From owner-freebsd-net@FreeBSD.ORG Sun May 1 08:08:35 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 53EF216A4CE for ; Sun, 1 May 2005 08:08:35 +0000 (GMT) Received: from priv-edtnes40.telusplanet.net (outbound05.telus.net [199.185.220.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id D946743D2D for ; Sun, 1 May 2005 08:08:34 +0000 (GMT) (envelope-from twkonefal@gmail.com) Received: from [192.168.1.2] (really [207.6.232.142]) by priv-edtnes40.telusplanet.netESMTP <20050501080834.BXAQ10358.priv-edtnes40.telusplanet.net@[192.168.1.2]> for ; Sun, 1 May 2005 02:08:34 -0600 Message-ID: <42748E82.4020403@gmail.com> Date: Sun, 01 May 2005 01:08:34 -0700 From: Tomasz Konefal Organization: Technicolor Creative Services User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: net@freebsd.org References: <4272A118.4070603@vineyard.net> In-Reply-To: <4272A118.4070603@vineyard.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: netstat errors after upgrading 4.9 -> 5.3 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 May 2005 08:08:35 -0000 Eric W. Bates wrote: > [sigh] I have created the same problem on 2 machines. > > After an upgrade from 4.x to 5.3-p10 netstat will no longer display the > routing table: > > ** root@fw ** ~ ** Fri Apr 29 16:59:37 > # netstat -nr > netstat: kvm not available > Routing tables > rt_tables: symbol not in namelist > > During the upgrade, I deleted all of /usr/src/*. And followed the rest > of the procedures outlined in /usr/src/UPGRADING. I have also deleted > /kernel* and /modules* (random thot that perhaps the wrong kvm's were > being loaded). > > As far as I can tell, the netstat dump of the routing tables is the only > failure. i have these exact same symptoms on a box i recently upgraded from 5.2.1 to 5.4-RC3. admittedly, i don't know whether netstat worked on 5.2.1, but that was a fresh install with only the security updates applied. cheers, Tomasz From owner-freebsd-net@FreeBSD.ORG Sun May 1 08:52:48 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E72AF16A4CF for ; Sun, 1 May 2005 08:52:48 +0000 (GMT) Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id D38AD43D45 for ; Sun, 1 May 2005 08:52:47 +0000 (GMT) (envelope-from maxim@macomnet.ru) Received-SPF: pass (mp2.macomnet.net: domain of maxim@macomnet.ru designates 127.0.0.1 as permitted sender) receiver=mp2.macomnet.net; client_ip=127.0.0.1; envelope-from=maxim@macomnet.ru; Received: from localhost (localhost [127.0.0.1]) by mp2.macomnet.net (8.12.11/8.12.11) with ESMTP id j418qkxm010451; Sun, 1 May 2005 12:52:46 +0400 (MSD) (envelope-from maxim@macomnet.ru) Date: Sun, 1 May 2005 12:52:46 +0400 (MSD) From: Maxim Konovalov To: Tomasz Konefal In-Reply-To: <42748E82.4020403@gmail.com> Message-ID: <20050501125137.R10423@mp2.macomnet.net> References: <4272A118.4070603@vineyard.net> <42748E82.4020403@gmail.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: net@freebsd.org Subject: Re: netstat errors after upgrading 4.9 -> 5.3 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 May 2005 08:52:49 -0000 On Sun, 1 May 2005, 01:08-0700, Tomasz Konefal wrote: > Eric W. Bates wrote: > > [sigh] I have created the same problem on 2 machines. > > > > After an upgrade from 4.x to 5.3-p10 netstat will no longer display the > > routing table: > > > > ** root@fw ** ~ ** Fri Apr 29 16:59:37 > > # netstat -nr > > netstat: kvm not available > > Routing tables > > rt_tables: symbol not in namelist > > > > During the upgrade, I deleted all of /usr/src/*. And followed the rest of > > the procedures outlined in /usr/src/UPGRADING. I have also deleted /kernel* > > and /modules* (random thot that perhaps the wrong kvm's were being loaded). > > > > As far as I can tell, the netstat dump of the routing tables is the only > > failure. > > i have these exact same symptoms on a box i recently upgraded from 5.2.1 to > 5.4-RC3. admittedly, i don't know whether netstat worked on 5.2.1, but that > was a fresh install with only the security updates applied. IIRC you need mem_load="YES" io_load="YES" in /boot/loader.conf or the appropriate devices compiled in your kernel. -- Maxim Konovalov From owner-freebsd-net@FreeBSD.ORG Sun May 1 11:08:46 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD61316A4CE; Sun, 1 May 2005 11:08:46 +0000 (GMT) Received: from cyrus.watson.org (cyrus.watson.org [204.156.12.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9034A43D55; Sun, 1 May 2005 11:08:46 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by cyrus.watson.org (Postfix) with ESMTP id 309EC46B23; Sun, 1 May 2005 07:08:46 -0400 (EDT) Date: Sun, 1 May 2005 12:11:44 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Kazuaki Oda In-Reply-To: <4267E009.6010102@highway.ne.jp> Message-ID: <20050501114842.S66519@fledge.watson.org> References: <4267E009.6010102@highway.ne.jp> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-net@freebsd.org cc: andre@FreeBSD.org Subject: Re: tcp output question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 May 2005 11:08:46 -0000 On Fri, 22 Apr 2005, Kazuaki Oda wrote: > I'm reading FreeBSD's network codes, and I have noticed that we call > tcp_output() from tcp_usr_send() with tcbinfo locked. According to the > comment in the tcp_usr_send(), we must call tcp_connect() or > tcp_usrclosed() with tcbinfo locked. But it seems that we does not need > to lock it to call tcp_output(). Is there any reason not to unlock it > before calling tcp_output()? I have tried the attached patch, so I get > about 10-20% performance up when running my test server program. You are correct. While it's less performance critical, the same approach can be applied to the PRUS_OOB branch of tcp_usr_send(). There is currently some ambiguity in the relationship between sockets and pcbs -- when various pointers can be NULL, etc. The details vary by protocol -- TCP can allow pcbs to not have sockets, for example, and some socket calls can be made during detach such that there might not be a pcb. If we resolve this ambiguity, we can lower locking overhead, and contention of the tcbinfo lock, quite a bit, avoiding unnecessary acquisition of the tcbinfo lock. Once I've finished cleaning things up elsewhere, I think we need to look carefully at the locking strategy taken for TCP and UDP and decide if they provide the right degree of granularity and overhead. Right now, the tcbinfo/udbinfo locks are held for large parts of TCP and UDP processing, acting as an implicit reference count to prevent pcbs from being free'd while in use in the in-bound delivery path. This means relatively little possible parallel processing of in-bound packets, and also typically means we hit two locks in the TCP/UDP code. Alternative models need to be explored that can help with this, both reducing contention and overhead. Thanks for the patch! Robert N M Watson From owner-freebsd-net@FreeBSD.ORG Sun May 1 15:01:38 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E3B116A4CE; Sun, 1 May 2005 15:01:38 +0000 (GMT) Received: from nic-naa.net (nic-naa.net [216.220.241.233]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2950643D1D; Sun, 1 May 2005 15:01:38 +0000 (GMT) (envelope-from brunner@nic-naa.net) Received: from nic-naa.net (localhost [127.0.0.1]) by nic-naa.net (8.13.3/8.13.3) with ESMTP id j41Eci8e067907; Sun, 1 May 2005 10:38:45 -0400 (EDT) (envelope-from brunner@nic-naa.net) Message-Id: <200505011438.j41Eci8e067907@nic-naa.net> To: Paul Saab In-Reply-To: Your message of "Thu, 28 Apr 2005 16:09:04 PDT." <42716D10.2010209@freebsd.org> Date: Sun, 01 May 2005 10:38:44 -0400 From: Eric Brunner-Williams in Portland Maine cc: net@freebsd.org Subject: Re: testers wanted for SACK on RELENG_4 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 May 2005 15:01:38 -0000 Paul, Did you have any particular QA regime in mind? Eric From owner-freebsd-net@FreeBSD.ORG Sun May 1 19:15:08 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B96516A4CE for ; Sun, 1 May 2005 19:15:08 +0000 (GMT) Received: from mail.internet.is (xs.heimsnet.is [193.4.194.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id C4C6B43D49 for ; Sun, 1 May 2005 19:15:07 +0000 (GMT) (envelope-from baldur@foo.is) Received: from tesla.foo.is (tesla.foo.is [217.151.166.96]) by mail.internet.is (Postfix) with ESMTP id 4C7FA7ABBD for ; Sun, 1 May 2005 19:15:06 +0000 (GMT) Received: from [192.168.1.1] (abacus.foo.is [192.168.1.1]) by tesla.foo.is (Postfix) with ESMTP id AA0D6111 for ; Sun, 1 May 2005 19:15:02 +0000 (GMT) Message-ID: <42752AB5.7040102@foo.is> Date: Sun, 01 May 2005 19:15:01 +0000 From: Baldur Gislason User-Agent: Mozilla Thunderbird 1.0 (X11/20050218) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org X-Enigmail-Version: 0.89.5.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: ping: sendto: No buffer space available X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 May 2005 19:15:08 -0000 I have a script in my crontab that runs ping to check the state of the internet connection. The internet connection is PPTP using kernel ppp. When there's much load on the connection I get an occasional error mail from crontab saying ping: sendto: No buffer space available I have tried increasing kern.ipc.nmbclusters but that makes no difference. What can I do to get rid of this, other than ignore stderr from ping? Baldur From owner-freebsd-net@FreeBSD.ORG Mon May 2 05:54:21 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AE2C216A4CE for ; Mon, 2 May 2005 05:54:21 +0000 (GMT) Received: from mail.lrtc.lt (pegasus.lrtc.lt [217.9.240.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 96FB943D48 for ; Mon, 2 May 2005 05:54:19 +0000 (GMT) (envelope-from dnr@freemail.lt) Received: (qmail 12797 invoked from network); 2 May 2005 05:43:22 -0000 Received: from unknown (HELO www.lrtc.net) ([217.9.240.99]) (envelope-sender ) by mail.lrtc.lt (qmail-ldap-1.03) with SMTP for ; 2 May 2005 05:43:22 -0000 Received: from donatas ([217.9.241.242]) by www.lrtc.net (Lotus Domino Release 6.0) with SMTP id 2005050208541636-1024 ; Mon, 2 May 2005 08:54:16 +0300 Message-ID: <04b401c54edb$5eace280$9f90a8c0@DONATAS> From: "dnr" To: Date: Mon, 2 May 2005 08:54:14 +0300 MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-MIMETrack: Itemize by SMTP Server on lotus/LRTC(Release 6.0|September 26, 2002) at 05/02/2005 08:54:16 AM,05/02/2005 08:54:17 AM, Serialize complete at 05/02/2005 08:54:17 AM Content-Type: text/plain; charset="iso-8859-4" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: netgraph debug X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 05:54:21 -0000 hello, can anyone tell me now to enable netgraph debug and choose output file? thnx From owner-freebsd-net@FreeBSD.ORG Mon May 2 09:15:38 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F08A416A4CE for ; Mon, 2 May 2005 09:15:38 +0000 (GMT) Received: from 62-15-211-153.inversas.jazztel.es (62-15-211-153.inversas.jazztel.es [62.15.211.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D6F843D39 for ; Mon, 2 May 2005 09:15:37 +0000 (GMT) (envelope-from josemi@freebsd.jazztel.es) Received: from redesjm.local (orion.redesjm.local [192.168.254.16]) j429FXZZ002605; Mon, 2 May 2005 11:15:33 +0200 (CEST) (envelope-from josemi@redesjm.local) Received: from localhost (localhost [[UNIX: localhost]]) by redesjm.local (8.13.3/8.13.3/Submit) id j429FPMT001045; Mon, 2 May 2005 11:15:25 +0200 (CEST) (envelope-from josemi@redesjm.local) From: Jose M Rodriguez To: "Giovanni P. Tirloni" Date: Mon, 2 May 2005 11:15:24 +0200 User-Agent: KMail/1.8 References: <200504300906.12464.josemi@redesjm.local> <42759857.8080104@tirloni.org> In-Reply-To: <42759857.8080104@tirloni.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200505021115.25397.josemi@redesjm.local> X-AntiVirus: checked by AntiVir Milter (version: 1.1.0-3; AVE: 6.30.0.7; VDF: 6.30.0.116; host: antares.redesjm.local) cc: net@freebsd.org Subject: Re: enable dummynet from /etc/rc.d X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 09:15:39 -0000 El Lunes, 2 de Mayo de 2005 05:02, Giovanni P. Tirloni escribi=F3: > Jose M Rodriguez wrote: > > Hi, > > > > This is FreeBSD-5.4 RC3 > > > > I'm working in a replacement rc.firewall script and found no > > /etc/rc.d method to launch dummynet (load module). > > > > Right now, dummynet is kernel based, but I want this be able to > > work from stock kernel (ipfw, ipfw6, dummynet from modules). > > > > I missed some rc.conf var or rc.d/ module? > > > > If this will be added, maybe /etc/rc.d/ipfw the right place? > > > > And what about firewall_dummynet for the controlling knob? > > It seems like a good idea. > > IMHO, you should create a 'dummynet' script in /etc/rc.d that > required ipfw (using rcorder(8)) keywords). And a dummynet_enable > option would make sense. > I can't see any need of and aditional dummynet script. I'm not running=20 and aditional daemon (like the natd case), only loading a prerequired=20 module when needed. > But how would you integrate with the ipfw rules ? You can kldload > ipfw and load ipfw rules, then kldload dummynet.. but what about the > dummynet rules order in this case ? > I can't see this point. ipfw rules are loaded from etc/rc.d/ipfw=20 sourcing $firewall-script. The kernel must have dummynet functionality (in kernel or from module)=20 before this is done if there're plans to use dummynet. This is allready done for the ipfw module here. > Your idea of changing /etc/rc.d/ipfw makes sense but, again, we've > the rules order problem and how that script is going to guess what > rules (dummynet) we don't want to load.. I Think this kind of functionality is diffrent. You're suppoused to define firewall_dummynet=3D"YES" when you're using=20 dummynet in $firewall-script. But it's to you put the rules here by other means. You can allways add=20 in /etc/rc.conf: firewall_script=3D"/etc/rc.firewall.local" and checkyesno $firewall_dummynet before do dummynet rules. =2D- josemi From owner-freebsd-net@FreeBSD.ORG Mon May 2 10:11:36 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 299E416A4CE for ; Mon, 2 May 2005 10:11:36 +0000 (GMT) Received: from dns.p-i-n.com (dns.p-i-n.com [145.253.185.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 416BA43D49 for ; Mon, 2 May 2005 10:11:35 +0000 (GMT) (envelope-from rabe@p-i-n.com) Received: from p-i-n.com (inside.p-i-n.com [129.10.9.21]) by dns.p-i-n.com (8.12.9p2/8.12.9) with ESMTP id j42ABW9p093477 for ; Mon, 2 May 2005 12:11:32 +0200 (CEST) (envelope-from rabe@p-i-n.com) Received: (from rabe@localhost) by p-i-n.com (8.11.6/8.11.6) id j42ABWA17114 for freebsd-net@freebsd.org; Mon, 2 May 2005 12:11:32 +0200 (CEST) (envelope-from rabe) Date: Mon, 2 May 2005 12:11:32 +0200 From: "Raphael H. Becker" To: freebsd-net@freebsd.org Message-ID: <20050502121132.A7910@p-i-n.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Organization: PHOENIX Pharmahandel AG & Co KG, Mannheim, Deutschland Subject: [Hardware] Dual GBit PCI Card with copper+fiber interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 10:11:36 -0000 Hello *, we want to connect our copper-GBit segment (in rack) to our "big" LAN using a fiber uplink. We currently uplink with 100MBit FE which becomes more and more a bottleneck. The machine is a Dell PE350 / 800MHz / 256MB running 4.10-RELEASE and ipfw for some filter rules. The machine is a dedicated inter-DMZ router for two segments. The machine has only one PCI Slot (the existing dual-fxp is onboard). Is there a PCI-card on market with one port GBit fiber and one port GBit copper? Is this card supported with FreeBSD 4.1x or 5.x? Any recommendations (including "new hardware for the system")? Regards Raphael Becker From owner-freebsd-net@FreeBSD.ORG Mon May 2 10:25:59 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 500AF16A4CE for ; Mon, 2 May 2005 10:25:59 +0000 (GMT) Received: from mx0.thekeelecentre.com (mx0.thekeelecentre.com [217.206.238.167]) by mx1.FreeBSD.org (Postfix) with ESMTP id ED83543D3F for ; Mon, 2 May 2005 10:25:58 +0000 (GMT) (envelope-from richardtector@thekeelecentre.com) Received: from av.mx0.thekeelecentre.com (av.mx0.thekeelecentre.com [217.206.238.166]) by mx0.thekeelecentre.com (Postfix) with ESMTP id EF470418C; Mon, 2 May 2005 11:25:57 +0100 (BST) Received: from mx0.thekeelecentre.com ([217.206.238.167]) [217.206.238.166]) (amavisd-new, port 10024) with ESMTP id 36226-08; Mon, 2 May 2005 11:25:57 +0100 (BST) Received: from [217.206.238.190] (host-190.thekeelecentre.com [217.206.238.190]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx0.thekeelecentre.com (Postfix) with ESMTP id A79AE406E; Mon, 2 May 2005 11:25:57 +0100 (BST) Message-ID: <4276009F.3020602@thekeelecentre.com> Date: Mon, 02 May 2005 11:27:43 +0100 From: Richard Tector User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20040910 X-Accept-Language: en-gb, en MIME-Version: 1.0 To: "Raphael H. Becker" References: <20050502121132.A7910@p-i-n.com> In-Reply-To: <20050502121132.A7910@p-i-n.