From owner-freebsd-net@FreeBSD.ORG Sun May 8 01:06:21 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1DA8216A4DE for ; Sun, 8 May 2005 01:06:21 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id B61D343DA9 for ; Sun, 8 May 2005 01:06:20 +0000 (GMT) (envelope-from jsimola@gmail.com) Received: by wproxy.gmail.com with SMTP id 69so1242643wri for ; Sat, 07 May 2005 18:06:20 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=uh9lPcB0RRfIXnglJ2TU6r4HEV7hRooh2nyZBFFO+OSX+oLPES/3ynKAIs4lvl4oRBccpfYIgeLMjRd8KFtgLMy8lFUhYQpswiHZp52QQp5KrYgKqQLbqYvxj/yxEOY1PgQUmhBbfULF37E1WRI4Y77BQk3QwFmquqxs5KE2Fl8= Received: by 10.54.29.14 with SMTP id c14mr1664224wrc; Sat, 07 May 2005 18:06:20 -0700 (PDT) Received: by 10.54.39.6 with HTTP; Sat, 7 May 2005 18:06:20 -0700 (PDT) Message-ID: <8eea040805050718066b6bc0f4@mail.gmail.com> Date: Sat, 7 May 2005 18:06:20 -0700 From: Jon Simola To: Jethro Wright III In-Reply-To: <015701c55350$a1435240$8700a8c0@EAGLE> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <015701c55350$a1435240$8700a8c0@EAGLE> cc: FreeBSD Net Subject: Re: [Q-4.9-R]Questions About A Simple Bridge X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jon@abccomm.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 May 2005 01:06:21 -0000 On 5/7/05, Jethro Wright III wrote: > My problem is (per the diagram) rl0. > dc0 and xl0 are anonymous interfaces (no IP addresses.) rl0 has a local, > private IP adress. dc0 and rl0 are plugged into the same switch and ther= ein > lies the specific problem. man bridge(4): BUGS Care must be taken not to construct loops in the bridge topology. The kernel supports only a primitive form of loop detection, by disabling some interfaces when a loop is detected. No support for a daemon runn= ing the spanning tree algorithm is currently provided. Plugging 2 interfaces into the same switch counts as a loop. I've got similar problems here, caused by people using wireless shots to connect random sites together and causing horrible problems in my network: May 5 09:25:23 cerebus /kernel: -- loop (10) 00.11.5c.d4.0c.00 to fxp0 from em1 (active) May 5 09:25:23 cerebus /kernel: -- loop (11) 00.11.5c.d4.0c.00 to em1 from fxp0 (active) May 5 09:25:23 cerebus /kernel: -- loop (12) 00.11.5c.d4.0c.00 to fxp0 from em1 (muted) May 5 09:25:23 cerebus /kernel: -- loop (12) 00.11.5c.d4.0c.00 to em1 from fxp0 (muted) That's the MAC of my upstream router, stopping my network dead. I have to become very agressive with layer2 filtering with ipfw to keep the bridge from seeing packets on the wrong interface. --=20 Jon Simola Systems Administrator ABC Communications From owner-freebsd-net@FreeBSD.ORG Sun May 8 06:35:17 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C95B16A4E1 for ; Sun, 8 May 2005 06:35:17 +0000 (GMT) Received: from swjscmail2.java.sun.com (swjscmail2.Sun.COM [192.18.99.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5500C43D8E for ; Sun, 8 May 2005 06:35:17 +0000 (GMT) (envelope-from owner-DEVELOPER-AUTORESPONDER@JAVA.SUN.COM) Received: from swjscmail1 (swjscmail1.Sun.COM [192.18.99.107]) by swjscmail2.java.sun.com (Postfix) with ESMTP id 0FA48217E3 for ; Sun, 8 May 2005 00:27:24 -0600 (MDT) Date: Sun, 8 May 2005 00:21:29 -0600 From: "L-Soft list server at Sun Microsystems Inc. (1.8e)" To: freebsd-net@FREEBSD.ORG Message-ID: X-LSV-ListID: DEVELOPER-AUTORESPONDER Subject: Thank you for your feedback X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 May 2005 06:35:17 -0000 Hello, This is an automated reply from Sun Microsystems. It was generated when a message was sent to one of our email aliases with this address as the 'Reply to:'. Thank you for your interest in Sun products and technologies and for taking the time to write. If you are seeking technical support or coding help, please see the resources listed here: http://developers.sun.com/ This email alias is no longer being monitored. We are now using a central feedback form to gather your comments and questions about the Web site. http://developers.sun.com/contact/index.jsp Your comments are important to us and help us improve our Web site and other services. However, due to the amount of mail that we receive, we will not be able to send individual responses to each email. Sincerely, The Source Web site team Sun Developer Network: The Source for Developers http://sun.com/developers/ From owner-freebsd-net@FreeBSD.ORG Sun May 8 06:35:18 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 63BE116A4E3 for ; Sun, 8 May 2005 06:35:18 +0000 (GMT) Received: from swjscmail2.java.sun.com (swjscmail2.Sun.COM [192.18.99.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id DA30343DA0 for ; Sun, 8 May 2005 06:35:17 +0000 (GMT) (envelope-from "") Received: from swjscmail1 (swjscmail1.Sun.COM [192.18.99.107]) by swjscmail2.java.sun.com (Postfix) with ESMTP id B2CB721721 for ; Sun, 8 May 2005 00:27:24 -0600 (MDT) Date: Sun, 8 May 2005 00:21:30 -0600 From: "L-Soft list server at Sun Microsystems Inc. (1.8e)" To: freebsd-net@FREEBSD.ORG Message-ID: Subject: Message ("The distribution of your message dated Sun, 08...") X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 May 2005 06:35:18 -0000 The distribution of your message dated Sun, 08 May 2005 06:34:56 GMT with no subject has been postponed because the JNI list is held. No action is required from you; your message will be reprocessed automatically once the list owner releases the list. From owner-freebsd-net@FreeBSD.ORG Sun May 8 06:35:18 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 94C6E16A4E5 for ; Sun, 8 May 2005 06:35:18 +0000 (GMT) Received: from swjscmail2.java.sun.com (swjscmail2.Sun.COM [192.18.99.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id 467FE43D5E for ; Sun, 8 May 2005 06:35:18 +0000 (GMT) (envelope-from "") Received: from swjscmail1 (swjscmail1.Sun.COM [192.18.99.107]) by swjscmail2.java.sun.com (Postfix) with ESMTP id 1E5EB217E3 for ; Sun, 8 May 2005 00:27:25 -0600 (MDT) Date: Sun, 8 May 2005 00:21:30 -0600 From: "L-Soft list server at Sun Microsystems Inc. (1.8e)" To: freebsd-net@FREEBSD.ORG Message-ID: Subject: Message ("The distribution of your message dated Sun, 08...") X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 May 2005 06:35:18 -0000 The distribution of your message dated Sun, 08 May 2005 06:34:56 GMT with no subject has been postponed because the JAVA-AWT list is held. No action is required from you; your message will be reprocessed automatically once the list owner releases the list. From owner-freebsd-net@FreeBSD.ORG Sun May 8 06:35:18 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D00FB16A4E1 for ; Sun, 8 May 2005 06:35:18 +0000 (GMT) Received: from swjscmail2.java.sun.com (swjscmail2.Sun.COM [192.18.99.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id B3BEC43D49 for ; Sun, 8 May 2005 06:35:18 +0000 (GMT) (envelope-from "") Received: from swjscmail1 (swjscmail1.Sun.COM [192.18.99.107]) by swjscmail2.java.sun.com (Postfix) with ESMTP id 8D6AF21721 for ; Sun, 8 May 2005 00:27:25 -0600 (MDT) Date: Sun, 8 May 2005 00:21:31 -0600 From: "L-Soft list server at Sun Microsystems Inc. (1.8e)" To: freebsd-net@FREEBSD.ORG Message-ID: Subject: Output of your job "freebsd-net" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 May 2005 06:35:19 -0000 > ok ok ok,,,,, here is it Too many arguments specified - maximum is 2. Summary of resource utilization ------------------------------- CPU time: 0.000 sec Overhead CPU: 0.000 sec CPU model: 4-CPU Ultra-80 Job origin: freebsd-net@FREEBSD.ORG From owner-freebsd-net@FreeBSD.ORG Sun May 8 06:35:19 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1C7FB16A4E1 for ; Sun, 8 May 2005 06:35:19 +0000 (GMT) Received: from swjscmail2.java.sun.com (swjscmail2.Sun.COM [192.18.99.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id EE7C943D2D for ; Sun, 8 May 2005 06:35:18 +0000 (GMT) (envelope-from owner-DEVELOPER-AUTORESPONDER@JAVA.SUN.COM) Received: from swjscmail1 (swjscmail1.Sun.COM [192.18.99.107]) by swjscmail2.java.sun.com (Postfix) with ESMTP id C83EF217E3 for ; Sun, 8 May 2005 00:27:25 -0600 (MDT) Date: Sun, 8 May 2005 00:21:31 -0600 From: "L-Soft list server at Sun Microsystems Inc. (1.8e)" To: freebsd-net@FREEBSD.ORG Message-ID: X-LSV-ListID: DEVELOPER-AUTORESPONDER Subject: Thank you for your feedback X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 May 2005 06:35:19 -0000 Hello, This is an automated reply from Sun Microsystems. It was generated when a message was sent to one of our email aliases with this address as the 'Reply to:'. Thank you for your interest in Sun products and technologies and for taking the time to write. If you are seeking technical support or coding help, please see the resources listed here: http://developers.sun.com/ This email alias is no longer being monitored. We are now using a central feedback form to gather your comments and questions about the Web site. http://developers.sun.com/contact/index.jsp Your comments are important to us and help us improve our Web site and other services. However, due to the amount of mail that we receive, we will not be able to send individual responses to each email. Sincerely, The Source Web site team Sun Developer Network: The Source for Developers http://sun.com/developers/ From owner-freebsd-net@FreeBSD.ORG Sun May 8 14:05:21 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B5A3A16A4E3 for ; Sun, 8 May 2005 14:05:21 +0000 (GMT) Received: from mss1.myactv.net (mss1.myactv.net [24.89.0.26]) by mx1.FreeBSD.org (Postfix) with SMTP id E3DF643D6A for ; Sun, 8 May 2005 14:05:20 +0000 (GMT) (envelope-from patrickdk@patrickdk.com) Received: (qmail 28241 invoked from network); 8 May 2005 14:05:14 -0000 Received: from dyn-19-218.myactv.net (24.89.19.218) by new.mss1.myactv.net with SMTP; 8 May 2005 14:05:14 -0000 Date: Sun, 8 May 2005 14:05:10 +0000 (UTC) From: Patrick Domack X-X-Sender: dswett@server.dswett.patrickdk.com To: freebsd-net@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: tap interface and locally generated packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: patrickdk@patrickdk.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 May 2005 14:05:21 -0000 I have been working with tap interfaces, bridging and openvpn Bridging works perfectly, and openvpn does too Packet pings from the tap interface works to any ip address, on the local machine or computer on the bridged network Attempting to make a tcp connection works for bridged network, but not the machine the tap interface is on I have found this is due to tcp checksums not being generated, Packets recieved over the tap interface on the client machine have blank (bad) checksums. I have looked at the source and it seems there is no interface to add the checksums to be generated for the tap interface. From owner-freebsd-net@FreeBSD.ORG Sun May 8 15:41:18 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3FDF516A4E3 for ; Sun, 8 May 2005 15:41:18 +0000 (GMT) Received: from mta9.adelphia.net (mta9.adelphia.net [68.168.78.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id C617C43D67 for ; Sun, 8 May 2005 15:41:17 +0000 (GMT) (envelope-from maksim.yevmenkin@savvis.net) Received: from [192.168.1.254] (really [70.32.199.60]) by mta9.adelphia.net (InterMail vM.6.01.04.01 201-2131-118-101-20041129) with ESMTP id <20050508154117.NBUP8952.mta9.adelphia.net@[192.168.1.254]>; Sun, 8 May 2005 11:41:17 -0400 Message-ID: <427E3336.3040907@savvis.net> Date: Sun, 08 May 2005 08:41:42 -0700 From: Maksim Yevmenkin User-Agent: Mozilla Thunderbird 0.7.1 (Windows/20040626) X-Accept-Language: en-us, en MIME-Version: 1.0 To: patrickdk@patrickdk.com References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: tap interface and locally generated packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 May 2005 15:41:18 -0000 Patrick, > I have been working with tap interfaces, bridging and openvpn > > Bridging works perfectly, and openvpn does too > > Packet pings from the tap interface works to any ip address, on the > local machine or computer on the bridged network > > Attempting to make a tcp connection works for bridged network, but not > the machine the tap interface is on > > I have found this is due to tcp checksums not being generated, Packets > recieved over the tap interface on the client machine have blank (bad) > checksums. > > I have looked at the source and it seems there is no interface to add > the checksums to be generated for the tap interface. tap(4) interface should not modify anything inside the packet. the whole point is to accept _complete_ ethernet frame from user-space (just as it comes from the wire) and pass it up the stack. my guess would be that something else is not generating proper ip checksum. just a crazy thought: are you offloading ip checksum'ing to your ethernet card? if so, please try to disable it and see if it helps. thanks, max From owner-freebsd-net@FreeBSD.ORG Sun May 8 16:54:27 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 88B5116A4E4 for ; Sun, 8 May 2005 16:54:27 +0000 (GMT) Received: from smartmx-02.inode.at (smartmx-02.inode.at [213.229.60.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 15DF843D66 for ; Sun, 8 May 2005 16:54:27 +0000 (GMT) (envelope-from mbretter@inode.at) Received: from [83.64.182.194] (port=61861 helo=[192.168.201.12]) by smartmx-02.inode.at with esmtp (Exim 4.34) id 1DUp2w-0001xm-1A for net@freebsd.org; Sun, 08 May 2005 18:54:26 +0200 Message-ID: <427E443B.9070301@inode.at> Date: Sun, 08 May 2005 18:54:19 +0200 From: Michael Bretterklieber User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-AT; rv:1.7.5) Gecko/20041217 X-Accept-Language: en-us, en MIME-Version: 1.0 To: net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Multiple Interfaces with the same IP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 May 2005 16:54:27 -0000 Hi, it looks like that under 5-stable it's allowed to have different interfaces with the same IP, bug or feature? bash-2.05b# ifconfig ath0 inet 192.168.201.12 netmask 0xffffff00 up bash-2.05b# ifconfig sk0 inet 192.168.201.12 netmask 0xffffff00 up bash-2.05b# ifconfig ath0: flags=8843 mtu 1500 inet6 fe80::20f:b5ff:fe1e:ce12%ath0 prefixlen 64 scopeid 0x1 inet 192.168.201.12 netmask 0xffffff00 broadcast 192.168.201.255 ether 00:0f:b5:1e:ce:12 media: IEEE 802.11 Wireless Ethernet autoselect mode 11b (DS/11Mbps) status: associated ssid xx 1:xx channel 11 authmode OPEN powersavemode OFF powersavesleep 100 rtsthreshold 2312 protmode CTS wepmode MIXED weptxkey 1 wepkey 1:104-bit sk0: flags=8843 mtu 1500 inet6 fe80::20f:eaff:fe3a:7058%sk0 prefixlen 64 scopeid 0x2 inet 192.168.201.12 netmask 0xffffff00 broadcast 192.168.201.255 ether 00:0f:ea:3a:70:58 media: Ethernet autoselect (100baseTX ) status: active thanx, bye, Michael From owner-freebsd-net@FreeBSD.ORG Sun May 8 17:03:13 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5237B16A4E4 for ; Sun, 8 May 2005 17:03:13 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5A4B243DA7 for ; Sun, 8 May 2005 17:03:12 +0000 (GMT) (envelope-from max@love2party.net) Received: from p54A3F096.dip.t-dialin.net[84.163.240.150] (helo=donor.laier.local) by mrelayeu.kundenserver.de with ESMTP (Nemesis), id 0ML25U-1DUpBP0JjI-0005u3; Sun, 08 May 2005 19:03:11 +0200 From: Max Laier To: freebsd-net@freebsd.org Date: Sun, 8 May 2005 19:03:03 +0200 User-Agent: KMail/1.8 References: <427E443B.9070301@inode.at> In-Reply-To: <427E443B.9070301@inode.at> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart5934594.ubGRiUv9Su"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200505081903.09631.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 cc: Michael Bretterklieber Subject: Re: Multiple Interfaces with the same IP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 May 2005 17:03:13 -0000 --nextPart5934594.ubGRiUv9Su Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday 08 May 2005 18:54, Michael Bretterklieber wrote: > it looks like that under 5-stable it's allowed to have different > interfaces with the same IP, bug or feature? =46eature and required for CARP to function. You need to change your route= ing=20 table to make sure the right one is used for outgoing traffic (or you just= =20 don't set the same IP on more than one interface). =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart5934594.ubGRiUv9Su Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCfkZNXyyEoT62BG0RAg04AJ90sy06AQfCAh2riRS11q2TCBtnWACaA7Dm KBA3OODU1ikwVjL1m7f43KA= =YFIn -----END PGP SIGNATURE----- --nextPart5934594.ubGRiUv9Su-- From owner-freebsd-net@FreeBSD.ORG Sun May 8 17:22:45 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A4ECD16A4E4 for ; Sun, 8 May 2005 17:22:45 +0000 (GMT) Received: from smartmx-06.inode.at (smartmx-06.inode.at [213.229.60.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5FD4943D97 for ; Sun, 8 May 2005 17:22:45 +0000 (GMT) (envelope-from mbretter@inode.at) Received: from [83.64.182.194] (port=57307 helo=[192.168.201.12]) by smartmx-06.inode.at with esmtp (Exim 4.34) id 1DUpUK-0003vl-Di; Sun, 08 May 2005 19:22:44 +0200 Message-ID: <427E4ADD.70104@inode.at> Date: Sun, 08 May 2005 19:22:37 +0200 From: Michael Bretterklieber User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-AT; rv:1.7.5) Gecko/20041217 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Max Laier References: <427E443B.9070301@inode.at> <200505081903.09631.max@love2party.net> In-Reply-To: <200505081903.09631.max@love2party.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Multiple Interfaces with the same IP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 May 2005 17:22:45 -0000 Hi, Max Laier wrote: > On Sunday 08 May 2005 18:54, Michael Bretterklieber wrote: > >>it looks like that under 5-stable it's allowed to have different >>interfaces with the same IP, bug or feature? > > > Feature and required for CARP to function. You need to change your routeing ok, this make sense. > table to make sure the right one is used for outgoing traffic (or you just > don't set the same IP on more than one interface). > sure, but in my case the Iface is configured with Mpd. I'm trying to catch that case, where a user with a static-IP (provided by the RADIUS server) was logged in twice. I tried to catch the return value from ifconfig, but since it's allowed to have multiple ifaces with the same ip, ifconfig succeeds. ... so, it looks like I have to find another way :-( thanx, bye, Michael From owner-freebsd-net@FreeBSD.ORG Sun May 8 22:47:44 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7678016A4E6 for ; Sun, 8 May 2005 22:47:44 +0000 (GMT) Received: from nic.ach.sch.gr (nic.sch.gr [194.63.238.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id BDDC143D8A for ; Sun, 8 May 2005 22:47:42 +0000 (GMT) (envelope-from keramida@linux.gr) Received: (qmail 26676 invoked by uid 207); 8 May 2005 22:47:41 -0000 Received: from keramida@linux.gr by nic by uid 201 with qmail-scanner-1.21 (sophie: 3.04/2.19/3.81. Clear:RC:1(81.186.70.51):. Processed in 0.979893 secs); 08 May 2005 22:47:41 -0000 Received: from dialup51.ach.sch.gr (HELO gothmog.gr) ([81.186.70.51]) (envelope-sender ) by nic.sch.gr (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for ; 8 May 2005 22:47:39 -0000 Received: from gothmog.gr (gothmog [127.0.0.1]) by gothmog.gr (8.13.3/8.13.3) with ESMTP id j48Lgq2m002348; Mon, 9 May 2005 00:42:52 +0300 (EEST) (envelope-from keramida@linux.gr) Received: (from giorgos@localhost) by gothmog.gr (8.13.3/8.13.3/Submit) id j48LgqUq002347; Mon, 9 May 2005 00:42:52 +0300 (EEST) (envelope-from keramida@linux.gr) Date: Mon, 9 May 2005 00:42:51 +0300 From: Giorgos Keramidas To: Michael Bretterklieber Message-ID: <20050508214251.GC2150@gothmog.gr> References: <427E443B.9070301@inode.at> <200505081903.09631.max@love2party.net> <427E4ADD.70104@inode.at> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <427E4ADD.70104@inode.at> cc: Max Laier cc: freebsd-net@freebsd.org Subject: Re: Multiple Interfaces with the same IP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 May 2005 22:47:44 -0000 On 2005-05-08 19:22, Michael Bretterklieber wrote: >Max Laier wrote: >>On Sunday 08 May 2005 18:54, Michael Bretterklieber wrote: >>> it looks like that under 5-stable it's allowed to have different >>> interfaces with the same IP, bug or feature? >> >> Feature and required for CARP to function. You need to change your >> routeing > > ok, this make sense. > >> table to make sure the right one is used for outgoing traffic (or you >> just don't set the same IP on more than one interface). > > sure, but in my case the Iface is configured with Mpd. I'm trying to > catch that case, where a user with a static-IP (provided by the RADIUS > server) was logged in twice. I tried to catch the return value from > ifconfig, but since it's allowed to have multiple ifaces with the same > ip, ifconfig succeeds. > > ... so, it looks like I have to find another way :-( Does the following help? gothmog:/home/giorgos$ ifconfig -a | grep -q 127.0.0.1 ; echo $? 0 gothmog:/home/giorgos$ ifconfig -a | grep -q 127.0.0.2 ; echo $? 1 From owner-freebsd-net@FreeBSD.ORG Mon May 9 02:13:40 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B94D816A4E9 for ; Mon, 9 May 2005 02:13:39 +0000 (GMT) Received: from sp.dominia.org (efnet-math.org [69.60.109.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4975843D53 for ; Mon, 9 May 2005 02:13:38 +0000 (GMT) (envelope-from ssouhlal@FreeBSD.org) Received: from [192.168.1.12] (63-170-138-118.cst-sg.blacksburg.ntc-com.net [63.170.138.118]) (authenticated bits=0) by sp.dominia.org (8.13.1/8.13.1) with ESMTP id j492DZlf008009 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO); Sun, 8 May 2005 22:13:36 -0400 In-Reply-To: References: Mime-Version: 1.0 (Apple Message framework v728) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <52F4D230-9D2D-4D75-93DC-FF54BB902D98@FreeBSD.org> Content-Transfer-Encoding: 7bit From: Suleiman Souhlal Date: Sun, 8 May 2005 22:13:29 -0400 To: Gandalf The White X-Mailer: Apple Mail (2.728) cc: freebsd-net@FreeBSD.org Subject: Re: FreeBSD and the Rose Attack / NewDawn X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 May 2005 02:13:40 -0000 Hello, On May 7, 2005, at 10:17 AM, Gandalf The White wrote: > Take a look at the Linux implementation, they did a pretty good > job. It > consists of something like: > 0) Store the size of packet in a variable > 1) Add up the number of bytes the fragments received and continue > to store / > accept fragments until ... > 2) You get the final fragment. If you have enough bytes to look > like you > have the entire packet then send the fragment off for reassembly, > otherwise > keep accepting fragments until you get enough fragments for the whole > packet. The patch at http://people.freebsd.org/~ssouhlal/testing/ ip_reass-20050507.diff does just this. Could you kindly test it? Bye, -- Suleiman Souhlal | ssouhlal@vt.edu The FreeBSD Project | ssouhlal@FreeBSD.org From owner-freebsd-net@FreeBSD.ORG Mon May 9 02:25:12 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 70C7E16A50D; Mon, 9 May 2005 02:25:11 +0000 (GMT) Received: from lakermmtao01.cox.net (lakermmtao01.cox.net [68.230.240.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 99F7643D83; Mon, 9 May 2005 02:25:10 +0000 (GMT) (envelope-from gandalf@digital.net) Received: from [192.168.1.94] (really [68.0.104.119]) by lakermmtao01.cox.net (InterMail vM.6.01.04.00 201-2131-118-20041027) with ESMTP id <20050509022508.FLXG11036.lakermmtao01.cox.net@[192.168.1.94]>; Sun, 8 May 2005 22:25:08 -0400 User-Agent: Microsoft-Entourage/10.1.6.040913.0 Date: Sun, 08 May 2005 21:25:08 -0500 From: Gandalf The White To: Suleiman Souhlal Message-ID: In-Reply-To: <52F4D230-9D2D-4D75-93DC-FF54BB902D98@FreeBSD.org> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit cc: freebsd-net@FreeBSD.org Subject: Re: FreeBSD and the Rose Attack / NewDawn X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 May 2005 02:25:12 -0000 Greetings and Salutations: On 5/8/05 9:13 PM, "Suleiman Souhlal" wrote: > On May 7, 2005, at 10:17 AM, Gandalf The White wrote: >> Take a look at the Linux implementation, they did a pretty good >> job. It >> consists of something like: > The patch at http://people.freebsd.org/~ssouhlal/testing/ > ip_reass-20050507.diff does just this. > Could you kindly test it? Yes. It will take me a little time to get it done. Ken --------------------------------------------------------------- Do not meddle in the affairs of wizards for they are subtle and quick to anger. Ken Hollis - Gandalf The White - gandalf@digital.net - O- TINLC WWW Page - http://digital.net/~gandalf/ Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html Trolls crossposts - http://digital.net/~gandalf/trollfaq.html From owner-freebsd-net@FreeBSD.ORG Mon May 9 02:31:51 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B644E16A4E6 for ; Mon, 9 May 2005 02:31:51 +0000 (GMT) Received: from mss1.myactv.net (mss1.myactv.net [24.89.0.26]) by mx1.FreeBSD.org (Postfix) with SMTP id C662943D8F for ; Mon, 9 May 2005 02:31:50 +0000 (GMT) (envelope-from patrickdk@patrickdk.com) Received: (qmail 11269 invoked from network); 9 May 2005 02:31:50 -0000 Received: from dyn-19-218.myactv.net (24.89.19.218) by new.mss1.myactv.net with SMTP; 9 May 2005 02:31:50 -0000 Date: Mon, 9 May 2005 02:31:50 +0000 (UTC) From: Patrick Domack X-X-Sender: dswett@server.dswett.patrickdk.com To: Maksim Yevmenkin In-Reply-To: <427E3336.3040907@savvis.net> Message-ID: References: <427E3336.3040907@savvis.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-net@freebsd.org cc: patrickdk@patrickdk.com Subject: Re: tap interface and locally generated packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: patrickdk@patrickdk.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 May 2005 02:31:51 -0000 Yes, ifconfig -txcsum fixes the problem, so somewhere packets are not getting marked to be summed if the hardware checksum is turned on, and packets don't go to the hardware card, but head to the tap interface instead. This will work for a for alittle while, but as these are high usage, gigabit links, and tend to have alot of traffic on them, where as the tap interface is low load. It could cause a descent amount of cpu load. Thanks. On Sun, 8 May 2005, Maksim Yevmenkin wrote: > Patrick, > >> I have been working with tap interfaces, bridging and openvpn >> >> Bridging works perfectly, and openvpn does too >> >> Packet pings from the tap interface works to any ip address, on the local >> machine or computer on the bridged network >> >> Attempting to make a tcp connection works for bridged network, but not the >> machine the tap interface is on >> >> I have found this is due to tcp checksums not being generated, Packets >> recieved over the tap interface on the client machine have blank (bad) >> checksums. >> >> I have looked at the source and it seems there is no interface to add the >> checksums to be generated for the tap interface. > > tap(4) interface should not modify anything inside the packet. the whole > point is to accept _complete_ ethernet frame from user-space (just as it > comes from the wire) and pass it up the stack. > > my guess would be that something else is not generating proper ip checksum. > just a crazy thought: are you offloading ip checksum'ing to your ethernet > card? if so, please try to disable it and see if it helps. > > thanks, > max > > From owner-freebsd-net@FreeBSD.ORG Mon May 9 03:12:08 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 748B516A4E7 for ; Mon, 9 May 2005 03:12:08 +0000 (GMT) Received: from relay02.pair.com (relay02.pair.com [209.68.5.16]) by mx1.FreeBSD.org (Postfix) with SMTP id CC51E43D70 for ; Mon, 9 May 2005 03:12:07 +0000 (GMT) (envelope-from silby@silby.com) Received: (qmail 2626 invoked from network); 9 May 2005 03:12:06 -0000 Received: from unknown (HELO localhost) (unknown) by unknown with SMTP; 9 May 2005 03:12:06 -0000 X-pair-Authenticated: 209.68.2.70 Date: Sun, 8 May 2005 22:11:54 -0500 (CDT) From: Mike Silbersack To: Suleiman Souhlal In-Reply-To: <52F4D230-9D2D-4D75-93DC-FF54BB902D98@FreeBSD.org> Message-ID: <20050508221054.X10047@odysseus.silby.com> References: <52F4D230-9D2D-4D75-93DC-FF54BB902D98@FreeBSD.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-net@FreeBSD.org cc: Gandalf The White Subject: Re: FreeBSD and the Rose Attack / NewDawn X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 May 2005 03:12:08 -0000 On Sun, 8 May 2005, Suleiman Souhlal wrote: > The patch at http://people.freebsd.org/~ssouhlal/testing/ > ip_reass-20050507.diff does just this. > Could you kindly test it? > > Bye, > -- > Suleiman Souhlal | ssouhlal@vt.edu The concept sounds ok, as long as it doesn't change how fragment reassembly works. We don't want to reassemble fragments in a way other than IDSes would. I'll take a look it this later in the week then. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Mon May 9 04:40:49 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9B45416A4E6 for ; Mon, 9 May 2005 04:40:49 +0000 (GMT) Received: from mail.emmplus.ie (mail.emmplus.ie [66.154.97.148]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5910643D7F for ; Mon, 9 May 2005 04:40:49 +0000 (GMT) (envelope-from jev@ecad.org) Received: from localhost (localhost [127.0.0.1]) by mail.emmplus.ie (Postfix) with ESMTP id 8EC8713AE2 for ; Mon, 9 May 2005 05:39:50 +0100 (IST) Received: from mail.emmplus.ie ([127.0.0.1]) by localhost (cohiba.emmplus.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 32641-03 for ; Mon, 9 May 2005 05:39:50 +0100 (IST) Received: from [192.168.0.103] (unknown [24.80.192.41]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.emmplus.ie (Postfix) with ESMTP id 0D26613A21 for ; Mon, 9 May 2005 05:39:50 +0100 (IST) Message-ID: <427EE9C5.2050800@ecad.org> Date: Sun, 08 May 2005 21:40:37 -0700 From: Jev User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050404) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at emmplus.ie Subject: prism54 support? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 May 2005 04:40:49 -0000 Hi All, Can someone tell me the status of FreeBSD support for prism54 based cards at the moment? I have a XG-600 card, pciconf output: none3@pci2:5:0: class=0x028000 card=0x001417cf chip=0x38901260 rev=0x01 hdr=0x00 vendor = 'Intersil Americas Inc (Was: Harris Semiconductor)' device = 'ISL3890 PRISM GT 802.11g 54Mbps Wireless Controller' class = network Thanks, -Jev From owner-freebsd-net@FreeBSD.ORG Mon May 9 06:26:18 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8328E16A4E6 for ; Mon, 9 May 2005 06:26:18 +0000 (GMT) Received: from web41511.mail.yahoo.com (web41511.mail.yahoo.com [66.218.93.94]) by mx1.FreeBSD.org (Postfix) with SMTP id 2224543D62 for ; Mon, 9 May 2005 06:26:18 +0000 (GMT) (envelope-from sv_p3@yahoo.com) Received: (qmail 81279 invoked by uid 60001); 9 May 2005 06:26:17 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=TFYNSmQNUOugJB/BbiQuVkHxrZmZOUCCba874KzoXhVE696uDpxejjBpjct7Pl48IZuVV7eJP0qv33r3Zp2IrrlsBQtWZP8OfKPhI+VtdVwoVev/al+oaP86oS8zvOrydVU8ziGmff1fR8ox0QGH9qt9qVbbs9nfcFj3rwl3iKQ= ; Message-ID: <20050509062617.81277.qmail@web41511.mail.yahoo.com> Received: from [210.214.232.143] by web41511.mail.yahoo.com via HTTP; Sun, 08 May 2005 23:26:17 PDT Date: Sun, 8 May 2005 23:26:17 -0700 (PDT) From: sumit panchasara To: Bhavesh Gajjar , Kiran Patel , soni chintan , bharat dobaria , Sumit Panchasara , get , Jhalavirendra , Neeraj Joshi , Sumit Panchasara MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Fwd: [ceddit2004] Patrix Reporting: Black listed companies-Very Important X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 May 2005 06:26:18 -0000 pratish gondalia wrote:To: Vaniavad Knights , DDITIANS 2004 From: pratish gondalia Date: Sun, 8 May 2005 22:50:22 -0700 (PDT) Subject: [ceddit2004] Patrix Reporting: Black listed companies-Very Important Note: forwarded message attached. --------------------------------- Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. --------------------------------- Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. --------------------------------- Yahoo! Groups Links To visit your group on the web, go to: http://groups.yahoo.com/group/ceddit2004/ To unsubscribe from this group, send an email to: ceddit2004-unsubscribe@yahoogroups.com Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. Date: Sun, 8 May 2005 22:07:41 -0700 (PDT) From: amit ved Subject: Fwd: [gmcs1104] Fwd: [CompRulz] Black listed companies-Very Important To: pratish gondalia Note: forwarded message attached. Discover Yahoo! Get on-the-go sports scores, stock quotes, news and more. Check it out! http://discover.yahoo.com/mobile.htmlTo: gmcs , ccchokshi , knowledge From: vikrant shah Date: Sun, 8 May 2005 08:25:48 -0700 (PDT) Subject: [gmcs1104] Fwd: [CompRulz] Black listed companies-Very Important vaibhav agarwal wrote: Date: Sun, 8 May 2005 03:04:53 -0700 (PDT) From: vaibhav agarwal Subject: Fwd: [CompRulz] Black listed companies-Very Important To: sardar , lovekuns@hotmail.com Note: forwarded message attached. --------------------------------- Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone.To: comprulz@yahoogroups.com From: Bhavana Date: Sat, 7 May 2005 21:34:43 -0700 (PDT) Subject: [CompRulz] Black listed companies-Very Important __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com Subject: Fw: Black listed companies-Very Important From: renu.a@tcs.com Date: Tue, 19 Apr 2005 16:51:08 +0530 Dont know how far this is true... List of Blacklisted companies... be careful with them... Pls go thru the full mail n Dont get into such a situation. Here is a list of fraud companies which lure people in India to USA.Please pass this on to all your friends and make them aware of it. List of Companies you need to be careful. 1. Mastech Sys 2. Syntel 3. Computer People Inc. 4. Capricon 5. American MegaTrend Inc. 6. CBS 7. Intelligroup (Edison - New Jersey) 8. Cybertech (Chicago - Ilinnois) 9. Systech (Gelndale - Calif.) 10. IntecNew Jersey. Now it is named as Compuflex. 11. Indotronixs or Indotronics? 12. Capricorn Systems Inc , Atlanta 13. BCC computers Ltd in Madras *** (Dangerously BlackListed)****** 14. Frontier Systems ***(Highly Black Listed) 15. C G VAK(Coimbatore) 16. Kumaran Software, Anna Nagar, Madras *******(Highly and Dangerously BlackListed)******* 17. BCS Project Consultants; Bangalore (These people call themselves BCS Computer Consultancies and Services. Highly blacklisted.)These people lay false claims of having done projects for defence organisations. 18. Pragathi Computers; Bangalore.(HighlyBlacklisted)Infact a Belgium based organisation is planning to take legal action on this organisation for claiming to do work for NATO. Friends, one of the above mentioned company is owned by an Indian, Kanna Srinivasan and he owns a company called BCC computers Ltd in Madras,India.! He brings.Indian programmers under a THREE YEARS bond which says if the employee quits the company he has to pay Rs 10,00,000 (only Ten lakhs). Also every employee has to surrender their school and college certificates. The contract also says that the employees will be paid $40,000 per year. The company will not pay for initial 45 days or start pay after you get the project in USA. Once you signed this agreement and surrendered the certificates you have fallen in their trap. Then you have only obey their orders as though it is an order from the god (Kannan P srinivasan). They will take their own time to process your H1B Visa (may be more than a year ). If you ask them you will be taken to USA, they will humiliate you by saying that your communication is bad,or you are not technically good. Recently employee named Mr.Rao committed suicide in Madras because the company terminated him. told that company cannot take him to USA because he is no good technically and communication is bad. The important point is that he was waiting in the Madras company for more than 8 months. Now by God's (Kannan P Srinivasan) grace you reached USA. The Best Computer Consultants ,Kansas City, USA will make you to sign another bond with blank Promisary Note Unfilled amount you owe to the company The company will send you to any project testing maintenance, year 2000,(luckily development). You can't refuse any project or you can't resign when you are on project.If you do so then the company will terminate you and further sue you for ($10,000 to $30,000). Now the company has filed a case against 20 employees in the Kansas city district court. The company will never pay you good,they will never give status on green card processing if you process with them,they will ask you to repay relocation charges,increments will not be given, but on regular basis you will be tortured by all the HRD and Marketing staff(Sub Gods).Beware of this company.Please tell your friends and relatives not to join this company and suffer.If anyone joined in Madras company please ask them to quit immediately. If visa is ready with this company and they are coming to USA,ATLEAST LET THEM NOT SIGN THE AGREEMENT AND THE BLANK PROMISERY NOTE in USA. Please forward this information to as many as friends possible both in USA and INDIA. Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you --------------------------------- Yahoo! Mail Stay connected, organized, and protected. Take the tour --------------------------------- Discover Yahoo! Find restaurants, movies, travel & more fun for the weekend. Check it out! From owner-freebsd-net@FreeBSD.ORG Mon May 9 11:01:45 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4B5A16A521 for ; Mon, 9 May 2005 11:01:44 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8856D43D1F for ; Mon, 9 May 2005 11:01:44 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j49B1iwW097661 for ; Mon, 9 May 2005 11:01:44 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j49B1hwn097653 for freebsd-net@freebsd.org; Mon, 9 May 2005 11:01:43 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 9 May 2005 11:01:43 GMT Message-Id: <200505091101.j49B1hwn097653@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 May 2005 11:01:45 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/07/11] kern/54383 net [nfs] [patch] NFS root configurations wit 1 problem total. From owner-freebsd-net@FreeBSD.ORG Mon May 9 17:43:58 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F41F216A4E9 for ; Mon, 9 May 2005 17:43:57 +0000 (GMT) Received: from mailgate1b.savvis.net (mailgate1b.savvis.net [216.91.182.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 49A3243D99 for ; Mon, 9 May 2005 17:43:57 +0000 (GMT) (envelope-from Maksim.Yevmenkin@savvis.net) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailgate1b.savvis.net (Postfix) with ESMTP id 9277E3BECD; Mon, 9 May 2005 12:43:56 -0500 (CDT) Received: from mailgate1b.savvis.net ([127.0.0.1]) by localhost (mailgate1b.savvis.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 16245-01-48; Mon, 9 May 2005 12:43:56 -0500 (CDT) Received: from out002.email.savvis.net (out002.apptix.savvis.net [216.91.32.45]) by mailgate1b.savvis.net (Postfix) with ESMTP id 5AD143BEB7; Mon, 9 May 2005 12:43:56 -0500 (CDT) Received: from s228130hz1ew171.apptix-01.savvis.net ([10.146.4.29]) by out002.email.savvis.net with Microsoft SMTPSVC(6.0.3790.211); Mon, 9 May 2005 12:43:52 -0500 Received: from [10.254.186.111] ([66.35.239.94]) by s228130hz1ew171.apptix-01.savvis.net with Microsoft SMTPSVC(6.0.3790.211); Mon, 9 May 2005 12:43:42 -0500 Message-ID: <427FA14C.30805@savvis.net> Date: Mon, 09 May 2005 10:43:40 -0700 From: Maksim Yevmenkin User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.2) Gecko/20040822 X-Accept-Language: en-us, en MIME-Version: 1.0 To: patrickdk@patrickdk.com References: <427E3336.3040907@savvis.net> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 09 May 2005 17:43:42.0163 (UTC) FILETIME=[A3FBBA30:01C554BE] X-Virus-Scanned: amavisd-new at savvis.net cc: freebsd-net@freebsd.org Subject: Re: tap interface and locally generated packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 May 2005 17:43:58 -0000 Patrick, > Yes, ifconfig -txcsum fixes the problem, so somewhere packets are not > getting marked to be summed if the hardware checksum is turned on, > and packets don't go to the hardware card, but head to the tap > interface instead. i do not know how your network is setup exactly, but i would guess that your ethernet bridge contains both tap and physical ethernet card that is capable of hardware ip checksumming. if the above guess is correct then what probably happens is: 1) packet goes out 2) because physical ethernet card can do ip checksumming, ip checksum is not calculated 3) the packet hits the bridge 4) tap gets a copy of the packet without ip checksum 5) openvpn/whatever reads the packet and sends it over the network 6) remote peer gets the packet without ip checksum and drops it > This will work for a for alittle while, but as these are high usage, > gigabit links, and tend to have alot of traffic on them, where as > the tap interface is low load. It could cause a descent amount of cpu > load. Thanks. again, the problem is not in the tap(4) (imo). because physical ethernet card is capable of hardware ip checksumming, ip checksum is not generated until the packet is about to be transmitted over the wire. ethernet bridge(4) just picks the packet earlier. it is possible (imo) to ensure that packets that go out on the tap interface have proper ip checksum. we could modify tapread() function and check if mbuf packet header has checksum flags. i will look into this and will send you a patch in a few days. in the mean time all ethernet interfaces in the bridge should have the same set of features. thanks, max > > On Sun, 8 May 2005, Maksim Yevmenkin wrote: > >> Patrick, >> >>> I have been working with tap interfaces, bridging and openvpn >>> >>> Bridging works perfectly, and openvpn does too >>> >>> Packet pings from the tap interface works to any ip address, on >>> the local machine or computer on the bridged network >>> >>> Attempting to make a tcp connection works for bridged network, >>> but not the machine the tap interface is on >>> >>> I have found this is due to tcp checksums not being generated, >>> Packets recieved over the tap interface on the client machine >>> have blank (bad) checksums. >>> >>> I have looked at the source and it seems there is no interface to >>> add the checksums to be generated for the tap interface. >> >> >> tap(4) interface should not modify anything inside the packet. the >> whole point is to accept _complete_ ethernet frame from user-space >> (just as it comes from the wire) and pass it up the stack. >> >> my guess would be that something else is not generating proper ip >> checksum. just a crazy thought: are you offloading ip checksum'ing >> to your ethernet card? if so, please try to disable it and see if >> it helps. >> >> thanks, max >> >> From owner-freebsd-net@FreeBSD.ORG Mon May 9 19:29:01 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 690AC16A4EA for ; Mon, 9 May 2005 19:29:01 +0000 (GMT) Received: from mailgate1b.savvis.net (mailgate1b.savvis.net [216.91.182.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id A7D6043D81 for ; Mon, 9 May 2005 19:29:00 +0000 (GMT) (envelope-from Maksim.Yevmenkin@savvis.net) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailgate1b.savvis.net (Postfix) with ESMTP id CBEB03BF6E; Mon, 9 May 2005 14:28:59 -0500 (CDT) Received: from mailgate1b.savvis.net ([127.0.0.1]) by localhost (mailgate1b.savvis.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 22890-01-61; Mon, 9 May 2005 14:28:59 -0500 (CDT) Received: from out002.email.savvis.net (out002.apptix.savvis.net [216.91.32.45]) by mailgate1b.savvis.net (Postfix) with ESMTP id 609923BE26; Mon, 9 May 2005 14:28:59 -0500 (CDT) Received: from s228130hz1ew171.apptix-01.savvis.net ([10.146.4.29]) by out002.email.savvis.net with Microsoft SMTPSVC(6.0.3790.211); Mon, 9 May 2005 14:28:54 -0500 Received: from [10.254.186.111] ([66.35.239.94]) by s228130hz1ew171.apptix-01.savvis.net with Microsoft SMTPSVC(6.0.3790.211); Mon, 9 May 2005 14:28:50 -0500 Message-ID: <427FB9ED.6010607@savvis.net> Date: Mon, 09 May 2005 12:28:45 -0700 From: Maksim Yevmenkin User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.2) Gecko/20040822 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <427E3336.3040907@savvis.net> <427FA14C.30805@savvis.net> In-Reply-To: <427FA14C.30805@savvis.net> Content-Type: multipart/mixed; boundary="------------030803080502010401040102" X-OriginalArrivalTime: 09 May 2005 19:28:50.0341 (UTC) FILETIME=[53F34D50:01C554CD] X-Virus-Scanned: amavisd-new at savvis.net cc: patrickdk@patrickdk.com Subject: [PATCH] Re: tap interface and locally generated packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 May 2005 19:29:01 -0000 This is a multi-part message in MIME format. --------------030803080502010401040102 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Dear Hackers, could someone please take/try a look at the attached patch? since i do not have a card that is capable of hardware checksumming i can not test it here. thanks, max Maksim Yevmenkin wrote: > Patrick, > >> Yes, ifconfig -txcsum fixes the problem, so somewhere packets are not >> getting marked to be summed if the hardware checksum is turned on, >> and packets don't go to the hardware card, but head to the tap >> interface instead. > > > i do not know how your network is setup exactly, but i would guess that > your ethernet bridge contains both tap and physical ethernet card that > is capable of hardware ip checksumming. > > if the above guess is correct then what probably happens is: > > 1) packet goes out > > 2) because physical ethernet card can do ip checksumming, ip checksum is > not calculated > > 3) the packet hits the bridge > > 4) tap gets a copy of the packet without ip checksum > > 5) openvpn/whatever reads the packet and sends it over the network > > 6) remote peer gets the packet without ip checksum and drops it > >> This will work for a for alittle while, but as these are high usage, >> gigabit links, and tend to have alot of traffic on them, where as >> the tap interface is low load. It could cause a descent amount of cpu >> load. Thanks. > > > again, the problem is not in the tap(4) (imo). because physical ethernet > card is capable of hardware ip checksumming, ip checksum is not > generated until the packet is about to be transmitted over the wire. > ethernet bridge(4) just picks the packet earlier. > > it is possible (imo) to ensure that packets that go out on the tap > interface have proper ip checksum. we could modify tapread() function > and check if mbuf packet header has checksum flags. i will look into > this and will send you a patch in a few days. > > in the mean time all ethernet interfaces in the bridge should have the > same set of features. > > thanks, > max > >> >> On Sun, 8 May 2005, Maksim Yevmenkin wrote: >> >>> Patrick, >>> >>>> I have been working with tap interfaces, bridging and openvpn >>>> >>>> Bridging works perfectly, and openvpn does too >>>> >>>> Packet pings from the tap interface works to any ip address, on >>>> the local machine or computer on the bridged network >>>> >>>> Attempting to make a tcp connection works for bridged network, >>>> but not the machine the tap interface is on >>>> >>>> I have found this is due to tcp checksums not being generated, >>>> Packets recieved over the tap interface on the client machine >>>> have blank (bad) checksums. >>>> >>>> I have looked at the source and it seems there is no interface to >>>> add the checksums to be generated for the tap interface. >>> >>> >>> >>> tap(4) interface should not modify anything inside the packet. the >>> whole point is to accept _complete_ ethernet frame from user-space >>> (just as it comes from the wire) and pass it up the stack. >>> >>> my guess would be that something else is not generating proper ip >>> checksum. just a crazy thought: are you offloading ip checksum'ing >>> to your ethernet card? if so, please try to disable it and see if >>> it helps. >>> >>> thanks, max >>> >>> > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" --------------030803080502010401040102 Content-Type: text/plain; name="if_tap.c.ip_checksum.diff.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="if_tap.c.ip_checksum.diff.txt" --- if_tap.c.orig Fri Apr 29 15:22:56 2005 +++ if_tap.c Mon May 9 12:25:07 2005 @@ -64,6 +64,9 @@ #include #include +#include +#include +#include #include #include @@ -772,6 +775,36 @@ error = tsleep(tp,PCATCH|(PZERO+1),"taprd",0); if (error) return (error); + } + + /* make sure we have packet header */ + M_ASSERTPKTHDR(m); + + /* + * this is a hack. apparently tap interface could get a packet + * without ip checksum. my current theory is that this happens + * when tap is used in ethernet bridge with physical ethernet + * card capable of hardware ip checksumming. so, check the + * csum_flags in the packet header to see if we should generate + * ip checksum. + */ + + if (m->m_pkthdr.csum_flags & CSUM_IP) { + struct ip *ip; + int len; + + len = min(m->m_pkthdr.len, ETHER_HDR_LEN + 60); + + if (m->m_len < len) { + m = m_pullup(m, len); + if (m == NULL) + continue; + } + + m->m_data += ETHER_HDR_LEN; + ip = mtod(m, struct ip *); + ip->ip_sum = in_cksum(m, ip->ip_hl << 2); + m->m_data -= ETHER_HDR_LEN; } } while (m == NULL); --------------030803080502010401040102-- From owner-freebsd-net@FreeBSD.ORG Tue May 10 00:52:00 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 17F9D16A4F6 for ; Tue, 10 May 2005 00:52:00 +0000 (GMT) Received: from mss1.myactv.net (mss1.myactv.net [24.89.0.26]) by mx1.FreeBSD.org (Postfix) with SMTP id 7BDCC43D4C for ; Tue, 10 May 2005 00:51:59 +0000 (GMT) (envelope-from patrickdk@patrickdk.com) Received: (qmail 20787 invoked from network); 10 May 2005 00:51:58 -0000 Received: from dyn-19-218.myactv.net (24.89.19.218) by new.mss1.myactv.net with SMTP; 10 May 2005 00:51:58 -0000 Date: Tue, 10 May 2005 00:51:58 +0000 (UTC) From: Patrick Domack X-X-Sender: dswett@server.dswett.patrickdk.com To: Maksim Yevmenkin In-Reply-To: <427FB9ED.6010607@savvis.net> Message-ID: References: <427FA14C.30805@savvis.net> <427FB9ED.6010607@savvis.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-net@freebsd.org cc: patrickdk@patrickdk.com Subject: Re: [PATCH] Re: tap interface and locally generated packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: patrickdk@patrickdk.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 May 2005 00:52:00 -0000 Yes, this works, atleast on my development system. Thanks. On Mon, 9 May 2005, Maksim Yevmenkin wrote: > Dear Hackers, > > could someone please take/try a look at the attached patch? since i do not > have a card that is capable of hardware checksumming i can not test it here. > > thanks, > max > > Maksim Yevmenkin wrote: >> Patrick, >> >>> Yes, ifconfig -txcsum fixes the problem, so somewhere packets are not >>> getting marked to be summed if the hardware checksum is turned on, >>> and packets don't go to the hardware card, but head to the tap >>> interface instead. >> >> >> i do not know how your network is setup exactly, but i would guess that >> your ethernet bridge contains both tap and physical ethernet card that is >> capable of hardware ip checksumming. >> >> if the above guess is correct then what probably happens is: >> >> 1) packet goes out >> >> 2) because physical ethernet card can do ip checksumming, ip checksum is >> not calculated >> >> 3) the packet hits the bridge >> >> 4) tap gets a copy of the packet without ip checksum >> >> 5) openvpn/whatever reads the packet and sends it over the network >> >> 6) remote peer gets the packet without ip checksum and drops it >> >>> This will work for a for alittle while, but as these are high usage, >>> gigabit links, and tend to have alot of traffic on them, where as >>> the tap interface is low load. It could cause a descent amount of cpu >>> load. Thanks. >> >> >> again, the problem is not in the tap(4) (imo). because physical ethernet >> card is capable of hardware ip checksumming, ip checksum is not generated >> until the packet is about to be transmitted over the wire. ethernet >> bridge(4) just picks the packet earlier. >> >> it is possible (imo) to ensure that packets that go out on the tap >> interface have proper ip checksum. we could modify tapread() function and >> check if mbuf packet header has checksum flags. i will look into this and >> will send you a patch in a few days. >> >> in the mean time all ethernet interfaces in the bridge should have the same >> set of features. >> >> thanks, >> max >> >>> >>> On Sun, 8 May 2005, Maksim Yevmenkin wrote: >>> >>>> Patrick, >>>> >>>>> I have been working with tap interfaces, bridging and openvpn >>>>> >>>>> Bridging works perfectly, and openvpn does too >>>>> >>>>> Packet pings from the tap interface works to any ip address, on >>>>> the local machine or computer on the bridged network >>>>> >>>>> Attempting to make a tcp connection works for bridged network, >>>>> but not the machine the tap interface is on >>>>> >>>>> I have found this is due to tcp checksums not being generated, Packets >>>>> recieved over the tap interface on the client machine >>>>> have blank (bad) checksums. >>>>> >>>>> I have looked at the source and it seems there is no interface to >>>>> add the checksums to be generated for the tap interface. >>>> >>>> >>>> >>>> tap(4) interface should not modify anything inside the packet. the >>>> whole point is to accept _complete_ ethernet frame from user-space >>>> (just as it comes from the wire) and pass it up the stack. >>>> >>>> my guess would be that something else is not generating proper ip >>>> checksum. just a crazy thought: are you offloading ip checksum'ing >>>> to your ethernet card? if so, please try to disable it and see if >>>> it helps. >>>> >>>> thanks, max >>>> >>>> >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Tue May 10 13:25:13 2005 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3503A16A4CE; Tue, 10 May 2005 13:25:13 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0DD5B43D8D; Tue, 10 May 2005 13:25:13 +0000 (GMT) (envelope-from arved@FreeBSD.org) Received: from freefall.freebsd.org (arved@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j4ADPCg9051804; Tue, 10 May 2005 13:25:12 GMT (envelope-from arved@freefall.freebsd.org) Received: (from arved@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j4ADPCBE051800; Tue, 10 May 2005 13:25:12 GMT (envelope-from arved) Date: Tue, 10 May 2005 13:25:12 GMT From: Tilman Linneweh Message-Id: <200505101325.j4ADPCBE051800@freefall.freebsd.org> To: arved@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-net@FreeBSD.org Subject: Re: kern/76432: [patch] [net/route.h] recursive locking in the network stack X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 May 2005 13:25:13 -0000 Synopsis: [patch] [net/route.h] recursive locking in the network stack Responsible-Changed-From-To: freebsd-bugs->freebsd-net Responsible-Changed-By: arved Responsible-Changed-When: Tue May 10 13:24:52 GMT 2005 Responsible-Changed-Why: over to freebsd-net Mailinglist for review http://www.freebsd.org/cgi/query-pr.cgi?pr=76432 From owner-freebsd-net@FreeBSD.ORG Tue May 10 14:55:18 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC01B16A4CE for ; Tue, 10 May 2005 14:55:17 +0000 (GMT) Received: from antsrv1.ant.uni-bremen.de (antsrv2.ant.uni-bremen.de [134.102.176.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3A70F43D2D for ; Tue, 10 May 2005 14:55:15 +0000 (GMT) (envelope-from rebehn@ant.uni-bremen.de) Received: from bremerhaven.ant.uni-bremen.de ([134.102.176.10]) by antsrv2.ant.uni-bremen.de with esmtp (Exim 4.42) id 1DVW8d-0003uu-G8 for freebsd-net@freebsd.org; Tue, 10 May 2005 16:55:11 +0200 Message-ID: <4280CB5B.1080007@ant.uni-bremen.de> Date: Tue, 10 May 2005 16:55:23 +0200 From: Heinrich Rebehn User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050420 Debian/1.7.7-2 X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "antsrv2.ant.uni-bremen.de", hasmessageblock similar future email. If you have any questions, see the administrator of that system for details.with our Linux NFS clients, i toook a look at 'nfsstat -s' on our FreeBSD server (RELENG_5_3). I noticed that "Server Ret-Failed" was rapidly increasing. After 1 day of uptime, it is already at 643936: [...] Content analysis details: (0.0 points, 5.0 required) pts rule name description -------------------------------------------------- Subject: nfsrvstats.srvrpc_errs rapidly increasing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 May 2005 14:55:18 -0000 Hi all, In order to find the cause of the problems with our Linux NFS clients, i toook a look at 'nfsstat -s' on our FreeBSD server (RELENG_5_3). I noticed that "Server Ret-Failed" was rapidly increasing. After 1 day of uptime, it is already at 643936: ####################################################################### root@antsrv1 [~] # nfsstat -s Server Info: Getattr Setattr Lookup Readlink Read Write Create Remove 2501670 234193 1051157 12421 365378 185952 61166 74050 Rename Link Symlink Mkdir Rmdir Readdir RdirPlus Access 60646 19767 246 1494 354 2265 50548 4465364 Mknod Fsstat Fsinfo PathConf Commit 12 588 141 0 103946 Server Ret-Failed 643936 Server Faults 0 Server Cache Stats: Inprog Idem Non-idem Misses 3 5 0 162819 Server Write Gathering: WriteOps WriteRPC Opsaved 185952 185952 0 root@antsrv1 [~] # uptime 4:24PM up 1 day, 17 mins, 4 users, load averages: 0.02, 0.03, 0.00 ###################################################################### Looking into nfsstat's source, i found that "nfsrvstats.srvrpc_errs" is the counter shown. Grep-ing the kernel sources showed that it is increased by /usr/src/sys/nfsserver/nfs_srvsock.c. It seems to be a catch-all for unexpected rpc errors. The procedure, nfs_rephead(), is called by nfs_srvcache.c, where rp->rc_status is supplied as value for the error. At this point i am unable to track things any further, i am not familiar with kernel sources. Question: is there a list of error codes somewhere? I hacked a log output into nfs_srvsock.c: --- nfs_srvsock.c Sat Jul 24 04:07:09 2004 +++ nfs_srvsock.ANT.c Tue May 10 16:30:52 2005 @@ -213,8 +213,10 @@ } *mbp = mb; *bposp = bpos; - if (err != 0 && err != NFSERR_RETVOID) + if (err != 0 && err != NFSERR_RETVOID){ nfsrvstats.srvrpc_errs++; + log(LOG_WARNING, "ANT: unknown RPC error %d\n", err); + } return mreq; } Most errors (>90%) are "2", but i also see 1, 13, 17, 66, 70 Any thoughts on this? We do have annoying problems with Linux clients (2.6.8) occasionally hanging when mounting from the FBSD machine. I don't know if this is related, but at least it's a point to start. Thanks for any help, Heinrich Rebehn -- Heinrich Rebehn University of Bremen Physics / Electrical and Electronics Engineering - Department of Telecommunications - Phone : +49/421/218-4664 Fax : -3341 From owner-freebsd-net@FreeBSD.ORG Tue May 10 17:39:37 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D7B2916A4CE for ; Tue, 10 May 2005 17:39:37 +0000 (GMT) Received: from mailgate1b.savvis.net (mailgate1b.savvis.net [216.91.182.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8129D43D88 for ; Tue, 10 May 2005 17:39:37 +0000 (GMT) (envelope-from Maksim.Yevmenkin@savvis.net) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailgate1b.savvis.net (Postfix) with ESMTP id E0F883BEA3; Tue, 10 May 2005 12:39:36 -0500 (CDT) Received: from mailgate1b.savvis.net ([127.0.0.1]) by localhost (mailgate1b.savvis.