf.ru> X-Virus-Scanned: ClamAV version 'clamd / ClamAV version 0.65', clamav-milter version '0.60p' cc: freebsd-net@freebsd.org cc: freebsd-ports@freebsd.org Subject: Asterisk on FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jun 2004 13:28:50 -0000 Hello, ereyone! I have just installed Asterix on my FreeBSD (-current) box I'm planning to use it as H323 PBX for softphones Currently I'm stuck in transfering a call to another machine running H323 client When I define forwarding address as H323/ip$192.168.1.77|20|r Asterisk will crash immediately with Segmentation Fault when trying to transfer Program received signal SIGSEGV, Segmentation fault. 0x289f1314 in _init () from /usr/local/lib/asterisk/modules/chan_h323.so (gdb) x/3i $eip 0x289f1314 <_init+12668>: cmpb $0x0,(%eax) 0x289f1317 <_init+12671>: je 0x289f1327 <_init+12687> 0x289f1319 <_init+12673>: sub $0xc,%esp When I define call forwarding address as: H323/ip$192.168.1.77/|20|r i.e. additional "/" after IP It will perfectly connect and transfer call if there is H323 cli running If target machine is powered off or no software is running it will behave weird It will eat 100% cpu, hang forever and transmit silence to caller However tracing h.323 shows that it indeed detects that there is no H.323 connection to target avaible -- PBX1 is calling host ip$192.168.1.77 -- Call token is ip$localhost/25892 -- Call reference is 25892 -- Called ip$192.168.1.77 -- No phone running for ip$192.168.1.77:1720 == H.323 Connection deleted. Any help will be much appreciated. I will be glad to provide any required debuggin info, etc. Cheers, AL. From owner-freebsd-net@FreeBSD.ORG Thu Jun 17 18:25:03 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 1017) id F18B616A4CF; Thu, 17 Jun 2004 18:25:03 +0000 (GMT) Date: Thu, 17 Jun 2004 18:25:03 +0000 From: Tony Ackerman To: freebsd-net@freebsd.org Message-ID: <20040617182503.GA69063@hub.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i Subject: Intel 10GbE Driver committed X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jun 2004 18:25:04 -0000 We have commited the ixgb(4) driver for Intel(R) PRO/10GbE Server Adapters to -current and -stable. From owner-freebsd-net@FreeBSD.ORG Thu Jun 17 18:41:03 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A4F1C16A4CE for ; Thu, 17 Jun 2004 18:41:03 +0000 (GMT) Received: from mail.borderware.com (mail.borderware.com [207.236.65.231]) by mx1.FreeBSD.org (Postfix) with ESMTP id 56B6443D45 for ; Thu, 17 Jun 2004 18:41:03 +0000 (GMT) (envelope-from fming@borderware.com) Message-ID: <40D1E509.6070100@borderware.com> Date: Thu, 17 Jun 2004 14:38:01 -0400 From: ming fu User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040413 Debian/1.6-5 X-Accept-Language: en MIME-Version: 1.0 Cc: freebsd-net@freebsd.org References: <20040617182503.GA69063@hub.freebsd.org> In-Reply-To: <20040617182503.GA69063@hub.freebsd.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Intel 10GbE Driver committed X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jun 2004 18:41:03 -0000 Does this one replace the em driver? Tony Ackerman wrote: >We have commited the ixgb(4) driver for Intel(R) PRO/10GbE Server Adapters to -current and -stable. > > >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Thu Jun 17 18:59:41 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D15816A4CE for ; Thu, 17 Jun 2004 18:59:41 +0000 (GMT) Received: from mx01.bos.ma.towardex.com (mx01.bos.ma.towardex.com [65.124.16.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 35CE243D5F for ; Thu, 17 Jun 2004 18:59:41 +0000 (GMT) (envelope-from haesu@mx01.bos.ma.towardex.com) Received: by mx01.bos.ma.towardex.com (TowardEX ESMTP 3.0p11_DAKN, from userid 1001) id 451B52F900; Thu, 17 Jun 2004 14:59:02 -0400 (EDT) Date: Thu, 17 Jun 2004 14:59:02 -0400 From: James To: Staffan Ulfberg Message-ID: <20040617185902.GA24198@scylla.towardex.com> References: <200406161646.49893.rneese@adelphia.net> <87zn73kmv9.fsf@multivac.fatburen.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87zn73kmv9.fsf@multivac.fatburen.org> User-Agent: Mutt/1.4.1i cc: freebsd-net@freebsd.org Subject: Re: IPFW questions X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jun 2004 18:59:41 -0000 natd is a daemon userland process which performs way poorly than a kernel process. its fine for small office/home use, but definately not at the traffic level you are pushing. you can consider using ipnat (kldload ipl.ko; man -a ipnat) for NAT rules, and use ipfw for rest of packet filtering. hope it helps.. -J On Thu, Jun 17, 2004 at 03:13:30AM +0200, Staffan Ulfberg wrote: > I sent an article similar to this a few days ago to c.u.b.freebsd.misc > but didn't get any responses, so I'll try here instead. Please bear > with the long mail... And thanks in advance for any new insights! > > I have an IPFW2 firewall and would like to get a few random things > clarified/solved: > > > FIRST QUESTION: I'm currently filtering ip_input, ip_output, and > bdg_forward packets. What would the differnce be if I filtered > ether_demux and ether_output_frame packets instead of > ip_input/ip_output? The ipfw man page says this: > > Note that as packets flow through the stack, headers can be > stripped or added to it, and so they may or may not be available > for inspection. E.g., incoming packets will include the MAC header > when ipfw is invoked from ether_demux(), but the same packets will > have the MAC header stripped off when ipfw is invoked from > ip_input(). > > What headers are added in ip_input/ip_output, compared to the ethernet > layer equivalents? What kind of filtering could be problematic if > trying to do all filtering on layer2 packets? I've noticed the ip > address, at least, is available, since filtering my bridged traffic > works as expected. > > How about natd? Does natd assume that traffic is sent to the divert > socket from ip_input/ip_output? > > > SECOND QUESTION: When using IPSEC (tunnel mode), what is the flow of > packets through the firewall? My guess (that i'd like to verify) is > that when a machine on my internal network transmits a packet that is > destined to go through the ipsec tunnel, the packet gets in as usual > from fxp3, going through ether_demux and ip_input. Then, the kernel > wraps the packet inside an ESP packet, and that packets goes through > ip_output and ether_output_frame on fxp0. When receiving an ESP > packet, exactly the reverse happens: in through fxp0 ether_demux and > ip_input, unwrapped, and then out through ip_output and > ehter_output_frame on fxp3. Correct? > > > THIRD QUESTION: I currently use a 1100 MHz Celeron machine with a quad > dc card as a firewall. I tried switching that for a 300 MHz Geode GX1 > machine with quad fxp interfaces (actually, this machine: > http://www.evalue-tech.com/evalueweb/products/specifications/ENA-540.cfm). > This doesn't work very well, however, due to bad performance. > > Would your guess be that tuning the system could make it work well, or > is it obvious that the machine is too slow for the task? (I tried > ifconfig -link0 and DEVICE_POLLNING, so far without any luck...) > > I'm using FreeBSD 4.10 and IPFW2 with BRIDGE and IPDIVERT (for > natd) support. It's connected like this: > > Firewall > +-----------------+ > | fxp1 +------ web/mail server > Internet -------+ fxp0 | > | fxp3 +------ internal network (4 machines) > +-----------------+ (10.0.3.2-10.0.3.5) > > fxp0 and fxp1 are bridged. Packets to/from fxp3 are routed through > natd. All interfaces are 100 Mbps, and the Internet connection is 24 > Mbps. > > This is a snapshot from top, when transferring about 1mbps (total for > outgoing and incoming traffic through all ports): > > CPU