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at mx0.thekeelecentre.com cc: freebsd-net@freebsd.org Subject: Re: [Hardware] Dual GBit PCI Card with copper+fiber interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 10:25:59 -0000 Raphael H. Becker wrote: >we want to connect our copper-GBit segment (in rack) to our "big" LAN >using a fiber uplink. We currently uplink with 100MBit FE which becomes >more and more a bottleneck. > >Is there a PCI-card on market with one port GBit fiber and one port GBit > > Not that I'm aware of. >Any recommendations (including "new hardware for the system")? > > In this case I would suggest getting a dual copper gigabit card, like the Intel Pro1000MT Dual port cards, and buying a 1000baseSX to copper gigabit media converter. (We use Allied Telesyn converters here). Hope that's of some help. Regards, Richard Tector From owner-freebsd-net@FreeBSD.ORG Mon May 2 11:01:54 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1C08916A504 for ; Mon, 2 May 2005 11:01:54 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id CD29A43D5F for ; Mon, 2 May 2005 11:01:53 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j42B1rfC030207 for ; Mon, 2 May 2005 11:01:53 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j42B1qKJ030200 for freebsd-net@freebsd.org; Mon, 2 May 2005 11:01:52 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 2 May 2005 11:01:52 GMT Message-Id: <200505021101.j42B1qKJ030200@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 11:01:54 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/07/11] kern/54383 net [nfs] [patch] NFS root configurations wit 1 problem total. From owner-freebsd-net@FreeBSD.ORG Mon May 2 13:02:00 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 049EA16A4CE for ; Mon, 2 May 2005 13:02:00 +0000 (GMT) Received: from mail.lrtc.lt (pegasus.lrtc.lt [217.9.240.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 17DFF43D31 for ; Mon, 2 May 2005 13:01:59 +0000 (GMT) (envelope-from donatas@lrtc.net) Received: (qmail 21469 invoked from network); 2 May 2005 12:51:01 -0000 Received: from unknown (HELO donatas) (d.gendvilas@[192.168.144.159]) (envelope-sender ) by mail.lrtc.lt (qmail-ldap-1.03) with SMTP for ; 2 May 2005 12:51:01 -0000 Message-ID: <01fb01c54f17$1d650910$9f90a8c0@DONATAS> From: "Donatas" To: Date: Mon, 2 May 2005 16:01:54 +0300 Organization: AB Lietuvos Radijo ir Televizijos Centras MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1257"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Subject: net.link.ether.bridge.predict X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Donatas List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 13:02:00 -0000 net.link.ether.bridge.predict this variable is not included in bridge(4) man page. What does it do? thnx From owner-freebsd-net@FreeBSD.ORG Mon May 2 15:32:55 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E1A616A4CF for ; Mon, 2 May 2005 15:32:55 +0000 (GMT) Received: from lithium.nettersworld.net (e131.ip.nettersworld.net [202.67.150.131]) by mx1.FreeBSD.org (Postfix) with SMTP id B18E343D45 for ; Mon, 2 May 2005 15:32:53 +0000 (GMT) (envelope-from mc@netx.com.hk) Received: (qmail 91336 invoked from network); 2 May 2005 15:33:16 -0000 Received: from lithium.nettersworld.net (202.67.150.131) by lithium.nettersworld.net with SMTP; 2 May 2005 15:33:16 -0000 Received: from lithium.nettersworld.net ([202.67.150.131]) by lithium.nettersworld.net with ESMTP id 54325-24 for ; Mon, 2 May 2005 23:33:16 +0800 (HKT) Received: from mcpm (n19z178l105.broadband.ctm.net [202.175.178.105]) by lithium.nettersworld.net (Postfix) with ESMTP id B278020497D for ; Mon, 2 May 2005 23:33:16 +0800 (HKT) Message-ID: <005b01c54f2c$a37f6e40$df63af0a@mcpm> From: "mc" To: Date: Mon, 2 May 2005 23:35:58 +0800 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="big5"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Subject: gigabit ethernet (copper/fibre) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 15:32:55 -0000 Hi all, I would like to ask if anyone on the list could point me to some comparison charts between optical fibre and copper gigabit ethernet connection? recently I am seriously considering to upgrade some of my machines and switches to gigabit speeds. seeing that the copper version is so much cheaper than fibre (and easier maintenance too), I'd of course want to deploy the copper version if possible, but I have no idea what is making the big difference (besides the distance of the cable run?). besides..could anyone suggest me with some gigabit nic and switches? (would be great if you could tell me roughly the price! :) off topic: some time ago, I have tried using intel em(4) nics (tried both onboard and desktop version) with a cisco 2950T. the speed was terrible - even much worse than a $cheap fxp. is this because intel+cisco = incompatible? or is this because copper cannot achieve good performance? (sorry for having no meaningful stats to support my question...the test was done some years ago and at that time I was too busy to follow up the situation) cheers mc From owner-freebsd-net@FreeBSD.ORG Mon May 2 15:58:44 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 62EA316A4CE for ; Mon, 2 May 2005 15:58:44 +0000 (GMT) Received: from pop06.mail.atl.earthlink.net (pop06.mail.atl.earthlink.net [207.69.200.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1A28C43D46 for ; Mon, 2 May 2005 15:58:44 +0000 (GMT) (envelope-from gandalf@digital.net) Received: from wamui08.slb.atl.earthlink.net ([192.168.167.46]) by pop06.mail.atl.earthlink.net with esmtp (Exim 3.36 #10) id 1DSdJj-0001St-00; Mon, 02 May 2005 11:58:43 -0400 Message-ID: <32528526.1115049523374.JavaMail.root@wamui08.slb.atl.earthlink.net> Date: Mon, 2 May 2005 10:58:43 -0500 (GMT-05:00) From: gandalf@digital.net To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: Earthlink Zoo Mail 1.0 Subject: FreeBSD and the Rose Attack / NewDawn X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: gandalf@digital.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 15:58:44 -0000 Greetings and Salutations: I *just* got my FreeBSD setup stable and working witha KDE GUI. :-). I know, easy for you guys but this is the first time I have set up FreeBSD with automatic updates. I settled on FreeBSD 5.4 after many tries. I tried the Rose Attack / NewDawn against my laptop (it is a slow Pentium II 400 MHz Dell Inspiron 7000): http://digital.net/~gandalf/Rose_Frag_Attack_Explained.htm Specifically: ./NewDawn4 1 0 5 9999 99999999 4000 2 My machine locked up at pretty close to 100% when viewing the top command. I asked a fellow worker who had a PIII 733 MHz to take a look and he reported about 70% CPU increase. FYI. You might wish to take a look into this, IMHO this is a decent CPU DOS. Ken ------------------------------------------------------------------ Do not meddle in the affairs of wizards for they are subtle and quick to anger. Ken Hollis - Gandalf The White - gandalf@digital.net - O- TINLC WWW Page - http://gandalf.home.digital.net/ Trace E-Mail forgery - http://gandalf.home.digital.net/spamfaq.html Trolls crossposts - http://gandalf.home.digital.net/trollfaq.html From owner-freebsd-net@FreeBSD.ORG Mon May 2 16:39:18 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2107C16A4CF; Mon, 2 May 2005 16:39:18 +0000 (GMT) Received: from mailgate1b.savvis.net (mailgate1b.savvis.net [216.91.182.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 08F9543D1F; Mon, 2 May 2005 16:39:17 +0000 (GMT) (envelope-from Maksim.Yevmenkin@savvis.net) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailgate1b.savvis.net (Postfix) with ESMTP id 21FC03BEB3; Mon, 2 May 2005 11:39:15 -0500 (CDT) Received: from mailgate1b.savvis.net ([127.0.0.1]) by localhost (mailgate1b.savvis.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 13248-02-12; Mon, 2 May 2005 11:39:14 -0500 (CDT) Received: from out001.email.savvis.net (out001.apptix.savvis.net [216.91.32.44]) by mailgate1b.savvis.net (Postfix) with ESMTP id 6B0313BE6E; Mon, 2 May 2005 11:39:14 -0500 (CDT) Received: from s228130hz1ew171.apptix-01.savvis.net ([10.146.4.29]) by out001.email.savvis.net with Microsoft SMTPSVC(6.0.3790.211); Mon, 2 May 2005 11:39:00 -0500 Received: from [10.254.186.111] ([66.35.239.94]) by s228130hz1ew171.apptix-01.savvis.net with Microsoft SMTPSVC(6.0.3790.211); Mon, 2 May 2005 11:38:51 -0500 Message-ID: <42765799.6090201@savvis.net> Date: Mon, 02 May 2005 09:38:49 -0700 From: Maksim Yevmenkin User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.2) Gecko/20040822 X-Accept-Language: en-us, en MIME-Version: 1.0 To: net@freebsd.org References: <20050428135120.GB21428@cell.sick.ru> <427111BF.2050607@savvis.net> <42712BAA.4070201@elischer.org> <42715269.3010306@errno.com> <4272743A.2030003@savvis.net> <20050429182819.GP2670@funkthat.com> In-Reply-To: <20050429182819.GP2670@funkthat.com> Content-Type: multipart/mixed; boundary="------------030203040704050801000304" X-OriginalArrivalTime: 02 May 2005 16:38:51.0276 (UTC) FILETIME=[6BF13CC0:01C54F35] X-Virus-Scanned: amavisd-new at savvis.net cc: Sten Spans cc: John-Mark Gurney cc: glebius@FreeBSD.org cc: Julian Elischer Subject: Re: if_tap unaligned access problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 16:39:18 -0000 This is a multi-part message in MIME format. --------------030203040704050801000304 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hello, >>>>>>i think we have few options here: >>>>>> >>>>>>1) revert back original tapwrite function that was changed in v. >>>>>>1.48 and set offset to 2 bytes in top mbuf >>>>>> >>>>>>2) change current version of tapwrite so it would m_prepend and >>>>>>m_pullup mbuf after m_uiotombuf >>>>>> >>>>>>3) change m_uiotombuf to accept one more parameter - mbuf offset at >>>>>>which data should be copied. there are not that many users of >>>>>>m_uiotombuf >> >>please find and review the attached patch (untested) that implements >>option (3) above. any objections to the attached (revised) patch? can i commit it? thanks, max --------------030203040704050801000304 Content-Type: text/plain; name="m_uiotombuf.diff.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="m_uiotombuf.diff.txt" Index: sys/kern/uipc_mbuf.c =================================================================== RCS file: /home/ncvs/src/sys/kern/uipc_mbuf.c,v retrieving revision 1.147 diff -u -r1.147 uipc_mbuf.c --- sys/kern/uipc_mbuf.c 17 Mar 2005 19:34:57 -0000 1.147 +++ sys/kern/uipc_mbuf.c 2 May 2005 16:33:41 -0000 @@ -1333,7 +1333,7 @@ #endif struct mbuf * -m_uiotombuf(struct uio *uio, int how, int len) +m_uiotombuf(struct uio *uio, int how, int len, int align) { struct mbuf *m_new = NULL, *m_final = NULL; int progress = 0, error = 0, length, total; @@ -1342,12 +1342,15 @@ total = min(uio->uio_resid, len); else total = uio->uio_resid; - if (total > MHLEN) + if (align >= MHLEN) + goto nospace; + if (total + align > MHLEN) m_final = m_getcl(how, MT_DATA, M_PKTHDR); else m_final = m_gethdr(how, MT_DATA); if (m_final == NULL) goto nospace; + m_final->m_data += align; m_new = m_final; while (progress < total) { length = total - progress; Index: sys/kern/uipc_syscalls.c =================================================================== RCS file: /home/ncvs/src/sys/kern/uipc_syscalls.c,v retrieving revision 1.219 diff -u -r1.219 uipc_syscalls.c --- sys/kern/uipc_syscalls.c 16 Apr 2005 18:46:28 -0000 1.219 +++ sys/kern/uipc_syscalls.c 2 May 2005 16:33:41 -0000 @@ -1796,7 +1796,7 @@ hdr_uio->uio_td = td; hdr_uio->uio_rw = UIO_WRITE; if (hdr_uio->uio_resid > 0) { - m_header = m_uiotombuf(hdr_uio, M_DONTWAIT, 0); + m_header = m_uiotombuf(hdr_uio, M_DONTWAIT, 0, 0); if (m_header == NULL) goto done; headersize = m_header->m_pkthdr.len; Index: sys/net/if_tap.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_tap.c,v retrieving revision 1.52 diff -u -r1.52 if_tap.c --- sys/net/if_tap.c 13 Apr 2005 00:30:19 -0000 1.52 +++ sys/net/if_tap.c 2 May 2005 16:33:41 -0000 @@ -827,7 +827,7 @@ return (EIO); } - if ((m = m_uiotombuf(uio, M_DONTWAIT, 0)) == NULL) { + if ((m = m_uiotombuf(uio, M_DONTWAIT, 0, ETHER_ALIGN)) == NULL) { ifp->if_ierrors ++; return (error); } Index: sys/net/if_tun.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_tun.c,v retrieving revision 1.149 diff -u -r1.149 if_tun.c --- sys/net/if_tun.c 31 Mar 2005 12:19:44 -0000 1.149 +++ sys/net/if_tun.c 2 May 2005 16:33:41 -0000 @@ -761,7 +761,7 @@ return (EIO); } - if ((m = m_uiotombuf(uio, M_DONTWAIT, 0)) == NULL) { + if ((m = m_uiotombuf(uio, M_DONTWAIT, 0, 0)) == NULL) { ifp->if_ierrors++; return (error); } Index: sys/netgraph/ng_device.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_device.c,v retrieving revision 1.20 diff -u -r1.20 ng_device.c --- sys/netgraph/ng_device.c 14 Mar 2005 16:02:53 -0000 1.20 +++ sys/netgraph/ng_device.c 2 May 2005 16:33:41 -0000 @@ -466,7 +466,7 @@ if (uio->uio_resid < 0 || uio->uio_resid > IP_MAXPACKET) return (EIO); - if ((m = m_uiotombuf(uio, M_DONTWAIT, 0)) == NULL) + if ((m = m_uiotombuf(uio, M_DONTWAIT, 0, 0)) == NULL) return (ENOBUFS); NG_SEND_DATA_ONLY(error, priv->hook, m); Index: sys/sys/mbuf.h =================================================================== RCS file: /home/ncvs/src/sys/sys/mbuf.h,v retrieving revision 1.169 diff -u -r1.169 mbuf.h --- sys/sys/mbuf.h 17 Mar 2005 19:34:57 -0000 1.169 +++ sys/sys/mbuf.h 2 May 2005 16:33:41 -0000 @@ -582,7 +582,7 @@ struct mbuf *m_pulldown(struct mbuf *, int, int, int *); struct mbuf *m_pullup(struct mbuf *, int); struct mbuf *m_split(struct mbuf *, int, int); -struct mbuf *m_uiotombuf(struct uio *, int, int); +struct mbuf *m_uiotombuf(struct uio *, int, int, int); /*- * Network packets may have annotations attached by affixing a list --------------030203040704050801000304-- From owner-freebsd-net@FreeBSD.ORG Mon May 2 16:43:51 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F80816A4CE for ; Mon, 2 May 2005 16:43:51 +0000 (GMT) Received: from mxsf28.cluster1.charter.net (mxsf28.cluster1.charter.net [209.225.28.228]) by mx1.FreeBSD.org (Postfix) with ESMTP id 99D1C43D41 for ; Mon, 2 May 2005 16:43:50 +0000 (GMT) (envelope-from c0ldbyte@myrealbox.com) Received: from mxip02.cluster1.charter.net (mxip02a.cluster1.charter.net [209.225.28.132])j42Ghng7009538 for ; Mon, 2 May 2005 12:43:49 -0400 Received: from 24-247-253-134.dhcp.aldl.mi.charter.com (HELO eleanor.us1.wmi.uvac.net) (24.247.253.134) by mxip02.cluster1.charter.net with ESMTP; 02 May 2005 12:43:49 -0400 X-Ironport-AV: i="3.92,145,1112587200"; d="scan'208"; a="890116128:sNHT13858248" Date: Mon, 2 May 2005 16:43:41 +0000 (UTC) From: c0ldbyte To: gandalf@digital.net In-Reply-To: <32528526.1115049523374.JavaMail.root@wamui08.slb.atl.earthlink.net> Message-ID: <20050502163519.V69368@eleanor.us1.wmi.uvac.net> References: <32528526.1115049523374.JavaMail.root@wamui08.slb.atl.earthlink.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-net@freebsd.org Subject: Re: FreeBSD and the Rose Attack / NewDawn X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 16:43:51 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 2 May 2005 gandalf@digital.net wrote: > Greetings and Salutations: > > I *just* got my FreeBSD setup stable and working witha KDE GUI. :-). I know, easy for you guys but this is the first time I have set up FreeBSD with automatic updates. I settled on FreeBSD 5.4 after many tries. > > I tried the Rose Attack / NewDawn against my laptop (it is a slow Pentium II 400 MHz Dell Inspiron 7000): > http://digital.net/~gandalf/Rose_Frag_Attack_Explained.htm > > Specifically: > ../NewDawn4 1 0 5 9999 99999999 4000 2 > > My machine locked up at pretty close to 100% when viewing the top command. > > I asked a fellow worker who had a PIII 733 MHz to take a look and he reported about 70% CPU increase. > > FYI. You might wish to take a look into this, IMHO this is a decent CPU DOS. > > Ken > Works nicely if you have access to root on a local machine for lan use and the machines have been compiled with bpf support. Other then that my testing on these cases over the net "internet" have not yielded any proposed results to effect FreeBSD machines. Tried on 4.x & 5.x. Any other proof that this yields anything that we need to worry about?. - -- ( When in doubt, use brute force. -- Ken Thompson 1998 ) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF7DF979F Comment: Fingerprint = D1DC 0AA4 1C4E EAD4 24EB 7E77 B261 50BA F7DF 979F iD8DBQFCdljAsmFQuvffl58RAheSAJ4ulWNwBZaskZflofKJ1JXeKlgf5ACfbjh0 p3GHiuf/qf2KQq/oWDkFwjI= =fT62 -----END PGP SIGNATURE----- From owner-freebsd-net@FreeBSD.ORG Mon May 2 17:32:34 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3F83116A4CF for ; Mon, 2 May 2005 17:32:34 +0000 (GMT) Received: from pop04.mail.atl.earthlink.net (pop04.mail.atl.earthlink.net [207.69.200.