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 19975-01-61; Tue, 10 May 2005 12:39:36 -0500 (CDT) Received: from out002.email.savvis.net (out002.apptix.savvis.net [216.91.32.45]) by mailgate1b.savvis.net (Postfix) with ESMTP id AA6423BE29; Tue, 10 May 2005 12:39:36 -0500 (CDT) Received: from s228130hz1ew031.apptix-01.savvis.net ([10.146.4.28]) by out002.email.savvis.net with Microsoft SMTPSVC(6.0.3790.211); Tue, 10 May 2005 12:39:27 -0500 Received: from [10.254.186.111] ([66.35.239.94]) by s228130hz1ew031.apptix-01.savvis.net with Microsoft SMTPSVC(6.0.3790.211); Tue, 10 May 2005 12:39:22 -0500 Message-ID: <4280F1C6.2030009@savvis.net> Date: Tue, 10 May 2005 10:39:18 -0700 From: Maksim Yevmenkin User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.2) Gecko/20040822 X-Accept-Language: en-us, en MIME-Version: 1.0 To: yongari@rndsoft.co.kr References: <20050510004847.GA4990@rndsoft.co.kr> In-Reply-To: <20050510004847.GA4990@rndsoft.co.kr> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 10 May 2005 17:39:23.0010 (UTC) FILETIME=[33EDDE20:01C55587] X-Virus-Scanned: amavisd-new at savvis.net cc: freebsd-net@freebsd.org Subject: Re: [PATCH] Re: tap interface and locally generated packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 May 2005 17:39:38 -0000 Pyun, > I can't sure but bridge(4) seems to have checksum related issues. > Here is my theory. > > Interface A : H/W checksum offloading supported, Have IP address > Interface B : no H/W checksum offloading, No IP address assigned > Gateway : 192.168.10.1 > > > | Bridge > +---------------------------+ > | | > Interface A Interface B > IP address 192.168.10.5 | > | | > | | > | Gateway | 192.168.10.0/24 > > > If one of client in 192.168.10.0/24 connects to bridged host IP(192.168.10.5) > it would get corrupted checksummed packet. Since the interface selected > in ip_ouput(), interface A, will indicate HWCSUM offloading ip_output > just pass the packet down to the ethernet layer. But in brdige it would > be rerouted to interface B. well, i sort of said the same thing in my previous email to Patrick. > As you noted I think it's not fault of tap(4). It seems that the correct > solution would do S/W checksumming for all bridged interfaces in > ip_output. However it's not easy to know the interface selected in > ip_output is one of bridged interfaces(lack of if_bridge member > in struct ifnet). So I think this is another reason FreeBSD should > import OpenBSD/NetBSD bridge driver. i think we all agree that there is a problem. the problem is: bridge(4) assumes that _all_ interfaces in a cluster have _the_same_ hardware capabilities (checksum offloading). if at least one interface in a cluster has different capabilities then you are going to have a problem. now i'm not sure this assumption if flawed. it is certainly not obvious from the bridge(4) man page and i do not recall seeing this documented anywhere. it is not that hard to use the same type of ethernet cards in one machine. especially when all modern server motherboards ships with two (or more) on-board ethernet cards. Patrick observed one corner case of the problem where one of the interfaces in the bridge happens to be tap(4). in his case other (physical) interface is loaded and turning hardware checksumming off will increase cpu load. my tap(4) patch is a hack, and it only works for ip checksumming. note that some cards can do udp/tcp checksums as well. imo, implementing similar hacks for all ethernet drivers (that do not support hardware checksumming) is wrong. like you said it has to be done at bridge level. if you think that porting OpenBSD/NetBSD bridge driver is a good idea you are welcome to submit the patches. imo, it should be possible to fix this in our current bridge(4) implementation. bridge(4) knows where packet is coming from and going to. it could check hardware capabilities of the destination interface and calculate checksums if needed. thanks, max From owner-freebsd-net@FreeBSD.ORG Tue May 10 20:12:04 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A5FD516A4CE for ; Tue, 10 May 2005 20:12:04 +0000 (GMT) Received: from web80602.mail.yahoo.com (web80602.mail.yahoo.com [66.218.79.91]) by mx1.FreeBSD.org (Postfix) with SMTP id 5DD0043D64 for ; Tue, 10 May 2005 20:12:04 +0000 (GMT) (envelope-from mohan_srinivasan@yahoo.com) Message-ID: <20050510201204.57969.qmail@web80602.mail.yahoo.com> Received: from [207.126.239.39] by web80602.mail.yahoo.com via HTTP; Tue, 10 May 2005 13:12:04 PDT Date: Tue, 10 May 2005 13:12:04 -0700 (PDT) From: Mohan Srinivasan To: Heinrich Rebehn , freebsd-net@freebsd.org In-Reply-To: 6667 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: nfsrvstats.srvrpc_errs rapidly increasing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 May 2005 20:12:04 -0000 Hi, The srvrcp_errs are very likely unrelated to the hangs. nfs_rephead() is called (via the contorted macros nfsm_reply() and friends) from the NFS server routines in nfs_serv.c. The error that was returned by the vnode op called is passed into nfs_rephead(), whence it gets into the NFS reply. The fact that you see these errors go up is not abnormal. In your case, over 90% of these errors are ENOENT. Are you using NFS/TCP ? Can you force the mount to NFS/UDP ? I have seen a bug in the FreeBSD 5.x NFS server, where in the NFS/TCP case, the stream gets out of sync. This results in the RPC record markers to be completely wrong, confusing clients. Now, I don't know if this bug can cause the Linux client to hang or not, but this is definitely worth eliminating as a factor. The FreeBSD NFS client recovers from this by tearing down the connection and reconnecting, other clients may behave strangely. mohan > In order to find the cause of the problems with our Linux NFS clients, i > toook a look at 'nfsstat -s' on our FreeBSD server (RELENG_5_3). > I noticed that "Server Ret-Failed" was rapidly increasing. After 1 day > of uptime, it is already at 643936: > > ####################################################################### > root@antsrv1 [~] # nfsstat -s > > Server Info: > Getattr Setattr Lookup Readlink Read Write Create > Remove > 2501670 234193 1051157 12421 365378 185952 61166 > 74050 > Rename Link Symlink Mkdir Rmdir Readdir RdirPlus > Access > 60646 19767 246 1494 354 2265 50548 > 4465364 > Mknod Fsstat Fsinfo PathConf Commit > 12 588 141 0 103946 > Server Ret-Failed > 643936 > Server Faults > 0 > Server Cache Stats: > Inprog Idem Non-idem Misses > 3 5 0 162819 > Server Write Gathering: > WriteOps WriteRPC Opsaved > 185952 185952 0 > root@antsrv1 [~] # uptime > 4:24PM up 1 day, 17 mins, 4 users, load averages: 0.02, 0.03, 0.00 > ###################################################################### > > Looking into nfsstat's source, i found that "nfsrvstats.srvrpc_errs" is > the counter shown. Grep-ing the kernel sources showed that it is > increased by /usr/src/sys/nfsserver/nfs_srvsock.c. > It seems to be a catch-all for unexpected rpc errors. > The procedure, nfs_rephead(), is called by nfs_srvcache.c, where > rp->rc_status is supplied as value for the error. > At this point i am unable to track things any further, i am not familiar > with kernel sources. > > Question: is there a list of error codes somewhere? > > I hacked a log output into nfs_srvsock.c: > > --- nfs_srvsock.c Sat Jul 24 04:07:09 2004 > +++ nfs_srvsock.ANT.c Tue May 10 16:30:52 2005 > @@ -213,8 +213,10 @@ > } > *mbp = mb; > *bposp = bpos; > - if (err != 0 && err != NFSERR_RETVOID) > + if (err != 0 && err != NFSERR_RETVOID){ > nfsrvstats.srvrpc_errs++; > + log(LOG_WARNING, "ANT: unknown RPC error %d\n", err); > + } > return mreq; > } > > Most errors (>90%) are "2", but i also see 1, 13, 17, 66, 70 > > Any thoughts on this? We do have annoying problems with Linux clients > (2.6.8) occasionally hanging when mounting from the FBSD machine. I > don't know if this is related, but at least it's a point to start. > > Thanks for any help, > > Heinrich Rebehn > -- > > Heinrich Rebehn > > University of Bremen > Physics / Electrical and Electronics Engineering > - Department of Telecommunications - > > Phone : +49/421/218-4664 > Fax : -3341 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Tue May 10 21:13:30 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A4C6216A4CE for ; Tue, 10 May 2005 21:13:30 +0000 (GMT) Received: from eql145.neoplus.adsl.tpnet.pl (eql145.neoplus.adsl.tpnet.pl [83.20.79.145]) by mx1.FreeBSD.org (Postfix) with SMTP id A6D5A43D31 for ; Tue, 10 May 2005 21:13:28 +0000 (GMT) (envelope-from civilize@cooney.net) Received: from [47.108.60.200] (port=2547 helo=[flicks]) by eql145.neoplus.adsl.tpnet.pl with esmtp id 81702126867chromosphere40256 for freebsd-net@freebsd.org; Tue, 10 May 2005 23:05:47 +0300 Mime-Version: 1.0 (Apple Message framework v728) Content-Transfer-Encoding: 7bit Message-Id: <7349320393.18684@eql145.neoplus.adsl.tpnet.pl> Content-Type: text/plain; charset=US-ASCII; format=flowed To: freebsd-net@freebsd.org From: Rosamund Date: Tue, 10 May 2005 23:05:46 +0300 X-Mailer: Apple Mail (2.728) Subject: Bro check out this awesome new product X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 May 2005 21:13:30 -0000 Wanna be more man? Check this dude http://www.swearet.com/ss/ Penis Enlargement announcement From owner-freebsd-net@FreeBSD.ORG Tue May 10 22:26:52 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 14F3E16A4CE for ; Tue, 10 May 2005 22:26:52 +0000 (GMT) Received: from postfix4-2.free.fr (postfix4-2.free.fr [213.228.0.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 604C143D9A for ; Tue, 10 May 2005 22:26:51 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix4-2.free.fr (Postfix) with ESMTP id 7D3DB31926B; Wed, 11 May 2005 00:26:49 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id 34ADC4080; Wed, 11 May 2005 00:25:49 +0200 (CEST) Date: Wed, 11 May 2005 00:25:49 +0200 From: Jeremie Le Hen To: Maksim Yevmenkin Message-ID: <20050510222549.GP91329@obiwan.tataz.chchile.org> References: <20050510004847.GA4990@rndsoft.co.kr> <4280F1C6.2030009@savvis.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4280F1C6.2030009@savvis.net> User-Agent: Mutt/1.5.9i cc: freebsd-net@freebsd.org cc: yongari@rndsoft.co.kr Subject: Re: [PATCH] Re: tap interface and locally generated packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 May 2005 22:26:52 -0000 > if you think that porting OpenBSD/NetBSD bridge driver is a good idea > you are welcome to submit the patches. imo, it should be possible to fix > this in our current bridge(4) implementation. bridge(4) knows where > packet is coming from and going to. it could check hardware capabilities > of the destination interface and calculate checksums if needed. This is a little bit off-topic but I strongly support import of if_bridge(4). AFAIK the latter supports spanning-tree protocol whereas our bridge(4) doesn't. I also prefer if_bridge(4) in that I find that having a common bridge implementation among all BSDs is a good thing as we will benefit from others' improvements. The pf(4) firewall is now a good example of such a collaboration. For example, one FreeBSD src commiter supplied a patch to enable matching the ruid of the process from which the packet come from [1] (I don't know however if Max Laier submitted it to Daniel Hartmeier). And for my very personnal feeling, I find having a dedicated interface representing the whole bridge is more intuitive than choosing arbitrarily one interface among the ones composing the bridge to handle the IP address(es). I also think that brconfig(8) is more intuitive than a sysctl to configure a bridge, or at least it is scriptable more easily. However, if if_bridge(4) is imported someday in FreeBSD, I suspect brconfig(8) will have to be modified to become one module of ifconfig(8), as Sam Leffler recently modified ifconfig(8) to greatly simplify feature addition (and all special network commands now complete their life into ifconfig(8), as a module). A brief look at if_bridge(4) code in OpenBSD source tree shows that the current problem of IP/TCP/UDP hardware checksuming seems to be handled (see src/sys/net/if_bridge.c rev 1.143, line 962), but in a very radical way : it simply drops the packet :-). However, NetBSD's if_bridge(4) source is radically different from OpenBSD's one, because it has been heavily modified by Jason Thorpe when he imported it into NetBSD. It seems that rev 1.26 solved the problem of checksum offloading. Finally, FYI, Andrew Thompson began to port if_bridge(4) to FreeBSD [2] but there were still a few bugs and I don't know at all if he has got enough time to work on it since then (it seems so as the file modification date is 2005/05/03). Unfortunately this patch seems to be based on rev 1.21 of NetBSD's if_bridge.c, this is a little bit old. Best regards, [1] http://mu.org/~mux/patches/pf.patch [2] http://lists.freebsd.org/pipermail/freebsd-current/2004-April/025886.html -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > From owner-freebsd-net@FreeBSD.ORG Tue May 10 23:18:37 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2190B16A4CE for ; Tue, 10 May 2005 23:18:37 +0000 (GMT) Received: from arginine.spc.org (arginine.spc.org [83.167.185.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3FECD43D4C for ; Tue, 10 May 2005 23:18:36 +0000 (GMT) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 687D565218; Wed, 11 May 2005 00:17:24 +0100 (BST) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 69446-03; Wed, 11 May 2005 00:17:24 +0100 (BST) Received: from empiric.dek.spc.org (82-35-116-62.cable.ubr07.dals.blueyonder.co.uk [82.35.116.62]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 9ADB565216; Wed, 11 May 2005 00:17:22 +0100 (BST) Received: by empiric.dek.spc.org (Postfix, from userid 1001) id 87B79625F; Wed, 11 May 2005 00:18:31 +0100 (BST) Date: Wed, 11 May 2005 00:18:31 +0100 From: Bruce M Simpson To: Jeremie Le Hen Message-ID: <20050510231831.GA729@empiric.icir.org> Mail-Followup-To: Jeremie Le Hen , Maksim Yevmenkin , freebsd-net@freebsd.org, yongari@rndsoft.co.kr References: <20050510004847.GA4990@rndsoft.co.kr> <4280F1C6.2030009@savvis.net> <20050510222549.GP91329@obiwan.tataz.chchile.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050510222549.GP91329@obiwan.tataz.chchile.org> cc: freebsd-net@freebsd.org cc: yongari@rndsoft.co.kr Subject: Re: [PATCH] Re: tap interface and locally generated packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 May 2005 23:18:37 -0000 On Wed, May 11, 2005 at 12:25:49AM +0200, Jeremie Le Hen wrote: > This is a little bit off-topic but I strongly support import of > if_bridge(4). AFAIK the latter supports spanning-tree protocol whereas > our bridge(4) doesn't. We're working on it. BMS From owner-freebsd-net@FreeBSD.ORG Wed May 11 00:03:43 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 961D516A4CE for ; Wed, 11 May 2005 00:03:43 +0000 (GMT) Received: from mail.iinet.net.au (mail-04.iinet.net.au [203.59.3.36]) by mx1.FreeBSD.org (Postfix) with SMTP id 241B443D5F for ; Wed, 11 May 2005 00:03:42 +0000 (GMT) (envelope-from julian@elischer.org) Received: (qmail 27604 invoked from network); 11 May 2005 00:03:41 -0000 Received: from unknown (HELO ?10.1.1.2?) (203.59.240.134) by mail.iinet.net.au with SMTP; 11 May 2005 00:03:41 -0000 Message-ID: <42814BDB.6000008@elischer.org> Date: Tue, 10 May 2005 17:03:39 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050424 X-Accept-Language: en, hu MIME-Version: 1.0 To: Maksim Yevmenkin References: <20050510004847.GA4990@rndsoft.co.kr> <4280F1C6.2030009@savvis.net> In-Reply-To: <4280F1C6.2030009@savvis.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: yongari@rndsoft.co.kr Subject: Re: [PATCH] Re: tap interface and locally generated packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2005 00:03:43 -0000 Maksim Yevmenkin wrote: > Pyun, > >> I can't sure but bridge(4) seems to have checksum related issues. >> Here is my theory. >> >> Interface A : H/W checksum offloading supported, Have IP address >> Interface B : no H/W checksum offloading, No IP address assigned >> Gateway : 192.168.10.1 >> >> >> | Bridge >> +---------------------------+ >> | | >> Interface A Interface B >> IP address 192.168.10.5 | >> | | >> | | >> | Gateway | 192.168.10.0/24 >> >> >> If one of client in 192.168.10.0/24 connects to bridged host >> IP(192.168.10.5) >> it would get corrupted checksummed packet. Since the interface selected >> in ip_ouput(), interface A, will indicate HWCSUM offloading ip_output >> just pass the packet down to the ethernet layer. But in brdige it would >> be rerouted to interface B. > > > well, i sort of said the same thing in my previous email to Patrick. > >> As you noted I think it's not fault of tap(4). It seems that the correct >> solution would do S/W checksumming for all bridged interfaces in >> ip_output. However it's not easy to know the interface selected in >> ip_output is one of bridged interfaces(lack of if_bridge member >> in struct ifnet). So I think this is another reason FreeBSD should >> import OpenBSD/NetBSD bridge driver. > > > i think we all agree that there is a problem. the problem is: bridge(4) > assumes that _all_ interfaces in a cluster have _the_same_ hardware > capabilities (checksum offloading). if at least one interface in a > cluster has different capabilities then you are going to have a problem. > > now i'm not sure this assumption if flawed. it is certainly not obvious > from the bridge(4) man page and i do not recall seeing this documented > anywhere. it is not that hard to use the same type of ethernet cards in > one machine. especially when all modern server motherboards ships with > two (or more) on-board ethernet cards. > > Patrick observed one corner case of the problem where one of the > interfaces in the bridge happens to be tap(4). in his case other > (physical) interface is loaded and turning hardware checksumming off > will increase cpu load. my tap(4) patch is a hack, and it only works for > ip checksumming. note that some cards can do udp/tcp checksums as well. > imo, implementing similar hacks for all ethernet drivers (that do not > support hardware checksumming) is wrong. like you said it has to be done > at bridge level. > > if you think that porting OpenBSD/NetBSD bridge driver is a good idea > you are welcome to submit the patches. imo, it should be possible to fix > this in our current bridge(4) implementation. bridge(4) knows where > packet is coming from and going to. it could check hardware capabilities > of the destination interface and calculate checksums if needed. > > thanks, > max the negraph bridge could also be modified to do this.. > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Wed May 11 09:06:59 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 39CE516A4CE for ; Wed, 11 May 2005 09:06:59 +0000 (GMT) Received: from antsrv1.ant.uni-bremen.de (antsrv2.ant.uni-bremen.de [134.102.176.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id A54CC43D45 for ; Wed, 11 May 2005 09:06:57 +0000 (GMT) (envelope-from rebehn@ant.uni-bremen.de) Received: from bremerhaven.ant.uni-bremen.de ([134.102.176.10]) by antsrv2.ant.uni-bremen.de with esmtp (Exim 4.42) id 1DVnB8-0008Fl-0R; Wed, 11 May 2005 11:06:54 +0200 Message-ID: <4281CB3A.6080901@ant.uni-bremen.de> Date: Wed, 11 May 2005 11:07:06 +0200 From: Heinrich Rebehn User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050420 Debian/1.7.7-2 X-Accept-Language: en MIME-Version: 1.0 To: Mohan Srinivasan References: <20050510201204.57969.qmail@web80602.mail.yahoo.com> In-Reply-To: <20050510201204.57969.qmail@web80602.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "antsrv2.ant.uni-bremen.de", hasmessageblock similar future email. If you have any questions, see the administrator of that system for details.are very likely unrelated to the hangs. > > nfs_rephead() is called (via the contorted macros nfsm_reply() and > friends) from the NFS server routines in nfs_serv.c. The error > that was returned by the vnode op called is passed into > nfs_rephead(), whence it gets into the NFS reply. The fact that > you see these errors go up is not abnormal. In your case, over > 90% of these errors are ENOENT. > > Are you using NFS/TCP ? Can you force the mount to NFS/UDP ? [...] Content analysis details: (0.0 points, 5.0 required) pts rule name description -------------------------------------------------- cc: freebsd-net@freebsd.org Subject: Re: nfsrvstats.srvrpc_errs rapidly increasing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2005 09:06:59 -0000 Mohan Srinivasan wrote: > Hi, > > The srvrcp_errs are very likely unrelated to the hangs. > > nfs_rephead() is called (via the contorted macros nfsm_reply() and > friends) from the NFS server routines in nfs_serv.c. The error > that was returned by the vnode op called is passed into > nfs_rephead(), whence it gets into the NFS reply. The fact that > you see these errors go up is not abnormal. In your case, over > 90% of these errors are ENOENT. > > Are you using NFS/TCP ? Can you force the mount to NFS/UDP ? Yes, we use TCP. It is strongly recommended for multispeed networks and we did have problems with retransmissions using UDP. Also, in order to change to UDP for testing purposes, we would have to reboot our entire Linux cluster, which is hardly feasible. > I have seen a bug in the FreeBSD 5.x NFS server, where in the > NFS/TCP case, the stream gets out of sync. This results in the > RPC record markers to be completely wrong, confusing clients. > Now, I don't know if this bug can cause the Linux client to hang > or not, but this is definitely worth eliminating as a factor. > The FreeBSD NFS client recovers from this by tearing down the > connection and reconnecting, other clients may behave strangely. Wouldn't it be better to fix the bug? Is there a problem report on this? Some more info on my original problem: We have diskless Linux clients that mount their root fs from the FBSD server. Most times this works, but sometimes the mount simply hangs and i have to issue a "/etc/rc.d/nfsd restart" on the server. Any thoughts on this? --Heinrich From owner-freebsd-net@FreeBSD.ORG Wed May 11 14:43:22 2005 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A07116A4D1; Wed, 11 May 2005 14:43:22 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 20F1343D64; Wed, 11 May 2005 14:43:22 +0000 (GMT) (envelope-from gnn@FreeBSD.org) Received: from freefall.freebsd.org (gnn@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j4BEhMA2083870; Wed, 11 May 2005 14:43:22 GMT (envelope-from gnn@freefall.freebsd.org) Received: (from gnn@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j4BEhLXh083866; Wed, 11 May 2005 14:43:21 GMT (envelope-from gnn) Date: Wed, 11 May 2005 14:43:21 GMT From: "George V. Neville-Neil" Message-Id: <200505111443.j4BEhLXh083866@freefall.freebsd.org> To: gnn@FreeBSD.org, freebsd-net@FreeBSD.org, gnn@freebsd.org Subject: Re: kern/76432: [patch] [net/route.h] recursive locking in the network stack X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2005 14:43:22 -0000 Synopsis: [patch] [net/route.h] recursive locking in the network stack Responsible-Changed-From-To: freebsd-net->gnn@freebsd.org Responsible-Changed-By: gnn Responsible-Changed-When: Wed May 11 14:42:34 GMT 2005 Responsible-Changed-Why: Taking this to try to fix it. http://www.freebsd.org/cgi/query-pr.cgi?pr=76432 From owner-freebsd-net@FreeBSD.ORG Wed May 11 14:53:50 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD8A216A4CE for ; Wed, 11 May 2005 14:53:50 +0000 (GMT) Received: from web80603.mail.yahoo.com (web80603.mail.yahoo.com [66.218.79.92]) by mx1.FreeBSD.org (Postfix) with SMTP id 97E4743D1D for ; Wed, 11 May 2005 14:53:50 +0000 (GMT) (envelope-from mohan_srinivasan@yahoo.com) Message-ID: <20050511145350.9924.qmail@web80603.mail.yahoo.com> Received: from [64.165.201.18] by web80603.mail.yahoo.com via HTTP; Wed, 11 May 2005 07:53:50 PDT Date: Wed, 11 May 2005 07:53:50 -0700 (PDT) From: Mohan Srinivasan To: Heinrich Rebehn In-Reply-To: 6667 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-net@freebsd.org Subject: Re: nfsrvstats.srvrpc_errs rapidly increasing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2005 14:53:50 -0000 > > Are you using NFS/TCP ? Can you force the mount to NFS/UDP ? > > Yes, we use TCP. It is strongly recommended for multispeed networks and > we did have problems with retransmissions using UDP. I'm not disputing the merits of NFS/TCP. I suggested this merely as a workaround, and to see if the bug in question is causing the hangs. > Wouldn't it be better to fix the bug? Is there a problem report on this? Of course it would be better to fix the bug. But until someone fixes it... There's no problem report on this. I can only speculate as to why the restart clears this up. The restart shuts down existing NFS/TCP connections. This will force the client to reconnect, causing it to recover. mohan From owner-freebsd-net@FreeBSD.ORG Wed May 11 21:24:48 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C9B5116A4CE for ; Wed, 11 May 2005 21:24:48 +0000 (GMT) Received: from smtp100.rog.mail.re2.yahoo.com (smtp100.rog.mail.re2.yahoo.com [206.190.36.78]) by mx1.FreeBSD.org (Postfix) with SMTP id 43BB143D5A for ; Wed, 11 May 2005 21:24:48 +0000 (GMT) (envelope-from mikej@rogers.com) Received: from unknown (HELO 172.16.0.1) (mikej@69.193.222.195 with login) by smtp100.rog.mail.re2.yahoo.com with SMTP; 11 May 2005 21:24:47 -0000 Received: from 172.16.0.199 (SquirrelMail authenticated user mikej) by 172.16.0.1 with HTTP; Wed, 11 May 2005 17:24:41 -0400 (EDT) Message-ID: <1318.172.16.0.199.1115846681.squirrel@172.16.0.1> In-Reply-To: <20050507043712.GB28373@xor.obsecurity.org> References: <20050505133250.GA73885@us.svf.stuba.sk> <20050506065950.GA1999@us.svf.stuba.sk> <20050507043712.GB28373@xor.obsecurity.org> Date: Wed, 11 May 2005 17:24:41 -0400 (EDT) From: "Mike Jakubik" To: "Kris Kennaway" User-Agent: SquirrelMail/1.5.1 [CVS] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org cc: Marian Durkovic Subject: Re: SOLVED: Degraded TCP performace on Intel PRO/1000 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2005 21:24:48 -0000 On Sat, May 7, 2005 12:37 am, Kris Kennaway said: > On Fri, May 06, 2005 at 08:59:50AM +0200, Marian Durkovic wrote: > >> Hi all, >> >> >> >> seems we've found the problem. The performance degradation was >> happening it the TX path, due to insufficient setting of TX packet >> buffer FIFO on the chip. >> >> To achieve wirespeed performance, the TX FIFO must be large enough to >> accomodate 2 jumbo packets (not just 1 as the driver was assuming). There >> was also a typo in the driver, causing the PBA tuning on most cards to >> be non-functional. >> >> Due to above limitation, the 82547 chipset (featuring only 40 KB of >> RX/TX FIFO) only supports wirespeed tranfers upto 8 KB TCP payload >> (MTU 9000 bytes). >> >> >> Please be sure to use em driver version 1.7.41 or newer, either from >> the CVS (branch RELENG_4_11) or from Intel's downloads. > > Does this also apply to 5.x and above? If no-one else responds in the > next few days, can you please submit the patch in PR so it does not get > lost? > > Kris Any luck submitting the patch for this? I looked at Intels website, and the latest drive for FreeBSD 4.7 is 1.7.35. Which is what is also used on -CURRENT now. They also state "Development is no longer taking place on this driver. For the latest development driver for FreeBSD* 5.3 or above, please download em-2.0.5.a.tar.gz." However there is no link provided for this driver. Am i just looking in the wrong place? Thanks. From owner-freebsd-net@FreeBSD.ORG Wed May 11 22:38:45 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 64FD516A4F3 for ; Wed, 11 May 2005 22:38:45 +0000 (GMT) Received: from smtp105.rog.mail.re2.yahoo.com (smtp105.rog.mail.re2.yahoo.com [206.190.36.83]) by mx1.FreeBSD.org (Postfix) with SMTP id CA39F43D31 for ; Wed, 11 May 2005 22:38:44 +0000 (GMT) (envelope-from mikej@rogers.com) Received: from unknown (HELO 172.16.0.1) (mikej@69.193.222.195 with login) by smtp105.rog.mail.re2.yahoo.com with SMTP; 11 May 2005 22:38:44 -0000 Received: from 172.16.0.199 (SquirrelMail authenticated user mikej) by 172.16.0.1 with HTTP; Wed, 11 May 2005 18:38:48 -0400 (EDT) Message-ID: <1424.172.16.0.199.1115851128.squirrel@172.16.0.1> In-Reply-To: <1318.172.16.0.199.1115846681.squirrel@172.16.0.1> References: <20050505133250.GA73885@us.svf.stuba.sk> <20050506065950.GA1999@us.svf.stuba.sk> <20050507043712.GB28373@xor.obsecurity.org> <1318.172.16.0.199.1115846681.squirrel@172.16.0.1> Date: Wed, 11 May 2005 18:38:48 -0400 (EDT) From: "Mike Jakubik" To: "Kris Kennaway" , "Marian Durkovic" User-Agent: SquirrelMail/1.5.1 [CVS] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org Subject: Re: SOLVED: Degraded TCP performace on Intel PRO/1000 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2005 22:38:45 -0000 On Wed, May 11, 2005 5:24 pm, Mike Jakubik said: > Any luck submitting the patch for this? I looked at Intels website, and > the latest drive for FreeBSD 4.7 is 1.7.35. Which is what is also used on > -CURRENT now. They also state "Development is no longer taking place on > this driver. For the latest development driver for FreeBSD* 5.3 or above, > please download em-2.0.5.a.tar.gz." However there is no link provided for > this driver. Am i just looking in the wrong place? Just as a follow up. I managed to find version 2.1.7 of the driver for FreeBSD 5.3+ on Intels site. I have sucessfully compiled it in to the kernel, the following are some quick netio benchmarks i took, between my two machines. They both use the PRO/1000 M card, connected via a cross over cable. em0: port 0x9000-0x903f mem 0xe3000000-0xe301ffff,0xe2800000-0xe281ffff irq 12 at device 10.0 on pci0 >From FBSD 6-CURRENT to Windows XP (netio server) TCP/IP connection established. Packet size 1 KByte: 41425 KByte/s Packet size 2 KByte: 42837 KByte/s Packet size 4 KByte: 42904 KByte/s Packet size 8 KByte: 42769 KByte/s Packet size 16 KByte: 42084 KByte/s Packet size 32 KByte: 42684 KByte/s >From Windows XP to FBSD 6-CURRENT (netio server) TCP/IP connection established. Packet size 1 KByte: 19403 KByte/s Packet size 2 KByte: 20918 KByte/s Packet size 4 KByte: 22498 KByte/s Packet size 8 KByte: 21246 KByte/s Packet size 16 KByte: 24778 KByte/s Packet size 32 KByte: 25237 KByte/s Seems like i am getting half the performance when sending to the fbsd box. Also, enabling jumbo frames does not help, and sometimes even yields slightly slower results. The other thing that has me puzzled is the MTU size the fbsd and windows drivers take. The fbsd driver states a maximum of 16114, while the windows driver allows up to 16128. Is the fbsd driver including the header information in the MTU size? The Windows driver states that it is not. Thanks. From owner-freebsd-net@FreeBSD.ORG Thu May 12 01:23:44 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F4CB16A53D for ; Thu, 12 May 2005 01:23:44 +0000 (GMT) Received: from mail-relay1.yahoo.com (mail-relay1.yahoo.com [216.145.48.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 350CB43D75 for ; Thu, 12 May 2005 01:23:43 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com [216.145.48.98])j4C1Ngxv039252 for ; Wed, 11 May 2005 18:23:42 -0700 (PDT) Date: Wed, 11 May 2005 21:23:45 -0400 Message-ID: From: gnn@freebsd.org To: freebsd-net@freebsd.org User-Agent: Wanderlust/2.12.0 (Your Wildest Dreams) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.3.50 (powerpc-apple-darwin7.7.0) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Subject: Some notes on FAST_IPSEC... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 01:23:44 -0000 Hi Folks, A few of us chatted about FAST_IPSEC at BSDCan today and came up with the following task list that others might want to take a look at, comment on, and maybe do some work on: Tasks to update FAST_IPSec Add IPv6 support (2-3 weeks) Fix/update the compression code (< 1 week) Bringing other things up to date (i.e. NATT and Raccoon) PF_KEY separation to isolate PF_KEY from IPSec code SDB APIs are insufficient and need to be able to do things like bulk operations In order to test IPSec you need to set up tunnels, of course, but the most bugs are found by setting up the timers to recycle SAs really fast. Those who were there can correct/add to this list but I think this encapsulates the thinking from today, most of which was courtesy of Sam Leffler. Time estimates, of course, are subject to the Your Mileage May Vary and Murphy's principles :-) Later, George From owner-freebsd-net@FreeBSD.ORG Thu May 12 01:30:09 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5DD9C16A4D1 for ; Thu, 12 May 2005 01:30:09 +0000 (GMT) Received: from mail-relay1.yahoo.com (mail-relay1.yahoo.com [216.145.48.