From owner-freebsd-net@FreeBSD.ORG Sun Sep 12 00:01:59 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9847016A4CF for ; Sun, 12 Sep 2004 00:01:59 +0000 (GMT) Received: from bigass1.bitblock.com (ns1.bitblock.com [66.199.170.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id DBF4643D1F for ; Sun, 12 Sep 2004 00:01:58 +0000 (GMT) (envelope-from mitch@bitblock.com) Received: from a1200 ([70.69.85.4]) (AUTH: LOGIN mitch@bitblock.com) by bigass1.bitblock.com with esmtp; Sun, 12 Sep 2004 00:01:54 +0000 X-Abuse-Reports: Visit http://www.bitblock.com/abuse.php X-Abuse-Reports: and submit a copy of the message headers X-Abuse-Reports: or review our policies and procedures X-Abuse-Reports: ID= 414391F2.00009DB5.bigass1.bitblock.com,dns; a1200 ([70.69.85.4]),AUTH: LOGIN mitch@bitblock.com From: "Mitch (bitblock)" To: "Bob Ababurko" , freebsd-net@FreeBSD.org Date: Sat, 11 Sep 2004 17:01:53 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <5.2.1.1.0.20040911194241.01c0e928@mail.dc2.adelphia.net> Subject: RE: gateway for separate networks X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Sep 2004 00:01:59 -0000 Assuming the second nic is used for it's own private subnet, and not a second route to the internet (which would require a much fancier setup ;-) you don't need to do anything except add the interface, configure it, and adjust any firewall rules to allow whatever access you need. Any services you are running on the box that SPECIFICALLY listen to a certain address may be changed to listen on all addresses or to add this new address if needed. hth. m/ > -----Original Message----- > From: owner-freebsd-net@freebsd.org > [mailto:owner-freebsd-net@freebsd.org]On Behalf Of Bob Ababurko > Sent: Saturday, September 11, 2004 4:49 PM > To: freebsd-net@FreeBSD.org > Subject: gateway for separate networks > > > Hello all- > > I want to install another NIC in my box running 5.2.1 to > access another > network. Since I have never done this before, I have a question > about the > gateway that the second NIC will use....more specifically, where do I > configure the gateway for the second NIC. I have the > defaultrouter in the > rc.conf file for the first, do I do the same or do I add routes to tackle > this. If someone could show me any resources on the web that deals with > this,that would be great. > > thanks, > Bob > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Sun Sep 12 01:41:28 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 494FA16A4D0 for ; Sun, 12 Sep 2004 01:41:26 +0000 (GMT) Received: from mta9.adelphia.net (mta9.adelphia.net [68.168.78.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id E55B443D41 for ; Sun, 12 Sep 2004 01:41:25 +0000 (GMT) (envelope-from ababurko@adelphia.net) Received: from ample.adelphia.net ([24.52.224.96]) by mta9.adelphia.net (InterMail vM.6.01.03.02 201-2131-111-104-20040324) with ESMTP id <20040912014125.PTFS2583.mta9.adelphia.net@ample.adelphia.net> for ; Sat, 11 Sep 2004 21:41:25 -0400 Message-Id: <5.2.1.1.0.20040911214032.01bfbbd8@mail.dc2.adelphia.net> X-Sender: ababurko@mail.dc2.adelphia.net X-Mailer: QUALCOMM Windows Eudora Version 5.2.1 Date: Sat, 11 Sep 2004 21:41:16 -0400 To: freebsd-net@FreeBSD.org From: Bob Ababurko In-Reply-To: References: <5.2.1.1.0.20040911194241.01c0e928@mail.dc2.adelphia.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: RE: gateway for separate networks X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Sep 2004 01:41:28 -0000 I should have been more descriptive in describing what I need. I have two networks that are routed to me via a serial connection, namely a T1. I have just installed a new router and it has two ethernet ports that will route to the two different networks. What I want to do is have a single machine have two routes to the Internet, but each NIC going through its respective network...one is a /24 and the other a /28. So, i would think that this would require that "fancier setup", due to the fact that I want traffic going out each nic to go through its networks gateway. Now, what is this fancier setup? /bob At 05:01 PM 9/11/2004 -0700, you wrote: >Assuming the second nic is used for it's own private subnet, and not a >second route to the internet (which would require a much fancier setup ;-) >you don't need to do anything except add the interface, configure it, and >adjust any firewall rules to allow whatever access you need. > >Any services you are running on the box that SPECIFICALLY listen to a >certain address may be changed to listen on all addresses or to add this new >address if needed. > >hth. > >m/ > > > -----Original Message----- > > From: owner-freebsd-net@freebsd.org > > [mailto:owner-freebsd-net@freebsd.org]On Behalf Of Bob Ababurko > > Sent: Saturday, September 11, 2004 4:49 PM > > To: freebsd-net@FreeBSD.org > > Subject: gateway for separate networks > > > > > > Hello all- > > > > I want to install another NIC in my box running 5.2.1 to > > access another > > network. Since I have never done this before, I have a question > > about the > > gateway that the second NIC will use....more specifically, where do I > > configure the gateway for the second NIC. I have the > > defaultrouter in the > > rc.conf file for the first, do I do the same or do I add routes to tackle > > this. If someone could show me any resources on the web that deals with > > this,that would be great. > > > > thanks, > > Bob > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Sun Sep 12 05:18:17 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5DCA216A4CE for ; Sun, 12 Sep 2004 05:18:17 +0000 (GMT) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id 26DAF43D2F for ; Sun, 12 Sep 2004 05:18:17 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin02-en2 [10.13.10.147]) by smtpout.mac.com (Xserve/MantshX 2.0) with ESMTP id i8C5IFIT022866; Sat, 11 Sep 2004 22:18:15 -0700 (PDT) Received: from [192.168.1.6] (pool-68-160-193-218.ny325.east.verizon.net [68.160.193.218]) (authenticated bits=0)i8C5IEOt019081; Sat, 11 Sep 2004 22:18:15 -0700 (PDT) In-Reply-To: <5.2.1.1.0.20040911214032.01bfbbd8@mail.dc2.adelphia.net> References: <5.2.1.1.0.20040911194241.01c0e928@mail.dc2.adelphia.net> <5.2.1.1.0.20040911214032.01bfbbd8@mail.dc2.adelphia.net> Mime-Version: 1.0 (Apple Message framework v619) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <20D96E28-047B-11D9-A326-003065A20588@mac.com> Content-Transfer-Encoding: 7bit From: Charles Swiger Date: Sun, 12 Sep 2004 01:18:06 -0400 To: Bob Ababurko X-Mailer: Apple Mail (2.619) cc: freebsd-net@FreeBSD.org Subject: Re: gateway for separate networks X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Sep 2004 05:18:17 -0000 On Sep 11, 2004, at 9:41 PM, Bob Ababurko wrote: > I have two networks that are routed to me via a serial connection, > namely a T1. I have just installed a new router and it has two > ethernet ports that will route to the two different networks. What I > want to do is have a single machine have two routes to the Internet, > but each NIC going through its respective network...one is a /24 and > the other a /28. So, i would think that this would require that > "fancier setup", due to the fact that I want traffic going out each > nic to go through its networks gateway. Now, what is this fancier > setup? Talk to your ISPs about setting up BGP peering. This probably involves getting an ASN from www.arin.net and a portable IP netblock. [ If you don't understand what I just said, ask your ISP. ] -- -Chuck From owner-freebsd-net@FreeBSD.ORG Sun Sep 12 14:25:41 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A87216A4CE for ; Sun, 12 Sep 2004 14:25:41 +0000 (GMT) Received: from mta9.adelphia.net (mta9.adelphia.net [68.168.78.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id E2C1143D54 for ; Sun, 12 Sep 2004 14:25:40 +0000 (GMT) (envelope-from ababurko@adelphia.net) Received: from ample.adelphia.net ([24.52.224.96]) by mta9.adelphia.net (InterMail vM.6.01.03.02 201-2131-111-104-20040324) with ESMTP id <20040912142540.BXSL2583.mta9.adelphia.net@ample.adelphia.net>; Sun, 12 Sep 2004 10:25:40 -0400 Message-Id: <5.2.1.1.0.20040912095224.01c29230@mail.dc2.adelphia.net> X-Sender: ababurko@mail.dc2.adelphia.net X-Mailer: QUALCOMM Windows Eudora Version 5.2.1 Date: Sun, 12 Sep 2004 10:25:31 -0400 To: Charles Swiger From: Bob Ababurko In-Reply-To: <20D96E28-047B-11D9-A326-003065A20588@mac.com> References: <5.2.1.1.0.20040911214032.01bfbbd8@mail.dc2.adelphia.net> <5.2.1.1.0.20040911194241.01c0e928@mail.dc2.adelphia.net> <5.2.1.1.0.20040911214032.01bfbbd8@mail.dc2.adelphia.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed cc: freebsd-net@FreeBSD.org Subject: Re: gateway for separate networks X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Sep 2004 14:25:41 -0000 At 01:18 AM 9/12/2004 -0400, Charles Swiger wrote: >On Sep 11, 2004, at 9:41 PM, Bob Ababurko wrote: >>I have two networks that are routed to me via a serial connection, namely >>a T1. I have just installed a new router and it has two ethernet ports >>that will route to the two different networks. What I want to do is have >>a single machine have two routes to the Internet, but each NIC going >>through its respective network...one is a /24 and the other a /28. So, i >>would think that this would require that "fancier setup", due to the fact >>that I want traffic going out each nic to go through its networks >>gateway. Now, what is this fancier setup? > >Talk to your ISPs about setting up BGP peering. This probably involves >getting an ASN from www.arin.net and a portable IP netblock. > >[ If you don't understand what I just said, ask your ISP. ] > >-- >-Chuck OK, I think that I need to make a few more points to make this clearer......sorry about that. The two networks that I have are from the same ISP. They get routed to me via the T1 and land on my serial port. What I have then are two ethernet ports on my router(for a total of three, counting the serial for the T1 link), which are the gateways for the networks that I want to bring up. Right now I have both of the networks up with machines attached which are passing traffic just fine. What I want to do is use one machine to send and receive packets or traffic with two NICs connected to their respective networks instead of using two separate machines to do the duty. It is a matter of telling the machine what to do with the traffic depending what network the traffic originated from. So, if I want traffic to flow using the second NIC, I need to be able to tell the traffic to go out the second NIC to the gateway for that network. Maybe, this is something that is just not possible, but I don't really see why it would be such a big deal, if traffic from a second NIC can traverse a plain old subnet. I just need to add a gateway to that subnet! Ok, what I ultimately want to be able to do is send and receive email from both networks, as each of these network has a specific duty. I am interested in this to cut down on hardware costs, and have not investigated this at the application level to even be able to say it is possible. What I can do, is run another instance of the MTA if it comes down to it. -Bob From owner-freebsd-net@FreeBSD.ORG Sun Sep 12 14:37:41 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 436B516A4CE for ; Sun, 12 Sep 2004 14:37:41 +0000 (GMT) Received: from mail.icn.bmstu.ru (h133.net37.bmstu.ru [195.19.37.133]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3E8ED43D4C for ; Sun, 12 Sep 2004 14:37:40 +0000 (GMT) (envelope-from citrin@icn.bmstu.ru) Received: from citrin.icn.bmstu.ru (tiny.icn.bmstu.ru [192.168.54.120]) by mail.icn.bmstu.ru (Postfix) with ESMTP id D658892DC2 for ; Sun, 12 Sep 2004 18:37:07 +0400 (MSD) Received: from c3n.icn.bmstu.ru (c3n.icn.bmstu.ru [192.168.8.254]) by citrin.icn.bmstu.ru (Postfix) with ESMTP id 36EB0451DE for ; Sun, 12 Sep 2004 18:37:04 +0400 (MSD) Date: Sun, 12 Sep 2004 18:35:26 +0400 From: "Anton V. Yuzhaninov" X-Mailer: The Bat! (v2.11.02) CD5BF9353B3B7091 Organization: www.icn.bmstu.ru X-Priority: 3 (Normal) Message-ID: <487311938.20040912183526@icn.bmstu.ru> To: Bob Ababurko In-Reply-To: <5.2.1.1.0.20040911214032.01bfbbd8@mail.dc2.adelphia.net> References: <5.2.1.1.0.20040911194241.01c0e928@mail.dc2.adelphia.net> <5.2.1.1.0.20040911214032.01bfbbd8@mail.dc2.adelphia.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re[2]: gateway for separate networks X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: citrin@icn.bmstu.ru List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Sep 2004 14:37:41 -0000 Policy based routing can be necessary for you? It can be made with the help ipfw fwd or ipfilter: http://www.bsdnews.org/01/policy_routing.php Bob Ababurko wrote: BA> I should have been more descriptive in describing what I need. I have two BA> networks that are routed to me via a serial connection, namely a T1. I BA> have just installed a new router and it has two ethernet ports that will BA> route to the two different networks. What I want to do is have a single BA> machine have two routes to the Internet, but each NIC going through its BA> respective network...one is a /24 and the other a /28. So, i would think BA> that this would require that "fancier setup", due to the fact that I want BA> traffic going out each nic to go through its networks gateway. Now, what BA> is this fancier setup? -- WBR, Anton V. Yuzhaninov From owner-freebsd-net@FreeBSD.ORG Mon Sep 13 11:02:15 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AEA2E16A4CE for ; Mon, 13 Sep 2004 11:02:15 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id A491A43D39 for ; Mon, 13 Sep 2004 11:02:15 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i8DB2FEg048798 for ; Mon, 13 Sep 2004 11:02:15 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i8DB2EkT048791 for freebsd-net@freebsd.org; Mon, 13 Sep 2004 11:02:14 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 13 Sep 2004 11:02:14 GMT Message-Id: <200409131102.i8DB2EkT048791@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Sep 2004 11:02:15 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2002/07/26] kern/41007 net overfull traffic on third and fourth adap o [2002/10/21] kern/44355 net After deletion of an IPv6 alias, the rout o [2003/10/14] kern/57985 net [patch] Missing splx in ether_output_fram 3 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2001/02/08] kern/24959 net proper TCP_NOPUSH/TCP_CORK compatibility o [2003/07/11] kern/54383 net [nfs] [patch] NFS root configurations wit 2 problems total. From owner-freebsd-net@FreeBSD.ORG Mon Sep 13 11:33:50 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 446A716A4CE for ; Mon, 13 Sep 2004 11:33:50 +0000 (GMT) Received: from southcross.homeunix.org (dhcp20.iit.cnr.it [146.48.99.83]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA44F43D31 for ; Mon, 13 Sep 2004 11:33:49 +0000 (GMT) (envelope-from flag@tin.it) Received: by southcross.homeunix.org (Postfix, from userid 1001) id 572C8209B; Mon, 13 Sep 2004 13:44:01 +0200 (CEST) Date: Mon, 13 Sep 2004 13:44:01 +0200 From: Paolo Pisati To: FreeBSD_Net Message-ID: <20040913114400.GA1527@tin.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: pxe FreeBSD-5.3-beta4: btx halted X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Sep 2004 11:33:50 -0000 Hi guys, i'm pxe-booting freebsd inside a vmware system running on top of my freebsd box that acts like dhcp/tftp/nfs/etcetc server for the diskless (vmware) client. vmware boots, it gets ip&c from dhcp server, starts tftp and trasfer the bootloader but then, it hangs with a regs dump and the msg: btx halted. To see a complete regs dump and error code i made a screenshot of it available here: http://www.gufi.org/~flag/vmware-btx-hlt.gif any idea would be GREATLY appreciated cause it would be very nice to make it work... =) (and it would help me a lot for kernel debugging... =P) bye -- Paolo Italian FreeBSD User Group: http://www.gufi.org From owner-freebsd-net@FreeBSD.ORG Mon Sep 13 14:31:03 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D420016A4CE; Mon, 13 Sep 2004 14:31:03 +0000 (GMT) Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5D9BE43D4C; Mon, 13 Sep 2004 14:31:01 +0000 (GMT) (envelope-from gallatin@cs.duke.edu) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.12.10/8.12.10) with ESMTP id i8DEV0Jt013419 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 13 Sep 2004 10:31:00 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.12.9p2/8.12.9/Submit) id i8DEUtA0067147; Mon, 13 Sep 2004 10:30:55 -0400 (EDT) (envelope-from gallatin) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16709.44831.636965.904193@grasshopper.cs.duke.edu> Date: Mon, 13 Sep 2004 10:30:55 -0400 (EDT) To: Andre Oppermann In-Reply-To: <4142397E.A167AE94@freebsd.org> References: <16706.13257.676586.513738@grasshopper.cs.duke.edu> <4142397E.A167AE94@freebsd.org> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid cc: freebsd-net@freebsd.org Subject: Re: packet generator X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Sep 2004 14:31:03 -0000 Andre Oppermann writes: > > netgraph/ng_source.c > > Doesn't have a man page though. > Actually it does! Its just never installed.. I'm glad there is a manpage, as I'm a netgraph newbie. cvs status ng_source.4 =================================================================== File: ng_source.4 Status: Up-to-date Working revision: 1.5 Thu Dec 4 14:15:43 2003 Repository revision: 1.5 /home/ncvs/src/share/man/man4/ng_source.4,v Sticky Tag: RELENG_5 (branch: 1.5.4) Sticky Date: (none) Sticky Options: (none) Drew From owner-freebsd-net@FreeBSD.ORG Mon Sep 13 15:55:55 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C08E16A4CE for ; Mon, 13 Sep 2004 15:55:55 +0000 (GMT) Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id E06DF43D45 for ; Mon, 13 Sep 2004 15:55:54 +0000 (GMT) (envelope-from gallatin@cs.duke.edu) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.12.10/8.12.10) with ESMTP id i8DFtsJt025484 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 13 Sep 2004 11:55:54 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.12.9p2/8.12.9/Submit) id i8DFtnWC067217; Mon, 13 Sep 2004 11:55:49 -0400 (EDT) (envelope-from gallatin) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16709.49925.44017.257631@grasshopper.cs.duke.edu> Date: Mon, 13 Sep 2004 11:55:49 -0400 (EDT) To: "Don Bowman" In-Reply-To: References: X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid cc: freebsd-net@freebsd.org Subject: RE: packet generator X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Sep 2004 15:55:55 -0000 Don Bowman writes: > From: owner-freebsd-net@freebsd.org > > [mailto:owner-freebsd-net@freebsd.org]On Behalf Of Andrew Gallatin > > Sent: September 10, 2004 19:08 PM > > To: freebsd-net@freebsd.org > > Subject: packet generator > > > > Does anybody have a free, in-kernel tool to generate packets quicky > > and send them out a particular etherent interface on FreeBSD? > > Something similar to pktgen on linux? > > > > I'm trying to excersize just the send-side of programmable firmware > > based NIC. The recieve side of the NIC firmware is not yet written, > > but I want to get started tuning and shaking the bugs out of the send > > side while the firmware author does the recieve path. The packets > > just get dropped on the floor by the NIC, so its a good way to test > > the interface.. > > > > ng_source was a netgraph module we wrote and contributed. > It can transmit ~800Kpps on a PCI-X system. The code is in > src/sys/netgraph/ng_source.c. > I drive it with a tcl library that can create arbitrary > packets with an object-oriented model, let me know if you'd > like to try that. That would be wonderful.. I think I also need a clue ;) Right now, what I've done is this: ifconfig mx0 inet 192.168.1.7 up kldload ng_ether kldload ng_source ngctl mkpeer mx0: source orphans output # use a captured icmp frame as transmit data cat ~/icmp.raw | nghook mx0:orphans input ngctl msg mx0:orphans start 1600 This all works fine, and netstat tells me my driver sent the 1600 frames. ngctl msg mx0:orphans getstats shows me the elapsted time, etc. However, I can't seem to do it twice in a row. Eg, a second ngctl msg mx0:orphans start 1600 does not result in any frames being sent. I've also tried this on an em interface, so I don't think its anything about my driver. I've tried clrdata and re-doing the nghook input, and it does not seem to help. The only way I've found to re-test is to reboot the machine.. What am I doing wrong? (this is RELENG_5 from ~1 week ago). Thanks, Drew From owner-freebsd-net@FreeBSD.ORG Mon Sep 13 17:19:44 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 051CB16A4CE for ; Mon, 13 Sep 2004 17:19:44 +0000 (GMT) Received: from zibbi.icomtek.csir.co.za (zibbi.icomtek.csir.co.za [146.64.24.58]) by mx1.FreeBSD.org (Postfix) with ESMTP id B0BE743D39 for ; Mon, 13 Sep 2004 17:19:39 +0000 (GMT) (envelope-from jhay@icomtek.csir.co.za) Received: from zibbi.icomtek.csir.co.za (localhost [127.0.0.1]) i8DHJVQD006272 for ; Mon, 13 Sep 2004 19:19:31 +0200 (SAST) (envelope-from jhay@zibbi.icomtek.csir.co.za) Received: (from jhay@localhost) by zibbi.icomtek.csir.co.za (8.12.10/8.12.10/Submit) id i8DHJVFC006271 for freebsd-net@freebsd.org; Mon, 13 Sep 2004 19:19:31 +0200 (SAST) (envelope-from jhay) Date: Mon, 13 Sep 2004 19:19:31 +0200 From: John Hay To: freebsd-net@freebsd.org Message-ID: <20040913171931.GA5368@zibbi.icomtek.csir.co.