From owner-freebsd-net@FreeBSD.ORG Sun Oct 10 06:59:29 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D32216A4CE for ; Sun, 10 Oct 2004 06:59:29 +0000 (GMT) Received: from bspu.ab.ru (bspu.ab.ru [212.94.100.242]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D95143D41 for ; Sun, 10 Oct 2004 06:59:23 +0000 (GMT) (envelope-from swp@uni-altai.ru) Received: from bspu.secna.ru (root@bspu.secna.ru [212.192.2.193]) by bspu.ab.ru (8.13.1/8.13.1) with ESMTP id i9A6uoXG076854 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Sun, 10 Oct 2004 13:56:51 +0700 (NOVST) (envelope-from swp@uni-altai.ru) Received: from swp.bspu.secna.ru (swp.bspu.secna.ru [212.192.2.73]) by bspu.secna.ru (8.12.11/8.12.11) with ESMTP id i9A6vs6i071609 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Sun, 10 Oct 2004 13:57:54 +0700 (NOVST) (envelope-from swp@swp.bspu.secna.ru) Received: from swp.bspu.secna.ru (localhost [127.0.0.1]) by swp.bspu.secna.ru (8.13.1/8.13.1) with ESMTP id i9A6xAYa008336 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 10 Oct 2004 13:59:10 +0700 (OMSST) (envelope-from swp@swp.bspu.secna.ru) Received: (from root@localhost) by swp.bspu.secna.ru (8.13.1/8.13.1/Submit) id i9A6x98X008335 for freebsd-net@freebsd.org; Sun, 10 Oct 2004 13:59:09 +0700 (OMSST) (envelope-from swp) Date: Sun, 10 Oct 2004 13:59:09 +0700 From: swp@swp.pp.ru To: freebsd-net@freebsd.org Message-ID: <20041010065909.GA8177@swp.bspu.secna.ru> Mail-Followup-To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.6i Subject: why required root privileges to set multicast options now? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: swp@swp.pp.ru List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Oct 2004 06:59:29 -0000 helo. FreeBSD 5.3-BETA7 Sun Oct 10 18:50:14 OMSST 2004 ospfd (net/quagga from ports) run with credentials of quagga:quagga and unable to set multicast options now. OSPF: can't setsockopt IP_ADD_MEMBERSHIP (AllSPFRouters): \ Operation not permitted OSPF: can't setsockopt IP_MULTICAST_LOOP(0): Operation not permitted OSPF: can't setsockopt IP_MULTICAST_TTL(1): Operation not permitted OSPF: can't setsockopt IP_MULTICAST_IF: Operation not permitted 5.2-CURRENT and 5.2.1 have no problem. /swp From owner-freebsd-net@FreeBSD.ORG Sun Oct 10 10:44:29 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 89F7816A4CE for ; Sun, 10 Oct 2004 10:44:29 +0000 (GMT) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id B8ECA43D2F for ; Sun, 10 Oct 2004 10:44:28 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id i9AAiQv9012020 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 10 Oct 2004 14:44:27 +0400 (MSD) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id i9AAiGGO012019; Sun, 10 Oct 2004 14:44:16 +0400 (MSD) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Sun, 10 Oct 2004 14:44:16 +0400 From: Gleb Smirnoff To: swp@swp.pp.ru Message-ID: <20041010104416.GA11865@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , swp@swp.pp.ru, freebsd-net@freebsd.org References: <20041010065909.GA8177@swp.bspu.secna.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20041010065909.GA8177@swp.bspu.secna.ru> User-Agent: Mutt/1.5.6i cc: freebsd-net@freebsd.org Subject: Re: why required root privileges to set multicast options now? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Oct 2004 10:44:29 -0000 On Sun, Oct 10, 2004 at 01:59:09PM +0700, swp@swp.pp.ru wrote: s> FreeBSD 5.3-BETA7 Sun Oct 10 18:50:14 OMSST 2004 s> s> ospfd (net/quagga from ports) run with credentials of quagga:quagga s> and unable to set multicast options now. s> s> OSPF: can't setsockopt IP_ADD_MEMBERSHIP (AllSPFRouters): \ s> Operation not permitted s> OSPF: can't setsockopt IP_MULTICAST_LOOP(0): Operation not permitted s> OSPF: can't setsockopt IP_MULTICAST_TTL(1): Operation not permitted s> OSPF: can't setsockopt IP_MULTICAST_IF: Operation not permitted s> s> 5.2-CURRENT and 5.2.1 have no problem. This is a known problem being investigated. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Sun Oct 10 14:29:46 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 191D616A4CE for ; Sun, 10 Oct 2004 14:29:46 +0000 (GMT) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2364443D54 for ; Sun, 10 Oct 2004 14:29:45 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id i9AETg2v013070 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 10 Oct 2004 18:29:43 +0400 (MSD) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id i9AETgLj013069 for net@freebsd.org; Sun, 10 Oct 2004 18:29:42 +0400 (MSD) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Sun, 10 Oct 2004 18:29:42 +0400 From: Gleb Smirnoff To: net@freebsd.org Message-ID: <20041010142942.GA13032@cell.sick.ru> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="YZ5djTAD1cGYuMQK" Content-Disposition: inline User-Agent: Mutt/1.5.6i Subject: [REVIEW/TEST] netgraph node to wrap interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Oct 2004 14:29:46 -0000 --YZ5djTAD1cGYuMQK Content-Type: text/plain; charset=koi8-r Content-Disposition: inline This node is just a proof of concept. At this moment a small number of interfaces is supported. Supported interfaces are those, who have if_input method defined (all have if_output method defined, AFAIK). Hook semantics are very similar to ng_ether. You have "upper" and "lower" hooks. In most setups mbufs coming from upper should later be sent on lower, and vice versa. However, you can modify them or just read in a netgraph chain. Sample usage is: /usr/sbin/ngctl -f- <<-SEQ mkpeer ifwrap qq upper name .:qq wrap_fxp0 disconnect .:qq msg wrap_fxp0: attach "fxp0" SEQ # race? sleep 1 /usr/sbin/ngctl -f- <<-SEQ mkpeer wrap_fxp0: tee upper right connect wrap_fxp0: wrap_fxp0:upper lower left SEQ -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE --YZ5djTAD1cGYuMQK Content-Type: text/plain; charset=koi8-r Content-Disposition: attachment; filename="ng_ifwrap.c" /*- * Copyright (c) 2004 Gleb Smirnoff * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #if 1 #define DFUNC(msg) printf("ifwrap: %s: %s\n", __func__, msg); #define DLINE(msg) printf("ifwrap: -%d-: %s", __LINE__, msg ); #else #define DFUNC(msg) #define DLINE(msg) #endif #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define ERROUT(x) do { error = (x); goto done; } while (0) /* Netgraph methods */ static ng_constructor_t ng_ifwrap_constructor; static ng_rcvmsg_t ng_ifwrap_rcvmsg; static ng_shutdown_t ng_ifwrap_shutdown; static ng_newhook_t ng_ifwrap_newhook; static ng_rcvdata_t ng_ifwrap_rcvdata; static ng_disconnect_t ng_ifwrap_disconnect; /* New routines for interface */ static int ng_ifwrap_output(struct ifnet *, struct mbuf *, struct sockaddr *, struct rtentry *); static void ng_ifwrap_input(struct ifnet *, struct mbuf *); /* * Our internal tag to store next hop and rtentry. It is declared * here, since noone except of this node should take care of it. */ MALLOC_DEFINE(M_IFWRAP_TAGS, "ng_ifwrap tags", "packet-attached information"); struct ifwrap_tag { struct m_tag mt; struct rtentry *rt; struct sockaddr sa; }; /* Methods for our tags */ static struct ifwrap_tag * ifwrap_tag_alloc(void); static void ifwrap_tag_free(struct m_tag *); /* List of commands and how to convert arguments to/from ASCII */ static const struct ng_cmdlist ng_ifwrap_cmdlist[] = { { NGM_IFWRAP_COOKIE, NGM_IFWRAP_ATTACH, "attach", &ng_parse_string_type, NULL }, { 0 } }; /* Netgraph node type descriptor */ static struct ng_type ng_ifwrap_typestruct = { .version = NG_ABI_VERSION, .name = NG_IFWRAP_NODE_TYPE, .constructor = ng_ifwrap_constructor, .rcvmsg = ng_ifwrap_rcvmsg, .shutdown = ng_ifwrap_shutdown, .newhook = ng_ifwrap_newhook, .rcvdata = ng_ifwrap_rcvdata, .disconnect = ng_ifwrap_disconnect, .cmdlist = ng_ifwrap_cmdlist, }; NETGRAPH_INIT(ifwrap, &ng_ifwrap_typestruct); /* Information we store for each node */ struct ng_ifwrap_priv { struct ifnet *ifp; /* pointer to our ifnet */ node_p node; /* back pointer to node */ hook_p upper; /* hook for input */ hook_p lower; /* hook for output */ /* Pointers to original routines */ int (*if_output) (struct ifnet *, struct mbuf *, struct sockaddr *, struct rtentry *); void (*if_input) (struct ifnet *, struct mbuf *); }; typedef struct ng_ifwrap_priv *priv_p; /* This is where we store pointer from iface to node private date. This * makes us incompatible with ng_fec(4). */ #define IFP2NG(ifp) (priv_p )(ifp->if_afdata[AF_NETGRAPH]) #define IFP2NG_SET(ifp, val) ifp->if_afdata[AF_NETGRAPH] = (val); /****************************************************************************** * Netgraph methods ******************************************************************************/ static int ng_ifwrap_constructor(node_p node) { priv_p priv; MALLOC(priv, priv_p, sizeof(*priv), M_NETGRAPH, M_NOWAIT | M_ZERO); if (priv == NULL) return (ENOMEM); NG_NODE_SET_PRIVATE(node, priv); priv->node = node; return (0); } /* * Hooks are almost the same as ng_ether's, and so is this callback. */ static int ng_ifwrap_newhook(node_p node, hook_p hook, const char *name) { const priv_p priv = NG_NODE_PRIVATE(node); hook_p *hookptr; if (strcmp(name, NG_IFWRAP_HOOK_UPPER) == 0) hookptr = &priv->upper; else if (strcmp(name, NG_IFWRAP_HOOK_LOWER) == 0) hookptr = &priv->lower; else return (EINVAL); /* Check if already connected */ if (*hookptr != NULL) return (EISCONN); *hookptr = hook; return (0); } static int ng_ifwrap_rcvmsg(node_p node, item_p item, hook_p lasthook) { const priv_p priv = NG_NODE_PRIVATE(node); struct ng_mesg *msg, *resp = NULL; int error = 0; NGI_GET_MSG(item, msg); switch (msg->header.typecookie) { case NGM_IFWRAP_COOKIE: switch (msg->header.cmd) { case NGM_IFWRAP_ATTACH: /* Check if we are already initialized */ if (priv->ifp != NULL) ERROUT(EISCONN); if (msg->header.arglen == 0) ERROUT(EINVAL); if ((priv->ifp = ifunit((char *)msg->data)) == NULL) ERROUT(ENOENT); /* * Not all interfaces have both input and output * method. Those are not supported. */ if (priv->ifp->if_input == NULL || priv->ifp->if_output == NULL) ERROUT(ENOTSUP); /* * XXX: There is no mutex to lock struct ifnet yet, * so we will hold afdata_mtx for the whole surgery * procedure. This will not stop races, since other * struct-ifnet-surgeons does not do it same way. */ IF_AFDATA_LOCK(priv->ifp); /* Check if someone already have grabbed AF_NETGRAPH */ if(IFP2NG(priv->ifp) != NULL) { IF_AFDATA_UNLOCK(priv->ifp); priv->ifp = NULL; ERROUT(EISCONN); } IFP2NG_SET(priv->ifp, priv); priv->if_input = priv->ifp->if_input; priv->ifp->if_input = ng_ifwrap_input; priv->if_output = priv->ifp->if_output; priv->ifp->if_output = ng_ifwrap_output; IF_AFDATA_UNLOCK(priv->ifp); break; default: error = EINVAL; break; } break; default: error = EINVAL; break; } done: NG_RESPOND_MSG(error, node, item, resp); NG_FREE_MSG(msg); return(error); } static int ng_ifwrap_rcvdata(hook_p hook, item_p item ) { const priv_p priv = NG_NODE_PRIVATE(NG_HOOK_NODE(hook)); struct mbuf *m; int error = 0; NGI_GET_M(item, m); NG_FREE_ITEM(item); /* Check if we have attached interface */ if (priv->ifp == NULL) { NG_FREE_M(m); return (ENOTCONN); } if (hook == priv->upper) { (priv->if_input)(priv->ifp, m); return (0); } else if (hook == priv->lower) { struct ifwrap_tag *tag; struct sockaddr *dst; tag = (struct ifwrap_tag *)m_tag_locate(m, NGM_IFWRAP_COOKIE, NG_IFWRAP_TAG_OUTPUT, NULL); if (tag == NULL) { DFUNC("no tag in input packet"); NG_FREE_M(m); return (EDESTADDRREQ); } dst = &tag->sa; error = (priv->if_output)(priv->ifp, m, dst, tag->rt); return (error); } else panic("ng_ifwrap: unknown hook"); /* not reach */ return (0); } static int ng_ifwrap_shutdown(node_p node) { const priv_p priv = NG_NODE_PRIVATE(node); if (priv->ifp != NULL) { IF_AFDATA_LOCK(priv->ifp); IFP2NG_SET(priv->ifp, NULL); /* Restore old methods */ priv->ifp->if_input = priv->if_input; priv->ifp->if_output = priv->if_output; IF_AFDATA_UNLOCK(priv->ifp); } NG_NODE_UNREF(node); FREE(priv, M_NETGRAPH); return (0); } static int ng_ifwrap_disconnect(hook_p hook) { const priv_p priv = NG_NODE_PRIVATE(NG_HOOK_NODE(hook)); if (hook == priv->lower) priv->lower = NULL; if (hook == priv->upper) priv->upper = NULL; return (0); } static int ng_ifwrap_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, struct rtentry *rt) { const priv_p priv = IFP2NG(ifp); struct ifwrap_tag *tag; int error = 0; DFUNC("in"); if (priv->upper == NULL) return (priv->if_output)(ifp, m, dst, rt); /* Save rt and dst */ if ((tag = ifwrap_tag_alloc()) == NULL) { m_freem(m); return (ENOMEM); } bcopy(dst, &tag->sa, dst->sa_len); /* do not allow ip_output() to free our rt */ if (rt != NULL) { RT_LOCK(rt); RT_ADDREF(rt); RT_UNLOCK(rt); tag->rt = rt; } else tag->rt = NULL; m_tag_prepend(m, &tag->mt); NG_SEND_DATA_ONLY(error, priv->upper, m); return (error); } static void ng_ifwrap_input(struct ifnet *ifp, struct mbuf *m) { const priv_p priv = IFP2NG(ifp); int error; DFUNC("in"); if (priv->lower == NULL) return (priv->if_input)(ifp, m); NG_SEND_DATA_ONLY(error, priv->lower, m); return; } /****************************************************************************** * Helper functions ******************************************************************************/ static struct ifwrap_tag * ifwrap_tag_alloc() { struct ifwrap_tag *tag; DFUNC("in"); /* XXX: cut'n'paste from uipc_mbuf2.c:m_tag_alloc() */ MBUF_CHECKSLEEP(M_NOWAIT); MALLOC(tag, struct ifwrap_tag *, sizeof(struct ifwrap_tag), M_IFWRAP_TAGS, M_NOWAIT); if (tag == NULL) return (NULL); m_tag_setup((struct m_tag *)tag, NGM_IFWRAP_COOKIE, NG_IFWRAP_TAG_OUTPUT, (sizeof(struct ifwrap_tag) - sizeof(struct m_tag))); tag->mt.m_tag_free = ifwrap_tag_free; return (tag); } static void ifwrap_tag_free(struct m_tag *mt) { struct ifwrap_tag *tag = (struct ifwrap_tag *)mt; DFUNC("in"); if (tag->rt != NULL) RTFREE(tag->rt); free(tag, M_IFWRAP_TAGS); } --YZ5djTAD1cGYuMQK Content-Type: text/plain; charset=koi8-r Content-Disposition: attachment; filename="ng_ifwrap.h" /*- * Copyright (c) 2004 Gleb Smirnoff * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHIFWRAP IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef _NETGRAPH_NG_IFWRAP_H_ #define _NETGRAPH_NG_IFWRAP_H_ #define NG_IFWRAP_NODE_TYPE "ifwrap" #define NGM_IFWRAP_COOKIE 1094849975 /* Hook names, just like in ng_ether */ #define NG_IFWRAP_HOOK_LOWER "lower" /* -> input */ #define NG_IFWRAP_HOOK_UPPER "upper" /* -> output */ /* Tags */ enum { NG_IFWRAP_TAG_OUTPUT, /* stores parameters of if_output() */ }; /* Netgraph commands */ enum { NGM_IFWRAP_ATTACH, /* attach to interface */ }; #endif /* _NETGRAPH_NG_IFWRAP_H_ */ --YZ5djTAD1cGYuMQK-- From owner-freebsd-net@FreeBSD.ORG Sun Oct 10 15:11:39 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A034416A4CE; Sun, 10 Oct 2004 15:11:39 +0000 (GMT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4431A43D2F; Sun, 10 Oct 2004 15:11:39 +0000 (GMT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.13.1/8.13.1) with ESMTP id i9AFA8JI026884; Sun, 10 Oct 2004 11:10:08 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)i9AF9wIg026875; Sun, 10 Oct 2004 11:10:08 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Sun, 10 Oct 2004 11:09:58 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: swp@swp.pp.ru In-Reply-To: <20041010065909.GA8177@swp.bspu.secna.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org cc: csjp@freebsd.org Subject: Re: why required root privileges to set multicast options now? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Oct 2004 15:11:39 -0000 On Sun, 10 Oct 2004 swp@swp.pp.ru wrote: > FreeBSD 5.3-BETA7 Sun Oct 10 18:50:14 OMSST 2004 > > ospfd (net/quagga from ports) run with credentials of quagga:quagga and > unable to set multicast options now. > > OSPF: can't setsockopt IP_ADD_MEMBERSHIP (AllSPFRouters): \ > Operation not permitted > OSPF: can't setsockopt IP_MULTICAST_LOOP(0): Operation not permitted > OSPF: can't setsockopt IP_MULTICAST_TTL(1): Operation not permitted > OSPF: can't setsockopt IP_MULTICAST_IF: Operation not permitted > > 5.2-CURRENT and 5.2.1 have no problem. This appears to have been introduced as a result of changes to permit root to bind raw sockets in jail. In particular, the likely control flow path to get the above errors was to perform setsockopt() on a UDP socket, which probaly works its way down to in_control() to ip_ctloutput(). This would also explain why sdr stopped working for me a little while ago (I figured it was a bad package build). I've CC'd Christian as he might have some insight into how to clean this up. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research From owner-freebsd-net@FreeBSD.ORG Mon Oct 11 01:09:15 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 604F516A4CE for ; Mon, 11 Oct 2004 01:09:15 +0000 (GMT) Received: from mail.unixserve.net (ppp488.av.centurytel.net [64.91.1.135]) by mx1.FreeBSD.org (Postfix) with SMTP id 3D9E043D45 for ; Mon, 11 Oct 2004 01:09:13 +0000 (GMT) (envelope-from wilson@unixserve.net) Received: (qmail 7171 invoked from network); 10 Oct 2004 23:51:39 -0000 Received: from unknown (HELO unixserve.net) (192.168.1.10) by 192.168.1.10 with SMTP; 10 Oct 2004 23:51:39 -0000 Message-ID: <4169CB0A.4030409@unixserve.net> Date: Sun, 10 Oct 2004 18:51:38 -0500 From: Wilson Hernandez User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040816 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: wilson@unixserve.