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id D82FD43D73 for ; Thu, 12 May 2005 01:30:08 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com [216.145.48.98])j4C1U4uB040021; Wed, 11 May 2005 18:30:05 -0700 (PDT) Date: Wed, 11 May 2005 21:30:07 -0400 Message-ID: From: gnn@freebsd.org To: kame References: User-Agent: Wanderlust/2.12.0 (Your Wildest Dreams) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.3.50 (powerpc-apple-darwin7.7.0) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: multipart/mixed; boundary="Multipart_Wed_May_11_21:30:07_2005-1" cc: freebsd-net@freebsd.org cc: Mark Klein Subject: Forward: Page Fault in in6_purgeaddr X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 01:30:09 -0000 --Multipart_Wed_May_11_21:30:07_2005-1 Content-Type: text/plain; charset=US-ASCII Forwarded to the kame folks as well as they might have already fixed this in their own code. Can you tell us what else is going on when this happens? Is it random? Thanks, George --Multipart_Wed_May_11_21:30:07_2005-1 Content-Type: message/rfc822 Delivered-To: freebsd-net@freebsd.org From: "Mark Klein" To: Date: Wed, 11 May 2005 15:21:49 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Importance: Normal Subject: Page Fault in in6_purgeaddr X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: owner-freebsd-net@FreeBSD.org Errors-To: owner-freebsd-net@FreeBSD.org X-DCC-meer-Metrics: inbound0.mv.meer.net 1011; Body=2 Fuz1=2 Fuz2=2 I've recently been experiencing a panic that has quickly grown beyond my capabilities to debug. Any help is greatly appreciated. Please see: http://www.dis.com/freebsd.1.html -- Mark Klein PGP Key Available www.dis.com _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" --Multipart_Wed_May_11_21:30:07_2005-1-- From owner-freebsd-net@FreeBSD.ORG Thu May 12 01:41:02 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CFE5516A4CE for ; Thu, 12 May 2005 01:41:02 +0000 (GMT) Received: from papa.tanu.org (kame195.kame.net [203.178.141.195]) by mx1.FreeBSD.org (Postfix) with ESMTP id B930543D62 for ; Thu, 12 May 2005 01:40:57 +0000 (GMT) (envelope-from sakane@kame.net) Received: from localhost (ZH086126.ppp.dion.ne.jp [222.3.86.126]) by papa.tanu.org (8.12.9/8.12.8) with ESMTP id j4C1fJu9037722 for ; Thu, 12 May 2005 10:41:20 +0900 (JST) (envelope-from sakane@kame.net) From: "mytrix" To: X-Mailer: Cue version 0.8 (050427-2145/sakane) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Message-Id: <20050512104052H.sakane@kame.net> Date: Thu, 12 May 2005 10:40:52 +0900 Sender: Shoichi Sakane X-Dispatcher: imput version 20050308(IM148) Lines: 9 X-Virus-Scanned: clamd / ClamAV version 0.75.1, clamav-milter version 0.75c on papa.tanu.org X-Virus-Status: Clean Subject: Re: L2TP/IPSec + Racoon X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 01:41:02 -0000 > I has been installed L2TP/IPSec + Racoon on fBSD 5.3. It works perfect but > there are some things, which i want to resolve. > > 1. I`m using for authentification of clients shared_key. But it has some > disadvantages. Clients are "road warrior" and it means, that i can`t know > their IP in advance. So, it`s any way, how can i add it to psk.txt file? I > test 0.0.0.0/0 SECRET_KEY, but it doesn`t work :(. don't use pre-shared key. or use aggressive mode. From owner-freebsd-net@FreeBSD.ORG Thu May 12 01:54:30 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3BC6616A4D1 for ; Thu, 12 May 2005 01:54:30 +0000 (GMT) Received: from relay03.pair.com (relay03.pair.com [209.68.5.17]) by mx1.FreeBSD.org (Postfix) with SMTP id 8A85E43D1D for ; Thu, 12 May 2005 01:54:29 +0000 (GMT) (envelope-from silby@silby.com) Received: (qmail 43963 invoked from network); 12 May 2005 01:54:28 -0000 Received: from unknown (HELO localhost) (unknown) by unknown with SMTP; 12 May 2005 01:54:28 -0000 X-pair-Authenticated: 209.68.2.70 Date: Wed, 11 May 2005 20:54:13 -0500 (CDT) From: Mike Silbersack To: Suleiman Souhlal In-Reply-To: <52F4D230-9D2D-4D75-93DC-FF54BB902D98@FreeBSD.org> Message-ID: <20050511205216.Q3724@odysseus.silby.com> References: <52F4D230-9D2D-4D75-93DC-FF54BB902D98@FreeBSD.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-net@FreeBSD.org cc: Gandalf The White Subject: Re: FreeBSD and the Rose Attack / NewDawn X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 01:54:30 -0000 On Sun, 8 May 2005, Suleiman Souhlal wrote: > The patch at http://people.freebsd.org/~ssouhlal/testing/ > ip_reass-20050507.diff does just this. > Could you kindly test it? > > Bye, > -- > Suleiman Souhlal | ssouhlal@vt.edu Your patch looks like it would defeat newdawn4, but it's not general enough to optimize for other possible attacks. I'll take a stab at implementing a more general solution tomorrow. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Thu May 12 02:17:59 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 70C2616A4D2 for ; Thu, 12 May 2005 02:17:59 +0000 (GMT) Received: from web53905.mail.yahoo.com (web53905.mail.yahoo.com [206.190.36.215]) by mx1.FreeBSD.org (Postfix) with SMTP id EEA2643D6D for ; Thu, 12 May 2005 02:17:58 +0000 (GMT) (envelope-from fetrovsky@yahoo.com) Received: (qmail 99521 invoked by uid 60001); 12 May 2005 02:17:58 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=tSDlD+c+6NWietrDi3BlKqP1CZkRyr46hMeLrvbHQeLqeYpdZFFLfjePwBZM3nxqnbWh4ZF2XJ0pj4U6jwl7sVNTBtMRYpouEr/450fd7+UoHTt55+vyNoYGZhCMTxGwFSv/qiD7jff8sw1S3up9O8XvcdOvzGSUsz2zOuoQxLI= ; Message-ID: <20050512021758.99519.qmail@web53905.mail.yahoo.com> Received: from [128.200.38.147] by web53905.mail.yahoo.com via HTTP; Wed, 11 May 2005 19:17:58 PDT Date: Wed, 11 May 2005 19:17:58 -0700 (PDT) From: Daniel Valencia To: freebsd-net@freebsd.org In-Reply-To: 6667 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: sending MAC packets --- again X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 02:17:59 -0000 Hello all, and thanks for your input. I was able to send packets using libnet, and i could confirm that the messages were propperly sent using tcpdump... Now I needed to read the packets from another node, so I tried libpcap... then the problem arised. It would wait for ages, even after I sent a few packets, and then it would suddenly output that it had captured a packet which would have nothing to do with the one that I sent. Has anyone in this list had any experience with libpcap over fbsd that can point me into the right direction? That would be greatly appreciated. Thank you very much!! - Daniel have fun --- Gandalf The White wrote: > Greetings and Salutations: > > On 5/3/05 7:33 PM, "Daniel Valencia" > wrote: > > I'm doing research on network-layer protocols, so > I > > need a way to send packets straight into layer 2. > So > > far i've been reffered to raw sockets, but i've > read > > the code and i cannot skip header checking and > that > > stuff... Is there a way to interact with the > network > > if in a way that I can get network parameters > (mtu, > > etc.) and send packets (specify destination mac > > address and payload)?? > > Thank you > > - Daniel > > Try netwib/netwox/netwag. Netwag has a nice GUI: > http://www.laurentconstantin.com/en/ > > Ken > > --------------------------------------------------------------- > Do not meddle in the affairs of wizards for they are > subtle and > quick to anger. > Ken Hollis - Gandalf The White - gandalf@digital.net > - O- TINLC > WWW Page - http://digital.net/~gandalf/ > Trace E-Mail forgery - > http://digital.net/~gandalf/spamfaq.html > Trolls crossposts - > http://digital.net/~gandalf/trollfaq.html > > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-net@FreeBSD.ORG Thu May 12 02:30:53 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5CEFC16A4CE for ; Thu, 12 May 2005 02:30:53 +0000 (GMT) Received: from web53901.mail.yahoo.com (web53901.mail.yahoo.com [206.190.36.211]) by mx1.FreeBSD.org (Postfix) with SMTP id D9FD543D2F for ; Thu, 12 May 2005 02:30:52 +0000 (GMT) (envelope-from fetrovsky@yahoo.com) Received: (qmail 27333 invoked by uid 60001); 12 May 2005 02:30:52 -0000 Message-ID: <20050512023052.27331.qmail@web53901.mail.yahoo.com> Received: from [128.200.38.147] by web53901.mail.yahoo.com via HTTP; Wed, 11 May 2005 19:30:52 PDT Date: Wed, 11 May 2005 19:30:52 -0700 (PDT) From: Daniel Valencia To: freebsd-net@freebsd.org In-Reply-To: 6667 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: sending MAC packets --- again X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 02:30:53 -0000 Uhmm... About my previous message, I think that the problem is that i'm using a switch, where I thought I had a hub... If I'm sending ethernet broadcast packets... will they be forwarded to all the ports of a switch?? Probably the answer is No, and that's why I'm getting that behaviour Thank you very much!! - Daniel have fun --- Daniel Valencia wrote: > > Hello all, and thanks for your input. > > I was able to send packets using libnet, and i could > confirm that the messages were propperly sent using > tcpdump... Now I needed to read the packets from > another node, so I tried libpcap... then the problem > arised. It would wait for ages, even after I sent a > few packets, and then it would suddenly output that > it > had captured a packet which would have nothing to do > with the one that I sent. > > Has anyone in this list had any experience with > libpcap over fbsd that can point me into the right > direction? > > That would be greatly appreciated. > > Thank you very much!! > > - Daniel > > have fun > > > > --- Gandalf The White wrote: > > Greetings and Salutations: > > > > On 5/3/05 7:33 PM, "Daniel Valencia" > > wrote: > > > I'm doing research on network-layer protocols, > so > > I > > > need a way to send packets straight into layer > 2. > > So > > > far i've been reffered to raw sockets, but i've > > read > > > the code and i cannot skip header checking and > > that > > > stuff... Is there a way to interact with the > > network > > > if in a way that I can get network parameters > > (mtu, > > > etc.) and send packets (specify destination mac > > > address and payload)?? > > > Thank you > > > - Daniel > > > > Try netwib/netwox/netwag. Netwag has a nice GUI: > > http://www.laurentconstantin.com/en/ > > > > Ken > > > > > --------------------------------------------------------------- > > Do not meddle in the affairs of wizards for they > are > > subtle and > > quick to anger. > > Ken Hollis - Gandalf The White - > gandalf@digital.net > > - O- TINLC > > WWW Page - http://digital.net/~gandalf/ > > Trace E-Mail forgery - > > http://digital.net/~gandalf/spamfaq.html > > Trolls crossposts - > > http://digital.net/~gandalf/trollfaq.html > > > > > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam > protection around > http://mail.yahoo.com > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to > "freebsd-net-unsubscribe@freebsd.org" > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-net@FreeBSD.ORG Thu May 12 03:00:36 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F8CC16A4CE for ; Thu, 12 May 2005 03:00:36 +0000 (GMT) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id D15CF43D78 for ; Thu, 12 May 2005 03:00:35 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id 3FA7B5E5E; Wed, 11 May 2005 23:00:35 -0400 (EDT) Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00466-03; Wed, 11 May 2005 23:00:32 -0400 (EDT) Received: from [192.168.1.3] (pool-68-161-53-96.ny325.east.verizon.net [68.161.53.96]) by pi.codefab.com (Postfix) with ESMTP id F2FB45E5C; Wed, 11 May 2005 23:00:31 -0400 (EDT) Message-ID: <4282C6C8.7010209@mac.com> Date: Wed, 11 May 2005 23:00:24 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Daniel Valencia References: <20050512021758.99519.qmail@web53905.mail.yahoo.com> In-Reply-To: <20050512021758.99519.qmail@web53905.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at codefab.com cc: freebsd-net@freebsd.org Subject: Re: sending MAC packets --- again X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 03:00:36 -0000 Daniel Valencia wrote: [ ...pcap delays... ] > Has anyone in this list had any experience with > libpcap over fbsd that can point me into the right > direction? Sure. Are you trying to use non-blocking mode of PCAP by any chance? I found that to be fairly busted on FreeBSD and would drop lots of packets, just as you've described. PCAP timeouts in blocking mode also seem to not work very well, in the sense that the timeout starts after the first packet is received. I've got a code snippet handy: /* This routine obtains a list of all of the network interfaces on the machine * for each interface found, check to see whether the interface is UP and * whether the user wants this interface to be used. If so, open the packet * capture interface and add this (struct interface) to IFL. */ void init_interfaces() { struct ifaddrs *if_ptr; char *name; u_int flags; struct interface *new; [ ... ] LIST_INIT(&IFL); if (getifaddrs(&ifap) == -1) { fatal(strerror(errno)); /*NOTREACHED*/ } /* iterate over the list of interfaces on the machine */ for (if_ptr = ifap; if_ptr; if_ptr = if_ptr->ifa_next) { name = if_ptr->ifa_name; flags = if_ptr->ifa_flags; /* check that the interface is UP before we try to use it */ if (!(flags & IFF_UP)) continue; switch (if_ptr->ifa_addr->sa_family) { case AF_INET: /* check whether the user specified this interface */ if (check_interface(name)) { new = calloc(1, sizeof(struct interface)); if (!new) fatal("can't calloc() interface structure"); new->name = name; new->addr = (struct sockaddr_in *)if_ptr->ifa_addr; [ ... ] new->pcap_fd = pcap_open_live(name, CAPSIZE, 1, 50, errbuf); if (new->pcap_fd == 0) { logwarn("init_interfaces(): error calling pcap_open_live():\n"); fatal(errbuf); /*NOTREACHED*/ } #if 0 /* XXX: non-blocking mode seems to drop lots of packets, don't use */ if (pcap_setnonblock(new->pcap_fd, 1, errbuf) == -1) { loginfo("init_interfaces(): pcap_setnonblock failed!\n"); fatal(errbuf); } #endif [ ... ] -- -Chuck From owner-freebsd-net@FreeBSD.ORG Thu May 12 03:04:20 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0515116A4CE for ; Thu, 12 May 2005 03:04:20 +0000 (GMT) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9E31743D49 for ; Thu, 12 May 2005 03:04:19 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id 3355B5D16; Wed, 11 May 2005 23:04:19 -0400 (EDT) Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00465-06; Wed, 11 May 2005 23:04:18 -0400 (EDT) Received: from [192.168.1.3] (pool-68-161-53-96.ny325.east.verizon.net [68.161.53.96]) by pi.codefab.com (Postfix) with ESMTP id 6912E5CAF; Wed, 11 May 2005 23:04:18 -0400 (EDT) Message-ID: <4282C7AA.6070508@mac.com> Date: Wed, 11 May 2005 23:04:10 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Daniel Valencia References: <20050512023052.27331.qmail@web53901.mail.yahoo.com> In-Reply-To: <20050512023052.27331.qmail@web53901.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at codefab.com cc: freebsd-net@freebsd.org Subject: Re: sending MAC packets --- again X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 03:04:20 -0000 Daniel Valencia wrote: > About my previous message, I think that the problem is > that i'm using a switch, where I thought I had a > hub... If I'm sending ethernet broadcast packets... > will they be forwarded to all the ports of a switch?? Broadcast packets will go to all the ports on a switch. They'd have to, or else ARP and IP conflict detection wouldn't work. Nevertheless, your packet capturing experience will be happier if you use a hub, or else configure the switches' "monitor port" to be the port the sniffing box is listening on, assuming your switch supports this capability. -- -Chuck From owner-freebsd-net@FreeBSD.ORG Thu May 12 03:46:43 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C77B216A4CE; Thu, 12 May 2005 03:46:43 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id A15ED43D73; Thu, 12 May 2005 03:46:43 +0000 (GMT) (envelope-from qingli@FreeBSD.org) Received: from freefall.freebsd.org (qingli@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j4C3khKT092765; Thu, 12 May 2005 03:46:43 GMT (envelope-from qingli@freefall.freebsd.org) Received: (from qingli@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j4C3kh80092764; Thu, 12 May 2005 03:46:43 GMT (envelope-from qingli) Date: Thu, 12 May 2005 03:46:43 GMT From: Qing Li Message-Id: <200505120346.j4C3kh80092764@freefall.freebsd.org> To: gnn@freebsd.org cc: freebsd-net@freebsd.org Subject: Re: Some notes on FAST_IPSEC... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 03:46:43 -0000 Hi, I'd like to volunteer for > > Tasks to update FAST_IPSec > Add IPv6 support (2-3 weeks) > unless someone else has already claimed ownership. I can also help out on the racoon side so feel free to put my name down on that list. Thanks, -- Qing From owner-freebsd-net@FreeBSD.ORG Thu May 12 03:48:39 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1F9ED16A4CE for ; Thu, 12 May 2005 03:48:39 +0000 (GMT) Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [202.249.10.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7884043D75 for ; Thu, 12 May 2005 03:48:38 +0000 (GMT) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from ocean.jinmei.org (unknown [2001:200:0:8002:200:39ff:fed7:e2e4]) by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP id 50B6C15210; Thu, 12 May 2005 12:50:28 +0900 (JST) Date: Thu, 12 May 2005 12:49:30 +0900 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: "Mark Klein" In-Reply-To: References: User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI) Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan. MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Page Fault in in6_purgeaddr X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 03:48:39 -0000 >>>>> On Wed, 11 May 2005 15:21:49 -0700, >>>>> "Mark Klein" said: > I've recently been experiencing a panic that has quickly grown > beyond my capabilities to debug. Any help is greatly appreciated. > Please see: > http://www.dis.com/freebsd.1.html I cannot reach the web site. If possible, could you post the details to the mailing list? JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp From owner-freebsd-net@FreeBSD.ORG Thu May 12 05:30:12 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6797516A4CE; Thu, 12 May 2005 05:30:12 +0000 (GMT) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 64E2E43D8C; Thu, 12 May 2005 05:30:09 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 7370C1FF9A6; Thu, 12 May 2005 07:30:07 +0200 (CEST) Received: by transport.cksoft.de (Postfix, from userid 66) id 2FFF21FF91D; Thu, 12 May 2005 07:30:05 +0200 (CEST) Received: by mail.int.zabbadoz.net (Postfix, from userid 1060) id D669615851; Thu, 12 May 2005 05:25:24 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.int.zabbadoz.net (Postfix) with ESMTP id D3DC215850; Thu, 12 May 2005 05:25:24 +0000 (UTC) Date: Thu, 12 May 2005 05:25:24 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net To: Qing Li In-Reply-To: <200505120346.j4C3kh80092764@freefall.freebsd.org> Message-ID: References: <200505120346.j4C3kh80092764@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de cc: gnn@freebsd.org cc: freebsd-net@freebsd.org Subject: Re: Some notes on FAST_IPSEC... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 05:30:12 -0000 On Thu, 12 May 2005, Qing Li wrote: Hi, > I'd like to volunteer for > > > > > Tasks to update FAST_IPSec > > Add IPv6 support (2-3 weeks) > > > > unless someone else has already claimed ownership. > > I can also help out on the racoon side so feel > free to put my name down on that list. from skipping through racoon-ml from time to time I think racoon got announced as 0xdead project and one should switch to ipsec-tools? -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT From owner-freebsd-net@FreeBSD.ORG Thu May 12 05:43:23 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B6B1C16A4CE for ; Thu, 12 May 2005 05:43:23 +0000 (GMT) Received: from webmail4.sea5.speakeasy.net (webmail4.speakeasy.net [69.17.117.51]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6513243D6E for ; Thu, 12 May 2005 05:43:23 +0000 (GMT) (envelope-from qingli@speakeasy.net) Received: (qmail 28051 invoked from network); 12 May 2005 05:43:22 -0000 Received: from localhost (HELO webmail4) ([127.0.0.1]) (envelope-sender ) by localhost (qmail-ldap-1.03) with SMTP for ; 12 May 2005 05:43:22 -0000 Received: from 64.81.51.206 (unverified [64.81.51.206]) by webmail4 (VisualMail 4.0) with WEBMAIL id 31499; Thu, 12 May 2005 05:43:22 +0000 From: "Qing Li" To: "Bjoern A. Zeeb" , "Qing Li" Importance: Normal Sensitivity: Normal Message-ID: X-Mailer: Mintersoft VisualMail, Build 4.0.111601 X-Originating-IP: [64.81.51.206] Date: Thu, 12 May 2005 05:43:22 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit cc: gnn@freebsd.org cc: freebsd-net@freebsd.org Subject: Re: Some notes on FAST_IPSEC... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 05:43:23 -0000 > > from skipping through racoon-ml from time to time I think racoon got > announced as 0xdead project and one should switch to ipsec-tools? > Right, I also read the announcement on the racoon ml on 4/21. I'm assuming George was referring to updating racoon in ports to a later version. After all if I'm not mistaken, the KAME version that shows up in sysctl in 5.4-RC1 still reads 2003-something. -- Qing From owner-freebsd-net@FreeBSD.ORG Thu May 12 05:46:34 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D95D16A4CE for ; Thu, 12 May 2005 05:46:34 +0000 (GMT) Received: from mail-relay1.yahoo.com (mail-relay1.yahoo.com [216.145.48.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 00AA343D41 for ; Thu, 12 May 2005 05:46:34 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com [216.145.48.98])j4C5kXDO065398 for ; Wed, 11 May 2005 22:46:33 -0700 (PDT) Date: Thu, 12 May 2005 01:46:37 -0400 Message-ID: From: gnn@FreeBSD.org To: freebsd-net@FreeBSD.org In-Reply-To: References: <200505120346.j4C3kh80092764@freefall.freebsd.org> User-Agent: Wanderlust/2.12.0 (Your Wildest Dreams) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.3.50 (powerpc-apple-darwin7.7.0) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Subject: Re: Some notes on FAST_IPSEC... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 05:46:34 -0000 At Thu, 12 May 2005 05:25:24 +0000 (UTC), Bjoern A. Zeeb wrote: > > On Thu, 12 May 2005, Qing Li wrote: > > Hi, > > > I'd like to volunteer for > > > > > > > > Tasks to update FAST_IPSec > > > Add IPv6 support (2-3 weeks) > > > > > > > unless someone else has already claimed ownership. > > > > I can also help out on the racoon side so feel > > free to put my name down on that list. > > from skipping through racoon-ml from time to time I think racoon got > announced as 0xdead project and one should switch to ipsec-tools? > Yes, the announcement can be found here: ftp://ftp.kame.net/pub/mail-list/snap-users/9012 Later, George From owner-freebsd-net@FreeBSD.ORG Thu May 12 05:47:41 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6EB3B16A4CE for ; Thu, 12 May 2005 05:47:41 +0000 (GMT) Received: from mail-relay1.yahoo.com (mail-relay1.yahoo.com [216.145.48.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3841143D70 for ; Thu, 12 May 2005 05:47:41 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com [216.145.48.98])j4C5le7C065493; Wed, 11 May 2005 22:47:40 -0700 (PDT) Date: Thu, 12 May 2005 01:47:44 -0400 Message-ID: From: gnn@freebsd.org To: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= In-Reply-To: References: User-Agent: Wanderlust/2.12.0 (Your Wildest Dreams) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.3.50 (powerpc-apple-darwin7.7.0) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Page Fault in in6_purgeaddr X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 05:47:41 -0000 At Thu, 12 May 2005 12:49:30 +0900, jinmei wrote: > > >>>>> On Wed, 11 May 2005 15:21:49 -0700, > >>>>> "Mark Klein" said: > > > I've recently been experiencing a panic that has quickly grown > > beyond my capabilities to debug. Any help is greatly appreciated. > > > Please see: > > > http://www.dis.com/freebsd.1.html > > I cannot reach the web site. If possible, could you post the details > to the mailing list? > I was able to reach the web site. The information is at the end of this email. Later, George (kgdb) bt #0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487 #1 0xc0244ca7 in boot (howto=0x104) at /usr/src/sys/kern/kern_shutdown.c:316 #2 0xc02450cc in poweroff_wait (junk=0xc0472d6c, howto=0xc047286f) at /usr/src/sys/kern/kern_shutdown.c:595 #3 0xc03d6a7e in trap_fatal (frame=0xc047bfa4, eva=0x10) at /usr/src/sys/i386/i386/trap.c:974 #4 0xc03d6751 in trap_pfault (frame=0xc047bfa4, usermode=0x0, eva=0x10) at /usr/src/sys/i386/i386/trap.c:867 #5 0xc03d630f in trap (frame={tf_fs = 0x10, tf_es = 0x10, tf_ds = 0x10, tf_edi = 0x1, tf_esi = 0x0, tf_ebp = 0xc047c03c, tf_isp = 0xc047bfd0, tf_ebx = 0x0, tf_edx = 0x20, tf_ecx = 0xb71, tf_eax = 0x0, tf_trapno = 0xc, tf_err = 0x0, tf_eip = 0xc038a63a, tf_cs = 0x8, tf_eflags = 0x10246, tf_esp = 0xc6219ac0, tf_ss = 0xc}) at /usr/src/sys/i386/i386/trap.c:466 #6 0xc038a63a in vnode_pager_generic_putpages (vp=0xc6219ac0, m=0xc047c0dc, bytecount=0x1000, flags=0xc, rtvals=0xc047c0ac) at /usr/src/sys/vm/vnode_pager.c:1034 #7 0xc0373b92 in ffs_putpages (ap=0xc047c070) at /usr/src/sys/ufs/ufs/ufs_readwrite.c:757 #8 0xc038a496 in vnode_pager_putpages (object=0xc63bb78c, m=0xc047c0dc, count=0x1, sync=0xc, rtvals=0xc047c0ac) at vnode_if.h:1147 #9 0xc0387414 in vm_pageout_flush (mc=0xc047c0dc, count=0x1, flags=0xc) at /usr/src/sys/vm/vm_pager.h:147 #10 0xc03849a6 in vm_object_page_collect_flush (object=0xc63bb78c, p=0xc08d21c4, curgeneration=0xa, pagerflags=0xc) at /usr/src/sys/vm/vm_object.c:806 #11 0xc03845a9 in vm_object_page_clean (object=0xc63bb78c, start=0x0, end=0x0, flags=0x4) at /usr/src/sys/vm/vm_object.c:605 #12 0xc0274b3d in vfs_msync (mp=0xc0d00600, flags=0x2) at /usr/src/sys/kern/vfs_subr.c:2731 #13 0xc0275b30 in sync (p=0xc04fa380, uap=0x0) at /usr/src/sys/kern/vfs_syscalls.c:582 #14 0xc0244a42 in boot (howto=0x100) at /usr/src/sys/kern/kern_shutdown.c:235 #15 0xc02450cc in poweroff_wait (junk=0xc0472d6c, howto=0xc047286f) at /usr/src/sys/kern/kern_shutdown.c:595 #16 0xc03d6a7e in trap_fatal (frame=0xc047c330, eva=0xe00cb362) at /usr/src/sys/i386/i386/trap.c:974 #17 0xc03d6751 in trap_pfault (frame=0xc047c330, usermode=0x0, eva=0xe00cb362) at /usr/src/sys/i386/i386/trap.c:867 #18 0xc03d630f in trap (frame={tf_fs = 0x10, tf_es = 0x10, tf_ds = 0x10, tf_edi = 0xe00cb340, tf_esi = 0xe00cb340, tf_ebp = 0xc047c378, tf_isp = 0xc047c35c, tf_ebx = 0xc04e1082, tf_edx = 0x5, tf_ecx = 0x4, tf_eax = 0x41, tf_trapno = 0xc, tf_err = 0x0, tf_eip = 0xc0290911, tf_cs = 0x8, tf_eflags = 0x10206, tf_esp = 0xc0cc7400, tf_ss = 0xc0cc7400}) at /usr/src/sys/i386/i386/trap.c:466 #19 0xc0290911 in if_name (ifp=0xe00cb340) at /usr/src/sys/net/net_osdep.c:62 #20 0xc02c5281 in in6_purgeaddr (ifa=0xc0cc7400) at /usr/src/sys/netinet6/in6.c:1186 #21 0xc02d4dfc in nd6_timer (ignored_arg=0x0) at /usr/src/sys/netinet6/nd6.c:584 #22 0xc024ad7d in softclock () at /usr/src/sys/kern/kern_timeout.c:131 #23 0xc03c97d3 in doreti_swi () (kgdb) frame 20 #20 0xc02c5281 in in6_purgeaddr (ifa=0xc0cc7400) at /usr/src/sys/netinet6/in6.c:1186 1186 log(LOG_ERR, "in6_purgeaddr: failed to remove " (kgdb) list 1158 /* 1159 * XXX: if a change of an existing address failed, keep the entry 1160 * anyway. 1161 */ 1162 if (hostIsNew) 1163 in6_unlink_ifa(ia, ifp); 1164 return(error); 1165 } 1166 1167 void 1168 in6_purgeaddr(ifa) 1169 struct ifaddr *ifa; 1170 { 1171 struct ifnet *ifp = ifa->ifa_ifp; 1172 struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa; 1173 1174 /* stop DAD processing */ 1175 nd6_dad_stop(ifa); 1176 1177 /* 1178 * delete route to the destination of the address being purged. 1179 * The interface must be p2p or loopback in this case. 1180 */ 1181 if ((ia->ia_flags & IFA_ROUTE) != 0 && ia->ia_dstaddr.sin6_len != 0) { 1182 int e; 1183 1184 if ((e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST)) 1185 != 0) { 1186 log(LOG_ERR, "in6_purgeaddr: failed to remove " 1187 "a route to the p2p destination: %s on %s, " 1188 "errno=%d\n", 1189 ip6_sprintf(&ia->ia_addr.sin6_addr), if_name(ifp), 1190 e); 1191 /* proceed anyway... */ 1192 } rtinit returned a non-zero status and is trying to log the error. if_name has caused the panic due to an invalid ifp. (kgdb) p *(struct ifaddr *) 0xc0cc7400 $24 = {ifa_addr = 0xc0cc747c, ifa_dstaddr = 0xc0cc74b4, ifa_netmask = 0xc0cc74d0, if_data = {ifi_type = 0x0, ifi_physical = 0x0, ifi_addrlen = 0x0, ifi_hdrlen = 0x0, ifi_recvquota = 0x0, ifi_xmitquota = 0x0, ifi_do_not_use = 0x0, ifi_datalen = 0x0, ifi_mtu = 0x0, ifi_metric = 0x0, ifi_baudrate = 0x0, ifi_ipackets = 0x0, ifi_ierrors = 0x0, ifi_opackets = 0x0, ifi_oerrors = 0x0, ifi_collisions = 0x0, ifi_ibytes = 0x0, ifi_obytes = 0x0, ifi_imcasts = 0x0, ifi_omcasts = 0x0, ifi_iqdrops = 0x0, ifi_noproto = 0x0, ifi_hwassist = 0x32510000, ifi_unused = 0xcde15366, ifi_lastchange = {tv_sec = 0xfcc0, tv_usec = 0x0}}, ifa_ifp = 0xe00cb340, ifa_link = {tqe_next = 0x3d928485, tqe_prev = 0xc0cd5ceb}, ifa_rtrequest = 0xc02d5408 , ifa_flags = 0x1, ifa_refcnt = 0x3, ifa_metric = 0x0, ifa_claim_addr = 0} (kgdb) p in6_addr No symbol "in6_addr" in current context. (kgdb) p in6_ifaddr $25 = (struct in6_ifaddr *) 0xc0cc7400 (kgdb) So, this is the first entry and it has expired. The ifa_ifp value is corrupted. This is quickly beyond my knowledge of networking. Any idea what might be going on? This is a remote machine, so I will have a hard time of trying to set it up for realtime debugging of the kernel until I can get back onsite. This has only recently started. It happened with 4.10 and I recently updated to 4.11 to see if it was fixed in that release. Please note that we ran for quite a while with 4.10 without this happening. Any suggestions are welcome! Thanks! Mark From owner-freebsd-net@FreeBSD.ORG Thu May 12 05:48:54 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 30E3B16A4CE for ; Thu, 12 May 2005 05:48:54 +0000 (GMT) Received: from mail-relay1.yahoo.com (mail-relay1.yahoo.com [216.145.48.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0ECC343D8A for ; Thu, 12 May 2005 05:48:54 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com [216.145.48.98])j4C5mrB9065591; Wed, 11 May 2005 22:48:53 -0700 (PDT) Date: Thu, 12 May 2005 01:48:57 -0400 Message-ID: From: gnn@FreeBSD.org To: "Qing Li" In-Reply-To: References: User-Agent: Wanderlust/2.12.0 (Your Wildest Dreams) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.3.50 (powerpc-apple-darwin7.7.0) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@FreeBSD.org Subject: Re: Some notes on FAST_IPSEC... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 05:48:54 -0000 At Thu, 12 May 2005 05:43:22 +0000, Qing Li wrote: > > > > > > from skipping through racoon-ml from time to time I think racoon got > > announced as 0xdead project and one should switch to ipsec-tools? > > > > Right, I also read the announcement on the racoon ml on 4/21. > I'm assuming George was referring to updating racoon in ports > to a later version. After all if I'm not mistaken, the KAME > version that shows up in sysctl in 5.4-RC1 still reads > 2003-something. No, it was an off the cuff comment during the discussion. We should, most likely, move to whatever is most current as our solution. Just my $0.02. Later, George From owner-freebsd-net@FreeBSD.ORG Thu May 12 06:08:12 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8193016A4D1 for ; Thu, 12 May 2005 06:08:12 +0000 (GMT) Received: from webmail4.sea5.speakeasy.net (webmail4.speakeasy.net [69.17.117.51]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2900943D8F for ; Thu, 12 May 2005 06:08:12 +0000 (GMT) (envelope-from qingli@speakeasy.net) Received: (qmail 26584 invoked from network); 12 May 2005 06:08:11 -0000 Received: from localhost (HELO webmail4) ([127.0.0.1]) (envelope-sender ) by localhost (qmail-ldap-1.03) with SMTP for ; 12 May 2005 06:08:11 -0000 Received: from 64.81.51.206 (unverified [64.81.51.206]) by webmail4 (VisualMail 4.0) with WEBMAIL id 6076; Thu, 12 May 2005 06:08:11 +0000 From: "Qing Li" To: gnn@FreeBSD.org, qingli@FreeBSD.org Importance: Normal Sensitivity: Normal Message-ID: X-Mailer: Mintersoft VisualMail, Build 4.0.111601 X-Originating-IP: [64.81.51.206] Date: Thu, 12 May 2005 06:08:11 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit cc: freebsd-net@FreeBSD.org Subject: Re: Some notes on FAST_IPSEC... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 06:08:12 -0000 > > No, it was an off the cuff comment during the discussion. We should, > most likely, move to whatever is most current as our solution. > I see. I guess the decision also depends on how much others are willing to make that switch. Either way, you can count me in as a helper if you like. -- Qing From owner-freebsd-net@FreeBSD.ORG Thu May 12 06:21:54 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2160D16A4CE for ; Thu, 12 May 2005 06:21:54 +0000 (GMT) Received: from espresso2.syncrontech.com (sync-old.syncrontech.com [213.28.98.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6F2B43D7F for ; Thu, 12 May 2005 06:21:50 +0000 (GMT) (envelope-from ari@suutari.iki.fi) Received: from guinness.syncrontech.com (guinness.syncrontech.com [62.71.8.57])j4C6Lkdi026121 for ; Thu, 12 May 2005 09:21:46 +0300 (EEST) (envelope-from ari@suutari.iki.fi) Received: from [62.71.8.37] (coffee.syncrontech.com [62.71.8.37]) j4C6Lbcw007240; Thu, 12 May 2005 09:21:41 +0300 (EEST) (envelope-from ari@suutari.iki.fi) Message-ID: <4282F5EC.6060902@suutari.iki.fi> Date: Thu, 12 May 2005 09:21:32 +0300 From: Ari Suutari User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: IPSEC traffic doesn't work realiably after upgrading from 4.11 to 5.4 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 06:21:54 -0000 Hi, I have upgraded a vpn server from FreeBSD 4.11 to 5.4-RELEASE. The box as about 20 vpn connections to other FreeBSD machines, the physical connection is via tun0 ... tun20 devices. Traffic flow is something like this: my internal net -> vpn server em1 -> vpn server ipsec -> vpn server tun0 -> vpn server em0 -> internet -> remote freebsd fxp0 -> remote freebsd tun0 -> remote freebsd ipsec -> remote net Remote FreeBSD box is still running 4.11. Ipsec is the kame version, not FAST_IPSEC. (tun0 stuff is created by vtun software, which is used to get around various restrictions, like ISP providing private addresses only). This has been working very well for years under FreeBSD 4.x. After upgrading to 5.4, things seem to work at first. However, when physical connection has problems, causing tun0 device to go temporarily down on server the vpn never recovers from it. When tun0 comes up back again, IPsec SAs seem to be valid on both sides. Non-ipsec traffic works without problems over tun0 as does *incoming* ipsec traffic from remote FreeBSD box. Outgoing ipsec packets seem to vanish completely. It seems that the problem can also be triggered by running ifconfig tun0 down && ifconfig tun0 up. netstat -s -p ipsec doesn't show any errors. To recover from situation, issuing setkey -F to flush all SAs helps. Flushing only the SAs related to this connection does not help, neither does removing related policies and adding them again. I would'n like to go back to 4.x series, so I'm looking for fix/workaround for this. Ari S. From owner-freebsd-net@FreeBSD.ORG Thu May 12 07:28:03 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A74816A4D0 for ; Thu, 12 May 2005 07:28:03 +0000 (GMT) Received: from us.svf.stuba.sk (us.svf.stuba.sk [147.175.16.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 55A4743D5D for ; Thu, 12 May 2005 07:28:02 +0000 (GMT) (envelope-from md@us.svf.stuba.sk) Received: from us.svf.stuba.sk (localhost [127.0.0.1]) by us.svf.stuba.sk (8.13.3/8.13.3) with ESMTP id j4C7RxoP094865; Thu, 12 May 2005 09:27:59 +0200 (CEST) (envelope-from md@us.svf.stuba.sk) Received: (from md@localhost) by us.svf.stuba.sk (8.13.3/8.13.3/Submit) id j4C7RshG094864; Thu, 12 May 2005 09:27:54 +0200 (CEST) (envelope-from md) Date: Thu, 12 May 2005 09:27:54 +0200 From: Marian Durkovic To: Mike Jakubik Message-ID: <20050512072754.GB92476@us.svf.stuba.sk> References: <20050505133250.GA73885@us.svf.stuba.sk> <20050506065950.GA1999@us.svf.stuba.sk> <20050507043712.GB28373@xor.obsecurity.org> <1318.172.16.0.199.1115846681.squirrel@172.16.0.1> <1424.172.16.0.199.1115851128.squirrel@172.16.0.1> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1424.172.16.0.199.1115851128.squirrel@172.16.0.1> User-Agent: Mutt/1.4.2.1i X-Virus-Scanned: ClamAV 0.83/875/Tue May 10 13:27:59 2005 on us.svf.stuba.sk X-Virus-Status: Clean X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED autolearn=failed version=3.0.2 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on us.svf.stuba.sk cc: freebsd-net@freebsd.org Subject: Re: SOLVED: Degraded TCP performace on Intel PRO/1000 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 07:28:03 -0000 Hi, On Wed, May 11, 2005 at 06:38:48PM -0400, Mike Jakubik wrote: > Any luck submitting the patch for this? Yes, it's kern/80932 > I looked at Intels website, and the latest drive for FreeBSD 4.7 is 1.7.35. 1.7.41 could be found at: http://downloadfinder.intel.com/scripts-df-external/filter_results.aspx?strTypes=all&ProductID=1068&OSFullName=FreeBSD*&lang=eng&strOSs=52&submit=Go%21 > Seems like i am getting half the performance when sending to the fbsd box. > Also, enabling jumbo frames does not help, and sometimes even yields > slightly slower results. Yes, that's exactly the problem my patch is addressing - for larger MTU sizes the TX FIFO is simply too small. And the new Intel's driver ver. 2.1.7 for FreeBSD 5.3 has the same bugs. With kind regards, M. From owner-freebsd-net@FreeBSD.ORG Thu May 12 10:30:56 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 104AE16A4CE for ; Thu, 12 May 2005 10:30:56 +0000 (GMT) Received: from espresso2.syncrontech.com (sync-old.syncrontech.com [213.28.98.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 40EF243D72 for ; Thu, 12 May 2005 10:30:54 +0000 (GMT) (envelope-from ari@suutari.iki.fi) Received: from guinness.syncrontech.com (guinness.syncrontech.com [62.71.8.57])j4CAUqpt026927; Thu, 12 May 2005 13:30:52 +0300 (EEST) (envelope-from ari@suutari.iki.fi) Received: from [62.71.8.37] (coffee.syncrontech.com [62.71.8.37]) j4CAUkd2027944; Thu, 12 May 2005 13:30:47 +0300 (EEST) (envelope-from ari@suutari.iki.fi) Message-ID: <42833051.10602@suutari.iki.fi> Date: Thu, 12 May 2005 13:30:41 +0300 From: Ari Suutari User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ari Suutari References: <4282F5EC.6060902@suutari.iki.fi> In-Reply-To: <4282F5EC.6060902@suutari.iki.fi> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: IPSEC traffic doesn't work realiably after upgrading from 4.11 to 5.4 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 10:30:56 -0000 Hi again, Some more information to this one: This seems to be some kind of odd routing problem. I just recreated the setup under vmware and noticed that when the problem occurs the outgoing ESP packets are flowing on interface that has the default route (em0), not on tun0. The routing table entry looks correct (ie. points to tun0), but ESP packets don't seem to obey it (until setkey -F is issued). Ari S. Ari Suutari wrote: > Hi, > > I have upgraded a vpn server from FreeBSD 4.11 to 5.4-RELEASE. > The box as about 20 vpn connections to other FreeBSD machines, > the physical connection is via tun0 ... tun20 devices. > > Traffic flow is something like this: > > my internal net -> > vpn server em1 -> > vpn server ipsec -> > vpn server tun0 -> > vpn server em0 -> > internet -> > remote freebsd fxp0 -> > remote freebsd tun0 -> > remote freebsd ipsec -> > remote net > > Remote FreeBSD box is still running 4.11. > Ipsec is the kame version, not FAST_IPSEC. > > (tun0 stuff is created by vtun software, which is used > to get around various restrictions, like ISP providing > private addresses only). > > This has been working very well for years under FreeBSD 4.x. > > After upgrading to 5.4, things seem to work at first. However, > when physical connection has problems, causing tun0 device to > go temporarily down on server the vpn never recovers from it. > When tun0 comes up back again, IPsec SAs seem to be valid > on both sides. Non-ipsec traffic works without problems > over tun0 as does *incoming* ipsec traffic from remote > FreeBSD box. Outgoing ipsec packets seem to vanish completely. > > It seems that the problem can also be triggered by running > ifconfig tun0 down && ifconfig tun0 up. > > netstat -s -p ipsec doesn't show any errors. To recover > from situation, issuing setkey -F to flush all SAs helps. > Flushing only the SAs related to this connection does not help, > neither does removing related policies and adding them again. > > I would'n like to go back to 4.x series, so I'm looking > for fix/workaround for this. > > Ari S. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Thu May 12 12:29:35 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DFCE816A4E5 for ; Thu, 12 May 2005 12:29:34 +0000 (GMT) Received: from espresso2.syncrontech.com (sync-old.syncrontech.com [213.28.98.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id CB5EA43D6A for ; Thu, 12 May 2005 12:29:30 +0000 (GMT) (envelope-from ari@suutari.iki.fi) Received: from guinness.syncrontech.com (guinness.syncrontech.com [62.71.8.57])j4CCTPsc027220; Thu, 12 May 2005 15:29:29 +0300 (EEST) (envelope-from ari@suutari.iki.fi) Received: from [62.71.8.37] (coffee.syncrontech.com [62.71.8.37]) j4CCTJ1D031335; Thu, 12 May 2005 15:29:19 +0300 (EEST) (envelope-from ari@suutari.iki.fi) Message-ID: <42834C11.9000103@suutari.iki.fi> Date: Thu, 12 May 2005 15:29:05 +0300 From: Ari Suutari User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ari Suutari References: <4282F5EC.6060902@suutari.iki.fi> <42833051.10602@suutari.iki.fi> In-Reply-To: <42833051.10602@suutari.iki.fi> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: IPSEC traffic doesn't work realiably after upgrading from 4.11 to 5.4 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 12:29:35 -0000 (replying to myself again...) Ari Suutari wrote: > Some more information to this one: This seems to be some kind of > odd routing problem. I just recreated the setup under vmware and noticed > that when the problem occurs the outgoing ESP packets are > flowing on interface that has the default route (em0), not > on tun0. The routing table entry looks correct (ie. points > to tun0), but ESP packets don't seem to obey it > (until setkey -F is issued). There seems to be a field called sa_route, which caches routing information in SA if I understood the code correctly. What happens here is this: - when tun0 goes down, the code in ipsec.c notices that route is not up any more and gets a new route for packet. In this case it gets the default route. - when tun0 goes up again, ESP packets are still sent to default route, because it is still valid. - setkey -F clears this cached information, restoring correct operation. I coudn't find any place where sa_route stuff is invalidated when routing table changes. If so, isn't this kind of a serious problem ? Ari S. > > Ari S. > > Ari Suutari wrote: > >> Hi, >> >> I have upgraded a vpn server from FreeBSD 4.11 to 5.4-RELEASE. >> The box as about 20 vpn connections to other FreeBSD machines, >> the physical connection is via tun0 ... tun20 devices. >> >> Traffic flow is something like this: >> >> my internal net -> >> vpn server em1 -> >> vpn server ipsec -> >> vpn server tun0 -> >> vpn server em0 -> >> internet -> >> remote freebsd fxp0 -> >> remote freebsd tun0 -> >> remote freebsd ipsec -> >> remote net >> >> Remote FreeBSD box is still running 4.11. >> Ipsec is the kame version, not FAST_IPSEC. >> >> (tun0 stuff is created by vtun software, which is used >> to get around various restrictions, like ISP providing >> private addresses only). >> >> This has been working very well for years under FreeBSD 4.x. >> >> After upgrading to 5.4, things seem to work at first. However, >> when physical connection has problems, causing tun0 device to >> go temporarily down on server the vpn never recovers from it. >> When tun0 comes up back again, IPsec SAs seem to be valid >> on both sides. Non-ipsec traffic works without problems >> over tun0 as does *incoming* ipsec traffic from remote >> FreeBSD box. Outgoing ipsec packets seem to vanish completely. >> >> It seems that the problem can also be triggered by running >> ifconfig tun0 down && ifconfig tun0 up. >> >> netstat -s -p ipsec doesn't show any errors. To recover >> from situation, issuing setkey -F to flush all SAs helps. >> Flushing only the SAs related to this connection does not help, >> neither does removing related policies and adding them again. >> >> I would'n like to go back to 4.x series, so I'm looking >> for fix/workaround for this. >> >> Ari S. >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Thu May 12 13:57:35 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1F8F516A4CE; Thu, 12 May 2005 13:57:35 +0000 (GMT) Received: from dis.dis.com (dis.dis.com [64.7.69.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9E54243D7E; Thu, 12 May 2005 13:57:34 +0000 (GMT) (envelope-from freebsd@dis.com) Received: from dilbert (dilbert.dis.com [192.168.1.50]) by dis.dis.com (8.13.2/8.13.2) with SMTP id j4CDvWwE056097; Thu, 12 May 2005 06:57:34 -0700 (PDT) From: "Mark Klein" To: , "kame" Date: Thu, 12 May 2005 06:57:32 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 In-Reply-To: Importance: Normal cc: freebsd-net@freebsd.org Subject: RE: Forward: Page Fault in in6_purgeaddr X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 13:57:35 -0000 > -----Original Message----- > From: gnn@freebsd.org [mailto:gnn@freebsd.org] > Sent: Wednesday, May 11, 2005 6:30 PM > To: kame > Cc: freebsd-net@freebsd.org; Mark Klein > Subject: Forward: Page Fault in in6_purgeaddr > > > Forwarded to the kame folks as well as they might have already fixed > this in their own code. > > Can you tell us what else is going on when this happens? > > Is it random? It appears to happen at close to 24 hour periods ... almost 23 hours and 50 minutes, give or take a few minutes. Happens once per day only. IPv6 is NOT explicitly used at this site. Chasing the code makes it appear it could be related to the PPP tunnels, which I've disabled as of this AM to see what happens. I ran a TCPDUMP IP6 for 30 minutes around yesterday's crash time and got nothing, so I don't see any IPv6 traffic that might be the cause (then again, it could've been something that just arrived and never got the chance to be made persistent in my log). Unfortunately, I'm heading out of town for a conference today and won't be back till Monday. So, I'm crossing my fingers that the box will reboot by itself after each episode and will survive until I get back. :-) Regards, M. From owner-freebsd-net@FreeBSD.ORG Thu May 12 14:25:25 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 189F616A4CE; Thu, 12 May 2005 14:25:25 +0000 (GMT) Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [202.249.10.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id A651143D72; Thu, 12 May 2005 14:25:24 +0000 (GMT) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from ocean.jinmei.org (unknown [2001:200:0:4819:200:39ff:fed7:e2e4]) by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP id 15A0B1521A; Thu, 12 May 2005 23:27:16 +0900 (JST) Date: Thu, 12 May 2005 23:26:16 +0900 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: "Mark Klein" In-Reply-To: References: User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI) Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan. MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII cc: gnn@freebsd.org cc: freebsd-net@freebsd.org cc: kame Subject: Re: Forward: Page Fault in in6_purgeaddr X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 14:25:25 -0000 >>>>> On Thu, 12 May 2005 06:57:32 -0700, >>>>> "Mark Klein" said: >> Forwarded to the kame folks as well as they might have already fixed >> this in their own code. >> >> Can you tell us what else is going on when this happens? >> >> Is it random? > It appears to happen at close to 24 hour periods ... almost 23 hours > and 50 minutes, give or take a few minutes. Happens once per day only. > IPv6 is NOT explicitly used at this site. Chasing the code makes it > appear it could be related to the PPP tunnels, which I've disabled > as of this AM to see what happens. Hmm, this really sounds strange, since the sequence of nd6_timer()->in6_purgeaddr(), which was an entry point of the crash, could take place only when an IPv6 address with a finite lifetime expires. This could not happen if IPv6 is "NOT explicitly used". (link-local addresses are automatically assigned unless the INET6 option is removed from the kernel configuration options, but these addresses have an infinite lifetime and cannot be the cause of this trouble). It would be helpful if you can provide the result of "ifconfig -a" under the configuration that can cause the crash. JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp From owner-freebsd-net@FreeBSD.ORG Thu May 12 21:30:02 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A7EA16A4CE; Thu, 12 May 2005 21:30:02 +0000 (GMT) Received: from lakermmtao10.cox.net (lakermmtao10.cox.net [68.230.240.29]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5F37A43D6E; Thu, 12 May 2005 21:30:01 +0000 (GMT) (envelope-from gandalf@digital.net) Received: from [192.168.1.94] (really [68.0.104.119]) by lakermmtao10.cox.net (InterMail vM.6.01.04.00 201-2131-118-20041027) with ESMTP id <20050512212959.UZLM7787.lakermmtao10.cox.net@[192.168.1.94]>; Thu, 12 May 2005 17:29:59 -0400 User-Agent: Microsoft-Entourage/10.1.6.040913.0 Date: Thu, 12 May 2005 16:29:59 -0500 From: Gandalf The White To: Suleiman Souhlal Message-ID: In-Reply-To: <52F4D230-9D2D-4D75-93DC-FF54BB902D98@FreeBSD.org> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit cc: freebsd-net@FreeBSD.org Subject: Re: FreeBSD and the Rose Attack / NewDawn X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 21:30:02 -0000 Greetings and Salutations: On 5/8/05 9:13 PM, "Suleiman Souhlal" wrote: > The patch at http://people.freebsd.org/~ssouhlal/testing/ > ip_reass-20050507.diff does just this. > Could you kindly test it? My procedure (as root of course): # cd \usr # patch ip_reass-20050507.diff Recompile kernel I ran: # top I ran the test again and CPU utilization was at close to 98% to 99% in the interrupt column. Ken --------------------------------------------------------------- Do not meddle in the affairs of wizards for they are subtle and quick to anger. Ken Hollis - Gandalf The White - gandalf@digital.net - O- TINLC WWW Page - http://digital.net/~gandalf/ Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html Trolls crossposts - http://digital.net/~gandalf/trollfaq.html From owner-freebsd-net@FreeBSD.ORG Thu May 12 22:05:46 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 708FB16A4CE for ; Thu, 12 May 2005 22:05:46 +0000 (GMT) Received: from smtp100.rog.mail.re2.yahoo.com (smtp100.rog.mail.re2.yahoo.com [206.190.36.78]) by mx1.FreeBSD.org (Postfix) with SMTP id AD7A843D83 for ; Thu, 12 May 2005 22:05:45 +0000 (GMT) (envelope-from mikej@rogers.com) Received: from unknown (HELO 172.16.0.1) (mikej@69.193.222.195 with login) by smtp100.rog.mail.re2.yahoo.com with SMTP; 12 May 2005 22:05:44 -0000 Received: from 172.16.0.199 (SquirrelMail authenticated user mikej) by 172.16.0.1 with HTTP; Thu, 12 May 2005 18:05:46 -0400 (EDT) Message-ID: <2508.172.16.0.199.1115935546.squirrel@172.16.0.1> In-Reply-To: <20050512072754.GB92476@us.svf.stuba.sk> References: <20050505133250.GA73885@us.svf.stuba.sk> <20050506065950.GA1999@us.svf.stuba.sk> <20050507043712.GB28373@xor.obsecurity.org> <1318.172.16.0.199.1115846681.squirrel@172.16.0.1> <1424.172.16.0.199.1115851128.squirrel@172.16.0.1> <20050512072754.GB92476@us.svf.stuba.sk> Date: Thu, 12 May 2005 18:05:46 -0400 (EDT) From: "Mike Jakubik" To: "Marian Durkovic" User-Agent: SquirrelMail/1.5.1 [CVS] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org Subject: Re: SOLVED: Degraded TCP performace on Intel PRO/1000 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 22:05:46 -0000 On Thu, May 12, 2005 3:27 am, Marian Durkovic said: > Hi, > > > On Wed, May 11, 2005 at 06:38:48PM -0400, Mike Jakubik wrote: > >> Any luck submitting the patch for this? >> > > Yes, it's kern/80932 Good stuff, ill test it when i get a chance. > >> I looked at Intels website, and the latest drive for FreeBSD 4.7 is >> 1.7.35. >> > > 1.7.41 could be found at: > > > http://downloadfinder.intel.com/scripts-df-external/filter_results.aspx?s > trTypes=all&ProductID=1068&OSFullName=FreeBSD*&lang=eng&strOSs=52&submit= > Go%21 Should we not be using the 2.x driver? Intels website states that 1.7 is for FreeBSD 4.x and that it is no longer maintained. The 2.x is for FreeBSD 5.3+, and is maintained. I think this is a good chance to bring it up to date. >> Seems like i am getting half the performance when sending to the fbsd >> box. Also, enabling jumbo frames does not help, and sometimes even >> yields slightly slower results. > > Yes, that's exactly the problem my patch is addressing - for larger MTU > sizes the TX FIFO is simply too small. Oddly enough, i ran the same benchmark between that same server and another freebsd box. However this time i ran it on 100mbit cards. A rl, and an fxp on the original server (wich has the em card also). I got the same results! Sending to the server gave me 11MB/s, but sending from it gave me about 7-8MB/s. There may be a problem in -CURRENT. From owner-freebsd-net@FreeBSD.ORG Thu May 12 23:13:49 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 34A5F16A4CE for ; Thu, 12 May 2005 23:13:49 +0000 (GMT) Received: from mail.frii.com (phobos02.frii.net [216.17.128.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id D6D5543D8F for ; Thu, 12 May 2005 23:13:48 +0000 (GMT) (envelope-from matt@frii.com) Received: from elara.frii.com (elara.frii.com [216.17.128.39]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by mail.frii.com (FRII) with ESMTP id 7C0681E01FA for ; Thu, 12 May 2005 17:13:48 -0600 (MDT) Date: Thu, 12 May 2005 17:13:48 -0600 (MDT) From: Matt Ruzicka X-X-Sender: mattr@elara.frii.com To: freebsd-net@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Outbound TCP issue, potentially related to 'FreeBSD-SA-05:08.kmem [REVISED]' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 23:13:49 -0000 A couple days after we patched our systems, we started to receive a number of reports of mysql connection errors when our patched FreeBSD 4.9 web servers were trying to connect to our mysql server, which lives on a separate FreeBSD machine. Initially we thought this was a networking error related to our server load balancer (which has been a troublemaker in the past) or some other networking device, but testing has proven otherwise. * Problem description: Outbound TCP connections are randomly failing to connect. They receive a "Can't assign requested address" error from the connect() call. The error has been demonstrated against multiple machines on multiple different ports. It only impacts outgoing connections from our web servers - no inbound connections have failed or dropped. Also, we have not seen this problem on any of our other servers, which have also been patched. The errors are sporadic. The most frequent pattern we've seen is a 5 to 10 minute period of success, followed by a couple of seconds of frequent failures. When we start getting errors connecting to one port/machine we see concurrent errors to other ports/machines. * What we've tried: The impacted machines are in a server-load-balanced environment, so we spent quite a bit of time convincing ourselves that this was not an external network error. We created a perl test script that tries to connect to a given machine and port once per second and logs its success or failure. (script is included below) We then aimed it at machines both inside and outside the SLB environment. We originally tried it against multiple different ports, but after finding that the failures were not port-specific, we simplified the methodology to make all connections to port 5666. (a monitoring app) Reverse tests were also run to see if the failures impacted incoming connections. No failures were ever logged in this direction. The tests established that we reliably saw failures from the two impacted machines to any other server, including each other. (The two boxes are separated by a switch, but not the SLB.) It did not matter if the remote machine was on the same network, or was in front or behind the SLB switch. Connections between other machines behind the same switch showed no failures. We next set up tcpdump on one impacted machine and started logging the test connections. When a failure occurred, the dumps showed no packets leaving the box to the target machine. At that point we felt reasonably confident that the problem was not an external network issue, so we moved on to systems troubleshooting. Since this machine was running a few revisions behind we felt it would be prudent to upgrade to the latest release of FreeBSD. Both web servers have since been upgraded to the latest version of 4.11 to ensure it was not an issue related to the old versions we were running. After the upgrade errors returned to the previous levels after a few hour lull. Apache, PHP and related modules were both reinstalled on the boxes after the FreeBSD upgrade to ensure they were using the correct libraries and such. The only error we have found in the logs was right after boot and is related to PMAP_SHPGPERPROC and discussed here: http://lists.freebsd.org/pipermail/freebsd-hackers/2003-May/000695.html If I understand this correctly we should have plenty of PV entries available. ----- Message Queues: T ID KEY MODE OWNER GROUP CREATOR CGROUP CBYTES QNUM QBYTES LSPID LRPID STIME RTIME CTIME Shared Memory: T ID KEY MODE OWNER GROUP CREATOR CGROUP NATTCH SEGSZ CPID LPID ATIME DTIME CTIME m 262144 0 --rw------- root wheel root wheel 21 524288 81250 8125014:03:40 17:02:37 14:03:40 m 458754 0 --rw------- root wheel root wheel 42 524288 74667 7466716:06:03 17:02:39 16:06:03 Semaphores: T ID KEY MODE OWNER GROUP CREATOR CGROUP NSEMS OTIME CTIME ITEM SIZE LIMIT USED FREE REQUESTS PV ENTRY: 28, 2281326, 545883, 1036172, 589082427 ----- * Test script: Note that we also tried a similar script using raw socket calls, rather than using IO::Socket. The results were identical. ----- #!/usr/bin/perl use strict; use warnings; use Sys::Hostname qw(hostname); use IO::Socket; use constant LOG_FILE => '/tmp/'; # host to connect to my $host = shift(@ARGV) || 'xxx.xxx.xxx.xxx'; # open our log file my $log_file = LOG_FILE . hostname() . '_to_' . $host . '.nrpe'; open(LOG, '>>', $log_file) or die "Can't open log: $log_file $!"; while(1){ my $start_time = time(); # try a connection eval { my $socket = IO::Socket::INET->new($host . ':5666') or die "Can't connect: $!"; $socket->close(); }; my $result = "ok"; $result = "failed ($@)" if $@; print LOG hostname() . ' ' . scalar(localtime($start_time)) . ' ' . $result . "\n"; sleep 1; } ----- * Summary: Since this is not affecting any of our other servers, which have been patched, I do not feel it is a direct result of the patch, but suspect the patch may have accentuated an existing issue. Any suggestions as to what could be causing this would be greatly appreciated. Please let me know what additional information about the system I can gather if it will be of assistance. Thank you very much in advance. Matthew Ruzicka - Systems Administrator Front Range Internet, Inc. matt@frii.net - (970) 212-0728 From owner-freebsd-net@FreeBSD.ORG Fri May 13 00:30:49 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D02416A4CE for ; Fri, 13 May 2005 00:30:49 +0000 (GMT) Received: from relay.pair.com (relay00.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 9F61E43D73 for ; Fri, 13 May 2005 00:30:48 +0000 (GMT) (envelope-from silby@silby.com) Received: (qmail 45755 invoked from network); 13 May 2005 00:30:47 -0000 Received: from unknown (HELO localhost) (unknown) by unknown with SMTP; 13 May 2005 00:30:47 -0000 X-pair-Authenticated: 209.68.2.70 Date: Thu, 12 May 2005 19:30:32 -0500 (CDT) From: Mike Silbersack To: Matt Ruzicka In-Reply-To: Message-ID: <20050512192936.V730@odysseus.silby.com> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-net@freebsd.org Subject: Re: Outbound TCP issue, potentially related to'FreeBSD-SA-05:08.kmem [REVISED]' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 00:30:49 -0000 On Thu, 12 May 2005, Matt Ruzicka wrote: > A couple days after we patched our systems, we started to receive a number > of reports of mysql connection errors when our patched FreeBSD 4.9 web > servers were trying to connect to our mysql server, which lives on a > separate FreeBSD machine. Although you just saw this behavior now, it sounds like you're describing a problem that sometimes occurs due to port randomization. Can you try setting sysctl net.inet.ip.portrange.randomized=0 to see if that affects anything? Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Fri May 13 02:49:10 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F73316A4CE for ; Fri, 13 May 2005 02:49:10 +0000 (GMT) Received: from mail-relay1.yahoo.com (mail-relay1.yahoo.com [216.145.48.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 504D443D31 for ; Fri, 13 May 2005 02:49:10 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com [216.145.48.98])j4D2n9ps024002; Thu, 12 May 2005 19:49:09 -0700 (PDT) Date: Thu, 12 May 2005 22:49:12 -0400 Message-ID: From: gnn@freebsd.org To: kame User-Agent: Wanderlust/2.12.0 (Your Wildest Dreams) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.3.50 (powerpc-apple-darwin7.7.0) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Code nit questions... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 02:49:10 -0000 Hi Folks, In a continuing effort to clean up some code nits in the IPv6 code I'd like to propose the following diffs. There is a comment, starting with a *) explaining the problem and proposed fix. Let me know. Later, George *) Insert proper return value checking. cvs diff: Diffing . Index: icmp6.c =================================================================== RCS file: /Volumes/exported/FreeBSD-CVS/src/sys/netinet6/icmp6.c,v retrieving revision 1.61 diff -u -r1.61 icmp6.c --- icmp6.c 14 Apr 2005 11:41:23 -0000 1.61 +++ icmp6.c 11 May 2005 18:55:03 -0000 @@ -1,4 +1,4 @@ -/* $FreeBSD$ */ +/* $FreeBSD: src/sys/netinet6/icmp6.c,v 1.61 2005/04/14 11:41:23 gnn Exp $ */ /* $KAME: icmp6.c,v 1.211 2001/04/04 05:56:20 itojun Exp $ */ /*- @@ -2092,13 +2092,17 @@ sa6_src.sin6_len = sizeof(sa6_src); sa6_src.sin6_addr = ip6->ip6_dst; in6_recoverscope(&sa6_src, &ip6->ip6_dst, m->m_pkthdr.rcvif); - in6_embedscope(&ip6->ip6_dst, &sa6_src, NULL, NULL); + if (in6_embedscope(&ip6->ip6_dst, &sa6_src, NULL, NULL)) { + goto bad; + } bzero(&sa6_dst, sizeof(sa6_dst)); sa6_dst.sin6_family = AF_INET6; sa6_dst.sin6_len = sizeof(sa6_dst); sa6_dst.sin6_addr = t; in6_recoverscope(&sa6_dst, &t, m->m_pkthdr.rcvif); - in6_embedscope(&t, &sa6_dst, NULL, NULL); + if (in6_embedscope(&t, &sa6_dst, NULL, NULL)) { + goto bad; + } #ifdef COMPAT_RFC1885 /* *) Make sure that sro is also valid before de-referencing it. Index: in6_src.c =================================================================== RCS file: /Volumes/exported/FreeBSD-CVS/src/sys/netinet6/in6_src.c,v retrieving revision 1.29 diff -u -r1.29 in6_src.c --- in6_src.c 7 Jan 2005 02:30:34 -0000 1.29 +++ in6_src.c 11 May 2005 20:09:30 -0000 @@ -454,7 +454,7 @@ if ((error = in6_selectroute(dstsock, opts, mopts, ro, retifp, &rt, 0)) != 0) { - if (rt && rt == sro.ro_rt) + if (rt && sro && rt == sro.ro_rt) RTFREE(rt); return (error); } @@ -667,7 +667,7 @@ * (this may happen when we are sending a packet to one of * our own addresses.) */ - if (opts && opts->ip6po_pktinfo && + if (ifp && opts && opts->ip6po_pktinfo && opts->ip6po_pktinfo->ipi6_ifindex) { if (!(ifp->if_flags & IFF_LOOPBACK) && ifp->if_index != *) Make sure that rule is valid before dereferencing it. Index: ip6_fw.c =================================================================== RCS file: /Volumes/exported/FreeBSD-CVS/src/sys/netinet6/ip6_fw.c,v retrieving revision 1.34 diff -u -r1.34 ip6_fw.c --- ip6_fw.c 7 Jan 2005 02:30:34 -0000 1.34 +++ ip6_fw.c 11 May 2005 20:29:03 -0000 @@ -769,7 +769,7 @@ * - The packet is not an ICMP packet, or is an ICMP query packet * - The packet is not a multicast or broadcast packet */ - if ((rule->fw_flg & IPV6_FW_F_COMMAND) == IPV6_FW_F_REJECT + if (rule && (rule->fw_flg & IPV6_FW_F_COMMAND) == IPV6_FW_F_REJECT && (nxt != IPPROTO_ICMPV6 || is_icmp6_query(ip6, off)) && !((*m)->m_flags & (M_BCAST|M_MCAST)) && !IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { *) Do not bcopy if the pointer is NULL, whether or not canwait was set. Index: ip6_output.c =================================================================== RCS file: /Volumes/exported/FreeBSD-CVS/src/sys/netinet6/ip6_output.c,v retrieving revision 1.88 diff -u -r1.88 ip6_output.c --- ip6_output.c 18 Apr 2005 18:35:05 -0000 1.88 +++ ip6_output.c 11 May 2005 20:48:12 -0000 @@ -2603,7 +2603,7 @@ if (src->ip6po_nexthop) { dst->ip6po_nexthop = malloc(src->ip6po_nexthop->sa_len, M_IP6OPT, canwait); - if (dst->ip6po_nexthop == NULL && canwait == M_NOWAIT) + if (dst->ip6po_nexthop == NULL) goto bad; bcopy(src->ip6po_nexthop, dst->ip6po_nexthop, src->ip6po_nexthop->sa_len); From owner-freebsd-net@FreeBSD.ORG Fri May 13 05:57:01 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 66E7D16A4D1 for ; Fri, 13 May 2005 05:57:01 +0000 (GMT) Received: from relay03.pair.com (relay03.pair.com [209.68.5.17]) by mx1.FreeBSD.org (Postfix) with SMTP id D1B9943D94 for ; Fri, 13 May 2005 05:57:00 +0000 (GMT) (envelope-from silby@silby.com) Received: (qmail 50414 invoked from network); 13 May 2005 05:56:59 -0000 Received: from unknown (HELO localhost) (unknown) by unknown with SMTP; 13 May 2005 05:56:59 -0000 X-pair-Authenticated: 209.68.2.70 Date: Fri, 13 May 2005 00:56:44 -0500 (CDT) From: Mike Silbersack To: Gandalf The White In-Reply-To: Message-ID: <20050513005221.S731@odysseus.silby.com> References: MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-1582394414-1115963804=:731" cc: freebsd-net@FreeBSD.org cc: Suleiman Souhlal Subject: Re: FreeBSD and the Rose Attack / NewDawn X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 05:57:01 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-1582394414-1115963804=:731 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed On Thu, 12 May 2005, Gandalf The White wrote: > # patch ip_reass-20050507.diff > Recompile kernel > > I ran: > # top > > I ran the test again and CPU utilization was at close to 98% to 99% in the > interrupt column. > > Ken Brooks Davis and myself ran some tests tonight while sitting around at BSDCan and came to the conclusion that IP Reassembly overhead is not the main problem here. This conclusion was derived from the patch I've attached to this e-mail (please tell me if it gets stripped off.) On my laptop, we found that we could hit it with 14000 frags per second, and it didn't matter if those frags were all processed, or all ignored (via the net.inet.ip.maxfragspersecond sysctl). Either way, the amount of cpu time used was about the same - 70%. But on another laptop with the same processor, 8000 pps could effectively freeze it. We believe this is because the network card on that machine shares an IRQ with the sound card, making interrupt processing very expensive. So, test out my attached patch with varying settings of maxfragspersecond and see if it makes any difference for you. Thanks, Mike "Silby" Silbersack --0-1582394414-1115963804=:731 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=ip_maxfragspersecond.patch Content-Transfer-Encoding: BASE64 Content-ID: <20050513005644.N731@odysseus.silby.com> Content-Description: Content-Disposition: attachment; filename=ip_maxfragspersecond.patch ZGlmZiAtdSAtciAvdXNyL3NyYy9zeXMub2xkL25ldGluZXQvaW5fcGNiLmMg L3Vzci9zcmMvc3lzL25ldGluZXQvaW5fcGNiLmMNCi0tLSAvdXNyL3NyYy9z eXMub2xkL25ldGluZXQvaW5fcGNiLmMJU3VuIEFwciAxNyAxODowNTowNSAy MDA1DQorKysgL3Vzci9zcmMvc3lzL25ldGluZXQvaW5fcGNiLmMJVGh1IE1h eSAxMiAyMTo0NzozOSAyMDA1DQpAQCAtMTIzNCw1ICsxMjM0LDEwIEBADQog CQkJaXBwb3J0X3N0b3ByYW5kb20tLTsNCiAJfQ0KIAlpcHBvcnRfdGNwbGFz dGNvdW50ID0gaXBwb3J0X3RjcGFsbG9jczsNCisJaWYgKGlwX2N1cmZyYWdz cGVyc2Vjb25kID4gaXBfbWF4ZnJhZ3NwZXJzZWNvbmQpIHsNCisJCXByaW50 ZigiUmVjZWl2ZWQgJWQgZnJhZ3MsIGV4Y2VlZGVkICVkIHBlciBzZWNvbmRc bi4iLA0KKwkJCWlwX2N1cmZyYWdzcGVyc2Vjb25kLCBpcF9tYXhmcmFnc3Bl cnNlY29uZCk7DQorCX0NCisJaXBfY3VyZnJhZ3NwZXJzZWNvbmQgPSAwOw0K IAljYWxsb3V0X3Jlc2V0KCZpcHBvcnRfdGlja19jYWxsb3V0LCBoeiwgaXBw b3J0X3RpY2ssIE5VTEwpOw0KIH0NCmRpZmYgLXUgLXIgL3Vzci9zcmMvc3lz Lm9sZC9uZXRpbmV0L2lwX2lucHV0LmMgL3Vzci9zcmMvc3lzL25ldGluZXQv aXBfaW5wdXQuYw0KLS0tIC91c3Ivc3JjL3N5cy5vbGQvbmV0aW5ldC9pcF9p bnB1dC5jCVN1biBBcHIgMTcgMTg6MDU6MDYgMjAwNQ0KKysrIC91c3Ivc3Jj L3N5cy9uZXRpbmV0L2lwX2lucHV0LmMJVGh1IE1heSAxMiAyMTo0OTo1MiAy MDA1DQpAQCAtMTMwLDYgKzEzMCwxMiBAQA0KIAkmbWF4ZnJhZ3NwZXJwYWNr ZXQsIDAsDQogCSJNYXhpbXVtIG51bWJlciBvZiBJUHY0IGZyYWdtZW50cyBh bGxvd2VkIHBlciBwYWNrZXQiKTsNCiANCitpbnQgaXBfY3VyZnJhZ3NwZXJz ZWNvbmQ7DQoraW50IGlwX21heGZyYWdzcGVyc2Vjb25kOw0KK1NZU0NUTF9J TlQoX25ldF9pbmV0X2lwLCBPSURfQVVUTywgbWF4ZnJhZ3NwZXJzZWNvbmQs IENUTEZMQUdfUlcsDQorCSZpcF9tYXhmcmFnc3BlcnNlY29uZCwgMCwNCisJ Ik1heGltdW0gbnVtYmVyIG9mIElQdjQgZnJhZ21lbnRzIGFsbG93ZWQgcGVy IHNlY29uZCIpOw0KKw0KIHN0YXRpYyBpbnQJaXBfc2VuZHNvdXJjZXF1ZW5j aCA9IDA7DQogU1lTQ1RMX0lOVChfbmV0X2luZXRfaXAsIE9JRF9BVVRPLCBz ZW5kc291cmNlcXVlbmNoLCBDVExGTEFHX1JXLA0KIAkmaXBfc2VuZHNvdXJj ZXF1ZW5jaCwgMCwNCkBAIC0yODQsNiArMjkwLDcgQEANCiAJICAgIFRBSUxR X0lOSVQoJmlwcVtpXSk7DQogCW1heG5pcHEgPSBubWJjbHVzdGVycyAvIDMy Ow0KIAltYXhmcmFnc3BlcnBhY2tldCA9IDE2Ow0KKwlpcF9tYXhmcmFnc3Bl cnNlY29uZCA9IDEwMDsNCiANCiAJLyogU3RhcnQgaXBwb3J0X3RpY2suICov DQogCWNhbGxvdXRfaW5pdCgmaXBwb3J0X3RpY2tfY2FsbG91dCwgQ0FMTE9V VF9NUFNBRkUpOw0KQEAgLTgwMiw3ICs4MDksOSBAQA0KIAl1X3Nob3J0IGhh c2g7DQogDQogCS8qIElmIG1heG5pcHEgb3IgbWF4ZnJhZ3NwZXJwYWNrZXQg YXJlIDAsIG5ldmVyIGFjY2VwdCBmcmFnbWVudHMuICovDQotCWlmIChtYXhu aXBxID09IDAgfHwgbWF4ZnJhZ3NwZXJwYWNrZXQgPT0gMCkgew0KKwlpZiAo bWF4bmlwcSA9PSAwIHx8IG1heGZyYWdzcGVycGFja2V0ID09IDAgfHwNCisJ CWlwX2N1cmZyYWdzcGVyc2Vjb25kID49IGlwX21heGZyYWdzcGVyc2Vjb25k KSB7DQorCQlpcF9jdXJmcmFnc3BlcnNlY29uZCsrOw0KIAkJaXBzdGF0Lmlw c19mcmFnbWVudHMrKzsNCiAJCWlwc3RhdC5pcHNfZnJhZ2Ryb3BwZWQrKzsN CiAJCW1fZnJlZW0obSk7DQpAQCAtODg0LDYgKzg5Myw3IEBADQogCSAqIGlw X3JlYXNzKCkgd2lsbCByZXR1cm4gYSBkaWZmZXJlbnQgbWJ1Zi4NCiAJICov DQogCWlwc3RhdC5pcHNfZnJhZ21lbnRzKys7DQorCWlwX2N1cmZyYWdzcGVy c2Vjb25kKys7DQogCW0tPm1fcGt0aGRyLmhlYWRlciA9IGlwOw0KIA0KIAkv KiBQcmV2aW91cyBpcF9yZWFzcygpIHN0YXJ0ZWQgaGVyZS4gKi8NCkBAIC0x MDY5LDYgKzEwNzksNyBAQA0KIAlpcC0+aXBfbGVuID0gKGlwLT5pcF9obCA8 PCAyKSArIG5leHQ7DQogCWlwLT5pcF9zcmMgPSBmcC0+aXBxX3NyYzsNCiAJ aXAtPmlwX2RzdCA9IGZwLT5pcHFfZHN0Ow0KKwlpcF9jdXJmcmFnc3BlcnNl Y29uZCAtPSBmcC0+aXBxX25mcmFnczsNCiAJVEFJTFFfUkVNT1ZFKGhlYWQs IGZwLCBpcHFfbGlzdCk7DQogCW5pcHEtLTsNCiAJKHZvaWQpIG1fZnJlZShk dG9tKGZwKSk7DQpPbmx5IGluIC91c3Ivc3JjL3N5cy9uZXRpbmV0OiBpcF9p bnB1dC5jLm9sZA0KZGlmZiAtdSAtciAvdXNyL3NyYy9zeXMub2xkL25ldGlu ZXQvaXBfdmFyLmggL3Vzci9zcmMvc3lzL25ldGluZXQvaXBfdmFyLmgNCi0t LSAvdXNyL3NyYy9zeXMub2xkL25ldGluZXQvaXBfdmFyLmgJU3VuIEFwciAx NyAxODowNTowNiAyMDA1DQorKysgL3Vzci9zcmMvc3lzL25ldGluZXQvaXBf dmFyLmgJVGh1IE1heSAxMiAyMToxNjo0NyAyMDA1DQpAQCAtNjEsNiArNjEs OCBAQA0KIAlzdHJ1Y3QgbWJ1ZiAqaXBxX2ZyYWdzOwkJLyogdG8gaXAgaGVh ZGVycyBvZiBmcmFnbWVudHMgKi8NCiAJc3RydWN0CWluX2FkZHIgaXBxX3Ny YyxpcHFfZHN0Ow0KIAl1X2NoYXIJaXBxX25mcmFnczsJCS8qICMgZnJhZ3Mg aW4gdGhpcyBwYWNrZXQgKi8NCisJdV9zaG9ydCBpcHFfbGVuOwkJLyogbGVu Z3RoIG9mIGZpbmFsIHBhY2tldCAqLw0KKwl1X3Nob3J0IGlwcV9jdXJsZW47 CQkvKiBob3cgbXVjaCB3ZSd2ZSBnb3R0ZW4gc28gZmFyICovDQogCXN0cnVj dCBsYWJlbCAqaXBxX2xhYmVsOwkJLyogTUFDIGxhYmVsICovDQogfTsNCiAj ZW5kaWYgLyogX0tFUk5FTCAqLw0KQEAgLTE1Niw2ICsxNTgsOCBAQA0KIGV4 dGVybiB1X2xvbmcJKCppcF9tY2FzdF9zcmMpKGludCk7DQogZXh0ZXJuIGlu dCByc3ZwX29uOw0KIGV4dGVybiBzdHJ1Y3QJcHJfdXNycmVxcyByaXBfdXNy cmVxczsNCitleHRlcm4gaW50CWlwX2N1cmZyYWdzcGVyc2Vjb25kOw0KK2V4 dGVybiBpbnQJaXBfbWF4ZnJhZ3NwZXJzZWNvbmQ7DQogDQogaW50CSBpcF9j dGxvdXRwdXQoc3RydWN0IHNvY2tldCAqLCBzdHJ1Y3Qgc29ja29wdCAqc29w dCk7DQogdm9pZAkgaXBfZHJhaW4odm9pZCk7DQo= --0-1582394414-1115963804=:731-- From owner-freebsd-net@FreeBSD.ORG Fri May 13 08:29:12 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 949C616A4CE for ; Fri, 13 May 2005 08:29:12 +0000 (GMT) Received: from antsrv1.ant.uni-bremen.de (antsrv2.ant.uni-bremen.de [134.102.176.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id 54A4443D8C for ; Fri, 13 May 2005 08:29:11 +0000 (GMT) (envelope-from rebehn@ant.uni-bremen.de) Received: from bremerhaven.ant.uni-bremen.de ([134.102.176.10]) by antsrv2.ant.uni-bremen.de with esmtp (Exim 4.42) id 1DWVXe-0008AL-Cz; Fri, 13 May 2005 10:29:06 +0200 Message-ID: <42846562.2040700@ant.uni-bremen.de> Date: Fri, 13 May 2005 10:29:22 +0200 From: Heinrich Rebehn User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050420 Debian/1.7.7-2 X-Accept-Language: en MIME-Version: 1.0 To: Mohan Srinivasan References: <20050511145350.9924.qmail@web80603.mail.yahoo.com> In-Reply-To: <20050511145350.9924.qmail@web80603.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "antsrv2.ant.uni-bremen.de", hasmessageblock similar future email. If you have any questions, see the administrator of that system for details.Can you force the mount to NFS/UDP ? >> >>Yes, we use TCP. It is strongly recommended for multispeed networks and >>we did have problems with retransmissions using UDP. > > > I'm not disputing the merits of NFS/TCP. I suggested this merely as > a workaround, and to see if the bug in question is causing the hangs. [...] Content analysis details: (0.0 points, 5.0 required) pts rule name description -------------------------------------------------- cc: freebsd-net@freebsd.org Subject: Re: nfsrvstats.srvrpc_errs rapidly increasing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 08:29:12 -0000 Mohan Srinivasan wrote: >>>Are you using NFS/TCP ? Can you force the mount to NFS/UDP ? >> >>Yes, we use TCP. It is strongly recommended for multispeed networks and >>we did have problems with retransmissions using UDP. > > > I'm not disputing the merits of NFS/TCP. I suggested this merely as > a workaround, and to see if the bug in question is causing the hangs. I will try it on a single machine when the problem occurs again. ATM, everything runs flawlessly :-) > > >>Wouldn't it be better to fix the bug? Is there a problem report on this? > > > Of course it would be better to fix the bug. But until someone fixes it... > > There's no problem report on this. I wonder if it will ever get fixed then.. Since i am neither familiar with kernel sources nor with the internals of NFS: Could you show me, where the bug can be traced, i.e. at which point one can detect that the stream is out of sync? I would like to insert another log() in order to see, if - the error occurs at all - is in any way related to our problems. --Heinrich From owner-freebsd-net@FreeBSD.ORG Fri May 13 09:09:14 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B852816A4CE for ; Fri, 13 May 2005 09:09:14 +0000 (GMT) Received: from smtp.hispeed.ch (mxout.hispeed.ch [62.2.95.247]) by mx1.FreeBSD.org (Postfix) with ESMTP id A444743D8B for ; Fri, 13 May 2005 09:09:11 +0000 (GMT) (envelope-from spe@phear.org) Received: from localhost (80-218-34-172.dclient.hispeed.ch [80.218.34.172]) j4D998mV023750 for ; Fri, 13 May 2005 11:09:08 +0200 Date: Fri, 13 May 2005 11:10:13 +0200 From: Sebastien Petit To: freebsd-net@freebsd.org Message-Id: <20050513111013.41905e73.spe@phear.org> Organization: Phear / B0l X-Mailer: Sylpheed version 1.0.1 (GTK+ 1.2.10; i386--netbsdelf) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV version 0.84, clamav-milter version 0.84e on smtp-03.tornado.cablecom.ch X-Virus-Status: Clean X-DCC-spamcheck-01.tornado.cablecom.ch-Metrics: smtp-03.tornado.cablecom.ch 32700; Body=1 Fuz1=1 Fuz2=1 Subject: SIOCGIFMEDIA problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 09:09:14 -0000 Hi -net hackers, A little question about SIOCGIFMEDIA ioctl: Somebody reports me that some interfaces (bge / em but anothers perhaps) seem to discard packet(s) during SIOCGIFMEDIA ioctl, Is it true and why ? Regards, Sebastien. -- spe@b0l.org From owner-freebsd-net@FreeBSD.ORG Fri May 13 10:06:07 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E15E716A4D0 for ; Fri, 13 May 2005 10:06:07 +0000 (GMT) Received: from postfix4-2.free.fr (postfix4-2.free.fr [213.228.0.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0922C43D5F for ; Fri, 13 May 2005 10:06:07 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix4-2.free.fr (Postfix) with ESMTP id 109643192DA for ; Fri, 13 May 2005 12:06:05 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id C2D9E405A; Fri, 13 May 2005 12:06:06 +0200 (CEST) Date: Fri, 13 May 2005 12:06:06 +0200 From: Jeremie Le Hen To: freebsd-net@FreeBSD.org Message-ID: <20050513100606.GE667@obiwan.tataz.chchile.org> References: <20050202110511.GN60177@obiwan.tataz.chchile.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050202110511.GN60177@obiwan.tataz.chchile.org> User-Agent: Mutt/1.5.9i cc: Jeremie Le Hen Subject: Dummynet/ipnat interaction breakage X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 10:06:08 -0000 On Wed, Feb 02, 2005 at 12:05:11PM +0100, Jeremie Le Hen wrote: > > Take a look at PRs 61685 and 76539. Hope that helps. > > Well, I was aware of the first one (I'm doing shaping on my internal > interface as a workaround), but not the second one. The second one > is very new and this could indeed be the same problem I encountered. > > It seems that the import of IPFilter 3.4.35 in the middle of 2004 is > the source of the problem because when I switch back to 3.4.31 on > 4.11, everything works. > > I Cc'ed andre@ since he had not took over 76539, maybe he's not aware > of it. > > Andre, what can you tell us about the drawbacks of the proposed patches ? > I think there must be some as they would have been merged if this was > not the case. > > Are there any change to have this fixed in RELENG_4 ? I know that no > more releases are scheduled in this branch, but there is no obvious > reason to let a bug live there IMHO. 4.1 is still broken. I understand that RELENG_4 is at end of its life but ipnat/dummynet interaction further breakage between 4.10 and 4.11 (due to IPFilter 3.4.35 import) is, IMHO, not acceptable for FreeBSD, especially RELENG_4 which is a must in term of stability and release engineering. My workaround was to go back to RELENG_4_10 branch in src/sys/contrib/ipfilter. Given that *there are* patches in these PR, although we should admit these are not examples of long term solution, is there any chance to get this commited into RELENG_4 to assist this old good branch until its funeral ? Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > From owner-freebsd-net@FreeBSD.ORG Fri May 13 12:32:14 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E0B0716A4CE; Fri, 13 May 2005 12:32:14 +0000 (GMT) Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id D6C9243D3F; Fri, 13 May 2005 12:32:13 +0000 (GMT) (envelope-from maxim@macomnet.ru) Received-SPF: pass (mp2.macomnet.net: domain of maxim@macomnet.ru designates 127.0.0.1 as permitted sender) receiver=mp2.macomnet.net; client_ip=127.0.0.1; envelope-from=maxim@macomnet.ru; Received: from localhost (localhost [127.0.0.1]) by mp2.macomnet.net (8.12.11/8.12.11) with ESMTP id j4DCW9e3012888; Fri, 13 May 2005 16:32:09 +0400 (MSD) (envelope-from maxim@macomnet.ru) Date: Fri, 13 May 2005 16:32:09 +0400 (MSD) From: Maxim Konovalov To: Mike Silbersack In-Reply-To: <20050513005221.S731@odysseus.silby.com> Message-ID: <20050513162930.B12839@mp2.macomnet.net> References: <20050513005221.S731@odysseus.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org cc: Suleiman Souhlal cc: Gandalf The White Subject: Re: FreeBSD and the Rose Attack / NewDawn X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 12:32:15 -0000 [...] > So, test out my attached patch with varying settings of > maxfragspersecond and see if it makes any difference for you. [...] diff -u -r /usr/src/sys.old/netinet/ip_var.h /usr/src/sys/netinet/ip_var.h --- /usr/src/sys.old/netinet/ip_var.h Sun Apr 17 18:05:06 2005 +++ /usr/src/sys/netinet/ip_var.h Thu May 12 21:16:47 2005 @@ -61,6 +61,8 @@ struct mbuf *ipq_frags; /* to ip headers of fragments */ struct in_addr ipq_src,ipq_dst; u_char ipq_nfrags; /* # frags in this packet */ + u_short ipq_len; /* length of final packet */ + u_short ipq_curlen; /* how much we've gotten so far */ struct label *ipq_label; /* MAC label */ }; #endif /* _KERNEL */ %%% Am I right the above delta is a letfover from Suleiman's work and it's not needed at all? -- Maxim Konovalov From owner-freebsd-net@FreeBSD.ORG Fri May 13 12:33:29 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A64716A4CE for ; Fri, 13 May 2005 12:33:29 +0000 (GMT) Received: from mail-relay1.yahoo.com (mail-relay1.yahoo.com [216.145.48.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3EB9D43D46 for ; Fri, 13 May 2005 12:33:29 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com [216.145.48.98])j4DCXSpY077372; Fri, 13 May 2005 05:33:28 -0700 (PDT) Date: Fri, 13 May 2005 08:33:32 -0400 Message-ID: From: gnn@freebsd.org To: Sebastien Petit In-Reply-To: <20050513111013.41905e73.spe@phear.org> References: <20050513111013.41905e73.spe@phear.org> User-Agent: Wanderlust/2.12.0 (Your Wildest Dreams) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.3.50 (powerpc-apple-darwin7.7.0) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: SIOCGIFMEDIA problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 12:33:29 -0000 At Fri, 13 May 2005 11:10:13 +0200, Sebastien Petit wrote: > > Hi -net hackers, > > A little question about SIOCGIFMEDIA ioctl: > > Somebody reports me that some interfaces (bge / em but anothers > perhaps) seem to discard packet(s) during SIOCGIFMEDIA ioctl, Is it > true and why ? At least in the case of the em driver it's because eventually em_init_locked() is called which re-initializes the whole device, including the memory buffers. It is unlikely that packets in the buffers would survive that :-) I suspect the same is true of bge. Later, George From owner-freebsd-net@FreeBSD.ORG Fri May 13 12:47:34 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B58F16A4CE; Fri, 13 May 2005 12:47:34 +0000 (GMT) Received: from p4.roq.com (ns1.ecoms.com [207.44.130.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id F147943D41; Fri, 13 May 2005 12:47:31 +0000 (GMT) (envelope-from mv@roq.com) Received: from p4.roq.com (localhost.roq.com [127.0.0.1]) by p4.roq.com (Postfix) with ESMTP id 226F54E293; Fri, 13 May 2005 12:47:40 +0000 (GMT) Received: from [10.0.0.5] (adsl-143-85.swiftdsl.com.au [218.214.143.85]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by p4.roq.com (Postfix) with ESMTP id 372794E290; Fri, 13 May 2005 12:47:38 +0000 (GMT) Message-ID: <4284A1DB.4040404@roq.com> Date: Fri, 13 May 2005 22:47:23 +1000 From: Michael Vince User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.7.7) Gecko/20050419 X-Accept-Language: en, en-us, ja To: gnn@FreeBSD.org References: <200505120346.j4C3kh80092764@freefall.freebsd.org> In-Reply-To: Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: freebsd-net@FreeBSD.org Subject: Re: Some notes on FAST_IPSEC... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 12:47:34 -0000 Yeah, Does any one know if some one is going to add ipsec-tools to the ports tree? Cheers, Michael [1]gnn@FreeBSD.org wrote: At Thu, 12 May 2005 05:25:24 +0000 (UTC), Bjoern A. Zeeb wrote: On Thu, 12 May 2005, Qing Li wrote: Hi, I'd like to volunteer for Tasks to update FAST_IPSec Add IPv6 support (2-3 weeks) unless someone else has already claimed ownership. I can also help out on the racoon side so feel free to put my name down on that list. from skipping through racoon-ml from time to time I think racoon got announced as 0xdead project and one should switch to ipsec-tools? Yes, the announcement can be found here: [2]ftp://ftp.kame.net/pub/mail-list/snap-users/9012 Later, George _______________________________________________ [3]freebsd-net@freebsd.org mailing list [4]http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to [5]"freebsd-net-unsubscribe@freebsd.org" References 1. mailto:gnn@FreeBSD.org 2. ftp://ftp.kame.net/pub/mail-list/snap-users/9012 3. mailto:freebsd-net@freebsd.org 4. http://lists.freebsd.org/mailman/listinfo/freebsd-net 5. mailto:freebsd-net-unsubscribe@freebsd.org From owner-freebsd-net@FreeBSD.ORG Fri May 13 13:01:34 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2932916A4CE for ; Fri, 13 May 2005 13:01:34 +0000 (GMT) Received: from relay.pair.com (relay00.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 68D6843D6D for ; Fri, 13 May 2005 13:01:33 +0000 (GMT) (envelope-from silby@silby.com) Received: (qmail 73535 invoked from network); 13 May 2005 13:01:32 -0000 Received: from unknown (HELO localhost) (unknown) by unknown with SMTP; 13 May 2005 13:01:32 -0000 X-pair-Authenticated: 209.68.2.70 Date: Fri, 13 May 2005 08:01:16 -0500 (CDT) From: Mike Silbersack To: Maxim Konovalov In-Reply-To: <20050513162930.B12839@mp2.macomnet.net> Message-ID: <20050513080009.I731@odysseus.silby.com> References: <20050513005221.S731@odysseus.silby.com> <20050513162930.B12839@mp2.macomnet.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-net@freebsd.org cc: Suleiman Souhlal cc: Gandalf The White Subject: Re: FreeBSD and the Rose Attack / NewDawn X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 13:01:34 -0000 On Fri, 13 May 2005, Maxim Konovalov wrote: > [...] >> So, test out my attached patch with varying settings of >> maxfragspersecond and see if it makes any difference for you. > > Am I right the above delta is a letfover from Suleiman's work and it's > not needed at all? > > -- > Maxim Konovalov Correct, good catch! Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Fri May 13 14:52:59 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B200716A4CE for ; Fri, 13 May 2005 14:52:59 +0000 (GMT) Received: from relay.bestcom.ru (relay.bestcom.ru [217.72.144.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id D93D543D76 for ; Fri, 13 May 2005 14:52:58 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (root@cell.sick.ru [217.72.144.68]) by relay.bestcom.ru (8.13.1/8.12.9) with ESMTP id j4DEqvZq004792 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 13 May 2005 18:52:57 +0400 (MSD) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.1/8.12.8) with ESMTP id j4DEquG6054499 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 13 May 2005 18:52:56 +0400 (MSD) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.1/8.13.1/Submit) id j4DEquWP054498; Fri, 13 May 2005 18:52:56 +0400 (MSD) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Fri, 13 May 2005 18:52:55 +0400 From: Gleb Smirnoff To: Donatas Message-ID: <20050513145255.GA53894@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Donatas , freebsd-net@freebsd.org References: <002001c54702$d2c500c0$9f90a8c0@DONATAS> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <002001c54702$d2c500c0$9f90a8c0@DONATAS> User-Agent: Mutt/1.5.6i X-Virus-Scanned: ClamAV version devel-20050125, clamav-milter version 0.80ff on relay.bestcom.ru X-Virus-Status: Clean cc: freebsd-net@FreeBSD.org Subject: Re: flood with ng_bridge X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 14:52:59 -0000 Donatas, [moving discussion to freebsd-net] On Fri, Apr 22, 2005 at 09:16:29AM +0300, Donatas wrote: D> can you check flood.gif?(it's denied to send gif's to this conference) D> ftp://temp:temp@217.9.241.242/flood.gif Already unavailable. :| D> for unknown reasons ng_bridge seems to be working like ng_hub and is D> flooding network even after establishing session between two mac addresses. Can you reproduce this and obtain forwarding table? ngctl msg bridge: gettable D> using kernel bridge instead of ng_bridge solves the problem, but on heavy D> network loads "unknown" packets apear in random directions (this does not D> happed using ng_bridge or ng_hub) D> D> os used - only FreeBSD5.3 P.S. Next time please use freebsd-net list for such questions. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Fri May 13 15:01:00 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2372F16A4CE for ; Fri, 13 May 2005 15:01:00 +0000 (GMT) Received: from mail.frii.com (phobos02.frii.net [216.17.128.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id EC10543D6A for ; Fri, 13 May 2005 15:00:59 +0000 (GMT) (envelope-from matt@frii.com) Received: from elara.frii.com (elara.frii.com [216.17.128.39]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by mail.frii.com (FRII) with ESMTP id 43A0F1DFDBC; Fri, 13 May 2005 09:00:59 -0600 (MDT) Date: Fri, 13 May 2005 09:00:57 -0600 (MDT) From: Matt Ruzicka X-X-Sender: mattr@elara.frii.com To: Mike Silbersack In-Reply-To: <20050512192936.V730@odysseus.silby.com> Message-ID: References: <20050512192936.V730@odysseus.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: **net** Re: Outbound TCP issue, potentially related to'FreeBSD-SA-05:08.kmem [REVISED]' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 15:01:00 -0000 So reading up on this here: http://www.freebsd.se/cgi-bin/man.cgi?section=4&topic=ip "Ports are allocated at random within the specified port range in order to increase the difficulty of random spoofing attacks. In scenarios such as benchmarking, this behavior may be undesirable. In these cases, net.inet.ip.portrange.randomized can be used to toggle randomization off. If more than net.inet.ip.portrange.randomcps ports have been allocated in the last second, then return to sequential port allocation. Return to random allocation only once the current port allocation rate drops below net.inet.ip.portrange.randomcps for at least net.inet.ip.portrange.randomtime seconds. The default values for net.inet.ip.portrange.randomcps and net.inet.ip.portrange.randomtime are 10 port allocations per second and 45 seconds correspondingly." I'm curious it I want to give up the potential security benefits of the randomization. Is it worth instead looking at the possibility of tuning my net.inet.ip.portrange.randomcps? Or is disabling it all together just a first step to determine if this might be my problem. Here are my values at the moment. net.inet.ip.portrange.lowfirst: 1023 net.inet.ip.portrange.lowlast: 600 net.inet.ip.portrange.first: 1024 net.inet.ip.portrange.last: 5000 net.inet.ip.portrange.hifirst: 49152 net.inet.ip.portrange.hilast: 65535 net.inet.ip.portrange.randomized: 1 net.inet.ip.portrange.randomcps: 10 net.inet.ip.portrange.randomtime: 45 Although I'm not familiar with what this /should/ be, my guts says 10 seems sort of low. Also, was this only implemented in 4.11? (Since we started seeing this while running 4.9 still.) http://www.freebsd.org/releases/4.11R/relnotes-i386.html We'll give this a shot though to see if it helps either way. Thank you for the suggestion. Matthew Ruzicka - Systems Administrator Front Range Internet, Inc. matt@frii.net - (970) 212-0728 Got SPAM? Take back your email with MailArmory. http://www.MailArmory.com On Thu, 12 May 2005, Mike Silbersack wrote: > > On Thu, 12 May 2005, Matt Ruzicka wrote: > > > A couple days after we patched our systems, we started to receive a number > > of reports of mysql connection errors when our patched FreeBSD 4.9 web > > servers were trying to connect to our mysql server, which lives on a > > separate FreeBSD machine. > > Although you just saw this behavior now, it sounds like you're describing > a problem that sometimes occurs due to port randomization. Can you try > setting sysctl net.inet.ip.portrange.randomized=0 to see if that affects > anything? > > Mike "Silby" Silbersack > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Fri May 13 15:05:40 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A8B416A4CE for ; Fri, 13 May 2005 15:05:40 +0000 (GMT) Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id ECDC243D64 for ; Fri, 13 May 2005 15:05:38 +0000 (GMT) (envelope-from maxim@macomnet.ru) Received-SPF: pass (mp2.macomnet.net: domain of maxim@macomnet.ru designates 127.0.0.1 as permitted sender) receiver=mp2.macomnet.net; client_ip=127.0.0.1; envelope-from=maxim@macomnet.ru; Received: from localhost (localhost [127.0.0.1]) by mp2.macomnet.net (8.12.11/8.12.11) with ESMTP id j4DF5bb6015369; Fri, 13 May 2005 19:05:37 +0400 (MSD) (envelope-from maxim@macomnet.ru) Date: Fri, 13 May 2005 19:05:37 +0400 (MSD) From: Maxim Konovalov To: Matt Ruzicka In-Reply-To: Message-ID: <20050513190318.J15338@mp2.macomnet.net> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: **net** Re: Outbound TCP issue, potentially related to'FreeBSD-SA-05:08.kmem [REVISED]' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 15:05:40 -0000 [...] > net.inet.ip.portrange.randomized: 1 > net.inet.ip.portrange.randomcps: 10 > net.inet.ip.portrange.randomtime: 45 > > Although I'm not familiar with what this /should/ be, my guts says 10 > seems sort of low. > > Also, was this only implemented in 4.11? (Since we started seeing this > while running 4.9 still.) > > http://www.freebsd.org/releases/4.11R/relnotes-i386.html > > We'll give this a shot though to see if it helps either way. These sysctls are in 4.11 only and 4.9 has a broken random port allocation algorithm. Please turn it off as Mike suggests and report results back. -- Maxim Konovalov From owner-freebsd-net@FreeBSD.ORG Fri May 13 15:11:16 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D482116A4CE for ; Fri, 13 May 2005 15:11:16 +0000 (GMT) Received: from dis.dis.com (dis.dis.com [64.7.69.