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i Subject: route to host on same network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Sep 2004 17:19:44 -0000 Hi, I'm busy trying to port mobilemesh (www.mitre.org/tech_transfer/mobilemesh) to FreeBSD and run into a problem. The way mobilemesh works is that you use a subnet for the wireless network and then it use host routes to route packets to hosts that are not directly visible. Say for instance that you have hosts 1, 2 and 3 on the 10.0.0.0/24 subnet and machines 1 and 3 can't directly see each other, but both can see host 2, then the mobilemesh routing protocol will try to add a host route to the other machine through host 2. On host 1 it will do something like "route add 10.0.0.3 10.0.0.2" and on host 3 it will do "route add 10.0.0.1 10.0.0.2". This seems to work on Linux (where mobilemesh was developed), but I have been unable to get it to work on FreeBSD. I have also tried various ways with and without -interface and -iface, but none works. Is it supposed to be possible in FreeBSD and if so does someone know how? Thanks. John -- John Hay -- John.Hay@icomtek.csir.co.za / jhay@FreeBSD.org From owner-freebsd-net@FreeBSD.ORG Mon Sep 13 19:39:49 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6209316A4CE for ; Mon, 13 Sep 2004 19:39:49 +0000 (GMT) Received: from relay2.mecon.ar (relay2.mecon.gov.ar [168.101.16.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id EEB2743D1D for ; Mon, 13 Sep 2004 19:39:47 +0000 (GMT) (envelope-from juan@mecon.gov.ar) Received: from racing.mecon.ar (racing.mecon.gov.ar [168.101.133.15]) by relay2.mecon.ar (8.12.8p2/8.12.8) with ESMTP id i8DJdjNR012590 for ; Mon, 13 Sep 2004 16:39:45 -0300 (ART) (envelope-from juan@mecon.gov.ar) Received: from racing.mecon.ar (meyosp.mecon.gov.ar [10.11.0.149]) by racing.mecon.ar (8.12.8p2/8.12.8) with ESMTP id i8DJdiwP085548 for ; Mon, 13 Sep 2004 16:39:45 -0300 (ART) (envelope-from juan@mecon.gov.ar) Received: from bal740v0.mecon.gov.ar (ratab@bal740v0.mecon.ar [10.11.1.26]) by racing.mecon.ar (8.12.8p2/8.12.8) with ESMTP id i8DJdhRh085517 for ; Mon, 13 Sep 2004 16:39:43 -0300 (ART) (envelope-from juan@mecon.gov.ar) Message-Id: <6.1.2.0.2.20040913163722.01f49e70@10.11.0.173> X-Sender: juan@10.11.0.173 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.1.2.0 Date: Mon, 13 Sep 2004 16:39:42 -0300 To: freebsd-net@freebsd.org From: Juan Angel Menendez Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Multipath patches for FreeBSD 4.8, working on a single interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Sep 2004 19:39:49 -0000 > > Hi everyone > > I've just applied Tanzer's multipath routing patches over FreeBSD > 4.8, compiled the kernel and everything worked fine. > > Basically, my idea is to load share default outgoing traffic from > my external mail servers over 2 redundant routers which are on the same LAN. > > I've tried the following: > >#test route add default -pathmetric 1 -gateway 10.10.16.2 -pathmetric 1 >-gateway 10.10.17.2 >add net default > >test# netstat >-nr >Routing tables > >Internet: >Destination Gateway Flags/ Refs/ Use Netif Expire >metric left >default UGSc 114 100 xl0 > 10.10.16.2 1 0 xl0 > *10.10.17.2 1 0 0 xl0 >127.0.0.1 127.0.0.1 UH 10 1000001 lo0 >10.10.16/21 link#1 UC 8 0 xl0 > >test# route -n get default > route to: default >destination: default > mask: default >cur gateway: 10.10.17.2 > multipaths: 10.10.16.2 metric: 1 > 10.10.17.2 metric: 1 > interface: xl0 > flags: > recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu > expire > 0 0 0 0 0 0 1500 > 0 >sockaddrs: > >test# ifconfig xl0 >xl0: flags=8843 mtu 1500 > inet 10.10.16.11 netmask 0xfffff800 broadcast 10.10.23.255 > inet6 fe80::260:8ff:fecc:bc81%xl0 prefixlen 64 scopeid 0x1 > ether 00:60:08:cc:bc:81 > media: Ethernet autoselect (100baseTX ) > status: active > > > I've tried getting a file from the server using ftp, but the > kernel always seems to choose the same path, it doesn't round robin over > different paths. I checked that watching the routers interface's > counters. I've also tried -pathmetric 10 and no -pathmetric at all, > without luck. > > Configuration examples showed how to make it to work using 2 > different NICs, has anyone managed to make it to work using a single NIC > ? Maybe using aliasing ? > > Any help will be appreciated. > >Juan From owner-freebsd-net@FreeBSD.ORG Mon Sep 13 21:13:27 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2EA3816A4CE for ; Mon, 13 Sep 2004 21:13:27 +0000 (GMT) Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id B08A243D5F for ; Mon, 13 Sep 2004 21:13:26 +0000 (GMT) (envelope-from gallatin@cs.duke.edu) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.12.10/8.12.10) with ESMTP id i8DLDQJt021099 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 13 Sep 2004 17:13:26 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.12.9p2/8.12.9/Submit) id i8DLDLZC067550; Mon, 13 Sep 2004 17:13:21 -0400 (EDT) (envelope-from gallatin) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16710.3441.49431.847790@grasshopper.cs.duke.edu> Date: Mon, 13 Sep 2004 17:13:21 -0400 (EDT) To: "Don Bowman" In-Reply-To: References: X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid cc: freebsd-net@freebsd.org Subject: RE: packet generator X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Sep 2004 21:13:27 -0000 Don Bowman writes: > From: owner-freebsd-net@freebsd.org > > [mailto:owner-freebsd-net@freebsd.org]On Behalf Of Andrew Gallatin > > Sent: September 10, 2004 19:08 PM > > To: freebsd-net@freebsd.org > > Subject: packet generator > > > > Does anybody have a free, in-kernel tool to generate packets quicky > > and send them out a particular etherent interface on FreeBSD? > > Something similar to pktgen on linux? > > > > I'm trying to excersize just the send-side of programmable firmware > > based NIC. The recieve side of the NIC firmware is not yet written, > > but I want to get started tuning and shaking the bugs out of the send > > side while the firmware author does the recieve path. The packets > > just get dropped on the floor by the NIC, so its a good way to test > > the interface.. > > > > ng_source was a netgraph module we wrote and contributed. > It can transmit ~800Kpps on a PCI-X system. The code is in > src/sys/netgraph/ng_source.c. I finally figured out that ngctl shutdown mx0:orphans will get things reset enough so that I can re-run the test. I send 1.6 million packets and set things up so that I see these stats at the end: Args: { outOctets=102400000 outFrames=1600000 queueOctets=64 queueFrames=1 startTime={ tv_sec=1095109553 tv_usec=628521 } endTime={ tv_sec=1095109557 tv_usec=546685 } elapsedTime={ tv_sec=3 tv_usec=918164 } } If I put counters in my driver's xmit routine, I see that my driver's xmit routine was called 683441 times. This means that the queue was only a little over two packets deep on average, and vmstat shows idle time. I've tried piping additional packets to nghook mx0:orphans input, but that does not seem to increase the queue depth. My default send queue maxlen is 255 (hw send fifo size) and I (think) I see ng_source increasing it: ng_source: changing ifq_maxlen from 255 to 4096 Hmm.. I wonder if I need to increase hz.. Thanks, Drew From owner-freebsd-net@FreeBSD.ORG Tue Sep 14 01:06:44 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8929716A4CE for ; Tue, 14 Sep 2004 01:06:44 +0000 (GMT) Received: from outbound0.sv.meer.net (outbound0.sv.meer.net [205.217.152.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1DB9343D48 for ; Tue, 14 Sep 2004 01:06:42 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from mail.meer.net (mail.meer.net [209.157.152.14]) i8E15Mr4028205; Mon, 13 Sep 2004 18:05:23 -0700 (PDT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (pc1.oakwoodazabu1-unet.ocn.ne.jp [220.110.140.201]) by mail.meer.net (8.12.1/8.12.2/meer) with ESMTP id i8E151Yt026180; Mon, 13 Sep 2004 18:05:02 -0700 (PDT) (envelope-from gnn@neville-neil.com) Date: Tue, 14 Sep 2004 10:05:00 +0900 Message-ID: From: "George V. Neville-Neil" To: John Hay In-Reply-To: <20040913171931.GA5368@zibbi.icomtek.csir.co.za> References: <20040913171931.GA5368@zibbi.icomtek.csir.co.za> User-Agent: Wanderlust/2.10.1 (Watching The Wheels) SEMI/1.14.5 (Awara-Onsen) FLIM/1.14.5 (Demachiyanagi) APEL/10.5 Emacs/21.2 (powerpc-apple-darwin) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: route to host on same network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2004 01:06:44 -0000 At Mon, 13 Sep 2004 19:19:31 +0200, John Hay wrote: > > Hi, > > I'm busy trying to port mobilemesh (www.mitre.org/tech_transfer/mobilemesh) > to FreeBSD and run into a problem. > > The way mobilemesh works is that you use a subnet for the wireless > network and then it use host routes to route packets to hosts that are > not directly visible. Say for instance that you have hosts 1, 2 and 3 > on the 10.0.0.0/24 subnet and machines 1 and 3 can't directly see each > other, but both can see host 2, then the mobilemesh routing protocol > will try to add a host route to the other machine through host 2. On > host 1 it will do something like "route add 10.0.0.3 10.0.0.2" and > on host 3 it will do "route add 10.0.0.1 10.0.0.2". This seems to work > on Linux (where mobilemesh was developed), but I have been unable to > get it to work on FreeBSD. I have also tried various ways with and > without -interface and -iface, but none works. Is it supposed to be > possible in FreeBSD and if so does someone know how? > What "doesn't work" as in what error, if any, do you get? Or does it just silently fail? Also, what does your routing table look like before and after the commands (netstat -rn). Later, GEorge From owner-freebsd-net@FreeBSD.ORG Tue Sep 14 01:21:16 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 073CC16A4CE for ; Tue, 14 Sep 2004 01:21:16 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 37DCC43D46 for ; Tue, 14 Sep 2004 01:21:15 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.155] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1C720M-0000PI-00; Tue, 14 Sep 2004 03:21:10 +0200 Received: from [84.128.140.198] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1C720K-0008J3-00; Tue, 14 Sep 2004 03:21:09 +0200 From: Max Laier To: freebsd-net@freebsd.org Date: Tue, 14 Sep 2004 03:19:58 +0200 User-Agent: KMail/1.7 References: <20040913171931.GA5368@zibbi.icomtek.csir.co.za> In-Reply-To: MIME-Version: 1.0 Content-Type: Multipart/Mixed; boundary="Boundary-00=_+ckRB4GdcGWp4fa" Message-Id: <200409140319.58203.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Re: route to host on same network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2004 01:21:16 -0000 --Boundary-00=_+ckRB4GdcGWp4fa Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline On Tuesday 14 September 2004 03:05, George V. Neville-Neil wrote: > At Mon, 13 Sep 2004 19:19:31 +0200, > > John Hay wrote: > > Hi, > > > > I'm busy trying to port mobilemesh > > (www.mitre.org/tech_transfer/mobilemesh) to FreeBSD and run into a > > problem. > > > > The way mobilemesh works is that you use a subnet for the wireless > > network and then it use host routes to route packets to hosts that are > > not directly visible. Say for instance that you have hosts 1, 2 and 3 > > on the 10.0.0.0/24 subnet and machines 1 and 3 can't directly see each > > other, but both can see host 2, then the mobilemesh routing protocol > > will try to add a host route to the other machine through host 2. On > > host 1 it will do something like "route add 10.0.0.3 10.0.0.2" and > > on host 3 it will do "route add 10.0.0.1 10.0.0.2". This seems to work > > on Linux (where mobilemesh was developed), but I have been unable to > > get it to work on FreeBSD. I have also tried various ways with and > > without -interface and -iface, but none works. Is it supposed to be > > possible in FreeBSD and if so does someone know how? > > What "doesn't work" as in what error, if any, do you get? Or does it > just silently fail? Also, what does your routing table look like > before and after the commands (netstat -rn). I assume you get: 17 EEXIST "File exists" ... ... if that's the case, can you try the attached patch (originally done for the CARP import) and tell me if it works for this? I have yet to check all the side-effects of this, but it might help. [ http://people.freebsd.org/~mlaier/in.c.patch ] Thank you for reporting back! -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --Boundary-00=_+ckRB4GdcGWp4fa Content-Type: text/x-diff; charset="iso-8859-1"; name="in.c.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="in.c.patch" Index: in.c =================================================================== RCS file: /usr/store/mlaier/fcvs/src/sys/netinet/in.c,v retrieving revision 1.77 diff -u -r1.77 in.c --- in.c 16 Aug 2004 18:32:07 -0000 1.77 +++ in.c 14 Sep 2004 01:16:12 -0000 @@ -1,4 +1,32 @@ /* + * Copyright (C) 2001 WIDE Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* * Copyright (c) 1982, 1986, 1991, 1993 * The Regents of the University of California. All rights reserved. * @@ -55,6 +83,8 @@ static int in_lifaddr_ioctl(struct socket *, u_long, caddr_t, struct ifnet *, struct thread *); +static int in_addprefix(struct in_ifaddr *, int); +static int in_scrubprefix(struct in_ifaddr *); static void in_socktrim(struct sockaddr_in *); static int in_ifinit(struct ifnet *, struct in_ifaddr *, struct sockaddr_in *, int); @@ -654,14 +684,7 @@ register struct ifnet *ifp; register struct in_ifaddr *ia; { - - if ((ia->ia_flags & IFA_ROUTE) == 0) - return; - if (ifp->if_flags & (IFF_LOOPBACK|IFF_POINTOPOINT)) - rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST); - else - rtinit(&(ia->ia_ifa), (int)RTM_DELETE, 0); - ia->ia_flags &= ~IFA_ROUTE; + in_scrubprefix(ia); } /* @@ -743,26 +766,7 @@ return (0); flags |= RTF_HOST; } - - /*- - * Don't add host routes for interface addresses of - * 0.0.0.0 --> 0.255.255.255 netmask 255.0.0.0. This makes it - * possible to assign several such address pairs with consistent - * results (no host route) and is required by BOOTP. - * - * XXX: This is ugly ! There should be a way for the caller to - * say that they don't want a host route. - */ - if (ia->ia_addr.sin_addr.s_addr != INADDR_ANY || - ia->ia_netmask != IN_CLASSA_NET || - ia->ia_dstaddr.sin_addr.s_addr != htonl(IN_CLASSA_HOST)) { - if ((error = rtinit(&ia->ia_ifa, (int)RTM_ADD, flags)) != 0) { - ia->ia_addr = oldaddr; - return (error); - } - ia->ia_flags |= IFA_ROUTE; - } - + error = in_addprefix(ia, flags); /* * If the interface supports multicast, join the "all hosts" * multicast group on that interface. @@ -776,6 +780,120 @@ return (error); } +#define rtinitflags(x) \ + ((((x)->ia_ifp->if_flags & (IFF_LOOPBACK | IFF_POINTOPOINT)) != 0) \ + ? RTF_HOST : 0) +/* + * add a route to prefix ("connected route" in cisco terminology). + * does nothing if there's some interface address with the same prefix already. + */ +static int +in_addprefix(target, flags) + struct in_ifaddr *target; + int flags; +{ + struct in_ifaddr *ia; + struct in_addr prefix, mask, p; + int error; + + if ((flags & RTF_HOST) != 0) + prefix = target->ia_dstaddr.sin_addr; + else { + prefix = target->ia_addr.sin_addr; + mask = target->ia_sockmask.sin_addr; + prefix.s_addr &= mask.s_addr; + } + +/* for (ia = in_ifaddr.tqh_first; ia; ia = ia->ia_list.tqe_next) { */ + TAILQ_FOREACH(ia, &in_ifaddrhead, ia_link) { + if (rtinitflags(ia)) + p = ia->ia_dstaddr.sin_addr; + else { + p = ia->ia_addr.sin_addr; + p.s_addr &= ia->ia_sockmask.sin_addr.s_addr; + } + + if (prefix.s_addr != p.s_addr) + continue; + + /* + * if we got a matching prefix route inserted by other + * interface adderss, we don't need to bother + */ + if (ia->ia_flags & IFA_ROUTE) + return 0; + } + + /* + * noone seem to have prefix route. insert it. + */ + error = rtinit(&target->ia_ifa, (int)RTM_ADD, flags); + if (!error) + target->ia_flags |= IFA_ROUTE; + return error; +} + +/* + * remove a route to prefix ("connected route" in cisco terminology). + * re-installs the route by using another interface address, if there's one + * with the same prefix (otherwise we lose the route mistakenly). + */ +static int +in_scrubprefix(target) + struct in_ifaddr *target; +{ + struct in_ifaddr *ia; + struct in_addr prefix, mask, p; + int error; + + if ((target->ia_flags & IFA_ROUTE) == 0) + return 0; + + if (rtinitflags(target)) + prefix = target->ia_dstaddr.sin_addr; + else { + prefix = target->ia_addr.sin_addr; + mask = target->ia_sockmask.sin_addr; + prefix.s_addr &= mask.s_addr; + } + +/* for (ia = in_ifaddr.tqh_first; ia; ia = ia->ia_list.tqe_next) { */ + TAILQ_FOREACH(ia, &in_ifaddrhead, ia_link) { + if (rtinitflags(ia)) + p = ia->ia_dstaddr.sin_addr; + else { + p = ia->ia_addr.sin_addr; + p.s_addr &= ia->ia_sockmask.sin_addr.s_addr; + } + + if (prefix.s_addr != p.s_addr) + continue; + + /* + * if we got a matching prefix route, move IFA_ROUTE to him + */ + if ((ia->ia_flags & IFA_ROUTE) == 0) { + rtinit(&(target->ia_ifa), (int)RTM_DELETE, + rtinitflags(target)); + target->ia_flags &= ~IFA_ROUTE; + + error = rtinit(&ia->ia_ifa, (int)RTM_ADD, + rtinitflags(ia) | RTF_UP); + if (error == 0) + ia->ia_flags |= IFA_ROUTE; + return error; + } + } + + /* + * noone seem to have prefix route. remove it. + */ + rtinit(&(target->ia_ifa), (int)RTM_DELETE, rtinitflags(target)); + target->ia_flags &= ~IFA_ROUTE; + return 0; +} + +#undef rtinitflags /* * Return 1 if the address might be a local broadcast address. --Boundary-00=_+ckRB4GdcGWp4fa-- From owner-freebsd-net@FreeBSD.ORG Tue Sep 14 09:45:28 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 878A916A4CE for ; Tue, 14 Sep 2004 09:45:28 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 935AD43D54 for ; Tue, 14 Sep 2004 09:45:27 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 90860 invoked from network); 14 Sep 2004 09:40:55 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 14 Sep 2004 09:40:55 -0000 Message-ID: <4146BDBE.5200A66C@freebsd.org> Date: Tue, 14 Sep 2004 11:45:34 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Max Laier References: <20040913171931.GA5368@zibbi.icomtek.csir.co.za> <200409140319.58203.max@love2party.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: route to host on same network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2004 09:45:28 -0000 Max Laier wrote: > > On Tuesday 14 September 2004 03:05, George V. Neville-Neil wrote: > > At Mon, 13 Sep 2004 19:19:31 +0200, > > > > John Hay wrote: > > > Hi, > > > > > > I'm busy trying to port mobilemesh > > > (www.mitre.org/tech_transfer/mobilemesh) to FreeBSD and run into a > > > problem. > > > > > > The way mobilemesh works is that you use a subnet for the wireless > > > network and then it use host routes to route packets to hosts that are > > > not directly visible. Say for instance that you have hosts 1, 2 and 3 > > > on the 10.0.0.0/24 subnet and machines 1 and 3 can't directly see each > > > other, but both can see host 2, then the mobilemesh routing protocol > > > will try to add a host route to the other machine through host 2. On > > > host 1 it will do something like "route add 10.0.0.3 10.0.0.2" and > > > on host 3 it will do "route add 10.0.0.1 10.0.0.2". This seems to work > > > on Linux (where mobilemesh was developed), but I have been unable to > > > get it to work on FreeBSD. I have also tried various ways with and > > > without -interface and -iface, but none works. Is it supposed to be > > > possible in FreeBSD and if so does someone know how? > > > > What "doesn't work" as in what error, if any, do you get? Or does it > > just silently fail? Also, what does your routing table look like > > before and after the commands (netstat -rn). > > I assume you get: 17 EEXIST "File exists" ... > > ... if that's the case, can you try the attached patch (originally done for > the CARP import) and tell me if it works for this? I have yet to check all > the side-effects of this, but it might help. > > [ http://people.freebsd.org/~mlaier/in.c.patch ] We should have a deeper look into this one. I've been hit by this bug or 'behaviour' once and it was really nasty... (production network) -- Andre From owner-freebsd-net@FreeBSD.ORG Tue Sep 14 09:59:18 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 10AAF16A4CE for ; Tue, 14 Sep 2004 09:59:18 +0000 (GMT) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id C409D43D58 for ; Tue, 14 Sep 2004 09:59:17 +0000 (GMT) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id D760765219; Tue, 14 Sep 2004 10:59:16 +0100 (BST) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 96261-03-18; Tue, 14 Sep 2004 10:59:16 +0100 (BST) Received: from empiric.dek.spc.org (adsl-67-121-95-74.dsl.snfc21.pacbell.net [67.121.95.74]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id CBE5D6520E; Tue, 14 Sep 2004 10:58:49 +0100 (BST) Received: by empiric.dek.spc.org (Postfix, from userid 1001) id 5ABF063B3; Tue, 14 Sep 2004 02:58:47 -0700 (PDT) Date: Tue, 14 Sep 2004 02:58:47 -0700 From: Bruce M Simpson To: John Hay Message-ID: <20040914095847.GE809@empiric.icir.org> Mail-Followup-To: John Hay , freebsd-net@freebsd.org References: <20040913171931.GA5368@zibbi.icomtek.csir.co.