states: 1.5% user, 0.0% nice, 44.2% system, 54.3% interrupt, 0.0% idle > Mem: 6296K Active, 28M Inact, 11M Wired, 12K Cache, 13M Buf, 10M Free > Swap: > > PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU > COMMAND > 71 root 63 0 476K 328K RUN 23.6H 93.07% 93.07% natd > > I've read and understand that ipfilter or pf might be faster regarding > nat, but last I checked, ipfilter could not filter bridged packets. > Has this changed, or could pf do that? As a last resort, any way of > getting ipfw and ipfilter work concurrently, with ipfw filtering the > bridged traffic, and ipfilter doing the other stuff? > > > FOURTH QUESTION: My server (on fxp1) complains like this, about 10 > times a day: > > Apr 22 12:41:47 multivac /kernel: arp: 212.247.27.202 moved from > 00:80:c8:b9:1a:fa to 00:80:c8:b9:1a:f9 on fxp0 > Apr 22 12:41:47 multivac /kernel: arp: 212.247.27.202 moved from > 00:80:c8:b9:1a:f9 to 00:80:c8:b9:1a:fa on fxp0 > > (Yes, that machine too has an Intel interface--I'm saying this only > not to cause any confusion about "fxp0" in the log message.) > > The ip address is my firewall's external address, and the two ethernet > addresses are the addresses of the firewall's fxp0 and fxp1. I assume > this has to do with the fact that the two interfaces are bridged, but > fxp1 does not even have an IP address... It's not a big problem in > itself, but maybe it indicates something wrong with my setup? > > Staffan > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- James Jun TowardEX Technologies, Inc. Technical Lead Network Design, Consulting, IT Outsourcing james@towardex.com Boston-based Colocation & Bandwidth Services cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net From owner-freebsd-net@FreeBSD.ORG Thu Jun 17 20:02:46 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9EC0F16A4CE; Thu, 17 Jun 2004 20:02:46 +0000 (GMT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB0AA43D4C; Thu, 17 Jun 2004 20:02:45 +0000 (GMT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.11/8.12.11) with ESMTP id i5HK0fpR047195; Thu, 17 Jun 2004 16:00:41 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)i5HK0f7O047192; Thu, 17 Jun 2004 16:00:41 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Thu, 17 Jun 2004 16:00:40 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Tony Ackerman In-Reply-To: <20040617182503.GA69063@hub.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Intel 10GbE Driver committed X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jun 2004 20:02:46 -0000 On Thu, 17 Jun 2004, Tony Ackerman wrote: > We have commited the ixgb(4) driver for Intel(R) PRO/10GbE Server > Adapters to -current and -stable. Tony, When I took a look at the ixgb driver a couple of weeks ago, it looked like there was currently no locking in the driver to allow it to execute without the Giant lock over the kernel. if_em and a number of other popular drivers do have the necessary locking, which means they will be safe to use once we support pulling the Giant lock off for most network operations (very shortly). Do you have plans to update the driver to add support for Giant-free operation? Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Senior Research Scientist, McAfee Research From owner-freebsd-net@FreeBSD.ORG Thu Jun 17 20:46:26 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D235A16A4CE for ; Thu, 17 Jun 2004 20:46:26 +0000 (GMT) Received: from smartmx-02.inode.at (smartmx-02.inode.at [213.229.60.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 53F5743D49 for ; Thu, 17 Jun 2004 20:46:26 +0000 (GMT) (envelope-from mbretter@inode.at) Received: from [62.99.255.193] (port=58450 helo=[192.168.201.12]) by smartmx-02.inode.at with esmtp (Exim 4.30) id 1Bb3lp-0002GQ-8b; Thu, 17 Jun 2004 22:46:01 +0200 Message-ID: <40D20309.40901@inode.at> Date: Thu, 17 Jun 2004 22:46:01 +0200 From: Michael Bretterklieber User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; de-AT; rv:1.7) Gecko/20040521 X-Accept-Language: en-us, en MIME-Version: 1.0 To: mpd-users@lists.sourceforge.net, net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Mpd-4.0b2 available X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jun 2004 20:46:26 -0000 Hi, I just released Mpd-4.0b2, this release fixes a bad bug (and some others) wich caused Mpd-4 to be dead-locked. http://prdownloads.sourceforge.net/mpd/mpd-4.0b2.tar.gz?download It would be great, if some of you could help testing Mpd-4. bye, -- ------------------------------- ---------------------------------- Michael Bretterklieber - http://www.bretterklieber.com ------------------------------ ---------------------------------- From owner-freebsd-net@FreeBSD.ORG Thu Jun 17 20:57:56 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2970616A4CE for ; Thu, 17 Jun 2004 20:57:56 +0000 (GMT) Received: from rms04.rommon.net (rms04.rommon.net [212.54.2.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id CB34B43D49 for ; Thu, 17 Jun 2004 20:57:54 +0000 (GMT) (envelope-from pete@he.iki.fi) Received: from he.iki.fi (h86.vuokselantie10.fi [193.64.42.134]) by rms04.rommon.net (8.12.10/8.12.9) with ESMTP id i5HKux3v047136; Thu, 17 Jun 2004 23:57:00 +0300 (EEST) (envelope-from pete@he.iki.fi) Message-ID: <40D2059B.2030408@he.iki.fi> Date: Thu, 17 Jun 2004 23:56:59 +0300 From: Petri Helenius User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ming fu References: <20040617182503.GA69063@hub.freebsd.org> <40D1E509.6070100@borderware.com> In-Reply-To: <40D1E509.6070100@borderware.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org Subject: Re: Intel 10GbE Driver committed X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jun 2004 20:57:56 -0000 ming fu wrote: > Does this one replace the em driver? > > It does not. However as far as I understand the semantics of the chips aren´t that much different so I wonder why another driver instead of adding to em. Pete From owner-freebsd-net@FreeBSD.ORG Thu Jun 17 21:29:46 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7387516A4CE for ; Thu, 17 Jun 2004 21:29:46 +0000 (GMT) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id CD20743D2D for ; Thu, 17 Jun 2004 21:29:45 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 67459 invoked from network); 17 Jun 2004 21:29:28 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 17 Jun 2004 21:29:28 -0000 Message-ID: <40D20D38.E9C92EF5@freebsd.org> Date: Thu, 17 Jun 2004 23:29:28 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Petri Helenius References: <20040617182503.GA69063@hub.freebsd.org> <40D1E509.6070100@borderware.com> <40D2059B.2030408@he.iki.fi> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org cc: ming fu Subject: Re: Intel 10GbE Driver committed X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jun 2004 21:29:46 -0000 Petri Helenius wrote: > > ming fu wrote: > > > Does this one replace the em driver? > > > > > It does not. However as far as I understand the semantics of the chips > aren´t that much different so I wonder why another driver instead of > adding to em. >From reading both drivers it seems the 10GbE is far simpler than the Gig driver. Intel seems to have optimized their driver to slicon architecture quite a bit. -- Andre From owner-freebsd-net@FreeBSD.ORG Fri Jun 18 03:26:35 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D8F2A16A4CE for ; Fri, 18 Jun 2004 03:26:35 +0000 (GMT) Received: from ns1.unixmexico.net (ns1.unixmexico.net [69.10.138.