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id D50A043D5F for ; Mon, 2 May 2005 17:32:33 +0000 (GMT) (envelope-from gandalf@digital.net) Received: from wamui01.slb.atl.earthlink.net ([192.168.167.39]) by pop04.mail.atl.earthlink.net with esmtp (Exim 3.36 #10) id 1DSemW-0006TI-00; Mon, 02 May 2005 13:32:32 -0400 Message-ID: <11765553.1115055152501.JavaMail.root@wamui01.slb.atl.earthlink.net> Date: Mon, 2 May 2005 12:32:32 -0500 (GMT-05:00) From: gandalf@digital.net To: c0ldbyte Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: Earthlink Zoo Mail 1.0 cc: freebsd-net@freebsd.org Subject: Re: FreeBSD and the Rose Attack / NewDawn X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: gandalf@digital.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 17:32:34 -0000 Greetings and Salutations: From: c0ldbyte > On Mon, 2 May 2005 gandalf@digital.net wrote: >> I *just* got my FreeBSD setup stable and working with a KDE >> GUI. :-). I know, easy for you guys but this is the first time I >> have set up FreeBSD with automatic updates. I settled on >> FreeBSD 5.4 after many tries. > Works nicely if you have access to root on a local machine for lan use Exactly. Works in Windows also if you work hard enough. > and the machines have been compiled with bpf support. Other then that Berkeley Packet Filter is (of course) enabled by default in the GENERIC kernel config with the comment that you need bpf for DHCP. > my testing on these cases over the net "internet" have not yielded any > proposed results to effect FreeBSD machines. Tried on 4.x & 5.x. > Any other proof that this yields anything that we need to worry about?. I haven't really tried extensive testing "over the internet" and I guess that would be my question. Unless you have some kind of filter between you an the target machine then I assume that the DOS would work as well across "The Internet" as it would locally. Routers should pass fragmented packets same as any other kind of traffic. What am I missing? I am thinking of the case where someone has a FreeBSD machine set up as their "corporate" firewall. Ken ------------------------------------------------------------------ Do not meddle in the affairs of wizards for they are subtle and quick to anger. Ken Hollis - Gandalf The White - gandalf@digital.net - O- TINLC WWW Page - http://gandalf.home.digital.net/ Trace E-Mail forgery - http://gandalf.home.digital.net/spamfaq.html Trolls crossposts - http://gandalf.home.digital.net/trollfaq.html From owner-freebsd-net@FreeBSD.ORG Mon May 2 18:09:14 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8FA7816A4D3 for ; Mon, 2 May 2005 18:09:14 +0000 (GMT) Received: from mail25.sea5.speakeasy.net (mail25.sea5.speakeasy.net [69.17.117.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3EF8843D79 for ; Mon, 2 May 2005 18:09:14 +0000 (GMT) (envelope-from jmg@hydrogen.funkthat.com) Received: (qmail 11598 invoked from network); 2 May 2005 18:09:12 -0000 Received: from gate.funkthat.com (HELO hydrogen.funkthat.com) ([69.17.45.168]) (envelope-sender ) by mail25.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 2 May 2005 18:09:12 -0000 Received: from hydrogen.funkthat.com (apatmz@localhost.funkthat.com [127.0.0.1])j42I9Cmo003494; Mon, 2 May 2005 11:09:12 -0700 (PDT) (envelope-from jmg@hydrogen.funkthat.com) Received: (from jmg@localhost) by hydrogen.funkthat.com (8.12.10/8.12.10/Submit) id j42I9ACU003493; Mon, 2 May 2005 11:09:10 -0700 (PDT) Date: Mon, 2 May 2005 11:09:10 -0700 From: John-Mark Gurney To: Maksim Yevmenkin Message-ID: <20050502180910.GV2670@funkthat.com> Mail-Followup-To: Maksim Yevmenkin , net@freebsd.org, Sten Spans , Julian Elischer , glebius@FreeBSD.org References: <20050428135120.GB21428@cell.sick.ru> <427111BF.2050607@savvis.net> <42712BAA.4070201@elischer.org> <42715269.3010306@errno.com> <4272743A.2030003@savvis.net> <20050429182819.GP2670@funkthat.com> <42765799.6090201@savvis.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42765799.6090201@savvis.net> User-Agent: Mutt/1.4.1i X-Operating-System: FreeBSD 4.2-RELEASE i386 X-PGP-Fingerprint: B7 EC EF F8 AE ED A7 31 96 7A 22 B3 D8 56 36 F4 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html cc: Sten Spans cc: Julian Elischer cc: net@freebsd.org Subject: Re: if_tap unaligned access problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: John-Mark Gurney List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 18:09:14 -0000 Maksim Yevmenkin wrote this message on Mon, May 02, 2005 at 09:38 -0700: > >>>>>>i think we have few options here: > >>>>>> > >>>>>>1) revert back original tapwrite function that was changed in v. > >>>>>>1.48 and set offset to 2 bytes in top mbuf > >>>>>> > >>>>>>2) change current version of tapwrite so it would m_prepend and > >>>>>>m_pullup mbuf after m_uiotombuf > >>>>>> > >>>>>>3) change m_uiotombuf to accept one more parameter - mbuf offset at > >>>>>>which data should be copied. there are not that many users of > >>>>>>m_uiotombuf > >> > >>please find and review the attached patch (untested) that implements > >>option (3) above. > > any objections to the attached (revised) patch? can i commit it? > > thanks, > max > Index: sys/kern/uipc_mbuf.c > =================================================================== > RCS file: /home/ncvs/src/sys/kern/uipc_mbuf.c,v > retrieving revision 1.147 > diff -u -r1.147 uipc_mbuf.c > --- sys/kern/uipc_mbuf.c 17 Mar 2005 19:34:57 -0000 1.147 > +++ sys/kern/uipc_mbuf.c 2 May 2005 16:33:41 -0000 > @@ -1333,7 +1333,7 @@ > #endif > > struct mbuf * > -m_uiotombuf(struct uio *uio, int how, int len) > +m_uiotombuf(struct uio *uio, int how, int len, int align) > { > struct mbuf *m_new = NULL, *m_final = NULL; > int progress = 0, error = 0, length, total; > @@ -1342,12 +1342,15 @@ > total = min(uio->uio_resid, len); > else > total = uio->uio_resid; > - if (total > MHLEN) > + if (align >= MHLEN) > + goto nospace; > + if (total + align > MHLEN) I kinda noticed this a bit ago, but didn't think much of it till now... do we want to allow align >= MHLEN if total requires a cluster? since if we use a cluster, we'd have enough space for a larger align... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." From owner-freebsd-net@FreeBSD.ORG Mon May 2 18:20:48 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8971D16A4CE; Mon, 2 May 2005 18:20:48 +0000 (GMT) Received: from mailgate1b.savvis.net (mailgate1b.savvis.net [216.91.182.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id E381A43D46; Mon, 2 May 2005 18:20:47 +0000 (GMT) (envelope-from Maksim.Yevmenkin@savvis.net) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailgate1b.savvis.net (Postfix) with ESMTP id 53E173BF4A; Mon, 2 May 2005 13:20:47 -0500 (CDT) Received: from mailgate1b.savvis.net ([127.0.0.1]) by localhost (mailgate1b.savvis.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 00895-01-19; Mon, 2 May 2005 13:20:47 -0500 (CDT) Received: from out001.email.savvis.net (out001.apptix.savvis.net [216.91.32.44]) by mailgate1b.savvis.net (Postfix) with ESMTP id 0DA103BED4; Mon, 2 May 2005 13:20:46 -0500 (CDT) Received: from s228130hz1ew171.apptix-01.savvis.net ([10.146.4.29]) by out001.email.savvis.net with Microsoft SMTPSVC(6.0.3790.211); Mon, 2 May 2005 13:20:38 -0500 Received: from [10.254.186.111] ([66.35.239.94]) by s228130hz1ew171.apptix-01.savvis.net with Microsoft SMTPSVC(6.0.3790.211); Mon, 2 May 2005 13:20:27 -0500 Message-ID: <42766F6E.1060300@savvis.net> Date: Mon, 02 May 2005 11:20:30 -0700 From: Maksim Yevmenkin User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.2) Gecko/20040822 X-Accept-Language: en-us, en MIME-Version: 1.0 To: John-Mark Gurney References: <20050428135120.GB21428@cell.sick.ru> <427111BF.2050607@savvis.net> <42712BAA.4070201@elischer.org> <42715269.3010306@errno.com> <4272743A.2030003@savvis.net> <20050429182819.GP2670@funkthat.com> <42765799.6090201@savvis.net> <20050502180910.GV2670@funkthat.com> In-Reply-To: <20050502180910.GV2670@funkthat.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 02 May 2005 18:20:28.0034 (UTC) FILETIME=[9DE4AE20:01C54F43] X-Virus-Scanned: amavisd-new at savvis.net cc: Sten Spans cc: Julian Elischer cc: net@freebsd.org Subject: Re: if_tap unaligned access problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 18:20:48 -0000 John-Mark Gurney wrote: > Maksim Yevmenkin wrote this message on Mon, May 02, 2005 at 09:38 -0700: > >>>>>>>>i think we have few options here: >>>>>>>> >>>>>>>>1) revert back original tapwrite function that was changed in v. >>>>>>>>1.48 and set offset to 2 bytes in top mbuf >>>>>>>> >>>>>>>>2) change current version of tapwrite so it would m_prepend and >>>>>>>>m_pullup mbuf after m_uiotombuf >>>>>>>> >>>>>>>>3) change m_uiotombuf to accept one more parameter - mbuf offset at >>>>>>>>which data should be copied. there are not that many users of >>>>>>>>m_uiotombuf >>>> >>>>please find and review the attached patch (untested) that implements >>>>option (3) above. >> >>any objections to the attached (revised) patch? can i commit it? >> >>thanks, >>max > > >>Index: sys/kern/uipc_mbuf.c >>=================================================================== >>RCS file: /home/ncvs/src/sys/kern/uipc_mbuf.c,v >>retrieving revision 1.147 >>diff -u -r1.147 uipc_mbuf.c >>--- sys/kern/uipc_mbuf.c 17 Mar 2005 19:34:57 -0000 1.147 >>+++ sys/kern/uipc_mbuf.c 2 May 2005 16:33:41 -0000 >>@@ -1333,7 +1333,7 @@ >> #endif >> >> struct mbuf * >>-m_uiotombuf(struct uio *uio, int how, int len) >>+m_uiotombuf(struct uio *uio, int how, int len, int align) >> { >> struct mbuf *m_new = NULL, *m_final = NULL; >> int progress = 0, error = 0, length, total; >>@@ -1342,12 +1342,15 @@ >> total = min(uio->uio_resid, len); >> else >> total = uio->uio_resid; >>- if (total > MHLEN) >>+ if (align >= MHLEN) >>+ goto nospace; >>+ if (total + align > MHLEN) > > > I kinda noticed this a bit ago, but didn't think much of it till now... > do we want to allow align >= MHLEN if total requires a cluster? since > if we use a cluster, we'd have enough space for a larger align... > well, you got me here :) MHLEN is 200+ bytes, so i can not imagine why one would want to align something on 200+ bytes. i was kind of hoping that no one would ever need to align on anything greater then 128 bytes. perhaps i'm wrong here? thanks, max From owner-freebsd-net@FreeBSD.ORG Mon May 2 19:20:03 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D830816A4D2; Mon, 2 May 2005 19:20:03 +0000 (GMT) Received: from ford.blinkenlights.nl (ford.blinkenlights.nl [213.204.211.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 36DBC43D5C; Mon, 2 May 2005 19:20:03 +0000 (GMT) (envelope-from sten@blinkenlights.nl) Received: from tea.blinkenlights.nl (tea.blinkenlights.nl [192.168.1.21]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ford.blinkenlights.nl (Postfix) with ESMTP id 9152D3F294; Mon, 2 May 2005 21:20:01 +0200 (CEST) Received: by tea.blinkenlights.nl (Postfix, from userid 101) id 346B9272; Mon, 2 May 2005 21:20:01 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by tea.blinkenlights.nl (Postfix) with ESMTP id 2D8F479; Mon, 2 May 2005 21:20:01 +0200 (CEST) Date: Mon, 2 May 2005 21:20:01 +0200 (CEST) From: Sten Spans To: Maksim Yevmenkin In-Reply-To: <42765799.6090201@savvis.net> Message-ID: References: <20050428135120.GB21428@cell.sick.ru> <427111BF.2050607@savvis.net> <42712BAA.4070201@elischer.org> <42715269.3010306@errno.com> <4272743A.2030003@savvis.net> <20050429182819.GP2670@funkthat.com> <42765799.6090201@savvis.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: John-Mark Gurney cc: glebius@FreeBSD.org cc: Julian Elischer cc: net@freebsd.org Subject: Re: if_tap unaligned access problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 19:20:04 -0000 On Mon, 2 May 2005, Maksim Yevmenkin wrote: > Hello, > >>>>>>> i think we have few options here: >>>>>>> >>>>>>> 1) revert back original tapwrite function that was changed in v. 1.48 >>>>>>> and set offset to 2 bytes in top mbuf >>>>>>> >>>>>>> 2) change current version of tapwrite so it would m_prepend and >>>>>>> m_pullup mbuf after m_uiotombuf >>>>>>> >>>>>>> 3) change m_uiotombuf to accept one more parameter - mbuf offset at >>>>>>> which data should be copied. there are not that many users of >>>>>>> m_uiotombuf >>> >>> please find and review the attached patch (untested) that implements >>> option (3) above. > > any objections to the attached (revised) patch? can i commit it? I've tested the code on fbsd-current alpha and it fixes the crash. I was kinda waiting for somebody to test it on sparc, but that's taking a few days longer than expected. I may run a test on one of my own sparcs to verify the results. That said, the issue seems pretty clear-cut, as is the solution. -- Sten Spans "There is a crack in everything, that's how the light gets in." Leonard Cohen - Anthem From owner-freebsd-net@FreeBSD.ORG Mon May 2 19:46:46 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 389E216A4CE for ; Mon, 2 May 2005 19:46:46 +0000 (GMT) Received: from mail26.sea5.speakeasy.net (mail26.sea5.speakeasy.net [69.17.117.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id E4A0243D72 for ; Mon, 2 May 2005 19:46:45 +0000 (GMT) (envelope-from jmg@hydrogen.funkthat.com) Received: (qmail 12856 invoked from network); 2 May 2005 19:46:45 -0000 Received: from gate.funkthat.com (HELO hydrogen.funkthat.com) ([69.17.45.168]) (envelope-sender ) by mail26.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 2 May 2005 19:46:45 -0000 Received: from hydrogen.funkthat.com (uxoxqv@localhost.funkthat.com [127.0.0.1])j42Jkimo006126; Mon, 2 May 2005 12:46:44 -0700 (PDT) (envelope-from jmg@hydrogen.funkthat.com) Received: (from jmg@localhost) by hydrogen.funkthat.com (8.12.10/8.12.10/Submit) id j42JkX5u006125; Mon, 2 May 2005 12:46:33 -0700 (PDT) Date: Mon, 2 May 2005 12:46:33 -0700 From: John-Mark Gurney To: mc Message-ID: <20050502194633.GW2670@funkthat.com> Mail-Followup-To: mc , freebsd-net@freebsd.org References: <005b01c54f2c$a37f6e40$df63af0a@mcpm> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <005b01c54f2c$a37f6e40$df63af0a@mcpm> User-Agent: Mutt/1.4.1i X-Operating-System: FreeBSD 4.2-RELEASE i386 X-PGP-Fingerprint: B7 EC EF F8 AE ED A7 31 96 7A 22 B3 D8 56 36 F4 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html cc: freebsd-net@freebsd.org Subject: Re: gigabit ethernet (copper/fibre) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: John-Mark Gurney List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 19:46:46 -0000 mc wrote this message on Mon, May 02, 2005 at 23:35 +0800: > I would like to ask if anyone on the list could point me to some comparison > charts between optical fibre and copper gigabit ethernet connection? Right now copper is dirt cheap compared to fibre... Though you can pick up closely priced stuff off ebay... you can pay $25-$70 for copper gige, though you get what you pay for... most $25 cards are realtek based, and can't do unaligned dma transfers, and so will be more cpu intensive to use on sparc64 and other processers that doesn't support unaligned memory access... > recently I am seriously considering to upgrade some of my machines and > switches to gigabit speeds. seeing that the copper version is so much > cheaper than fibre (and easier maintenance too), I'd of course want to > deploy the copper version if possible, but I have no idea what is making the > big difference (besides the distance of the cable run?). The other thing is modern gige runs fine over your existing cat5 cables.. Just make sure you aren't splitting it in two, as gige needs all four pairs of wire to do gige... When I upgraded to gige, I didn't have to replace any wiring from my 100bt setup... > besides..could anyone suggest me with some gigabit nic and switches? (would > be great if you could tell me roughly the price! :) If you go copper, and don't want need a managed switch, go with SMC's SMC8505T or SMC8508T, as both support jumbo frames.. and only cost $100... Most other switch vendors don't support jumbo frames... > off topic: some time ago, I have tried using intel em(4) nics (tried both > onboard and desktop version) with a cisco 2950T. the speed was terrible - > even much worse than a $cheap fxp. is this because intel+cisco = > incompatible? or is this because copper cannot achieve good performance? > (sorry for having no meaningful stats to support my question...the test was > done some years ago and at that time I was too busy to follow up the > situation) I'm not sure, but I do know that em has better jumbo frame support than realtek based cards, and better checksum offloading support (it works :) )... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." From owner-freebsd-net@FreeBSD.ORG Mon May 2 20:04:18 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB08516A4CE; Mon, 2 May 2005 20:04:18 +0000 (GMT) Received: from mailhost.tao.org.uk (transwarp.tao.org.uk [212.135.162.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id BCDA643D6A; Mon, 2 May 2005 20:04:17 +0000 (GMT) (envelope-from joe@tao.org.uk) Received: from genius.tao.org.uk (genius.tao.org.uk [212.135.162.51]) by mailhost.tao.org.uk (Postfix) with ESMTP id EE56FA62E; Mon, 2 May 2005 21:04:16 +0100 (BST) Received: by genius.tao.org.uk (Postfix, from userid 100) id CF12F40E3; Mon, 2 May 2005 21:04:13 +0100 (BST) Date: Mon, 2 May 2005 21:04:13 +0100 From: Josef Karthauser To: current@freebsd.org Message-ID: <20050502200413.GB46745@genius.tao.org.uk> Mail-Followup-To: Josef Karthauser , current@freebsd.org, net@freebsd.