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040913171931.GA5368@zibbi.icomtek.csir.co.za> cc: freebsd-net@freebsd.org Subject: Re: route to host on same network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2004 09:59:18 -0000 Hello there. On Mon, Sep 13, 2004 at 07:19:31PM +0200, John Hay wrote: > I'm busy trying to port mobilemesh (www.mitre.org/tech_transfer/mobilemesh) > to FreeBSD and run into a problem. I tried to port MobileMesh once too. It is a largely futile exercise. The wired segment of your network requires full multicast routing in order for MMBDP to work, effectively making MobileMesh useless for any real world deployment unless all of your border nodes are in the same AS. > The way mobilemesh works is that you use a subnet for the wireless > network and then it use host routes to route packets to hosts that are > not directly visible. Say for instance that you have hosts 1, 2 and 3 > on the 10.0.0.0/24 subnet and machines 1 and 3 can't directly see each > other, but both can see host 2, then the mobilemesh routing protocol > will try to add a host route to the other machine through host 2. On > host 1 it will do something like "route add 10.0.0.3 10.0.0.2" and > on host 3 it will do "route add 10.0.0.1 10.0.0.2". This seems to work > on Linux (where mobilemesh was developed), but I have been unable to > get it to work on FreeBSD. I have also tried various ways with and > without -interface and -iface, but none works. Is it supposed to be > possible in FreeBSD and if so does someone know how? To add a host route you want 'route add -host ' as per route(8). You shouldn't need to add an interface route unless the destination is directly visible on that network (via layer 2 e.g. ARP or Proxy ARP or some other layer 2 hack). can be the IP of an interface on your system. Regards, BMS From owner-freebsd-net@FreeBSD.ORG Tue Sep 14 10:14:11 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 862EE16A4CE for ; Tue, 14 Sep 2004 10:14:11 +0000 (GMT) Received: from mailq1.openaccess.org (nms.openaccess.org [216.57.214.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6166543D1F for ; Tue, 14 Sep 2004 10:14:11 +0000 (GMT) (envelope-from michael@staff.openaccess.org) Received: from [216.57.214.90] (unknown [216.57.214.90]) by mailq1.openaccess.org (Postfix) with ESMTP id 22B0D44EE; Tue, 14 Sep 2004 03:14:09 -0700 (PDT) In-Reply-To: <20040914095847.GE809@empiric.icir.org> References: <20040913171931.GA5368@zibbi.icomtek.csir.co.za> <20040914095847.GE809@empiric.icir.org> Mime-Version: 1.0 (Apple Message framework v619) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Michael DeMan Date: Tue, 14 Sep 2004 03:14:09 -0700 To: Bruce M Simpson X-Mailer: Apple Mail (2.619) cc: freebsd-net@freebsd.org Subject: Re: route to host on same network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2004 10:14:11 -0000 Yes, the auto-mesh matters were solved long ago. Michael F. DeMan Director of Technology OpenAccess Network Services Bellingham, WA 92825 michael@staff.openaccess.org 360-647-0785 On Sep 14, 2004, at 2:58 AM, Bruce M Simpson wrote: > Hello there. > > On Mon, Sep 13, 2004 at 07:19:31PM +0200, John Hay wrote: >> I'm busy trying to port mobilemesh >> (www.mitre.org/tech_transfer/mobilemesh) >> to FreeBSD and run into a problem. > > I tried to port MobileMesh once too. > > It is a largely futile exercise. The wired segment of your network > requires > full multicast routing in order for MMBDP to work, effectively making > MobileMesh useless for any real world deployment unless all of your > border nodes are in the same AS. > >> The way mobilemesh works is that you use a subnet for the wireless >> network and then it use host routes to route packets to hosts that are >> not directly visible. Say for instance that you have hosts 1, 2 and 3 >> on the 10.0.0.0/24 subnet and machines 1 and 3 can't directly see each >> other, but both can see host 2, then the mobilemesh routing protocol >> will try to add a host route to the other machine through host 2. On >> host 1 it will do something like "route add 10.0.0.3 10.0.0.2" and >> on host 3 it will do "route add 10.0.0.1 10.0.0.2". This seems to work >> on Linux (where mobilemesh was developed), but I have been unable to >> get it to work on FreeBSD. I have also tried various ways with and >> without -interface and -iface, but none works. Is it supposed to be >> possible in FreeBSD and if so does someone know how? > > To add a host route you want 'route add -host ' > as per route(8). You shouldn't need to add an interface route unless > the destination is directly visible on that network (via layer 2 > e.g. ARP or Proxy ARP or some other layer 2 hack). can be > the IP of an interface on your system. > > Regards, > BMS > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Tue Sep 14 17:07:15 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB44D16A4CE; Tue, 14 Sep 2004 17:07:15 +0000 (GMT) Received: from corbulon.video-collage.com (corbulon.video-collage.com [64.35.99.179]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4815E43D39; Tue, 14 Sep 2004 17:07:15 +0000 (GMT) (envelope-from mi+mxmoz@aldan.algebra.com) Received: from 250-217.customer.cloud9.net (195-11.customer.cloud9.net [168.100.195.11])i8EH7DC8037170 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 14 Sep 2004 13:07:14 -0400 (EDT) (envelope-from mi+mxmoz@aldan.algebra.com) Received: from [127.0.0.1] (mteterin@localhost [127.0.0.1]) i8EH7786077152; Tue, 14 Sep 2004 13:07:07 -0400 (EDT) (envelope-from mi+mxmoz@aldan.algebra.com) Message-ID: <4147253B.8020004@aldan.algebra.com> Date: Tue, 14 Sep 2004 13:07:07 -0400 From: Mikhail Teterin User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; uk-UA; rv:1.7) Gecko/20040702 X-Accept-Language: uk, en-us, en MIME-Version: 1.0 To: questions@FreeBSD.org, net@FreeBSD.org Content-Type: text/plain; charset=KOI8-U; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamd / ClamAV version devel-20040615, clamav-milter version 0.73a on corbulon.video-collage.com X-Virus-Status: Clean X-Scanned-By: MIMEDefang 2.43 Subject: Using `route .... -mtu' on local network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2004 17:07:15 -0000 Hello! Most of our hosts can only do the regular 1500-byte frames, but some are Jumbo Frames capable. I'm trying to make these few servers talk to _each other_ using bigger frames (the switch supports them) without breaking the LAN into subnets. In the past someone suggested, I try explicit -mtu switch to the route(8). So, with two -current machines on the same LAN (`mi' and `pandora') I try: mi# route add pandora -iface em0 -mtu 4000 add host pandora: gateway em0 mi# route get pandora route to: pandora destination: pandora interface: em0 flags: recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire 0 0 0 0 0 0 4000 0 Even ping-ing pandora stops working.... I have to `route delete pandora' for things to recover. Any suggestions? Thanks! -mi From owner-freebsd-net@FreeBSD.ORG Tue Sep 14 18:52:06 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 29ABF16A4CE for ; Tue, 14 Sep 2004 18:52:06 +0000 (GMT) Received: from vineyard.net (k1.vineyard.net [204.17.195.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id D5EC843D41 for ; Tue, 14 Sep 2004 18:52:05 +0000 (GMT) (envelope-from ericx_lists@vineyard.net) Received: from localhost (loopback [127.0.0.1]) by vineyard.net (Postfix) with ESMTP id 947C89160C for ; Tue, 14 Sep 2004 14:52:04 -0400 (EDT) Received: from vineyard.net ([127.0.0.1]) by localhost (king1.vineyard.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 63352-02-4 for ; Tue, 14 Sep 2004 14:52:04 -0400 (EDT) Received: from vineyard.net (cheesenip.vineyard.net [204.17.195.113]) by vineyard.net (Postfix) with ESMTP id 249F091608 for ; Tue, 14 Sep 2004 14:52:04 -0400 (EDT) Message-ID: <41473DD3.7030007@vineyard.net> Date: Tue, 14 Sep 2004 14:52:03 -0400 From: "Eric W. Bates" User-Agent: Mozilla Thunderbird 0.5 (X11/20040208) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS-king1 at Vineyard.NET Subject: To many dynamic rules created by infected machine X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2004 18:52:06 -0000 Friends run an IT business and I helped build them a firewall using ipfw. The box has multiple interfaces; one of which is untrusted and it is where they put suspect machines (customer boxes with high likelihood of viruses and other evil Windoze ailments). Their network is well protected; however there is now an inadvertent DOS when a particularly virulent machine performs a sweep attack on some block of IP, because we have a check-state/keep-state. Sep 11 16:00:01 hostname /kernel: ipfw: install_state: Too many dynamic rules Is there a way to limit the number of rules a given host can create in x number of minutes? Thanks for your time. -- Eric W. Bates From owner-freebsd-net@FreeBSD.ORG Tue Sep 14 18:56:57 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D90FB16A4CE for ; Tue, 14 Sep 2004 18:56:57 +0000 (GMT) Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id AEF7943D48 for ; Tue, 14 Sep 2004 18:56:57 +0000 (GMT) (envelope-from julian@elischer.org) Received: from elischer.org (julian.vicor-nb.com [208.206.78.97]) by mail.vicor-nb.com (Postfix) with ESMTP id 3D5127A3D2; Tue, 14 Sep 2004 11:56:55 -0700 (PDT) Message-ID: <41473EF6.8030201@elischer.org> Date: Tue, 14 Sep 2004 11:56:54 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3.1) Gecko/20030516 X-Accept-Language: en, hu MIME-Version: 1.0 To: "Eric W. Bates" References: <41473DD3.7030007@vineyard.net> In-Reply-To: <41473DD3.7030007@vineyard.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: To many dynamic rules created by infected machine X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2004 18:56:58 -0000 how about preceeding the keep-state rule with some specific rules against that machine.. (or turning it off)? what KIND of sweep? Eric W. Bates wrote: > Friends run an IT business and I helped build them a firewall using ipfw. > > The box has multiple interfaces; one of which is untrusted and it is > where they put suspect machines (customer boxes with high likelihood > of viruses and other evil Windoze ailments). > > Their network is well protected; however there is now an inadvertent > DOS when a particularly virulent machine performs a sweep attack on > some block of IP, because we have a check-state/keep-state. > > Sep 11 16:00:01 hostname /kernel: ipfw: install_state: Too > many dynamic rules > > Is there a way to limit the number of rules a given host can create in > x number of minutes? > > > Thanks for your time. > -- > Eric W. Bates > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Tue Sep 14 22:02:43 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DFADB16A4CE for ; Tue, 14 Sep 2004 22:02:42 +0000 (GMT) Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7992043D39 for ; Tue, 14 Sep 2004 22:02:42 +0000 (GMT) (envelope-from gallatin@cs.duke.edu) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.12.10/8.12.10) with ESMTP id i8EM2gJt000955 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 14 Sep 2004 18:02:42 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.12.9p2/8.12.9/Submit) id i8EM2a8R069146; Tue, 14 Sep 2004 18:02:36 -0400 (EDT) (envelope-from gallatin) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="MyLggxmwdT" Content-Transfer-Encoding: 7bit Message-ID: <16711.27260.667013.411961@grasshopper.cs.duke.edu> Date: Tue, 14 Sep 2004 18:02:36 -0400 (EDT) To: "Don Bowman" In-Reply-To: <16710.3441.49431.847790@grasshopper.cs.duke.edu> References: <16710.3441.49431.847790@grasshopper.cs.duke.edu> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid cc: freebsd-net@freebsd.org Subject: RE: packet generator X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2004 22:02:43 -0000 --MyLggxmwdT Content-Type: text/plain; charset=us-ascii Content-Description: message body text Content-Transfer-Encoding: 7bit Andrew Gallatin writes: > xmit routine was called 683441 times. This means that the queue was > only a little over two packets deep on average, and vmstat shows idle > time. I've tried piping additional packets to nghook mx0:orphans > input, but that does not seem to increase the queue depth. > The problem here seems to be that rather than just slapping the packets onto the driver's queue, ng_source passes the mbuf down to more of netgraph, where there is at least one spinlock, and the driver's ifq lock is taken and released a zillion times by ether_output_frame(), etc. A quick hack (appended) to just slap the mbufs onto the if_snd queue gets me from ~410Kpps to 1020Kpps. I also see very deep queues with this (because I'm slamming 4K pkts onto the queue at once..). This is nearly identical to the linux pktgen figure on the same hardware, which makes me feel comfortable that there is a lot of headroom in the driver/firmware API and I'm not botching something in the FreeBSD driver. BTW, did you see your 800Kpps on 4.x or 5.x? If it was 4.x, what do you see on 5.x if you still have the same setup handy? Thanks, Drew --MyLggxmwdT Content-Type: application/octet-stream Content-Description: diff to make ng_source skip netgraph detour Content-Disposition: attachment; filename="ng_source.diff" Content-Transfer-Encoding: base64 SW5kZXg6IG5nX3NvdXJjZS5jCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KUkNTIGZpbGU6IC9ob21lL25jdnMv c3JjL3N5cy9uZXRncmFwaC9uZ19zb3VyY2UuYyx2CnJldHJpZXZpbmcgcmV2aXNpb24gMS4x OApkaWZmIC11IC1yMS4xOCBuZ19zb3VyY2UuYwotLS0gbmdfc291cmNlLmMJMjAgSnVsIDIw MDQgMTc6MTU6MzcgLTAwMDAJMS4xOAorKysgbmdfc291cmNlLmMJMTQgU2VwIDIwMDQgMjE6 MzY6MTQgLTAwMDAKQEAgLTYzNyw3ICs2MzcsNyBAQAogc3RhdGljIGludAogbmdfc291cmNl X3NlbmQgKHNjX3Agc2MsIGludCB0b3NlbmQsIGludCAqc2VudF9wKQogewotCXN0cnVjdCBp ZnF1ZXVlIHRtcF9xdWV1ZTsKKwlzdHJ1Y3QgaWZxdWV1ZSB0bXBfcXVldWUsICppZnE7CiAJ c3RydWN0IG1idWYgKm0sICptMjsKIAlpbnQgc2VudCA9IDA7CiAJaW50IGVycm9yID0gMDsK QEAgLTY3Myw2ICs2NzMsOSBAQAogCX0KIAogCXNlbnQgPSAwOworCisJaWZxID0gJnNjLT5v dXRwdXRfaWZwLT5pZl9zbmQ7CQorCUlGX0xPQ0soaWZxKTsKIAlmb3IgKDs7KSB7CiAJCV9J Rl9ERVFVRVVFKCZ0bXBfcXVldWUsIG0yKTsKIAkJaWYgKG0yID09IE5VTEwpCkBAIC02ODEs MTMgKzY4NCwxNyBAQAogCQkJKytzZW50OwogCQkJc2MtPnN0YXRzLm91dEZyYW1lcysrOwog CQkJc2MtPnN0YXRzLm91dE9jdGV0cyArPSBtMi0+bV9wa3RoZHIubGVuOwotCQkJTkdfU0VO RF9EQVRBX09OTFkoZXJyb3IsIHNjLT5vdXRwdXQuaG9vaywgbTIpOworCQkvKglOR19TRU5E X0RBVEFfT05MWShlcnJvciwgc2MtPm91dHB1dC5ob29rLCBtMik7Ki8KKwkJIAlfSUZfRU5R VUVVRShpZnEsIG0yKTsKIAkJCWlmIChlcnJvcikKIAkJCQlwcmludGYoIiVzOiBlcnJvcj0l ZFxuIiwgX19mdW5jX18sIGVycm9yKTsKIAkJfSBlbHNlIHsKIAkJCU5HX0ZSRUVfTShtMik7 CiAJCX0KIAl9CisJSUZfVU5MT0NLKGlmcSk7CisJaWYgKChzYy0+b3V0cHV0X2lmcC0+aWZf ZmxhZ3MgJiBJRkZfT0FDVElWRSkgPT0gMCkKKwkJaWZfc3RhcnQoc2MtPm91dHB1dF9pZnAp OwogCiAJc2MtPnBhY2tldHMgLT0gc2VudDsKIAlpZiAoc2VudF9wICE9IE5VTEwpCg== --MyLggxmwdT-- From owner-freebsd-net@FreeBSD.ORG Wed Sep 15 00:59:48 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F49D16A4CE for ; Wed, 15 Sep 2004 00:59:48 +0000 (GMT) Received: from vineyard.net (k1.vineyard.net [204.17.195.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2AC9343D3F for ; Wed, 15 Sep 2004 00:59:48 +0000 (GMT) (envelope-from ericx_lists@vineyard.net) Received: from localhost (loopback [127.0.0.1]) by vineyard.net (Postfix) with ESMTP id 85F2791531; Tue, 14 Sep 2004 20:59:47 -0400 (EDT) Received: from vineyard.net ([127.0.0.1]) by localhost (king1.vineyard.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 04335-01-68; Tue, 14 Sep 2004 20:59:47 -0400 (EDT) Received: from [204.128.227.60] (dhcp060.ericx.net [204.128.227.60]) by vineyard.net (Postfix) with SMTP id 4AF9A91527; Tue, 14 Sep 2004 20:59:47 -0400 (EDT) Message-ID: <414793FF.3000008@vineyard.net> Date: Tue, 14 Sep 2004 20:59:43 -0400 From: "Eric W. Bates" User-Agent: Mozilla Thunderbird 0.7.3 (Macintosh/20040803) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Julian Elischer References: <41473DD3.7030007@vineyard.net> <41473EF6.8030201@elischer.org> In-Reply-To: <41473EF6.8030201@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS-king1 at Vineyard.NET cc: freebsd-net@freebsd.org Subject: Re: To many dynamic rules created by infected machine X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Sep 2004 00:59:48 -0000 Julian Elischer wrote: > how about preceeding the keep-state rule with some specific rules > against that machine.. > (or turning it off)? what KIND of sweep? > It's a small store. Folks with broken computers bring the machines in because "It doesn't work". They usually don't know what is wrong with any given machine; and they try to be careful (remove the hard drive and attempt to clean it first); but eventually there is a need to put the machine on line and try to update Norton's virus list. Over the weekend a less savvy staffer was working on a laptop with some infection or other (the machine does not have a tcpdump store running so I don't know exactly what happened). The firewall started to fail because of the overwhelming number of dynamic rules created; and he did not connect the customer's machine on the workbench with their problem (he rebooted the FreeBSD machine...). I'm guessing it had Sasser (or similar) and it was attempting to open up connections to: 199.x.x.1 : 445 199.x.x.2 : 445 199.x.x.3 : 445 199.x.x.4 : 445 ... There is a dhcp server passing out address to the "bench" network; so if there is a way to limit the number of dynamic rules created, I can apply it to that IP range easily enough. > > > Eric W. Bates wrote: > >> Friends run an IT business and I helped build them a firewall using >> ipfw. >> >> The box has multiple interfaces; one of which is untrusted and it is >> where they put suspect machines (customer boxes with high likelihood >> of viruses and other evil Windoze ailments). >> >> Their network is well protected; however there is now an inadvertent >> DOS when a particularly virulent machine performs a sweep attack on >> some block of IP, because we have a check-state/keep-state. >> >> Sep 11 16:00:01 hostname /kernel: ipfw: install_state: >> Too many dynamic rules >> >> Is there a way to limit the number of rules a given host can create >> in x number of minutes? >> >> >> Thanks for your time. >> -- >> Eric W. Bates >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Wed Sep 15 02:27:53 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A06716A4CF for ; Wed, 15 Sep 2004 02:27:53 +0000 (GMT) Received: from exchange.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id D5C3C43D3F for ; Wed, 15 Sep 2004 02:27:52 +0000 (GMT) (envelope-from don@sandvine.com) X-MimeOLE: Produced By Microsoft Exchange V6.0.6556.