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Oct 2004 01:09:15 -0000 Hello, I'am having a problem with a FreeBSD 4.8 setting up a router that I'am trying to build I have a couple netBSD router that work fine with no errors. This error I have not seen yet.. I'am trying to get my modem to work with kernel-ppp these are the entire errors I'am getting: This is the modem device: sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 sio0: type 16550A sio1 at port 0x2f8-0x2ff irq 3 on isa0 sio1: type 16550A ( Which would be I guess " /dev/cuaa0 " or " /dev/cuaa1 " cuaa0 =COM1 cuaa1 =COM2 which would be sio0 = COM1 and sio1 = COM2 now this happens both on PCI and ISA I figured with ISA it would be different.. ) router# /etc/ppp/pppserv ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address ?Connection on /dev/cuaa0 is not open. ?Connection on /dev/cuaa0 is not open. ?Connection on /dev/cuaa0 is not open. ?Connection on /dev/cuaa0 is not open. ?Connection on /dev/cuaa0 is not open. ?Connection on /dev/cuaa0 is not open. From /var/log/messages router# tail /var/log/messages Mar 11 09:16:44 router pppd[1176]: Connection terminated, connected for 1 minutes Mar 11 09:16:46 router pppd[1219]: pppd 2.3.5 started by wilson, uid 0 Mar 11 09:16:46 router pppd[1219]: Connect: ppp0 <--> /dev/cuaa1 Mar 11 09:17:16 router pppd[1219]: LCP: timeout sending Config-Requests Mar 11 09:20:39 router pppd[1374]: pppd 2.3.5 started by wilson, uid 0 Mar 11 09:21:25 router pppd[1374]: Connect script failed Mar 11 09:22:20 router pppd[1480]: pppd 2.3.5 started by wilson, uid 0 Mar 11 09:30:40 router pppd[1219]: Connection terminated, connected for 13 minutes Mar 11 09:30:40 router pppd[1480]: tcsetattr: Interrupted system call Mar 11 09:30:44 router pppd[1923]: pppd 2.3.5 started by wilson, uid 0 I would like to fix this " ioctl " error so I can finish the rest of the configurations on this router. And would much more perfer a PCI modem to put on there.. Instead of a ISA is why fixing both ISA would lead me to fixing PCI modem. Another question is how fast can I up a modems speed ? Thank you. Wilson. From owner-freebsd-net@FreeBSD.ORG Mon Oct 11 10:30:37 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1E4F616A4CE for ; Mon, 11 Oct 2004 10:30:37 +0000 (GMT) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4866543D1F for ; Mon, 11 Oct 2004 10:30:36 +0000 (GMT) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id i9BAUTLP019022 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 11 Oct 2004 14:30:29 +0400 (MSD) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id i9BAUSL2019021; Mon, 11 Oct 2004 14:30:28 +0400 (MSD) (envelope-from glebius@cell.sick.ru) Date: Mon, 11 Oct 2004 14:30:28 +0400 From: Gleb Smirnoff To: marks@ripe.net, Julian Elischer Message-ID: <20041011103028.GA18981@cell.sick.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline X-NCC-RegId: ru.bestcom User-Agent: Mutt/1.5.6i cc: net@freebsd.org Subject: new ng_device X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Oct 2004 10:30:37 -0000 Here is a major rewrite of ng_device. The main differencies with current one are: - one dev per node - locking - read queue implemented using struct ifqueue, thus reducing number of reads/writes to temporary buffers. A more detailed list of differencies is attached. A test program also attached. P.S. Yet another crazy netgraph idea: ng_iface + ng_device is a substitute for tun(4). I should write a patch for ppp(8) to work with ng_iface. :) -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Mon Oct 11 10:38:41 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3EF6116A4CE for ; Mon, 11 Oct 2004 10:38:41 +0000 (GMT) Received: from istanbul.enderunix.org (freefall.marmara.edu.tr [193.140.143.23]) by mx1.FreeBSD.org (Postfix) with SMTP id DBBC843D31 for ; Mon, 11 Oct 2004 10:38:39 +0000 (GMT) (envelope-from ofsen@enderunix.org) Received: (qmail 9140 invoked by uid 89); 11 Oct 2004 10:38:47 -0000 Message-ID: <20041011103847.9135.qmail@istanbul.enderunix.org> From: Omer Faruk Sen To: freebsd-net@freebsd.org Date: Mon, 11 Oct 2004 13:38:47 +0300 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-9" Content-Transfer-Encoding: 7bit Subject: time X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Oct 2004 10:38:41 -0000 According to the very old article stated http://www.totse.com/en/technology/computer_technology/162444.html there is no way to tune time_wait timeout in FreeBSD. But since it is very old article my question is this: Is there a way to change the time_wait timeout value in FreeBSD? ----------------------- Omer Faruk Sen http://www.EnderUNIX.ORG Software Development Team @ Turkey http://www.Faruk.NET For Public key: http://www.enderunix.org/ofsen/ofsen.asc ******************************************************** First Turkish FreeBSD book is out! Go check it. Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti. http://www.acikkod.com/freebsd.php From owner-freebsd-net@FreeBSD.ORG Mon Oct 11 11:02:02 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE14816A4CF for ; Mon, 11 Oct 2004 11:02:02 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id BFAAE43D46 for ; Mon, 11 Oct 2004 11:02:02 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i9BB22ZJ078704 for ; Mon, 11 Oct 2004 11:02:02 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i9BB22me078698 for freebsd-net@freebsd.org; Mon, 11 Oct 2004 11:02:02 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 11 Oct 2004 11:02:02 GMT Message-Id: <200410111102.i9BB22me078698@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Oct 2004 11:02:03 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2002/07/26] kern/41007 net overfull traffic on third and fourth adap o [2002/10/21] kern/44355 net After deletion of an IPv6 alias, the rout o [2003/10/14] kern/57985 net [patch] Missing splx in ether_output_fram 3 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2001/02/08] kern/24959 net proper TCP_NOPUSH/TCP_CORK compatibility o [2003/07/11] kern/54383 net [nfs] [patch] NFS root configurations wit 2 problems total. From owner-freebsd-net@FreeBSD.ORG Mon Oct 11 11:16:49 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 899C416A4CE for ; Mon, 11 Oct 2004 11:16:49 +0000 (GMT) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 38AF643D48 for ; Mon, 11 Oct 2004 11:16:48 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id i9BBGdro019372 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 11 Oct 2004 15:16:39 +0400 (MSD) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id i9BBGdX4019371; Mon, 11 Oct 2004 15:16:39 +0400 (MSD) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Mon, 11 Oct 2004 15:16:38 +0400 From: Gleb Smirnoff To: marks@ripe.net, Julian Elischer Message-ID: <20041011111638.GA19286@cell.sick.ru> References: <20041011103028.GA18981@cell.sick.ru> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="OgqxwSJOaUobr8KG" Content-Disposition: inline In-Reply-To: <20041011103028.GA18981@cell.sick.ru> User-Agent: Mutt/1.5.6i cc: net@freebsd.org Subject: Re: new ng_device X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Oct 2004 11:16:49 -0000 --OgqxwSJOaUobr8KG Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Same problem. The attachments. On Mon, Oct 11, 2004 at 02:30:28PM +0400, Gleb Smirnoff wrote: T> Here is a major rewrite of ng_device. The main T> differencies with current one are: T> T> - one dev per node T> - locking T> - read queue implemented using struct ifqueue, thus T> reducing number of reads/writes to temporary buffers. T> T> A more detailed list of differencies is attached. A test program T> also attached. T> T> P.S. Yet another crazy netgraph idea: ng_iface + ng_device is T> a substitute for tun(4). I should write a patch for ppp(8) T> to work with ng_iface. :) T> T> -- T> Totus tuus, Glebius. T> GLEBIUS-RIPN GLEB-RIPE T> _______________________________________________ T> freebsd-net@freebsd.org mailing list T> http://lists.freebsd.org/mailman/listinfo/freebsd-net T> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE --OgqxwSJOaUobr8KG Content-Type: text/plain; charset=koi8-r Content-Disposition: attachment; filename="ng_device.c" /* * Copyright (c) 2002 Mark Santcroos * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * Netgraph "device" node * * This node presents a /dev/ngd%d device that interfaces to an other * netgraph node. * * $FreeBSD: src/sys/netgraph/ng_device.c,v 1.11 2004/07/20 13:16:17 glebius Exp $ * */ #if 0 #define AAA printf("ng_device: %s\n", __func__ ); #else #define AAA #endif #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define ERROUT(x) do { error = (x); goto done; } while (0) /* Netgraph methods */ static ng_constructor_t ng_device_constructor; static ng_rcvmsg_t ng_device_rcvmsg; static ng_shutdown_t ng_device_shutdown; static ng_newhook_t ng_device_newhook; static ng_rcvdata_t ng_device_rcvdata; static ng_disconnect_t ng_device_disconnect; /* Netgraph type */ static struct ng_type ngd_typestruct = { .version = NG_ABI_VERSION, .name = NG_DEVICE_NODE_TYPE, .constructor = ng_device_constructor, .rcvmsg = ng_device_rcvmsg, .shutdown = ng_device_shutdown, .newhook = ng_device_newhook, .rcvdata = ng_device_rcvdata, .disconnect = ng_device_disconnect, }; NETGRAPH_INIT(device, &ngd_typestruct); /* per node data */ struct ngd_private { struct ifqueue readq; SLIST_ENTRY(ngd_private) links; struct ng_node *node; struct ng_hook *hook; struct cdev *ngddev; struct mtx ngd_mtx; int unit; uint16_t flags; #define NGDF_OPEN 0x0001 #define NGDF_RWAIT 0x0002 }; typedef struct ngd_private *priv_p; /* List of all active nodes and mutex to protect it */ static SLIST_HEAD(, ngd_private) ngd_nodes = SLIST_HEAD_INITIALIZER(ngd_nodes); static struct mtx ng_device_mtx; MTX_SYSINIT(ng_device, &ng_device_mtx, "ng_device", MTX_DEF); /* Maximum number of NGD devices */ #define MAX_NGD 25 /* should be more than enough for now */ static d_close_t ngdclose; static d_open_t ngdopen; static d_read_t ngdread; static d_write_t ngdwrite; #if 0 static d_ioctl_t ngdioctl; #endif static d_poll_t ngdpoll; static struct cdevsw ngd_cdevsw = { .d_version = D_VERSION, .d_open = ngdopen, .d_close = ngdclose, .d_read = ngdread, .d_write = ngdwrite, #if 0 .d_ioctl = ngdioctl, #endif .d_poll = ngdpoll, .d_name = NG_DEVICE_DEVNAME, }; /* Helper functions */ static int get_free_unit(void); /****************************************************************************** * Netgraph methods ******************************************************************************/ /* * create new node */ static int ng_device_constructor(node_p node) { priv_p priv; AAA MALLOC(priv, priv_p, sizeof(*priv), M_NETGRAPH, M_NOWAIT | M_ZERO); if (priv == NULL) return (ENOMEM); mtx_init(&priv->ngd_mtx, "ng_device", NULL, MTX_DEF); mtx_lock(&priv->ngd_mtx); mtx_lock(&ng_device_mtx); priv->unit = get_free_unit(); if(priv->unit < 0) { printf("%s: No free unit found by get_free_unit(), " "increase MAX_NGD\n",__func__); mtx_unlock(&ng_device_mtx); mtx_destroy(&priv->ngd_mtx); FREE(priv, M_NETGRAPH); return(EINVAL); } priv->ngddev = make_dev(&ngd_cdevsw, unit2minor(priv->unit), UID_ROOT, GID_WHEEL, 0600, NG_DEVICE_DEVNAME "%d", priv->unit); if(priv->ngddev == NULL) { printf("%s(): make_dev() failed\n",__func__); mtx_unlock(&ng_device_mtx); mtx_destroy(&priv->ngd_mtx); FREE(priv, M_NETGRAPH); return(EINVAL); } SLIST_INSERT_HEAD(&ngd_nodes, priv, links); mtx_unlock(&ng_device_mtx); mtx_init(&priv->readq.ifq_mtx, "ng_device queue", NULL, MTX_DEF); IFQ_SET_MAXLEN(&priv->readq, ifqmaxlen); /* Link everything together */ NG_NODE_SET_PRIVATE(node, priv); priv->node = node; priv->ngddev->si_drv1 = priv; mtx_unlock(&priv->ngd_mtx); return(0); } /* * Process control message. */ static int ng_device_rcvmsg(node_p node, item_p item, hook_p lasthook) { const priv_p priv = NG_NODE_PRIVATE(node); struct ng_mesg *msg; struct ng_mesg *resp = NULL; int error = 0; NGI_GET_MSG(item, msg); if (msg->header.typecookie == NGM_DEVICE_COOKIE) { switch (msg->header.cmd) { case NGM_DEVICE_GET_DEVNAME: /* XXX: Fix when NGD_MAX us bigger */ NG_MKRESPONSE(resp, msg, strlen(NG_DEVICE_DEVNAME) + 3, M_NOWAIT); if (resp == NULL) ERROUT(ENOMEM); strlcpy((char *)resp->data, priv->ngddev->si_name, strlen(priv->ngddev->si_name) + 1); break; default: error = EINVAL; break; } } else error = EINVAL; done: NG_RESPOND_MSG(error, node, item, resp); NG_FREE_MSG(msg); return (error); } /* * Accept incoming hook. We support only one hook per node. */ static int ng_device_newhook(node_p node, hook_p hook, const char *name) { priv_p priv = NG_NODE_PRIVATE(node); AAA /* We have only one hook per node */ if (priv->hook != NULL) return (EISCONN); priv->hook = hook; return(0); } /* * Receive data from hook, write it to device. */ static int ng_device_rcvdata(hook_p hook, item_p item) { priv_p priv = NG_NODE_PRIVATE(NG_HOOK_NODE(hook)); struct mbuf *m; AAA NGI_GET_M(item, m); NG_FREE_ITEM(item); IF_LOCK(&priv->readq); if (_IF_QFULL(&priv->readq)) { _IF_DROP(&priv->readq); IF_UNLOCK(&priv->readq); NG_FREE_M(m); return (ENOBUFS); } _IF_ENQUEUE(&priv->readq, m); IF_UNLOCK(&priv->readq); mtx_lock(&priv->ngd_mtx); if (priv->flags & NGDF_RWAIT) { priv->flags &= ~NGDF_RWAIT; wakeup(priv); } mtx_unlock(&priv->ngd_mtx); return(0); } /* * Removal of the hook destroys the node. */ static int ng_device_disconnect(hook_p hook) { priv_p priv = NG_NODE_PRIVATE(NG_HOOK_NODE(hook)); AAA destroy_dev(priv->ngddev); mtx_destroy(&priv->ngd_mtx); mtx_lock(&ng_device_mtx); SLIST_REMOVE(&ngd_nodes, priv, ngd_private, links); mtx_unlock(&ng_device_mtx); IF_DRAIN(&priv->readq); mtx_destroy(&(priv)->readq.ifq_mtx); FREE(priv, M_NETGRAPH); ng_rmnode_self(NG_HOOK_NODE(hook)); return(0); } /* * Node shutdown. Everything is already done in disconnect method. */ static int ng_device_shutdown(node_p node) { NG_NODE_UNREF(node); return (0); } /****************************************************************************** * Device methods ******************************************************************************/ /* * the device is opened */ static int ngdopen(struct cdev *dev, int flag, int mode, struct thread *td) { priv_p priv = (priv_p )dev->si_drv1; AAA mtx_lock(&priv->ngd_mtx); priv->flags |= NGDF_OPEN; mtx_unlock(&priv->ngd_mtx); return(0); } /* * the device is closed */ static int ngdclose(struct cdev *dev, int flag, int mode, struct thread *td) { priv_p priv = (priv_p )dev->si_drv1; AAA mtx_lock(&priv->ngd_mtx); priv->flags &= ~NGDF_OPEN; mtx_unlock(&priv->ngd_mtx); return(0); } #if 0 /* * The ioctl is transformed into netgraph control message. * We do not process them, yet. */ /* * process ioctl * * they are translated into netgraph messages and passed on * */ static int ngdioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag, struct thread *td) { struct ngd_softc *sc = &ngd_softc; struct ngd_connection * connection = NULL; struct ngd_connection * tmp; int error = 0; struct ng_mesg *msg; struct ngd_param_s * datap; AAA SLIST_FOREACH(tmp,&sc->head,links) { if(tmp->ngddev == dev) { connection = tmp; } } if(connection == NULL) { printf("%s(): connection is still NULL, no dev found\n",__func__); return(-1); } NG_MKMESSAGE(msg, NGM_DEVICE_COOKIE, cmd, sizeof(struct ngd_param_s), M_NOWAIT); if (msg == NULL) { printf("%s(): msg == NULL\n",__func__); goto nomsg; } /* pass the ioctl data into the ->data area */ datap = (struct ngd_param_s *)msg->data; datap->p = addr; NG_SEND_MSG_HOOK(error, sc->node, msg, connection->active_hook, 0); if(error) printf("%s(): NG_SEND_MSG_HOOK error: %d\n",__func__,error); nomsg: return(0); } #endif /* if 0 */ /* * This function is called when a read(2) is done to our device. * We process one mbuf from queue. */ static int ngdread(struct cdev *dev, struct uio *uio, int flag) { priv_p priv = (priv_p )dev->si_drv1; struct mbuf *m; int len, error = 0; AAA /* get an mbuf */ do { IF_DEQUEUE(&priv->readq, m); if (m == NULL) { if (flag & IO_NDELAY) return (EWOULDBLOCK); mtx_lock(&priv->ngd_mtx); priv->flags |= NGDF_RWAIT; mtx_unlock(&priv->ngd_mtx); if ((error = tsleep(priv, PCATCH | (PZERO + 1), "ngdread", 0)) != 0) return (error); } } while (m == NULL); while (m && uio->uio_resid > 0 && error == 0) { len = MIN(uio->uio_resid, m->m_len); if (len != 0) error = uiomove(mtod(m, void *), len, uio); m = m_free(m); } if (m) m_freem(m); return (error); } /* * This function is called when our device is written to. * We read the data from userland into mbuf chain and pass it to the remote hook. * */ static int ngdwrite(struct cdev *dev, struct uio *uio, int flag) { priv_p priv = (priv_p )dev->si_drv1; struct mbuf *top, *m, **mp; int mlen, len = uio->uio_resid; int error = 0; AAA if (uio->uio_resid == 0) return (0); if (uio->uio_resid < 0 || uio->uio_resid > IP_MAXPACKET) return (EIO); /* get a header mbuf */ MGETHDR(m, M_DONTWAIT, MT_DATA); if (m == NULL) return (ENOBUFS); mlen = MHLEN; top = NULL; mp = ⊤ while (error == 0 && uio->uio_resid > 0) { m->m_len = MIN(mlen, uio->uio_resid); error = uiomove(mtod(m, void *), m->m_len, uio); *mp = m; mp = &m->m_next; if (uio->uio_resid > 0) { MGET (m, M_DONTWAIT, MT_DATA); if (m == 0) { error = ENOBUFS; break; } mlen = MLEN; } } if (error) { if (top) m_freem(top); return (error); } top->m_pkthdr.len = len; NG_SEND_DATA_ONLY(error, priv->hook, top); return (error); } /* * we are being polled/selected * check if there is data available for read */ static int ngdpoll(struct cdev *dev, int events, struct thread *td) { priv_p priv = (priv_p )dev->si_drv1; int revents = 0; if (events & (POLLIN | POLLRDNORM) && !IFQ_IS_EMPTY(&priv->readq)) revents |= events & (POLLIN | POLLRDNORM); return (revents); } /****************************************************************************** * Helper subroutines ******************************************************************************/ static int get_free_unit() { struct ngd_private *priv = NULL; int n = 0; int unit = -1; AAA mtx_assert(&ng_device_mtx, MA_OWNED); /* When there is no list yet, the first device unit is always 0. */ if SLIST_EMPTY(&ngd_nodes) return(0); /* Just do a brute force loop to find the first free unit that is * smaller than MAX_NGD. * Set MAX_NGD to a large value, doesn't impact performance. */ for(n = 0; nunit == n) { unit = -1; break; } unit = n; } } return (unit); } --OgqxwSJOaUobr8KG Content-Type: text/plain; charset=koi8-r Content-Disposition: attachment; filename="ng_device.h" /* * Copyright (c) 2002 Mark Santcroos * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * * $FreeBSD: src/sys/netgraph/ng_device.h,v 1.3 2004/06/29 15:46:12 marks Exp $ * */ #ifndef _NETGRAPH_NG_DEVICE_H_ #define _NETGRAPH_NG_DEVICE_H_ /* Node type name and magic cookie */ #define NG_DEVICE_NODE_TYPE "device" #define NGM_DEVICE_COOKIE 1091129178 #define NG_DEVICE_DEVNAME "ngd" /* Netgraph control messages */ enum { NGM_DEVICE_GET_DEVNAME, }; #if 0 /* passing ioctl params */ struct ngd_param_s { void * p; }; #endif #endif /* _NETGRAPH_NG_DEVICE_H_ */ --OgqxwSJOaUobr8KG Content-Type: text/plain; charset=koi8-r Content-Disposition: attachment; filename="ng_device.log" List of functional changes: - Make a single device per single node with a single hook. This gives us parrallelizm, which can't be achieved on a single node with many devices/hooks. This also gives us flexibility - we can play with a particular device node, not affecting others. - Remove read queue as it is. Use struct ifqueue instead. This change removes a lot of extra memcpy()ing, m_devget()ting and m_copymem()ming. In ng_device_receivedata() we take enqueue an mbuf and wake readers. In ngdread() we take one mbuf from qeueue and uiomove() it to userspace. If no mbuf is present we optionally block. [1] - In ngdwrite() we create an mbuf chain ourselves, during uiomove() operation. This is faster then uiomove() into buffer, and then m_copydata(), and this is much better than huge m_pullup(). [1] - Perform locking of device - Perform locking of connection list. - Clear out _rcvmsg method, since it does nothing good yet. - Implement NGM_DEVICE_GET_DEVNAME message. - #if 0 ioctl method, while nothing is done here yet. - Return immediately from ngdwrite() if uio_resid == 0. List of tidyness changes: - Introduce device2priv(), to remove cut'n'paste. - Use MALLOC/FREE, instead of malloc/free. - Use unit2minor(). - Use UID_ROOT/GID_WHEEL instead of 0/0. - Define NGD_DEVICE_DEVNAME, use it. - Use more nice macros for debugging. [2] - Return Exxx, not -1. style(9): - No "#endif" after short block. - Break long lines. - Remove extra spaces, add needed spaces. [1] Obtained from: if_tun.c [2] Obtained from: ng_pppoe.c --OgqxwSJOaUobr8KG Content-Type: text/plain; charset=koi8-r Content-Disposition: attachment; filename=Makefile # $FreeBSD: src/sys/modules/netgraph/device/Makefile,v 1.1 2002/06/18 21:32:33 julian Exp $ KMOD= ng_device SRCS= ng_device.c SRCS+= device_if.h vnode_if.h .include --OgqxwSJOaUobr8KG-- From owner-freebsd-net@FreeBSD.ORG Mon Oct 11 17:31:44 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D4EC16A4CE; Mon, 11 Oct 2004 17:31:44 +0000 (GMT) Received: from pimout1-ext.prodigy.net (pimout1-ext.prodigy.net [207.115.63.77]) by mx1.FreeBSD.org (Postfix) with ESMTP id 017A943D54; Mon, 11 Oct 2004 17:31:44 +0000 (GMT) (envelope-from julian@elischer.org) Received: from elischer.org (adsl-67-124-50-20.dsl.snfc21.pacbell.net [67.124.50.20])i9BHVgWC372620; Mon, 11 Oct 2004 13:31:42 -0400 Message-ID: <416AC37D.5090201@elischer.org> Date: Mon, 11 Oct 2004 10:31:41 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4b) Gecko/20030524 X-Accept-Language: en, hu MIME-Version: 1.0 To: Gleb Smirnoff References: <20041011103028.GA18981@cell.sick.ru> <20041011111638.GA19286@cell.sick.ru> In-Reply-To: <20041011111638.GA19286@cell.sick.ru> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: net@freebsd.org Subject: Re: new ng_device X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Oct 2004 17:31:44 -0000 Gleb Smirnoff wrote: > Same problem. The attachments. One day you are going to remember to attach the attachments.. then we WILL be surprised :-) > > On Mon, Oct 11, 2004 at 02:30:28PM +0400, Gleb Smirnoff wrote: > T> Here is a major rewrite of ng_device. The main > T> differencies with current one are: > T> > T> - one dev per node From owner-freebsd-net@FreeBSD.ORG Mon Oct 11 18:10:31 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0CCC516A4CE for ; Mon, 11 Oct 2004 18:10:31 +0000 (GMT) Received: from mx2.nersc.gov (mx2.nersc.gov [128.55.6.