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="5/uDoXvLw7AC5HRs" Content-Disposition: inline User-Agent: Mutt/1.5.9i cc: net@freebsd.org Subject: bridging and ipfw under 5.4-RC3. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 20:04:19 -0000 --5/uDoXvLw7AC5HRs Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I'm having a bit of trouble getting ipfw and bridging working under 5.4-RC3. I've just upgraded a 4.11 machine to RELENG_5_4 expecting the preexisting bridging configuration to work, but it doesn't. Or at least it does at boot time and then after a little while bridging just stops altogether. If I kldunload bridge and ipfw and then reload them I can get it working again, but only for a short period. Does anyone else see this too or is it just me? sysctl.conf: net.link.ether.bridge.enable=3D1 net.link.ether.bridge.ipfw=3D1 net.link.ether.bridge.config=3Dfxp0,fxp1 rc.conf: firewall_enable=3D"YES" firewall_script=3D"/etc/rc.firewall-ours" firewall_type=3D"ours" (The firewall rules aren't the problem here...) Any ideas how to debug this? Joe --=20 Josef Karthauser (joe@tao.org.uk) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D An eclectic mix of fact an= d theory. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --5/uDoXvLw7AC5HRs Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iEYEARECAAYFAkJ2h70ACgkQXVIcjOaxUBbg/ACg58TyDisMlhlhj/yu6jmxJBww 6WIAoIk70VywjmjDn5rqD/J9CvtqeESJ =eQD/ -----END PGP SIGNATURE----- --5/uDoXvLw7AC5HRs-- From owner-freebsd-net@FreeBSD.ORG Mon May 2 20:21:27 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3B30516A4D0; Mon, 2 May 2005 20:21:27 +0000 (GMT) Received: from mailhost.tao.org.uk (transwarp.tao.org.uk [212.135.162.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8EB5143D83; Mon, 2 May 2005 20:21:26 +0000 (GMT) (envelope-from joe@tao.org.uk) Received: from genius.tao.org.uk (genius.tao.org.uk [212.135.162.51]) by mailhost.tao.org.uk (Postfix) with ESMTP id 8F5D9A62F; Mon, 2 May 2005 21:21:25 +0100 (BST) Received: by genius.tao.org.uk (Postfix, from userid 100) id 767C340E3; Mon, 2 May 2005 21:21:22 +0100 (BST) Date: Mon, 2 May 2005 21:21:22 +0100 From: Josef Karthauser To: current@freebsd.org, net@freebsd.org Message-ID: <20050502202122.GC46745@genius.tao.org.uk> Mail-Followup-To: Josef Karthauser , current@freebsd.org, net@freebsd.org References: <20050502200413.GB46745@genius.tao.org.uk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xesSdrSSBC0PokLI" Content-Disposition: inline In-Reply-To: <20050502200413.GB46745@genius.tao.org.uk> User-Agent: Mutt/1.5.9i Subject: Re: bridging and ipfw under 5.4-RC3. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 20:21:27 -0000 --xesSdrSSBC0PokLI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 02, 2005 at 09:04:13PM +0100, Josef Karthauser wrote: > I'm having a bit of trouble getting ipfw and bridging working under > 5.4-RC3. I've just upgraded a 4.11 machine to RELENG_5_4 expecting the > preexisting bridging configuration to work, but it doesn't. Or at least > it does at boot time and then after a little while bridging just stops > altogether. If I kldunload bridge and ipfw and then reload them I can > get it working again, but only for a short period. Does anyone else see > this too or is it just me? Ok, refining the solution slightly. I can fix the problem by doing: # kldunload ipfw && kldload ipfw && /etc/netstart This clears the problem every time. Definitely smells like a bug to me. Joe --=20 Josef Karthauser (joe@tao.org.uk) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D An eclectic mix of fact an= d theory. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --xesSdrSSBC0PokLI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iEYEARECAAYFAkJ2i8IACgkQXVIcjOaxUBbyjgCcD9Q/ejfRnaNYBmuDLDSsp4YI RW4An0/Ld19CFqRXL4fcj3IaGXuu5o7d =V9e5 -----END PGP SIGNATURE----- --xesSdrSSBC0PokLI-- From owner-freebsd-net@FreeBSD.ORG Mon May 2 21:42:17 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 13F2316A4CF for ; Mon, 2 May 2005 21:42:17 +0000 (GMT) Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5868843D49 for ; Mon, 2 May 2005 21:42:14 +0000 (GMT) (envelope-from julian@elischer.org) Received: from [208.206.78.97] (julian.vicor-nb.com [208.206.78.97]) by mail.vicor-nb.com (Postfix) with ESMTP id 08D4D7A403; Mon, 2 May 2005 14:42:14 -0700 (PDT) Message-ID: <42769EB5.9080506@elischer.org> Date: Mon, 02 May 2005 14:42:13 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050423 X-Accept-Language: en, hu MIME-Version: 1.0 To: dnr References: <04b401c54edb$5eace280$9f90a8c0@DONATAS> In-Reply-To: <04b401c54edb$5eace280$9f90a8c0@DONATAS> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: netgraph debug X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 21:42:17 -0000 dnr wrote: >hello, >can anyone tell me now to enable netgraph debug and choose output file? >thnx > > that depends on what KIND of debuggi g you want to do.. do you : want to debug a new node type? want to debug a setup script? want to debug what a program is telling netgraph? >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Mon May 2 23:12:56 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3EDC916A4CF for ; Mon, 2 May 2005 23:12:56 +0000 (GMT) Received: from relay03.pair.com (relay03.pair.com [209.68.5.17]) by mx1.FreeBSD.org (Postfix) with SMTP id 5698943D7B for ; Mon, 2 May 2005 23:12:55 +0000 (GMT) (envelope-from silby@silby.com) Received: (qmail 3805 invoked from network); 2 May 2005 23:12:54 -0000 Received: from unknown (HELO localhost) (unknown) by unknown with SMTP; 2 May 2005 23:12:54 -0000 X-pair-Authenticated: 209.68.2.70 Date: Mon, 2 May 2005 18:12:44 -0500 (CDT) From: Mike Silbersack To: Bruce M Simpson In-Reply-To: <20050428165026.GG747@empiric.icir.org> Message-ID: <20050502180353.T787@odysseus.silby.com> References: <20050428135120.GB21428@cell.sick.ru> <427111BF.2050607@savvis.net> <20050428165026.GG747@empiric.icir.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: harti@FreeBSD.org cc: Gleb Smirnoff cc: net@FreeBSD.org cc: jmg@FreeBSD.org cc: Sten Spans Subject: Re: if_tap unaligned access problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 23:12:56 -0000 On Thu, 28 Apr 2005, Bruce M Simpson wrote: > jmg's suggestion of bringing in the NetBSD patches to allow the entire > network stack to be compiled with unaligned accesses (for those platforms > which support it) is interesting because it can simplify or eliminate > some of the acrobatics needed in network drivers to deal with the mbuf > alignment. I'm too lazy to benchmark, but I suspect that having the ethernet code shift the packet backwards by two bytes after it strips off the ethernet header is going to be faster than requiring ip_input to allocate a new mbuf for each received packet. Such a change would also ensure that we don't break all the other protocols that jmg didn't touch in his patch. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Mon May 2 23:35:41 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B8DB416A4CE; Mon, 2 May 2005 23:35:41 +0000 (GMT) Received: from ford.blinkenlights.nl (ford.blinkenlights.nl [213.204.211.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2DE0C43D5E; Mon, 2 May 2005 23:35:41 +0000 (GMT) (envelope-from sten@blinkenlights.nl) Received: from tea.blinkenlights.nl (tea.blinkenlights.nl [192.168.1.21]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ford.blinkenlights.nl (Postfix) with ESMTP id 00E1B3F294; Tue, 3 May 2005 01:35:39 +0200 (CEST) Received: by tea.blinkenlights.nl (Postfix, from userid 101) id 8EFEE272; Tue, 3 May 2005 01:35:39 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by tea.blinkenlights.nl (Postfix) with ESMTP id 6DE9979; Tue, 3 May 2005 01:35:39 +0200 (CEST) Date: Tue, 3 May 2005 01:35:39 +0200 (CEST) From: Sten Spans To: Mike Silbersack In-Reply-To: <20050502180353.T787@odysseus.silby.com> Message-ID: References: <20050428135120.GB21428@cell.sick.ru> <427111BF.2050607@savvis.net><20050502180353.T787@odysseus.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: harti@FreeBSD.org cc: Gleb Smirnoff cc: net@FreeBSD.org cc: jmg@FreeBSD.org Subject: Re: if_tap unaligned access problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 23:35:41 -0000 On Mon, 2 May 2005, Mike Silbersack wrote: > > On Thu, 28 Apr 2005, Bruce M Simpson wrote: > >> jmg's suggestion of bringing in the NetBSD patches to allow the entire >> network stack to be compiled with unaligned accesses (for those platforms >> which support it) is interesting because it can simplify or eliminate >> some of the acrobatics needed in network drivers to deal with the mbuf >> alignment. > > I'm too lazy to benchmark, but I suspect that having the ethernet code shift > the packet backwards by two bytes after it strips off the ethernet header is > going to be faster than requiring ip_input to allocate a new mbuf for each > received packet. > > Such a change would also ensure that we don't break all the other protocols > that jmg didn't touch in his patch. For the if_tap case fixing the driver ( or rather changing m_uiotombuf ) is definately the correct solution. No sensible person would say otherwise. Once the if_tap change is properly tested and signed off it should make it into the tree. But on the proposed alignment changes: If you would look at the netbsd url ( http://mail-index.netbsd.org/source-changes/2002/07/01/0001.html ) You would see that: 1- This code only triggers for strict alignment architectures No inpact for i386 and amd64. 2- This code only triggers when the protocol header is unaligned. If the l2 driver is ok then this code won't be triggered. 3- Only the link headers are aligned, not the entire mbuf(chain). This should limit the performance impact quite a bit. It might even alow us to eliminate quite a bit of ugly mbuf juggling in certain drivers. http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet/ip_input.c.diff?r1=1.153&r2=1.154&f=h ( Or the comments are incorrect, and I need to do more code reading :) To summarize: These changes will stop kernel crashes on alpha and sparc for drivers which are currently broken. All the drivers which currently work will not trigger this code. I haven't looked at every drivers but this change looks quite a bit cleaner than most of the tricks pulled in ethernet drivers, especially when jumboframes are involved. Netbsd has had 3 years to test this code, it can't be all bad :) -- Sten Spans "There is a crack in everything, that's how the light gets in." Leonard Cohen - Anthem From owner-freebsd-net@FreeBSD.ORG Tue May 3 00:57:01 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 74CA916A4CE for ; Tue, 3 May 2005 00:57:01 +0000 (GMT) Received: from relay03.pair.com (relay03.pair.com [209.68.5.17]) by mx1.FreeBSD.org (Postfix) with SMTP id 3C40F43D7B for ; Tue, 3 May 2005 00:57:00 +0000 (GMT) (envelope-from silby@silby.com) Received: (qmail 15576 invoked from network); 3 May 2005 00:56:58 -0000 Received: from unknown (HELO localhost) (unknown) by unknown with SMTP; 3 May 2005 00:56:58 -0000 X-pair-Authenticated: 209.68.2.70 Date: Mon, 2 May 2005 19:56:49 -0500 (CDT) From: Mike Silbersack To: Sten Spans In-Reply-To: Message-ID: <20050502194640.Q3199@odysseus.silby.com> References: <20050428135120.GB21428@cell.sick.ru> <427111BF.2050607@savvis.net><20050502180353.T787@odysseus.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: harti@FreeBSD.org cc: Gleb Smirnoff cc: net@FreeBSD.org cc: jmg@FreeBSD.org Subject: Re: if_tap unaligned access problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 May 2005 00:57:01 -0000 On Tue, 3 May 2005, Sten Spans wrote: > For the if_tap case fixing the driver ( or rather changing m_uiotombuf ) > is definately the correct solution. No sensible person would say otherwise. > Once the if_tap change is properly tested and signed off it should > make it into the tree. Yes, that makes sense. > But on the proposed alignment changes: > > If you would look at the netbsd url ( > http://mail-index.netbsd.org/source-changes/2002/07/01/0001.html ) As I said above, just leave the IP stack alone and put the (conditional on non-i386) code around line 731 of if_ethersubr.c: /* If the CRC is still on the packet, trim it off. */ if (m->m_flags & M_HASFCS) { m_adj(m, -ETHER_CRC_LEN); m->m_flags &= ~M_HASFCS; } <-- here switch (ether_type) { #ifdef INET case ETHERTYPE_IP: Then you cover all the protocols at once. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Tue May 3 07:34:56 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D51BB16A4CE; Tue, 3 May 2005 07:34:56 +0000 (GMT) Received: from ford.blinkenlights.nl (ford.blinkenlights.nl [213.204.211.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6133A43D2F; Tue, 3 May 2005 07:34:56 +0000 (GMT) (envelope-from sten@blinkenlights.nl) Received: from tea.blinkenlights.nl (tea.blinkenlights.nl [IPv6:2001:960:301:3:a00:20ff:fe85:fa39]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ford.blinkenlights.nl (Postfix) with ESMTP id 2BF653F294; Tue, 3 May 2005 09:34:55 +0200 (CEST) Received: by tea.blinkenlights.nl (Postfix, from userid 101) id 3F5A431D; Tue, 3 May 2005 09:07:30 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by tea.blinkenlights.nl (Postfix) with ESMTP id 13EE130E; Tue, 3 May 2005 09:07:30 +0200 (CEST) Date: Tue, 3 May 2005 09:07:30 +0200 (CEST) From: Sten Spans To: Mike Silbersack In-Reply-To: <20050502194640.Q3199@odysseus.silby.com> Message-ID: References: <20050428135120.GB21428@cell.sick.ru> <427111BF.2050607@savvis.net><20050502180353.T787@odysseus.silby.com> <20050502194640.Q3199@odysseus.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: harti@FreeBSD.org cc: Gleb Smirnoff cc: net@FreeBSD.org cc: jmg@FreeBSD.org Subject: Re: if_tap unaligned access problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 May 2005 07:34:57 -0000 On Mon, 2 May 2005, Mike Silbersack wrote: > > On Tue, 3 May 2005, Sten Spans wrote: > >> For the if_tap case fixing the driver ( or rather changing m_uiotombuf ) >> is definately the correct solution. No sensible person would say otherwise. >> Once the if_tap change is properly tested and signed off it should >> make it into the tree. > > Yes, that makes sense. > >> But on the proposed alignment changes: >> >> If you would look at the netbsd url ( >> http://mail-index.netbsd.org/source-changes/2002/07/01/0001.html ) > > As I said above, just leave the IP stack alone and put the (conditional on > non-i386) code around line 731 of if_ethersubr.c: > > /* If the CRC is still on the packet, trim it off. */ > if (m->m_flags & M_HASFCS) { > m_adj(m, -ETHER_CRC_LEN); > m->m_flags &= ~M_HASFCS; > } > <-- here > switch (ether_type) { > #ifdef INET > case ETHERTYPE_IP: > > Then you cover all the protocols at once. Well it's pretty hard to only align the l3 protocol header in the ethernet code ... -- Sten Spans "There is a crack in everything, that's how the light gets in." Leonard Cohen - Anthem From owner-freebsd-net@FreeBSD.ORG Wed May 4 00:33:27 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A1F5A16A4CE for ; Wed, 4 May 2005 00:33:27 +0000 (GMT) Received: from web53907.mail.yahoo.com (web53907.mail.yahoo.com [206.190.36.217]) by mx1.FreeBSD.org (Postfix) with SMTP id 1DF8343D1F for ; Wed, 4 May 2005 00:33:27 +0000 (GMT) (envelope-from fetrovsky@yahoo.com) Received: (qmail 45605 invoked by uid 60001); 4 May 2005 00:33:21 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=aJLf5Eu1lVNnTJ81UOKGnzNRBOSunbDbv1/6VgZI82rhvpeLw+2R0qBcbGWVIcr1EHpNf2Iwj//SK31fkQvZHGFGzMx26OYJqGgcWGUTfvJpKErK03/caBo8siIMkVHHFImvxLXBoksatcSPD091erhrusd3bGYzMaDLm2QboBY= ; Message-ID: <20050504003321.45603.qmail@web53907.mail.yahoo.com> Received: from [128.195.64.98] by web53907.mail.yahoo.com via HTTP; Tue, 03 May 2005 17:33:21 PDT Date: Tue, 3 May 2005 17:33:21 -0700 (PDT) From: Daniel Valencia To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: sending MAC packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 00:33:27 -0000 Hello all I'm doing research on network-layer protocols, so I need a way to send packets straight into layer 2. So far i've been reffered to raw sockets, but i've read the code and i cannot skip header checking and that stuff... Is there a way to interact with the network if in a way that I can get network parameters (mtu, etc.) and send packets (specify destination mac address and payload)?? Thank you - Daniel __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-net@FreeBSD.ORG Wed May 4 00:52:54 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 603D216A4CE for ; Wed, 4 May 2005 00:52:54 +0000 (GMT) Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4050743D5F for ; Wed, 4 May 2005 00:52:54 +0000 (GMT) (envelope-from julian@elischer.org) Received: from [208.206.78.97] (julian.vicor-nb.com [208.206.78.97]) by mail.vicor-nb.com (Postfix) with ESMTP id 243437A41E; Tue, 3 May 2005 17:52:51 -0700 (PDT) Message-ID: <42781CE2.4090805@elischer.org> Date: Tue, 03 May 2005 17:52:50 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050423 X-Accept-Language: en, hu MIME-Version: 1.0 To: Daniel Valencia References: <20050504003321.45603.qmail@web53907.mail.yahoo.com> In-Reply-To: <20050504003321.45603.qmail@web53907.