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Tue, 14 Sep 2004 22:27:52 -0400 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: packet generator Thread-Index: AcSappBW23tNUwTeT+K79YLr6oB0ZwAJP9Gg From: "Don Bowman" To: "Andrew Gallatin" cc: freebsd-net@freebsd.org Subject: RE: packet generator X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Sep 2004 02:27:53 -0000 From: Andrew Gallatin [mailto:gallatin@cs.duke.edu] > Andrew Gallatin writes: >=20 > > xmit routine was called 683441 times. This means that the=20 > queue was > > only a little over two packets deep on average, and vmstat=20 > shows idle > > time. I've tried piping additional packets to nghook mx0:orphans > > input, but that does not seem to increase the queue depth. > >=20 >=20 > The problem here seems to be that rather than just slapping the > packets onto the driver's queue, ng_source passes the mbuf down > to more of netgraph, where there is at least one spinlock, > and the driver's ifq lock is taken and released a zillion times > by ether_output_frame(), etc. >=20 > A quick hack (appended) to just slap the mbufs onto the if_snd queue > gets me from ~410Kpps to 1020Kpps. I also see very deep queues > with this (because I'm slamming 4K pkts onto the queue at once..). >=20 > This is nearly identical to the linux pktgen figure on the same > hardware, which makes me feel comfortable that there is a lot of > headroom in the driver/firmware API and I'm not botching something > in the FreeBSD driver. >=20 > BTW, did you see your 800Kpps on 4.x or 5.x? If it was 4.x, what do > you see on 5.x if you still have the same setup handy? >=20 > Thanks, 800Kpps was on 4.7. on a dual 2.8GHz Xeon with 100MHz PCI-X on em. I will try the 5.3. --don From owner-freebsd-net@FreeBSD.ORG Wed Sep 15 06:36:05 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 428F516A4CE for ; Wed, 15 Sep 2004 06:36:05 +0000 (GMT) Received: from mproxy.gmail.com (mproxy.gmail.com [216.239.56.247]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2FD7A43D48 for ; Wed, 15 Sep 2004 06:36:05 +0000 (GMT) (envelope-from galaxy.ranger@gmail.com) Received: by mproxy.gmail.com with SMTP id x17so62228cwb for ; Tue, 14 Sep 2004 23:36:05 -0700 (PDT) Received: by 10.11.98.40 with SMTP id v40mr62160cwb; Tue, 14 Sep 2004 23:36:05 -0700 (PDT) Received: by 10.11.98.65 with HTTP; Tue, 14 Sep 2004 23:36:05 -0700 (PDT) Message-ID: <4a1299a404091423367b948709@mail.gmail.com> Date: Tue, 14 Sep 2004 23:36:05 -0700 From: Fargo Holiday To: freebsd-net@freebsd.org In-Reply-To: <4a64a1b8040908051574be8492@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <4a64a1b8040907214468a3877c@mail.gmail.com> <20040908081626.GB597@cell.sick.ru> <4a64a1b8040908051574be8492@mail.gmail.com> Subject: Re: strange pppoe/adsl issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Fargo Holiday List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Sep 2004 06:36:05 -0000 On Wed, 8 Sep 2004 22:15:55 +1000, Glenn Thomas wrote: > On Wed, 8 Sep 2004 12:16:26 +0400, Gleb Smirnoff wrote: > > Are you using ppp(8)? If you do can you try mpd from ports? In opposite > > case can you try ppp(8)? :) > > Ok, i tried mpd again and I can confirm that it has the exact same > issue as I get with ppp(8). > > Regards, > > Glenn. > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > howdy, did you ever get this resolved? if not, could you kindly ask a DSL support tech to get the people that own the line to watch it while your connection fails? i agree that it's probably something hinky on the isp end, since chances are pretty good (if it's like where i worked) that your dsl connection is even hooked up to the same equipment at the telco. i remember that we had a hell of a time getting people on Macs to stay connected, even though the Windows port of the same software worked like a charm. later, Fargo From owner-freebsd-net@FreeBSD.ORG Wed Sep 15 06:55:23 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7468B16A4CE for ; Wed, 15 Sep 2004 06:55:23 +0000 (GMT) Received: from smtp.volant.org (gate.volant.org [207.111.218.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id 58AED43D46 for ; Wed, 15 Sep 2004 06:55:23 +0000 (GMT) (envelope-from patl+freebsd@volant.org) Received: from 64-144-229-193.client.dsl.net ([64.144.229.193] helo=[192.168.0.22]) by smtp.volant.org with asmtp (TLSv1:AES256-SHA:256) (Exim 4.34 (FreeBSD)) id 1C7Th9-0009y3-QA; Tue, 14 Sep 2004 23:55:14 -0700 Date: Tue, 14 Sep 2004 23:55:11 -0700 From: Pat Lashley To: "Eric W. Bates" , Julian Elischer Message-ID: In-Reply-To: <414793FF.3000008@vineyard.net> References: <41473DD3.7030007@vineyard.net> <41473EF6.8030201@elischer.org> <414793FF.3000008@vineyard.net> X-Mailer: Mulberry/3.1.6 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Scan-Signature: 2f0754c78719b3e777a0eabdd9a4ec6fde2533e5 X-Spam-User: nobody X-Spam-Score: -4.9 (----) X-Spam-Score-Int: -48 X-Spam-Report: This mail has matched the spam-filter tests listed below. See http://spamassassin.org/tag/ for details about the specific tests reported. In general, the higher the number of total points, the more likely that it actually is spam. (The 'required' number of points listed below is the arbitrary number above which the message is normally considered spam.) Content analysis details: (-4.9 points total, 5.0 required) -4.9 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] 0.0 AWL AWL: Auto-whitelist adjustment cc: freebsd-net@freebsd.org Subject: Re: To many dynamic rules created by infected machine X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Sep 2004 06:55:23 -0000 --On Tuesday, September 14, 2004 20:59:43 -0400 "Eric W. Bates" wrote: > It's a small store. Folks with broken computers bring the > machines in because "It doesn't work". They usually don't > know what is wrong with any given machine; and they try to > be careful (remove the hard drive and attempt to clean it > first); but eventually there is a need to put the machine > on line and try to update Norton's virus list. Befoe bringing it on-line, why not mount the disk on a FreeBSD machine and run ClamAV over all the files? It's not guaranteed to catch everything; but it should at least reduce the window. You could also consider setting it up so that the initial reconnection is on a separate cable going through a firewall that -only- allows the connections necessary to update the Norton virus list. Once it is updated, unplug it from the network, run the virus check, and only then plug it into your main LAN. -Pat From owner-freebsd-net@FreeBSD.ORG Wed Sep 15 12:58:45 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 99A0316A4CE for ; Wed, 15 Sep 2004 12:58:45 +0000 (GMT) Received: from vineyard.net (k1.vineyard.net [204.17.195.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3EDEA43D31 for ; Wed, 15 Sep 2004 12:58:45 +0000 (GMT) (envelope-from ericx@vineyard.net) Received: from localhost (loopback [127.0.0.1]) by vineyard.net (Postfix) with ESMTP id E7EAD91626; Wed, 15 Sep 2004 08:58:43 -0400 (EDT) Received: from vineyard.net ([127.0.0.1]) by localhost (king1.vineyard.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 62727-01-98; Wed, 15 Sep 2004 08:58:43 -0400 (EDT) Received: from vineyard.net (cheesenip.vineyard.net [204.17.195.113]) by vineyard.net (Postfix) with ESMTP id 7B64891554; Wed, 15 Sep 2004 08:58:43 -0400 (EDT) Message-ID: <41483C82.8070108@vineyard.net> Date: Wed, 15 Sep 2004 08:58:42 -0400 From: "Eric W. Bates" User-Agent: Mozilla Thunderbird 0.5 (X11/20040208) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Pat Lashley References: <41473DD3.7030007@vineyard.net> <41473EF6.8030201@elischer.org> <414793FF.3000008@vineyard.net> In-Reply-To: X-Enigmail-Version: 0.83.4.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS-king1 at Vineyard.NET cc: freebsd-net@freebsd.org Subject: Re: To many dynamic rules created by infected machine X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Sep 2004 12:58:45 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pat Lashley wrote: | --On Tuesday, September 14, 2004 20:59:43 -0400 "Eric W. Bates" | wrote: | |> It's a small store. Folks with broken computers bring the |> machines in because "It doesn't work". They usually don't |> know what is wrong with any given machine; and they try to |> be careful (remove the hard drive and attempt to clean it |> first); but eventually there is a need to put the machine |> on line and try to update Norton's virus list. | | | Befoe bringing it on-line, why not mount the disk on a FreeBSD | machine and run ClamAV over all the files? It's not guaranteed | to catch everything; but it should at least reduce the window. They do something similar. They mount it on a windows machine and run Norton. The reality I'm trying to accommodate is that the staff will not always be knowledgeable, and even if they follow procedure there will always be a virus or spyware that gets thru. Clearly this problem could have easily been solved by simply unplugging the damaged machine from the wire. | You could also consider setting it up so that the initial | reconnection is on a separate cable going through a firewall | that -only- allows the connections necessary to update the | Norton virus list. Once it is updated, unplug it from the | network, run the virus check, and only then plug it into | your main LAN. That's a good idea. | | -Pat - -- Eric W. Bates ericx@vineyard.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFBSDyCD1roJTQ4LlERAjXKAKDIbeevdb3YlMs+b4lvJhan0NpwpQCeJ7ti gxVqzQQ5L5g61y1DSmMK4UM= =88RM -----END PGP SIGNATURE----- From owner-freebsd-net@FreeBSD.ORG Wed Sep 15 12:59:55 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2EBB416A4CE for ; Wed, 15 Sep 2004 12:59:55 +0000 (GMT) Received: from ford.blinkenlights.nl (ford.blinkenlights.nl [213.204.211.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id B3FC043D68 for ; Wed, 15 Sep 2004 12:59:54 +0000 (GMT) (envelope-from sten@blinkenlights.nl) Received: from tea.blinkenlights.nl (tea.blinkenlights.nl [192.168.1.8]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ford.blinkenlights.nl (Postfix) with ESMTP id C72533E43E; Wed, 15 Sep 2004 14:59:52 +0200 (CEST) Received: by tea.blinkenlights.nl (Postfix, from userid 101) id 546A529B; Wed, 15 Sep 2004 14:59:52 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by tea.blinkenlights.nl (Postfix) with ESMTP id 4C763285; Wed, 15 Sep 2004 14:59:52 +0200 (CEST) Date: Wed, 15 Sep 2004 14:59:52 +0200 (CEST) From: Sten Spans To: Pat Lashley In-Reply-To: Message-ID: References: <41473DD3.7030007@vineyard.net> <41473EF6.8030201@elischer.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: "Eric W. Bates" cc: freebsd-net@freebsd.org cc: Julian Elischer Subject: Re: To many dynamic rules created by infected machine X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Sep 2004 12:59:55 -0000 On Tue, 14 Sep 2004, Pat Lashley wrote: > --On Tuesday, September 14, 2004 20:59:43 -0400 "Eric W. Bates" wrote: > > > It's a small store. Folks with broken computers bring the > > machines in because "It doesn't work". They usually don't > > know what is wrong with any given machine; and they try to > > be careful (remove the hard drive and attempt to clean it > > first); but eventually there is a need to put the machine > > on line and try to update Norton's virus list. > > Befoe bringing it on-line, why not mount the disk on a FreeBSD > machine and run ClamAV over all the files? It's not guaranteed > to catch everything; but it should at least reduce the window. > > You could also consider setting it up so that the initial > reconnection is on a separate cable going through a firewall > that -only- allows the connections necessary to update the > Norton virus list. Once it is updated, unplug it from the > network, run the virus check, and only then plug it into > your main LAN. > What about: ipfw add allow tcp from evil/24 to any port 445 setup limit src-addr 4 ipfw add allow tcp from evil/24 to any port 139 setup limit src-addr 4 To limit the amount of evil connections, place above the regular keep-state rule. -- Sten Spans "There is a crack in everything, that's how the light gets in." Leonard Cohen - Anthem From owner-freebsd-net@FreeBSD.ORG Wed Sep 15 14:00:06 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C54E916A4CE for ; Wed, 15 Sep 2004 14:00:06 +0000 (GMT) Received: from vineyard.net (k1.vineyard.net [204.17.195.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 92BD543D31 for ; Wed, 15 Sep 2004 14:00:06 +0000 (GMT) (envelope-from ericx_lists@vineyard.net) Received: from localhost (loopback [127.0.0.1]) by vineyard.net (Postfix) with ESMTP id 55C4D91664; Wed, 15 Sep 2004 10:00:05 -0400 (EDT) Received: from vineyard.net ([127.0.0.1]) by localhost (king1.vineyard.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 71420-01-62; Wed, 15 Sep 2004 10:00:05 -0400 (EDT) Received: from vineyard.net (cheesenip.vineyard.net [204.17.195.113]) by vineyard.net (Postfix) with ESMTP id 1E0FD91626; Wed, 15 Sep 2004 10:00:05 -0400 (EDT) Message-ID: <41484AE4.30709@vineyard.net> Date: Wed, 15 Sep 2004 10:00:04 -0400 From: "Eric W. Bates" User-Agent: Mozilla Thunderbird 0.5 (X11/20040208) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Sten Spans References: <41473DD3.7030007@vineyard.net> <41473EF6.8030201@elischer.org> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS-king1 at Vineyard.NET cc: freebsd-net@freebsd.org Subject: Re: To many dynamic rules created by infected machine X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Sep 2004 14:00:06 -0000 Sten Spans wrote: > > What about: > > ipfw add allow tcp from evil/24 to any port 445 setup limit src-addr 4 > ipfw add allow tcp from evil/24 to any port 139 setup limit src-addr 4 > > To limit the amount of evil connections, place above the regular > keep-state rule. > > That looks good. I should have RTFM. Is it reasonable to try something like: ipfw add allow tcp from evil/24 to any dst-port 80 setup limit src-addr 100 Anyone ever figured out what the average/max number of simultaneous dynamic rules needed to support an http session? I'm not going to allow the 137-139,445 ports out (no need for file sharing when repairing these things). But I'm going to have to allow 80, 443, whatever Norton, spybot, adaware, etc. use for their database updates. ---- The default (FBSD 4.9, ipfw 2) number of rules max seems to be 4096. net.inet.ip.fw.dyn_max: 4096 Is it reasonable to pump this number up? -- Eric W. Bates From owner-freebsd-net@FreeBSD.ORG Wed Sep 15 21:08:17 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D3CFB16A4CE for ; Wed, 15 Sep 2004 21:08:17 +0000 (GMT) Received: from ford.blinkenlights.nl (ford.blinkenlights.nl [213.204.211.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8DEB143D2F for ; Wed, 15 Sep 2004 21:08:17 +0000 (GMT) (envelope-from sten@blinkenlights.nl) Received: from tea.blinkenlights.nl (tea.blinkenlights.nl [192.168.1.8]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ford.blinkenlights.nl (Postfix) with ESMTP id 5E56A3E43E; Wed, 15 Sep 2004 23:08:16 +0200 (CEST) Received: by tea.blinkenlights.nl (Postfix, from userid 101) id E9CF229B; Wed, 15 Sep 2004 23:08:15 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by tea.blinkenlights.nl (Postfix) with ESMTP id E54C8285; Wed, 15 Sep 2004 23:08:15 +0200 (CEST) Date: Wed, 15 Sep 2004 23:08:15 +0200 (CEST) From: Sten Spans To: "Eric W. Bates" In-Reply-To: <41484AE4.30709@vineyard.net> Message-ID: References: <41473DD3.7030007@vineyard.net> <41473EF6.8030201@elischer.org> <41484AE4.30709@vineyard.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: To many dynamic rules created by infected machine X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Sep 2004 21:08:17 -0000 On Wed, 15 Sep 2004, Eric W. Bates wrote: > > > Sten Spans wrote: > > > > > What about: > > > > ipfw add allow tcp from evil/24 to any port 445 setup limit src-addr 4 > > ipfw add allow tcp from evil/24 to any port 139 setup limit src-addr 4 > > > > To limit the amount of evil connections, place above the regular > > keep-state rule. > > > > > > That looks good. I should have RTFM. > > Is it reasonable to try something like: > > ipfw add allow tcp from evil/24 to any dst-port 80 setup limit src-addr 100 > > Anyone ever figured out what the average/max number of simultaneous > dynamic rules needed to support an http session? Normally a http request is one tcp connection, some browsers open more connections to speed things up. You could add special rules for avupdate-host.norton.com or somesuch. An even better solution would be a (transparent) proxy setup, with allow rules for *.norton.com in the proxy software. The kind of restrictions you are trying to enforce are quite a bit easier achieve with propper userland proxy software. -- Sten Spans "There is a crack in everything, that's how the light gets in." Leonard Cohen - Anthem From owner-freebsd-net@FreeBSD.ORG Thu Sep 16 00:32:10 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2CF0716A4CE for ; Thu, 16 Sep 2004 00:32:10 +0000 (GMT) Received: from mail.minutemenu.com (mail.minutemenu.com [69.93.74.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD2C243D49 for ; Thu, 16 Sep 2004 00:32:09 +0000 (GMT) (envelope-from jreeder@minutemenu.com) Received: from localhost (localhost.minutemenu.com [127.0.0.1]) by mail.minutemenu.com (Postfix) with ESMTP id 4AE9222869B for ; Mon, 13 Sep 2004 09:53:16 -0500 (CDT) Received: from mail.minutemenu.com ([69.93.74.12]) by localhost (lisa.minutemenu.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 70643-01 for ; Mon, 13 Sep 2004 09:53:15 -0500 (CDT) Received: from jreed (unknown [216.138.72.218]) by mail.minutemenu.com (Postfix) with SMTP id 733892286B7 for ; Mon, 13 Sep 2004 09:53:15 -0500 (CDT) From: "Jonathan Reeder" To: Date: Mon, 13 Sep 2004 09:56:19 -0500 Message-ID: MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by amavisd-new at mail.minutemenu.com Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: MPD 3.18 Trouble X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Sep 2004 00:32:10 -0000 First off, sorry if this has come through twice, I tried to send it last week but don't think it made it through: I've got MPD v3.18 up and running on my FreeBSD 4.9. All seems to be going well, clients can connect via PPTP, but once connected, they cannot actually access my internal network. Some background on my configuration: # ifconfig dc0: flags=8843 mtu 1500 inet a.b.c.d netmask 0xfffffff8 broadcast a.b.c.e inet6 fe80::2a0:ffff:feff:9cfc%dc0 prefixlen 64 scopeid 0x1 ether 00:a0:ff:ff:9c:fc media: Ethernet 10baseT/UTP status: active rl0: flags=8843 mtu 1500 inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::220:edff:fe2c:fe68%rl0 prefixlen 64 scopeid 0x2 ether 00:20:ed:2c:fe:68 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff000000 faith0: flags=8002 mtu 1500 ng0: flags=8890 mtu 1500 ng1: flags=8890 mtu 1500 That is for the server that runs MPD. Also, here are my mpd.conf and mpd.links: # cat /usr/local/etc/mpd/mpd.conf default: log +auth +pptp load vpn0 load vpn1 vpn0: new -i ng0 vpn0 vpn0 set iface disable on-demand set iface enable proxy-arp set bundle disable multilink set link yes acfcomp protocomp set link mtu 1400 set link no pap chap set link enable chap set link keep-alive 60 180 set ipcp yes vjcomp set ipcp ranges 192.168.1.254/32 192.168.1.200/32 set ipcp dns x.x.x.x set bundle enable compression set ccp yes mppc #set ccp yes mpp-e40 set ccp no mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless set bundle yes crypt-reqd vpn1: same as vpn0 # cat /usr/local/etc/mpd/mpd.links vpn0: set link type pptp set pptp self a.b.c.d set pptp enable incoming set pptp disable originate MPD runs fine, listens on port 1723, accepts connections, authenticates, and then once a user is connected, my ifconfig changes from what you saw above to something similar to the following: ng0: flags=88d1 mtu 1396 inet 192.168.1.254 --> 192.168.1.200 netmask 0xffffffff inet6 fe80::2a0:ffff:feff:9cfc%ng0 prefixlen 64 scopeid 0x5 So, I'm thinking that I should be set, right? Nope. No traffic actually makes it from the client to my internal 192.168.1.0/24 network. When I ping a 192.168.1 client from the remote VPN user, if I watch a tcpdump -i ng0 I can see the ping come through from dc0 (via GRE) to ng0, but that ping never seems to get passed to the rl0 interface like I would expect. (Yes, I do have gateway_enable='YES' and the sysctl has been confirmed to be on). Same type of problem if I try to ping 192.168.1.200 from a host on my local network. I get a reply from 192.168.1.10 (the local address of my FreeBSD machine) saying "Destination host unreachable". If I try to ping 192.168.1.200 from my BSD box, I get ping: sendto: No route to host This is the one that really kills me, because it has a perfect route to that host sitting right in front of it. It just refuses to pass the packets to the proper device. I'm hoping someone might have run into this same type of problem before. Is there something about my mpd.conf that would keep ng0 from passing packets off to my local network (rl0) and vice-versa? If anyone is kind enough to respond, let me know if there is any other info about my configuration that would be helpful to you. Thanks a bunch, Jonathan Reeder From owner-freebsd-net@FreeBSD.ORG Thu Sep 16 00:45:10 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4813516A4CE for ; Thu, 16 Sep 2004 00:45:10 +0000 (GMT) Received: from hercules.crossthread.com (hercules.crossthread.com [64.56.149.