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE4B843D39 for ; Mon, 11 Oct 2004 18:10:30 +0000 (GMT) (envelope-from dart@nersc.gov) Received: by mx2.nersc.gov (Postfix, from userid 4002) id 9DAEE7753; Mon, 11 Oct 2004 11:10:30 -0700 (PDT) Received: from mx2.nersc.gov (localhost [127.0.0.1]) by localhost.nersc.gov (Postfix) with ESMTP id 9570D776A; Mon, 11 Oct 2004 11:10:26 -0700 (PDT) Received: from gemini.nersc.gov (gemini.nersc.gov [128.55.16.111]) by mx2.nersc.gov (Postfix) with ESMTP id 4A7747753; Mon, 11 Oct 2004 11:10:26 -0700 (PDT) Received: from gemini.nersc.gov (localhost [127.0.0.1]) by gemini.nersc.gov (Postfix) with ESMTP id 35775F987; Mon, 11 Oct 2004 11:10:26 -0700 (PDT) X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4 To: Omer Faruk Sen In-Reply-To: Message from Omer Faruk Sen <20041011103847.9135.qmail@istanbul.enderunix.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_-1316104748P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Mon, 11 Oct 2004 11:10:26 -0700 From: Eli Dart Message-Id: <20041011181026.35775F987@gemini.nersc.gov> X-Spam-Level: X-Spam-Status: No, hits=-4.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.60 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on mx2.nersc.gov cc: freebsd-net@freebsd.org Subject: Re: time X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Oct 2004 18:10:31 -0000 --==_Exmh_-1316104748P Content-Type: text/plain; charset=us-ascii In reply to Omer Faruk Sen : > According to the very old article stated > http://www.totse.com/en/technology/computer_technology/162444.html there is > no way to tune time_wait timeout in FreeBSD. But since it is very old > article my question is this: > > Is there a way to change the time_wait timeout value in FreeBSD? sysctl -w net.inet.tcp.msl= The default is 30000 (30 seconds). --eli > > > > ----------------------- > Omer Faruk Sen > http://www.EnderUNIX.ORG > Software Development Team @ Turkey > http://www.Faruk.NET > For Public key: http://www.enderunix.org/ofsen/ofsen.asc > ******************************************************** > > > First Turkish FreeBSD book is out! Go check it. > Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti. > http://www.acikkod.com/freebsd.php > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > --==_Exmh_-1316104748P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) Comment: Exmh version 2.5 07/13/2001 iD8DBQFBasySLTFEeF+CsrMRAofLAKCdxrgLhBnkGo5rjUIbv/hjGdKeoQCgldXw H2P1oIXrqVwN5ofYRocyzRU= =KCBT -----END PGP SIGNATURE----- --==_Exmh_-1316104748P-- From owner-freebsd-net@FreeBSD.ORG Mon Oct 11 19:23:08 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F300016A4CE; Mon, 11 Oct 2004 19:23:07 +0000 (GMT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8874143D1F; Mon, 11 Oct 2004 19:23:07 +0000 (GMT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.13.1/8.13.1) with ESMTP id i9BJLYOg053652; Mon, 11 Oct 2004 15:21:34 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)i9BJLGQN053647; Mon, 11 Oct 2004 15:21:34 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Mon, 11 Oct 2004 15:21:16 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: swp@swp.pp.ru In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org cc: csjp@freebsd.org Subject: IP options broken for raw sockets on cred downgrade (was: Re: why required root privileges to set multicast options now?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Oct 2004 19:23:08 -0000 On Sun, 10 Oct 2004, Robert Watson wrote: > On Sun, 10 Oct 2004 swp@swp.pp.ru wrote: > > > FreeBSD 5.3-BETA7 Sun Oct 10 18:50:14 OMSST 2004 > > > > ospfd (net/quagga from ports) run with credentials of quagga:quagga and > > unable to set multicast options now. > > > > OSPF: can't setsockopt IP_ADD_MEMBERSHIP (AllSPFRouters): \ > > Operation not permitted > > OSPF: can't setsockopt IP_MULTICAST_LOOP(0): Operation not permitted > > OSPF: can't setsockopt IP_MULTICAST_TTL(1): Operation not permitted > > OSPF: can't setsockopt IP_MULTICAST_IF: Operation not permitted > > > > 5.2-CURRENT and 5.2.1 have no problem. > > This appears to have been introduced as a result of changes to permit > root to bind raw sockets in jail. In particular, the likely control > flow path to get the above errors was to perform setsockopt() on a UDP > socket, which probaly works its way down to in_control() to > ip_ctloutput(). This would also explain why sdr stopped working for me > a little while ago (I figured it was a bad package build). I've CC'd > Christian as he might have some insight into how to clean this up. The bug is now neatly illustrated by the ipsockopt regression test: 6.x: paprika# ./ipsockopt Running tests with ruid 0 euid 0 sock uid 0 Running tests with ruid 0 euid 65534 sock uid 65534 Running tests with ruid 0 euid 65534 sock uid 0 ipsockopt: test_ip_uchar(SOCK_RAW, IP_TOS): initial getsockopt(): Operation not permitted 5.x: Running tests with ruid 0 euid 0 sock uid 0 Running tests with ruid 0 euid 65534 sock uid 65534 Running tests with ruid 0 euid 65534 sock uid 0 PASS The socket option operation works fine except in the case where a raw socket was created as root, and then privilege was downgraded to the normal user, at which point the process tries a socket option operation (apparently of any sort, not just multicast). I'm surprised more things haven't broken, such as aspects of ping(8). Maybe they have and nobody has noticed :-). Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research From owner-freebsd-net@FreeBSD.ORG Mon Oct 11 20:33:32 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 76DE716A4CE; Mon, 11 Oct 2004 20:33:32 +0000 (GMT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id E00FE43D49; Mon, 11 Oct 2004 20:33:31 +0000 (GMT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.13.1/8.13.1) with ESMTP id i9BKVwRW054823; Mon, 11 Oct 2004 16:31:58 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)i9BKVwDQ054820; Mon, 11 Oct 2004 16:31:58 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Mon, 11 Oct 2004 16:31:57 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: swp@swp.pp.ru In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org cc: csjp@freebsd.org Subject: Re: IP options broken for raw sockets on cred downgrade (was: Re: why required root privileges to set multicast options now?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Oct 2004 20:33:32 -0000 On Mon, 11 Oct 2004, Robert Watson wrote: > > This appears to have been introduced as a result of changes to permit > > root to bind raw sockets in jail. In particular, the likely control > > flow path to get the above errors was to perform setsockopt() on a UDP > > socket, which probaly works its way down to in_control() to > > ip_ctloutput(). This would also explain why sdr stopped working for me > > a little while ago (I figured it was a bad package build). I've CC'd > > Christian as he might have some insight into how to clean this up. > > The bug is now neatly illustrated by the ipsockopt regression test: ... > The socket option operation works fine except in the case where a raw > socket was created as root, and then privilege was downgraded to the > normal user, at which point the process tries a socket option operation > (apparently of any sort, not just multicast). I'm surprised more things > haven't broken, such as aspects of ping(8). Maybe they have and nobody > has noticed :-). Could you try the attached patch? Thanks, Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research Index: raw_ip.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/raw_ip.c,v retrieving revision 1.144 diff -u -r1.144 raw_ip.c --- raw_ip.c 5 Sep 2004 02:34:12 -0000 1.144 +++ raw_ip.c 11 Oct 2004 20:08:25 -0000 @@ -326,15 +326,14 @@ /* * Raw IP socket option processing. * - * Note that access to all of the IP administrative functions here is - * implicitly protected by suser() as gaining access to a raw socket - * requires either that the thread pass a suser() check, or that it be - * passed a raw socket by another thread that has passed a suser() check. - * If FreeBSD moves to a more fine-grained access control mechanism, - * additional checks will need to be placed here if the raw IP attachment - * check is not equivilent the the check required for these - * administrative operations; in some cases, these checks are already - * present. + * NOTE: Regarding access control. Raw sockets may only be created by + * privileged processes; however, as a result of jailed processes and the + * ability for processes to downgrade privilege yet retain a reference to the + * raw socket. As such, explicit access control is required here, or when + * unimplemented requests are passed to ip_ctloutput(), are required there. + * + * When adding new socket options here, make sure to add access control if + * necessary. */ int rip_ctloutput(struct socket *so, struct sockopt *sopt) @@ -345,18 +344,7 @@ if (sopt->sopt_level != IPPROTO_IP) return (EINVAL); - /* - * Even though super-user is required to create a raw socket, the - * calling cred could be prison root. If so we want to restrict the - * access to IP_HDRINCL only. - */ - if (sopt->sopt_name != IP_HDRINCL) { - error = suser(curthread); - if (error != 0) - return (error); - } error = 0; - switch (sopt->sopt_dir) { case SOPT_GET: switch (sopt->sopt_name) { @@ -369,6 +357,9 @@ case IP_FW_GET: case IP_FW_TABLE_GETSIZE: case IP_FW_TABLE_LIST: + error = suser(curthread); + if (error != 0) + return (error); if (ip_fw_ctl_ptr != NULL) error = ip_fw_ctl_ptr(sopt); else @@ -376,6 +367,9 @@ break; case IP_DUMMYNET_GET: + error = suser(curthread); + if (error != 0) + return (error); if (ip_dn_ctl_ptr != NULL) error = ip_dn_ctl_ptr(sopt); else @@ -394,6 +388,9 @@ case MRT_API_CONFIG: case MRT_ADD_BW_UPCALL: case MRT_DEL_BW_UPCALL: + error = suser(curthread); + if (error != 0) + return (error); error = ip_mrouter_get ? ip_mrouter_get(so, sopt) : EOPNOTSUPP; break; @@ -425,6 +422,9 @@ case IP_FW_TABLE_ADD: case IP_FW_TABLE_DEL: case IP_FW_TABLE_FLUSH: + error = suser(curthread); + if (error != 0) + return (error); if (ip_fw_ctl_ptr != NULL) error = ip_fw_ctl_ptr(sopt); else @@ -434,6 +434,9 @@ case IP_DUMMYNET_CONFIGURE: case IP_DUMMYNET_DEL: case IP_DUMMYNET_FLUSH: + error = suser(curthread); + if (error != 0) + return (error); if (ip_dn_ctl_ptr != NULL) error = ip_dn_ctl_ptr(sopt); else @@ -441,15 +444,24 @@ break ; case IP_RSVP_ON: + error = suser(curthread); + if (error != 0) + return (error); error = ip_rsvp_init(so); break; case IP_RSVP_OFF: + error = suser(curthread); + if (error != 0) + return (error); error = ip_rsvp_done(); break; case IP_RSVP_VIF_ON: case IP_RSVP_VIF_OFF: + error = suser(curthread); + if (error != 0) + return (error); error = ip_rsvp_vif ? ip_rsvp_vif(so, sopt) : EINVAL; break; @@ -466,6 +478,9 @@ case MRT_API_CONFIG: case MRT_ADD_BW_UPCALL: case MRT_DEL_BW_UPCALL: + error = suser(curthread); + if (error != 0) + return (error); error = ip_mrouter_set ? ip_mrouter_set(so, sopt) : EOPNOTSUPP; break; From owner-freebsd-net@FreeBSD.ORG Tue Oct 12 01:38:32 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C4CFA16A4CE for ; Tue, 12 Oct 2004 01:38:32 +0000 (GMT) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 36DD143D1D for ; Tue, 12 Oct 2004 01:38:32 +0000 (GMT) (envelope-from silby@silby.com) Received: (qmail 66216 invoked from network); 12 Oct 2004 01:38:31 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 12 Oct 2004 01:38:31 -0000 X-pair-Authenticated: 209.68.2.70 Date: Mon, 11 Oct 2004 20:38:29 -0500 (CDT) From: Mike Silbersack To: Eli Dart In-Reply-To: <20041011181026.35775F987@gemini.nersc.gov> Message-ID: <20041011203609.N77693@odysseus.silby.com> References: <20041011181026.35775F987@gemini.nersc.gov> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-net@freebsd.org cc: Omer Faruk Sen Subject: Re: time X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Oct 2004 01:38:32 -0000 On Mon, 11 Oct 2004, Eli Dart wrote: > > In reply to Omer Faruk Sen : > >> According to the very old article stated >> http://www.totse.com/en/technology/computer_technology/162444.html there is >> no way to tune time_wait timeout in FreeBSD. But since it is very old >> article my question is this: >> >> Is there a way to change the time_wait timeout value in FreeBSD? > > sysctl -w net.inet.tcp.msl= > > The default is 30000 (30 seconds). > > --eli That may have other sideeffects, however. In FreeBSD 5.x, the TIME_WAIT timeout is not configurable, but time_wait sockets are stored in a seperate hash table. Also, they are now terminated prematurely when there is a shortage of ephemeral ports. As a result, time_wait sockets are no longer the problem they were in certain situations under 4.x. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Tue Oct 12 04:14:35 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3C4F516A4CE; Tue, 12 Oct 2004 04:14:35 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 307DD43D41; Tue, 12 Oct 2004 04:14:35 +0000 (GMT) (envelope-from csjp@freebsd.org) Received: from freefall.freebsd.org (csjp@localhost [127.0.0.1]) i9C4EZOw016901; Tue, 12 Oct 2004 04:14:35 GMT (envelope-from csjp@freebsd.org) Received: (from csjp@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i9C4EXBL016900; Tue, 12 Oct 2004 04:14:33 GMT (envelope-from csjp@freebsd.org) X-Authentication-Warning: freefall.freebsd.org: csjp set sender to csjp@freebsd.org using -f Date: Tue, 12 Oct 2004 04:14:33 +0000 From: "Christian S.J. Peron" To: Robert Watson Message-ID: <20041012041433.GA16734@freefall.freebsd.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i cc: freebsd-net@freebsd.org cc: swp@swp.pp.ru Subject: Re: IP options broken for raw sockets on cred downgrade (was: Re: why required root privileges to set multicast options now?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Oct 2004 04:14:35 -0000 First off, allow me to apologize for the delay, I have been away for Thanks giving weekend. This patch looks like it fixes most of the problems. I should have thought of this when I committed the credential checks, sorry about that! I am testing this patch right now, and I will report any success failures I experience. -- Christian S.J. Peron csjp@FreeBSD.ORG FreeBSD Committer From owner-freebsd-net@FreeBSD.ORG Tue Oct 12 04:28:27 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C16816A4CE for ; Tue, 12 Oct 2004 04:28:27 +0000 (GMT) Received: from mx1.nersc.gov (mx1.nersc.gov [128.55.6.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5271943D53 for ; Tue, 12 Oct 2004 04:28:27 +0000 (GMT) (envelope-from dart@nersc.gov) Received: by mx1.nersc.gov (Postfix, from userid 4002) id 19D0E1F387; Mon, 11 Oct 2004 21:28:27 -0700 (PDT) Received: from mx1.nersc.gov (localhost [127.0.0.1]) by localhost.nersc.gov (Postfix) with ESMTP id 3C63D1F391 for ; Mon, 11 Oct 2004 21:28:20 -0700 (PDT) Received: from gemini.nersc.gov (gemini.nersc.gov [128.55.16.111]) by mx1.nersc.gov (Postfix) with ESMTP id 093B31F387 for ; Mon, 11 Oct 2004 21:28:20 -0700 (PDT) Received: from gemini.nersc.gov (localhost [127.0.0.1]) by gemini.nersc.gov (Postfix) with ESMTP id E21C0F987 for ; Mon, 11 Oct 2004 21:28:19 -0700 (PDT) X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4 To: freebsd-net@freebsd.org In-Reply-To: Message from Mike Silbersack <20041011203609.N77693@odysseus.silby.com> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_-653316872P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Mon, 11 Oct 2004 21:28:19 -0700 From: Eli Dart Message-Id: <20041012042819.E21C0F987@gemini.nersc.gov> X-Spam-Level: X-Spam-Status: No, hits=-4.