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: sending MAC packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 00:52:54 -0000 Daniel Valencia wrote: >Hello all > >I'm doing research on network-layer protocols, so I >need a way to send packets straight into layer 2. So >far i've been reffered to raw sockets, but i've read >the code and i cannot skip header checking and that >stuff... Is there a way to interact with the network >if in a way that I can get network parameters (mtu, >etc.) and send packets (specify destination mac >address and payload)?? > >Thank you > >- Daniel > > libpcap is one way using bpf.. also netgraph can do that in a more 'brute force' manner > > >__________________________________________________ >Do You Yahoo!? >Tired of spam? Yahoo! Mail has the best spam protection around >http://mail.yahoo.com >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Wed May 4 00:58:10 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0781516A4CE for ; Wed, 4 May 2005 00:58:10 +0000 (GMT) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id B4B7943D53 for ; Wed, 4 May 2005 00:58:09 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin07-en2 [10.13.10.152]) id j440w6Yi000958; Tue, 3 May 2005 17:58:06 -0700 (PDT) Received: from [192.168.1.6] (pool-68-161-53-96.ny325.east.verizon.net [68.161.53.96]) (authenticated bits=0)j440w5o3011269; Tue, 3 May 2005 17:58:06 -0700 (PDT) In-Reply-To: <20050504003321.45603.qmail@web53907.mail.yahoo.com> References: <20050504003321.45603.qmail@web53907.mail.yahoo.com> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <8253029d47916eaad3e18a1cf92440c9@mac.com> Content-Transfer-Encoding: 7bit From: Charles Swiger Date: Tue, 3 May 2005 20:58:04 -0400 To: Daniel Valencia X-Mailer: Apple Mail (2.622) cc: freebsd-net@freebsd.org Subject: Re: sending MAC packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 00:58:10 -0000 On May 3, 2005, at 8:33 PM, Daniel Valencia wrote: > I'm doing research on network-layer protocols, so I > need a way to send packets straight into layer 2. So > far i've been reffered to raw sockets, but i've read > the code and i cannot skip header checking and that > stuff... Is there a way to interact with the network > if in a way that I can get network parameters (mtu, > etc.) and send packets (specify destination mac > address and payload)?? A non-portable mechanism for doing so is called the BPF, which is used by the ISC DHCP software and other programs to create packets at a low level. Another option would be the libnet library, which will use the BPF on BSD-derived systems, but will also work on Solaris and other platforms which want/need to use other mechanisms to inject packets. Be aware that the network stack may still alter packets somewhat, although less so than trying to go through the raw socket interface. This is particularly the case if hardware functionality like TXCSUM is enabled; you may not be able to forge the sender MAC address, either, although changing the destination MAC addr ought to be fine. -- -Chuck From owner-freebsd-net@FreeBSD.ORG Wed May 4 03:40:29 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B114D16A4CE for ; Wed, 4 May 2005 03:40:29 +0000 (GMT) Received: from lakermmtao09.cox.net (lakermmtao09.cox.net [68.230.240.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1223743D53 for ; Wed, 4 May 2005 03:40:29 +0000 (GMT) (envelope-from gandalf@digital.net) Received: from [192.168.1.94] (really [68.0.104.119]) by lakermmtao09.cox.net (InterMail vM.6.01.04.00 201-2131-118-20041027) with ESMTP id <20050504034026.EYZD6804.lakermmtao09.cox.net@[192.168.1.94]>; Tue, 3 May 2005 23:40:26 -0400 User-Agent: Microsoft-Entourage/10.1.6.040913.0 Date: Tue, 03 May 2005 22:40:12 -0500 From: Gandalf The White To: Daniel Valencia , Message-ID: In-Reply-To: <20050504003321.45603.qmail@web53907.mail.yahoo.com> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Subject: Re: sending MAC packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 03:40:29 -0000 Greetings and Salutations: On 5/3/05 7:33 PM, "Daniel Valencia" wrote: > I'm doing research on network-layer protocols, so I > need a way to send packets straight into layer 2. So > far i've been reffered to raw sockets, but i've read > the code and i cannot skip header checking and that > stuff... Is there a way to interact with the network > if in a way that I can get network parameters (mtu, > etc.) and send packets (specify destination mac > address and payload)?? > Thank you > - Daniel Try netwib/netwox/netwag. Netwag has a nice GUI: http://www.laurentconstantin.com/en/ Ken --------------------------------------------------------------- Do not meddle in the affairs of wizards for they are subtle and quick to anger. Ken Hollis - Gandalf The White - gandalf@digital.net - O- TINLC WWW Page - http://digital.net/~gandalf/ Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html Trolls crossposts - http://digital.net/~gandalf/trollfaq.html From owner-freebsd-net@FreeBSD.ORG Wed May 4 12:04:26 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0409016A4D0 for ; Wed, 4 May 2005 12:04:26 +0000 (GMT) Received: from mail.packetfront.com (mail.packetfront.com [212.247.6.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF1E743D7E for ; Wed, 4 May 2005 12:04:23 +0000 (GMT) (envelope-from raglon@packetfront.com) Received: from localhost (localhost [127.0.0.1]) by mail.packetfront.com (Postfix) with ESMTP id A6C58A3F73; Wed, 4 May 2005 14:03:37 +0200 (CEST) Received: from mail.packetfront.com ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 19526-01; Wed, 4 May 2005 14:03:37 +0200 (CEST) Received: from [192.168.1.159] (pf-raglon.int.packetfront.com [192.168.1.159]) by mail.packetfront.com (Postfix) with ESMTP id 683E5A3F6E; Wed, 4 May 2005 14:03:37 +0200 (CEST) Message-ID: <4278BA03.2040405@packetfront.com> Date: Wed, 04 May 2005 14:03:15 +0200 From: Ragnar Lonn User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Julian Elischer References: <4270EC8B.2030706@packetfront.com> <4272B4B2.4070407@elischer.org> In-Reply-To: <4272B4B2.4070407@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at packetfront.com cc: freebsd-net@freebsd.org Subject: Re: Virtual network stacks in FreeBSD? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 12:04:26 -0000 Julian Elischer wrote: > > > Ragnar Lonn wrote: > >> Hello all, >> >> Does anyone know if virtual network stack support (as implemented at >> http://www.tel.fer.hr/zec/vimage/) is on the roadmap for future >> FreeBSD releases? > > > > that depends on who you are talking to :-) > the problems are not with the concept of virtual network stacks > but with how you make them virtual and still support loadable modules > and protocols. > It is theoretically possible but it requires that there be an > infrastructure to allow > loadble modules to link into and out of exisiting virtual worlds. > > What Marco did is very good but it is limited to those modules that > are compiled in in > that manner. > I would like to do it but the scope just keeps growing when you look > into what it > would require. > Especially in 5.x/6.x where the emphasis has been in making more and > more of > the system loadable. Ok, here is a dumb question! Would it be possible to have multiple network stack support available as a kernel compile option that, if enabled, disabled other functionality that conflicted with it? I would guess that few people need to have multiple network stacks on their systems and that those who do might be able to accept the loss of other functionality to get this feature. /Ragnar From owner-freebsd-net@FreeBSD.ORG Wed May 4 14:25:01 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 615F316A4CE; Wed, 4 May 2005 14:25:01 +0000 (GMT) Received: from mailhost.tao.org.uk (transwarp.tao.org.uk [212.135.162.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id ED3FA43D1F; Wed, 4 May 2005 14:25:00 +0000 (GMT) (envelope-from joe@tao.org.uk) Received: from genius.tao.org.uk (genius.pact.cpes.susx.ac.uk [139.184.130.240]) by mailhost.tao.org.uk (Postfix) with ESMTP id 87F66A633; Wed, 4 May 2005 15:24:30 +0100 (BST) Received: by genius.tao.org.uk (Postfix, from userid 100) id 5759D40C2; Wed, 4 May 2005 15:24:25 +0100 (BST) Date: Wed, 4 May 2005 15:24:25 +0100 From: Josef Karthauser To: current@freebsd.org, net@freebsd.org Message-ID: <20050504142425.GB710@genius.pact.cpes.susx.ac.uk> Mail-Followup-To: Josef Karthauser , current@freebsd.org, net@freebsd.org References: <20050502200413.GB46745@genius.tao.org.uk> <20050502202122.GC46745@genius.tao.org.uk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xXmbgvnjoT4axfJE" Content-Disposition: inline In-Reply-To: <20050502202122.GC46745@genius.tao.org.uk> User-Agent: Mutt/1.5.9i Subject: ipfw broken with bridge under 5.x (5.3 and 5.4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 14:25:01 -0000 --xXmbgvnjoT4axfJE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable It appear that ipfw doesn't work with bridge in 5.3 and 5.4. The symptoms are that the bridge stops forwarding packets altogether, for me a few minutes after it is set up. It takes a # net.link.ether.bridge_ipfw=3D0 && sleep 5 && net.link.ether.bridge_ipfw= =3D1 to get it back up and running, which it does, but only for a few minutes before it stops working again. The five second sleep is sometimes too long, and sometimes not enough time. Would someone in the know be able to help me to trouble shoot it? (I'm scared of ipfw! :). Thanks! Joe --=20 Josef Karthauser (joe@tao.org.uk) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D An eclectic mix of fact an= d theory. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --xXmbgvnjoT4axfJE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iEYEARECAAYFAkJ42xgACgkQXVIcjOaxUBbaCACg62qFPZEJMbfEWYvqmZgPlMnV nNgAmgKGwkmYB6oOAg19nCSP4qVuMleQ =bsfd -----END PGP SIGNATURE----- --xXmbgvnjoT4axfJE-- From owner-freebsd-net@FreeBSD.ORG Wed May 4 14:48:07 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C061516A4CE; Wed, 4 May 2005 14:48:07 +0000 (GMT) Received: from 62-15-215-178.inversas.jazztel.es (62-15-215-178.inversas.jazztel.es [62.15.215.178]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7CA9643D62; Wed, 4 May 2005 14:48:04 +0000 (GMT) (envelope-from josemi@freebsd.jazztel.es) Received: from redesjm.local (orion.redesjm.local [192.168.254.16]) j44ElYDx001658; Wed, 4 May 2005 16:47:34 +0200 (CEST) (envelope-from josemi@freebsd.jazztel.es) Received: from localhost (localhost [[UNIX: localhost]]) by redesjm.local (8.13.3/8.13.3/Submit) id j44ElX4J095042; Wed, 4 May 2005 16:47:33 +0200 (CEST) (envelope-from josemi@freebsd.jazztel.es) X-Authentication-Warning: orion.redesjm.local: josemi set sender to josemi@freebsd.jazztel.es using -f From: Jose M Rodriguez Organization: Redes JM To: freebsd-current@freebsd.org Date: Wed, 4 May 2005 16:47:32 +0200 User-Agent: KMail/1.8 References: <20050502200413.GB46745@genius.tao.org.uk> <20050502202122.GC46745@genius.tao.org.uk> <20050504142425.GB710@genius.pact.cpes.susx.ac.uk> In-Reply-To: <20050504142425.GB710@genius.pact.cpes.susx.ac.uk> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-13" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200505041647.33609.josemi@freebsd.jazztel.es> X-AntiVirus: checked by AntiVir Milter (version: 1.1.0-3; AVE: 6.30.0.12; VDF: 6.30.0.157; host: antares.redesjm.local) cc: current@freebsd.org cc: net@freebsd.org Subject: Re: ipfw broken with bridge under 5.x (5.3 and 5.4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 14:48:07 -0000 El Mi=E9rcoles, 4 de Mayo de 2005 16:24, Josef Karthauser escribi=F3: > It appear that ipfw doesn't work with bridge in 5.3 and 5.4. The > symptoms are that the bridge stops forwarding packets altogether, > for me a few minutes after it is set up. It takes a > > # net.link.ether.bridge_ipfw=3D0 && sleep 5 && > net.link.ether.bridge_ipfw=3D1 > > to get it back up and running, which it does, but only for a few > minutes before it stops working again. The five second sleep is > sometimes too long, and sometimes not enough time. > > Would someone in the know be able to help me to trouble shoot it? > (I'm scared of ipfw! :). > > Thanks! > Joe Are your rules stopping arp or so? Remember make pass this kind of=20 traffic at layer2. =2D- josemi From owner-freebsd-net@FreeBSD.ORG Wed May 4 15:16:29 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C07E316A4CE for ; Wed, 4 May 2005 15:16:29 +0000 (GMT) Received: from 62-15-215-178.inversas.jazztel.es (62-15-215-178.inversas.jazztel.es [62.15.215.178]) by mx1.FreeBSD.org (Postfix) with ESMTP id ACB0D43D49 for ; Wed, 4 May 2005 15:16:28 +0000 (GMT) (envelope-from josemi@freebsd.jazztel.es) Received: from redesjm.local (orion.redesjm.local [192.168.254.16]) j44FFMGK001757 for ; Wed, 4 May 2005 17:15:22 +0200 (CEST) (envelope-from josemi@freebsd.jazztel.es) Received: from localhost (localhost [[UNIX: localhost]]) by redesjm.local (8.13.3/8.13.3/Submit) id j44FFM5H095234 for net@freebsd.org; Wed, 4 May 2005 17:15:22 +0200 (CEST) (envelope-from josemi@freebsd.jazztel.es) X-Authentication-Warning: orion.redesjm.local: josemi set sender to josemi@freebsd.jazztel.es using -f From: Jose M Rodriguez Organization: Redes JM Date: Wed, 4 May 2005 17:15:21 +0200 User-Agent: KMail/1.8 References: <20050502200413.GB46745@genius.tao.org.uk> <20050504142425.GB710@genius.pact.cpes.susx.ac.uk> <200505041647.33609.josemi@freebsd.jazztel.es> In-Reply-To: <200505041647.33609.josemi@freebsd.jazztel.es> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-13" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline To: "Undisclosed.Recipients": ; Message-Id: <200505041715.22110.josemi@freebsd.jazztel.es> X-AntiVirus: checked by AntiVir Milter (version: 1.1.0-3; AVE: 6.30.0.12; VDF: 6.30.0.157; host: antares.redesjm.local) cc: net@freebsd.org Subject: Re: ipfw broken with bridge under 5.x (5.3 and 5.4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 15:16:29 -0000 El Mi=E9rcoles, 4 de Mayo de 2005 16:47, Jose M Rodriguez escribi=F3: > El Mi=E9rcoles, 4 de Mayo de 2005 16:24, Josef Karthauser escribi=F3: > > It appear that ipfw doesn't work with bridge in 5.3 and 5.4. The > > symptoms are that the bridge stops forwarding packets altogether, > > for me a few minutes after it is set up. It takes a > > > > # net.link.ether.bridge_ipfw=3D0 && sleep 5 && > > net.link.ether.bridge_ipfw=3D1 > > > > to get it back up and running, which it does, but only for a few > > minutes before it stops working again. The five second sleep is > > sometimes too long, and sometimes not enough time. > > > > Would someone in the know be able to help me to trouble shoot it? > > (I'm scared of ipfw! :). > > > > Thanks! > > Joe > > Are your rules stopping arp or so? Remember make pass this kind of > traffic at layer2. > sorry, forgot the rule. Try something like this at the beginning of=20 your ruleset: pass not ip from any to any layer2 =2D- josemi From owner-freebsd-net@FreeBSD.ORG Wed May 4 17:13:55 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AEBB216A4CF; Wed, 4 May 2005 17:13:55 +0000 (GMT) Received: from mail-gw0.york.ac.uk (mail-gw0.york.ac.uk [144.32.128.245]) by mx1.FreeBSD.org (Postfix) with ESMTP id 63C7943D54; Wed, 4 May 2005 17:13:54 +0000 (GMT) (envelope-from gavin.atkinson@ury.york.ac.uk) Received: from buffy.york.ac.uk (buffy-128.york.ac.uk [144.32.128.165]) by mail-gw0.york.ac.uk (8.12.10/8.12.10) with ESMTP id j44HDOGw024441; Wed, 4 May 2005 18:13:24 +0100 (BST) Received: from buffy.york.ac.uk (localhost [127.0.0.1]) by buffy.york.ac.uk (8.13.3/8.13.1) with ESMTP id j44HDOua049905; Wed, 4 May 2005 18:13:24 +0100 (BST) (envelope-from gavin.atkinson@ury.york.ac.uk) Received: (from ga9@localhost) by buffy.york.ac.uk (8.13.3/8.13.1/Submit) id j44HDNxt049904; Wed, 4 May 2005 18:13:23 +0100 (BST) (envelope-from gavin.atkinson@ury.york.ac.uk) X-Authentication-Warning: buffy.york.ac.uk: ga9 set sender to gavin.atkinson@ury.york.ac.uk using -f From: Gavin Atkinson To: Josef Karthauser In-Reply-To: <20050504142425.GB710@genius.pact.cpes.susx.ac.uk> References: <20050502200413.GB46745@genius.tao.org.uk> <20050502202122.GC46745@genius.tao.org.uk> <20050504142425.GB710@genius.pact.cpes.susx.ac.uk> Content-Type: text/plain Content-Transfer-Encoding: 7bit Date: Wed, 04 May 2005 18:13:22 +0100 Message-Id: <1115226802.49427.16.camel@buffy.york.ac.uk> Mime-Version: 1.0 X-Mailer: Evolution 2.2.1.1 FreeBSD GNOME Team Port X-York-MailScanner: Found to be clean X-York-MailScanner-From: gavin.atkinson@ury.york.ac.uk cc: current@freebsd.org cc: net@freebsd.org Subject: Re: ipfw broken with bridge under 5.x (5.3 and 5.4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 17:13:55 -0000 On Wed, 2005-05-04 at 15:24 +0100, Josef Karthauser wrote: > It appear that ipfw doesn't work with bridge in 5.3 and 5.4. The > symptoms are that the bridge stops forwarding packets altogether, > for me a few minutes after it is set up. It takes a > > # net.link.ether.bridge_ipfw=0 && sleep 5 && net.link.ether.bridge_ipfw=1 > > to get it back up and running, which it does, but only for a few > minutes before it stops working again. The five second sleep is > sometimes too long, and sometimes not enough time. I believe I am seeing similar problems to you, though uptime for me is generally measurable in days rather than minutes. I've found that adding an explicit "allow all from any to any" and then removing it again seems to get it working. I will test your solution when mine fails again. The comment about arp is an interesting one, I will see what I can find out. I have however seen situations where (eg) UDP DNS through the bridge works but web traffic or terminal services etc may not. If you want to share firewall rules and other configuration with me off-list to see if there are any similarities I'd be happy to help. Gavin From owner-freebsd-net@FreeBSD.ORG Wed May 4 17:19:51 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED82416A4CE; Wed, 4 May 2005 17:19:51 +0000 (GMT) Received: from mailhost.tao.org.uk (transwarp.tao.org.uk [212.135.162.