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 850A843D1D for ; Fri, 18 Jun 2004 03:26:35 +0000 (GMT) (envelope-from nbari@unixmexico.com) Received: (qmail 28746 invoked by uid 85); 18 Jun 2004 03:26:13 -0000 Received: from nbari@unixmexico.com by ns1.unixmexico.net by uid 82 with qmail-scanner-1.16 (hbedv: 6.24.0.7/6.24.0.64. Clear:. Processed in 0.357373 secs); 18 Jun 2004 03:26:13 -0000 Received: from ns1.unixmexico.net (HELO mail.unixmexico.com) ([69.10.138.161]) (envelope-sender ) by ns1.unixmexico.net (qmail-ldap-1.03) with SMTP for ; 18 Jun 2004 03:26:13 -0000 Received: from 148.243.211.37 (SquirrelMail authenticated user nbari@unixmexico.com) by mail.unixmexico.com with HTTP; Thu, 17 Jun 2004 22:26:13 -0500 (CDT) Message-ID: <1434.148.243.211.37.1087529173.squirrel@mail.unixmexico.com> Date: Thu, 17 Jun 2004 22:26:13 -0500 (CDT) From: =?iso-8859-1?Q?Nicol=E1s_de_Bari_Embr=EDz_G._R.?= To: freebsd-net@freebsd.org User-Agent: SquirrelMail/1.4.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 1 Importance: High Subject: update to 4.10 via ssh X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2004 03:26:36 -0000 Hi all, right now I am using freebsd 4.9 but I would like to update to 4.10-STABLE but I have a problem, I want to do this on a dedicated server the one is in another country and miles away from me, so I am planing to do this over ssh. what I plan to do is a cvsup to get the latest release then: 1. `cd /usr/src' 2. `make buildworld' 3. `make buildkernel KERNCONF=MY_KERNEL' 4. `make installkernel KERNCONF=MY_KERNEL' 6. `mergemaster -p' 7. `make installworld' 8. `mergemaster' 9. `reboot' Also I have Perl installed from ports so I have commented the #NOPERL= true on /etc/make.conf I will appreciate some help, tips or recommendations for doing this so I can update my system. thanks in advance -- nbari@unixmexico.com key ID 1EF56FDC -- nbari@unixmexico.com key ID 1EF56FDC From owner-freebsd-net@FreeBSD.ORG Fri Jun 18 05:52:58 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 68C2616A4CE; Fri, 18 Jun 2004 05:52:58 +0000 (GMT) Received: from park.rambler.ru (park.rambler.ru [81.19.64.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id DCBCB43D31; Fri, 18 Jun 2004 05:52:56 +0000 (GMT) (envelope-from is@rambler-co.ru) Received: from is.park.rambler.ru (is.park.rambler.ru [81.19.64.102]) by park.rambler.ru (8.12.6/8.12.6) with ESMTP id i5I5pwgU092588; Fri, 18 Jun 2004 09:51:58 +0400 (MSD) (envelope-from is@rambler-co.ru) Date: Fri, 18 Jun 2004 09:53:32 +0400 (MSD) From: Igor Sysoev X-X-Sender: is@is.park.rambler.ru To: freebsd-net@freebsd.org Message-ID: <20040618094356.O22477@is.park.rambler.ru> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Alfred Perlstein cc: Max Khon Subject: "netstat -m" and sendfile(2) statistics in STABLE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2004 05:52:58 -0000 Hi, I read objections in cvs-all@ about netstat's output after MFC of sendfile(2) statistics. How about "netstat -ms" ? Right now this switch combination is treated as simple "-m" in both -STABLE and -CURRENT. Igor Sysoev http://sysoev.ru/en/ From owner-freebsd-net@FreeBSD.ORG Fri Jun 18 05:59:55 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E8B0C16A4CE for ; Fri, 18 Jun 2004 05:59:55 +0000 (GMT) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id CBBF843D4C for ; Fri, 18 Jun 2004 05:59:55 +0000 (GMT) (envelope-from bright@elvis.mu.org) Received: by elvis.mu.org (Postfix, from userid 1192) id 4718F5C7FE; Thu, 17 Jun 2004 22:58:46 -0700 (PDT) Date: Thu, 17 Jun 2004 22:58:46 -0700 From: Alfred Perlstein To: Igor Sysoev Message-ID: <20040618055846.GT61448@elvis.mu.org> References: <20040618094356.O22477@is.park.rambler.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040618094356.O22477@is.park.rambler.ru> User-Agent: Mutt/1.4.2.1i cc: freebsd-net@freebsd.org cc: Max Khon Subject: Re: "netstat -m" and sendfile(2) statistics in STABLE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2004 05:59:56 -0000 * Igor Sysoev [040617 22:52] wrote: > Hi, > > I read objections in cvs-all@ about netstat's output after MFC > of sendfile(2) statistics. > > How about "netstat -ms" ? > > Right now this switch combination is treated as simple "-m" in both -STABLE > and -CURRENT. I would love to see the sendfile stats moved to '-s'. If that's what you're proposing, then yes. :) Oh last of the nits: changes to userland output make things like examples from documentation out of date which can obfuscate things and/or ruin docs for a release. -- - Alfred Perlstein - Research Engineering Development Inc. - email: bright@mu.org cell: 408-480-4684 From owner-freebsd-net@FreeBSD.ORG Fri Jun 18 06:20:31 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F77C16A4CE for ; Fri, 18 Jun 2004 06:20:31 +0000 (GMT) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 242E743D1F for ; Fri, 18 Jun 2004 06:20:31 +0000 (GMT) (envelope-from silby@silby.com) Received: (qmail 11489 invoked from network); 18 Jun 2004 06:19:17 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 18 Jun 2004 06:19:17 -0000 X-pair-Authenticated: 209.68.2.70 Date: Fri, 18 Jun 2004 01:19:16 -0500 (CDT) From: Mike Silbersack To: Igor Sysoev In-Reply-To: <20040618094356.O22477@is.park.rambler.ru> Message-ID: <20040618011745.W72823@odysseus.silby.com> References: <20040618094356.O22477@is.park.rambler.ru> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-net@freebsd.org cc: Alfred Perlstein cc: Max Khon Subject: Re: "netstat -m" and sendfile(2) statistics in STABLE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2004 06:20:31 -0000 On Fri, 18 Jun 2004, Igor Sysoev wrote: > Hi, > > I read objections in cvs-all@ about netstat's output after MFC > of sendfile(2) statistics. > > How about "netstat -ms" ? > > Right now this switch combination is treated as simple "-m" in both -STABLE > and -CURRENT. > > > Igor Sysoev > http://sysoev.ru/en/ I would prefer that sfbufs statistics either be kept in netstat -m, OR added to an entirely different program (perhaps vmstat). Making yet another netstat flag just because we're scared of confusing users is a noble compromise, but will in the end just make things more confusing. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Fri Jun 18 06:25:32 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5492C16A4CE for ; Fri, 18 Jun 2004 06:25:32 +0000 (GMT) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1EA2B43D48 for ; Fri, 18 Jun 2004 06:25:32 +0000 (GMT) (envelope-from bright@elvis.mu.org) Received: by elvis.mu.org (Postfix, from userid 1192) id C52095C821; Thu, 17 Jun 2004 23:24:18 -0700 (PDT) Date: Thu, 17 Jun 2004 23:24:18 -0700 From: Alfred Perlstein To: Mike Silbersack Message-ID: <20040618062418.GU61448@elvis.mu.org> References: <20040618094356.O22477@is.park.rambler.ru> <20040618011745.W72823@odysseus.silby.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040618011745.W72823@odysseus.silby.com> User-Agent: Mutt/1.4.2.1i cc: freebsd-net@freebsd.org cc: Igor Sysoev cc: Max Khon Subject: Re: "netstat -m" and sendfile(2) statistics in STABLE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2004 06:25:32 -0000 * Mike Silbersack [040617 23:20] wrote: > > On Fri, 18 Jun 2004, Igor Sysoev wrote: > > >Hi, > > > >I read objections in cvs-all@ about netstat's output after MFC > >of sendfile(2) statistics. > > > >How about "netstat -ms" ? > > > >Right now this switch combination is treated as simple "-m" in both -STABLE > >and -CURRENT. > > > > > >Igor Sysoev > >http://sysoev.ru/en/ > > I would prefer that sfbufs statistics either be kept in netstat -m, OR > added to an entirely different program (perhaps vmstat). Making yet > another netstat flag just because we're scared of confusing users is a > noble compromise, but will in the end just make things more confusing. I was going to suggest vmstat now that sfbufs are used for so many other things than just "sendfile bufs". -- - Alfred Perlstein - Research Engineering Development Inc. - email: bright@mu.org cell: 408-480-4684 From owner-freebsd-net@FreeBSD.ORG Fri Jun 18 06:31:44 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8FAE916A4CE for ; Fri, 18 Jun 2004 06:31:44 +0000 (GMT) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 18EE943D2F for ; Fri, 18 Jun 2004 06:31:44 +0000 (GMT) (envelope-from silby@silby.com) Received: (qmail 16169 invoked from network); 18 Jun 2004 06:30:37 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 18 Jun 2004 06:30:37 -0000 X-pair-Authenticated: 209.68.2.70 Date: Fri, 18 Jun 2004 01:30:36 -0500 (CDT) From: Mike Silbersack To: Alfred Perlstein In-Reply-To: <20040618062418.GU61448@elvis.mu.org> Message-ID: <20040618012806.H72823@odysseus.silby.com> References: <20040618094356.O22477@is.park.rambler.ru> <20040618062418.GU61448@elvis.mu.