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4F24343D4C for ; Fri, 13 May 2005 15:11:16 +0000 (GMT) (envelope-from mklein@dis.com) Received: from [192.168.1.150] (vpn.dis.com [192.168.1.150]) by dis.dis.com (8.13.2/8.13.2) with ESMTP id j4DFBFR9065130; Fri, 13 May 2005 08:11:15 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <6047d75932a836ebc7357837bce7e141@dis.com> Content-Transfer-Encoding: 7bit From: Mark Klein Date: Fri, 13 May 2005 08:11:14 -0700 To: jinmei@isl.rdc.toshiba.co.jp X-Mailer: Apple Mail (2.622) cc: freebsd-net@freebsd.org Subject: Re: Forward: Page Fault in in6_purgeaddr X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 15:11:16 -0000 > It would be helpful if you can provide the result of "ifconfig -a" > under the configuration that can cause the crash. > Hercules-/usr/home/mklein(1): ifconfig -a de0: flags=8843 mtu 1500 inet 64.221.254.105 netmask 0xffffffe0 broadcast 64.221.254.127 inet6 fe80::240:5ff:fe40:9be9%de0 prefixlen 64 scopeid 0x1 ether 00:40:05:40:9b:e9 media: Ethernet autoselect (10baseT/UTP) status: active rl0: flags=8843 mtu 1500 inet 192.168.1.5 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::240:f4ff:fe48:428f%rl0 prefixlen 64 scopeid 0x2 ether 00:40:f4:48:42:8f media: Ethernet autoselect (100baseTX ) status: active lp0: flags=8810 mtu 1500 lo0: flags=8049 mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff000000 ppp0: flags=8010 mtu 1500 sl0: flags=c010 mtu 552 faith0: flags=8002 mtu 1500 Hercules-/usr/home/mklein(2): From owner-freebsd-net@FreeBSD.ORG Fri May 13 15:30:11 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 39F2D16A4CE for ; Fri, 13 May 2005 15:30:11 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6985843D31 for ; Fri, 13 May 2005 15:30:10 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 78044 invoked from network); 13 May 2005 15:28:00 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 13 May 2005 15:28:00 -0000 Message-ID: <4284C804.ABC0C314@freebsd.org> Date: Fri, 13 May 2005 17:30:12 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Jeremie Le Hen References: <20050513100606.GE667@obiwan.tataz.chchile.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@FreeBSD.org Subject: Re: Dummynet/ipnat interaction breakage X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 15:30:11 -0000 Jeremie Le Hen wrote: > > On Wed, Feb 02, 2005 at 12:05:11PM +0100, Jeremie Le Hen wrote: > > > Take a look at PRs 61685 and 76539. Hope that helps. > > > > Well, I was aware of the first one (I'm doing shaping on my internal > > interface as a workaround), but not the second one. The second one > > is very new and this could indeed be the same problem I encountered. > > > > It seems that the import of IPFilter 3.4.35 in the middle of 2004 is > > the source of the problem because when I switch back to 3.4.31 on > > 4.11, everything works. > > > > I Cc'ed andre@ since he had not took over 76539, maybe he's not aware > > of it. > > > > Andre, what can you tell us about the drawbacks of the proposed patches ? > > I think there must be some as they would have been merged if this was > > not the case. > > > > Are there any change to have this fixed in RELENG_4 ? I know that no > > more releases are scheduled in this branch, but there is no obvious > > reason to let a bug live there IMHO. > > 4.1 is still broken. I understand that RELENG_4 is at end of its life > but ipnat/dummynet interaction further breakage between 4.10 and 4.11 > (due to IPFilter 3.4.35 import) is, IMHO, not acceptable for FreeBSD, > especially RELENG_4 which is a must in term of stability and release > engineering. My workaround was to go back to RELENG_4_10 branch in > src/sys/contrib/ipfilter. > > Given that *there are* patches in these PR, although we should admit > these are not examples of long term solution, is there any chance to > get this commited into RELENG_4 to assist this old good branch until > its funeral ? The problem is not to break something while 'fixing' this problem. I haven't looked at the proposed patch but not the entire code path in either 4.11 or 5.4. However it seems very likely to me that this 'fix' breaks ipfw one_pass/multi_pass. In ipfw/dummynet you may want packets coming from dummynet to continue with the next ipfw rule. Unconditionally setting M_SKIP_FIREWALL is going to break it. -- Andre From owner-freebsd-net@FreeBSD.ORG Fri May 13 15:41:11 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B6C4F16A4CE for ; Fri, 13 May 2005 15:41:11 +0000 (GMT) Received: from web25803.mail.ukl.yahoo.com (web25803.mail.ukl.yahoo.com [217.12.10.188]) by mx1.FreeBSD.org (Postfix) with SMTP id BB1DA43D6B for ; Fri, 13 May 2005 15:41:10 +0000 (GMT) (envelope-from ayed_samiha@yahoo.fr) Received: (qmail 34150 invoked by uid 60001); 13 May 2005 15:41:09 -0000 Message-ID: <20050513154109.34148.qmail@web25803.mail.ukl.yahoo.com> Received: from [193.52.74.215] by web25803.mail.ukl.yahoo.com via HTTP; Fri, 13 May 2005 17:41:09 CEST Date: Fri, 13 May 2005 17:41:09 +0200 (CEST) From: ayed samiha To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 15:41:11 -0000 Hello, I'm working with netgraph, I have written a program main.c ( main(ac, av) ), it allows me to use the node socket and I need to use it to capture ethernet frames. I have also the node ng_ethernet, but I don't know how to use my program. For writing this program, I was based on the file: /usr/src/usr.sbin/nghook/main.c I'm blocked in my project and I need help. I'm attending your response. Thank you a lot, Samiha ayed_samiha@yahoo.fr --------------------------------- Découvrez le nouveau Yahoo! Mail : 1 Go d'espace de stockage pour vos mails, photos et vidéos ! Créez votre Yahoo! Mail From owner-freebsd-net@FreeBSD.ORG Fri May 13 15:58:28 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E184216A4CE for ; Fri, 13 May 2005 15:58:28 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1D4C543D82 for ; Fri, 13 May 2005 15:58:27 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 78329 invoked from network); 13 May 2005 15:56:17 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 13 May 2005 15:56:17 -0000 Message-ID: <4284CEA6.CB014AA6@freebsd.org> Date: Fri, 13 May 2005 17:58:30 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: gnn@freebsd.org References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: kame Subject: Re: Code nit questions... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 15:58:29 -0000 gnn@freebsd.org wrote: > > Hi Folks, > > In a continuing effort to clean up some code nits in the IPv6 code > I'd like to propose the following diffs. There is a comment, starting > with a *) explaining the problem and proposed fix. > > Let me know. ... > *) Make sure that sro is also valid before de-referencing it. > > Index: in6_src.c > =================================================================== > RCS file: /Volumes/exported/FreeBSD-CVS/src/sys/netinet6/in6_src.c,v > retrieving revision 1.29 > diff -u -r1.29 in6_src.c > --- in6_src.c 7 Jan 2005 02:30:34 -0000 1.29 > +++ in6_src.c 11 May 2005 20:09:30 -0000 > @@ -454,7 +454,7 @@ > > if ((error = in6_selectroute(dstsock, opts, mopts, ro, retifp, > &rt, 0)) != 0) { > - if (rt && rt == sro.ro_rt) > + if (rt && sro && rt == sro.ro_rt) > RTFREE(rt); > return (error); > } AFAIK 'sro' is stack-route which is a 'struct route' on the stack and thus always valid. The orginal check fine as it is. -- Andre From owner-freebsd-net@FreeBSD.ORG Fri May 13 16:00:01 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 52E9116A4CE; Fri, 13 May 2005 16:00:01 +0000 (GMT) Received: from pop06.mail.atl.earthlink.net (pop06.mail.atl.earthlink.net [207.69.200.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1ED5943D62; Fri, 13 May 2005 16:00:01 +0000 (GMT) (envelope-from gandalf@digital.net) Received: from wamui01.slb.atl.earthlink.net ([192.168.167.39]) by pop06.mail.atl.earthlink.net with esmtp (Exim 3.36 #10) id 1DWca0-00040t-00; Fri, 13 May 2005 12:00:00 -0400 Message-ID: <1675636.1116000000195.JavaMail.root@wamui01.slb.atl.earthlink.net> Date: Fri, 13 May 2005 11:00:00 -0500 (GMT-05:00) From: gandalf@digital.net To: Mike Silbersack Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: Earthlink Zoo Mail 1.0 cc: freebsd-net@FreeBSD.org cc: Suleiman Souhlal Subject: Re: FreeBSD and the Rose Attack / NewDawn X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: gandalf@digital.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 16:00:01 -0000 Greetings and Salutations: From: Mike Silbersack > But on another laptop with the same processor, 8000 pps could effectively > freeze it. We believe this is because the network card on that machine > shares an IRQ with the sound card, making interrupt processing very > expensive. The sound card on my laptop is not enabled. Causes too many messages when I boot up and overwhelms the dmesg log file when I use the sound driver : pcm0: port 0xf800-0xf8ff irq 5 at device 8.0 on pci0 (4p/1r/0vchannels duplex default) > So, test out my attached patch with varying settings of maxfragspersecond > and see if it makes any difference for you. I attempted to apply the patch, but I think the date on my in_pcb.c is incorrect. What do I do to correct?: # ls -al /usr/src/sys/netinet/in_pcb.c -rw-r--r-- 1 root wheel 32712 Mar 28 06:29 /usr/src/sys/netinet/in_pcb.c GandalfBSD# patch < ip_maxfragspersecond.patch Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |diff -u -r /usr/src/sys.old/netinet/in_pcb.c /usr/src/sys/netinet/in_pcb.c |--- /usr/src/sys.old/netinet/in_pcb.c Sun Apr 17 18:05:05 2005 |+++ /usr/src/sys/netinet/in_pcb.c Thu May 12 21:47:39 2005 -------------------------- File to patch: ^C# # Thanks, Ken ------------------------------------------------------------------ Do not meddle in the affairs of wizards for they are subtle and quick to anger. Ken Hollis - Gandalf The White - gandalf@digital.net - O- TINLC WWW Page - http://gandalf.home.digital.net/ Trace E-Mail forgery - http://gandalf.home.digital.net/spamfaq.html Trolls crossposts - http://gandalf.home.digital.net/trollfaq.html From owner-freebsd-net@FreeBSD.ORG Fri May 13 16:00:54 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E3AEA16A4D0 for ; Fri, 13 May 2005 16:00:54 +0000 (GMT) Received: from mail.frii.com (phobos02.frii.net [216.17.128.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E9C543D5E for ; Fri, 13 May 2005 16:00:54 +0000 (GMT) (envelope-from matt@frii.com) Received: from elara.frii.com (elara.frii.com [216.17.128.39]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by mail.frii.com (FRII) with ESMTP id 419411E0807; Fri, 13 May 2005 10:00:54 -0600 (MDT) Date: Fri, 13 May 2005 10:00:52 -0600 (MDT) From: Matt Ruzicka X-X-Sender: mattr@elara.frii.com To: Maxim Konovalov In-Reply-To: <20050513190318.J15338@mp2.macomnet.net> Message-ID: References: <20050513190318.J15338@mp2.macomnet.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: **net** Re: Outbound TCP issue, potentially related to'FreeBSD-SA-05:08.kmem [REVISED]' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 16:00:55 -0000 Hmm.. doesn't seem to have helped. -->uptime 9:59AM up 29 mins, 2 users, load averages: 0.96, 0.92, 1.24 -->sysctl -a | grep net.inet.ip.portrange. net.inet.ip.portrange.lowfirst: 1023 net.inet.ip.portrange.lowlast: 600 net.inet.ip.portrange.first: 1024 net.inet.ip.portrange.last: 5000 net.inet.ip.portrange.hifirst: 49152 net.inet.ip.portrange.hilast: 65535 net.inet.ip.portrange.randomized: 0 net.inet.ip.portrange.randomcps: 10 net.inet.ip.portrange.randomtime: 45 Results of outbound port check: pasiphae01.frii.com Fri May 13 09:44:26 2005 failed pasiphae01.frii.com Fri May 13 09:44:38 2005 failed pasiphae01.frii.com Fri May 13 09:45:05 2005 failed pasiphae01.frii.com Fri May 13 09:45:11 2005 failed pasiphae01.frii.com Fri May 13 09:48:43 2005 failed pasiphae01.frii.com Fri May 13 09:48:53 2005 failed pasiphae01.frii.com Fri May 13 09:48:57 2005 failed pasiphae01.frii.com Fri May 13 09:50:50 2005 failed pasiphae01.frii.com Fri May 13 09:51:19 2005 failed pasiphae01.frii.com Fri May 13 09:51:25 2005 failed pasiphae01.frii.com Fri May 13 09:51:53 2005 failed pasiphae01.frii.com Fri May 13 09:53:12 2005 failed pasiphae01.frii.com Fri May 13 09:55:38 2005 failed pasiphae01.frii.com Fri May 13 09:57:39 2005 failed pasiphae01.frii.com Fri May 13 09:58:14 2005 failed pasiphae01.frii.com Fri May 13 09:58:55 2005 failed pasiphae01.frii.com Fri May 13 09:59:16 2005 failed pasiphae01.frii.com Fri May 13 09:59:19 2005 failed pasiphae01.frii.com Fri May 13 09:59:26 2005 failed Did I miss something? Matthew Ruzicka - Systems Administrator Front Range Internet, Inc. matt@frii.net - (970) 212-0728 Got SPAM? Take back your email with MailArmory. http://www.MailArmory.com On Fri, 13 May 2005, Maxim Konovalov wrote: > [...] > > net.inet.ip.portrange.randomized: 1 > > net.inet.ip.portrange.randomcps: 10 > > net.inet.ip.portrange.randomtime: 45 > > > > Although I'm not familiar with what this /should/ be, my guts says 10 > > seems sort of low. > > > > Also, was this only implemented in 4.11? (Since we started seeing this > > while running 4.9 still.) > > > > http://www.freebsd.org/releases/4.11R/relnotes-i386.html > > > > We'll give this a shot though to see if it helps either way. > > These sysctls are in 4.11 only and 4.9 has a broken random port > allocation algorithm. Please turn it off as Mike suggests and report > results back. > > -- > Maxim Konovalov > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Fri May 13 16:07:39 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9DF2716A4CE for ; Fri, 13 May 2005 16:07:39 +0000 (GMT) Received: from relay02.pair.com (relay02.pair.com [209.68.5.16]) by mx1.FreeBSD.org (Postfix) with SMTP id 02A5043D5F for ; Fri, 13 May 2005 16:07:39 +0000 (GMT) (envelope-from silby@silby.com) Received: (qmail 47910 invoked from network); 13 May 2005 16:07:37 -0000 Received: from unknown (HELO localhost) (unknown) by unknown with SMTP; 13 May 2005 16:07:37 -0000 X-pair-Authenticated: 209.68.2.70 Date: Fri, 13 May 2005 11:07:22 -0500 (CDT) From: Mike Silbersack To: Matt Ruzicka In-Reply-To: Message-ID: <20050513110350.X839@odysseus.silby.com> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-net@freebsd.org Subject: Re: **net** Re: Outbound TCP issue, potentially related to'FreeBSD-SA-05:08.kmem [REVISED]' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 16:07:39 -0000 On Fri, 13 May 2005, Matt Ruzicka wrote: > Hmm.. doesn't seem to have helped. > net.inet.ip.portrange.randomized: 0 > net.inet.ip.portrange.randomcps: 10 > net.inet.ip.portrange.randomtime: 45 > Results of outbound port check: > > pasiphae01.frii.com Fri May 13 09:44:26 2005 failed > Did I miss something? > > > Matthew Ruzicka - Systems Administrator > Front Range Internet, Inc. > matt@frii.net - (970) 212-0728 Hm, it's not port randomization then. I guess you have found a new glitch, but I don't have any idea what would have caused the problem. Maxim, any ideas? You're good at finding my bugs. :) Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Fri May 13 16:09:43 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 43DD416A4CE for ; Fri, 13 May 2005 16:09:43 +0000 (GMT) Received: from relay02.pair.com (relay02.pair.com [209.68.5.16]) by mx1.FreeBSD.org (Postfix) with SMTP id D421143D58 for ; Fri, 13 May 2005 16:09:42 +0000 (GMT) (envelope-from silby@silby.com) Received: (qmail 48548 invoked from network); 13 May 2005 16:09:41 -0000 Received: from unknown (HELO localhost) (unknown) by unknown with SMTP; 13 May 2005 16:09:41 -0000 X-pair-Authenticated: 209.68.2.70 Date: Fri, 13 May 2005 11:09:26 -0500 (CDT) From: Mike Silbersack To: gandalf@digital.net In-Reply-To: <1675636.1116000000195.JavaMail.root@wamui01.slb.atl.earthlink.net> Message-ID: <20050513110841.M1041@odysseus.silby.com> References: <1675636.1116000000195.JavaMail.root@wamui01.slb.atl.earthlink.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-net@FreeBSD.org cc: Suleiman Souhlal Subject: Re: FreeBSD and the Rose Attack / NewDawn X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 16:09:43 -0000 On Fri, 13 May 2005 gandalf@digital.net wrote: > I attempted to apply the patch, but I think the date on my in_pcb.c is incorrect. What do I do to correct?: I have revision 1.163 from 6-current. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Fri May 13 16:21:21 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0E3E816A4CE; Fri, 13 May 2005 16:21:21 +0000 (GMT) Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id F17EE43D5A; Fri, 13 May 2005 16:21:19 +0000 (GMT) (envelope-from maxim@macomnet.ru) Received-SPF: pass (mp2.macomnet.net: domain of maxim@macomnet.ru designates 127.0.0.1 as permitted sender) receiver=mp2.macomnet.net; client_ip=127.0.0.1; envelope-from=maxim@macomnet.ru; Received: from localhost (localhost [127.0.0.1]) by mp2.macomnet.net (8.12.11/8.12.11) with ESMTP id j4DGLGrL086691; Fri, 13 May 2005 20:21:16 +0400 (MSD) (envelope-from maxim@macomnet.ru) Date: Fri, 13 May 2005 20:21:16 +0400 (MSD) From: Maxim Konovalov To: gandalf@digital.net In-Reply-To: <1675636.1116000000195.JavaMail.root@wamui01.slb.atl.earthlink.net> Message-ID: <20050513201952.S72398@mp2.macomnet.net> References: <1675636.1116000000195.JavaMail.root@wamui01.slb.atl.earthlink.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org cc: Suleiman Souhlal Subject: Re: FreeBSD and the Rose Attack / NewDawn X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 16:21:21 -0000 > I attempted to apply the patch, but I think the date on my in_pcb.c is incorrect. What do I do to correct?: > # ls -al /usr/src/sys/netinet/in_pcb.c > -rw-r--r-- 1 root wheel 32712 Mar 28 06:29 /usr/src/sys/netinet/in_pcb.c > GandalfBSD# patch < ip_maxfragspersecond.patch > Hmm... Looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |diff -u -r /usr/src/sys.old/netinet/in_pcb.c /usr/src/sys/netinet/in_pcb.c > |--- /usr/src/sys.old/netinet/in_pcb.c Sun Apr 17 18:05:05 2005 > |+++ /usr/src/sys/netinet/in_pcb.c Thu May 12 21:47:39 2005 > -------------------------- > File to patch: ^C# > # Test cd /usr/src && patch -C -p0 < /path/to/ip_maxfragspersecond.patch and apply cd /usr/src && patch -C < /path/to/ip_maxfragspersecond.patch -- Maxim Konovalov From owner-freebsd-net@FreeBSD.ORG Fri May 13 16:26:55 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B65216A4CE for ; Fri, 13 May 2005 16:26:55 +0000 (GMT) Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4951E43D60 for ; Fri, 13 May 2005 16:26:52 +0000 (GMT) (envelope-from maxim@macomnet.ru) Received-SPF: pass (mp2.macomnet.net: domain of maxim@macomnet.ru designates 127.0.0.1 as permitted sender) receiver=mp2.macomnet.net; client_ip=127.0.0.1; envelope-from=maxim@macomnet.ru; Received: from localhost (localhost [127.0.0.1]) by mp2.macomnet.net (8.12.11/8.12.11) with ESMTP id j4DGQpTo086785; Fri, 13 May 2005 20:26:51 +0400 (MSD) (envelope-from maxim@macomnet.ru) Date: Fri, 13 May 2005 20:26:51 +0400 (MSD) From: Maxim Konovalov To: Mike Silbersack In-Reply-To: <20050513110350.X839@odysseus.silby.com> Message-ID: <20050513202539.E72398@mp2.macomnet.net> References: <20050513110350.X839@odysseus.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Matt Ruzicka cc: freebsd-net@freebsd.org Subject: Re: **net** Re: Outbound TCP issue, potentially related to'FreeBSD-SA-05:08.kmem [REVISED]' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 16:26:55 -0000 [...] > Hm, it's not port randomization then. I guess you have found a new > glitch, but I don't have any idea what would have caused the > problem. Maxim, any ideas? You're good at finding my bugs. :) I have 4.9 system with all recent SA patches applied and going to reproduce the problem in a couple of hours. -- Maxim Konovalov From owner-freebsd-net@FreeBSD.ORG Fri May 13 16:29:07 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC61816A4CE; Fri, 13 May 2005 16:29:07 +0000 (GMT) Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1C7FA43D48; Fri, 13 May 2005 16:29:07 +0000 (GMT) (envelope-from maxim@macomnet.ru) Received-SPF: pass (mp2.macomnet.net: domain of maxim@macomnet.ru designates 127.0.0.1 as permitted sender) receiver=mp2.macomnet.net; client_ip=127.0.0.1; envelope-from=maxim@macomnet.ru; Received: from localhost (localhost [127.0.0.1]) by mp2.macomnet.net (8.12.11/8.12.11) with ESMTP id j4DGT4YN086834; Fri, 13 May 2005 20:29:04 +0400 (MSD) (envelope-from maxim@macomnet.ru) Date: Fri, 13 May 2005 20:29:04 +0400 (MSD) From: Maxim Konovalov To: gandalf@digital.net In-Reply-To: <20050513201952.S72398@mp2.macomnet.net> Message-ID: <20050513202832.T86817@mp2.macomnet.net> References: <1675636.1116000000195.JavaMail.root@wamui01.slb.atl.earthlink.net> <20050513201952.S72398@mp2.macomnet.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org cc: Suleiman Souhlal Subject: Re: FreeBSD and the Rose Attack / NewDawn X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 16:29:08 -0000 On Fri, 13 May 2005, 20:21+0400, Maxim Konovalov wrote: > > I attempted to apply the patch, but I think the date on my in_pcb.c is incorrect. What do I do to correct?: > > # ls -al /usr/src/sys/netinet/in_pcb.c > > -rw-r--r-- 1 root wheel 32712 Mar 28 06:29 /usr/src/sys/netinet/in_pcb.c > > GandalfBSD# patch < ip_maxfragspersecond.patch > > Hmm... Looks like a unified diff to me... > > The text leading up to this was: > > -------------------------- > > |diff -u -r /usr/src/sys.old/netinet/in_pcb.c /usr/src/sys/netinet/in_pcb.c > > |--- /usr/src/sys.old/netinet/in_pcb.c Sun Apr 17 18:05:05 2005 > > |+++ /usr/src/sys/netinet/in_pcb.c Thu May 12 21:47:39 2005 > > -------------------------- > > File to patch: ^C# > > # > > Test > > cd /usr/src && patch -C -p0 < /path/to/ip_maxfragspersecond.patch > > and apply > > cd /usr/src && patch -C < /path/to/ip_maxfragspersecond.patch Err, and apply: cd /usr/src && patch -p0 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9589816A4CE for ; Fri, 13 May 2005 16:36:32 +0000 (GMT) Received: from mail.frii.com (phobos02.frii.net [216.17.128.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F0EB43D5E for ; Fri, 13 May 2005 16:36:32 +0000 (GMT) (envelope-from matt@frii.com) Received: from elara.frii.com (elara.frii.com [216.17.128.39]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by mail.frii.com (FRII) with ESMTP id C22461E0833; Fri, 13 May 2005 10:36:31 -0600 (MDT) Date: Fri, 13 May 2005 10:36:21 -0600 (MDT) From: Matt Ruzicka X-X-Sender: mattr@elara.frii.com To: Maxim Konovalov In-Reply-To: <20050513202539.E72398@mp2.macomnet.net> Message-ID: References: <20050513110350.X839@odysseus.silby.com> <20050513202539.E72398@mp2.macomnet.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: **net** Re: Outbound TCP issue, potentially related to'FreeBSD-SA-05:08.kmem [REVISED]' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 16:36:32 -0000 Thank you both very much for all the help. Incidentally those systems are now running 4.11 (patched today for htt). They are primarily web servers running apache 1.3.33 with customer as well as company cgi's running on them, but are also running proftpd. Let me know if I can get you any system reading to show traffic and such if that will help. Thanks again. Matthew Ruzicka - Systems Administrator Front Range Internet, Inc. matt@frii.net - (970) 212-0728 Got SPAM? Take back your email with MailArmory. http://www.MailArmory.com On Fri, 13 May 2005, Maxim Konovalov wrote: > [...] > > Hm, it's not port randomization then. I guess you have found a new > > glitch, but I don't have any idea what would have caused the > > problem. Maxim, any ideas? You're good at finding my bugs. :) > > I have 4.9 system with all recent SA patches applied and going to > reproduce the problem in a couple of hours. > > -- > Maxim Konovalov > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Fri May 13 17:16:03 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E2CEA16A4CE; Fri, 13 May 2005 17:16:03 +0000 (GMT) Received: from smtp.hispeed.ch (mxout.hispeed.ch [62.2.95.247]) by mx1.FreeBSD.org (Postfix) with ESMTP id 47AEC43D2F; Fri, 13 May 2005 17:16:03 +0000 (GMT) (envelope-from spe@phear.org) Received: from localhost (80-218-34-172.dclient.hispeed.ch [80.218.34.172]) j4DHG1IP004417; Fri, 13 May 2005 19:16:01 +0200 Date: Fri, 13 May 2005 19:17:05 +0200 From: Sebastien Petit To: gnn@freebsd.org Message-Id: <20050513191705.61d2b742.spe@phear.org> In-Reply-To: References: <20050513111013.41905e73.spe@phear.org> Organization: Phear / B0l X-Mailer: Sylpheed version 1.0.1 (GTK+ 1.2.10; i386--netbsdelf) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV version 0.84, clamav-milter version 0.84e on smtp-05.tornado.cablecom.ch X-Virus-Status: Clean X-DCC-spamcheck-02.tornado.cablecom.ch-Metrics: smtp-05.tornado.cablecom.ch 32701; Body=2 Fuz1=2 Fuz2=2 cc: freebsd-net@freebsd.org Subject: Re: SIOCGIFMEDIA problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 17:16:04 -0000 On Fri, 13 May 2005 08:33:32 -0400 gnn@freebsd.org wrote: > At Fri, 13 May 2005 11:10:13 +0200, > Sebastien Petit wrote: > > > > Hi -net hackers, > > > > A little question about SIOCGIFMEDIA ioctl: > > > > Somebody reports me that some interfaces (bge / em but anothers > > perhaps) seem to discard packet(s) during SIOCGIFMEDIA ioctl, Is it > > true and why ? > > At least in the case of the em driver it's because eventually > em_init_locked() is called which re-initializes the whole device, > including the memory buffers. It is unlikely that packets in the > buffers would survive that :-) I suspect the same is true of bge. Hmm. Ok, My question is oriented for my software freevrrpd, for checking the state of the network cards and do some monitoring on the network cards, I use the SIOCGIFMEDIA ioctl in a regular interval. But some VRRP packets from the MASTER server are dropped by the SLAVE server if this ioctl occurs in the same time. A solution will be to disable this ioctl but I cannot check the network card status anymore without perturbating communications. Why it's necessary to reinitialize the device for that ?! I propose to modify the SIOCGIFMEDIA for no resetting cards if it's not necessary for checking state :) btw, em and bge cards under FreeBSD 4.x are very long for changing state (down to up in 2 or 3 seconds before packets can be sent/received), I don't know if this is the case under FreeBSD 5.x but this can cause some problems :/ What do you think about that ? Regards, Sebastien. -- spe@b0l.org From owner-freebsd-net@FreeBSD.ORG Fri May 13 18:09:30 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A80716A4CE for ; Fri, 13 May 2005 18:09:30 +0000 (GMT) Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1AE2B43D75 for ; Fri, 13 May 2005 18:09:29 +0000 (GMT) (envelope-from maxim@macomnet.ru) Received-SPF: pass (mp2.macomnet.net: domain of maxim@macomnet.ru designates 127.0.0.1 as permitted sender) receiver=mp2.macomnet.net; client_ip=127.0.0.1; envelope-from=maxim@macomnet.ru; Received: from localhost (localhost [127.0.0.1]) by mp2.macomnet.net (8.12.11/8.12.11) with ESMTP id j4DI9LSY088359; Fri, 13 May 2005 22:09:25 +0400 (MSD) (envelope-from maxim@macomnet.ru) Date: Fri, 13 May 2005 22:09:21 +0400 (MSD) From: Maxim Konovalov To: Matt Ruzicka In-Reply-To: Message-ID: <20050513220424.W88312@mp2.macomnet.net> References: <20050513110350.X839@odysseus.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: **net** Re: Outbound TCP issue, potentially related to'FreeBSD-SA-05:08.kmem [REVISED]' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 18:09:30 -0000 On Fri, 13 May 2005, 10:36-0600, Matt Ruzicka wrote: > Thank you both very much for all the help. > > Incidentally those systems are now running 4.11 (patched today for htt). > > They are primarily web servers running apache 1.3.33 with customer as well > as company cgi's running on them, but are also running proftpd. > > Let me know if I can get you any system reading to show traffic and such > if that will help. while : do nc -z 195.128.64.6 80 || echo fail done 2>&1 | grep -v succeed running on 4.9-RELEASE-p17 for an hour shows nothing. I'll try the same test on fresh RELENG_4 but it takes time to build it, my test box is very slow. -- Maxim Konovalov From owner-freebsd-net@FreeBSD.ORG Fri May 13 18:36:04 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 848C416A4CE for ; Fri, 13 May 2005 18:36:04 +0000 (GMT) Received: from mail-relay1.yahoo.com (mail-relay1.yahoo.com [216.145.48.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5326143D8D for ; Fri, 13 May 2005 18:36:04 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com [216.145.48.98])j4DIa3c4024796; Fri, 13 May 2005 11:36:03 -0700 (PDT) Date: Fri, 13 May 2005 14:36:08 -0400 Message-ID: From: gnn@freebsd.org To: Sebastien Petit In-Reply-To: <20050513191705.61d2b742.spe@phear.org> References: <20050513111013.41905e73.spe@phear.org> <20050513191705.61d2b742.spe@phear.org> User-Agent: Wanderlust/2.12.0 (Your Wildest Dreams) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.3.50 (powerpc-apple-darwin7.7.0) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: SIOCGIFMEDIA problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 18:36:04 -0000 At Fri, 13 May 2005 19:17:05 +0200, Sebastien Petit wrote: > > On Fri, 13 May 2005 08:33:32 -0400 > gnn@freebsd.org wrote: > > > At Fri, 13 May 2005 11:10:13 +0200, > > Sebastien Petit wrote: > > > > > > Hi -net hackers, > > > > > > A little question about SIOCGIFMEDIA ioctl: > > > > > > Somebody reports me that some interfaces (bge / em but anothers > > > perhaps) seem to discard packet(s) during SIOCGIFMEDIA ioctl, Is it > > > true and why ? > > > > At least in the case of the em driver it's because eventually > > em_init_locked() is called which re-initializes the whole device, > > including the memory buffers. It is unlikely that packets in the > > buffers would survive that :-) I suspect the same is true of bge. > > Hmm. Ok, > > My question is oriented for my software freevrrpd, for checking the > state of the network cards and do some monitoring on the network > cards, I use the SIOCGIFMEDIA ioctl in a regular interval. But some > VRRP packets from the MASTER server are dropped by the SLAVE server > if this ioctl occurs in the same time. A solution will be to > disable this ioctl but I cannot check the network card status > anymore without perturbating communications. Why it's necessary to > reinitialize the device for that ?! I propose to modify the > SIOCGIFMEDIA for no resetting cards if it's not necessary for > checking state :) btw, em and bge cards under FreeBSD 4.x are very > long for changing state (down to up in 2 or 3 seconds before packets > can be sent/received), I don't know if this is the case under > FreeBSD 5.x but this can cause some problems :/ > > What do you think about that ? Actually, my mistake, it is the SIFMEDIA ioctl that causes a reset. GIFMEDIA should not cause a problem, at least not in that way so I'm not sure why this is happening. I don't see anything obvious in the code, but perhaps someone more expert in em/bge will chime in. Later, George From owner-freebsd-net@FreeBSD.ORG Fri May 13 18:43:30 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E81C016A4CE for ; Fri, 13 May 2005 18:43:30 +0000 (GMT) Received: from relay02.pair.com (relay02.pair.com [209.68.5.16]) by mx1.FreeBSD.org (Postfix) with SMTP id 5E2F443D1F for ; Fri, 13 May 2005 18:43:30 +0000 (GMT) (envelope-from silby@silby.com) Received: (qmail 84647 invoked from network); 13 May 2005 18:43:28 -0000 Received: from unknown (HELO localhost) (unknown) by unknown with SMTP; 13 May 2005 18:43:28 -0000 X-pair-Authenticated: 209.68.2.70 Date: Fri, 13 May 2005 13:43:01 -0500 (CDT) From: Mike Silbersack To: Matt Ruzicka In-Reply-To: Message-ID: <20050513134227.P616@odysseus.silby.com> References: <20050513110350.X839@odysseus.