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC9A743D2F for ; Thu, 16 Sep 2004 00:45:09 +0000 (GMT) (envelope-from timp@crossthread.com) Received: from [192.168.1.2] (dedalus.crossthread.com [192.168.1.2]) (authenticated)i8G0nup77464; Wed, 15 Sep 2004 18:49:56 -0600 (MDT) Message-ID: <4148E318.4090506@crossthread.com> Date: Wed, 15 Sep 2004 18:49:28 -0600 From: Tim Pushor User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jonathan Reeder References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: MPD 3.18 Trouble X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Sep 2004 00:45:10 -0000 Jonathan, A cursory look through your config looks ok, similar to mine (which *is* working ;-). One question, could the packets be being dropped by a firewall? Are you running ipf/ipfirewall/ipfw? Jonathan Reeder wrote: >First off, sorry if this has come through twice, I tried to send it last >week but don't think it made it through: > >I've got MPD v3.18 up and running on my FreeBSD 4.9. All seems to be going >well, clients can connect via PPTP, but once connected, they cannot actually >access my internal network. Some background on my configuration: > ># ifconfig >dc0: flags=8843 mtu 1500 > inet a.b.c.d netmask 0xfffffff8 broadcast a.b.c.e > inet6 fe80::2a0:ffff:feff:9cfc%dc0 prefixlen 64 scopeid 0x1 > ether 00:a0:ff:ff:9c:fc > media: Ethernet 10baseT/UTP > status: active >rl0: flags=8843 mtu 1500 > inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255 > inet6 fe80::220:edff:fe2c:fe68%rl0 prefixlen 64 scopeid 0x2 > ether 00:20:ed:2c:fe:68 > media: Ethernet autoselect (100baseTX ) > status: active >lo0: flags=8049 mtu 16384 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 > inet 127.0.0.1 netmask 0xff000000 >faith0: flags=8002 mtu 1500 >ng0: flags=8890 mtu 1500 >ng1: flags=8890 mtu 1500 > >That is for the server that runs MPD. Also, here are my mpd.conf and >mpd.links: > ># cat /usr/local/etc/mpd/mpd.conf >default: > log +auth +pptp > load vpn0 > load vpn1 > >vpn0: > new -i ng0 vpn0 vpn0 > set iface disable on-demand > set iface enable proxy-arp > set bundle disable multilink > set link yes acfcomp protocomp > set link mtu 1400 > set link no pap chap > set link enable chap > set link keep-alive 60 180 > set ipcp yes vjcomp > set ipcp ranges 192.168.1.254/32 192.168.1.200/32 > set ipcp dns x.x.x.x > > set bundle enable compression > set ccp yes mppc > #set ccp yes mpp-e40 > set ccp no mpp-e40 > set ccp yes mpp-e128 > set ccp yes mpp-stateless > set bundle yes crypt-reqd > >vpn1: > same as vpn0 > ># cat /usr/local/etc/mpd/mpd.links >vpn0: > set link type pptp > set pptp self a.b.c.d > set pptp enable incoming > set pptp disable originate > >MPD runs fine, listens on port 1723, accepts connections, authenticates, and >then once a user is connected, my ifconfig changes from what you saw above >to something similar to the following: > >ng0: flags=88d1 mtu 1396 > inet 192.168.1.254 --> 192.168.1.200 netmask 0xffffffff > inet6 fe80::2a0:ffff:feff:9cfc%ng0 prefixlen 64 scopeid 0x5 > >So, I'm thinking that I should be set, right? Nope. No traffic actually >makes it from the client to my internal 192.168.1.0/24 network. When I ping >a 192.168.1 client from the remote VPN user, if I watch a tcpdump -i ng0 I >can see the ping come through from dc0 (via GRE) to ng0, but that ping never >seems to get passed to the rl0 interface like I would expect. (Yes, I do >have gateway_enable='YES' and the sysctl has been confirmed to be on). Same >type of problem if I try to ping 192.168.1.200 from a host on my local >network. I get a reply from 192.168.1.10 (the local address of my FreeBSD >machine) saying "Destination host unreachable". If I try to ping >192.168.1.200 from my BSD box, I get > >ping: sendto: No route to host > >This is the one that really kills me, because it has a perfect route to that >host sitting right in front of it. It just refuses to pass the packets to >the proper device. > >I'm hoping someone might have run into this same type of problem before. Is >there something about my mpd.conf that would keep ng0 from passing packets >off to my local network (rl0) and vice-versa? If anyone is kind enough to >respond, let me know if there is any other info about my configuration that >would be helpful to you. > >Thanks a bunch, > >Jonathan Reeder >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Thu Sep 16 08:14:41 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B84F16A4CF for ; Thu, 16 Sep 2004 08:14:41 +0000 (GMT) Received: from mproxy.gmail.com (rproxy.gmail.com [64.233.170.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC47C43D45 for ; Thu, 16 Sep 2004 08:14:40 +0000 (GMT) (envelope-from windsok@gmail.com) Received: by mproxy.gmail.com with SMTP id 77so345053rnk for ; Thu, 16 Sep 2004 01:14:28 -0700 (PDT) Received: by 10.38.74.77 with SMTP id w77mr1327350rna; Thu, 16 Sep 2004 01:14:27 -0700 (PDT) Received: by 10.38.209.33 with HTTP; Thu, 16 Sep 2004 01:14:27 -0700 (PDT) Message-ID: <4a64a1b8040916011442844e6@mail.gmail.com> Date: Thu, 16 Sep 2004 18:14:27 +1000 From: Glenn Thomas To: Fargo Holiday In-Reply-To: <4a1299a404091423367b948709@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <4a64a1b8040907214468a3877c@mail.gmail.com> <20040908081626.GB597@cell.sick.ru> <4a64a1b8040908051574be8492@mail.gmail.com> <4a1299a404091423367b948709@mail.gmail.com> cc: freebsd-net@freebsd.org cc: freebsd@mark.net.au cc: Gleb Smirnoff Subject: Re: strange pppoe/adsl issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Glenn Thomas List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Sep 2004 08:14:41 -0000 On Tue, 14 Sep 2004 23:36:05 -0700, Fargo Holiday wrote: > > howdy, did you ever get this resolved? if not, could you kindly ask a > DSL support tech to get the people that own the line to watch it while > your connection fails? i agree that it's probably something hinky on > the isp end, since chances are pretty good (if it's like where i > worked) that your dsl connection is even hooked up to the same > equipment at the telco. i remember that we had a hell of a time > getting people on Macs to stay connected, even though the Windows port > of the same software worked like a charm. I still havent got it resolved, the ISP people are going to check it out when they have time. I recently tried OpenBSD becouse i noted that it uses pppoe(8) instead of netgraph(4), but it had the exact same issues. Maybe i can get the ISP guy to reply with what equipment they are using, and you can see if it is the same as you. Regards. From owner-freebsd-net@FreeBSD.ORG Thu Sep 16 12:31:59 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1326516A4CE for ; Thu, 16 Sep 2004 12:31:59 +0000 (GMT) Received: from mx3.mra.co.id (mx3.mra.co.id [202.138.254.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8834C43D4C for ; Thu, 16 Sep 2004 12:31:09 +0000 (GMT) (envelope-from reza@mra.co.id) Received: from localhost (localhost.mra.co.id [127.0.0.1]) by mx3.mra.co.id (Postfix) with ESMTP id C4D4B2E0ED for ; Thu, 16 Sep 2004 19:49:51 +0700 (WIT) Received: from mx3.mra.co.id ([127.0.0.1]) by localhost (mx3.mra.co.id [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 71891-22 for ; Thu, 16 Sep 2004 19:49:51 +0700 (WIT) Received: from mailbox.mra.co.id (unknown [172.16.0.225]) by mx3.mra.co.id (Postfix) with ESMTP id A07BD2E0DD for ; Thu, 16 Sep 2004 19:49:51 +0700 (WIT) Received: from mra.co.id (unknown [172.16.0.228]) by mailbox.mra.co.id (Postfix) with ESMTP id 9C5E01E0 for ; Thu, 16 Sep 2004 19:37:19 +0700 (WIT) Message-ID: <4148C2D0.6060907@mra.co.id> Date: Thu, 16 Sep 2004 05:31:44 +0700 From: Muhammad Reza User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031208 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at mra.co.id Subject: DVB card X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Sep 2004 12:31:59 -0000 Dear List, Is there any DVB card (C band) that FreeBSD kernel support ? please recommend us regards reza From owner-freebsd-net@FreeBSD.ORG Thu Sep 16 13:14:26 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 95FA816A4CE for ; Thu, 16 Sep 2004 13:14:26 +0000 (GMT) Received: from vineyard.net (k1.vineyard.net [204.17.195.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4EA3843D45 for ; Thu, 16 Sep 2004 13:14:26 +0000 (GMT) (envelope-from ericx_lists@vineyard.net) Received: from localhost (loopback [127.0.0.1]) by vineyard.net (Postfix) with ESMTP id 5EFA9915D9; Thu, 16 Sep 2004 09:14:25 -0400 (EDT) Received: from vineyard.net ([127.0.0.1]) by localhost (king1.vineyard.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 10009-01-10; Thu, 16 Sep 2004 09:14:25 -0400 (EDT) Received: from vineyard.net (cheesenip.vineyard.net [204.17.195.113]) by vineyard.net (Postfix) with ESMTP id E6AA4915D5; Thu, 16 Sep 2004 09:14:24 -0400 (EDT) Message-ID: <414991B0.5090404@vineyard.net> Date: Thu, 16 Sep 2004 09:14:24 -0400 From: "Eric W. Bates" User-Agent: Mozilla Thunderbird 0.5 (X11/20040208) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Sten Spans References: <41473DD3.7030007@vineyard.net> <41473EF6.8030201@elischer.org> <41484AE4.30709@vineyard.net> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS-king1 at Vineyard.NET cc: freebsd-net@freebsd.org Subject: Re: To many dynamic rules created by infected machine X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Sep 2004 13:14:26 -0000 Sten Spans wrote: > On Wed, 15 Sep 2004, Eric W. Bates wrote: > >> >>That looks good. I should have RTFM. >> >>Is it reasonable to try something like: >> >>ipfw add allow tcp from evil/24 to any dst-port 80 setup limit src-addr 100 >> >>Anyone ever figured out what the average/max number of simultaneous >>dynamic rules needed to support an http session? > > > Normally a http request is one tcp connection, > some browsers open more connections to speed things up. > You could add special rules for avupdate-host.norton.com > or somesuch. > > An even better solution would be a (transparent) proxy > setup, with allow rules for *.norton.com in the proxy > software. > The kind of restrictions you are trying to enforce are > quite a bit easier achieve with propper userland > proxy software. > Excellent idea. There is already a squid running on that machine. Can I force a client to use a proxy with: ipfw add forward myhost tcp from evil/24 to not myhost dst-port 3128 From owner-freebsd-net@FreeBSD.ORG Fri Sep 17 00:03:24 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C609216A4CE; Fri, 17 Sep 2004 00:03:24 +0000 (GMT) Received: from gatekeeper.isp.net.au (gatekeeper.isp.net.au [203.31.238.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id D382243D58; Fri, 17 Sep 2004 00:03:19 +0000 (GMT) (envelope-from freebsd@mark.net.au) Received: from localhost (localhost.isp.net.au [127.0.0.1]) by gatekeeper.isp.net.au (Postfix) with ESMTP id 5B55C3E3701; Fri, 17 Sep 2004 10:03:02 +1000 (EST) Received: from gatekeeper.isp.net.au ([127.0.0.1]) by localhost (gatekeeper.isp.net.au [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 67191-03; Fri, 17 Sep 2004 10:03:00 +1000 (EST) Received: from juana.isp.net.au (juana.isp.net.au [203.31.238.30]) by gatekeeper.isp.net.au (Postfix) with ESMTP id 0C2723E3653; Fri, 17 Sep 2004 10:03:00 +1000 (EST) Date: Fri, 17 Sep 2004 10:03:00 +1000 (EST) From: Mark Russell X-X-Sender: mark@juana.isp.net.au To: Glenn Thomas In-Reply-To: <4a64a1b8040916011442844e6@mail.gmail.com> Message-ID: <20040917095951.W1610@juana.isp.net.au> References: <4a64a1b8040907214468a3877c@mail.gmail.com> <20040908081626.GB597@cell.sick.ru> <4a1299a404091423367b948709@mail.gmail.com> <4a64a1b8040916011442844e6@mail.gmail.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by amavisd-new at isp.net.au cc: Fargo Holiday cc: freebsd@mark.net.au cc: Gleb Smirnoff cc: freebsd-net@freebsd.org Subject: Re: strange pppoe/adsl issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 00:03:25 -0000 On Thu, 16 Sep 2004, Glenn Thomas wrote: > On Tue, 14 Sep 2004 23:36:05 -0700, Fargo Holiday > wrote: >> >> howdy, did you ever get this resolved? if not, could you kindly ask a >> DSL support tech to get the people that own the line to watch it while >> your connection fails? i agree that it's probably something hinky on >> the isp end, since chances are pretty good (if it's like where i >> worked) that your dsl connection is even hooked up to the same >> equipment at the telco. i remember that we had a hell of a time >> getting people on Macs to stay connected, even though the Windows port >> of the same software worked like a charm. > > I still havent got it resolved, the ISP people are going to check it > out when they have time. > > I recently tried OpenBSD becouse i noted that it uses pppoe(8) instead > of netgraph(4), but it had the exact same issues. > > Maybe i can get the ISP guy to reply with what equipment they are > using, and you can see if it is the same as you. > We have no problems with Mac or windoze users connecting, though the majority of our clients use standalone CPE's in routed mode. If it helps our LNS is a Cisco 7513 sh ver follows, let me know if you need anything else 7513>sh ver Cisco Internetwork Operating System Software IOS (tm) RSP Software (RSP-ISV-M), Version 12.3(6a), RELEASE SOFTWARE (fc4) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Fri 02-Apr-04 13:06 by kellythw Image text-base: 0x40010AFC, data-base: 0x41E30000 ROM: System Bootstrap, Version 11.1(2) [nitin 2], RELEASE SOFTWARE (fc1) BOOTLDR: RSP Software (RSP-BOOT-M), Version 12.2(24), RELEASE SOFTWARE (fc1) six-gw-7513 uptime is 2 weeks, 2 days, 21 hours, 41 minutes System returned to ROM by reload at 12:17:08 AEST Tue Aug 31 2004 System restarted at 12:19:49 AEST Tue Aug 31 2004 System image file is "disk1:rsp-isv-mz.123-6a.bin" Last reload reason: Reload command cisco RSP2 (R4600) processor with 131072K/2072K bytes of memory. R4600 CPU at 100MHz, Implementation 32, Rev 2.0 Last reset from power-on G.703/E1 software, Version 1.0. G.703/JT2 software, Version 1.0. X.25 software, Version 3.0.0. Bridging software. Chassis Interface. 3 EIP controllers (18 Ethernet). 1 FSIP controller (8 Serial). 1 AIP controller (1 ATM). 2 FEIP controllers (4 FastEthernet). 18 Ethernet/IEEE 802.3 interface(s) 4 FastEthernet/IEEE 802.3 interface(s) 8 Serial network interface(s) 1 ATM network interface(s) 123K bytes of non-volatile configuration memory. 8192K bytes of Flash PCMCIA card at slot 0 (Sector size 128K). 250880K bytes of ATA PCMCIA card at slot 1 (Sector size 512 bytes). 32768K bytes of Flash internal SIMM (Sector size 256K). No slave installed in slot 7. Configuration register is 0x2102 -- Europe, n. A civilized, advanced part of the world where genocidal wars of "ethnic cleansing" take place every three or four years. From owner-freebsd-net@FreeBSD.ORG Fri Sep 17 01:11:58 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 70EF016A4CE for ; Fri, 17 Sep 2004 01:11:58 +0000 (GMT) Received: from mail.minutemenu.com (mail.minutemenu.com [69.93.74.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F13E43D1F for ; Fri, 17 Sep 2004 01:11:58 +0000 (GMT) (envelope-from jreeder@minutemenu.com) Received: from localhost (localhost.minutemenu.com [127.0.0.1]) by mail.minutemenu.com (Postfix) with ESMTP id 41B722286B1; Thu, 16 Sep 2004 20:16:35 -0500 (CDT) Received: from mail.minutemenu.com ([69.93.74.12]) by localhost (lisa.minutemenu.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 96375-03; Thu, 16 Sep 2004 20:16:34 -0500 (CDT) Received: from jreed (unknown [216.138.72.218]) by mail.minutemenu.com (Postfix) with SMTP id 83F3C22869C; Thu, 16 Sep 2004 20:16:34 -0500 (CDT) From: "Jonathan Reeder" To: "Tim Pushor" Date: Thu, 16 Sep 2004 20:20:18 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: <4148E318.4090506@crossthread.com> X-Virus-Scanned: by amavisd-new at mail.minutemenu.com cc: freebsd-net@freebsd.org Subject: RE: MPD 3.18 Trouble X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 01:11:58 -0000 Thanks for the reply, Tim. I do run ipfilter, but I allow incoming tcp port 1723 and also GRE. A look through my ipf.log shows no blocked packets. Also, I can see the GRE traffic coming into my dc0 (external if) in tcpdump, and I can then see the unencapsulated traffic on my ng0 interface in tcpdump. Problem is, the traffic just never gets off of ng0. I would think the proper series of events would be: GRE encapsulated traffic comes in on dc0 (external) -> unencapsulation of traffic and then retransmission from ng0 (vpn pseudo-if) -> if the traffic is destined for my local lan, ng0 passes it off to rl0 (internal if). I see steps one and two of that in tcpdump, but not three. -----Original Message----- From: Tim Pushor [mailto:timp@crossthread.com] Sent: Wednesday, September 15, 2004 7:49 PM To: Jonathan Reeder Cc: freebsd-net@freebsd.org Subject: Re: MPD 3.18 Trouble Jonathan, A cursory look through your config looks ok, similar to mine (which *is* working ;-). One question, could the packets be being dropped by a firewall? Are you running ipf/ipfirewall/ipfw? Jonathan Reeder wrote: >First off, sorry if this has come through twice, I tried to send it last >week but don't think it made it through: > >I've got MPD v3.18 up and running on my FreeBSD 4.9. All seems to be going >well, clients can connect via PPTP, but once connected, they cannot actually >access my internal network. Some background on my configuration: > ># ifconfig >dc0: flags=8843 mtu 1500 > inet a.b.c.d netmask 0xfffffff8 broadcast a.b.c.e > inet6 fe80::2a0:ffff:feff:9cfc%dc0 prefixlen 64 scopeid 0x1 > ether 00:a0:ff:ff:9c:fc > media: Ethernet 10baseT/UTP > status: active >rl0: flags=8843 mtu 1500 > inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255 > inet6 fe80::220:edff:fe2c:fe68%rl0 prefixlen 64 scopeid 0x2 > ether 00:20:ed:2c:fe:68 > media: Ethernet autoselect (100baseTX ) > status: active >lo0: flags=8049 mtu 16384 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 > inet 127.0.0.1 netmask 0xff000000 >faith0: flags=8002 mtu 1500 >ng0: flags=8890 mtu 1500 >ng1: flags=8890 mtu 1500 > >That is for the server that runs MPD. Also, here are my mpd.conf and >mpd.links: > ># cat /usr/local/etc/mpd/mpd.conf >default: > log +auth +pptp > load vpn0 > load vpn1 > >vpn0: > new -i ng0 vpn0 vpn0 > set iface disable on-demand > set iface enable proxy-arp > set bundle disable multilink > set link yes acfcomp protocomp > set link mtu 1400 > set link no pap chap > set link enable chap > set link keep-alive 60 180 > set ipcp yes vjcomp > set ipcp ranges 192.168.1.254/32 192.168.1.200/32 > set ipcp dns x.x.x.x > > set bundle enable compression > set ccp yes mppc > #set ccp yes mpp-e40 > set ccp no mpp-e40 > set ccp yes mpp-e128 > set ccp yes mpp-stateless > set bundle yes crypt-reqd > >vpn1: > same as vpn0 > ># cat /usr/local/etc/mpd/mpd.links >vpn0: > set link type pptp > set pptp self a.b.c.d > set pptp enable incoming > set pptp disable originate > >MPD runs fine, listens on port 1723, accepts connections, authenticates, and >then once a user is connected, my ifconfig changes from what you saw above >to something similar to the following: > >ng0: flags=88d1 mtu 1396 > inet 192.168.1.254 --> 192.168.1.200 netmask 0xffffffff > inet6 fe80::2a0:ffff:feff:9cfc%ng0 prefixlen 64 scopeid 0x5 > >So, I'm thinking that I should be set, right? Nope. No traffic actually >makes it from the client to my internal 192.168.1.0/24 network. When I ping >a 192.168.1 client from the remote VPN user, if I watch a tcpdump -i ng0 I >can see the ping come through from dc0 (via GRE) to ng0, but that ping never >seems to get passed to the rl0 interface like I would expect. (Yes, I do >have gateway_enable='YES' and the sysctl has been confirmed to be on). Same >type of problem if I try to ping 192.168.1.200 from a host on my local >network. I get a reply from 192.168.1.10 (the local address of my FreeBSD >machine) saying "Destination host unreachable". If I try to ping >192.168.1.200 from my BSD box, I get > >ping: sendto: No route to host > >This is the one that really kills me, because it has a perfect route to that >host sitting right in front of it. It just refuses to pass the packets to >the proper device. > >I'm hoping someone might have run into this same type of problem before. Is >there something about my mpd.conf that would keep ng0 from passing packets >off to my local network (rl0) and vice-versa? If anyone is kind enough to >respond, let me know if there is any other info about my configuration that >would be helpful to you. > >Thanks a bunch, > >Jonathan Reeder >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Fri Sep 17 07:57:35 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 64E7416A4CE for ; Fri, 17 Sep 2004 07:57:35 +0000 (GMT) Received: from mproxy.gmail.com (mproxy.gmail.com [216.239.56.240]) by mx1.FreeBSD.org (Postfix) with ESMTP id 40AD943D5A for ; Fri, 17 Sep 2004 07:57:35 +0000 (GMT) (envelope-from galaxy.ranger@gmail.com) Received: by mproxy.gmail.com with SMTP id u22so106854cwc for ; Fri, 17 Sep 2004 00:57:35 -0700 (PDT) Received: by 10.11.98.5 with SMTP id v5mr107885cwb; Fri, 17 Sep 2004 00:57:34 -0700 (PDT) Received: by 10.11.98.65 with HTTP; Fri, 17 Sep 2004 00:57:34 -0700 (PDT) Message-ID: <4a1299a404091700573b81b6cd@mail.gmail.com> Date: Fri, 17 Sep 2004 00:57:34 -0700 From: Fargo Holiday To: Mark Russell In-Reply-To: <20040917095951.W1610@juana.isp.net.au> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <4a64a1b8040907214468a3877c@mail.gmail.com> <20040908081626.GB597@cell.sick.ru> <4a1299a404091423367b948709@mail.gmail.com> <4a64a1b8040916011442844e6@mail.gmail.com> <20040917095951.W1610@juana.isp.net.au> cc: freebsd-net@freebsd.org cc: Gleb Smirnoff cc: Glenn Thomas Subject: Re: strange pppoe/adsl issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Fargo Holiday List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 07:57:35 -0000 unfortunately i wasn't terribly involved with anything but customer site hardware, though i do recall that we used redback equipment at the isp end. actual line vendors and switching varied depending on the region. just as Mark stated we, eventually, switched over to customer hardware with pppoe solutions embedded to eliminate the thousands of man hours required to walk users through trying different setups until one meshed with their system, the telco, and our stuff. could it be something with the way that the pppoe client authenticates, perhaps authentication is expected at regular intervals and when that dosen't happen it denies traffic? i mean, pppoe is fairly standardized from what i understand, much like ethernet over atm, but i could see where different clients might have different ideas about when to send authentication. where i worked we could view connection logs for specific users, perhaps you could get someone to send you a log with one of the setups that work, say XP, that shows what was transpiring for a specific interval, then get a log of what happens when your FreeBSD setup is connected until it drops, then compare the two. just a thought. sadly i'm several years out of DSL support, so i don't recall a lot of specifics. ok, i'm not really all that sad to be away from a phone support position, but you understand. in any case, good night, and i really hope someone can resolve the issue. From owner-freebsd-net@FreeBSD.ORG Fri Sep 17 08:44:03 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6FAC216A4CE; Fri, 17 Sep 2004 08:44:03 +0000 (GMT) Received: from dns.p-i-n.com (dns.p-i-n.com [145.253.185.