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-net@freebsd.org cc: Igor Sysoev cc: Max Khon Subject: Re: "netstat -m" and sendfile(2) statistics in STABLE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2004 06:31:44 -0000 On Thu, 17 Jun 2004, Alfred Perlstein wrote: > I was going to suggest vmstat now that sfbufs are used for so many > other things than just "sendfile bufs". > > -- > - Alfred Perlstein How about if we do this: 5.x: List sfbufs both in vmstat _and_ in netstat -m, as their status is relevant to both network and general memory usage. 4.x: MFC the vmstat implementation. This would preserve 4.x's behavior, but allow 5.x users (who have a new netstat -m output format anyway) to see sfbuf information without invocing multiple utilities. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Fri Jun 18 06:43:25 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 58E4816A4CE; Fri, 18 Jun 2004 06:43:25 +0000 (GMT) Received: from park.rambler.ru (park.rambler.ru [81.19.64.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9192543D46; Fri, 18 Jun 2004 06:43:24 +0000 (GMT) (envelope-from is@rambler-co.ru) Received: from is.park.rambler.ru (is.park.rambler.ru [81.19.64.102]) by park.rambler.ru (8.12.6/8.12.6) with ESMTP id i5I6g3gU095621; Fri, 18 Jun 2004 10:42:03 +0400 (MSD) (envelope-from is@rambler-co.ru) Date: Fri, 18 Jun 2004 10:43:37 +0400 (MSD) From: Igor Sysoev X-X-Sender: is@is.park.rambler.ru To: Mike Silbersack In-Reply-To: <20040618012806.H72823@odysseus.silby.com> Message-ID: <20040618103517.L81288@is.park.rambler.ru> References: <20040618094356.O22477@is.park.rambler.ru> <20040618062418.GU61448@elvis.mu.org> <20040618012806.H72823@odysseus.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org cc: Alfred Perlstein cc: Max Khon Subject: Re: "netstat -m" and sendfile(2) statistics in STABLE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2004 06:43:25 -0000 On Fri, 18 Jun 2004, Mike Silbersack wrote: > On Thu, 17 Jun 2004, Alfred Perlstein wrote: > > > I was going to suggest vmstat now that sfbufs are used for so many > > other things than just "sendfile bufs". > > > > -- > > - Alfred Perlstein > > How about if we do this: > > 5.x: List sfbufs both in vmstat _and_ in netstat -m, as their status is > relevant to both network and general memory usage. > > 4.x: MFC the vmstat implementation. > > This would preserve 4.x's behavior, but allow 5.x users (who have a new > netstat -m output format anyway) to see sfbuf information without invocing > multiple utilities. In 4.x sfbufs are network buffers only and I think it's handy to see the network buffer statistics in one place. I prefer to see netstat -ms or netstat -m. And nothing against additional the vmstat implementation. Igor Sysoev http://sysoev.ru/en/ From owner-freebsd-net@FreeBSD.ORG Fri Jun 18 07:03:04 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9235A16A4CE for ; Fri, 18 Jun 2004 07:03:04 +0000 (GMT) Received: from office.paramon.ru (ns4.paramon.ru [217.107.29.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id C6CEE43D54 for ; Fri, 18 Jun 2004 07:03:02 +0000 (GMT) (envelope-from ilia@paramon.ru) Received: from localhost.paramon.ru. (localhost.paramon.ru. [127.0.0.1]) by office.paramon.ru (8.12.9p1/8.12.11) with ESMTP id i5I72F5L036254; Fri, 18 Jun 2004 13:02:16 +0600 (YEKST) (envelope-from ilia@paramon.ru) Date: Fri, 18 Jun 2004 13:02:15 +0600 (YEKST) From: Ilia Chipitsine To: Michael Bretterklieber In-Reply-To: <40D20309.40901@inode.at> Message-ID: <20040618130123.B36212@office.paramon.ru> References: <40D20309.40901@inode.at> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: mpd-users@lists.sourceforge.net cc: net@freebsd.org Subject: Re: [Mpd-users] Mpd-4.0b2 available X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2004 07:03:04 -0000 it doesn't present in FreeBSD ports collection I've just discovered for myselt that it exists :) Cheers, Ilia > Hi, > > I just released Mpd-4.0b2, this release fixes a bad bug (and some > others) wich caused Mpd-4 to be dead-locked. > > http://prdownloads.sourceforge.net/mpd/mpd-4.0b2.tar.gz?download > > It would be great, if some of you could help testing Mpd-4. > > bye, > -- > ------------------------------- ---------------------------------- > Michael Bretterklieber - http://www.bretterklieber.com > ------------------------------ ---------------------------------- > > > ------------------------------------------------------- > This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference > Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer > Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA > REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND > _______________________________________________ > Mpd-users mailing list > Mpd-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/mpd-users > From owner-freebsd-net@FreeBSD.ORG Fri Jun 18 10:17:18 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DD7E616A4CE for ; Fri, 18 Jun 2004 10:17:17 +0000 (GMT) Received: from juergen.edv-winter.de (juergen.edv-winter.de [195.226.65.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 28A9643D2F for ; Fri, 18 Jun 2004 10:17:16 +0000 (GMT) (envelope-from ar@ra23.net) Received: from localhost (localhost [127.0.0.1])i5IAGbWo078100 for ; Fri, 18 Jun 2004 12:16:37 +0200 (CEST) (envelope-from ar@ra23.net) Date: Fri, 18 Jun 2004 12:16:37 +0200 (CEST) From: Andre Rein X-X-Sender: ar@juergen.edv-winter.de To: net@freebsd.org Message-ID: <20040618121607.V64239@juergen.edv-winter.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: IPSec Routing and Interfaces, ping problem (long) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2004 10:17:18 -0000 Hi Ml, got a little understanding problem with my VPN connection. I set up isakmpd. Connected from a static client ip. Everything works fine. 10.0.1.0-------195.226.x.98--------[INTERNET]--------195.226.x.124-------10.0.0.0 gif0: flags=8050 mtu 1280 tunnel inet 195.226.x.124 --> 195.226.x.98 inet 10.0.0.124 --> 10.0.1.1 netmask 0xffffff00 inet6 fe80::250:baff:fede:bb73%gif0 prefixlen 64 scopeid 0x9 the gif0 Interface i created myself with: gifconfig gif0 195.226.65.124 195.226.65.98 ifconfig gif0 inet 10.0.0.124 10.0.1.1 netmask 255.255.255.0 setkey -FP setkey -F setkey -c << EOF spdadd 10.0.0.0/24 10.0.1.0/24 any -P out ipsec esp/tunnel/195.226.x.124-195.226.x.98/require; spdadd 10.0.1.0/24 10.0.0.0/24 any -P in ipsec esp/tunnel/195.226.x.98-195.226.x.124/require; EOF First I tried racoon, so do I need gif0 Interface when using isakmpd? Anyway, heres my setkey -D output: 195.226.x.124 195.226.x.98 esp mode=any spi=115684691(0x06e53553) reqid=0(0x00000000) E: 3des-cbc f69579f2 ccee42f3 e046f2d3 ea44eaf0 0111da98 cf79ee9d A: hmac-md5 f7f015ab 8200c964 13332790 8fdc3591 seq=0x0000002e replay=0 flags=0x00000000 state=mature created: Jun 17 16:54:38 2004 current: Jun 17 16:55:38 2004 diff: 60(s) hard: 90(s) soft: 81(s) last: Jun 17 16:55:38 2004 hard: 0(s) soft: 0(s) current: 6256(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 46 hard: 0 soft: 0 sadb_seq=1 pid=79990 refcnt=2 195.226.x.98 195.226.x.124 esp mode=any spi=542689727(0x2058c9bf) reqid=0(0x00000000) E: 3des-cbc 935381d8 a9ccfc65 b82ab59d 4c2201fa c41adfc5 077cab63 A: hmac-md5 be01afa0 884cb945 0d561298 d17b5fbf seq=0x0000002e replay=0 flags=0x00000000 state=mature created: Jun 17 16:54:38 2004 current: Jun 17 16:55:38 2004 diff: 60(s) hard: 90(s) soft: 81(s) last: Jun 17 16:55:38 2004 hard: 0(s) soft: 0(s) current: 3864(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 46 hard: 0 soft: 0 sadb_seq=0 pid=79990 refcnt=1 I added a route to the 10.0.1/24 net: 10.0.1/24 10.0.1.1 UGSc 0 2736 gif0 Now I set up a connection from a dynamic client. 