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id C6B5943D4C; Wed, 4 May 2005 17:19:46 +0000 (GMT) (envelope-from joe@tao.org.uk) Received: from genius.tao.org.uk (genius.tao.org.uk [212.135.162.51]) by mailhost.tao.org.uk (Postfix) with ESMTP id 1FDDFA62B; Wed, 4 May 2005 18:18:57 +0100 (BST) Received: by genius.tao.org.uk (Postfix, from userid 100) id AA7D940C2; Wed, 4 May 2005 18:18:51 +0100 (BST) Date: Wed, 4 May 2005 18:18:51 +0100 From: Josef Karthauser To: Gavin Atkinson Message-ID: <20050504171851.GB1863@genius.tao.org.uk> Mail-Followup-To: Josef Karthauser , Gavin Atkinson , current@freebsd.org, net@freebsd.org References: <20050502200413.GB46745@genius.tao.org.uk> <20050502202122.GC46745@genius.tao.org.uk> <20050504142425.GB710@genius.pact.cpes.susx.ac.uk> <1115226802.49427.16.camel@buffy.york.ac.uk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xgyAXRrhYN0wYx8y" Content-Disposition: inline In-Reply-To: <1115226802.49427.16.camel@buffy.york.ac.uk> User-Agent: Mutt/1.5.9i cc: current@freebsd.org cc: net@freebsd.org Subject: Re: ipfw broken with bridge under 5.x (5.3 and 5.4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 17:19:52 -0000 --xgyAXRrhYN0wYx8y Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 04, 2005 at 06:13:22PM +0100, Gavin Atkinson wrote: >=20 > I believe I am seeing similar problems to you, though uptime for me is > generally measurable in days rather than minutes. I've found that > adding an explicit "allow all from any to any" and then removing it > again seems to get it working. I will test your solution when mine > fails again. >=20 > The comment about arp is an interesting one, I will see what I can find > out. I have however seen situations where (eg) UDP DNS through the > bridge works but web traffic or terminal services etc may not. >=20 > If you want to share firewall rules and other configuration with me > off-list to see if there are any similarities I'd be happy to help. >=20 It appears that the solution is obtained by adding the rule: allow ip from any to any layer2 mac-type arp to the beginning of the firewall list. IPFW2 drops non-IP traffic whereas IPFW1 passes it though. This is the reason why my configuration stopped working after the upgrade. Joe --=20 Josef Karthauser (joe@tao.org.uk) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D An eclectic mix of fact an= d theory. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --xgyAXRrhYN0wYx8y Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iEYEARECAAYFAkJ5A/oACgkQXVIcjOaxUBbWrwCfTdf/Kzskv+gyc1VkJ4ftL5sr 9KEAn2c0/dChDA2sceAHBSz6wR82Yjs4 =MkkV -----END PGP SIGNATURE----- --xgyAXRrhYN0wYx8y-- From owner-freebsd-net@FreeBSD.ORG Wed May 4 18:42:26 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD65416A4CE; Wed, 4 May 2005 18:42:26 +0000 (GMT) Received: from ford.blinkenlights.nl (ford.blinkenlights.nl [213.204.211.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0EF3C43D5D; Wed, 4 May 2005 18:42:26 +0000 (GMT) (envelope-from sten@blinkenlights.nl) Received: from tea.blinkenlights.nl (tea.blinkenlights.nl [192.168.1.21]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ford.blinkenlights.nl (Postfix) with ESMTP id 275F73F294; Wed, 4 May 2005 20:42:03 +0200 (CEST) Received: by tea.blinkenlights.nl (Postfix, from userid 101) id C0A2527D; Wed, 4 May 2005 20:42:02 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by tea.blinkenlights.nl (Postfix) with ESMTP id AD252156; Wed, 4 May 2005 20:42:02 +0200 (CEST) Date: Wed, 4 May 2005 20:42:02 +0200 (CEST) From: Sten Spans To: Maksim Yevmenkin In-Reply-To: Message-ID: References: <20050428135120.GB21428@cell.sick.ru> <427111BF.2050607@savvis.net> <42712BAA.4070201@elischer.org> <42715269.3010306@errno.com> <4272743A.2030003@savvis.net> <20050429182819.GP2670@funkthat.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: John-Mark Gurney cc: glebius@FreeBSD.org cc: Julian Elischer cc: net@freebsd.org Subject: Re: if_tap unaligned access problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 18:42:26 -0000 On Mon, 2 May 2005, Sten Spans wrote: > On Mon, 2 May 2005, Maksim Yevmenkin wrote: > >> Hello, >> >>>>>>>> i think we have few options here: >>>>>>>> >>>>>>>> 1) revert back original tapwrite function that was changed in v. 1.48 >>>>>>>> and set offset to 2 bytes in top mbuf >>>>>>>> >>>>>>>> 2) change current version of tapwrite so it would m_prepend and >>>>>>>> m_pullup mbuf after m_uiotombuf >>>>>>>> >>>>>>>> 3) change m_uiotombuf to accept one more parameter - mbuf offset at >>>>>>>> which data should be copied. there are not that many users of >>>>>>>> m_uiotombuf >>>> >>>> please find and review the attached patch (untested) that implements >>>> option (3) above. >> >> any objections to the attached (revised) patch? can i commit it? > > > I've tested the code on fbsd-current alpha and it fixes > the crash. I was kinda waiting for somebody to test it on > sparc, but that's taking a few days longer than expected. > I may run a test on one of my own sparcs to verify > the results. > > That said, the issue seems pretty clear-cut, as is the solution. I've gotten confirmation that the patch also fixes the crash on RELENG_5/sparc64. Please commit. -- Sten Spans "There is a crack in everything, that's how the light gets in." Leonard Cohen - Anthem From owner-freebsd-net@FreeBSD.ORG Wed May 4 19:01:55 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A980B16A4CE; Wed, 4 May 2005 19:01:55 +0000 (GMT) Received: from mailgate1b.savvis.net (mailgate1b.savvis.net [216.91.182.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 58D1D43D6D; Wed, 4 May 2005 19:01:55 +0000 (GMT) (envelope-from Maksim.Yevmenkin@savvis.net) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailgate1b.savvis.net (Postfix) with ESMTP id 52F973BEC5; Wed, 4 May 2005 14:01:28 -0500 (CDT) Received: from mailgate1b.savvis.net ([127.0.0.1]) by localhost (mailgate1b.savvis.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 15291-01-11; Wed, 4 May 2005 14:01:28 -0500 (CDT) Received: from out001.email.savvis.net (out001.apptix.savvis.net [216.91.32.44]) by mailgate1b.savvis.net (Postfix) with ESMTP id 259FC3BE6C; Wed, 4 May 2005 14:01:28 -0500 (CDT) Received: from s228130hz1ew171.apptix-01.savvis.net ([10.146.4.29]) by out001.email.savvis.net with Microsoft SMTPSVC(6.0.3790.211); Wed, 4 May 2005 14:01:18 -0500 Received: from [10.254.186.111] ([66.35.239.94]) by s228130hz1ew171.apptix-01.savvis.net with Microsoft SMTPSVC(6.0.3790.211); Wed, 4 May 2005 14:01:12 -0500 Message-ID: <42791BF7.5080702@savvis.net> Date: Wed, 04 May 2005 12:01:11 -0700 From: Maksim Yevmenkin User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.2) Gecko/20040822 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Sten Spans References: <20050428135120.GB21428@cell.sick.ru> <427111BF.2050607@savvis.net> <42712BAA.4070201@elischer.org> <42715269.3010306@errno.com> <4272743A.2030003@savvis.net> <20050429182819.GP2670@funkthat.com> <42765799.6090201@savvis.net> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 04 May 2005 19:01:12.0510 (UTC) FILETIME=[A3BD9DE0:01C550DB] X-Virus-Scanned: amavisd-new at savvis.net cc: John-Mark Gurney cc: glebius@FreeBSD.org cc: Julian Elischer cc: net@freebsd.org Subject: Re: if_tap unaligned access problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 19:01:55 -0000 Hello, >>>>>>>>> i think we have few options here: >>>>>>>>> >>>>>>>>> 1) revert back original tapwrite function that was changed in >>>>>>>>> v. 1.48 and set offset to 2 bytes in top mbuf >>>>>>>>> >>>>>>>>> 2) change current version of tapwrite so it would m_prepend and >>>>>>>>> m_pullup mbuf after m_uiotombuf >>>>>>>>> >>>>>>>>> 3) change m_uiotombuf to accept one more parameter - mbuf >>>>>>>>> offset at which data should be copied. there are not that many >>>>>>>>> users of m_uiotombuf >>>>> >>>>> >>>>> please find and review the attached patch (untested) that >>>>> implements option (3) above. >>> >>> any objections to the attached (revised) patch? can i commit it? >> >> I've tested the code on fbsd-current alpha and it fixes >> the crash. I was kinda waiting for somebody to test it on >> sparc, but that's taking a few days longer than expected. >> I may run a test on one of my own sparcs to verify >> the results. >> >> That said, the issue seems pretty clear-cut, as is the solution. > > I've gotten confirmation that the patch also fixes the crash > on RELENG_5/sparc64. Please commit. thanks. because no one had objections (or rather no one replied :) i went ahead and committed this. so, you all know whom to blame :) as jmg pointed out "align" cannot exceed MHLEN bytes. it it trivial to change should anyone ever require bigger "align". thanks, max > From owner-freebsd-net@FreeBSD.ORG Wed May 4 19:10:42 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 54DD216A4CE for ; Wed, 4 May 2005 19:10:42 +0000 (GMT) Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2D0CC43D39 for ; Wed, 4 May 2005 19:10:42 +0000 (GMT) (envelope-from julian@elischer.org) Received: from [208.206.78.97] (julian.vicor-nb.com [208.206.78.97]) by mail.vicor-nb.com (Postfix) with ESMTP id A93DA7A41E; Wed, 4 May 2005 12:09:56 -0700 (PDT) Message-ID: <42791E04.2070601@elischer.org> Date: Wed, 04 May 2005 12:09:56 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050423 X-Accept-Language: en, hu MIME-Version: 1.0 To: Ragnar Lonn References: <4270EC8B.2030706@packetfront.com> <4272B4B2.4070407@elischer.org> <4278BA03.2040405@packetfront.com> In-Reply-To: <4278BA03.2040405@packetfront.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Virtual network stacks in FreeBSD? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 19:10:42 -0000 Ragnar Lonn wrote: > Julian Elischer wrote: > >> >> >> Ragnar Lonn wrote: >> >>> Hello all, >>> >>> Does anyone know if virtual network stack support (as implemented at >>> http://www.tel.fer.hr/zec/vimage/) is on the roadmap for future >>> FreeBSD releases? >> >> >> >> >> that depends on who you are talking to :-) >> the problems are not with the concept of virtual network stacks >> but with how you make them virtual and still support loadable modules >> and protocols. >> It is theoretically possible but it requires that there be an >> infrastructure to allow >> loadble modules to link into and out of exisiting virtual worlds. >> >> What Marco did is very good but it is limited to those modules that >> are compiled in in >> that manner. >> I would like to do it but the scope just keeps growing when you look >> into what it >> would require. >> Especially in 5.x/6.x where the emphasis has been in making more and >> more of >> the system loadable. > > > > Ok, here is a dumb question! > > Would it be possible to have multiple network stack support available > as a kernel > compile option that, if enabled, disabled other functionality that > conflicted with it? > > I would guess that few people need to have multiple network stacks on > their > systems and that those who do might be able to accept the loss of other > functionality to get this feature. > > /Ragnar It would be pretty hard, though you MIGHT be able to do funny linker tricks. the way that teh virtual stacks is done is that all the global variables etc. that the netwirk stacks use are moved into one big structure. then places that access those variables are changed to read them from the structure instance that is currently active. interfaces and process structures have a pointer to one of these structures (indirectly), so that is how th e correct one to use is looked up. It works well but it's not vaery extensible because you would have to keep changing the structure when you added or deleted modules.. ( From owner-freebsd-net@FreeBSD.ORG Thu May 5 07:02:28 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 89DB316A4CE for ; Thu, 5 May 2005 07:02:28 +0000 (GMT) Received: from mail.lrtc.lt (pegasus.lrtc.lt [217.9.240.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 283A143D82 for ; Thu, 5 May 2005 07:02:27 +0000 (GMT) (envelope-from donatas@lrtc.net) Received: (qmail 16111 invoked from network); 5 May 2005 06:51:07 -0000 Received: from unknown (HELO donatas) (d.gendvilas@[192.168.144.159]) (envelope-sender ) by mail.lrtc.lt (qmail-ldap-1.03) with SMTP for ; 5 May 2005 06:51:07 -0000 Message-ID: <00b701c55140$62b40950$9f90a8c0@DONATAS> From: "Donatas" To: Date: Thu, 5 May 2005 10:02:22 +0300 Organization: AB Lietuvos Radijo ir Televizijos Centras MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Content-Type: text/plain; charset="windows-1257" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: any netgraph traffic shaper? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Donatas List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2005 07:02:28 -0000 hello verybody, are there any solutions on ethernet or atm(ubr mode) level traffic = shaping with netgraph on 5.3 BSD? (i've ng_dummy, which doesnt's seems to be prepared to run under 5.3) From owner-freebsd-net@FreeBSD.ORG Thu May 5 13:33:03 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0E38616A4CE for ; Thu, 5 May 2005 13:33:03 +0000 (GMT) Received: from us.svf.stuba.sk (us.svf.stuba.sk [147.175.16.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 62A7443D81 for ; Thu, 5 May 2005 13:33:02 +0000 (GMT) (envelope-from md@us.svf.stuba.sk) Received: from us.svf.stuba.sk (localhost [127.0.0.1]) by us.svf.stuba.sk (8.13.3/8.13.3) with ESMTP id j45DWtxU077252 for ; Thu, 5 May 2005 15:32:59 +0200 (CEST) (envelope-from md@us.svf.stuba.sk) Received: (from md@localhost) by us.svf.stuba.sk (8.13.3/8.13.3/Submit) id j45DWoiD077251 for freebsd-net@freebsd.org; Thu, 5 May 2005 15:32:50 +0200 (CEST) (envelope-from md) Date: Thu, 5 May 2005 15:32:50 +0200 From: Marian Durkovic To: freebsd-net@freebsd.org Message-ID: <20050505133250.GA73885@us.svf.stuba.sk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i X-Virus-Scanned: ClamAV 0.83/870/Thu May 5 12:54:15 2005 on us.svf.stuba.sk X-Virus-Status: Clean X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED autolearn=failed version=3.0.2 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on us.svf.stuba.sk Subject: Degraded TCP performace between 4.9 and 4.11 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2005 13:33:03 -0000 Hi all, recently we've found serious performance degradation for TCP connections between FreeBSD 4.9 and 4.11 at larger packet sizes. We're using two identical machines with Intel PRO/1000 82547EI chipset, which were able to run wirespeed at all packet sizes when 4.9 was installed on both of them. The tests are performed using nttcp -T -n500000 Here are the results: TCP payload 4.9->4.11 4.11->4.9 ---------------------------------------------------- 1448 Bytes 941.0007 Mbps 941.1021 Mbps 2048 957.5791 957.5312 4096 978.1912 978.2145 6144 715.3935 715.7244 8192 631.8491 988.7455 It is obvious, that transfers with TCP payloads upto 4 kB are wirespeed, while larger packets have significantly degraded performance. Any ideas? Thanks & kind regards, -------------------------------------------------------------------------- ---- ---- ---- Marian Durkovic network manager ---- ---- ---- ---- Slovak Technical University Tel: +421 2 524 51 301 ---- ---- Computer Centre, Nam. Slobody 17 Fax: +421 2 524 94 351 ---- ---- 812 43 Bratislava, Slovak Republic E-mail/sip: md@bts.sk ---- ---- ---- -------------------------------------------------------------------------- From owner-freebsd-net@FreeBSD.ORG Thu May 5 14:03:00 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3AE7716A4CE; Thu, 5 May 2005 14:03:00 +0000 (GMT) Received: from 62-15-215-178.inversas.jazztel.es (62-15-215-178.inversas.jazztel.es [62.15.215.178]) by mx1.FreeBSD.org (Postfix) with ESMTP id F1BF043DAF; Thu, 5 May 2005 14:02:58 +0000 (GMT) (envelope-from josemi@freebsd.jazztel.es) Received: from antares.redesjm.local (localhost.redesjm.local [127.0.0.1]) j45E2qHk081300; Thu, 5 May 2005 16:02:52 +0200 (CEST) (envelope-from josemi@antares.redesjm.local) Received: (from josemi@localhost) by antares.redesjm.local (8.13.3/8.13.3/Submit) id j45E2pYF081299; Thu, 5 May 2005 16:02:51 +0200 (CEST) (envelope-from josemi) Date: Thu, 5 May 2005 16:02:51 +0200 From: Jose M Rodriguez To: Josef Karthauser Message-ID: <20050505140251.GA81260@antares.redesjm.local> References: <20050502200413.GB46745@genius.tao.org.uk> <20050502202122.GC46745@genius.tao.org.uk> <20050504142425.GB710@genius.pact.cpes.susx.ac.uk> <1115226802.49427.16.camel@buffy.york.ac.uk> <20050504171851.GB1863@genius.tao.