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.60 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on mx1.nersc.gov Subject: Re: time X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Oct 2004 04:28:27 -0000 --==_Exmh_-653316872P Content-Type: text/plain; charset=us-ascii In reply to Mike Silbersack : > > On Mon, 11 Oct 2004, Eli Dart wrote: > > > > >> Is there a way to change the time_wait timeout value in FreeBSD? > > > > sysctl -w net.inet.tcp.msl= > > > > The default is 30000 (30 seconds). > > > > --eli > > That may have other sideeffects, however. True enough. I don't think I've ever set it below 10000. > > In FreeBSD 5.x, the TIME_WAIT timeout is not configurable, but time_wait > sockets are stored in a seperate hash table. Also, they are now > terminated prematurely when there is a shortage of ephemeral ports. As a > result, time_wait sockets are no longer the problem they were in certain > situations under 4.x. Most excellent! There is one instance where this could be problematic, though. In the case where a network service needs to be restarted and cannot (for whatever reason) be restarted without closing and then re-opening its listening socket, if there is a socket in TIME_WAIT state the new service instance cannot bind to its port until the sockets from the previous instance have timed out. This doesn't happen all the time, and I've not got an example in front of me just now (so I may be munging details) but this is one of the reasons I typically drop the MSL down from its default. I got bit by this about 6 months ago, and the combination of dropping the MSL and a short sleep in the restart script fixed the problem... Of course, if the enhancements that come with 5.x have addressed this, then so much the better....(I could also be ignorant of an obvious fix, even under 4.x). --eli > > Mike "Silby" Silbersack > --==_Exmh_-653316872P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) Comment: Exmh version 2.5 07/13/2001 iD8DBQFBa11jLTFEeF+CsrMRAnstAJ43LoOii68kfoSCNG53raNqVZQTogCbBBNJ gCmqTewwviev90mgthCV5RI= =+EZL -----END PGP SIGNATURE----- --==_Exmh_-653316872P-- From owner-freebsd-net@FreeBSD.ORG Tue Oct 12 08:46:54 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C3CE16A4CE; Tue, 12 Oct 2004 08:46:54 +0000 (GMT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 39CFE43D4C; Tue, 12 Oct 2004 08:46:54 +0000 (GMT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.13.1/8.13.1) with ESMTP id i9C8jJbK063799; Tue, 12 Oct 2004 04:45:19 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)i9C8j8a6063796; Tue, 12 Oct 2004 04:45:08 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Tue, 12 Oct 2004 04:45:08 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: "Christian S.J. Peron" In-Reply-To: <20041012041433.GA16734@freefall.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org cc: swp@swp.pp.ru Subject: Re: IP options broken for raw sockets on cred downgrade (was: Re: why required root privileges to set multicast options now?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Oct 2004 08:46:54 -0000 On Tue, 12 Oct 2004, Christian S.J. Peron wrote: > First off, allow me to apologize for the delay, I have been away for > Thanks giving weekend. This patch looks like it fixes most of the > problems. I should have thought of this when I committed the credential > checks, sorry about that! > > I am testing this patch right now, and I will report any success > failures I experience. No problem on the delay, and thanks for testing. It appears to resolve the problem for me locally (for example, mtrace now works as non-root. My primary concern with the fix is making sure it doesn't introduce security holes -- i.e., I didn't miss any cases to put a suser() in front of, etc, or implications of passing it down to in_control() without further checks. As we discussed when starting the work to refine the raw socket protections, the implications of these changes can be very subtle but pretty significant, so requires a lot of thinking and testing :-). Thanks! Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research From owner-freebsd-net@FreeBSD.ORG Tue Oct 12 11:25:12 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2F4D316A4CE; Tue, 12 Oct 2004 11:25:12 +0000 (GMT) Received: from rosebud.otenet.gr (rosebud.otenet.gr [195.170.0.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3E89143D53; Tue, 12 Oct 2004 11:25:11 +0000 (GMT) (envelope-from keramida@freebsd.org) Received: from orion.daedalusnetworks.priv (host5.bedc.ondsl.gr [62.103.39.229])i9CBP41N013753; Tue, 12 Oct 2004 14:25:06 +0300 Received: from orion.daedalusnetworks.priv (orion [127.0.0.1]) i9CBP3nR034053; Tue, 12 Oct 2004 14:25:03 +0300 (EEST) (envelope-from keramida@freebsd.org) Received: (from keramida@localhost)i9CBP0hp034019; Tue, 12 Oct 2004 14:25:00 +0300 (EEST) (envelope-from keramida@freebsd.org) Date: Tue, 12 Oct 2004 14:25:00 +0300 From: Giorgos Keramidas To: Robert Watson Message-ID: <20041012112500.GA27309@orion.daedalusnetworks.priv> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: cc: freebsd-net@freebsd.org cc: csjp@freebsd.org cc: swp@swp.pp.ru Subject: Re: IP options broken for raw sockets on cred downgrade (was: Re: why required root privileges to set multicast options now?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Oct 2004 11:25:12 -0000 On 2004-10-11 16:31, Robert Watson wrote: > + * NOTE: Regarding access control. Raw sockets may only be created by > + * privileged processes; however, as a result of jailed processes and the > + * ability for processes to downgrade privilege yet retain a reference to the > + * raw socket. As such, explicit access control is required here, or when > + * unimplemented requests are passed to ip_ctloutput(), are required there. Can we rewrite this descriptive comment a bit? I can't really understand what is being said by reading the comment. Reading the diff of the source is easy, but we should try to make the comment more comprehensible too ;-) From owner-freebsd-net@FreeBSD.ORG Tue Oct 12 13:06:04 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C5BA16A4CE; Tue, 12 Oct 2004 13:06:04 +0000 (GMT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 235A943D41; Tue, 12 Oct 2004 13:06:04 +0000 (GMT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.13.1/8.13.1) with ESMTP id i9CD4SIJ067011; Tue, 12 Oct 2004 09:04:28 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)i9CD4IFG067006; Tue, 12 Oct 2004 09:04:18 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Tue, 12 Oct 2004 09:04:17 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Giorgos Keramidas In-Reply-To: <20041012112500.GA27309@orion.daedalusnetworks.priv> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org cc: csjp@freebsd.org cc: swp@swp.pp.ru Subject: Re: IP options broken for raw sockets on cred downgrade (was: Re: why required root privileges to set multicast options now?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Oct 2004 13:06:04 -0000 On Tue, 12 Oct 2004, Giorgos Keramidas wrote: > On 2004-10-11 16:31, Robert Watson wrote: > > + * NOTE: Regarding access control. Raw sockets may only be created by > > + * privileged processes; however, as a result of jailed processes and the > > + * ability for processes to downgrade privilege yet retain a reference to the > > + * raw socket. As such, explicit access control is required here, or when > > + * unimplemented requests are passed to ip_ctloutput(), are required there. > > Can we rewrite this descriptive comment a bit? I can't really > understand what is being said by reading the comment. Reading the diff > of the source is easy, but we should try to make the comment more > comprehensible too ;-) Maybe something like the following: * IMPORTANT NOTE regarding access control: Traditionally, raw sockets * could only be created by a privileged process, and as such, socket * option operations to manage system properties on any raw socket were * allowed to take place without explicit additional access control * checks. However, raw sockets can now also be created in jail(), and * therefore explicit checks are now required. Likewise, raw sockets can * be used by a process after it gives up privilege, so some caution is * required. For options passed down to the IP layer via ip_ctloutput(), * checks are assumed to be performed in ip_ctloutput() and therefore no * check occurs here. Unilaterally checking suser() here breaks normal IP * socket option operations on raw sockets. * * When adding new socket options here, make sure to add access control * checks here as necessary. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research From owner-freebsd-net@FreeBSD.ORG Tue Oct 12 13:11:54 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 06DBE16A4CE; Tue, 12 Oct 2004 13:11:54 +0000 (GMT) Received: from kane.otenet.gr (kane.otenet.gr [195.170.0.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3414043D1D; Tue, 12 Oct 2004 13:11:53 +0000 (GMT) (envelope-from keramida@freebsd.org) Received: from orion.daedalusnetworks.priv (host5.bedc.ondsl.gr [62.103.39.229])i9CDBIiA023307; Tue, 12 Oct 2004 16:11:31 +0300 Received: from orion.daedalusnetworks.priv (orion [127.0.0.1]) i9CDBCtM054693; Tue, 12 Oct 2004 16:11:12 +0300 (EEST) (envelope-from keramida@freebsd.org) Received: (from keramida@localhost)i9CDBCk1054692; Tue, 12 Oct 2004 16:11:12 +0300 (EEST) (envelope-from keramida@freebsd.org) Date: Tue, 12 Oct 2004 16:11:12 +0300 From: Giorgos Keramidas To: Robert Watson Message-ID: <20041012131112.GA54651@orion.daedalusnetworks.priv> References: <20041012112500.GA27309@orion.daedalusnetworks.priv> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: cc: freebsd-net@freebsd.org cc: csjp@freebsd.org cc: swp@swp.pp.ru Subject: Re: IP options broken for raw sockets on cred downgrade (was: Re: why required root privileges to set multicast options now?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Oct 2004 13:11:54 -0000 On 2004-10-12 09:04, Robert Watson wrote: > On Tue, 12 Oct 2004, Giorgos Keramidas wrote: > > On 2004-10-11 16:31, Robert Watson wrote: > > > + * NOTE: Regarding access control. Raw sockets may only be created by > > > + * privileged processes; however, as a result of jailed processes and the > > > + * ability for processes to downgrade privilege yet retain a reference to the > > > + * raw socket. As such, explicit access control is required here, or when > > > + * unimplemented requests are passed to ip_ctloutput(), are required there. > > > > Can we rewrite this descriptive comment a bit? I can't really > > understand what is being said by reading the comment. Reading the diff > > of the source is easy, but we should try to make the comment more > > comprehensible too ;-) > > Maybe something like the following: > > * IMPORTANT NOTE regarding access control: Traditionally, raw sockets > * could only be created by a privileged process, and as such, socket > * option operations to manage system properties on any raw socket were > * allowed to take place without explicit additional access control > * checks. However, raw sockets can now also be created in jail(), and > * therefore explicit checks are now required. Likewise, raw sockets can > * be used by a process after it gives up privilege, so some caution is > * required. For options passed down to the IP layer via ip_ctloutput(), > * checks are assumed to be performed in ip_ctloutput() and therefore no > * check occurs here. Unilaterally checking suser() here breaks normal IP > * socket option operations on raw sockets. > * > * When adding new socket options here, make sure to add access control > * checks here as necessary. Yep, this sounds like a better explanation. Thanks :-) From owner-freebsd-net@FreeBSD.ORG Tue Oct 12 15:02:59 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 407FE16A4CE for ; Tue, 12 Oct 2004 15:02:59 +0000 (GMT) Received: from relay.teleportsv.net (ns1.TeleportSV.net [193.41.48.230]) by mx1.FreeBSD.org (Postfix) with ESMTP id CDE4743D5E for ; Tue, 12 Oct 2004 15:02:57 +0000 (GMT) (envelope-from vvs@teleportsv.net) Received: from vvs.teleportsv ([192.168.69.52]) by relay.teleportsv.net with esmtpa (Exim 4.42 (FreeBSD)) id 1CHOAt-000D9J-SX for freebsd-net@freebsd.org; Tue, 12 Oct 2004 18:02:51 +0300 Message-ID: <416BF23C.8070802@teleportsv.net> Date: Tue, 12 Oct 2004 18:03:25 +0300 From: Vladimir Voronin User-Agent: Mozilla Thunderbird 0.7.3 (X11/20040902) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Subject: problem with pam authentication via radius X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Oct 2004 15:02:59 -0000 I try to make PAM authentication on FreeBSD-server (FreeBSD 5.3-BETA1) using RADIUS (freeradius-0.9.3_1) and RADIUS using LDAP (openldap-server-2.2.14). /etc/pam.d/sshd : auth sufficient pam_radius.so auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth required pam_unix.so no_warn try_first_pass account sufficient pam_radius.so account required pam_login_access.so account required pam_unix.so session required pam_permit.so password required pam_unix.so no_warn try_first_pass There are not any problem when I try authenticate user, who exists in /etc/passwd. PAM asks RADIUS and RADIUS compares data with data in LDAP-database. But when authenticate user who exists only in LDAP-database (and there isn't in /etc/passwd on FreeBSD-server) PAM isn't ask RADIUS (nothing in logs of RADIUS). Why this situation take place? How to fix this problem? From owner-freebsd-net@FreeBSD.ORG Tue Oct 12 18:34:40 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 18C2716A4CE for ; Tue, 12 Oct 2004 18:34:40 +0000 (GMT) Received: from mail.lionhead.com (mx1.lionhead.com [212.250.16.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 17EB243D39 for ; Tue, 12 Oct 2004 18:34:39 +0000 (GMT) (envelope-from gbacker@lionhead.com) Received: from raptor ([192.168.15.109]) by mail.lionhead.com with Microsoft SMTPSVC(6.0.3790.80); Tue, 12 Oct 2004 19:34:35 +0100 Received: from LIONMAIL ([192.168.15.250]) by raptor.lhdomain.lionhead.com (MailMonitor for SMTP v1.2.2 ) ; Tue, 12 Oct 2004 19:03:37 +0100 (GMT Daylight Time) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.181 Content-Class: urn:content-classes:message MIME-Version: 1.0 Date: Tue, 12 Oct 2004 19:03:37 +0100 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: bge driver (5.3-BETA3) thread-index: AcSwhcubQnOCoHQZRAmVwXGUZeO2CA== From: "Georg Backer" To: X-OriginalArrivalTime: 12 Oct 2004 18:34:35.0449 (UTC) FILETIME=[1F8C7290:01C4B08A] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: bge driver (5.3-BETA3) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Oct 2004 18:34:40 -0000 Hello, =20 I've been poking all around the net and haven't found any more information about the current status of the bge driver and its missing polling support. I wondered if this is still the case and if somebody is working on it at the moment or if the bge driver already supports polling but I've just simply it. :-) =20 Also is interrupt mitigation available on bge cards / drivers? I've read that it is but how can I double check that it is activated and utilized? I'm using 5.3-BETA3. =20 Thank you very much in advance and sorry for any inconvenience caused should the question have been answered already, Kind regards, Georg Backer From owner-freebsd-net@FreeBSD.ORG Tue Oct 12 18:53:04 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1FD7A16A4CE for ; Tue, 12 Oct 2004 18:53:04 +0000 (GMT) Received: from hotmail.com (bay24-f40.bay24.hotmail.com [64.4.18.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 03AE843D31 for ; Tue, 12 Oct 2004 18:53:04 +0000 (GMT) (envelope-from segr@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 12 Oct 2004 11:53:03 -0700 Received: from 198.53.131.3 by by24fd.bay24.hotmail.msn.com with HTTP; Tue, 12 Oct 2004 18:52:15 GMT X-Originating-IP: [198.53.131.3] X-Originating-Email: [segr@hotmail.com] X-Sender: segr@hotmail.com From: "Stephane Raimbault" To: net@freebsd.org Date: Tue, 12 Oct 2004 12:52:15 -0600 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 12 Oct 2004 18:53:03.0002 (UTC) FILETIME=[B3B39FA0:01C4B08C] Subject: Error 49, socket problem? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Oct 2004 18:53:04 -0000 I have some busy boxes part of a cluster which seems to occassionaly get an Error 49 on various network based applications at the same time. Here is from an apache proxy log [Fri Oct 08 11:26:45 2004] [error] (49)Can't assign requested address: proxy: HTTP: attempt to connect to 127.0.0.1:81 (127.0.0.1) failed [Fri Oct 08 11:26:45 2004] [error] (49)Can't assign requested address: proxy: HTTP: attempt to connect to 127.0.0.1:81 (127.0.0.1) failed [Fri Oct 08 11:26:45 2004] [error] (49)Can't assign requested address: proxy: HTTP: attempt to connect to 127.0.0.1:81 (127.0.0.1) failed [Fri Oct 08 11:26:46 2004] [error] (49)Can't assign requested address: proxy: HTTP: attempt to connect to 127.0.0.1:81 (127.0.0.1) failed [Fri Oct 08 11:26:46 2004] [error] (49)Can't assign requested address: proxy: HTTP: attempt to connect to 127.0.0.1:81 (127.0.0.1) failed Various other things at the same time give a similar error. Am I running out of sockets on the system? What is the best way to diagnose this problem. It seems pretty intermitent, however it seems to occur when the boxes are at some of the busiest moments in it's day. Thanks, Stephane. _________________________________________________________________ Scan and help eliminate destructive viruses from your inbound and outbound e-mail and attachments. http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines Start enjoying all the benefits of MSN® Premium right now and get the first two months FREE*. From owner-freebsd-net@FreeBSD.ORG Wed Oct 13 03:06:02 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C1A016A4CE for ; Wed, 13 Oct 2004 03:06:02 +0000 (GMT) Received: from outbound0.sv.meer.net (outbound0.sv.meer.net [205.217.152.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2AA5743D2D for ; Wed, 13 Oct 2004 03:06:02 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from mail.meer.net (mail.meer.net [209.157.152.14]) i9D34qUr054272; Tue, 12 Oct 2004 20:04:53 -0700 (PDT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (pc1.oakwoodazabu1-unet.ocn.ne.jp [220.110.140.201]) by mail.meer.net (8.12.10/8.12.2/meer) with ESMTP id i9D34oFd054649; Tue, 12 Oct 2004 20:04:51 -0700 (PDT) (envelope-from gnn@neville-neil.com) Date: Wed, 13 Oct 2004 12:04:48 +0900 Message-ID: From: gnn@FreeBSD.org To: "Stephane Raimbault" In-Reply-To: References: User-Agent: Wanderlust/2.10.1 (Watching The Wheels) SEMI/1.14.5 (Awara-Onsen) FLIM/1.14.5 (Demachiyanagi) APEL/10.5 Emacs/21.2 (powerpc-apple-darwin) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII cc: net@FreeBSD.org Subject: Re: Error 49, socket problem? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Oct 2004 03:06:02 -0000 At Tue, 12 Oct 2004 12:52:15 -0600, Stephane Raimbault wrote: > > I have some busy boxes part of a cluster which seems to occassionaly get an > Error 49 on various network based applications at the same time. > > Here is from an apache proxy log > > [Fri Oct 08 11:26:45 2004] [error] (49)Can't assign requested address: > proxy: HTTP: attempt to connect to 127.0.0.1:81 (127.0.0.1) failed > [Fri Oct 08 11:26:45 2004] [error] (49)Can't assign requested address: > proxy: HTTP: attempt to connect to 127.0.0.1:81 (127.0.0.1) failed > [Fri Oct 08 11:26:45 2004] [error] (49)Can't assign requested address: > proxy: HTTP: attempt to connect to 127.0.0.1:81 (127.0.0.1) failed > [Fri Oct 08 11:26:46 2004] [error] (49)Can't assign requested address: > proxy: HTTP: attempt to connect to 127.0.0.1:81 (127.0.0.1) failed > [Fri Oct 08 11:26:46 2004] [error] (49)Can't assign requested address: > proxy: HTTP: attempt to connect to 127.0.0.1:81 (127.0.0.1) failed > > > Various other things at the same time give a similar error. Am I running > out of sockets on the system? What is the best way to diagnose this > problem. It seems pretty intermitent, however it seems to occur when the > boxes are at some of the busiest moments in it's day. That's the loopback address (127.0.0.1) and the error you're getting is "Address Not Available" (/usr/include/sys/errno.h shows this). I have no idea what apahce is trying to do in that case, but you should attempt to figure that out. One theory is that this is some sort of external attack which puts the loopback address into a URL to try and get apache to do something "bad". But, I'm not an apache expert. Later, George From owner-freebsd-net@FreeBSD.ORG Wed Oct 13 05:20:53 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8910316A4CE for ; Wed, 13 Oct 2004 05:20:53 +0000 (GMT) Received: from ran.psg.com (ip192.186.dsl-acs2.seawa0.iinet.com [209.20.186.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1716043D5D for ; Wed, 13 Oct 2004 05:20:53 +0000 (GMT) (envelope-from randy@psg.com) Received: from localhost ([127.0.0.1] helo=ran.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.34 (FreeBSD)) id 1CHbZE-000Pnw-BO for freebsd-net@freebsd.org; Tue, 12 Oct 2004 22:20:52 -0700 From: Randy Bush MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16748.47923.945799.328042@ran.psg.com> Date: Tue, 12 Oct 2004 22:20:51 -0700 To: freebsd-net@freebsd.org Subject: my compliments to the chefs X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Oct 2004 05:20:53 -0000 i was using my 6-current laptop to debug a bunch of networking stuff. i manually switched interfaces between ath0 and em0. i readdressed and remasked many many times. i used dhcclient. i routed through the puppy. and it all just worked. this did not used to be the case; especially switching between ether and wireless and remasking. admittedly i have not mashed on it so wildly for a year or two, being shy of stuff that used not to work well. but damn does it work slick now! thanks! randy From owner-freebsd-net@FreeBSD.ORG Wed Oct 13 12:19:00 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 384B116A4D1 for ; Wed, 13 Oct 2004 12:19:00 +0000 (GMT) Received: from ms-dienst.rz.rwth-aachen.de (ms-1.rz.RWTH-Aachen.DE [134.130.3.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id D9EA943D58 for ; Wed, 13 Oct 2004 12:18:59 +0000 (GMT) (envelope-from chris@haakonia.hitnet.rwth-aachen.de) Received: from r220-1 (r220-1.rz.RWTH-Aachen.DE [134.130.3.31]) by ms-dienst.rz.rwth-aachen.de (iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003)) with ESMTP id <0I5I008JIV5ZLI@ms-dienst.rz.rwth-aachen.de> for freebsd-net@freebsd.org; Wed, 13 Oct 2004 14:10:47 +0200 (MEST) Received: from relay.rwth-aachen.de ([134.130.3.1]) by r220-1 (MailMonitor for SMTP v1.2.2 ) ; Wed, 13 Oct 2004 14:10:46 +0200 (MEST) Received: from haakonia.hitnet.rwth-aachen.de (haakonia.hitnet.RWTH-Aachen.DE [137.226.181.92])i9DCAiRt024152; Wed, 13 Oct 2004 14:10:44 +0200 (MEST) Received: by haakonia.hitnet.rwth-aachen.de (Postfix, from userid 1001) id 11AE42846E; Wed, 13 Oct 2004 14:10:38 +0200 (CEST) Date: Wed, 13 Oct 2004 14:10:38 +0200 From: Christian Brueffer In-reply-to: To: Georg Backer Message-id: <20041013121038.GC5705@unixpages.org> MIME-version: 1.0 Content-type: multipart/signed; boundary=yLVHuoLXiP9kZBkt; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-disposition: inline User-Agent: Mutt/1.5.6i X-Operating-System: FreeBSD 5.3-BETA7 X-PGP-Key: http://people.freebsd.org/~brueffer/brueffer.key.asc X-PGP-Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D References: cc: freebsd-net@freebsd.org Subject: Re: bge driver (5.3-BETA3) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Oct 2004 12:19:00 -0000 --yLVHuoLXiP9kZBkt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Oct 12, 2004 at 07:03:37PM +0100, Georg Backer wrote: > Hello, >=20 > =20 >=20 > I've been poking all around the net and haven't found any more > information about the current status of the bge driver and its missing > polling support. >=20 > I wondered if this is still the case and if somebody is working on it at > the moment or if the bge driver already supports polling but I've just > simply it. :-) >=20 I'll be getting a bge(4) card at the end of the month for the purpose of adding polling support. - Christian --=20 Christian Brueffer chris@unixpages.org brueffer@FreeBSD.org GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D --yLVHuoLXiP9kZBkt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBbRs+bHYXjKDtmC0RAsdNAJ47HwqIFGLBQZrGvH9CmcKoHL5tfQCgoKS0 VpHU6Ub5ONL1z7TMtVloVCE= =gL6L -----END PGP SIGNATURE----- --yLVHuoLXiP9kZBkt-- From owner-freebsd-net@FreeBSD.ORG Wed Oct 13 15:37:03 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3259616A4CE; Wed, 13 Oct 2004 15:37:03 +0000 (GMT) Received: from hotmail.com (bay24-f31.bay24.hotmail.com [64.4.18.81]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0AB9043D41; Wed, 13 Oct 2004 15:37:03 +0000 (GMT) (envelope-from segr@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 13 Oct 2004 08:37:02 -0700 Received: from 198.53.131.3 by by24fd.bay24.hotmail.msn.com with HTTP; Wed, 13 Oct 2004 15:36:03 GMT X-Originating-IP: [198.53.131.3] X-Originating-Email: [segr@hotmail.com] X-Sender: segr@hotmail.com From: "Stephane Raimbault" To: gnn@FreeBSD.org Date: Wed, 13 Oct 2004 09:36:03 -0600 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 13 Oct 2004 15:37:02.0564 (UTC) FILETIME=[7C58F240:01C4B13A] cc: net@FreeBSD.org Subject: Re: Error 49, socket problem? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Oct 2004 15:37:03 -0000 I doubt it's a DoS attack, however it could very well be. In this particular setup, apache runs on port 80 and 81. A slimed down version of apache handles basic http requests on port 80 and on port 81, we have a beefier version of apache with php running applications. We proxy the request from port 80 to port 81 so the client only ever sees connections to port 80. What I find strange is other applications on the server freak out when this is happening in the same manner. such as php not able to make mysql connections with a similar error. The errors aren't limited to 127.0.0.1 either, it seems to be an overall problem with the box, not specifically the loopback or apache. PHP Warning: mysql_connect(): Can't connect to MySQL server on 'dbm.xxx.xxx.com' (49) in /www/index.php on line 4060 In this case the above dbm.xxx.xxx.com resolves to 10.0.12.22 which is one of the MySQL server's in the cluster. I've ruled out that it's a problem with the MySQL server in this case, because I have 4 other web servers (running apache) able to connect to that MySQL server during the same time. All web servers in this cluster seem to exhibit the error randomly at diffrent times. Not only during high peak traffic times as previously thought. Are there buffers I could be running out of? What should I be checking? Perhaps something in sysctl... If I know what I should probably be looking at, I can probably monitor and have certain variables logged / graphed for a better idea of what is going on. Thanks, Stephane. >From: gnn@FreeBSD.org >To: "Stephane Raimbault" >CC: net@FreeBSD.org >Subject: Re: Error 49, socket problem? >Date: Wed, 13 Oct 2004 12:04:48 +0900 > >At Tue, 12 Oct 2004 12:52:15 -0600, >Stephane Raimbault wrote: > > > > I have some busy boxes part of a cluster which seems to occassionaly get >an > > Error 49 on various network based applications at the same time. > > > > Here is from an apache proxy log > > > > [Fri Oct 08 11:26:45 2004] [error] (49)Can't assign requested address: > > proxy: HTTP: attempt to connect to 127.0.0.1:81 (127.0.0.1) failed > > [Fri Oct 08 11:26:45 2004] [error] (49)Can't assign requested address: > > proxy: HTTP: attempt to connect to 127.0.0.1:81 (127.0.0.1) failed > > [Fri Oct 08 11:26:45 2004] [error] (49)Can't assign requested address: > > proxy: HTTP: attempt to connect to 127.0.0.1:81 (127.0.0.1) failed > > [Fri Oct 08 11:26:46 2004] [error] (49)Can't assign requested address: > > proxy: HTTP: attempt to connect to 127.0.0.1:81 (127.0.0.1) failed > > [Fri Oct 08 11:26:46 2004] [error] (49)Can't assign requested address: > > proxy: HTTP: attempt to connect to 127.0.0.1:81 (127.0.0.1) failed > > > > > > Various other things at the same time give a similar error. Am I >running > > out of sockets on the system? What is the best way to diagnose this > > problem. It seems pretty intermitent, however it seems to occur when >the > > boxes are at some of the busiest moments in it's day. > >That's the loopback address (127.0.0.1) and the error you're getting >is "Address Not Available" (/usr/include/sys/errno.h shows this). I >have no idea what apahce is trying to do in that case, but you should >attempt to figure that out. > >One theory is that this is some sort of external attack which puts the >loopback address into a URL to try and get apache to do something >"bad". But, I'm not an apache expert. > >Later, >George > _________________________________________________________________ MSN® Calendar keeps you organized and takes the effort out of scheduling get-togethers. http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines Start enjoying all the benefits of MSN® Premium right now and get the first two months FREE*. From owner-freebsd-net@FreeBSD.ORG Wed Oct 13 20:39:15 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 863AE16A4CE; Wed, 13 Oct 2004 20:39:15 +0000 (GMT) Received: from smtp2.jazztel.es (smtp2.jazztel.es [62.14.3.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0243A43D41; Wed, 13 Oct 2004 20:39:14 +0000 (GMT) (envelope-from josemi@freebsd.jazztel.es) Received: from antivirus by smtp2.jazztel.es with antivirus id 1CHptu-00051C-00 Wed, 13 Oct 2004 22:39:10 +0200 Received: from [212.106.238.81] (helo=rguez.homeunix.net) by smtp2.jazztel.es with esmtp id 1CHptu-00050s-00 Wed, 13 Oct 2004 22:39:10 +0200 Received: from redesjm.local (orion.redesjm.local [192.168.254.16]) by rguez.homeunix.net (8.13.1/8.13.1) with ESMTP id i9DKdF18007025; Wed, 13 Oct 2004 22:39:15 +0200 (CEST) (envelope-from josemi@freebsd.jazztel.es) Received: from localhost (localhost [[UNIX: localhost]]) by redesjm.local (8.13.1/8.13.1/Submit) id i9DKdFfZ014130; Wed, 13 Oct 2004 22:39:15 +0200 (CEST) (envelope-from josemi@freebsd.jazztel.es) X-Authentication-Warning: orion.redesjm.local: freebsd set sender to josemi@freebsd.jazztel.es using -f From: Jose M Rodriguez To: net@freebsd.org Date: Wed, 13 Oct 2004 22:39:14 +0200 User-Agent: KMail/1.7 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200410132239.14957.josemi@freebsd.jazztel.es> X-AntiVirus: checked by AntiVir Milter 1.1-beta; AVE 6.27.0.12; VDF 6.27.0.81 (host: antares.redesjm.local) X-Virus-Scanned: by antivirus cc: current@freebsd.org Subject: General diskless problems. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Oct 2004 20:39:15 -0000 After seen some mail about initdiskless, I recall that have some problems with diskless/pxe last time. Maybe of general interest. - can't mount a NFS root from a tftp operate loader - can't mount a NFS root froma a BOOTP configured kernel. This seems related to a bug in the loader/kernel kenv. Loader pass a nfsiohandle via kenv without check. If the loader doesn't do any NFS operation, it's a pretty invalid all zeroes nfsiohandle that messed kernel nfsroot mount. - PXE i/o problems. intel PXE i/o is NON_BLOCKING. It is supposed blocking on all the UDP code. Also seems recall a bios I/O buffer configured as a packet buffer. Sorry. I missed to report this (think). -- josemi From owner-freebsd-net@FreeBSD.ORG Wed Oct 13 22:50:48 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A42C16A4CF for ; Wed, 13 Oct 2004 22:50:48 +0000 (GMT) Received: from mproxy.gmail.com (rproxy.gmail.com [64.233.170.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id ECCB443D55 for ; Wed, 13 Oct 2004 22:50:47 +0000 (GMT) (envelope-from valiantsoul@gmail.com) Received: by mproxy.gmail.com with SMTP id 73so402027rnk for ; Wed, 13 Oct 2004 15:50:47 -0700 (PDT) Received: by 10.38.24.78 with SMTP id 78mr2685399rnx; Wed, 13 Oct 2004 15:50:47 -0700 (PDT) Received: by 10.38.72.44 with HTTP; Wed, 13 Oct 2004 15:50:47 -0700 (PDT) Message-ID: <1a55096304101315502818216a@mail.gmail.com> Date: Wed, 13 Oct 2004 18:50:47 -0400 From: "Craig St. Jean" To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Routing and subnets problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Craig St. Jean" List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Oct 2004 22:50:48 -0000 I have a complicated situation. Firstly, I have cable running into my house which connects to a wireless router. Every computer except for 1 is connected to this wirelessly at the moment. One of those wireless computers is using a wireless to ethernet bridge with the computer running FreeBSD 4.10 stable. Lets call this computer A. Wired to that computer is another, dual booting FreeBSD and Windows which I will call computer B. At the moment I am just trying to get that computer on the net, but later will add port forwarding to allow it to run certain servers. I tried setting up ipf and ipnat by following tutorials on the internet however they didn't seem to get the two computers to talk. So I kept my ipf rules and turned off ipnat. Once I did that I changed all of the wireless computer's IPs to be under 192.168.1.64 and then set the netmask of the router and all of the computers connected's netmasks to 255.255.255.192. I then set the second nic of computer A to 192.168.1.65 and computer B's IP to 192.168.1.66 and its router to 192.168.1.65 (I have tried others such as 192.168.1.1 aswell). Still computer A and B don't talk. I checked the routing tables and the 192.168.1.0 network is there, along with 192.168.1.64/26. Any ideas on how I can get computer B on the net? If I can get it a part of 192.168.1.x that would be great because I can just use the wireless router's port forwarding from there. Thanks! From owner-freebsd-net@FreeBSD.ORG Thu Oct 14 01:48:07 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7695E16A4CE for ; Thu, 14 Oct 2004 01:48:07 +0000 (GMT) Received: from outbound0.sv.meer.net (outbound0.sv.meer.net [205.217.152.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2420A43D2F for ; Thu, 14 Oct 2004 01:48:05 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from mail.meer.net (mail.meer.net [209.157.152.14]) i9E1lHUt085658; Wed, 13 Oct 2004 18:47:18 -0700 (PDT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (pc1.oakwoodazabu1-unet.ocn.ne.jp [220.110.140.201]) by mail.meer.net (8.12.10/8.12.2/meer) with ESMTP id i9E1l1Lc093378; Wed, 13 Oct 2004 18:47:01 -0700 (PDT) (envelope-from gnn@neville-neil.com) Date: Thu, 14 Oct 2004 10:46:58 +0900 Message-ID: From: gnn@FreeBSD.org To: "Stephane Raimbault" In-Reply-To: References: User-Agent: Wanderlust/2.10.1 (Watching The Wheels) SEMI/1.14.5 (Awara-Onsen) FLIM/1.14.5 (Demachiyanagi) APEL/10.5 Emacs/21.2 (powerpc-apple-darwin) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII cc: net@FreeBSD.org Subject: Re: Error 49, socket problem? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Oct 2004 01:48:07 -0000 At Wed, 13 Oct 2004 09:36:03 -0600, Stephane Raimbault wrote: > > I doubt it's a DoS attack, however it could very well be. > Well, probably not, given what you told us below. > In this particular setup, apache runs on port 80 and 81. A slimed down > version of apache handles basic http requests on port 80 and on port 81, we > have a beefier version of apache with php running applications. We proxy > the request from port 80 to port 81 so the client only ever sees connections > to port 80. > > What I find strange is other applications on the server freak out when this > is happening in the same manner. such as php not able to make mysql > connections with a similar error. The errors aren't limited to 127.0.0.1 > either, it seems to be an overall problem with the box, not specifically the > loopback or apache. > > PHP Warning: mysql_connect(): Can't connect to MySQL server on > 'dbm.xxx.xxx.com' (49) in /www/index.php on line 4060 > > In this case the above dbm.xxx.xxx.com resolves to 10.0.12.22 which is one > of the MySQL server's in the cluster. > > I've ruled out that it's a problem with the MySQL server in this case, > because I have 4 other web servers (running apache) able to connect to that > MySQL server during the same time. All web servers in this cluster seem to > exhibit the error randomly at diffrent times. Not only during high peak > traffic times as previously thought. > > Are there buffers I could be running out of? What should I be checking? > Perhaps something in sysctl... If I know what I should probably be looking > at, I can probably monitor and have certain variables logged / graphed for a > better idea of what is going on. > What version of FreeBSD are you running? I would check the interfaces (ifconfig -a), routing table (netstat -rn), and then the rest of the network statistics (man netstat) when this happens. Does it happen reliably or intermittently? Later, George From owner-freebsd-net@FreeBSD.ORG Thu Oct 14 11:35:00 2004 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2DAA616A4CF; Thu, 14 Oct 2004 11:35:00 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id DBB6243D3F; Thu, 14 Oct 2004 11:34:59 +0000 (GMT) (envelope-from gnn@FreeBSD.org) Received: from freefall.freebsd.org (gnn@localhost [127.0.0.1]) i9EBYxgW089225; Thu, 14 Oct 2004 11:34:59 GMT (envelope-from gnn@freefall.freebsd.org) Received: (from gnn@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i9EBYxEs089221; Thu, 14 Oct 2004 11:34:59 GMT (envelope-from gnn) Date: Thu, 14 Oct 2004 11:34:59 GMT From: "George V. Neville-Neil" Message-Id: <200410141134.i9EBYxEs089221@freefall.freebsd.org> To: gnn@FreeBSD.org, freebsd-net@FreeBSD.org, gnn@freebsd.org Subject: Re: kern/44355: After deletion of an IPv6 alias, the route to the whole subnet is removed too. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Oct 2004 11:35:00 -0000 Synopsis: After deletion of an IPv6 alias, the route to the whole subnet is removed too. Responsible-Changed-From-To: freebsd-net->gnn@freebsd.org Responsible-Changed-By: gnn Responsible-Changed-When: Thu Oct 14 11:34:13 GMT 2004 Responsible-Changed-Why: Took responsibility for patching and testing this. http://www.freebsd.org/cgi/query-pr.cgi?pr=44355 From owner-freebsd-net@FreeBSD.ORG Thu Oct 14 13:43:56 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7429E16A4CE for ; Thu, 14 Oct 2004 13:43:56 +0000 (GMT) Received: from pluton.ispras.ru (pluton.ispras.ru [83.149.199.253]) by mx1.FreeBSD.org (Postfix) with SMTP id 973B243D60 for ; Thu, 14 Oct 2004 13:43:54 +0000 (GMT) (envelope-from grn@ispras.ru) Received: (qmail 71301 invoked from network); 14 Oct 2004 13:45:54 -0000 Received: from unknown (HELO truba.ispras.ru) (83.149.198.41) by pluton.ispras.ru with SMTP; 14 Oct 2004 13:45:54 -0000 Received: from truba.ispras.ru (root@localhost) by truba.ispras.ru (8.13.1/8.13.1) with SMTP id i9EDVm2v016646 for ; Thu, 14 Oct 2004 17:31:48 +0400 Received: from ispras.ru (pila.ispras.ru [83.149.198.208]) by truba.ispras.ru (8.13.1/8.13.1) with ESMTP id i9EDVlQh016640; Thu, 14 Oct 2004 17:31:47 +0400 Message-ID: <416E82D9.80002@ispras.ru> Date: Thu, 14 Oct 2004 17:44:57 +0400 From: Grigory Klyuchnikov User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225 X-Accept-Language: en-us, en MIME-Version: 1.0 To: snap-users@kame.net Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-SpamTest-Info: Profile: Formal (125/041012) X-SpamTest-Info: Profile: Detect Standard No RBL (4/030526) X-SpamTest-Info: Profile: SysLog X-SpamTest-Info: Profile: Marking Spam - Subject (2/030321) X-SpamTest-Status: Not detected X-SpamTest-Version: SMTP-Filter Version 2.0.0 [0125], KAS/Release SMTP-Filter Version 2.0.0 [0125], KAS/Release cc: freebsd-net@freebsd.org cc: freebsd-questions@freebsd.org Subject: Get multicast addresses from interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Oct 2004 13:43:56 -0000 Hello, How can a user process get IPv6 multicast addresses of ethernet interfaces? I have FreeBSD 5.2.1 and get interface addresses via ioctl(SIOCGIFCONF) or sysctl(witch NET_RT_IFLIST), but all returned addresses are unicast. In net/if.h there is a struct ifma_msghdr: /* * Message format for use in obtaining information about multicast addresses * from the routing socket */ struct ifma_msghdr { u_short ifmam_msglen; /* to skip over non-understood messages */ u_char ifmam_version; /* future binary compatibility */ u_char ifmam_type; /* message type */ int ifmam_addrs; /* like rtm_addrs */ int ifmam_flags; /* value of ifa_flags */ u_short ifmam_index; /* index for associated ifp */ }; How it may be used? Regards, Grigory Klyuchnikov. From owner-freebsd-net@FreeBSD.ORG Thu Oct 14 15:00:50 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BBB9216A4D2; Thu, 14 Oct 2004 15:00:50 +0000 (GMT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 749E543D31; Thu, 14 Oct 2004 15:00:50 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id i9EF1n2F029926; Thu, 14 Oct 2004 08:01:49 -0700 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id i9EF1noi029925; Thu, 14 Oct 2004 08:01:49 -0700 Date: Thu, 14 Oct 2004 08:01:49 -0700 From: Brooks Davis To: Grigory Klyuchnikov Message-ID: <20041014150149.GB26684@odin.ac.hmc.edu> References: <416E82D9.80002@ispras.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="mojUlQ0s9EVzWg2t" Content-Disposition: inline In-Reply-To: <416E82D9.80002@ispras.ru> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu cc: freebsd-net@freebsd.org cc: freebsd-questions@freebsd.org cc: snap-users@kame.net Subject: Re: Get multicast addresses from interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Oct 2004 15:00:50 -0000 --mojUlQ0s9EVzWg2t Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Oct 14, 2004 at 05:44:57PM +0400, Grigory Klyuchnikov wrote: > Hello, >=20 > How can a user process get IPv6 multicast addresses of ethernet > interfaces? I have FreeBSD 5.2.1 and get interface addresses > via ioctl(SIOCGIFCONF) or sysctl(witch NET_RT_IFLIST), > but all returned addresses are unicast. getifaddrs(3) and getifmaddrs(3) may do what you want. > In net/if.h there is a struct ifma_msghdr: >=20 > /* > * Message format for use in obtaining information about multicast addres= ses > * from the routing socket > */ > struct ifma_msghdr { > u_short ifmam_msglen; /* to skip over non-understood messages */ > u_char ifmam_version; /* future binary compatibility */ > u_char ifmam_type; /* message type */ > int ifmam_addrs; /* like rtm_addrs */ > int ifmam_flags; /* value of ifa_flags */ > u_short ifmam_index; /* index for associated ifp */ > }; >=20 >=20 > How it may be used? In addition to the functions above, you can directly access these structures via sysctl (see src/lib/libc/net/getifmaddrs.c for an example). -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --mojUlQ0s9EVzWg2t Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFBbpTcXY6L6fI4GtQRAosDAJ9Scc51+oighy/HWGOLptR35Rwi8QCfXjqK vW1K/ZbbywzJFmAm3BDLjv0= =3tne -----END PGP SIGNATURE----- --mojUlQ0s9EVzWg2t-- From owner-freebsd-net@FreeBSD.ORG Thu Oct 14 17:29:02 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C638716A4CE; Thu, 14 Oct 2004 17:29:02 +0000 (GMT) Received: from hotmail.com (bay24-f29.bay24.hotmail.com [64.4.18.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D09743D1D; Thu, 14 Oct 2004 17:29:02 +0000 (GMT) (envelope-from segr@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 14 Oct 2004 10:29:01 -0700 Received: from 198.53.131.3 by by24fd.bay24.hotmail.msn.com with HTTP; Thu, 14 Oct 2004 17:28:16 GMT X-Originating-IP: [198.53.131.3] X-Originating-Email: [segr@hotmail.com] X-Sender: segr@hotmail.com From: "Stephane Raimbault" To: gnn@FreeBSD.org Date: Thu, 14 Oct 2004 11:28:16 -0600 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 14 Oct 2004 17:29:01.0877 (UTC) FILETIME=[4BC87E50:01C4B213] cc: net@FreeBSD.org Subject: Re: Error 49, socket problem? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Oct 2004 17:29:02 -0000 >From: gnn@FreeBSD.org >To: "Stephane Raimbault" >CC: net@FreeBSD.org >Subject: Re: Error 49, socket problem? >Date: Thu, 14 Oct 2004 10:46:58 +0900 > >At Wed, 13 Oct 2004 09:36:03 -0600, >Stephane Raimbault wrote: > > > > I doubt it's a DoS attack, however it could very well be. > > > >Well, probably not, given what you told us below. > > > In this particular setup, apache runs on port 80 and 81. A slimed down > > version of apache handles basic http requests on port 80 and on port 81, >we > > have a beefier version of apache with php running applications. We >proxy > > the request from port 80 to port 81 so the client only ever sees >connections > > to port 80. > > > > What I find strange is other applications on the server freak out when >this > > is happening in the same manner. such as php not able to make mysql > > connections with a similar error. The errors aren't limited to >127.0.0.1 > > either, it seems to be an overall problem with the box, not specifically >the > > loopback or apache. > > > > PHP Warning: mysql_connect(): Can't connect to MySQL server on > > 'dbm.xxx.xxx.com' (49) in /www/index.php on line 4060 > > > > In this case the above dbm.xxx.xxx.com resolves to 10.0.12.22 which is >one > > of the MySQL server's in the cluster. > > > > I've ruled out that it's a problem with the MySQL server in this case, > > because I have 4 other web servers (running apache) able to connect to >that > > MySQL server during the same time. All web servers in this cluster seem >to > > exhibit the error randomly at diffrent times. Not only during high peak > > traffic times as previously thought. > > > > Are there buffers I could be running out of? What should I be checking? > > Perhaps something in sysctl... If I know what I should probably be >looking > > at, I can probably monitor and have certain variables logged / graphed >for a > > better idea of what is going on. > > > >What version of FreeBSD are you running? > % uname -r 4.9-RELEASE-p11 >I would check the interfaces (ifconfig -a), routing table (netstat >-rn), and then the rest of the network statistics (man netstat) when >this happens. Does it happen reliably or intermittently? > I will see if I can write a script that can be triggered when the errors occur. The errors are randomly intermittent. >Later, >George Thanks, Stephane. _________________________________________________________________ Take charge with a pop-up guard built on patented Microsoft® SmartScreen Technology http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines Start enjoying all the benefits of MSN® Premium right now and get the first two months FREE*. From owner-freebsd-net@FreeBSD.ORG Thu Oct 14 17:42:29 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 45BF516A4CE for ; Thu, 14 Oct 2004 17:42:29 +0000 (GMT) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F72243D2D for ; Thu, 14 Oct 2004 17:42:28 +0000 (GMT) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id i9EHgQvd049629 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 14 Oct 2004 21:42:26 +0400 (MSD) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id i9EHgQbB049628 for net@freebsd.org; Thu, 14 Oct 2004 21:42:26 +0400 (MSD) (envelope-from glebius@cell.sick.ru) Date: Thu, 14 Oct 2004 21:42:25 +0400 From: Gleb Smirnoff To: net@freebsd.org Message-ID: <20041014174225.GB49508@cell.sick.ru> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="Qxx1br4bt0+wmkIi" Content-Disposition: inline User-Agent: Mutt/1.5.6i Subject: small tun(4) improvement X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Oct 2004 17:42:29 -0000 --Qxx1br4bt0+wmkIi Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Collegues, any objections about commiting this improvement to tun(4)? In my ng_device I have a similar function ngdwrite(), which was cut-n-pasted from tunwrite(). And my tests with a patched ng_device have shown 30% speedup on large writes. I don't think it will help tun(4) to be a much faster, since tunwrite() isn't a bottleneck, but I think it is worth considering. The patch was tested on a production PPPoE access concentrator (RELENG_4 however). -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE --Qxx1br4bt0+wmkIi Content-Type: text/plain; charset=koi8-r Content-Disposition: attachment; filename="if_tun.mcl.diff" Index: if_tun.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_tun.c,v retrieving revision 1.145 diff -u -r1.145 if_tun.c --- if_tun.c 11 Oct 2004 07:28:36 -0000 1.145 +++ if_tun.c 12 Oct 2004 19:28:02 -0000 @@ -760,10 +760,15 @@ tlen = uio->uio_resid; /* get a header mbuf */ - MGETHDR(m, M_DONTWAIT, MT_DATA); + if (uio->uio_resid > MINCLSIZE) { + m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR); + mlen = MCLBYTES; + } else { + MGETHDR(m, M_DONTWAIT, MT_DATA); + mlen = MHLEN; + } if (m == NULL) return (ENOBUFS); - mlen = MHLEN; top = NULL; mp = ⊤ @@ -773,12 +778,17 @@ *mp = m; mp = &m->m_next; if (uio->uio_resid > 0) { - MGET (m, M_DONTWAIT, MT_DATA); + if (uio->uio_resid > MINCLSIZE) { + m = m_getcl(M_DONTWAIT, MT_DATA, 0); + mlen = MCLBYTES; + } else { + MGET (m, M_DONTWAIT, MT_DATA); + mlen = MLEN; + } if (m == 0) { error = ENOBUFS; break; } - mlen = MLEN; } } if (error) { --Qxx1br4bt0+wmkIi-- From owner-freebsd-net@FreeBSD.ORG Thu Oct 14 18:00:41 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9054F16A4CE for ; Thu, 14 Oct 2004 18:00:41 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id C9F9643D6E for ; Thu, 14 Oct 2004 18:00:40 +0000 (GMT) (envelope-from oppermann@networx.ch) Received: (qmail 19764 invoked from network); 14 Oct 2004 18:00:32 -0000 Received: from unknown (HELO networx.ch) ([62.48.0.53]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 14 Oct 2004 18:00:32 -0000 Message-ID: <416EBEC9.AF037EBB@networx.ch> Date: Thu, 14 Oct 2004 20:00:41 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Gleb Smirnoff References: <20041014174225.GB49508@cell.sick.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: net@freebsd.org Subject: Re: small tun(4) improvement X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Oct 2004 18:00:41 -0000 Gleb Smirnoff wrote: > > Collegues, > > any objections about commiting this improvement to tun(4)? > In my ng_device I have a similar function ngdwrite(), which was > cut-n-pasted from tunwrite(). And my tests with a patched ng_device have > shown 30% speedup on large writes. I don't think it will help tun(4) > to be a much faster, since tunwrite() isn't a bottleneck, but I think > it is worth considering. The patch was tested on a production PPPoE access > concentrator (RELENG_4 however). Looks good! Nice optimization, long overdue. ;-) -- Andre From owner-freebsd-net@FreeBSD.ORG Thu Oct 14 18:01:46 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5519E16A4CE for ; Thu, 14 Oct 2004 18:01:46 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id B068E43D4C for ; Thu, 14 Oct 2004 18:01:45 +0000 (GMT) (envelope-from oppermann@networx.ch) Received: (qmail 19780 invoked from network); 14 Oct 2004 18:01:37 -0000 Received: from unknown (HELO networx.ch) ([62.48.0.53]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 14 Oct 2004 18:01:37 -0000 Message-ID: <416EBF0A.CB1C0366@networx.ch> Date: Thu, 14 Oct 2004 20:01:46 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Gleb Smirnoff References: <20041014174225.GB49508@cell.sick.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: net@freebsd.org Subject: Re: small tun(4) improvement X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Oct 2004 18:01:46 -0000 Gleb Smirnoff wrote: > > Collegues, > > any objections about commiting this improvement to tun(4)? > In my ng_device I have a similar function ngdwrite(), which was > cut-n-pasted from tunwrite(). And my tests with a patched ng_device have > shown 30% speedup on large writes. I don't think it will help tun(4) > to be a much faster, since tunwrite() isn't a bottleneck, but I think > it is worth considering. The patch was tested on a production PPPoE access > concentrator (RELENG_4 however). Could you check tap(4) as well? You can do the same optimization there as well (IIRC). -- Andre From owner-freebsd-net@FreeBSD.ORG Thu Oct 14 18:55:14 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92DCF16A4CE; Thu, 14 Oct 2004 18:55:14 +0000 (GMT) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4431E43D45; Thu, 14 Oct 2004 18:55:14 +0000 (GMT) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 7064C6546C; Thu, 14 Oct 2004 19:55:13 +0100 (BST) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 47189-05-5; Thu, 14 Oct 2004 19:55:12 +0100 (BST) Received: from empiric.dek.spc.org (adsl-67-121-95-134.dsl.snfc21.pacbell.net [67.121.95.134]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 76BF965458; Thu, 14 Oct 2004 19:54:51 +0100 (BST) Received: by empiric.dek.spc.org (Postfix, from userid 1001) id A90CA6465; Thu, 14 Oct 2004 11:54:45 -0700 (PDT) Date: Thu, 14 Oct 2004 11:54:45 -0700 From: Bruce M Simpson To: Grigory Klyuchnikov Message-ID: <20041014185445.GD665@empiric.icir.org> Mail-Followup-To: Grigory Klyuchnikov , Brooks Davis , freebsd-net@freebsd.org, freebsd-questions@freebsd.org, snap-users@kame.net References: <416E82D9.80002@ispras.ru> <20041014150149.GB26684@odin.ac.hmc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="wLAMOaPNJ0fu1fTG" Content-Disposition: inline In-Reply-To: <20041014150149.GB26684@odin.ac.hmc.edu> cc: freebsd-net@freebsd.org cc: freebsd-questions@freebsd.org cc: snap-users@kame.net Subject: Re: Get multicast addresses from interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Oct 2004 18:55:14 -0000 --wLAMOaPNJ0fu1fTG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Oct 14, 2004 at 08:01:49AM -0700, Brooks Davis wrote: > On Thu, Oct 14, 2004 at 05:44:57PM +0400, Grigory Klyuchnikov wrote: > > How can a user process get IPv6 multicast addresses of ethernet > > interfaces? I have FreeBSD 5.2.1 and get interface addresses > > via ioctl(SIOCGIFCONF) or sysctl(witch NET_RT_IFLIST), > > but all returned addresses are unicast. >=20 > getifaddrs(3) and getifmaddrs(3) may do what you want. See http://people.freebsd.org/~bms/dump/mcastlist/ for the original code (harti@ submitted most of the kernel bits). I didn't specifically set out to test getifmaddrs(3) with AF_INET6 addresses when I wrote it, but I seem to recall that it should work with them, from testing. If not, please feel free to submit a PR with a patch. Thanks, BMS --wLAMOaPNJ0fu1fTG Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: '' iD8DBQFBbst0ueUpAYYNtTsRAoTVAKCmPExMZ0Ygr4sh+0+DSilzjqC/LgCePGnj 8dFceMisBn5Ekub+qhYUqls= =Zy9O -----END PGP SIGNATURE----- --wLAMOaPNJ0fu1fTG-- From owner-freebsd-net@FreeBSD.ORG Thu Oct 14 20:23:09 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 44E6C16A4CE for ; Thu, 14 Oct 2004 20:23:09 +0000 (GMT) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7CAB243D46 for ; Thu, 14 Oct 2004 20:23:08 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id i9EKN68J050411 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 15 Oct 2004 00:23:06 +0400 (MSD) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id i9EKN5OH050410; Fri, 15 Oct 2004 00:23:06 +0400 (MSD) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Fri, 15 Oct 2004 00:23:05 +0400 From: Gleb Smirnoff To: Andre Oppermann Message-ID: <20041014202305.GA50360@cell.sick.ru> References: <20041014174225.GB49508@cell.sick.ru> <416EBF0A.CB1C0366@networx.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <416EBF0A.CB1C0366@networx.ch> User-Agent: Mutt/1.5.6i cc: net@freebsd.org Subject: Re: small tun(4) improvement X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Oct 2004 20:23:09 -0000 On Thu, Oct 14, 2004 at 08:01:46PM +0200, Andre Oppermann wrote: A> > any objections about commiting this improvement to tun(4)? A> > In my ng_device I have a similar function ngdwrite(), which was A> > cut-n-pasted from tunwrite(). And my tests with a patched ng_device have A> > shown 30% speedup on large writes. I don't think it will help tun(4) A> > to be a much faster, since tunwrite() isn't a bottleneck, but I think A> > it is worth considering. The patch was tested on a production PPPoE access A> > concentrator (RELENG_4 however). A> A> Could you check tap(4) as well? You can do the same optimization there A> as well (IIRC). Yes, you are right. We are going to have triple cut'n'paste: if_tun.c, ng_device.c, if_tap.c. What about m_uiocopy()? The question is where can we put this function? P.S. We already have md_get_uio() in libmchain. But it doesn't do exactly same thing. And libmchain does not support Big Endians, so we probably don't want to make tun and tap depend on libmchain. P.P.S. BTW, ng_eiface+ng_device is going to supersede tap(4), same way as ng_iface+ng_device is going to supersede tun(4). :) -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Thu Oct 14 20:48:32 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E662816A4D1 for ; Thu, 14 Oct 2004 20:48:32 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0D7E743D49 for ; Thu, 14 Oct 2004 20:48:32 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 20807 invoked from network); 14 Oct 2004 20:48:22 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 14 Oct 2004 20:48:22 -0000 Message-ID: <416EE620.186AD27A@freebsd.org> Date: Thu, 14 Oct 2004 22:48:32 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Gleb Smirnoff References: <20041014174225.GB49508@cell.sick.ru> <416EBF0A.CB1C0366@networx.ch> <20041014202305.GA50360@cell.sick.