192.168.10/30------Dynamic-IP--------[INTERNET]--------195.226.x.124-------10.0.0.0 setkey -D: 195.226.x.124 217.236.140.95 esp mode=any spi=1631512562(0x613ee7f2) reqid=0(0x00000000) E: rijndael-cbc ae65af22 6256a79a d37eb700 c7cd9917 A: hmac-md5 3e378bc3 f7abd982 67d838d9 b678d18d seq=0x000001c6 replay=0 flags=0x00000000 state=mature created: Jun 17 16:57:06 2004 current: Jun 17 17:04:52 2004 diff: 466(s) hard: 2000(s) soft: 1800(s) last: Jun 17 17:04:51 2004 hard: 0(s) soft: 0(s) current: 69008(bytes) hard: 204800000(bytes) soft: 184320000(bytes) allocated: 454 hard: 0 soft: 0 sadb_seq=3 pid=80022 refcnt=2 217.236.140.95 195.226.x.124 esp mode=any spi=1382069086(0x5260b35e) reqid=0(0x00000000) E: rijndael-cbc 3e52567a 51306d35 e2333684 55b64a40 A: hmac-md5 695a1b0a fb962e83 b38ff954 a2b4b4aa seq=0x000001c5 replay=0 flags=0x00000000 state=mature created: Jun 17 16:57:06 2004 current: Jun 17 17:04:52 2004 diff: 466(s) hard: 2000(s) soft: 1800(s) last: Jun 17 17:04:51 2004 hard: 0(s) soft: 0(s) current: 38052(bytes) hard: 204800000(bytes) soft: 184320000(bytes) allocated: 453 hard: 0 soft: 0 sadb_seq=2 pid=80022 refcnt=1 >From the client I can ping 10.0.0.124. So I tried another host in this net(10.0.0.1). I gave 10.0.0.1 a route to the 192.168.10/30 net 192.168.10/30 10.0.0.124 UGSc 0 341 rl0 I'm able to ping 10.0.0.1 now from my vpnclient and ping the vpnclient from 10.0.0.1 without any trouble. The only problem I get, is to ping the vpnclient from the vpnserver. It won't work. So how should I setup the server to ping the client? Am I just blind and don't see my mistake? gruss/regards Andre -- "And some greetings from the Toaster" "Plata Verata Nectu" From owner-freebsd-net@FreeBSD.ORG Fri Jun 18 11:50:28 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC73A16A4CE; Fri, 18 Jun 2004 11:50:27 +0000 (GMT) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 059FE43D2D; Fri, 18 Jun 2004 11:50:27 +0000 (GMT) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 5467265213; Fri, 18 Jun 2004 12:49:32 +0100 (BST) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 19766-02-2; Fri, 18 Jun 2004 12:49:31 +0100 (BST) Received: from empiric.dek.spc.org (82-147-17-88.dsl.uk.rapidplay.com [82.147.17.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 433AA651FA; Fri, 18 Jun 2004 12:49:31 +0100 (BST) Received: by empiric.dek.spc.org (Postfix, from userid 1001) id 7E92E6150; Fri, 18 Jun 2004 12:49:30 +0100 (BST) Date: Fri, 18 Jun 2004 12:49:30 +0100 From: Bruce M Simpson To: freebsd-net@FreeBSD.org Message-ID: <20040618114929.GE58783@empiric.dek.spc.org> Mail-Followup-To: freebsd-net@FreeBSD.org, alfred@FreeBSD.org, kris@FreeBSD.org, Jonathan Lennox , freebsd-gnats-submit@FreeBSD.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="10jrOL3x2xqLmOsH" Content-Disposition: inline cc: Jonathan Lennox cc: kris@FreeBSD.org cc: alfred@FreeBSD.org cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: kern/56461: FreeBSD client rpc.lockd incompatible with Linux server rpc.lockd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2004 11:50:28 -0000 --10jrOL3x2xqLmOsH Content-Type: multipart/mixed; boundary="mJm6k4Vb/yFcL9ZU" Content-Disposition: inline --mJm6k4Vb/yFcL9ZU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline I've attached my thoughts on this issue. I haven't gone ahead and committed the fix in the PR as it makes us just as braindead as Linux, but it would be good to be able to have this in GENERIC so that it can be enabled in those situations where it's needed. Regards, BMS --mJm6k4Vb/yFcL9ZU Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="lockd-linux-compat.txt" Synopsis: Linux NFS advisory locks are broken and incompatible with the rest of the world. FreeBSD 5.x in particular uses BSD/OS derived NFS code and thus is affected. FreeBSD 4.x does not implement client-side NFS advisory locks. This problem is also documented as existing for MacOS X, IRIX and BSD/OS: http://www.netsys.com/bsdi-users/2002-04/msg00036.html http://www.uwsg.iu.edu/hypermail/linux/kernel/0311.0/0498.html http://lists.freebsd.org/pipermail/freebsd-hackers/2003-July/001833.html http://lists.freebsd.org/pipermail/freebsd-hackers/2003-April/000592.html The patch provided in the PR is verified to solve the problem, but it would be good to make this functionality optional at run-time, as many people are likely to be using Linux NFS shares read/write with advisory locks. Walkthrough: The addition of pid_start to struct lockd_msg_ident is what triggered this problem. The offending member is referenced by the NFS code, and rpc.lockd itself. The kernel interface code for rpc.lockd resides in src/usr.sbin/rpc.lockd/kern.c. LOCKD_MSG is what gets passed from the kernel to rpc.lockd via the named pipe /var/run/lock. NFSCLNT_LOCKDANS is used by lockd to send a response back. struct lockd_ans is the structure passed via this syscall. The kernel code for this is in nfslockdans(), in src/sys/nfsclient/nfs_lock.c. Proposed solution: Actual NLM request conversion to/from the kernel happens in rpc.lockd; there are several places in kern.c, notably test_request() and lock_request(), which reference struct nlm4_testargs, struct nlm_testargs, struct nlm_lockargs, and struct nlm4_lockargs. These are defined in src/include/rpcsvc/nlm_prot.x. XXX Are the lockd cookies different from the regular NFS filehandles? arg4.cookie.n_bytes = (char *)&msg->lm_msg_ident; arg4.cookie.n_len = sizeof(msg->lm_msg_ident); There's no need to change this structure, just the number of bytes provided by it; the lm_msg_ident structure needs to change if we're doing Linux compatbility, and is probably best served by adding a sysctl to keep track of whether we're in this mode or not. So embedding a union of structs in lm_msg_ident is probably the way to go, and taking the sizeof() the embedded struct as appropriate. I would suggest adding a sysctl to the tree: vfs.nfs.pid_start_locks, "Use process start time as well as PID to differentiate client-side NFS locks". This should be referenced from nfslockdans() as per the original patch to check if the timercmp comparison should be skipped. --mJm6k4Vb/yFcL9ZU-- --10jrOL3x2xqLmOsH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: '' iD8DBQFA0tbJueUpAYYNtTsRApOvAJ0eHzIGWVsy1AZr47L8NuOgd3K5PQCeIseX w+UzIFGJW52FfeV2PsmXw+U= =7hCl -----END PGP SIGNATURE----- --10jrOL3x2xqLmOsH-- From owner-freebsd-net@FreeBSD.ORG Fri Jun 18 12:32:27 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 02D7916A4CE; Fri, 18 Jun 2004 12:32:27 +0000 (GMT) Received: from juergen.edv-winter.de (juergen.edv-winter.de [195.226.65.