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050504171851.GB1863@genius.tao.org.uk> User-Agent: Mutt/1.4.2.1i X-AntiVirus: checked by AntiVir Milter (version: 1.1.0-3; AVE: 6.30.0.12; VDF: 6.30.0.157; host: antares.redesjm.local) cc: current@FreeBSD.org cc: net@FreeBSD.org Subject: Re: ipfw broken with bridge under 5.x (5.3 and 5.4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2005 14:03:00 -0000 On Wed, May 04, 2005 at 06:18:51PM +0100, Josef Karthauser wrote: > On Wed, May 04, 2005 at 06:13:22PM +0100, Gavin Atkinson wrote: > > > > I believe I am seeing similar problems to you, though uptime for me is > > generally measurable in days rather than minutes. I've found that > > adding an explicit "allow all from any to any" and then removing it > > again seems to get it working. I will test your solution when mine > > fails again. > > > > It appears that the solution is obtained by adding the rule: > > allow ip from any to any layer2 mac-type arp > > to the beginning of the firewall list. IPFW2 drops non-IP traffic > whereas IPFW1 passes it though. This is the reason why my configuration > stopped working after the upgrade. > What point me that we must solve the ip <-> all problem in ipfw2 ip from any to any match all traffic, not only ip. So this must be deprecated and all used instead. Also, this must be take in account when pretty-print is done. Apart of this, I'm still have problems with ipfw and rules without body: - skipto 30000 + skipto 30000 all from any to any -- josemi From owner-freebsd-net@FreeBSD.ORG Thu May 5 15:42:29 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3552316A4CE for ; Thu, 5 May 2005 15:42:29 +0000 (GMT) Received: from risky.niblet.co.uk (risky.niblet.co.uk [80.177.236.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id B428543D95 for ; Thu, 5 May 2005 15:42:28 +0000 (GMT) (envelope-from matt@genesi.co.uk) Received: from [80.177.236.72] (helo=yukito) by risky.niblet.co.uk with esmtpa (Exim 4.43 (FreeBSD)) id 1DTibp-0009Si-4h for freebsd-net@freebsd.org; Thu, 05 May 2005 16:49:53 +0100 From: "Matt Sealey" To: Date: Thu, 5 May 2005 16:44:26 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 Thread-Index: AcVRiVFem8bm2x02R/KK8+pnkqSMyA== Message-Id: <20050505154228.B428543D95@mx1.FreeBSD.org> Subject: 5.2/5.3 wi0 "2mbit bug" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2005 15:42:29 -0000 Does anyone have a patch I can apply to a 5.3 kernel in order to make it send/receive at 11mbit instead of the 2mbit rate? I have seen lots of DISCUSSION about it but no hard fact about how to fix it. Apparently it was fixed in CURRENT (I am not adventurous to build and check) but I only need this one fix and not anything else so I am loathe to update entire swathes of files beyond if_wi.c :) Thanks in advance, -- Matt Sealey Manager, Genesi, Developer Relations From owner-freebsd-net@FreeBSD.ORG Thu May 5 18:20:30 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B075116A5A7 for ; Thu, 5 May 2005 18:20:30 +0000 (GMT) Received: from risky.niblet.co.uk (risky.niblet.co.uk [80.177.236.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5674243D46 for ; Thu, 5 May 2005 18:20:30 +0000 (GMT) (envelope-from matt@genesi.co.uk) Received: from [80.177.236.72] (helo=yukito) by risky.niblet.co.uk with esmtpa (Exim 4.43 (FreeBSD)) id 1DTl4g-0009tI-N1; Thu, 05 May 2005 19:27:50 +0100 From: "Matt Sealey" To: "'Luiz Otavio Souza'" Date: Thu, 5 May 2005 19:22:23 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 In-Reply-To: <427A5D17.4090308@microeletronica.com.br> Thread-Index: AcVRm6peYh78ndvLS66WuEhKJ84RkAAArW2w X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 Message-Id: <20050505182030.5674243D46@mx1.FreeBSD.org> cc: freebsd-net@freebsd.org Subject: RE: 5.2/5.3 wi0 "2mbit bug" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2005 18:20:30 -0000 I read the first link; but when I looked in the files, there is no field frmhdr and the code does not flow the way the article suggest (wi_start doesn't call that function..) The patch looks better, I will back up the source and try and apply it. We will see.. -- Matt Sealey Manager, Genesi, Developer Relations > -----Original Message----- > From: Luiz Otavio Souza [mailto:luiz@microeletronica.com.br] > Sent: Thursday, May 05, 2005 6:51 PM > To: Matt Sealey > Cc: freebsd-net@freebsd.org > Subject: Re: 5.2/5.3 wi0 "2mbit bug" > > Matt, > > Please, try one of above: > > http://excamera.com/cgi-bin/blosxom.cgi > > hysteria.sk/~neologism/wifi.patch > > When i've some free time i'll make a new patch for wlan stack > and drivers from current. > > Luiz > > > Matt Sealey wrote: > > Does anyone have a patch I can apply to a 5.3 kernel in > order to make > > it send/receive at 11mbit instead of the 2mbit rate? > > > > I have seen lots of DISCUSSION about it but no hard fact > about how to > > fix it. Apparently it was fixed in CURRENT (I am not adventurous to > > build and check) but I only need this one fix and not > anything else so > > I am loathe to update entire swathes of files beyond if_wi.c :) > > > > Thanks in advance, > > > > From owner-freebsd-net@FreeBSD.ORG Fri May 6 06:59:59 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1082116A4CE for ; Fri, 6 May 2005 06:59:59 +0000 (GMT) Received: from us.svf.stuba.sk (us.svf.stuba.sk [147.175.16.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 75CF243D41 for ; Fri, 6 May 2005 06:59:58 +0000 (GMT) (envelope-from md@us.svf.stuba.sk) Received: from us.svf.stuba.sk (localhost [127.0.0.1]) by us.svf.stuba.sk (8.13.3/8.13.3) with ESMTP id j466xt2S004526; Fri, 6 May 2005 08:59:55 +0200 (CEST) (envelope-from md@us.svf.stuba.sk) Received: (from md@localhost) by us.svf.stuba.sk (8.13.3/8.13.3/Submit) id j466xo32004525; Fri, 6 May 2005 08:59:50 +0200 (CEST) (envelope-from md) Date: Fri, 6 May 2005 08:59:50 +0200 From: Marian Durkovic To: freebsd-net@freebsd.org Message-ID: <20050506065950.GA1999@us.svf.stuba.sk> References: <20050505133250.GA73885@us.svf.stuba.sk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050505133250.GA73885@us.svf.stuba.sk> User-Agent: Mutt/1.4.2.1i X-Virus-Scanned: ClamAV 0.83/871/Thu May 5 15:50:45 2005 on us.svf.stuba.sk X-Virus-Status: Clean X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED autolearn=failed version=3.0.2 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on us.svf.stuba.sk Subject: SOLVED: Degraded TCP performace on Intel PRO/1000 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 May 2005 06:59:59 -0000 Hi all, seems we've found the problem. The performance degradation was happening it the TX path, due to insufficient setting of TX packet buffer FIFO on the chip. To achieve wirespeed performance, the TX FIFO must be large enough to accomodate 2 jumbo packets (not just 1 as the driver was assuming). There was also a typo in the driver, causing the PBA tuning on most cards to be non-functional. Due to above limitation, the 82547 chipset (featuring only 40 KB of RX/TX FIFO) only supports wirespeed tranfers upto 8 KB TCP payload (MTU 9000 bytes). Please be sure to use em driver version 1.7.41 or newer, either from the CVS (branch RELENG_4_11) or from Intel's downloads. The PBA code needs to be modified as follows: --- if_em.c Wed Jan 5 00:55:03 2005 +++ if_em.c.new Fri May 6 08:44:58 2005 @@ -816,17 +816,18 @@ * Default allocation: PBA=48K for Rx, leaving 16K for Tx. * After the 82547 the buffer was reduced to 40K. * Default allocation: PBA=30K for Rx, leaving 10K for Tx. - * Note: default does not leave enough room for Jumbo Frame >10k. + * BEWARE: For wirespeed performance, Tx buffer must be able + * to accommodate 2 frames */ if(adapter->hw.mac_type < em_82547) { /* Total FIFO is 64K */ - if(adapter->rx_buffer_len > EM_RXBUFFER_8192) + if(adapter->hw.max_frame_size > 8192) pba = E1000_PBA_40K; /* 40K for Rx, 24K for Tx */ else pba = E1000_PBA_48K; /* 48K for Rx, 16K for Tx */ } else { /* Total FIFO is 40K */ - if(adapter->hw.max_frame_size > EM_RXBUFFER_8192) { + if(adapter->hw.max_frame_size > 5120) { pba = E1000_PBA_22K; /* 22K for Rx, 18K for Tx */ } else { pba = E1000_PBA_30K; /* 30K for Rx, 10K for Tx */ With the above modifications, the em driver is able to run wirespeed also with maximum TCP payload of 6 KB and 8KB - tested on 82547 and 82546 controllers. With kind regards, M. On Thu, May 05, 2005 at 03:32:50PM +0200, Marian Durkovic wrote: > Hi all, > > recently we've found serious performance degradation for TCP connections > between FreeBSD 4.9 and 4.11 at larger packet sizes. > > We're using two identical machines with Intel PRO/1000 82547EI chipset, > which were able to run wirespeed at all packet sizes when 4.9 was installed > on both of them. The tests are performed using nttcp -T -n500000 > > Here are the results: > > TCP payload 4.9->4.11 4.11->4.9 > ---------------------------------------------------- > 1448 Bytes 941.0007 Mbps 941.1021 Mbps > 2048 957.5791 957.5312 > 4096 978.1912 978.2145 > 6144 715.3935 715.7244 > 8192 631.8491 988.7455 > > It is obvious, that transfers with TCP payloads upto 4 kB are wirespeed, > while larger packets have significantly degraded performance. > > Any ideas? > > > Thanks & kind regards, > -------------------------------------------------------------------------- ---- ---- ---- Marian Durkovic network manager ---- ---- ---- ---- Slovak Technical University Tel: +421 2 524 51 301 ---- ---- Computer Centre, Nam. Slobody 17 Fax: +421 2 524 94 351 ---- ---- 812 43 Bratislava, Slovak Republic E-mail/sip: md@bts.sk ---- ---- ---- -------------------------------------------------------------------------- From owner-freebsd-net@FreeBSD.ORG Fri May 6 23:56:14 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A437016A4D4 for ; Fri, 6 May 2005 23:56:14 +0000 (GMT) Received: from relay01.pair.com (relay01.pair.com [209.68.5.15]) by mx1.FreeBSD.org (Postfix) with SMTP id 1958E43D96 for ; Fri, 6 May 2005 23:56:14 +0000 (GMT) (envelope-from silby@silby.com) Received: (qmail 94239 invoked from network); 6 May 2005 23:56:12 -0000 Received: from unknown (HELO localhost) (unknown) by unknown with SMTP; 6 May 2005 23:56:12 -0000 X-pair-Authenticated: 209.68.2.70 Date: Fri, 6 May 2005 18:56:01 -0500 (CDT) From: Mike Silbersack To: gandalf@digital.net In-Reply-To: <32528526.1115049523374.JavaMail.root@wamui08.slb.atl.earthlink.net> Message-ID: <20050506185301.B6374@odysseus.silby.com> References: <32528526.1115049523374.JavaMail.root@wamui08.slb.atl.earthlink.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-net@freebsd.org Subject: Re: FreeBSD and the Rose Attack / NewDawn X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 May 2005 23:56:14 -0000 I'll take a look at it while I'm at BSDCan next week. From your website's description of the attack, I don't see why FreeBSD would be affected so greatly... we must be wasting a lot of time traversing linked lists / etc. Mike "Silby" Silbersack On Mon, 2 May 2005 gandalf@digital.net wrote: > Greetings and Salutations: > > I *just* got my FreeBSD setup stable and working witha KDE GUI. :-). I know, easy for you guys but this is the first time I have set up FreeBSD with automatic updates. I settled on FreeBSD 5.4 after many tries. > > I tried the Rose Attack / NewDawn against my laptop (it is a slow Pentium II 400 MHz Dell Inspiron 7000): > http://digital.net/~gandalf/Rose_Frag_Attack_Explained.htm > > Specifically: > ./NewDawn4 1 0 5 9999 99999999 4000 2 > > My machine locked up at pretty close to 100% when viewing the top command. > > I asked a fellow worker who had a PIII 733 MHz to take a look and he reported about 70% CPU increase. > > FYI. You might wish to take a look into this, IMHO this is a decent CPU DOS. > > Ken > > ------------------------------------------------------------------ > Do not meddle in the affairs of wizards for they are subtle and > quick to anger. > Ken Hollis - Gandalf The White - gandalf@digital.net - O- TINLC > WWW Page - http://gandalf.home.digital.net/ > Trace E-Mail forgery - http://gandalf.home.digital.net/spamfaq.html > Trolls crossposts - http://gandalf.home.digital.net/trollfaq.html > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Sat May 7 04:37:13 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E3E1E16A4D8 for ; Sat, 7 May 2005 04:37:13 +0000 (GMT) Received: from obsecurity.dyndns.org (CPE0050040655c8-CM00111ae02aac.cpe.net.cable.rogers.com [69.194.102.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id AD73243D41 for ; Sat, 7 May 2005 04:37:13 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 2743A513B6; Fri, 6 May 2005 21:37:13 -0700 (PDT) Date: Fri, 6 May 2005 21:37:13 -0700 From: Kris Kennaway To: Marian Durkovic Message-ID: <20050507043712.GB28373@xor.obsecurity.org> References: <20050505133250.GA73885@us.svf.stuba.sk> <20050506065950.GA1999@us.svf.stuba.sk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="W/nzBZO5zC0uMSeA" Content-Disposition: inline In-Reply-To: <20050506065950.GA1999@us.svf.stuba.sk> User-Agent: Mutt/1.4.2.1i cc: freebsd-net@freebsd.org Subject: Re: SOLVED: Degraded TCP performace on Intel PRO/1000 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 May 2005 04:37:14 -0000 --W/nzBZO5zC0uMSeA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, May 06, 2005 at 08:59:50AM +0200, Marian Durkovic wrote: > Hi all, >=20 >=20 > seems we've found the problem. The performance degradation was happening > it the TX path, due to insufficient setting of TX packet buffer FIFO on t= he > chip. >=20 > To achieve wirespeed performance, the TX FIFO must be large enough to > accomodate 2 jumbo packets (not just 1 as the driver was assuming). > There was also a typo in the driver, causing the PBA tuning on most > cards to be non-functional. >=20 > Due to above limitation, the 82547 chipset (featuring only 40 KB of=20 > RX/TX FIFO) only supports wirespeed tranfers upto 8 KB TCP payload > (MTU 9000 bytes). >=20 > Please be sure to use em driver version 1.7.41 or newer, either from > the CVS (branch RELENG_4_11) or from Intel's downloads. Does this also apply to 5.x and above? If no-one else responds in the next few days, can you please submit the patch in PR so it does not get lost? Kris --W/nzBZO5zC0uMSeA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCfEX4Wry0BWjoQKURAq2HAKDkZgY2STk4x0cnkke54Kzkfy938wCbBabw emlUHjfsZreE2HXlJejkAxM= =TUbT -----END PGP SIGNATURE----- --W/nzBZO5zC0uMSeA-- From owner-freebsd-net@FreeBSD.ORG Sat May 7 09:35:23 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 012B316A4DA for ; Sat, 7 May 2005 09:35:23 +0000 (GMT) Received: from us.svf.stuba.sk (us.svf.stuba.sk [147.175.16.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3E42E43D70 for ; Sat, 7 May 2005 09:35:22 +0000 (GMT) (envelope-from md@us.svf.stuba.sk) Received: from us.svf.stuba.sk (localhost [127.0.0.1]) by us.svf.stuba.sk (8.13.3/8.13.3) with ESMTP id j479ZGkg082789; Sat, 7 May 2005 11:35:21 +0200 (CEST) (envelope-from md@us.svf.stuba.sk) Received: (from md@localhost) by us.svf.stuba.sk (8.13.3/8.13.3/Submit) id j479ZA8M082788; Sat, 7 May 2005 11:35:10 +0200 (CEST) (envelope-from md) Date: Sat, 7 May 2005 11:35:10 +0200 From: Marian Durkovic To: Kris Kennaway Message-ID: <20050507093510.GA82158@us.svf.stuba.sk> References: <20050505133250.GA73885@us.svf.stuba.sk> <20050506065950.GA1999@us.svf.stuba.sk> <20050507043712.GB28373@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050507043712.GB28373@xor.obsecurity.org> User-Agent: Mutt/1.4.2.1i X-Virus-Scanned: ClamAV 0.83/871/Thu May 5 15:50:45 2005 on us.svf.stuba.sk X-Virus-Status: Clean X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED autolearn=failed version=3.0.2 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on us.svf.stuba.sk cc: freebsd-net@freebsd.org Subject: Re: SOLVED: Degraded TCP performace on Intel PRO/1000 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 May 2005 09:35:23 -0000 > > To achieve wirespeed performance, the TX FIFO must be large enough to > > accomodate 2 jumbo packets (not just 1 as the driver was assuming). > > There was also a typo in the driver, causing the PBA tuning on most > > cards to be non-functional. > > > > Please be sure to use em driver version 1.7.41 or newer, either from > > the CVS (branch RELENG_4_11) or from Intel's downloads. > > Does this also apply to 5.x and above? If no-one else responds in the > next few days, can you please submit the patch in PR so it does not > get lost? > > Kris All the CVS branches of if_em.c have the same bugs in the packet buffer (PBA) code, so yes, the patch applies to all releases. M. From owner-freebsd-net@FreeBSD.ORG Sat May 7 12:15:10 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A3C416A4DB; Sat, 7 May 2005 12:15:10 +0000 (GMT) Received: from mail-gw1.york.ac.uk (mail-gw1.york.ac.uk [144.32.128.