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7435A43D4C; Fri, 17 Sep 2004 08:44:01 +0000 (GMT) (envelope-from rabe@p-i-n.com) Received: from p-i-n.com (inside.p-i-n.com [129.10.9.21]) by dns.p-i-n.com (8.12.9p2/8.12.9) with ESMTP id i8H8huFx011126; Fri, 17 Sep 2004 10:43:56 +0200 (CEST) (envelope-from rabe@p-i-n.com) Received: (from rabe@localhost) by p-i-n.com (8.11.6/8.11.6) id i8H8huu82334; Fri, 17 Sep 2004 10:43:56 +0200 (CEST) (envelope-from rabe) Date: Fri, 17 Sep 2004 10:43:56 +0200 From: "Raphael H. Becker" To: freebsd-current@freebsd.org Message-ID: <20040917104356.E55054@p-i-n.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Organization: PHOENIX Pharmahandel AG & Co KG, Mannheim, Deutschland cc: freebsd-net@freebsd.org Subject: Strange things on GBit / 1000->100 / net.inet.tcp.inflight.* X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 08:44:03 -0000 Hi *, one of our subnets is on a GBit-Switch since last week. The nodes on the subnet are: 2x Dell PE350, RELENG_4_10, fxp{0,1}, 100baseTX 3x Dell PE2650, RELENG_5 (BETA4), bge0, 1000baseTX 1x Dell PE2650, RELENG_4_10, bge1, 1000baseTX The switch is a "NETGEAR Model GS516T Copper Gigabit Switch" [1] To test transfer und throughput every system has a running ftpd and a 1GByte-file in /pub/1GB or a 250M file for the small boxes. Every system is able to send and receive data with full speed (>10.5MBytes/sec on 100MBit, >70-90MBytes/sec(!) on GBit) I use wget for testing: wget -O - --proxy=off ftp://10.101.240.52/pub/1GB >/dev/null The 3 5.x-Boxes on GBit transfer up to ~93MBytes(!) per second to each other (serving the file from cache, 2 parallel sessions). The two PE350 boxes transfer data with >10MBytes/sec to each other. FTP from a 5.3 (PE2650,GBit) to 4.10 (PE350,100MBit) fails, throughput around 200kBytes to 750kBytes/sec !! Same two hosts, ftp in other direction (100->1000) is running 10.5MBytes/sec. I tested with another PE2650, running 4.10-RELEASE, ftp 1000->100 works fine, >10MBytes/sec, stable!! The difference must be the OS, the hardware is more or less the same the 4.10-BOX: bge1: mem 0xfcd00000-0xfcd0ffff irq 17 at device 8.0 on pci3 bge1: Ethernet address: 00:06:5b:f7:f9:00 miibus1: on bge1 one of the the 5.3-Boxes: bge0: mem 0xfcf10000-0xfcf1ffff irq 28 at device 6.0 on pci3 miibus0: on bge0 bge0: Ethernet address: 00:0d:56:bb:9c:25 My guess: The 5.3-Boxes send bigger TCP-Windows than our switch has buffer for each port resulting in massive packetloss or something like that. The sender is "too fast" for the switch or the switch isn't able to convert from 1000MBit to 100MBit under heavy load (store&forward-buffer) I fiddled around with net.inet.tcp.inflight.max. A rebooted system has a value of "net.inet.tcp.inflight.max: 1073725440", i trimmed that down in steps, testing and searching for effects. A value < ~75000 for ~.max limits the throughput 1000->1000 MBit The transfer 1000->100MBit works for values <11583 (around 7MByte/sec), >=11584 the throughput cuts, about 200kByte/sec. A max throughput 1000->100MBit is for a value ~.max around 7800-8200. With this value the GBit-to-GBit transfer is around 18.5MBytes/sec and 20MBytes/sec. Using the "edge" of ~.max=11583 the GBit-to-GBit transfer is at 31MBytes/sec. I have no idea what is wrong or broken. Maybe the switch (too small buffer) or the "inflight bandwith delay"-algorithm or something else. I guess ther's no physical problem with cables or connectors or ports on the switch (1000MBit works great for 1000MBit only). I'm willing to test patches or other cases as long as I don't need to change hardware. Need more detailed info on a subject? Any idea? Tuning? Patches? Pointers? Regards Raphael Becker PS: [1] http://www.netgearinc.co.jp/support/pdf/gs516t_manual.pdf From owner-freebsd-net@FreeBSD.ORG Fri Sep 17 10:17:13 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 18D5C16A4CE for ; Fri, 17 Sep 2004 10:17:13 +0000 (GMT) Received: from orion.erdves.lt (ns2.lrtc.net [217.9.240.98]) by mx1.FreeBSD.org (Postfix) with SMTP id 5D81043D39 for ; Fri, 17 Sep 2004 10:17:11 +0000 (GMT) (envelope-from donatas@lrtc.net) Received: (qmail 17029 invoked from network); 17 Sep 2004 10:17:09 -0000 Received: from p2p-241-242-ird.vln0.lrtc.net (HELO donatas) (217.9.241.242) by orion.erdves.lt with SMTP; 17 Sep 2004 10:17:09 -0000 Message-ID: <030a01c49c9f$7c215970$f2f109d9@donatas> From: "donatas" To: Date: Fri, 17 Sep 2004 13:17:04 +0300 Organization: AB Lietuvos Radijo ir Televizijos Centras MIME-Version: 1.0 X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Content-Type: text/plain; charset="iso-8859-4" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: ng_one2many - very slow X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: donatas List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 10:17:13 -0000 Hello, we need a 400Mbit link between two intel machines (Xeon 2.4, Raid, = 512DDr, 2 ports-em(1000Mbit),2 ports-fxp(100Mbit)) configuration taken from ng_one2many man page: _____________________________________________________________________ ifconfig em0 up media 100BaseTX mediaopt full-duplex ifconfig em1 up media 100BaseTX mediaopt full-duplex ifconfig fxp0 up media 100BaseTX mediaopt full-duplex ifconfig fxp1 up media 100BaseTX mediaopt full-duplex ngctl mkpeer em0: one2many upper one ngctl connect em0: em0:upper lower many0 ngctl connect em1: em0:upper lower many1 ngctl connect fxp0: em0:upper lower many2 ngctl connect fxp1: em0:upper lower many3 ngctl msg em1: setpromisc 1 ngctl msg fxp0: setpromisc 1 ngctl msg fxp1: setpromisc 1 ngctl msg em1: setautosrc 0 ngctl msg fxp0: setautosrc 0 ngctl msg fxp1: setautosrc 0 ngctl msg em0:upper setconfig "{ xmitAlg=3D1 failAlg=3D1 = enabledLinks=3D[ 1 1 1 1 ] }" ifconfig em0 192.168.1.1/24 (and 1.2/24 on the second machine) _______________________________________________________________________ kernel is compiled with the following options: NETGRAPH NETGRAPH_BRIDGE NETGRAPH_ECHO NETGRAPH_ETHER NETGRAPH_FACE NETGRAPH_ONE2MANY ________________________________________________________________________ OS - FreeBSD 5.2.1 - freshly installed machines are connected directly(port -to- port) with crossed UTP CAT5 = cables ________________________________________________________________________ we used iperf to test TCP throughput between those machines: Results: 10sec. Transfered 250MBytes Bandwidth 210Mbits/sec -in = simplex mode and in duplex mode: 10sec. Transfered 169MBytes Bandwidth 141Mbits/sec 10sec. Transfered 163MBytes Bandwidth 136Mbits/sec after changing "enabledLinks=3D[1 1 1 1] to [1 1] the results are = allmost the same: ________________________________________________________________________ 10sec. Transfered 242MBytes Bandwidth 203Mbits/sec -in = simplex mode and in duplex mode: 10sec. Transfered 163MBytes Bandwidth 136Mbits/sec 10sec. Transfered 150MBytes Bandwidth 125Mbits/sec ________________________________________________________________________ 60 second transfer indicated 223Mbits/sec in simplex mode truth, we've tested direct link between em adapters in gigabit mode and = using TCP packets 850Mbit throughput was achieved. And Nearly 1Gbit with = UDP packets. as you see one2many test results aren't even close to 400Mbit Is it possible that em and fxp cannot work together or something. what = can you suggest to solve this small problem? thanks in advance From owner-freebsd-net@FreeBSD.ORG Fri Sep 17 11:05:01 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 175C916A4D3 for ; Fri, 17 Sep 2004 11:05:01 +0000 (GMT) Received: from cmung3277.cmu.carnet.hr (cmung3277.cmu.carnet.hr [193.198.140.229]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1999643D2D for ; Fri, 17 Sep 2004 11:05:00 +0000 (GMT) (envelope-from zec@icir.org) Received: from [127.0.0.1] (localhost [127.0.0.1]) by tpx30 (8.12.11/8.12.11) with ESMTP id i8HB2UcV000378; Fri, 17 Sep 2004 13:02:30 +0200 (CEST) (envelope-from zec@icir.org) From: Marko Zec To: freebsd-net@freebsd.org, donatas Date: Fri, 17 Sep 2004 13:02:30 +0200 User-Agent: KMail/1.6.2 References: <030a01c49c9f$7c215970$f2f109d9@donatas> In-Reply-To: <030a01c49c9f$7c215970$f2f109d9@donatas> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-4" Content-Transfer-Encoding: 7bit Message-Id: <200409171302.30120.zec@icir.org> Subject: Re: ng_one2many - very slow X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 11:05:01 -0000 On Friday 17 September 2004 12:17, donatas wrote: > Hello, > > we need a 400Mbit link between two intel machines (Xeon 2.4, Raid, > 512DDr, 2 ports-em(1000Mbit),2 ports-fxp(100Mbit)) > > .... > > truth, we've tested direct link between em adapters in gigabit mode > and using TCP packets 850Mbit throughput was achieved. And Nearly > 1Gbit with UDP packets. > > as you see one2many test results aren't even close to 400Mbit > Is it possible that em and fxp cannot work together or something. > what can you suggest to solve this small problem? Perhaps TCP packets are arriving out of order for some reason (interrupt coalescing etc.) which can be _bad_ for TCP throughput. What kind of CPU load are you observing on those machines, when testing a single Gbit link versus a 4*100M bundle? Marko From owner-freebsd-net@FreeBSD.ORG Fri Sep 17 11:39:05 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03EA716A4CE for ; Fri, 17 Sep 2004 11:39:05 +0000 (GMT) Received: from pimout1-ext.prodigy.net (pimout1-ext.prodigy.net [207.115.63.77]) by mx1.FreeBSD.org (Postfix) with ESMTP id 982DF43D55 for ; Fri, 17 Sep 2004 11:39:04 +0000 (GMT) (envelope-from julian@elischer.org) Received: from elischer.org (adsl-64-170-123-106.dsl.snfc21.pacbell.net [64.170.123.106])i8HBd1WC212830; Fri, 17 Sep 2004 07:39:02 -0400 Message-ID: <414ACCD5.2090607@elischer.org> Date: Fri, 17 Sep 2004 04:39:01 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4b) Gecko/20030524 X-Accept-Language: en, hu MIME-Version: 1.0 To: donatas References: <030a01c49c9f$7c215970$f2f109d9@donatas> In-Reply-To: <030a01c49c9f$7c215970$f2f109d9@donatas> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: ng_one2many - very slow X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 11:39:05 -0000 donatas wrote: > Hello, > > we need a 400Mbit link between two intel machines (Xeon 2.4, Raid, 512DDr, 2 ports-em(1000Mbit),2 ports-fxp(100Mbit)) > > configuration taken from ng_one2many man page: > _____________________________________________________________________ > ifconfig em0 up media 100BaseTX mediaopt full-duplex > ifconfig em1 up media 100BaseTX mediaopt full-duplex > ifconfig fxp0 up media 100BaseTX mediaopt full-duplex > ifconfig fxp1 up media 100BaseTX mediaopt full-duplex > > ngctl mkpeer em0: one2many upper one > ngctl connect em0: em0:upper lower many0 > ngctl connect em1: em0:upper lower many1 > ngctl connect fxp0: em0:upper lower many2 > ngctl connect fxp1: em0:upper lower many3 > ngctl msg em1: setpromisc 1 > ngctl msg fxp0: setpromisc 1 > ngctl msg fxp1: setpromisc 1 > ngctl msg em1: setautosrc 0 > ngctl msg fxp0: setautosrc 0 > ngctl msg fxp1: setautosrc 0 > ngctl msg em0:upper setconfig "{ xmitAlg=1 failAlg=1 enabledLinks=[ 1 1 1 1 ] }" > ifconfig em0 192.168.1.1/24 (and 1.2/24 on the second machine) > _______________________________________________________________________ > kernel is compiled with the following options: > NETGRAPH > NETGRAPH_BRIDGE > NETGRAPH_ECHO > NETGRAPH_ETHER > NETGRAPH_FACE > NETGRAPH_ONE2MANY > ________________________________________________________________________ > OS - FreeBSD 5.2.1 - freshly installed > machines are connected directly(port -to- port) with crossed UTP CAT5 cables > ________________________________________________________________________ > we used iperf to test TCP throughput between those machines: > Results: > 10sec. Transfered 250MBytes Bandwidth 210Mbits/sec -in simplex mode > > and in duplex mode: > 10sec. Transfered 169MBytes Bandwidth 141Mbits/sec > 10sec. Transfered 163MBytes Bandwidth 136Mbits/sec > > after changing "enabledLinks=[1 1 1 1] to [1 1] the results are allmost the same: > ________________________________________________________________________ > 10sec. Transfered 242MBytes Bandwidth 203Mbits/sec -in simplex mode > > and in duplex mode: > 10sec. Transfered 163MBytes Bandwidth 136Mbits/sec > 10sec. Transfered 150MBytes Bandwidth 125Mbits/sec > ________________________________________________________________________ > 60 second transfer indicated 223Mbits/sec in simplex mode > > truth, we've tested direct link between em adapters in gigabit mode and using TCP packets 850Mbit throughput was achieved. And Nearly 1Gbit with UDP packets. > > as you see one2many test results aren't even close to 400Mbit > Is it possible that em and fxp cannot work together or something. what can you suggest to solve this small problem? > > thanks in advance > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" netgraph was not originally designed to be a super-high speed facility, but rather to be a convenient prototyping environment and a production environment for convoluted but slower wan type links. It has in fact turned out a lot more useful in normal networking environments than we had feared. If you want to do bundling, however I suggest you might want to look at the ng_fec node instead as it handles issues not handled by ng_one2many, such as loss of link. and it is a bit more optimised, needing fewer nodes. Having said that we will be looking at netgraph performance in the future. (It has always been "fast enough" so we've never really looked at tuning it until now (especially in 5.x)). From owner-freebsd-net@FreeBSD.ORG Fri Sep 17 12:48:14 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5435616A4CF for ; Fri, 17 Sep 2004 12:48:14 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8159343D54 for ; Fri, 17 Sep 2004 12:48:13 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 16586 invoked from network); 17 Sep 2004 12:43:07 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 17 Sep 2004 12:43:07 -0000 Message-ID: <414ADD15.FAC42CDB@freebsd.org> Date: Fri, 17 Sep 2004 14:48:21 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "Raphael H. Becker" References: <20040917104356.E55054@p-i-n.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: freebsd-current@freebsd.org Subject: Re: Strange things on GBit / 1000->100 / net.inet.tcp.inflight.* X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 12:48:14 -0000 "Raphael H. Becker" wrote: > > Hi *, > > one of our subnets is on a GBit-Switch since last week. > The nodes on the subnet are: > > 2x Dell PE350, RELENG_4_10, fxp{0,1}, 100baseTX > 3x Dell PE2650, RELENG_5 (BETA4), bge0, 1000baseTX > 1x Dell PE2650, RELENG_4_10, bge1, 1000baseTX > > The switch is a "NETGEAR Model GS516T Copper Gigabit Switch" [1] > > To test transfer und throughput every system has a running ftpd and a > 1GByte-file in /pub/1GB or a 250M file for the small boxes. > > Every system is able to send and receive data with full speed > (>10.5MBytes/sec on 100MBit, >70-90MBytes/sec(!) on GBit) > > I use wget for testing: > wget -O - --proxy=off ftp://10.101.240.52/pub/1GB >/dev/null > > The 3 5.x-Boxes on GBit transfer up to ~93MBytes(!) per second to > each other (serving the file from cache, 2 parallel sessions). > > The two PE350 boxes transfer data with >10MBytes/sec to each other. > > FTP from a 5.3 (PE2650,GBit) to 4.10 (PE350,100MBit) fails, throughput > around 200kBytes to 750kBytes/sec !! > > Same two hosts, ftp in other direction (100->1000) is running > 10.5MBytes/sec. > > I tested with another PE2650, running 4.10-RELEASE, ftp 1000->100 works > fine, >10MBytes/sec, stable!! > > The difference must be the OS, the hardware is more or less the same > > the 4.10-BOX: > bge1: mem 0xfcd00000-0xfcd0ffff irq 17 at device 8.0 on pci3 > bge1: Ethernet address: 00:06:5b:f7:f9:00 > miibus1: on bge1 > > one of the the 5.3-Boxes: > bge0: mem 0xfcf10000-0xfcf1ffff irq 28 at device 6.0 on pci3 > miibus0: on bge0 > bge0: Ethernet address: 00:0d:56:bb:9c:25 > > My guess: The 5.3-Boxes send bigger TCP-Windows than our switch has > buffer for each port resulting in massive packetloss or something like > that. The sender is "too fast" for the switch or the switch isn't able > to convert from 1000MBit to 100MBit under heavy load > (store&forward-buffer) Could you send me the output of (after you have run the 1000->100 test): # sysctl net.inet.tcp # sysctl net.inet.tcp.hostcache.list # netstat -s -p tcp # netstat -s -p ip > I fiddled around with net.inet.tcp.inflight.max. A rebooted system > has a value of "net.inet.tcp.inflight.max: 1073725440", i trimmed that > down in steps, testing and searching for effects. > > A value < ~75000 for ~.max limits the throughput 1000->1000 MBit > The transfer 1000->100MBit works for values <11583 (around 7MByte/sec), > >=11584 the throughput cuts, about 200kByte/sec. Fiddling with the inflight.max values doesn't help in this case. Those don't need any tuning. What could make a difference is to disable inflight entirely. However I'd like to get the output of the stuff above first. > A max throughput 1000->100MBit is for a value ~.max around 7800-8200. > With this value the GBit-to-GBit transfer is around 18.5MBytes/sec and > 20MBytes/sec. > > Using the "edge" of ~.max=11583 the GBit-to-GBit transfer is at 31MBytes/sec. > > I have no idea what is wrong or broken. Maybe the switch (too small buffer) > or the "inflight bandwith delay"-algorithm or something else. I guess ther's > no physical problem with cables or connectors or ports on the switch > (1000MBit works great for 1000MBit only). > > I'm willing to test patches or other cases as long as I don't need to > change hardware. > > Need more detailed info on a subject? > Any idea? Tuning? Patches? Pointers? One step after the other. I'm sure we will find the problem. -- Andre From owner-freebsd-net@FreeBSD.ORG Fri Sep 17 21:09:01 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB46516A4CE for ; Fri, 17 Sep 2004 21:09:01 +0000 (GMT) Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [202.249.10.