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id B0DB443D39; Fri, 18 Jun 2004 12:32:25 +0000 (GMT) (envelope-from ar@ra23.net) Received: from localhost (localhost [127.0.0.1])i5ICW00w096577; Fri, 18 Jun 2004 14:32:00 +0200 (CEST) (envelope-from ar@ra23.net) Date: Fri, 18 Jun 2004 14:32:00 +0200 (CEST) From: Andre Rein X-X-Sender: ar@juergen.edv-winter.de To: net@freebsd.org, freebsd-questions@freebsd.org In-Reply-To: <20040618121607.V64239@juergen.edv-winter.de> Message-ID: <20040618141108.U64239@juergen.edv-winter.de> References: <20040618121607.V64239@juergen.edv-winter.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: ach@meta-x.org Subject: Re: IPSec Routing and Interfaces, ping problem (solved!?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2004 12:32:27 -0000 On Fri, 18 Jun 2004, Andre Rein wrote: > I'm able to ping 10.0.0.1 now from my vpnclient and ping the > vpnclient from 10.0.0.1 without any trouble. > > The only problem I get, is to ping the vpnclient from the vpnserver. > It won't work. > So how should I setup the server to ping the client? > Am I just blind and don't see my mistake? > > think I found a workaround. I tried: ifconfig gif1 create ifconfig gif1 inet 10.0.0.124 192.168.10.1 netmask 255.255.255.252 Without the gifconfig officialip officialip thing Now i can add my route: route add -net 192.168.10/30 192.168.1.1 and pinging from the VPN Server to the other network works fine. don't know if it's a awesome solution, but it works ... gruss/regards Andre -- "And some greetings from the Toaster" "Plata Verata Nectu" From owner-freebsd-net@FreeBSD.ORG Fri Jun 18 14:33:07 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF14E16A4CE for ; Fri, 18 Jun 2004 14:33:07 +0000 (GMT) Received: from mxsf01.cluster1.charter.net (mxsf01.cluster1.charter.net [209.225.28.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3DDDA43D41 for ; Fri, 18 Jun 2004 14:33:07 +0000 (GMT) (envelope-from archie@dellroad.org) Received: from mxip06.cluster1.charter.net (mxip06a.cluster1.charter.net [209.225.28.136])i5IEU52o065072 for ; Fri, 18 Jun 2004 10:30:05 -0400 (EDT) Received: from cable-24-196-25-11.mtv.al.charter.com (HELO InterJet.dellroad.org) (24.196.25.11) by mxip06.cluster1.charter.net with ESMTP; 18 Jun 2004 10:30:04 -0400 Received: from arch20m.dellroad.org (arch20m.dellroad.org [10.2.2.20]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id JAA25604; Fri, 18 Jun 2004 09:16:47 -0500 (CDT) Received: from arch20m.dellroad.org (localhost [127.0.0.1]) i5IEGkvH047904; Fri, 18 Jun 2004 09:16:46 -0500 (CDT) (envelope-from archie@arch20m.dellroad.org) Received: (from archie@localhost) by arch20m.dellroad.org (8.12.9p2/8.12.9/Submit) id i5IEGixx047903; Fri, 18 Jun 2004 09:16:44 -0500 (CDT) (envelope-from archie) From: Archie Cobbs Message-Id: <200406181416.i5IEGixx047903@arch20m.dellroad.org> In-Reply-To: <20040618130123.B36212@office.paramon.ru> To: Ilia Chipitsine Date: Fri, 18 Jun 2004 09:16:44 -0500 (CDT) X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII cc: Michael Bretterklieber cc: mpd-users@lists.sourceforge.net cc: net@freebsd.org Subject: Re: [Mpd-users] Mpd-4.0b2 available X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2004 14:33:08 -0000 Ilia Chipitsine wrote: > it doesn't present in FreeBSD ports collection > I've just discovered for myselt that it exists :) It's not fully baked yet :-) -Archie __________________________________________________________________________ Archie Cobbs * CTO, Awarix * http://www.awarix.com From owner-freebsd-net@FreeBSD.ORG Fri Jun 18 17:51:56 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6DDE316A4CE; Fri, 18 Jun 2004 17:51:56 +0000 (GMT) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5552E43D2D; Fri, 18 Jun 2004 17:51:56 +0000 (GMT) (envelope-from bright@elvis.mu.org) Received: by elvis.mu.org (Postfix, from userid 1192) id 5EC025C812; Fri, 18 Jun 2004 10:51:21 -0700 (PDT) Date: Fri, 18 Jun 2004 10:51:21 -0700 From: Alfred Perlstein To: freebsd-net@FreeBSD.org, kris@FreeBSD.org, Jonathan Lennox , freebsd-gnats-submit@FreeBSD.org Message-ID: <20040618175121.GZ61448@elvis.mu.org> References: <20040618114929.GE58783@empiric.dek.spc.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040618114929.GE58783@empiric.dek.spc.org> User-Agent: Mutt/1.4.2.1i Subject: Re: kern/56461: FreeBSD client rpc.lockd incompatible with Linux server rpc.lockd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2004 17:51:56 -0000 This fucking sucks. *Sigh* make it a sysctl, but can someone please lay the smack down on the linuxiots and have them fix thier crap? * Bruce M Simpson [040618 04:50] wrote: > I've attached my thoughts on this issue. I haven't gone ahead and > committed the fix in the PR as it makes us just as braindead as Linux, > but it would be good to be able to have this in GENERIC so that it > can be enabled in those situations where it's needed. > > Regards, > BMS > Synopsis: > > Linux NFS advisory locks are broken and incompatible with the rest > of the world. FreeBSD 5.x in particular uses BSD/OS derived NFS code > and thus is affected. FreeBSD 4.x does not implement client-side NFS > advisory locks. > > This problem is also documented as existing for MacOS X, IRIX and BSD/OS: > http://www.netsys.com/bsdi-users/2002-04/msg00036.html > http://www.uwsg.iu.edu/hypermail/linux/kernel/0311.0/0498.html > http://lists.freebsd.org/pipermail/freebsd-hackers/2003-July/001833.html > http://lists.freebsd.org/pipermail/freebsd-hackers/2003-April/000592.html > > The patch provided in the PR is verified to solve the problem, but > it would be good to make this functionality optional at run-time, > as many people are likely to be using Linux NFS shares read/write > with advisory locks. > > Walkthrough: > > The addition of pid_start to struct lockd_msg_ident is what triggered > this problem. The offending member is referenced by the NFS code, and > rpc.lockd itself. > > The kernel interface code for rpc.lockd resides in > src/usr.sbin/rpc.lockd/kern.c. > > LOCKD_MSG is what gets passed from the kernel to rpc.lockd via the > named pipe /var/run/lock. > > NFSCLNT_LOCKDANS is used by lockd to send a response back. struct > lockd_ans is the structure passed via this syscall. The kernel code > for this is in nfslockdans(), in src/sys/nfsclient/nfs_lock.c. > > Proposed solution: > > Actual NLM request conversion to/from the kernel happens in rpc.lockd; > there are several places in kern.c, notably test_request() and > lock_request(), which reference struct nlm4_testargs, struct nlm_testargs, > struct nlm_lockargs, and struct nlm4_lockargs. > These are defined in src/include/rpcsvc/nlm_prot.x. > > XXX Are the lockd cookies different from the regular NFS filehandles? > > arg4.cookie.n_bytes = (char *)&msg->lm_msg_ident; > arg4.cookie.n_len = sizeof(msg->lm_msg_ident); > > There's no need to change this structure, just the number of bytes > provided by it; the lm_msg_ident structure needs to change if we're > doing Linux compatbility, and is probably best served by adding > a sysctl to keep track of whether we're in this mode or not. > > So embedding a union of structs in lm_msg_ident is probably the way to go, > and taking the sizeof() the embedded struct as appropriate. > > I would suggest adding a sysctl to the tree: vfs.nfs.pid_start_locks, > "Use process start time as well as PID to differentiate client-side NFS locks". > This should be referenced from nfslockdans() as per the original patch > to check if the timercmp comparison should be skipped. -- - Alfred Perlstein - Research Engineering Development Inc. - email: bright@mu.org cell: 408-480-4684 From owner-freebsd-net@FreeBSD.ORG Fri Jun 18 21:09:54 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E41A16A4CE; Fri, 18 Jun 2004 21:09:54 +0000 (GMT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id C346A43D31; Fri, 18 Jun 2004 21:09:53 +0000 (GMT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.11/8.12.11) with ESMTP id i5IL8ef7054134; Fri, 18 Jun 2004 17:08:40 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.11/8.12.11/Submit) id i5IL8eQx054133; Fri, 18 Jun 2004 17:08:40 -0400 (EDT) (envelope-from barney) Date: Fri, 18 Jun 2004 17:08:40 -0400 From: Barney Wolff To: Alfred Perlstein Message-ID: <20040618210840.GA53218@pit.databus.com> References: <20040618114929.GE58783@empiric.dek.spc.org> <20040618175121.GZ61448@elvis.mu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040618175121.GZ61448@elvis.mu.org> User-Agent: Mutt/1.5.6i X-Scanned-By: MIMEDefang 2.43 cc: Jonathan Lennox cc: freebsd-net@freebsd.org Subject: Re: kern/56461: FreeBSD client rpc.lockd incompatible with Linux server rpc.lockd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2004 21:09:54 -0000 On Fri, Jun 18, 2004 at 10:51:21AM -0700, Alfred Perlstein wrote: > > *Sigh* make it a sysctl, but can someone please lay the smack > down on the linuxiots and have them fix thier crap? > > * Bruce M Simpson [040618 04:50] wrote: > > > > Linux NFS advisory locks are broken and incompatible with the rest > > of the world. FreeBSD 5.x in particular uses BSD/OS derived NFS code > > and thus is affected. FreeBSD 4.x does not implement client-side NFS > > advisory locks. > > > > This problem is also documented as existing for MacOS X, IRIX and BSD/OS: > > http://www.netsys.com/bsdi-users/2002-04/msg00036.html > > http://www.uwsg.iu.edu/hypermail/linux/kernel/0311.0/0498.html > > http://lists.freebsd.org/pipermail/freebsd-hackers/2003-July/001833.html > > http://lists.freebsd.org/pipermail/freebsd-hackers/2003-April/000592.html > > > > The patch provided in the PR is verified to solve the problem, but > > it would be good to make this functionality optional at run-time, > > as many people are likely to be using Linux NFS shares read/write > > with advisory locks. Pardon an ignorant question, but what happens to unfortunate people who have to talk to both Linux and non-quirky servers at the same time? Is there a way to detect what flavor of server you're talking to and adjust accordingly? That would be far better than a sysctl. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Fri Jun 18 21:19:58 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C52816A4CE; Fri, 18 Jun 2004 21:19:58 +0000 (GMT) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 66D7743D1F; Fri, 18 Jun 2004 21:19:58 +0000 (GMT) (envelope-from bright@elvis.mu.org) Received: by elvis.mu.org (Postfix, from userid 1192) id 3324A5C827; Fri, 18 Jun 2004 14:19:17 -0700 (PDT) Date: Fri, 18 Jun 2004 14:19:17 -0700 From: Alfred Perlstein To: Barney Wolff Message-ID: <20040618211917.GF61448@elvis.mu.org> References: <20040618114929.GE58783@empiric.dek.spc.org> <20040618175121.GZ61448@elvis.mu.org> <20040618210840.GA53218@pit.databus.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040618210840.GA53218@pit.databus.com> User-Agent: Mutt/1.4.2.1i cc: Jonathan Lennox cc: freebsd-net@freebsd.org Subject: Re: kern/56461: FreeBSD client rpc.lockd incompatible with Linux server rpc.lockd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2004 21:19:58 -0000 * Barney Wolff [040618 14:09] wrote: > On Fri, Jun 18, 2004 at 10:51:21AM -0700, Alfred Perlstein wrote: > > > > *Sigh* make it a sysctl, but can someone please lay the smack > > down on the linuxiots and have them fix thier crap? > > > > * Bruce M Simpson [040618 04:50] wrote: > > > > > > Linux NFS advisory locks are broken and incompatible with the rest > > > of the world. FreeBSD 5.x in particular uses BSD/OS derived NFS code > > > and thus is affected. FreeBSD 4.x does not implement client-side NFS > > > advisory locks. > > > > > > This problem is also documented as existing for MacOS X, IRIX and BSD/OS: > > > http://www.netsys.com/bsdi-users/2002-04/msg00036.html > > > http://www.uwsg.iu.edu/hypermail/linux/kernel/0311.0/0498.html > > > http://lists.freebsd.org/pipermail/freebsd-hackers/2003-July/001833.html > > > http://lists.freebsd.org/pipermail/freebsd-hackers/2003-April/000592.html > > > > > > The patch provided in the PR is verified to solve the problem, but > > > it would be good to make this functionality optional at run-time, > > > as many people are likely to be using Linux NFS shares read/write > > > with advisory locks. > > Pardon an ignorant question, but what happens to unfortunate people who > have to talk to both Linux and non-quirky servers at the same time? Is > there a way to detect what flavor of server you're talking to and adjust > accordingly? That would be far better than a sysctl. Mount option? Can we do that these days? -- - Alfred Perlstein - Research Engineering Development Inc. - email: bright@mu.org cell: 408-480-4684 From owner-freebsd-net@FreeBSD.ORG Fri Jun 18 21:29:05 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 89F2C16A4CE; Fri, 18 Jun 2004 21:29:05 +0000 (GMT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2DB3F43D46; Fri, 18 Jun 2004 21:29:05 +0000 (GMT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.11/8.12.11) with ESMTP id i5ILT2bJ055562; Fri, 18 Jun 2004 17:29:02 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.11/8.12.11/Submit) id i5ILT1UP055561; Fri, 18 Jun 2004 17:29:01 -0400 (EDT) (envelope-from barney) Date: Fri, 18 Jun 2004 17:29:01 -0400 From: Barney Wolff To: Alfred Perlstein Message-ID: <20040618212901.GA55428@pit.databus.com> References: <20040618114929.GE58783@empiric.dek.spc.org> <20040618175121.GZ61448@elvis.mu.org> <20040618210840.GA53218@pit.databus.com> <20040618211917.GF61448@elvis.mu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040618211917.GF61448@elvis.mu.org> User-Agent: Mutt/1.5.6i X-Scanned-By: MIMEDefang 2.43 cc: Jonathan Lennox cc: freebsd-net@freebsd.org Subject: Re: kern/56461: FreeBSD client rpc.lockd incompatible with Linux server rpc.lockd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2004 21:29:05 -0000 On Fri, Jun 18, 2004 at 02:19:17PM -0700, Alfred Perlstein wrote: > * Barney Wolff [040618 14:09] wrote: > > > > Pardon an ignorant question, but what happens to unfortunate people who > > have to talk to both Linux and non-quirky servers at the same time? Is > > there a way to detect what flavor of server you're talking to and adjust > > accordingly? That would be far better than a sysctl. > > Mount option? Can we do that these days? I was really hoping for something not requiring user knowledge and intervention. pf seems to have some automatic os detection features, for example, if I'm reading its manpage correctly. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Fri Jun 18 22:35:54 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 45DE216A4CE; Fri, 18 Jun 2004 22:35:54 +0000 (GMT) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE68943D2F; Fri, 18 Jun 2004 22:35:53 +0000 (GMT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.12.10/8.12.10) id i5IMZ7vj081630; Fri, 18 Jun 2004 17:35:07 -0500 (CDT) (envelope-from dan) Date: Fri, 18 Jun 2004 17:35:07 -0500 From: Dan Nelson To: freebsd-net@FreeBSD.org, alfred@FreeBSD.org, kris@FreeBSD.org, Jonathan Lennox , freebsd-gnats-submit@FreeBSD.org Message-ID: <20040618223507.GA74627@dan.emsphone.com> References: <20040618114929.GE58783@empiric.dek.spc.