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id C4F2243D86; Sat, 7 May 2005 12:15:09 +0000 (GMT) (envelope-from gavin.atkinson@ury.york.ac.uk) Received: from ury.york.ac.uk (ury.york.ac.uk [144.32.108.81]) by mail-gw1.york.ac.uk (8.12.10/8.12.10) with ESMTP id j47CF7MN003164; Sat, 7 May 2005 13:15:07 +0100 (BST) Received: from ury.york.ac.uk (localhost.york.ac.uk [127.0.0.1]) by ury.york.ac.uk (8.13.1/8.13.1) with ESMTP id j47CG1nR072522; Sat, 7 May 2005 13:16:01 +0100 (BST) (envelope-from gavin.atkinson@ury.york.ac.uk) Received: from localhost (gavin@localhost) by ury.york.ac.uk (8.13.1/8.13.1/Submit) with ESMTP id j47CG1AI072519; Sat, 7 May 2005 13:16:01 +0100 (BST) (envelope-from gavin.atkinson@ury.york.ac.uk) X-Authentication-Warning: ury.york.ac.uk: gavin owned process doing -bs Date: Sat, 7 May 2005 13:16:01 +0100 (BST) From: Gavin Atkinson X-X-Sender: gavin@ury.york.ac.uk To: Josef Karthauser In-Reply-To: <20050504171851.GB1863@genius.tao.org.uk> Message-ID: <20050507131437.C72452@ury.york.ac.uk> References: <20050502200413.GB46745@genius.tao.org.uk> <20050504142425.GB710@genius.pact.cpes.susx.ac.uk> <20050504171851.GB1863@genius.tao.org.uk> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-York-MailScanner: Found to be clean X-York-MailScanner-From: gavin.atkinson@ury.york.ac.uk cc: current@FreeBSD.org cc: net@FreeBSD.org Subject: Re: ipfw broken with bridge under 5.x (5.3 and 5.4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 May 2005 12:15:10 -0000 On Wed, 4 May 2005, Josef Karthauser wrote: > On Wed, May 04, 2005 at 06:13:22PM +0100, Gavin Atkinson wrote: >> >> I believe I am seeing similar problems to you, though uptime for me is >> generally measurable in days rather than minutes. I've found that >> adding an explicit "allow all from any to any" and then removing it >> again seems to get it working. I will test your solution when mine >> fails again. > > It appears that the solution is obtained by adding the rule: > > allow ip from any to any layer2 mac-type arp > > to the beginning of the firewall list. IPFW2 drops non-IP traffic > whereas IPFW1 passes it though. This is the reason why my configuration > stopped working after the upgrade. Ah-ha! This also seems to have fixed it for me. There are a few bits of documentation which should probably be updated with this, I'll submit a patch in a day or two. Gavin From owner-freebsd-net@FreeBSD.ORG Sat May 7 14:17:38 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4FDD916A4DB for ; Sat, 7 May 2005 14:17:38 +0000 (GMT) Received: from lakermmtao10.cox.net (lakermmtao10.cox.net [68.230.240.29]) by mx1.FreeBSD.org (Postfix) with ESMTP id B7DB943D72 for ; Sat, 7 May 2005 14:17:37 +0000 (GMT) (envelope-from gandalf@digital.net) Received: from [192.168.1.94] (really [68.0.104.119]) by lakermmtao10.cox.net (InterMail vM.6.01.04.00 201-2131-118-20041027) with ESMTP id <20050507141735.CMAS7787.lakermmtao10.cox.net@[192.168.1.94]>; Sat, 7 May 2005 10:17:35 -0400 User-Agent: Microsoft-Entourage/10.1.6.040913.0 Date: Sat, 07 May 2005 09:17:33 -0500 From: Gandalf The White To: Mike Silbersack Message-ID: In-Reply-To: <20050506185301.B6374@odysseus.silby.com> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: FreeBSD and the Rose Attack / NewDawn X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 May 2005 14:17:38 -0000 Greetings and Salutations: On 5/6/05 6:56 PM, "Mike Silbersack" wrote: > I'll take a look at it while I'm at BSDCan next week. From your website's > description of the attack, I don't see why FreeBSD would be affected so > greatly... we must be wasting a lot of time traversing linked lists / etc. > Mike "Silby" Silbersack I realize that Mac OS/X has probably deviated significantly from its FreeBSD roots, but OS/X also showed the same issues until Apple fixed the problem. Take a look at the Linux implementation, they did a pretty good job. It consists of something like: 0) Store the size of packet in a variable 1) Add up the number of bytes the fragments received and continue to store / accept fragments until ... 2) You get the final fragment. If you have enough bytes to look like you have the entire packet then send the fragment off for reassembly, otherwise keep accepting fragments until you get enough fragments for the whole packet. The only problem I see with this is that if you have some kind of weird routing issue where you a router or switch is duplicating fragments then the fragmented packet may not get through unless all of the intermediate fragments arrive before the final fragment. Of course we won't mention some kind of injection / spoofing attack where someone send spoofed fragmented packets to screw up the real data ... Ken --------------------------------------------------------------- Do not meddle in the affairs of wizards for they are subtle and quick to anger. Ken Hollis - Gandalf The White - gandalf@digital.net - O- TINLC WWW Page - http://digital.net/~gandalf/ Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html Trolls crossposts - http://digital.net/~gandalf/trollfaq.html From owner-freebsd-net@FreeBSD.ORG Sat May 7 15:20:51 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C81B16A4DB for ; Sat, 7 May 2005 15:20:51 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3E6F043D82 for ; Sat, 7 May 2005 15:20:51 +0000 (GMT) (envelope-from joao.barros@gmail.com) Received: by wproxy.gmail.com with SMTP id 71so1144547wra for ; Sat, 07 May 2005 08:20:50 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=Xti0eYRAvzrA8URjNkQjr9iCQ510fE0sCOdWYan3H1w/GYe1DCpOHltCDy3YfmhCMeZRxUCp6HB1CY1eDLki+gAl0FKIi7OWVLuhEdG8krMc4FeVJOlSCoQUInjBnW/2uJxB24iIzURuaQnifpbyPo6LL5BVJSCROBXDW9hCLfU= Received: by 10.54.32.36 with SMTP id f36mr1493997wrf; Sat, 07 May 2005 08:20:50 -0700 (PDT) Received: by 10.54.38.1 with HTTP; Sat, 7 May 2005 08:20:50 -0700 (PDT) Message-ID: <70e8236f05050708204937ded0@mail.gmail.com> Date: Sat, 7 May 2005 16:20:50 +0100 From: Joao Barros To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: ntop on FreeBSD 5.4ish and threading X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Joao Barros List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 May 2005 15:20:51 -0000 Hi all, I recently tried ntop on FreeBSD 5.4 RC3 and RC4 and was disappointed with the problems I bumped into. I reported this to ntop's developers mailing list and a few coments about FreeBSD threading came up. It would be interesting if someone could take a look at the thread I started: http://listgateway.unipi.it/pipermail/ntop/2005-May/010397.html My thanks in advance, Joao Barros From owner-freebsd-net@FreeBSD.ORG Sat May 7 15:42:50 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9BF9D16A4DB for ; Sat, 7 May 2005 15:42:50 +0000 (GMT) Received: from smtp101.rog.mail.re2.yahoo.com (smtp101.rog.mail.re2.yahoo.com [206.190.36.79]) by mx1.FreeBSD.org (Postfix) with SMTP id E419143D9C for ; Sat, 7 May 2005 15:42:49 +0000 (GMT) (envelope-from mikej@rogers.com) Received: from unknown (HELO 172.16.0.1) (mikej@69.193.222.195 with login) by smtp101.rog.mail.re2.yahoo.com with SMTP; 7 May 2005 15:42:49 -0000 Received: from 172.16.0.199 (SquirrelMail authenticated user mikej) by 172.16.0.1 with HTTP; Sat, 7 May 2005 11:42:55 -0400 (EDT) Message-ID: <1482.172.16.0.199.1115480575.squirrel@172.16.0.1> In-Reply-To: <20050507093510.GA82158@us.svf.stuba.sk> References: <20050505133250.GA73885@us.svf.stuba.sk> <20050506065950.GA1999@us.svf.stuba.sk> <20050507043712.GB28373@xor.obsecurity.org> <20050507093510.GA82158@us.svf.stuba.sk> Date: Sat, 7 May 2005 11:42:55 -0400 (EDT) From: "Mike Jakubik" To: "Marian Durkovic" User-Agent: SquirrelMail/1.5.1 [CVS] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org cc: Kris Kennaway Subject: Re: SOLVED: Degraded TCP performace on Intel PRO/1000 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 May 2005 15:42:50 -0000 On Sat, May 7, 2005 5:35 am, Marian Durkovic said: >>> To achieve wirespeed performance, the TX FIFO must be large enough to >>> accomodate 2 jumbo packets (not just 1 as the driver was assuming). >>> There was also a typo in the driver, causing the PBA tuning on most >>> cards to be non-functional. >>> >>> Please be sure to use em driver version 1.7.41 or newer, either from >>> the CVS (branch RELENG_4_11) or from Intel's downloads. >> >> Does this also apply to 5.x and above? If no-one else responds in the >> next few days, can you please submit the patch in PR so it does not get >> lost? >> >> Kris >> > > All the CVS branches of if_em.c have the same bugs in the packet buffer > (PBA) code, so yes, the patch applies to all releases. Please submit this patch, i myself use the em card in a lot of boxes. CURRENT still has driver version 1.7.35, so looks like we are behind a bit. Thanks. From owner-freebsd-net@FreeBSD.ORG Sat May 7 15:45:16 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92E1916A4DB for ; Sat, 7 May 2005 15:45:16 +0000 (GMT) Received: from smtp103.rog.mail.re2.yahoo.com (smtp103.rog.mail.re2.yahoo.com [206.190.36.81]) by mx1.FreeBSD.org (Postfix) with SMTP id 15EC643DA5 for ; Sat, 7 May 2005 15:45:16 +0000 (GMT) (envelope-from mikej@rogers.com) Received: from unknown (HELO 172.16.0.1) (mikej@69.193.222.195 with login) by smtp103.rog.mail.re2.yahoo.com with SMTP; 7 May 2005 15:45:15 -0000 Received: from 172.16.0.199 (SquirrelMail authenticated user mikej) by 172.16.0.1 with HTTP; Sat, 7 May 2005 11:45:21 -0400 (EDT) Message-ID: <1489.172.16.0.199.1115480721.squirrel@172.16.0.1> In-Reply-To: <70e8236f05050708204937ded0@mail.gmail.com> References: <70e8236f05050708204937ded0@mail.gmail.com> Date: Sat, 7 May 2005 11:45:21 -0400 (EDT) From: "Mike Jakubik" To: "Joao Barros" User-Agent: SquirrelMail/1.5.1 [CVS] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org Subject: Re: ntop on FreeBSD 5.4ish and threading X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 May 2005 15:45:16 -0000 On Sat, May 7, 2005 11:20 am, Joao Barros said: > Hi all, > > > I recently tried ntop on FreeBSD 5.4 RC3 and RC4 and was disappointed > with the problems I bumped into. I reported this to ntop's developers > mailing list and a few coments about FreeBSD threading came up. It would > be interesting if someone could take a look at the thread I started: > http://listgateway.unipi.it/pipermail/ntop/2005-May/010397.html > > > My thanks in advance, Ntop is badly broken on FreeBSD, has been for a while. I reported this a long time ago to the port maintainers, but nothing. It should be removed from the ports tree. From owner-freebsd-net@FreeBSD.ORG Sat May 7 16:32:34 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 122A716A4DB for ; Sat, 7 May 2005 16:32:34 +0000 (GMT) Received: from freebsd.giovannelli.com (freebsd.giovannelli.com [83.149.149.149]) by mx1.FreeBSD.org (Postfix) with ESMTP id A9E0743D76 for ; Sat, 7 May 2005 16:32:31 +0000 (GMT) (envelope-from gmarco@masternet.it) Received: from usul.giovannelli.it (usul.giovannelli.com [10.254.254.4]) j47GVYo0045304; Sat, 7 May 2005 18:31:34 +0200 (CEST) (envelope-from gmarco@masternet.it) Message-Id: <6.2.1.2.2.20050507181552.033114d8@83.149.160.120> X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2 Date: Sat, 07 May 2005 18:26:06 +0200 To: "Mike Jakubik" , "Joao Barros" From: Gianmarco Giovannelli In-Reply-To: <1489.172.16.0.199.1115480721.squirrel@172.16.0.1> References: <70e8236f05050708204937ded0@mail.gmail.com> <1489.172.16.0.199.1115480721.squirrel@172.16.0.1> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: quoted-printable X-AntiVirus: checked by AVIRA Milter (version: 1.0.0-6; AIE: 6.30.0.12; VDF: 6.30.0.160; host: localhost) cc: freebsd-net@freebsd.org Subject: Re: ntop on FreeBSD 5.4ish and threading X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 May 2005 16:32:34 -0000 At 17.45 07/05/2005, Mike Jakubik wrote: >On Sat, May 7, 2005 11:20 am, Joao Barros said: >> Hi all, >> >> >> I recently tried ntop on FreeBSD 5.4 RC3 and RC4 and was disappointed >> with the problems I bumped into. I reported this to ntop's developers >> mailing list and a few coments about FreeBSD threading came up. It would >> be interesting if someone could take a look at the thread I started: >> http://listgateway.unipi.it/pipermail/ntop/2005-May/010397.html >> >> >> My thanks in advance, > >Ntop is badly broken on FreeBSD, has been for a while. I reported this a >long time ago to the port maintainers, but nothing. It should be removed >from the ports tree. I'd like to pointed out that the author of ntop have now a freebsd (5.x)=20 box on which he could make some test and the latest version is running=20 quite smoothly here, at least it doesn't hangs anymore... The box is able to capture the mirrors traffic generated by two juniper M7= =20 loosing not more than 10% of the packets on aggregated traffic. The cpu=20 load is around 20% and the box is a P4 3ghz 1gb ram with intel fxp cards. The packet loss is due (according to Luca statement) to our threads=20 implementation and it should not happens having soo much free cpu :-) The version is running here is: Report created on Sat May 7 18:29:50 2005 [ntop uptime: 8 days 7:35:42] Generated by ntop v.3.1.1 MT (SSL)=20 [i386-unknown-freebsd5.3]=A9 1998-2005 by Luca Deri,= =20 built: Apr 20 2005 17:28:01. Listening on [fxp2,Consiag] for all packets (i.e. without a filtering=20 expression) Web reports include only interface "fxp2" =20 From owner-freebsd-net@FreeBSD.ORG Sat May 7 22:04:06 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE03716A4DD for ; Sat, 7 May 2005 22:04:06 +0000 (GMT) Received: from vms048pub.verizon.net (vms048pub.verizon.net [206.46.252.48]) by mx1.FreeBSD.org (Postfix) with ESMTP id C8CDD43DA4 for ; Sat, 7 May 2005 22:04:06 +0000 (GMT) (envelope-from jetman@mycbc.com) Received: from EAGLE ([70.18.55.210])0.04 <0IG500EUU3YT5BW7@vms048.mailsrvcs.net> for freebsd-net@freebsd.org; Sat, 07 May 2005 17:04:06 -0500 (CDT) Date: Sat, 07 May 2005 18:03:33 -0400 From: "Jethro Wright III" To: "FreeBSD Net" Message-id: <015701c55350$a1435240$8700a8c0@EAGLE> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Mailer: Microsoft Outlook Express 6.00.2800.1106 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7bit X-Priority: 3 X-MSMail-priority: Normal Subject: [Q-4.9-R]Questions About A Simple Bridge X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 May 2005 22:04:07 -0000 Folks: Have a problem with basic bridging and ARP. Below is a simple diagram of the PC in question: +--------------------------------+ | | (internal) dc0-+ FreeBSD 4.9-RELEASE +-xl0 (external 'Net) | | +----------------+---------------+ | rl0 (control) I've built PCs like this several times, it follows the instructions for a bridge as described in the FBSD Handbook and it generally works well. BTW, I use these boxes to track IP traffic stats and have even assembled and built a couple tools of my own to do the job. My problem is (per the diagram) rl0. dc0 and xl0 are anonymous interfaces (no IP addresses.) rl0 has a local, private IP adress. dc0 and rl0 are plugged into the same switch and therein lies the specific problem. Periodically, ARP emits messages as shown below: /kernel: arp: B:A:D:M:A:C is using my IP address 192.168.0.99! /kernel: arp: B:A:D:M:A:C is using my IP address 192.168.0.99! I get a pair of msgs each time, apparently coinciding with an attempt to access the outside world from the bridge PC via rl0, probably DNS lookups or an NTP update. Eventually the control iface stops responding. I've been researching this forever and found a couple of e-mail msgs (only a couple !) that report an IFCONFIG option (-arp) that may address this issue. So far, I have over twenty-four hours of operation w/o rebooting FBSD or doing something to re-initialize the control iface ! YAY ! What confounds me is that I haven't seen this in ANY of the docs. I've GOOGLE'd msgs w/ a similar req, but can't understand why it isn't mentioned on the MAN page for bridging or the corresponding section in the FBSD Handbook. Am I off in Never-Never-Land ? Or is there another working solution for this issue ? And if there is an answer, why isn't it officially documented somewhere ? TIA....Jet =============== From the desk of Jethro Wright, III ================ + Beer is proof that God loves us and wants us to be happy. - === jetman516 at hotmail.com =============== Benjamin Franklin ===