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B17743D31 for ; Fri, 17 Sep 2004 21:09:01 +0000 (GMT) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from ocean.jinmei.org (unknown [2001:4f8:3:bb:fc3e:f999:cfbf:d7ae]) by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP id AC1B11525D; Sat, 18 Sep 2004 06:08:58 +0900 (JST) Date: Sat, 18 Sep 2004 06:09:01 +0900 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: Muhammad Reza In-Reply-To: <4148C2D0.6060907@mra.co.id> References: <4148C2D0.6060907@mra.co.id> User-Agent: Wanderlust/2.10.1 (Watching The Wheels) Emacs/21.3 Mule/5.0 (SAKAKI) Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan. MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: DVB card X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 21:09:02 -0000 >>>>> On Thu, 16 Sep 2004 05:31:44 +0700, >>>>> Muhammad Reza said: > Is there any DVB card (C band) that FreeBSD kernel support ? > please recommend us Hidetaka IZUMIYAMA (izu@wishnet.co.jp) of the WIDE project gave me the following information which might help. > 6WIND and ComputerModules provide a DVB-ASI driver for FreeBSD that supports > the following boards: > - http://www.computermodules.com/broadcast/broadcast-dvb.shtml > - DVB Master III Rx > - DVB Master III Tx > - DVB Master FD (I could not test this board) > > It is provided under the BSD License. > > The source code for FreeBSD 4.x is available at > http://proxy.6wind.com/~jardin/dvb/ > > It uses the same API as the Linux's DVB ASI interface. It means that > software such as Videolan can work on both Linux and FreeBSD. > > Regards, > Vincent JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp From owner-freebsd-net@FreeBSD.ORG Fri Sep 17 21:19:25 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AFE5A16A4CE; Fri, 17 Sep 2004 21:19:25 +0000 (GMT) Received: from dns.p-i-n.com (dns.p-i-n.com [145.253.185.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id C353343D2F; Fri, 17 Sep 2004 21:19:24 +0000 (GMT) (envelope-from rabe@p-i-n.com) Received: from p-i-n.com (inside.p-i-n.com [129.10.9.21]) by dns.p-i-n.com (8.12.9p2/8.12.9) with ESMTP id i8HLJNFx018000; Fri, 17 Sep 2004 23:19:23 +0200 (CEST) (envelope-from rabe@p-i-n.com) Received: (from rabe@localhost) by p-i-n.com (8.11.6/8.11.6) id i8HLJMN25495; Fri, 17 Sep 2004 23:19:22 +0200 (CEST) (envelope-from rabe) Date: Fri, 17 Sep 2004 23:19:22 +0200 From: "Raphael H. Becker" To: freebsd-current@freebsd.org Message-ID: <20040917231922.G55054@p-i-n.com> References: <20040917104356.E55054@p-i-n.com> <414ADD15.FAC42CDB@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <414ADD15.FAC42CDB@freebsd.org>; from andre@freebsd.org on Fri, Sep 17, 2004 at 02:48:21PM +0200 Organization: PHOENIX Pharmahandel AG & Co KG, Mannheim, Deutschland cc: freebsd-net@freebsd.org Subject: Re: Strange things on GBit / 1000->100 / net.inet.tcp.inflight.* X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 21:19:25 -0000 On Fri, Sep 17, 2004 at 02:48:21PM +0200, Andre Oppermann wrote: > "Raphael H. Becker" wrote: > > My guess: The 5.3-Boxes send bigger TCP-Windows than our switch has > > buffer for each port resulting in massive packetloss or something like > > that. The sender is "too fast" for the switch or the switch isn't able > > to convert from 1000MBit to 100MBit under heavy load > > (store&forward-buffer) > > Could you send me the output of (after you have run the 1000->100 test): > > # sysctl net.inet.tcp > # sysctl net.inet.tcp.hostcache.list > # netstat -s -p tcp > # netstat -s -p ip http://rhb.uugrn.org/FreeBSD/bugs/5.x/1000-to-100/check_before.txt http://rhb.uugrn.org/FreeBSD/bugs/5.x/1000-to-100/check_after.txt wget: Length: 1,160,773,632 (unauthoritative) 1% [ ] 12,199,080 383.23K/s ETA 48:46^C HTH Raphael Becker From owner-freebsd-net@FreeBSD.ORG Fri Sep 17 21:26:23 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D878D16A4CE for ; Fri, 17 Sep 2004 21:26:23 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id E85F143D45 for ; Fri, 17 Sep 2004 21:26:22 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 19918 invoked from network); 17 Sep 2004 21:21:13 -0000 Received: from dotat.atdotat.at (HELO [62.48.0.47]) ([62.48.0.47]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 17 Sep 2004 21:21:13 -0000 Message-ID: <414B567C.9060904@freebsd.org> Date: Fri, 17 Sep 2004 23:26:20 +0200 From: Andre Oppermann User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8a1) Gecko/20040520 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Raphael H. Becker" References: <20040917104356.E55054@p-i-n.com> <414ADD15.FAC42CDB@freebsd.org> <20040917231922.G55054@p-i-n.com> In-Reply-To: <20040917231922.G55054@p-i-n.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: freebsd-current@freebsd.org Subject: Re: Strange things on GBit / 1000->100 / net.inet.tcp.inflight.* X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 21:26:24 -0000 Raphael H. Becker wrote: > On Fri, Sep 17, 2004 at 02:48:21PM +0200, Andre Oppermann wrote: > >>"Raphael H. Becker" wrote: >> >>>My guess: The 5.3-Boxes send bigger TCP-Windows than our switch has >>>buffer for each port resulting in massive packetloss or something like >>>that. The sender is "too fast" for the switch or the switch isn't able >>>to convert from 1000MBit to 100MBit under heavy load >>>(store&forward-buffer) >> >>Could you send me the output of (after you have run the 1000->100 test): >> >> # sysctl net.inet.tcp >> # sysctl net.inet.tcp.hostcache.list >> # netstat -s -p tcp >> # netstat -s -p ip > > http://rhb.uugrn.org/FreeBSD/bugs/5.x/1000-to-100/check_before.txt > http://rhb.uugrn.org/FreeBSD/bugs/5.x/1000-to-100/check_after.txt Could you please provide the same information (except the second sysctl one) from the target machine as well. You don't have to show the difference between before and after but try to make sure that not much other traffic was going than the test. -- Andre From owner-freebsd-net@FreeBSD.ORG Fri Sep 17 21:30:35 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2594316A4CE for ; Fri, 17 Sep 2004 21:30:35 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5013A43D53 for ; Fri, 17 Sep 2004 21:30:34 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 19959 invoked from network); 17 Sep 2004 21:25:24 -0000 Received: from dotat.atdotat.at (HELO [62.48.0.47]) ([62.48.0.47]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 17 Sep 2004 21:25:24 -0000 Message-ID: <414B5777.1030901@freebsd.org> Date: Fri, 17 Sep 2004 23:30:31 +0200 From: Andre Oppermann User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8a1) Gecko/20040520 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Andre Oppermann References: <20040917104356.E55054@p-i-n.com> <414ADD15.FAC42CDB@freebsd.org> <20040917231922.G55054@p-i-n.com> <414B567C.9060904@freebsd.org> In-Reply-To: <414B567C.9060904@freebsd.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: freebsd-current@freebsd.org cc: "Raphael H. Becker" Subject: Re: Strange things on GBit / 1000->100 / net.inet.tcp.inflight.* X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 21:30:35 -0000 Andre Oppermann wrote: > Raphael H. Becker wrote: > >> On Fri, Sep 17, 2004 at 02:48:21PM +0200, Andre Oppermann wrote: >> >>> "Raphael H. Becker" wrote: >>> >>>> My guess: The 5.3-Boxes send bigger TCP-Windows than our switch has >>>> buffer for each port resulting in massive packetloss or something like >>>> that. The sender is "too fast" for the switch or the switch isn't able >>>> to convert from 1000MBit to 100MBit under heavy load >>>> (store&forward-buffer) >>> >>> >>> Could you send me the output of (after you have run the 1000->100 test): >>> >>> # sysctl net.inet.tcp >>> # sysctl net.inet.tcp.hostcache.list >>> # netstat -s -p tcp >>> # netstat -s -p ip >> >> >> http://rhb.uugrn.org/FreeBSD/bugs/5.x/1000-to-100/check_before.txt >> http://rhb.uugrn.org/FreeBSD/bugs/5.x/1000-to-100/check_after.txt > > > Could you please provide the same information (except the second sysctl > one) > from the target machine as well. You don't have to show the difference > between before and after but try to make sure that not much other traffic > was going than the test. And could you do this on the 5.3 machine: # sysctl net.inet.tcp.rfc3042=0 then restart and run the tests plus providing data for the 5.3 and 4.10 machine again. -- Andre From owner-freebsd-net@FreeBSD.ORG Fri Sep 17 21:52:52 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0D8EA16A4CE; Fri, 17 Sep 2004 21:52:52 +0000 (GMT) Received: from dns.p-i-n.com (dns.p-i-n.com [145.253.185.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A5B043D1D; Fri, 17 Sep 2004 21:52:51 +0000 (GMT) (envelope-from rabe@p-i-n.com) Received: from p-i-n.com (inside.p-i-n.com [129.10.9.21]) by dns.p-i-n.com (8.12.9p2/8.12.9) with ESMTP id i8HLouFx018803; Fri, 17 Sep 2004 23:50:56 +0200 (CEST) (envelope-from rabe@p-i-n.com) Received: (from rabe@localhost) by p-i-n.com (8.11.6/8.11.6) id i8HLouj26439; Fri, 17 Sep 2004 23:50:56 +0200 (CEST) (envelope-from rabe) Date: Fri, 17 Sep 2004 23:50:56 +0200 From: "Raphael H. Becker" To: freebsd-current@freebsd.org Message-ID: <20040917235056.I55054@p-i-n.com> References: <20040917104356.E55054@p-i-n.com> <414ADD15.FAC42CDB@freebsd.org> <20040917231922.G55054@p-i-n.com> <414B567C.9060904@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <414B567C.9060904@freebsd.org>; from andre@freebsd.org on Fri, Sep 17, 2004 at 11:26:20PM +0200 Organization: PHOENIX Pharmahandel AG & Co KG, Mannheim, Deutschland cc: freebsd-net@freebsd.org Subject: Re: Strange things on GBit / 1000->100 / net.inet.tcp.inflight.* X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 21:52:52 -0000 On Fri, Sep 17, 2004 at 11:26:20PM +0200, Andre Oppermann wrote: > Raphael H. Becker wrote: > >> # sysctl net.inet.tcp > >> # sysctl net.inet.tcp.hostcache.list > >> # netstat -s -p tcp > >> # netstat -s -p ip > > > > http://rhb.uugrn.org/FreeBSD/bugs/5.x/1000-to-100/check_before.txt > > http://rhb.uugrn.org/FreeBSD/bugs/5.x/1000-to-100/check_after.txt > > Could you please provide the same information (except the second sysctl one) > from the target machine as well. You don't have to show the difference http://rhb.uugrn.org/FreeBSD/bugs/5.x/1000-to-100/check_target.txt > between before and after but try to make sure that not much other traffic > was going than the test. Just my ssh-Session. But I can't guarantee for each packet passing the router (= the target-machine). There's no "production"-traffic on that subnet, just my testboxes. Regards Raphael Becker From owner-freebsd-net@FreeBSD.ORG Fri Sep 17 22:05:47 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CDCED16A4CE; Fri, 17 Sep 2004 22:05:47 +0000 (GMT) Received: from dns.p-i-n.com (dns.p-i-n.com [145.253.185.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 39DB243D2D; Fri, 17 Sep 2004 22:05:47 +0000 (GMT) (envelope-from rabe@p-i-n.com) Received: from p-i-n.com (inside.p-i-n.com [129.10.9.21]) by dns.p-i-n.com (8.12.9p2/8.12.9) with ESMTP id i8HM34Fx019286; Sat, 18 Sep 2004 00:03:04 +0200 (CEST) (envelope-from rabe@p-i-n.com) Received: (from rabe@localhost) by p-i-n.com (8.11.6/8.11.6) id i8HM33c27037; Sat, 18 Sep 2004 00:03:03 +0200 (CEST) (envelope-from rabe) Date: Sat, 18 Sep 2004 00:03:03 +0200 From: "Raphael H. Becker" To: freebsd-current@freebsd.org Message-ID: <20040918000303.J55054@p-i-n.com> References: <20040917104356.E55054@p-i-n.com> <414ADD15.FAC42CDB@freebsd.org> <20040917231922.G55054@p-i-n.com> <414B567C.9060904@freebsd.org> <414B5777.1030901@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <414B5777.1030901@freebsd.org>; from andre@freebsd.org on Fri, Sep 17, 2004 at 11:30:31PM +0200 Organization: PHOENIX Pharmahandel AG & Co KG, Mannheim, Deutschland cc: freebsd-net@freebsd.org Subject: Re: Strange things on GBit / 1000->100 / net.inet.tcp.inflight.* X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 22:05:48 -0000 On Fri, Sep 17, 2004 at 11:30:31PM +0200, Andre Oppermann wrote: rebooted the "source"-machine to get a defined state. Did reboot before the last test, too. > And could you do this on the 5.3 machine: > # sysctl net.inet.tcp.rfc3042=0 net.inet.tcp.rfc3042: 1 -> 0 wget on target: Length: 1,160,773,632 (unauthoritative) 1% [ ] 12,967,976 325.72K/s ETA 57:21^C > then restart and run the tests plus providing data for the 5.3 > and 4.10 machine again. http://rhb.uugrn.org/FreeBSD/bugs/5.x/1000-to-100/check_2_source.txt (5.3) http://rhb.uugrn.org/FreeBSD/bugs/5.x/1000-to-100/check_2_target.txt (4.10) HTH Raphael Becker From owner-freebsd-net@FreeBSD.ORG Fri Sep 17 22:17:38 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4EFB516A4CE for ; Fri, 17 Sep 2004 22:17:38 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8C46543D1F for ; Fri, 17 Sep 2004 22:17:37 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 20257 invoked from network); 17 Sep 2004 22:11:13 -0000 Received: from dotat.atdotat.at (HELO [62.48.0.47]) ([62.48.0.47]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 17 Sep 2004 22:11:13 -0000 Message-ID: <414B6234.8060904@freebsd.org> Date: Sat, 18 Sep 2004 00:16:20 +0200 From: Andre Oppermann User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8a1) Gecko/20040520 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Raphael H. Becker" References: <20040917104356.E55054@p-i-n.com> <414ADD15.FAC42CDB@freebsd.org> <20040917231922.G55054@p-i-n.com> <414B567C.9060904@freebsd.org> <20040917235056.I55054@p-i-n.com> In-Reply-To: <20040917235056.I55054@p-i-n.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: freebsd-current@freebsd.org Subject: Re: Strange things on GBit / 1000->100 / net.inet.tcp.inflight.* X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 22:17:38 -0000 Raphael H. Becker wrote: > On Fri, Sep 17, 2004 at 11:26:20PM +0200, Andre Oppermann wrote: > >>Raphael H. Becker wrote: >> >>>># sysctl net.inet.tcp >>>># sysctl net.inet.tcp.hostcache.list >>>># netstat -s -p tcp >>>># netstat -s -p ip >>> >>>http://rhb.uugrn.org/FreeBSD/bugs/5.x/1000-to-100/check_before.txt >>>http://rhb.uugrn.org/FreeBSD/bugs/5.x/1000-to-100/check_after.txt >> >>Could you please provide the same information (except the second sysctl one) >>from the target machine as well. You don't have to show the difference > > http://rhb.uugrn.org/FreeBSD/bugs/5.x/1000-to-100/check_target.txt Ok, this give some very stange information: On the taget machine (4.10) we see a huge amount of OO packets arriving: 92920 out-of-order packets (134546620 bytes) but we don't see nearly that many on retransmits on the source machine (5.3): 281 data packets (405792 bytes) retransmitted However the data set on the target machine seem to be skewed. There is a lot of other TCP traffic on there as well. So this probably doesn't really relate directly to the test you did. >>between before and after but try to make sure that not much other traffic >>was going than the test. > > Just my ssh-Session. But I can't guarantee for each packet passing the > router (= the target-machine). There's no "production"-traffic on that > subnet, just my testboxes. Hmmm... Without getting the TCP statictics back to zero it's hard to correlate any data. Would you mind trying a 5.3 to 5.3 transfer but the target 5.3 box forced to only 100Mbit full-duplex? Same statistics again. -- Andre From owner-freebsd-net@FreeBSD.ORG Fri Sep 17 23:11:16 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB73716A4CF for ; Fri, 17 Sep 2004 23:11:16 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 01D4343D49 for ; Fri, 17 Sep 2004 23:11:16 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 20656 invoked from network); 17 Sep 2004 23:06:05 -0000 Received: from dotat.atdotat.at (HELO [62.48.0.47]) ([62.48.0.47]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 17 Sep 2004 23:06:05 -0000 Message-ID: <414B6F11.5070902@freebsd.org> Date: Sat, 18 Sep 2004 01:11:13 +0200 From: Andre Oppermann User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8a1) Gecko/20040520 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Raphael H. Becker" References: <20040917104356.E55054@p-i-n.com> <414ADD15.FAC42CDB@freebsd.org> <20040917231922.G55054@p-i-n.com> <414B567C.9060904@freebsd.org> <414B5777.1030901@freebsd.org> <20040918000303.J55054@p-i-n.com> In-Reply-To: <20040918000303.J55054@p-i-n.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: freebsd-current@freebsd.org Subject: Re: Strange things on GBit / 1000->100 / net.inet.tcp.inflight.* X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 23:11:17 -0000 Raphael H. Becker wrote: > On Fri, Sep 17, 2004 at 11:30:31PM +0200, Andre Oppermann wrote: > > rebooted the "source"-machine to get a defined state. > Did reboot before the last test, too. > > >>And could you do this on the 5.3 machine: >> # sysctl net.inet.tcp.rfc3042=0 > > > net.inet.tcp.rfc3042: 1 -> 0 > > wget on target: > Length: 1,160,773,632 (unauthoritative) > > 1% [ ] 12,967,976 325.72K/s ETA 57:21^C I've somewhat rebuild the test setup with my workstation dual Opteron running 6-current and a 4.10 VIA C3-800 on the other side. A Cisco 2950 in between. On the GigE side I have a bge interface and fxp on the C3. When doing an ftp of the second FreeBSD 5.3-BETA4-i386-disc2.iso (~280MB) from the Opteron to the C3 I get a nice transfer speed of about 10.3MB/s. Which is about as much as one can get considering the little C3 and it's poor IDE disk. I've tried ftp the 'active' and 'passive' mode way to rule out that the direction of TCP connection setup could play a role. It doesn't. Same speed both times. Second try with a Netgear FSM726S. Full speed again. No problems. I'm unable to reproduce your problem. Usually in these cases there is an ethernet duplex mismatch somewhere. Can set the network cards and the switches to fixed 1000 or 100 full-duplex? -- Andre From owner-freebsd-net@FreeBSD.ORG Fri Sep 17 23:16:47 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4AAC16A4CE; Fri, 17 Sep 2004 23:16:47 +0000 (GMT) Received: from aposerv.p-i-n.com (aposerv.p-i-n.com [145.253.185.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id EAA7543D39; Fri, 17 Sep 2004 23:16:46 +0000 (GMT) (envelope-from rabe@p-i-n.com) Received: from p-i-n.com (inside.p-i-n.com [129.10.9.21]) by aposerv.p-i-n.com (8.12.11/8.12.11) with ESMTP id i8HNGjiK088149; Sat, 18 Sep 2004 01:16:45 +0200 (CEST) (envelope-from rabe@p-i-n.com) Received: (from rabe@localhost) by p-i-n.com (8.11.6/8.11.6) id i8HNGih29095; Sat, 18 Sep 2004 01:16:44 +0200 (CEST) (envelope-from rabe) Date: Sat, 18 Sep 2004 01:16:44 +0200 From: "Raphael H. Becker" To: freebsd-current@freebsd.org Message-ID: <20040918011644.N55054@p-i-n.com> References: <20040917104356.E55054@p-i-n.com> <414ADD15.FAC42CDB@freebsd.org> <20040917231922.G55054@p-i-n.com> <414B567C.9060904@freebsd.org> <20040917235056.I55054@p-i-n.com> <414B6234.8060904@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <414B6234.8060904@freebsd.org>; from andre@freebsd.org on Sat, Sep 18, 2004 at 12:16:20AM +0200 Organization: PHOENIX Pharmahandel AG & Co KG, Mannheim, Deutschland cc: freebsd-net@freebsd.org Subject: Re: Strange things on GBit / 1000->100 / net.inet.tcp.inflight.* X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 23:16:47 -0000 On Sat, Sep 18, 2004 at 12:16:20AM +0200, Andre Oppermann wrote: > Hmmm... Without getting the TCP statictics back to zero it's hard to correlate > any data. As explained in PM, I rechecked on another "target"-machine. Both machines were rebooted before test, source: net.inet.tcp.rfc3042: 1 -> 0 target: wget Length: 1,160,773,632 (unauthoritative) 4% [==> .... ] 51,386,568 377.28K/s ETA 47:51^C http://rhb.uugrn.org/FreeBSD/bugs/5.x/1000-to-100/check_3_source.txt http://rhb.uugrn.org/FreeBSD/bugs/5.x/1000-to-100/check_3_target.txt > Would you mind trying a 5.3 to 5.3 transfer but the target 5.3 box forced to > only 100Mbit full-duplex? Same statistics again. Sorry, ifconfig is not possible now. See PM. I may retest with physical access (without ssh) next days, if needed. HTH Raphael Becker From owner-freebsd-net@FreeBSD.ORG Fri Sep 17 23:39:31 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 781B216A4CE; Fri, 17 Sep 2004 23:39:31 +0000 (GMT) Received: from dns.p-i-n.com (dns.p-i-n.com [145.253.185.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id D3EE243D31; Fri, 17 Sep 2004 23:39:30 +0000 (GMT) (envelope-from rabe@p-i-n.com) Received: from p-i-n.com (inside.p-i-n.com [129.10.9.21]) by dns.p-i-n.com (8.12.9p2/8.12.9) with ESMTP id i8HNdTFx025311; Sat, 18 Sep 2004 01:39:29 +0200 (CEST) (envelope-from rabe@p-i-n.com) Received: (from rabe@localhost) by p-i-n.com (8.11.6/8.11.6) id i8HNdTr29654; Sat, 18 Sep 2004 01:39:29 +0200 (CEST) (envelope-from rabe) Date: Sat, 18 Sep 2004 01:39:29 +0200 From: "Raphael H. Becker" To: Andre Oppermann Message-ID: <20040918013929.O55054@p-i-n.com> References: <20040917104356.E55054@p-i-n.com> <414ADD15.FAC42CDB@freebsd.org> <20040917231922.G55054@p-i-n.com> <414B567C.9060904@freebsd.org> <414B5777.1030901@freebsd.org> <20040918000303.J55054@p-i-n.com> <414B6F11.5070902@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <414B6F11.5070902@freebsd.org>; from andre@freebsd.org on Sat, Sep 18, 2004 at 01:11:13AM +0200 Organization: PHOENIX Pharmahandel AG & Co KG, Mannheim, Deutschland cc: freebsd-net@freebsd.org cc: freebsd-current@freebsd.org Subject: Re: Strange things on GBit / 1000->100 / net.inet.tcp.inflight.