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: net@freebsd.org Subject: Re: small tun(4) improvement X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Oct 2004 20:48:33 -0000 Gleb Smirnoff wrote: > > On Thu, Oct 14, 2004 at 08:01:46PM +0200, Andre Oppermann wrote: > A> > any objections about commiting this improvement to tun(4)? > A> > In my ng_device I have a similar function ngdwrite(), which was > A> > cut-n-pasted from tunwrite(). And my tests with a patched ng_device have > A> > shown 30% speedup on large writes. I don't think it will help tun(4) > A> > to be a much faster, since tunwrite() isn't a bottleneck, but I think > A> > it is worth considering. The patch was tested on a production PPPoE access > A> > concentrator (RELENG_4 however). > A> > A> Could you check tap(4) as well? You can do the same optimization there > A> as well (IIRC). > > Yes, you are right. > > We are going to have triple cut'n'paste: if_tun.c, ng_device.c, if_tap.c. > What about m_uiocopy()? The question is where can we put this function? What about the existing m_uiotombuf() function in kern/uipc_mbuf.c? > P.S. We already have md_get_uio() in libmchain. But it doesn't do exactly > same thing. And libmchain does not support Big Endians, so we probably > don't want to make tun and tap depend on libmchain. Already answered ;-) > P.P.S. BTW, ng_eiface+ng_device is going to supersede tap(4), same way as > ng_iface+ng_device is going to supersede tun(4). :) Yes and no. While the netgraph equivalents may have the same functionality we want to keep the existing and well-known API's to keep porting easier. On top of that there is nothing wrong with tap(4) and tun(4) (except the mbuf inefficiency you are about to fix). P.S. I'm working on making protocols within protocols domains loadable at least for IPv4. I'm using this to make DIVERT a loadable module. However there's nothing preventing a netgraph module (ng_ipproto perhaps?) using the same hooks. I think this would make netgraph quite some more usable as it already is. Then you can implement new IP protocol types including sockets towards userland in netgraph. My code should be ready by next week. :-) -- Andre From owner-freebsd-net@FreeBSD.ORG Thu Oct 14 22:50:51 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9AF3316A4CE; Thu, 14 Oct 2004 22:50:51 +0000 (GMT) Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 570E543D64; Thu, 14 Oct 2004 22:50:51 +0000 (GMT) (envelope-from julian@elischer.org) Received: from elischer.org (julian.vicor-nb.com [208.206.78.97]) by mail.vicor-nb.com (Postfix) with ESMTP id 08A157A403; Thu, 14 Oct 2004 15:50:51 -0700 (PDT) Message-ID: <416F02CA.5020700@elischer.org> Date: Thu, 14 Oct 2004 15:50:50 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3.1) Gecko/20030516 X-Accept-Language: en, hu MIME-Version: 1.0 To: Andre Oppermann References: <20041014174225.GB49508@cell.sick.ru> <416EBF0A.CB1C0366@networx.ch> <20041014202305.GA50360@cell.sick.ru> <416EE620.186AD27A@freebsd.org> In-Reply-To: <416EE620.186AD27A@freebsd.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: Gleb Smirnoff cc: net@freebsd.org Subject: Re: small tun(4) improvement X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Oct 2004 22:50:51 -0000 Andre Oppermann wrote: >Gleb Smirnoff wrote: > > >>On Thu, Oct 14, 2004 at 08:01:46PM +0200, Andre Oppermann wrote: >>A> > any objections about commiting this improvement to tun(4)? >>A> > In my ng_device I have a similar function ngdwrite(), which was >>A> > cut-n-pasted from tunwrite(). And my tests with a patched ng_device have >>A> > shown 30% speedup on large writes. I don't think it will help tun(4) >>A> > to be a much faster, since tunwrite() isn't a bottleneck, but I think >>A> > it is worth considering. The patch was tested on a production PPPoE access >>A> > concentrator (RELENG_4 however). >>A> >>A> Could you check tap(4) as well? You can do the same optimization there >>A> as well (IIRC). >> >>Yes, you are right. >> >>We are going to have triple cut'n'paste: if_tun.c, ng_device.c, if_tap.c. >>What about m_uiocopy()? The question is where can we put this function? >> >> > >What about the existing m_uiotombuf() function in kern/uipc_mbuf.c? > > > >>P.S. We already have md_get_uio() in libmchain. But it doesn't do exactly >>same thing. And libmchain does not support Big Endians, so we probably >>don't want to make tun and tap depend on libmchain. >> >> > >Already answered ;-) > > > >>P.P.S. BTW, ng_eiface+ng_device is going to supersede tap(4), same way as >>ng_iface+ng_device is going to supersede tun(4). :) >> >> >Yes and no. While the netgraph equivalents may have the same functionality >we want to keep the existing and well-known API's to keep porting easier. >On top of that there is nothing wrong with tap(4) and tun(4) (except the >mbuf inefficiency you are about to fix). > my thoughts exactly.. THOUGH there might be some synergy where we save or share code.. If netgraph becomed useful enough then it'll start to to be used for this sort of thing.. but I'm not for removing existing interfaces. > >P.S. I'm working on making protocols within protocols domains loadable at >least for IPv4. > I did some work on this once.. things have got a lot more complicated however with locking.. >I'm using this to make DIVERT a loadable module. > cool.. the trick is to work out how to make it (un)attach to ipfw.. > However >there's nothing preventing a netgraph module (ng_ipproto perhaps?) using the >same hooks. I think this would make netgraph quite some more usable as it >already is. Then you can implement new IP protocol types including sockets >towards userland in netgraph. My code should be ready by next week. :-) > > > From owner-freebsd-net@FreeBSD.ORG Thu Oct 14 22:58:30 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D6ECA16A4CE for ; Thu, 14 Oct 2004 22:58:30 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id EEF9143D46 for ; Thu, 14 Oct 2004 22:58:29 +0000 (GMT) (envelope-from oppermann@networx.ch) Received: (qmail 21680 invoked from network); 14 Oct 2004 22:58:19 -0000 Received: from unknown (HELO networx.ch) ([62.48.0.54]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 14 Oct 2004 22:58:19 -0000 Message-ID: <416F0497.806DB456@networx.ch> Date: Fri, 15 Oct 2004 00:58:31 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Julian Elischer References: <20041014174225.GB49508@cell.sick.ru> <416EBF0A.CB1C0366@networx.ch> <20041014202305.GA50360@cell.sick.ru> <416EE620.186AD27A@freebsd.org> <416F02CA.5020700@elischer.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: Gleb Smirnoff cc: net@freebsd.org Subject: Re: small tun(4) improvement X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Oct 2004 22:58:31 -0000 Julian Elischer wrote: > > Andre Oppermann wrote: > > > >P.S. I'm working on making protocols within protocols domains loadable at > >least for IPv4. > > > I did some work on this once.. things have got a lot more complicated > however with locking.. Actually there are not that many locking problems with the register and unregister functions themselfes. It get a little bit more trickier with the stuff using these hooks though. > >I'm using this to make DIVERT a loadable module. > > > cool.. the trick is to work out how to make it (un)attach to ipfw.. DIVERT sockets in themselfes do not depend on ipfw. You can send out packets just fine through a diver socket even when ipfw is missing. But you can't get any packets from the kernel unless ipfw puts them up to divert. Nothing that prevents other uses or users of divert in the end (ng_divert perhaps...). -- Andre From owner-freebsd-net@FreeBSD.ORG Thu Oct 14 23:23:52 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3C25116A4CE; Thu, 14 Oct 2004 23:23:52 +0000 (GMT) Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id D174F43D3F; Thu, 14 Oct 2004 23:23:49 +0000 (GMT) (envelope-from julian@elischer.org) Received: from elischer.org (julian.vicor-nb.com [208.206.78.97]) by mail.vicor-nb.com (Postfix) with ESMTP id C86B77A403; Thu, 14 Oct 2004 16:23:42 -0700 (PDT) Message-ID: <416F0A7E.70207@elischer.org> Date: Thu, 14 Oct 2004 16:23:42 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3.1) Gecko/20030516 X-Accept-Language: en, hu MIME-Version: 1.0 To: Andre Oppermann References: <20041014174225.GB49508@cell.sick.ru> <416EBF0A.CB1C0366@networx.ch> <20041014202305.GA50360@cell.sick.ru> <416EE620.186AD27A@freebsd.org> <416F02CA.5020700@elischer.org> <416F0497.806DB456@networx.ch> In-Reply-To: <416F0497.806DB456@networx.ch> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: Gleb Smirnoff cc: net@freebsd.org Subject: Re: small tun(4) improvement X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Oct 2004 23:23:52 -0000 Andre Oppermann wrote: >Julian Elischer wrote: > > >>Andre Oppermann wrote: >> >> >>>P.S. I'm working on making protocols within protocols domains loadable at >>>least for IPv4. >>> >>> >>> >>I did some work on this once.. things have got a lot more complicated >>however with locking.. >> >> > >Actually there are not that many locking problems with the register and >unregister functions themselfes. It get a little bit more trickier with >the stuff using these hooks though. > > > >>>I'm using this to make DIVERT a loadable module. >>> >>> >>> >>cool.. the trick is to work out how to make it (un)attach to ipfw.. >> >> > >DIVERT sockets in themselfes do not depend on ipfw. You can send out >packets just fine through a diver socket even when ipfw is missing. >But you can't get any packets from the kernel unless ipfw puts them >up to divert. Nothing that prevents other uses or users of divert >in the end (ng_divert perhaps...). > yes I know, that's how we wrote divert.. (to be independent) netgraph came later.. I guess we would have done divert differently if we had done netgraph first.. probably would have given ipfw a "hook" command that sent packets out a netfgaph hook to whatever was attached.. hmm that could still be really usefull... a netgraph NAT module anyone? > > > From owner-freebsd-net@FreeBSD.ORG Fri Oct 15 07:20:40 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC89316A4CE; Fri, 15 Oct 2004 07:20:40 +0000 (GMT) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id D1E7A43D46; Fri, 15 Oct 2004 07:20:39 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id i9F7Kb1c053227 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 15 Oct 2004 11:20:37 +0400 (MSD) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id i9F7Kb7W053226; Fri, 15 Oct 2004 11:20:37 +0400 (MSD) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Fri, 15 Oct 2004 11:20:37 +0400 From: Gleb Smirnoff To: Andre Oppermann Message-ID: <20041015072037.GB53159@cell.sick.ru> References: <20041014174225.GB49508@cell.sick.ru> <416EBF0A.CB1C0366@networx.ch> <20041014202305.GA50360@cell.sick.ru> <416EE620.186AD27A@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <416EE620.186AD27A@freebsd.org> User-Agent: Mutt/1.5.6i cc: net@freebsd.org Subject: Re: small tun(4) improvement X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Oct 2004 07:20:40 -0000 On Thu, Oct 14, 2004 at 10:48:32PM +0200, Andre Oppermann wrote: A> > We are going to have triple cut'n'paste: if_tun.c, ng_device.c, if_tap.c. A> > What about m_uiocopy()? The question is where can we put this function? A> A> What about the existing m_uiotombuf() function in kern/uipc_mbuf.c? Damn, I'm blind. :) Investigated libmchain, but missed this. A> > P.P.S. BTW, ng_eiface+ng_device is going to supersede tap(4), same way as A> > ng_iface+ng_device is going to supersede tun(4). :) A> A> Yes and no. While the netgraph equivalents may have the same functionality A> we want to keep the existing and well-known API's to keep porting easier. A> On top of that there is nothing wrong with tap(4) and tun(4) (except the A> mbuf inefficiency you are about to fix). I didn't meant that we will remove tun(4) and tap(4). I meant that we can patch their consumers to alternatively use ng_iface. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Fri Oct 15 07:26:32 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9216816A4CE for ; Fri, 15 Oct 2004 07:26:32 +0000 (GMT) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id C95D543D48 for ; Fri, 15 Oct 2004 07:26:31 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id i9F7QN1b053283 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 15 Oct 2004 11:26:24 +0400 (MSD) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id i9F7QN1A053282; Fri, 15 Oct 2004 11:26:23 +0400 (MSD) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Fri, 15 Oct 2004 11:26:22 +0400 From: Gleb Smirnoff To: Julian Elischer Message-ID: <20041015072622.GC53159@cell.sick.ru> References: <20041014174225.GB49508@cell.sick.ru> <416EBF0A.CB1C0366@networx.ch> <20041014202305.GA50360@cell.sick.ru> <416EE620.186AD27A@freebsd.org> <416F02CA.5020700@elischer.org> <416F0497.806DB456@networx.ch> <416F0A7E.70207@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <416F0A7E.70207@elischer.org> User-Agent: Mutt/1.5.6i cc: Andre Oppermann cc: net@freebsd.org Subject: Re: small tun(4) improvement X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Oct 2004 07:26:32 -0000 On Thu, Oct 14, 2004 at 04:23:42PM -0700, Julian Elischer wrote: J> yes I know, that's how we wrote divert.. (to be independent) netgraph J> came later.. J> I guess we would have done divert differently if we had done netgraph J> first.. J> probably would have given ipfw a "hook" command that sent J> packets out a netfgaph hook to whatever was attached.. hmm that could J> still be really usefull... I have a snap code doing this. I have temporarily abandoned that node because, I can't imagine a way to put packets back to ipfw. ipfw is a function, which processes packet and returns. netgraph may queue packets. How can it inject them back into ipfw, so that 1) it is checked from the next rule, not first 2) it will be returned to ip_(input|output) ? J> a netgraph NAT module anyone? In far plans. First we need to solve the above problem with ifpw and netgraph interaction. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Fri Oct 15 22:21:44 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D565B16A4CE; Fri, 15 Oct 2004 22:21:44 +0000 (GMT) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id C871943D49; Fri, 15 Oct 2004 22:21:43 +0000 (GMT) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id E4B1C65414; Fri, 15 Oct 2004 23:21:41 +0100 (BST) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 68270-01-3; Fri, 15 Oct 2004 23:21:41 +0100 (BST) Received: from empiric.dek.spc.org (dhcp120.icir.org [192.150.187.120]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id E581965400; Fri, 15 Oct 2004 23:21:39 +0100 (BST) Received: by empiric.dek.spc.org (Postfix, from userid 1001) id 9DC7163E8; Fri, 15 Oct 2004 15:21:30 -0700 (PDT) Date: Fri, 15 Oct 2004 15:21:30 -0700 From: Bruce M Simpson To: freebsd-net@FreeBSD.org Message-ID: <20041015222130.GL61186@empiric.icir.org> Mail-Followup-To: freebsd-net@FreeBSD.org, tackerman@FreeBSD.org, freebsdnic@mailbox.intel.com, mux@FreeBSD.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="PWfwoUCx3AFJRUBq" Content-Disposition: inline cc: mux@FreeBSD.org cc: tackerman@FreeBSD.org cc: freebsdnic@mailbox.intel.com Subject: [PATCH] Make em(4) use device sysctl tree X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Oct 2004 22:21:45 -0000 --PWfwoUCx3AFJRUBq Content-Type: multipart/mixed; boundary="k+G3HLlWI7eRTl+h" Content-Disposition: inline --k+G3HLlWI7eRTl+h Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Here is a non-critical patch to bring em(4) into line with other drivers, by using the sysctl tree created for each device by the bus framework. Please review; Thanks. BMS --k+G3HLlWI7eRTl+h Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="em_sysctl.diff" Content-Transfer-Encoding: quoted-printable Index: if_em.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/dev/em/if_em.c,v retrieving revision 1.44.2.1 diff -u -p -r1.44.2.1 if_em.c --- if_em.c 1 Oct 2004 18:51:11 -0000 1.44.2.1 +++ if_em.c 15 Oct 2004 22:16:05 -0000 @@ -310,26 +310,14 @@ em_attach(device_t dev) em_adapter_list =3D adapter; =20 /* SYSCTL stuff */ - sysctl_ctx_init(&adapter->sysctl_ctx); - adapter->sysctl_tree =3D SYSCTL_ADD_NODE(&adapter->sysctl_ctx, - SYSCTL_STATIC_CHILDREN(_hw), - OID_AUTO, - device_get_nameunit(dev), - CTLFLAG_RD, - 0, ""); - if (adapter->sysctl_tree =3D=3D NULL) { - error =3D EIO; =20 - goto err_sysctl; - } - =20 - SYSCTL_ADD_PROC(&adapter->sysctl_ctx, - SYSCTL_CHILDREN(adapter->sysctl_tree), + SYSCTL_ADD_PROC(device_get_sysctl_ctx(dev), + SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO, "debug_info", CTLTYPE_INT|CTLFLAG_RW, (void *)adapter, 0, em_sysctl_debug_info, "I", "Debug Information"); =20 - SYSCTL_ADD_PROC(&adapter->sysctl_ctx, - SYSCTL_CHILDREN(adapter->sysctl_tree), + SYSCTL_ADD_PROC(device_get_sysctl_ctx(dev), + SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO, "stats", CTLTYPE_INT|CTLFLAG_RW, (void *)adapter, 0, em_sysctl_stats, "I", "Statistics"); @@ -504,8 +492,6 @@ err_rx_desc: err_tx_desc: err_pci: em_free_pci_resources(adapter); - sysctl_ctx_free(&adapter->sysctl_ctx); -err_sysctl: return(error); =20 } @@ -553,9 +539,6 @@ em_detach(device_t dev) adapter->rx_desc_base =3D NULL; } =20 - /* Free the sysctl tree */ - sysctl_ctx_free(&adapter->sysctl_ctx); - /* Remove from the adapter list */ if (em_adapter_list =3D=3D adapter) em_adapter_list =3D adapter->next; @@ -3347,8 +3330,8 @@ em_add_int_delay_sysctl(struct adapter * info->adapter =3D adapter; info->offset =3D offset; info->value =3D value; - SYSCTL_ADD_PROC(&adapter->sysctl_ctx, - SYSCTL_CHILDREN(adapter->sysctl_tree), + SYSCTL_ADD_PROC(device_get_sysctl_ctx(adapter->dev), + SYSCTL_CHILDREN(device_get_sysctl_tree(adapter->dev)), OID_AUTO, name, CTLTYPE_INT|CTLFLAG_RW, info, 0, em_sysctl_int_delay, "I", description); } --k+G3HLlWI7eRTl+h-- --PWfwoUCx3AFJRUBq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: '' iD8DBQFBcE1pueUpAYYNtTsRAnmBAJ9SC2cFoDg7s0WU2OHXVoaJ0g6niACfYeOJ yAgMUB5nIZhccTLXvQLvqag= =c4Yc -----END PGP SIGNATURE----- --PWfwoUCx3AFJRUBq-- From owner-freebsd-net@FreeBSD.ORG Sat Oct 16 00:00:13 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1520416A4CE for ; Sat, 16 Oct 2004 00:00:13 +0000 (GMT) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6825043D1D for ; Sat, 16 Oct 2004 00:00:12 +0000 (GMT) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 9EB59652FE; Sat, 16 Oct 2004 01:00:08 +0100 (BST) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 69217-05-6; Sat, 16 Oct 2004 01:00:08 +0100 (BST) Received: from empiric.dek.spc.org (dhcp120.icir.org [192.150.187.120]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 87EFB6520C; Sat, 16 Oct 2004 01:00:04 +0100 (BST) Received: by empiric.dek.spc.org (Postfix, from userid 1001) id D0C4363E8; Fri, 15 Oct 2004 16:59:58 -0700 (PDT) Date: Fri, 15 Oct 2004 16:59:58 -0700 From: Bruce M Simpson To: Gleb Smirnoff Message-ID: <20041015235958.GQ61186@empiric.icir.org> References: <20041014174225.GB49508@cell.sick.