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040618114929.GE58783@empiric.dek.spc.org> X-OS: FreeBSD 5.2-CURRENT X-message-flag: Outlook Error User-Agent: Mutt/1.5.6i Subject: Re: kern/56461: FreeBSD client rpc.lockd incompatible with Linux server rpc.lockd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2004 22:35:54 -0000 In the last episode (Jun 18), Bruce M Simpson said: > I've attached my thoughts on this issue. I haven't gone ahead and > committed the fix in the PR as it makes us just as braindead as > Linux, but it would be good to be able to have this in GENERIC so > that it can be enabled in those situations where it's needed. Linux kernels 2.4.26 and above have fixed this particular bug, so the need for a compatibility hack on our end is not as great anymore. http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.26 , search for "cookie". -- Dan Nelson dnelson@allantgroup.com From owner-freebsd-net@FreeBSD.ORG Sat Jun 19 14:57:08 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D0B7B16A4CE; Sat, 19 Jun 2004 14:57:08 +0000 (GMT) Received: from comp.chem.msu.su (comp.chem.msu.su [158.250.32.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id DAE4C43D41; Sat, 19 Jun 2004 14:57:07 +0000 (GMT) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (localhost [127.0.0.1]) by comp.chem.msu.su (8.12.9p2/8.12.9) with ESMTP id i5JEuoYj081518; Sat, 19 Jun 2004 18:56:50 +0400 (MSD) (envelope-from yar@comp.chem.msu.su) Received: (from yar@localhost) by comp.chem.msu.su (8.12.9p2/8.12.9/Submit) id i5JEunBb081513; Sat, 19 Jun 2004 18:56:49 +0400 (MSD) (envelope-from yar) Date: Sat, 19 Jun 2004 18:56:48 +0400 From: Yar Tikhiy To: hackers@freebsd.org, net@freebsd.org Message-ID: <20040619145648.GB77898@comp.chem.msu.su> References: <20040508034514.GA937@grosbein.pp.ru> <20040508132354.GB44214@comp.chem.msu.su> <20040515182157.GB89625@comp.chem.msu.su> <20040516141658.GA39893@comp.chem.msu.su> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040516141658.GA39893@comp.chem.msu.su> User-Agent: Mutt/1.5.6i cc: Eugene Grosbein Subject: Re: TIME_WAIT sockets from other users (was Re: bin/65928: [PATCH] stock ftpd uses superuser credentials for active mode sockets) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Jun 2004 14:57:09 -0000 On Sun, May 16, 2004 at 06:16:58PM +0400, Yar Tikhiy wrote in <20040516141658.GA39893@comp.chem.msu.su>: > Note for the impatient: This message does not discuss the well-known > issue of reusing local addresses through setting SO_REUSEADDR. This > message is on reusing local addresses occupied by sockets belonging > to other users. [...] > > Attached below is a patch addressing the issue of the inability to > > reuse a local IP:port couple occupied by an established TCP connection > > from another user, but by no listeners. Could anybody with fair > > understanding of our TCP/IP stack review it please? Thanks. [...] > One more detail to note: > > Currently if another user's socket is in the TIME_WAIT state, it > still counts as occupying the local IP:port couple. I cannot see > the point of such a behaviour. Restricting bind() is to disallow > unprivileged port stealth, but how can one steal a connection in > the TIME_WAIT state? > > For FreeBSD-4 the above patch would take care of this case along > with established connections, but in CURRENT TIME_WAIT connections > are a special case since they no longer use full-blown state. > Therefore, for CURRENT the above patch mutates into the below one. [...] Since I've got no feedback on this issue, I have little hope that someone will pay attention to my next patch ;-) However, I have no experience with IPv6, so currently I've got no choice but to offer my patch for your review, friends, so that some kind person might take a glance at it while I'm exercising myself over IPv6 ;-) I made this patch by analogy with the IPv4 one, which is already in the CURRENT kernel--luckily, the IPv6 code is rather comprehensible. It addresses the same issue I was talking about a month ago, but for the IPv6 stack: It enables the non-root reuse of local address:port tuples occupied by established or TIME_WAIT TCP connections from other local users, as long as these particular cases have no security implications a.k.a. "port theft." -- Yar Index: in6_pcb.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/in6_pcb.c,v retrieving revision 1.52 diff -u -p -r1.52 in6_pcb.c --- in6_pcb.c 12 Jun 2004 20:59:48 -0000 1.52 +++ in6_pcb.c 19 Jun 2004 14:15:14 -0000 @@ -194,14 +194,10 @@ in6_pcbbind(inp, nam, cred) t = in6_pcblookup_local(pcbinfo, &sin6->sin6_addr, lport, INPLOOKUP_WILDCARD); - if (t && (t->inp_vflag & INP_TIMEWAIT)) { - if ((!IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr) || - !IN6_IS_ADDR_UNSPECIFIED(&t->in6p_laddr) || - !(intotw(t)->tw_so_options & SO_REUSEPORT)) - && so->so_cred->cr_uid != - intotw(t)->tw_cred->cr_uid) - return (EADDRINUSE); - } else if (t && + if (t && + ((t->inp_vflag & INP_TIMEWAIT) == 0) && + (so->so_type != SOCK_STREAM || + IN6_IS_ADDR_UNSPECIFIED(&t->in6p_faddr)) && (!IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr) || !IN6_IS_ADDR_UNSPECIFIED(&t->in6p_laddr) || (t->inp_socket->so_options & SO_REUSEPORT) @@ -216,17 +212,12 @@ in6_pcbbind(inp, nam, cred) t = in_pcblookup_local(pcbinfo, sin.sin_addr, lport, INPLOOKUP_WILDCARD); - if (t && (t->inp_vflag & INP_TIMEWAIT)) { - if (so->so_cred->cr_uid != - intotw(t)->tw_cred->cr_uid && - (ntohl(t->inp_laddr.s_addr) != - INADDR_ANY || - ((inp->inp_vflag & - INP_IPV6PROTO) == - (t->inp_vflag & - INP_IPV6PROTO)))) - return (EADDRINUSE); - } else if (t && + if (t && + ((t->inp_vflag & + INP_TIMEWAIT) == 0) && + (so->so_type != SOCK_STREAM || + ntohl(t->inp_faddr.s_addr) == + INADDR_ANY) && (so->so_cred->cr_uid != t->inp_socket->so_cred->cr_uid) && (ntohl(t->inp_laddr.s_addr) != From owner-freebsd-net@FreeBSD.ORG Sat Jun 19 23:20:39 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4187B16A4CE for ; Sat, 19 Jun 2004 23:20:39 +0000 (GMT) Received: from hanoi.cronyx.ru (hanoi.cronyx.ru [144.206.181.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id 24DD943D2F for ; Sat, 19 Jun 2004 23:20:36 +0000 (GMT) (envelope-from rik@cronyx.ru) Received: (from root@localhost) by hanoi.cronyx.ru id i5JNHBhA001696 for net@freebsd.org.checked; (8.12.8/vak/2.1) Sun, 20 Jun 2004 03:17:11 +0400 (MSD) (envelope-from rik@cronyx.ru) Received: from cronyx.ru (rik.cronyx.ru [172.22.4.1]) by hanoi.cronyx.ru with ESMTP id i5JNFPAY001573; (8.12.8/vak/2.1) Sun, 20 Jun 2004 03:15:26 +0400 (MSD) (envelope-from rik@cronyx.ru) Message-ID: <40D4C79B.2050400@cronyx.ru> Date: Sun, 20 Jun 2004 03:09:15 +0400 From: Roman Kurakin User-Agent: Mozilla/5.0 (X11; U; Linux i686; ru-RU; rv:1.2.1) Gecko/20030426 X-Accept-Language: ru-ru, en MIME-Version: 1.0 To: net@freebsd.org Content-Type: multipart/mixed; boundary="------------060602090403030304070006" cc: joerg@freebsd.org Subject: if_sppp X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Jun 2004 23:20:39 -0000 This is a multi-part message in MIME format. --------------060602090403030304070006 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hi, I want to propose a patch for sppp. Problem: If we have max_failure < MAXALIVECNT*5 we will send conf-rej for magic. Solution: Loopback could be treated as a special case and thus we may not count it as a failure. --------------060602090403030304070006 Content-Type: text/plain; name="if_sppp.pch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="if_sppp.pch" Index: if_spppsubr.c =================================================================== RCS file: /CVS/FreeBSD/src/sys/net/if_spppsubr.c,v retrieving revision 1.110 diff -u -r1.110 if_spppsubr.c --- if_spppsubr.c 15 Jun 2004 23:57:41 -0000 1.110 +++ if_spppsubr.c 19 Jun 2004 22:51:13 -0000 @@ -2381,7 +2381,8 @@ lcp.Down(sp); lcp.Up(sp); } - } else if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { + } else if (!sp->pp_loopcnt && + ++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { if (debug) log(-1, " max_failure (%d) exceeded, " "send conf-rej\n", --------------060602090403030304070006--