* X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 23:39:31 -0000 On Sat, Sep 18, 2004 at 01:11:13AM +0200, Andre Oppermann wrote: > I'm unable to reproduce your problem. > > Usually in these cases there is an ethernet duplex mismatch somewhere. > Can set the network cards and the switches to fixed 1000 or 100 full-duplex? Yes, one of my first tests. Both machines fixed to their nominal transfer rate. Tested different ports, different irons (source and target), different cables. Always same result. All channels are able to do their maximum speed. Changing target and source (100 -> 1000) resulted in >10MBytes/sec, same machines, same cables, same everything 1000 -> 100 resulted in what we discuss here (300kBytes). 100->100 (between the two PE350) is working fine, too. The problematic case (1000 -> 100) was tested with 3 machines 5.x and 2 machines 4.x, all cases the same. I'm not sure this is a "physical" problem. I will try something else next days: * New cables * FreesBIE with 4.10 on the 5.3-Boxes, ftp'in /dev/zero directly to /dev/null ... * throtteling 1000MBit ... maybe Maybe: * another GBit-Switch (if available) Workaround: * Buy 1000MBit-Cards for the both "Router"-boxes Regards Raphael Becker From owner-freebsd-net@FreeBSD.ORG Sat Sep 18 01:15:01 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 125AC16A4CE for ; Sat, 18 Sep 2004 01:15:01 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C00F43D2F for ; Sat, 18 Sep 2004 01:15:00 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 21523 invoked from network); 18 Sep 2004 01:09:48 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.54]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 18 Sep 2004 01:09:48 -0000 Message-ID: <414B8C1B.2E7C971C@freebsd.org> Date: Sat, 18 Sep 2004 03:15:07 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "Raphael H. Becker" References: <20040917104356.E55054@p-i-n.com> <414ADD15.FAC42CDB@freebsd.org> <20040917231922.G55054@p-i-n.com> <414B567C.9060904@freebsd.org> <414B5777.1030901@freebsd.org> <20040918000303.J55054@p-i-n.com> <414B6F11.5070902@freebsd.org> <20040918013929.O55054@p-i-n.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: freebsd-current@freebsd.org Subject: Re: Strange things on GBit / 1000->100 / net.inet.tcp.inflight.* X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Sep 2004 01:15:01 -0000 "Raphael H. Becker" wrote: > > On Sat, Sep 18, 2004 at 01:11:13AM +0200, Andre Oppermann wrote: > > I'm unable to reproduce your problem. > > > > Usually in these cases there is an ethernet duplex mismatch somewhere. > > Can set the network cards and the switches to fixed 1000 or 100 full-duplex? > > Yes, one of my first tests. Both machines fixed to their nominal > transfer rate. Tested different ports, different irons (source and > target), different cables. Always same result. > > All channels are able to do their maximum speed. Ok. > Changing target and source (100 -> 1000) resulted in >10MBytes/sec, same > machines, same cables, same everything 1000 -> 100 resulted in what we > discuss here (300kBytes). > > 100->100 (between the two PE350) is working fine, too. > > The problematic case (1000 -> 100) was tested with 3 machines 5.x and 2 > machines 4.x, all cases the same. Hmmm... > I'm not sure this is a "physical" problem. The high number of out-of-order packets on your 4.10 machine is very suspicious. > I will try something else next days: > * New cables > * FreesBIE with 4.10 on the 5.3-Boxes, ftp'in /dev/zero directly to /dev/null ... > * throtteling 1000MBit ... maybe > > Maybe: > * another GBit-Switch (if available) That would be nice. Try to get some other brand or model than the one you have now. > Workaround: > * Buy 1000MBit-Cards for the both "Router"-boxes Why that? Do you have to do TCP transfer to/from these machines? Yet another test you could try: 5.3 GE ---> FE 4.10 "Router" FE ---> 4.10 FE -- Andre From owner-freebsd-net@FreeBSD.ORG Sat Sep 18 13:54:12 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3DF3816A4CE; Sat, 18 Sep 2004 13:54:12 +0000 (GMT) Received: from aposerv.p-i-n.com (aposerv.p-i-n.com [145.253.185.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5BC2543D2D; Sat, 18 Sep 2004 13:54:11 +0000 (GMT) (envelope-from rabe@p-i-n.com) Received: from p-i-n.com (inside.p-i-n.com [129.10.9.21]) by aposerv.p-i-n.com (8.12.11/8.12.11) with ESMTP id i8IDs8kT044912; Sat, 18 Sep 2004 15:54:08 +0200 (CEST) (envelope-from rabe@p-i-n.com) Received: (from rabe@localhost) by p-i-n.com (8.11.6/8.11.6) id i8IDs8g55321; Sat, 18 Sep 2004 15:54:08 +0200 (CEST) (envelope-from rabe) Date: Sat, 18 Sep 2004 15:54:08 +0200 From: "Raphael H. Becker" To: Andre Oppermann Message-ID: <20040918155408.P55054@p-i-n.com> References: <20040917104356.E55054@p-i-n.com> <414ADD15.FAC42CDB@freebsd.org> <20040917231922.G55054@p-i-n.com> <414B567C.9060904@freebsd.org> <414B5777.1030901@freebsd.org> <20040918000303.J55054@p-i-n.com> <414B6F11.5070902@freebsd.org> <20040918013929.O55054@p-i-n.com> <414B8C1B.2E7C971C@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <414B8C1B.2E7C971C@freebsd.org>; from andre@freebsd.org on Sat, Sep 18, 2004 at 03:15:07AM +0200 Organization: PHOENIX Pharmahandel AG & Co KG, Mannheim, Deutschland cc: freebsd-net@freebsd.org cc: freebsd-current@freebsd.org Subject: Re: Strange things on GBit / 1000->100 / net.inet.tcp.inflight.* X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Sep 2004 13:54:12 -0000 On Sat, Sep 18, 2004 at 03:15:07AM +0200, Andre Oppermann wrote: > > I'm not sure this is a "physical" problem. > > The high number of out-of-order packets on your 4.10 machine is very > suspicious. You're talking about http://rhb.uugrn.org/FreeBSD/bugs/5.x/1000-to-100/check_3_target.txt ? Maybe the switch is buggy for just this testcase? Store&forward-Engine? > > Workaround: > > * Buy 1000MBit-Cards for the both "Router"-boxes > Why that? Do you have to do TCP transfer to/from these machines? The two machies are routers, but ... > Yet another test you could try: > 5.3 GE ---> FE 4.10 "Router" FE ---> 4.10 FE This was my initial testcase, I tried to transfer data from the GE-net via the "internal" router to another internal FE-4.x-Box --> 700kb/sec IIRC (Intranet) That failed. My first suspicion was the internal router (10.101.240.1, 4.10, FE) is not able to route a higher bandwidth for any reason. I tried something via the router. To mask some other unknown bottlenecks I tried direkt from the router (as target, not as router) ... now here we are. >From my point of view ther's no significant difference between "router just routes" or "router is target". Maybe I'm wrong here. Just tested the case via the 2nd router to another net. wget -O - --proxy=off ftp://10.101.240.54/pub/1GB > /dev/null Länge: 1,160,773,632 (unmaßgeblich) 2% [=> ] 28,918,448 582.63K/s ETA 31:37^C 1 145.2xx.xxx.1x6 0.243 ms 0.120 ms 0.133 ms 2 10.101.240.54 0.357 ms 0.229 ms 0.343 ms Same switch, different irons (target, router, server), another nets, ... Maybe interesting: wget starts with about 1-2MBytes/sec then converging down to some 100kBytes/sec. Another comparison, differrent targets (4.10 FE, 5.3GE), different servers (4.x,5.3 GE), see PS for a detailed list: 1) target: external router (10.101.240.254, 4.10, FE) $ wget -O - --proxy=off ftp://10.101.240.52/pub/1GB > /dev/null --> 9.42M/s $ wget -O - --proxy=off ftp://10.101.240.1/pub/250M > /dev/null --> 10.22M/s $ wget -O - --proxy=off ftp://10.101.240.54/pub/1GB > /dev/null --> 258.47K/s $ wget -O - --proxy=off ftp://10.101.240.55/pub/1GB > /dev/null --> 384.70K/s $ wget -O - --proxy=off ftp://10.101.240.56/pub/1GB > /dev/null --> 195.71K/s 2) target: neighbor-server (10.101.240.55, 5.3,GE) $ wget -O - --proxy=off ftp://10.101.240.52/pub/1GB > /dev/null --> 55.55M/s (uncached, the .52 cannot cache 1GByte file) $ wget -O - --proxy=off ftp://10.101.240.54/pub/1GB > /dev/null --> 34.12M/s (uncached from RAID) $ wget -O - --proxy=off ftp://10.101.240.54/pub/1GB > /dev/null --> 76.96M/s (cached) $ wget -O - --proxy=off ftp://10.101.240.56/pub/1GB > /dev/null --> 36.61M/s (uncached from RAID) $ wget -O - --proxy=off ftp://10.101.240.56/pub/1GB > /dev/null --> 77.40M/s (cached) $ wget -O - --proxy=off ftp://10.101.240.254/pub/250M > /dev/null --> 10.07M/s $ wget -O - --proxy=off ftp://10.101.240.1/pub/250M > /dev/null --> 10.37M/s I guess the switch has some troubles with its store&forward engine when transferring data from GE to FE and(!) the GE is a 5.3, if GE is 4.10 then it works. So the only significant difference is the OS (thats why I discuss it here and not with the guys of netgear this time). I have a spare "router-box", running a offline-hot-standby copy of our external packet filter (outside our external DMZ). I may install 5.3 on that box to have a 5.3 running on FE, even though I don't belive that will make a difference what kind of system is the target. Who knows. Regards Raphael Becker PS: all players on GE: IP OS IF desc .1 4.10 fxp1,FE internal router, PE350, 128MB RAM .254 4.10 fxp1,FE external router, PE350, 128MB RAM .52 4.10 bge1,GE normal host, PE2650, 1024MB RAM .54 5.3 bge0,GE dito, 2048MB RAM .55 5.3 bge0,GE dito, 2048MB RAM .56 5.3 bge0,GE dito, 2048MB RAM From owner-freebsd-net@FreeBSD.ORG Sat Sep 18 19:16:02 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D41B516A4CE for ; Sat, 18 Sep 2004 19:16:02 +0000 (GMT) Received: from venus.vincentjardin.net (lns-th2-10-82-64-145-123.adsl.proxad.net [82.64.145.123]) by mx1.FreeBSD.org (Postfix) with ESMTP id A5D1743D45 for ; Sat, 18 Sep 2004 19:16:01 +0000 (GMT) (envelope-from jardin@venus.vincentjardin.net) Received: from venus.vincentjardin.net (localhost [127.0.0.1]) i8IJQ7kv011583; Sat, 18 Sep 2004 21:26:07 +0200 (CEST) (envelope-from jardin@venus.vincentjardin.net) Received: from localhost (localhost [[UNIX: localhost]]) by venus.vincentjardin.net (8.12.9/8.12.9/Submit) id i8IJPxVo011582; Sat, 18 Sep 2004 21:25:59 +0200 (CEST) From: Vincent Jardin To: JINMEI Tatuya / =?utf-8?q?=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?= , Muhammad Reza Date: Sat, 18 Sep 2004 21:25:48 +0200 User-Agent: KMail/1.5.2 References: <4148C2D0.6060907@mra.co.id> In-Reply-To: MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Description: clearsigned data Content-Disposition: inline Message-Id: <200409182125.59921.vjardin@free.fr> cc: freebsd-net@freebsd.org Subject: Re: DVB card X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: vincent.jardin@6wind.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Sep 2004 19:16:02 -0000 =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I would be interested in getting some feedbacks about people who are using= =20 these boards and these drivers too. If you need a DVB stack that supports IPv4/IPv6/Ethernet/MPLS over assymetr= ic=20 links, you can be in touched directly with me or 6WIND. Regards, Vincent On Friday 17 September 2004 23:09, JINMEI Tatuya / =E7=A5=9E=E6=98=8E=E9=81= =94=E5=93=89 wrote: > >>>>> On Thu, 16 Sep 2004 05:31:44 +0700, > >>>>> Muhammad Reza said: > > > > Is there any DVB card (C band) that FreeBSD kernel support ? > > please recommend us > > Hidetaka IZUMIYAMA (izu@wishnet.co.jp) of the WIDE project gave me the > following information which might help. > > > 6WIND and ComputerModules provide a DVB-ASI driver for FreeBSD that > > supports the following boards: > > - http://www.computermodules.com/broadcast/broadcast-dvb.shtml > > - DVB Master III Rx > > - DVB Master III Tx > > - DVB Master FD (I could not test this board) > > > > It is provided under the BSD License. > > > > The source code for FreeBSD 4.x is available at > > http://proxy.6wind.com/~jardin/dvb/ > > > > It uses the same API as the Linux's DVB ASI interface. It means that > > software such as Videolan can work on both Linux and FreeBSD. > > > > Regards, > > Vincent > > JINMEI, Tatuya > Communication Platform Lab. > Corporate R&D Center, Toshiba Corp. > jinmei@isl.rdc.toshiba.co.jp > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQFBTIvGj1uHAMmANdgRAhZlAJ4pxy8ndTIxUYg8SLlX79lyWH6c5wCfWHpw KeOMQhc4rJe1NKNvxL+btBw=3D =3DZFt7 =2D----END PGP SIGNATURE----- From owner-freebsd-net@FreeBSD.ORG Sat Sep 18 21:34:46 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 497B316A4CE for ; Sat, 18 Sep 2004 21:34:46 +0000 (GMT) Received: from relais.videotron.ca (relais.videotron.ca [24.201.245.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id EEC7743D2F for ; Sat, 18 Sep 2004 21:34:45 +0000 (GMT) (envelope-from kfl@xiphos.ca) Received: from [10.0.0.3] ([24.200.150.83]) by VL-MO-MR011.ip.videotron.ca (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <0I4900141AJXRN@VL-MO-MR011.ip.videotron.ca> for net@freebsd.org; Sat, 18 Sep 2004 17:33:33 -0400 (EDT) Date: Sat, 18 Sep 2004 17:24:49 -0400 From: Karim Fodil-Lemelin To: net@freebsd.org Message-id: <414CA7A1.7000809@xiphos.ca> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7BIT X-Accept-Language: en-us, en User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7) Gecko/20040514 Subject: Strange Bridge Issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Sep 2004 21:34:46 -0000 Hi, I have applied Luigi's patch to a FBSD 4.8 kernel to be able to use fwd rules in ipfw with a BRIDGE. I have to say its a very cool feature. Now, there is two side of this, one good and one that I really need to fix. The good side is it works in this configuration: CLIENT --------(fxp0) BRIDGE1 (fxp1) --------- ROUTER(S) -----------(fxp1) BRIDGE2 (fxp0) ------- SERVER CL:IENT is on the same subnet as BRIDGE1 and SERVER is on the same subnet as BRIDGE2, using ipfw rules like this: reset tcp from any to me XXXX reset tcp from any to me YYYY fwd 127.0.0.1,XXXX tcp from any to any in via fxp0 fwd 127.0.0.1,YYYY tcp from any to any in via fxp1 I get all tcp traffic to be "sucked in" by the fwd rules to a proxy application that goes out to connect from fxp1 (fxp1 has an address for the proxy to bind on). It is then grabbed by another proxy on BRIDGE2 and forwarded to another proxy on port YYYY and it connects to the SERVER just fine. There is only one route, which is default pointing to the closest ROUTER on both bridge. The previous scenario work just fine but if it gets more complicated, with something like this: CLIENT ----- ROUTER(S) ----- BRIDGE1 ----- ROUTER(S) ---- BRIDGE2 ----ROUTER(S) ---- SERVER Here, CLIENT is _not_ on the same subnet as BRIDGE1 and SERVER is _not_ on the same subnet as BRIDGE2. Using the same rules as above, traffic comming from CLIENT goes through the BRIDGE1 _whitout_ being "fwded"!! If anyone could help me to figure at least why tcp packets are going through whitout being sucked in, I would really appreciate. Obviously if you know how to fix this then please let me know :). Regards, Karim. From owner-freebsd-net@FreeBSD.ORG Sat Sep 18 23:17:21 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1775116A4CF for ; Sat, 18 Sep 2004 23:17:21 +0000 (GMT) Received: from mail2.speakeasy.net (mail2.speakeasy.net [216.254.0.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF62443D46 for ; Sat, 18 Sep 2004 23:17:20 +0000 (GMT) (envelope-from jmg@hydrogen.funkthat.com) Received: (qmail 24877 invoked from network); 18 Sep 2004 23:17:20 -0000 Received: from gate.funkthat.com (HELO hydrogen.funkthat.com) ([69.17.45.168]) (envelope-sender ) by mail2.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 18 Sep 2004 23:17:20 -0000 Received: from hydrogen.funkthat.com (hcxina@localhost.funkthat.com [127.0.0.1])i8INHJuU084806; Sat, 18 Sep 2004 16:17:20 -0700 (PDT) (envelope-from jmg@hydrogen.funkthat.com) Received: (from jmg@localhost) by hydrogen.funkthat.com (8.12.10/8.12.10/Submit) id i8INHJWE084805; Sat, 18 Sep 2004 16:17:19 -0700 (PDT) Date: Sat, 18 Sep 2004 16:17:19 -0700 From: John-Mark Gurney To: Andre Oppermann Message-ID: <20040918231719.GV72089@funkthat.com> Mail-Followup-To: Andre Oppermann , freebsd-net@FreeBSD.org, freebsd-arch@FreeBSD.org References: <20040906050435.GA72089@funkthat.com> <41408D4C.E33B6F98@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <41408D4C.E33B6F98@freebsd.org> User-Agent: Mutt/1.4.1i X-Operating-System: FreeBSD 4.2-RELEASE i386 X-PGP-Fingerprint: B7 EC EF F8 AE ED A7 31 96 7A 22 B3 D8 56 36 F4 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html cc: freebsd-net@freebsd.org cc: freebsd-arch@freebsd.org Subject: Re: better MTU support... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: John-Mark Gurney List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Sep 2004 23:17:21 -0000 Andre Oppermann wrote this message on Thu, Sep 09, 2004 at 19:05 +0200: Ok, finally got a switch (and gige cards, if_re needs work) capable of jumbo frames.. > John-Mark Gurney wrote: > > In a recent experiment w/ Jumbo frames, I found out that sending ip > > frames completely ignores the MTU set on host routes. This makes it > > difficult (or next to impossible) to support a network that has both > > regular and jumbo frames on it as you can't restrict some hosts to the > > smaller frames. > > What you should do instead is to set the MTU on the interface to 9018 > or so and then have a default route with MTU 1500 for everything else. > Now you can specify larger MTUs for hosts that support it. > > Otherwise you are opening a can of worms... This doesn't fix it, since the output still doesn't honor the mtu on the route.. Note, I'm not testing tcp, only udp and icmp since I've seen that TCP already works fine... # netstat -rnWfinet Routing tables Internet: Destination Gateway Flags Refs Use Mtu Netif Expire default 192.168.0.14 UGS 0 11 1500 em0 127.0.0.1 127.0.0.1 UH 0 40 16384 lo0 192.168.0 link#5 UC 0 0 9000 em0 192.168.0.1 00:a0:c9:59:8b:6c UHLW 0 33 1500 em0 175 192.168.0.3 00:0a:95:9e:8b:88 UHLW 0 1988 9000 em0 374 192.168.0.14 00:a0:c9:31:30:5e UHLW 1 8 1500 em0 955 192.168.0.20 00:07:e9:0d:aa:ca UHLW 0 18 9000 em0 187 192.168.0.21 00:07:e9:0d:ad:06 UHLW 0 2 9000 lo0 tcpdump output: 16:02:14.311079 IP 192.168.0.21 > 192.168.0.1: icmp 5008: echo request seq 14 16:02:15.320981 IP 192.168.0.21 > 192.168.0.1: icmp 5008: echo request seq 15 16:04:54.720890 IP 192.168.0.21 > 128.223.122.47: icmp 5008: echo request seq 0 16:04:55.727148 IP 192.168.0.21 > 128.223.122.47: icmp 5008: echo request seq 1 16:05:02.288989 IP 192.168.0.21 > 192.168.0.20: icmp 5008: echo request seq 0 16:05:02.289856 IP 192.168.0.20 > 192.168.0.21: icmp 5008: echo reply seq 0 16:05:03.296481 IP 192.168.0.21 > 192.168.0.20: icmp 5008: echo request seq 1 16:05:03.297282 IP 192.168.0.20 > 192.168.0.21: icmp 5008: echo reply seq 1 So, as you can see, it's broken... with my patch, ip properly fragments the packets to machines with smaller mtu... > > I now have a patch to ip_output that makes it obay the MTU set on the > > route instead of that of the interface. > > Your patch corrects a problem in ip_output where a smaller MTU on an > rtentry was ignored but that is only for the non-TCP cases. When you > open a TCP session the MTU will be honored (see tcp_subr.c:tcp_maxmtu). > If not it would be a bug. > > Could you try your large MTU setup again using the procedure I desribed > above? > > That should solve your immediate problem. Nope, it doesn't... > For the general 'bug' in ip_output that it doesn't honour a smaller MTU > on a route I'd like to do a more throughout fix. Routes should be > created with MTU 0 if the MTU is not different from the if_mtu. Only > in those cases where you want to have a lower MTU you set it. For cloned > routes the MTU would be cloned from the parent. This range of changes is > more intrusive. On top of that comes the new ARP code which will have a > MTU field as well. This one is supposed to store different MTUs for mixed > MTU L2 networks. How to transport the MTU information is a separate > discussion. > > If the fix above works for you I'd like to do the real fix later (< end > of year) and not change the current behaviour in ip_output at the moment. It wouldn't be hard to add to my patch the check to see if the route's mtu is 0 and just use the if mtu... which then solves the ip part of your more complete fix... Then when you finally fix the route/arp stuff nothing else should be necessary... Sound good? -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."