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041014174225.GB49508@cell.sick.ru> cc: net@freebsd.org Subject: Re: small tun(4) improvement X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Oct 2004 00:00:13 -0000 On Thu, Oct 14, 2004 at 09:42:25PM +0400, Gleb Smirnoff wrote: > any objections about commiting this improvement to tun(4)? Optimal use of mbuf clusters to improve performance is cool. Please consider committing this once reworked to use m_uiotombuf. BMS From owner-freebsd-net@FreeBSD.ORG Sat Oct 16 00:07:51 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 18F2116A4CE; Sat, 16 Oct 2004 00:07:50 +0000 (GMT) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id C625F43D39; Sat, 16 Oct 2004 00:07:50 +0000 (GMT) (envelope-from mux@freebsd.org) Received: by elvis.mu.org (Postfix, from userid 1920) id BAFC15C975; Fri, 15 Oct 2004 17:07:50 -0700 (PDT) Date: Sat, 16 Oct 2004 02:07:50 +0200 From: Maxime Henrion To: freebsd-net@FreeBSD.org, tackerman@FreeBSD.org, freebsdnic@mailbox.intel.com Message-ID: <20041016000750.GD45249@elvis.mu.org> References: <20041015222130.GL61186@empiric.icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041015222130.GL61186@empiric.icir.org> User-Agent: Mutt/1.4.2.1i Subject: Re: [PATCH] Make em(4) use device sysctl tree X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Oct 2004 00:07:51 -0000 Bruce M Simpson wrote: > Here is a non-critical patch to bring em(4) into line with other > drivers, by using the sysctl tree created for each device by the > bus framework. > > Please review; Thanks. > BMS [patch ripped] Looks good to me. Cheers, Maxime From owner-freebsd-net@FreeBSD.ORG Sat Oct 16 05:22:19 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8ABD116A4CE; Sat, 16 Oct 2004 05:22:19 +0000 (GMT) Received: from silver.he.iki.fi (helenius.fi [193.64.42.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2771E43D46; Sat, 16 Oct 2004 05:22:18 +0000 (GMT) (envelope-from pete@he.iki.fi) Received: from [193.64.42.134] (h86.vuokselantie10.fi [193.64.42.134]) by silver.he.iki.fi (8.13.1/8.11.4) with ESMTP id i9G5MEno093707; Sat, 16 Oct 2004 08:22:14 +0300 (EEST) (envelope-from pete@he.iki.fi) Message-ID: <4170B006.4050908@he.iki.fi> Date: Sat, 16 Oct 2004 08:22:14 +0300 From: Petri Helenius User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040803 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Bruce M Simpson References: <20041015222130.GL61186@empiric.icir.org> In-Reply-To: <20041015222130.GL61186@empiric.icir.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: tackerman@freebsd.org cc: freebsdnic@mailbox.cps.intel.com Subject: Re: [PATCH] Make em(4) use device sysctl tree X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Oct 2004 05:22:19 -0000 Bruce M Simpson wrote: >Here is a non-critical patch to bring em(4) into line with other >drivers, by using the sysctl tree created for each device by the >bus framework. > > > Does anyone here have an idea why some platforms (like Thinkpad X31 or i875 Supermicros) have trouble rebooting with 5.3-BETA when em is used as a module (they hang at "shutting down ACPI") while with 5.2.1-REL the same scenario works fine? Pete >Please review; Thanks. >BMS > > From owner-freebsd-net@FreeBSD.ORG Sat Oct 16 09:06:29 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E1A116A4CE; Sat, 16 Oct 2004 09:06:29 +0000 (GMT) Received: from outbound0.sv.meer.net (outbound0.sv.meer.net [205.217.152.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id F066943D1F; Sat, 16 Oct 2004 09:06:26 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from mail.meer.net (mail.meer.net [209.157.152.14]) i9G962Ur003034; Sat, 16 Oct 2004 02:06:02 -0700 (PDT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (pc1.oakwoodazabu1-unet.ocn.ne.jp [220.110.140.201]) by mail.meer.net (8.12.10/8.12.2/meer) with ESMTP id i9G95uap031706; Sat, 16 Oct 2004 02:05:56 -0700 (PDT) (envelope-from gnn@neville-neil.com) Date: Sat, 16 Oct 2004 18:05:54 +0900 Message-ID: From: gnn@freebsd.org To: rwatson@freebsd.org User-Agent: Wanderlust/2.10.1 (Watching The Wheels) SEMI/1.14.5 (Awara-Onsen) FLIM/1.14.5 (Demachiyanagi) APEL/10.5 Emacs/21.2 (powerpc-apple-darwin) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: in6.c diff for your review and approval X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Oct 2004 09:06:29 -0000 Hi, This patch fixes PR 44355 which was really an issue of FreeBSD not keeping up with the Kame code. I'd like an approval from Robert to commit this, and comments from anyone else familiar with this code in case I've missed something. This fixes the case where removing any IPv6 address alias also removed the associated route, even if the were other aliases using that route. This patch is modified based on the one in the PR, as well as diff of the current Kame and FreeBSD code bases. Later, George Index: in6.c =================================================================== RCS file: /Volumes/exported/FreeBSD-CVS/src/sys/netinet6/in6.c,v retrieving revision 1.48 diff -u -r1.48 in6.c --- in6.c 23 Aug 2004 03:00:26 -0000 1.48 +++ in6.c 16 Oct 2004 08:54:56 -0000 @@ -1,4 +1,4 @@ -/* $FreeBSD$ */ +/* $FreeBSD: src/sys/netinet6/in6.c,v 1.48 2004/08/23 03:00:26 rwatson Exp $ */ /* $KAME: in6.c,v 1.259 2002/01/21 11:37:50 keiichi Exp $ */ /* @@ -575,6 +575,14 @@ */ if ((error = in6_update_ifa(ifp, ifra, ia)) != 0) return (error); + if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr)) + == NULL) { + /* + * this can happen when the user specify the 0 valid + * lifetime. + */ + break; + } /* * then, make the prefix on-link on the interface. @@ -628,41 +636,34 @@ return (EINVAL); /* XXX panic here? */ } } - if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr)) - == NULL) { - /* XXX: this should not happen! */ - log(LOG_ERR, "in6_control: addition succeeded, but" - " no ifaddr\n"); - } else { - if ((ia->ia6_flags & IN6_IFF_AUTOCONF) != 0 && - ia->ia6_ndpr == NULL) { /* new autoconfed addr */ - ia->ia6_ndpr = pr; - pr->ndpr_refcnt++; - - /* - * If this is the first autoconf address from - * the prefix, create a temporary address - * as well (when specified). - */ - if (ip6_use_tempaddr && - pr->ndpr_refcnt == 1) { - int e; - if ((e = in6_tmpifadd(ia, 1)) != 0) { - log(LOG_NOTICE, "in6_control: " - "failed to create a " - "temporary address, " - "errno=%d\n", e); - } - } - } + + /* relate the address to the prefix */ + if (ia->ia6_ndpr == NULL) { + ia->ia6_ndpr = pr; + pr->ndpr_refcnt++; /* - * this might affect the status of autoconfigured - * addresses, that is, this address might make - * other addresses detached. + * If this is the first autoconf address from the + * prefix, create a temporary address as well + * (when required). */ - pfxlist_onlink_check(); + if ((ia->ia6_flags & IN6_IFF_AUTOCONF) && + ip6_use_tempaddr && pr->ndpr_refcnt == 1) { + int e; + if ((e = in6_tmpifadd(ia, 1)) != 0) { + log(LOG_NOTICE, "in6_control: failed " + "to create a temporary address, " + "errno=%d\n", e); + } + } } + + /* + * this might affect the status of autoconfigured addresses, + * that is, this address might make other addresses detached. + */ + pfxlist_onlink_check(); + if (error == 0 && ia) EVENTHANDLER_INVOKE(ifaddr_event, ifp); break; @@ -670,8 +671,7 @@ case SIOCDIFADDR_IN6: { - int i = 0; - struct nd_prefix pr0, *pr; + struct nd_prefix *pr; /* * If the address being deleted is the only one that owns @@ -681,37 +681,12 @@ * and the prefix management. We do this, however, to provide * as much backward compatibility as possible in terms of * the ioctl operation. + * Note that in6_purgeaddr() will decrement ndpr_refcnt. */ - bzero(&pr0, sizeof(pr0)); - pr0.ndpr_ifp = ifp; - pr0.ndpr_plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, - NULL); - if (pr0.ndpr_plen == 128) - goto purgeaddr; - pr0.ndpr_prefix = ia->ia_addr; - pr0.ndpr_mask = ia->ia_prefixmask.sin6_addr; - for (i = 0; i < 4; i++) { - pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &= - ia->ia_prefixmask.sin6_addr.s6_addr32[i]; - } - /* - * The logic of the following condition is a bit complicated. - * We expire the prefix when - * 1. the address obeys autoconfiguration and it is the - * only owner of the associated prefix, or - * 2. the address does not obey autoconf and there is no - * other owner of the prefix. - */ - if ((pr = nd6_prefix_lookup(&pr0)) != NULL && - (((ia->ia6_flags & IN6_IFF_AUTOCONF) != 0 && - pr->ndpr_refcnt == 1) || - ((ia->ia6_flags & IN6_IFF_AUTOCONF) == 0 && - pr->ndpr_refcnt == 0))) { - pr->ndpr_expire = 1; /* XXX: just for expiration */ - } - - purgeaddr: + pr = ia->ia6_ndpr; in6_purgeaddr(&ia->ia_ifa); + if (pr && pr->ndpr_refcnt == 0) + prelist_remove(pr); EVENTHANDLER_INVOKE(ifaddr_event, ifp); break; } @@ -1171,23 +1146,26 @@ } /* - * When an autoconfigured address is being removed, release the - * reference to the base prefix. Also, since the release might - * affect the status of other (detached) addresses, call - * pfxlist_onlink_check(). + * Release the reference to the base prefix. There should be a + * positive reference. */ - if ((oia->ia6_flags & IN6_IFF_AUTOCONF) != 0) { - if (oia->ia6_ndpr == NULL) { - nd6log((LOG_NOTICE, "in6_unlink_ifa: autoconf'ed address " - "%p has no prefix\n", oia)); - } else { - oia->ia6_ndpr->ndpr_refcnt--; - oia->ia6_flags &= ~IN6_IFF_AUTOCONF; - oia->ia6_ndpr = NULL; - } + if (oia->ia6_ndpr == NULL) { + nd6log((LOG_NOTICE, + "in6_unlink_ifa: autoconf'ed address " + "%p has no prefix\n", oia)); + } else { + oia->ia6_ndpr->ndpr_refcnt--; + oia->ia6_ndpr = NULL; + } + /* + * Also, if the address being removed is autoconf'ed, call + * pfxlist_onlink_check() since the release might affect the status of + * other (detached) addresses. + */ + if ((oia->ia6_flags & IN6_IFF_AUTOCONF)) pfxlist_onlink_check(); - } + /* * release another refcnt for the link from in6_ifaddr. From owner-freebsd-net@FreeBSD.ORG Sat Oct 16 09:23:38 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F15BD16A4CE; Sat, 16 Oct 2004 09:23:37 +0000 (GMT) Received: from outbound0.sv.meer.net (outbound0.sv.meer.net [205.217.152.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6C1A43D4C; Sat, 16 Oct 2004 09:23:37 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from mail.meer.net (mail.meer.net [209.157.152.14]) i9G9MsUr003289; Sat, 16 Oct 2004 02:22:54 -0700 (PDT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (pc1.oakwoodazabu1-unet.ocn.ne.jp [220.110.140.201]) by mail.meer.net (8.12.10/8.12.2/meer) with ESMTP id i9G9Mpap033602; Sat, 16 Oct 2004 02:22:52 -0700 (PDT) (envelope-from gnn@neville-neil.com) Date: Sat, 16 Oct 2004 18:22:49 +0900 Message-ID: From: gnn@freebsd.org To: rwatson@freebsd.org User-Agent: Wanderlust/2.10.1 (Watching The Wheels) SEMI/1.14.5 (Awara-Onsen) FLIM/1.14.5 (Demachiyanagi) APEL/10.5 Emacs/21.2 (powerpc-apple-darwin) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Locking fixes to IPv6 scope6.c X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Oct 2004 09:23:38 -0000 Howdy, Here is a proposed set of diffs for locking fixes in the scope6.c module. Please let me know anyone has questions or comments. Thanks, George Index: scope6.c =================================================================== RCS file: /Volumes/exported/FreeBSD-CVS/src/sys/netinet6/scope6.c,v retrieving revision 1.10 diff -u -r1.10 scope6.c --- scope6.c 22 Oct 2003 15:13:36 -0000 1.10 +++ scope6.c 16 Oct 2004 09:19:53 -0000 @@ -1,4 +1,4 @@ -/* $FreeBSD$ */ +/* $FreeBSD: src/sys/netinet6/scope6.c,v 1.10 2003/10/22 15:13:36 ume Exp $ */ /* $KAME: scope6.c,v 1.10 2000/07/24 13:29:31 itojun Exp $ */ /* @@ -71,12 +71,14 @@ scope6_ifattach(ifp) struct ifnet *ifp; { - int s = splnet(); + struct scope6_id *sid; sid = (struct scope6_id *)malloc(sizeof(*sid), M_IFADDR, M_WAITOK); bzero(sid, sizeof(*sid)); + IFNET_WLOCK(); + /* * XXX: IPV6_ADDR_SCOPE_xxx macros are not standard. * Should we rather hardcode here? @@ -89,7 +91,7 @@ sid->s6id_list[IPV6_ADDR_SCOPE_ORGLOCAL] = 1; #endif - splx(s); + IFNET_WUNLOCK(); return sid; } @@ -106,12 +108,24 @@ struct ifnet *ifp; struct scope6_id *idlist; { - int i, s; + int i; int error = 0; - struct scope6_id *sid = SID(ifp); + struct scope6_id *sid = NULL; + + /* + * SID retrieves data from the afdata section of the ifnet + * structure, but wwe also depend on ifp staying around for a + * while so lock the list, instead of the smaller afdata lock + * for the as long as we need either of them. + */ + + IFNET_WLOCK(); + sid = SID(ifp); - if (!sid) /* paranoid? */ + if (!sid) { /* paranoid? */ + IFNET_WUNLOCK(); return (EINVAL); + } /* * XXX: We need more consistency checks of the relationship among @@ -123,7 +137,9 @@ * interface addresses, routing table entries, PCB entries... */ - s = splnet(); + /* + * Lock the ifnet list so that our ifp does not also disappear. + */ SCOPE6_LOCK(); for (i = 0; i < 16; i++) { @@ -135,7 +151,8 @@ */ if (i == IPV6_ADDR_SCOPE_INTFACELOCAL && idlist->s6id_list[i] != ifp->if_index) { - splx(s); + IFNET_WUNLOCK(); + SCOPE6_UNLOCK(); return (EINVAL); } @@ -147,7 +164,8 @@ * IDs, but we check the consistency for * safety in later use. */ - splx(s); + IFNET_WUNLOCK(); + SCOPE6_UNLOCK(); return (EINVAL); } @@ -159,8 +177,8 @@ sid->s6id_list[i] = idlist->s6id_list[i]; } } + IFNET_WUNLOCK(); SCOPE6_UNLOCK(); - splx(s); return (error); } @@ -170,15 +188,20 @@ struct ifnet *ifp; struct scope6_id *idlist; { + /* We only need to lock the interface's afdata for SID() to work. */ + IF_AFDATA_LOCK(ifp); struct scope6_id *sid = SID(ifp); - if (sid == NULL) /* paranoid? */ + if (sid == NULL) { /* paranoid? */ + IF_AFDATA_UNLOCK(ifp); return (EINVAL); + } SCOPE6_LOCK(); *idlist = *sid; SCOPE6_UNLOCK(); + IF_AFDATA_UNLOCK(ifp); return (0); } @@ -259,7 +282,15 @@ { int scope; u_int32_t zoneid = 0; - struct scope6_id *sid = SID(ifp); + struct scope6_id *sid = NULL; + + /* + * Need both the ifp and its afdata to stick around for + * this call. + */ + IFNET_WLOCK(); + + sid = SID(ifp); #ifdef DIAGNOSTIC if (sid == NULL) { /* should not happen */ @@ -277,10 +308,12 @@ * interface. */ if (IN6_IS_ADDR_LOOPBACK(addr)) { - if (!(ifp->if_flags & IFF_LOOPBACK)) + if (!(ifp->if_flags & IFF_LOOPBACK)) { + IFNET_WUNLOCK(); return (-1); - else { + } else { *ret_id = 0; /* there's no ambiguity */ + IFNET_WUNLOCK(); return (0); } } @@ -315,6 +348,9 @@ SCOPE6_UNLOCK(); *ret_id = zoneid; + + IFNET_WUNLOCK(); + return (0); } @@ -328,6 +364,7 @@ * We might eventually have to separate the notion of "link" from * "interface" and provide a user interface to set the default. */ + IFNET_WLOCK(); SCOPE6_LOCK(); if (ifp) { sid_default.s6id_list[IPV6_ADDR_SCOPE_INTFACELOCAL] = @@ -338,6 +375,7 @@ sid_default.s6id_list[IPV6_ADDR_SCOPE_INTFACELOCAL] = 0; sid_default.s6id_list[IPV6_ADDR_SCOPE_LINKLOCAL] = 0; } + IFNET_WUNLOCK(); SCOPE6_UNLOCK(); } From owner-freebsd-net@FreeBSD.ORG Sat Oct 16 12:23:59 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F89516A4CE; Sat, 16 Oct 2004 12:23:59 +0000 (GMT) Received: from aiolos.otenet.gr (aiolos.otenet.gr [195.170.0.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4BB0743D1D; Sat, 16 Oct 2004 12:23:58 +0000 (GMT) (envelope-from keramida@freebsd.org) Received: from gothmog.gr (patr530-a191.otenet.gr [212.205.215.191]) i9GCNrfC025057; Sat, 16 Oct 2004 15:23:55 +0300 Received: from gothmog.gr (gothmog [127.0.0.1]) by gothmog.gr (8.13.1/8.13.1) with ESMTP id i9GCNqV9062592; Sat, 16 Oct 2004 15:23:52 +0300 (EEST) (envelope-from keramida@freebsd.org) Received: (from giorgos@localhost) by gothmog.gr (8.13.1/8.13.1/Submit) id i9GC3R3K048598; Sat, 16 Oct 2004 15:03:27 +0300 (EEST) (envelope-from keramida@freebsd.org) Date: Sat, 16 Oct 2004 15:03:26 +0300 From: Giorgos Keramidas To: gnn@freebsd.org, rwatson@freebsd.org Message-ID: <20041016120326.GA34124@gothmog.gr> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: cc: freebsd-net@freebsd.org Subject: Re: Locking fixes to IPv6 scope6.c X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Oct 2004 12:23:59 -0000 On 2004-10-16 18:22, gnn@FreeBSD.org wrote: > Howdy, > > Here is a proposed set of diffs for locking fixes in the > scope6.c module. Please let me know anyone has questions or > comments. > > Thanks, > George I'm not a networking expert, but there are some style bugs you might want to have fixed before committing this: > Index: scope6.c > =================================================================== > RCS file: /Volumes/exported/FreeBSD-CVS/src/sys/netinet6/scope6.c,v > retrieving revision 1.10 > diff -u -r1.10 scope6.c > --- scope6.c 22 Oct 2003 15:13:36 -0000 1.10 > +++ scope6.c 16 Oct 2004 09:19:53 -0000 > @@ -1,4 +1,4 @@ > -/* $FreeBSD$ */ > +/* $FreeBSD: src/sys/netinet6/scope6.c,v 1.10 2003/10/22 15:13:36 ume Exp $ */ > /* $KAME: scope6.c,v 1.10 2000/07/24 13:29:31 itojun Exp $ */ > > /* > @@ -71,12 +71,14 @@ > scope6_ifattach(ifp) > struct ifnet *ifp; > { > - int s = splnet(); > + > struct scope6_id *sid; The empty line at the beginning of the function body can go away, since there *is* at least one local variable present. > + /* > + * SID retrieves data from the afdata section of the ifnet > + * structure, but wwe also depend on ifp staying around for a > + * while so lock the list, instead of the smaller afdata lock > + * for the as long as we need either of them. > + */ s/wwe/we/ s/for the as long as/for as long as/ > + /* > + * Need both the ifp and its afdata to stick around for > + * this call. > + */ > + IFNET_WLOCK(); Make this a real sentence, please: ``We need both...''. Regards, Giorgos