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-net@freebsd.org Subject: Re: **net** Re: Outbound TCP issue, potentially related to'FreeBSD-SA-05:08.kmem [REVISED]' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 18:43:31 -0000 On Fri, 13 May 2005, Matt Ruzicka wrote: > Thank you both very much for all the help. > > Incidentally those systems are now running 4.11 (patched today for htt). Does the problem happen now that the system is upgraded to 4.11? Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Fri May 13 18:58:36 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 698A916A4CE for ; Fri, 13 May 2005 18:58:36 +0000 (GMT) Received: from mail.frii.com (phobos02.frii.net [216.17.128.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4322B43D6D for ; Fri, 13 May 2005 18:58:36 +0000 (GMT) (envelope-from matt@frii.com) Received: from elara.frii.com (elara.frii.com [216.17.128.39]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by mail.frii.com (FRII) with ESMTP id 12B2E1E0B38; Fri, 13 May 2005 12:58:36 -0600 (MDT) Date: Fri, 13 May 2005 12:58:34 -0600 (MDT) From: Matt Ruzicka X-X-Sender: mattr@elara.frii.com To: Mike Silbersack In-Reply-To: <20050513134227.P616@odysseus.silby.com> Message-ID: References: <20050513134227.P616@odysseus.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: **net** Re: Outbound TCP issue, potentially related to'FreeBSD-SA-05:08.kmem [REVISED]' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 18:58:36 -0000 Yes, it still does. And actually the script Maxim attached to his last email (using our IP's) has an interesting side effect of causing the connections to fail. It doesn't fail right away, but within a few moments. -->./netcat-test 2005/05/13 12:46:51 fail fail fail fail ... -->./netcat-test 2005/05/13 12:46:58 fail fail fail fail ... -->./netcat-test 2005/05/13 12:47:13 fail fail fail fail ... Results from out test running at the same time.. pasiphae02.frii.com Fri May 13 12:46:59 2005 failed pasiphae02.frii.com Fri May 13 12:47:00 2005 failed pasiphae02.frii.com Fri May 13 12:47:21 2005 failed pasiphae02.frii.com Fri May 13 12:47:24 2005 failed pasiphae02.frii.com Fri May 13 12:47:25 2005 failed pasiphae02.frii.com Fri May 13 12:47:26 2005 failed pasiphae02.frii.com Fri May 13 12:47:35 2005 failed Matthew Ruzicka - Systems Administrator Front Range Internet, Inc. matt@frii.net - (970) 212-0728 Got SPAM? Take back your email with MailArmory. http://www.MailArmory.com On Fri, 13 May 2005, Mike Silbersack wrote: > > On Fri, 13 May 2005, Matt Ruzicka wrote: > > > Thank you both very much for all the help. > > > > Incidentally those systems are now running 4.11 (patched today for htt). > > Does the problem happen now that the system is upgraded to 4.11? > > Mike "Silby" Silbersack > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Fri May 13 18:58:48 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C7E6D16A4CE for ; Fri, 13 May 2005 18:58:48 +0000 (GMT) Received: from web80603.mail.yahoo.com (web80603.mail.yahoo.com [66.218.79.92]) by mx1.FreeBSD.org (Postfix) with SMTP id 96A7943D81 for ; Fri, 13 May 2005 18:58:48 +0000 (GMT) (envelope-from mohan_srinivasan@yahoo.com) Message-ID: <20050513185848.78077.qmail@web80603.mail.yahoo.com> Received: from [64.165.201.18] by web80603.mail.yahoo.com via HTTP; Fri, 13 May 2005 11:58:48 PDT Date: Fri, 13 May 2005 11:58:48 -0700 (PDT) From: Mohan Srinivasan To: Heinrich Rebehn In-Reply-To: 6667 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-net@freebsd.org Subject: Re: nfsrvstats.srvrpc_errs rapidly increasing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 18:58:48 -0000 --- Heinrich Rebehn wrote: > > There's no problem report on this. > > I wonder if it will ever get fixed then.. It will. It's purely a question of priorities and time. > Since i am neither familiar with kernel sources nor with the internals > of NFS: Could you show me, where the bug can be traced, i.e. at which > point one can detect that the stream is out of sync? I would like to > insert another log() in order to see, if > - the error occurs at all > - is in any way related to our problems. For the bug where the stream gets out of sequence, you might want to start by looking at this fragment of code in nfssvc_nfsd(). /* * For stream protocols, prepend a Sun RPC * Record Mark. */ if (sotype == SOCK_STREAM) { M_PREPEND(m, NFSX_UNSIGNED, M_TRYWAIT); *mtod(m, u_int32_t *) = htonl(0x80000000 | siz); } mohan From owner-freebsd-net@FreeBSD.ORG Fri May 13 19:09:28 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 463C416A4CE for ; Fri, 13 May 2005 19:09:28 +0000 (GMT) Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B8A243D2D for ; Fri, 13 May 2005 19:09:26 +0000 (GMT) (envelope-from maxim@macomnet.ru) Received-SPF: pass (mp2.macomnet.net: domain of maxim@macomnet.ru designates 127.0.0.1 as permitted sender) receiver=mp2.macomnet.net; client_ip=127.0.0.1; envelope-from=maxim@macomnet.ru; Received: from localhost (localhost [127.0.0.1]) by mp2.macomnet.net (8.12.11/8.12.11) with ESMTP id j4DJ9Pat089084; Fri, 13 May 2005 23:09:25 +0400 (MSD) (envelope-from maxim@macomnet.ru) Date: Fri, 13 May 2005 23:09:25 +0400 (MSD) From: Maxim Konovalov To: Matt Ruzicka In-Reply-To: Message-ID: <20050513230848.K89035@mp2.macomnet.net> References: <20050513134227.P616@odysseus.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: **net** Re: Outbound TCP issue, potentially related to'FreeBSD-SA-05:08.kmem [REVISED]' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 19:09:28 -0000 On Fri, 13 May 2005, 12:58-0600, Matt Ruzicka wrote: > Yes, it still does. And actually the script Maxim attached to his last > email (using our IP's) has an interesting side effect of causing the > connections to fail. > > It doesn't fail right away, but within a few moments. > > -->./netcat-test 2005/05/13 12:46:51 > fail > fail > fail > fail > ... Please run netstat -an | grep -c TIME_WAIT when fails occur. -- Maxim Konovalov From owner-freebsd-net@FreeBSD.ORG Fri May 13 19:09:32 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B2D1016A4D8 for ; Fri, 13 May 2005 19:09:32 +0000 (GMT) Received: from relay.pair.com (relay00.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 2A73F43D79 for ; Fri, 13 May 2005 19:09:32 +0000 (GMT) (envelope-from silby@silby.com) Received: (qmail 21142 invoked from network); 13 May 2005 19:09:31 -0000 Received: from unknown (HELO localhost) (unknown) by unknown with SMTP; 13 May 2005 19:09:31 -0000 X-pair-Authenticated: 209.68.2.70 Date: Fri, 13 May 2005 14:09:16 -0500 (CDT) From: Mike Silbersack To: Matt Ruzicka In-Reply-To: Message-ID: <20050513140619.V15203@odysseus.silby.com> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-net@freebsd.org Subject: Re: **net** Re: Outbound TCP issue, potentially related to'FreeBSD-SA-05:08.kmem [REVISED]' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 19:09:32 -0000 On Fri, 13 May 2005, Matt Ruzicka wrote: > Yes, it still does. And actually the script Maxim attached to his last > email (using our IP's) has an interesting side effect of causing the > connections to fail. > > It doesn't fail right away, but within a few moments. Are you perhaps exhausting all ports? Try changing net.inet.ip.portrange.first: 1024 net.inet.ip.portrange.last: 5000 to net.inet.ip.portrange.first=1024 (unchanged) net.inet.ip.portrange.last=65535 so that you have tons of potential ports. You might just have some stuck in the TIME_WAIT state causing you problems or something right now. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Fri May 13 19:25:46 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4434816A4CE for ; Fri, 13 May 2005 19:25:46 +0000 (GMT) Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1AC2B43D6E for ; Fri, 13 May 2005 19:25:45 +0000 (GMT) (envelope-from maxim@macomnet.ru) Received-SPF: pass (mp2.macomnet.net: domain of maxim@macomnet.ru designates 127.0.0.1 as permitted sender) receiver=mp2.macomnet.net; client_ip=127.0.0.1; envelope-from=maxim@macomnet.ru; Received: from localhost (localhost [127.0.0.1]) by mp2.macomnet.net (8.12.11/8.12.11) with ESMTP id j4DJPhJ3089235; Fri, 13 May 2005 23:25:43 +0400 (MSD) (envelope-from maxim@macomnet.ru) Date: Fri, 13 May 2005 23:25:43 +0400 (MSD) From: Maxim Konovalov To: Matt Ruzicka In-Reply-To: <20050513230848.K89035@mp2.macomnet.net> Message-ID: <20050513232535.K89035@mp2.macomnet.net> References: <20050513230848.K89035@mp2.macomnet.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: **net** Re: Outbound TCP issue, potentially related to'FreeBSD-SA-05:08.kmem [REVISED]' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 19:25:46 -0000 On Fri, 13 May 2005, 23:09+0400, Maxim Konovalov wrote: > On Fri, 13 May 2005, 12:58-0600, Matt Ruzicka wrote: > > > Yes, it still does. And actually the script Maxim attached to his last > > email (using our IP's) has an interesting side effect of causing the > > connections to fail. > > > > It doesn't fail right away, but within a few moments. > > > > -->./netcat-test 2005/05/13 12:46:51 > > fail > > fail > > fail > > fail > > ... > > Please run > > netstat -an | grep -c TIME_WAIT > > when fails occur. and vmstat -z | grep -i sock -- Maxim Konovalov From owner-freebsd-net@FreeBSD.ORG Fri May 13 19:39:25 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 62F9316A4CE for ; Fri, 13 May 2005 19:39:25 +0000 (GMT) Received: from mail.frii.com (phobos02.frii.net [216.17.128.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A52E43D77 for ; Fri, 13 May 2005 19:39:25 +0000 (GMT) (envelope-from matt@frii.com) Received: from elara.frii.com (elara.frii.com [216.17.128.39]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by mail.frii.com (FRII) with ESMTP id C30331E1A50; Fri, 13 May 2005 13:39:22 -0600 (MDT) Date: Fri, 13 May 2005 13:39:21 -0600 (MDT) From: Matt Ruzicka X-X-Sender: mattr@elara.frii.com To: Maxim Konovalov In-Reply-To: <20050513230848.K89035@mp2.macomnet.net> Message-ID: References: <20050513134227.P616@odysseus.silby.com> <20050513230848.K89035@mp2.macomnet.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: **net** Re: Outbound TCP issue, potentially related to'FreeBSD-SA-05:08.kmem [REVISED]' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 19:39:25 -0000 hmm.. I'm starting to feel a bit silly maybe. Running the netstat and grep below showed that we had between 800-1700 lines in TIME_WAIT. I then ran the netcat test script while checking for TIME_WAITs. They climbed to the 4800 range then I started getting port failures. I then ran sysctl net.inet.ip.portrange.last=65535 at Mike's recommendation. I then re-ran the netcat script while checking for TIME_WAITs. This time they climbed to 15000 range before I starting getting errors, but this time I started getting errors from the netcat script. Can't get socket : No buffer space available This leads me to believe we were in fact running out of ports and while running this script also overran our socket buffers. I just got the second email from Maxim with the vmstat request as well.. Currently both boxes are sitting higher in the TIME_WAITs box 1: -->netstat -an | grep -c TIME_WAIT 2005/05/13 13:27:41 2455 -->vmstat -z | grep -i sock 2005/05/13 13:29:41 socket: 224, 16424, 3874, 12564, 1107241 box 2: -->netstat -an | grep -c TIME_WAIT 2005/05/13 13:27:10 3541 -->vmstat -z | grep -i sock 2005/05/13 13:29:50 socket: 224, 16424, 3987, 2760, 726779 When I check the vmstat while getting errors from the netcat script I get this. -->vmstat -z | grep -i sock 2005/05/13 13:33:20 socket: 224, 16424, 16438, 0, 1150867 A minute or so later we are back to this: -->netstat -an | grep -c TIME_WAIT 2005/05/13 13:33:55 2302 -->vmstat -z | grep -i sock 2005/05/13 13:34:27 socket: 224, 16424, 3282, 13156, 1155482 Here is my vmstat -z in a "normal" state. ITEM SIZE LIMIT USED FREE REQUESTS PIPE: 160, 0, 80, 124, 282288 SWAPMETA: 160, 233016, 0, 0, 0 unpcb: 160, 0, 46, 104, 74835 ripcb: 192, 16424, 0, 21, 1 divcb: 192, 16424, 0, 0, 0 syncache: 160, 15359, 5, 71, 316134 tcpcb: 576, 16424, 3562, 12836, 1040575 udpcb: 192, 16424, 13, 93, 51641 socket: 224, 16424, 3621, 12817, 1167053 KNOTE: 64, 0, 0, 128, 50789 NFSNODE: 352, 0, 77943, 14, 415454 NFSMOUNT: 544, 0, 4, 10, 4 VNODE: 192, 0, 79602, 110, 79602 NAMEI: 1024, 0, 0, 32, 28750812 VMSPACE: 192, 0, 165, 155, 187746 PROC: 416, 0, 175, 168, 187759 DP fakepg: 64, 0, 0, 0, 0 PV ENTRY: 28, 2690958, 809707, 711801, 259399026 MAP ENTRY: 48, 0, 15192, 16216, 10277033 KMAP ENTRY: 48, 65615, 1037, 200, 305137 MAP: 108, 0, 7, 3, 7 VM OBJECT: 92, 0, 77799, 117, 4201147 And during the failures.. ITEM SIZE LIMIT USED FREE REQUESTS PIPE: 160, 0, 76, 128, 283432 SWAPMETA: 160, 233016, 0, 0, 0 unpcb: 160, 0, 42, 108, 75353 ripcb: 192, 16424, 0, 21, 1 divcb: 192, 16424, 0, 0, 0 syncache: 160, 15359, 2, 74, 331720 tcpcb: 576, 16424, 16375, 23, 1074316 udpcb: 192, 16424, 13, 93, 51949 socket: 224, 16424, 16430, 8, 1201620 KNOTE: 64, 0, 0, 128, 51096 NFSNODE: 352, 0, 78365, 21, 417728 NFSMOUNT: 544, 0, 4, 10, 4 VNODE: 192, 0, 80024, 112, 80024 NAMEI: 1024, 0, 0, 32, 28983336 VMSPACE: 192, 0, 150, 170, 202142 PROC: 416, 0, 160, 183, 202155 DP fakepg: 64, 0, 0, 0, 0 PV ENTRY: 28, 2690958, 661633, 859875, 263111591 MAP ENTRY: 48, 0, 13004, 18404, 10546263 KMAP ENTRY: 48, 65615, 1034, 203, 306496 MAP: 108, 0, 7, 3, 7 VM OBJECT: 92, 0, 78224, 484, 4438390 Am I pretty much just looking at a tuning issue at this point I assume? Matthew Ruzicka - Systems Administrator Front Range Internet, Inc. matt@frii.net - (970) 212-0728 Got SPAM? Take back your email with MailArmory. http://www.MailArmory.com On Fri, 13 May 2005, Maxim Konovalov wrote: > On Fri, 13 May 2005, 12:58-0600, Matt Ruzicka wrote: > > > Yes, it still does. And actually the script Maxim attached to his last > > email (using our IP's) has an interesting side effect of causing the > > connections to fail. > > > > It doesn't fail right away, but within a few moments. > > > > -->./netcat-test 2005/05/13 12:46:51 > > fail > > fail > > fail > > fail > > ... > > Please run > > netstat -an | grep -c TIME_WAIT > > when fails occur. > > -- > Maxim Konovalov > From owner-freebsd-net@FreeBSD.ORG Fri May 13 19:54:32 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 11DD716A4CE for ; Fri, 13 May 2005 19:54:32 +0000 (GMT) Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 43B2C43D77 for ; Fri, 13 May 2005 19:54:31 +0000 (GMT) (envelope-from maxim@macomnet.ru) Received-SPF: pass (mp2.macomnet.net: domain of maxim@macomnet.ru designates 127.0.0.1 as permitted sender) receiver=mp2.macomnet.net; client_ip=127.0.0.1; envelope-from=maxim@macomnet.ru; Received: from localhost (localhost [127.0.0.1]) by mp2.macomnet.net (8.12.11/8.12.11) with ESMTP id j4DJsTb2089470; Fri, 13 May 2005 23:54:30 +0400 (MSD) (envelope-from maxim@macomnet.ru) Date: Fri, 13 May 2005 23:54:29 +0400 (MSD) From: Maxim Konovalov To: Matt Ruzicka In-Reply-To: Message-ID: <20050513234632.G89371@mp2.macomnet.net> References: <20050513134227.P616@odysseus.silby.com> <20050513230848.K89035@mp2.macomnet.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: **net** Re: Outbound TCP issue, potentially related to'FreeBSD-SA-05:08.kmem [REVISED]' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 19:54:32 -0000 [...] > When I check the vmstat while getting errors from the netcat script I get > this. > > -->vmstat -z | grep -i sock 2005/05/13 13:33:20 > socket: 224, 16424, 16438, 0, 1150867 Limit ---------------------^^^^^ Current ---------------------------^^^^^ > Here is my vmstat -z in a "normal" state. > > ITEM SIZE LIMIT USED FREE REQUESTS [...] > socket: 224, 16424, 3621, 12817, 1167053 [...] > And during the failures.. > > ITEM SIZE LIMIT USED FREE REQUESTS [...] > socket: 224, 16424, 16430, 8, 1201620 [...] > Am I pretty much just looking at a tuning issue at this point I assume? 1) Use a persistent connection if possible. 2) /etc/sysctl.conf: net.inet.tcp.msl="5000" net.inet.ip.portrange.last="50000" perhaps /boot/loader.conf: kern.ipc.maxsockets="32768" -- Maxim Konovalov From owner-freebsd-net@FreeBSD.ORG Fri May 13 20:20:40 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92F6A16A4CE for ; Fri, 13 May 2005 20:20:40 +0000 (GMT) Received: from mail.frii.com (phobos01.frii.net [216.17.128.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E22043D5A for ; Fri, 13 May 2005 20:20:40 +0000 (GMT) (envelope-from matt@frii.com) Received: from elara.frii.com (elara.frii.com [216.17.128.39]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by mail.frii.com (FRII) with ESMTP id D73431DF392; Fri, 13 May 2005 14:20:39 -0600 (MDT) Date: Fri, 13 May 2005 14:20:39 -0600 (MDT) From: Matt Ruzicka X-X-Sender: mattr@elara.frii.com To: Maxim Konovalov In-Reply-To: <20050513234632.G89371@mp2.macomnet.net> Message-ID: References: <20050513230848.K89035@mp2.macomnet.net> <20050513234632.G89371@mp2.macomnet.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: **net** Re: Outbound TCP issue, potentially related to'FreeBSD-SA-05:08.kmem [REVISED]' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 20:20:40 -0000 Great, thank you very much for the advice and attention on this issue. I very much appreciate it. The short term results on these seem very good. Thanks again. Matthew Ruzicka - Systems Administrator Front Range Internet, Inc. matt@frii.net - (970) 212-0728 Got SPAM? Take back your email with MailArmory. http://www.MailArmory.com On Fri, 13 May 2005, Maxim Konovalov wrote: > [...] > > When I check the vmstat while getting errors from the netcat script I get > > this. > > > > -->vmstat -z | grep -i sock 2005/05/13 13:33:20 > > socket: 224, 16424, 16438, 0, 1150867 > > Limit ---------------------^^^^^ > Current ---------------------------^^^^^ > > > Here is my vmstat -z in a "normal" state. > > > > ITEM SIZE LIMIT USED FREE REQUESTS > [...] > > socket: 224, 16424, 3621, 12817, 1167053 > > [...] > > And during the failures.. > > > > ITEM SIZE LIMIT USED FREE REQUESTS > [...] > > socket: 224, 16424, 16430, 8, 1201620 > > [...] > > Am I pretty much just looking at a tuning issue at this point I assume? > > 1) Use a persistent connection if possible. > > 2) > > /etc/sysctl.conf: > net.inet.tcp.msl="5000" > net.inet.ip.portrange.last="50000" > > perhaps > > /boot/loader.conf: > kern.ipc.maxsockets="32768" > > -- > Maxim Konovalov > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Fri May 13 20:37:29 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 066E216A4CE; Fri, 13 May 2005 20:37:29 +0000 (GMT) Received: from pop03.mail.atl.earthlink.net (pop03.mail.atl.earthlink.net [207.69.200.48]) by mx1.FreeBSD.org (Postfix) with ESMTP id B493E43D5F; Fri, 13 May 2005 20:37:28 +0000 (GMT) (envelope-from gandalf@digital.net) Received: from wamui07.slb.atl.earthlink.net ([192.168.167.45]) by pop03.mail.atl.earthlink.net with esmtp (Exim 3.36 #10) id 1DWguN-0003lS-00; Fri, 13 May 2005 16:37:19 -0400 Message-ID: <14767452.1116016639146.JavaMail.root@wamui07.slb.atl.earthlink.net> Date: Fri, 13 May 2005 15:37:19 -0500 (GMT-05:00) From: gandalf@digital.net To: Maxim Konovalov Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: Earthlink Zoo Mail 1.0 cc: freebsd-net@freebsd.org cc: Suleiman Souhlal Subject: Re: FreeBSD and the Rose Attack / NewDawn X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: gandalf@digital.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 20:37:29 -0000 Greetings and Salutations: From: Maxim Konovalov > Test > cd /usr/src && patch -C -p0 < /path/to/ip_maxfragspersecond.patch > and apply > cd /usr/src && patch -p0 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C19C16A4CE for ; Fri, 13 May 2005 20:52:47 +0000 (GMT) Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 6CED843D62 for ; Fri, 13 May 2005 20:52:46 +0000 (GMT) (envelope-from FreeMan@fantasymail.de) Received: (qmail 31217 invoked by uid 0); 13 May 2005 20:26:05 -0000 Received: from 213.217.113.250 by www2.gmx.net with HTTP; Fri, 13 May 2005 22:26:05 +0200 (MEST) Date: Fri, 13 May 2005 22:26:05 +0200 (MEST) From: FreeMan@fantasymail.de To: freebsd-net@freebsd.org MIME-Version: 1.0 X-Priority: 3 (Normal) X-Authenticated: #27615881 Message-ID: <25286.1116015965@www2.gmx.net> X-Mailer: WWW-Mail 1.6 (Global Message Exchange) X-Flags: 0001 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Several IPv6 tunnels possible? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 20:52:47 -0000 Hello Listers! I hope that somebody here can help me with my problem(s). I trying to setup several IPv6 tunnels on a FreeBSD 5.3 box. With only one tunnel it works but whenever i add a other one - both are broken and i cant connect out to the world over ipv6. Afaik i can use different gif interfaces but i dont know how to define for each tunnel their own default gateway. ipv6_enable="YES" ipv6_network_interfaces="xl0 gif0 lo0" ipv6_defaultrouter="fe80::1%gif0" gifconfig_gif0="myip tunnelserverip" ipv6_ifconfig_gif0="ipv6adress prefixlen 128" ipv6_ifconfig_gif0_alias0="ipv6adress2 prefixlen 128" This works for one tunnel but how can i add a second one without brake routing? Thanks for you help! From owner-freebsd-net@FreeBSD.ORG Fri May 13 23:51:56 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3988316A4D0 for ; Fri, 13 May 2005 23:51:56 +0000 (GMT) Received: from smtp100.rog.mail.re2.yahoo.com (smtp100.rog.mail.re2.yahoo.com [206.190.36.78]) by mx1.FreeBSD.org (Postfix) with SMTP id 80D0043D8D for ; Fri, 13 May 2005 23:51:55 +0000 (GMT) (envelope-from mikej@rogers.com) Received: from unknown (HELO 172.16.0.1) (mikej@69.193.222.195 with login) by smtp100.rog.mail.re2.yahoo.com with SMTP; 13 May 2005 23:51:54 -0000 Received: from 172.16.0.199 (SquirrelMail authenticated user mikej) by 172.16.0.1 with HTTP; Fri, 13 May 2005 19:52:02 -0400 (EDT) Message-ID: <3973.172.16.0.199.1116028322.squirrel@172.16.0.1> In-Reply-To: <20050512072754.GB92476@us.svf.stuba.sk> References: <20050505133250.GA73885@us.svf.stuba.sk> <20050506065950.GA1999@us.svf.stuba.sk> <20050507043712.GB28373@xor.obsecurity.org> <1318.172.16.0.199.1115846681.squirrel@172.16.0.1> <1424.172.16.0.199.1115851128.squirrel@172.16.0.1> <20050512072754.GB92476@us.svf.stuba.sk> Date: Fri, 13 May 2005 19:52:02 -0400 (EDT) From: "Mike Jakubik" To: "Marian Durkovic" User-Agent: SquirrelMail/1.5.1 [CVS] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org cc: current@freebsd.org Subject: Outgoing speed problems in -CURRENT (was: Re: SOLVED: Degraded TCP performace on Intel PRO/1000) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2005 23:51:56 -0000 On Thu, May 12, 2005 3:27 am, Marian Durkovic said: >> Seems like i am getting half the performance when sending to the fbsd >> box. Also, enabling jumbo frames does not help, and sometimes even >> yields slightly slower results. > > Yes, that's exactly the problem my patch is addressing - for larger MTU > sizes the TX FIFO is simply too small. > > And the new Intel's driver ver. 2.1.7 for FreeBSD 5.3 has the same bugs. I just tried your patch, but unfortunately it does not seem to affect my problem, the speeds are identical. I am still getting half the performance when sending out. The fact that this also occurs using another machine and a different card, leads me to belive something is broken in -CURRENT. From owner-freebsd-net@FreeBSD.ORG Sat May 14 01:42:24 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C9D4316A4CE for ; Sat, 14 May 2005 01:42:24 +0000 (GMT) Received: from mail-relay1.yahoo.com (mail-relay1.yahoo.com [216.145.48.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 965AE43D4C for ; Sat, 14 May 2005 01:42:24 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com [216.145.48.98])j4E1gBDY086258; Fri, 13 May 2005 18:42:11 -0700 (PDT) Date: Fri, 13 May 2005 21:42:15 -0400 Message-ID: From: gnn@freebsd.org To: FreeMan@fantasymail.de In-Reply-To: <25286.1116015965@www2.gmx.net> References: <25286.1116015965@www2.gmx.net> User-Agent: Wanderlust/2.12.0 (Your Wildest Dreams) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.3.50 (powerpc-apple-darwin7.7.0) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Several IPv6 tunnels possible? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 May 2005 01:42:25 -0000 At Fri, 13 May 2005 22:26:05 +0200 (MEST), FreeMan@fantasymail.de wrote: > Afaik i can use different gif interfaces but > i dont know how to define for each tunnel their > own default gateway. > > ipv6_enable="YES" > ipv6_network_interfaces="xl0 gif0 lo0" > ipv6_defaultrouter="fe80::1%gif0" > gifconfig_gif0="myip tunnelserverip" > ipv6_ifconfig_gif0="ipv6adress prefixlen 128" > ipv6_ifconfig_gif0_alias0="ipv6adress2 prefixlen 128" > > This works for one tunnel but how can i add a > second one without brake routing? You need to set up appropriate routes. You cannot have two default routes, as far as I know. Why do you want two tunnels? Later, George From owner-freebsd-net@FreeBSD.ORG Sat May 14 04:49:49 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9302B16A4CE for ; Sat, 14 May 2005 04:49:49 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id AAC8943D79 for ; Sat, 14 May 2005 04:49:48 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 82900 invoked from network); 14 May 2005 04:47:31 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.54]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 14 May 2005 04:47:31 -0000 Message-ID: <4285836E.3AD4B37@freebsd.org> Date: Sat, 14 May 2005 06:49:50 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Mike Jakubik References: <20050505133250.GA73885@us.svf.stuba.sk> <20050506065950.GA1999@us.svf.stuba.sk> <20050507043712.GB28373@xor.obsecurity.org> <1318.172.16.0.199.1115846681.squirrel@172.16.0.1> <1424.172.16.0.199.1115851128.squirrel@172.16.0.1> <3973.172.16.0.199.1116028322.squirrel@172.16.0.1> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: current@freebsd.org cc: Marian Durkovic Subject: Re: Outgoing speed problems in -CURRENT (was: Re: SOLVED: DegradedTCP performace on Intel PRO/1000) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 May 2005 04:49:49 -0000 Mike Jakubik wrote: > > On Thu, May 12, 2005 3:27 am, Marian Durkovic said: > > >> Seems like i am getting half the performance when sending to the fbsd > >> box. Also, enabling jumbo frames does not help, and sometimes even > >> yields slightly slower results. > > > > Yes, that's exactly the problem my patch is addressing - for larger MTU > > sizes the TX FIFO is simply too small. > > > > And the new Intel's driver ver. 2.1.7 for FreeBSD 5.3 has the same bugs. > > I just tried your patch, but unfortunately it does not seem to affect my > problem, the speeds are identical. I am still getting half the performance > when sending out. The fact that this also occurs using another machine and > a different card, leads me to belive something is broken in -CURRENT. net.inet.tcp.sendspace=65536 and try again. -- Andre From owner-freebsd-net@FreeBSD.ORG Sat May 14 15:52:03 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5750116A4CE; Sat, 14 May 2005 15:52:03 +0000 (GMT) Received: from mail-relay1.yahoo.com (mail-relay1.yahoo.com [216.145.48.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 409F843D46; Sat, 14 May 2005 15:52:03 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com [216.145.48.98])j4EFq2kH055049; Sat, 14 May 2005 08:52:02 -0700 (PDT) Date: Sat, 14 May 2005 11:52:07 -0400 Message-ID: From: gnn@freebsd.org To: net@freebsd.org User-Agent: Wanderlust/2.12.0 (Your Wildest Dreams) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.3.50 (powerpc-apple-darwin7.7.0) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII cc: rwatson@freebsd.org Subject: A couple of patches from KAME... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 May 2005 15:52:03 -0000 Hi, I'd like to commit this two fixes. They both fix an inappropriate access to a datastructure. Comments please, I'd like to get these into the tree ASAP and then will post an MFC date. Later, George cvs diff: Diffing . Index: getaddrinfo.c =================================================================== RCS file: /Volumes/exported/FreeBSD-CVS/src/lib/libc/net/getaddrinfo.c,v retrieving revision 1.66 diff -u -r1.66 getaddrinfo.c --- getaddrinfo.c 2 May 2005 04:43:32 -0000 1.66 +++ getaddrinfo.c 14 May 2005 14:29:15 -0000 @@ -861,8 +861,8 @@ break; #endif case AF_INET: - s = (u_char *)&((struct sockaddr_in6 *)src)->sin6_addr; - d = (u_char *)&((struct sockaddr_in6 *)dst)->sin6_addr; + s = (u_char *)&((struct sockaddr_in *)src)->sin_addr; + d = (u_char *)&((struct sockaddr_in *)dst)->sin_addr; addrlen = sizeof(struct in_addr); lim = s + addrlen; break; Index: name6.c =================================================================== RCS file: /Volumes/exported/FreeBSD-CVS/src/lib/libc/net/name6.c,v retrieving revision 1.51 diff -u -r1.51 name6.c --- name6.c 2 May 2005 04:43:32 -0000 1.51 +++ name6.c 14 May 2005 15:48:47 -0000 @@ -1028,8 +1028,8 @@ break; #endif case AF_INET: - s = (u_char *)&((struct sockaddr_in6 *)src)->sin6_addr; - d = (u_char *)&((struct sockaddr_in6 *)dst)->sin6_addr; + s = (u_char *)&((struct sockaddr_in *)src)->sin_addr; + d = (u_char *)&((struct sockaddr_in *)dst)->sin_addr; addrlen = sizeof(struct in_addr); lim = s + addrlen; break; From owner-freebsd-net@FreeBSD.ORG Sat May 14 16:47:56 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6151616A4D0 for ; Sat, 14 May 2005 16:47:56 +0000 (GMT) Received: from iscan1.intra.oki.co.jp (okigate.oki.co.jp [202.226.91.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 74D3943D79 for ; Sat, 14 May 2005 16:47:54 +0000 (GMT) (envelope-from yamamoto436@oki.com) Received: from aoi.bmc.oki.co.jp (localhost.localdomain [127.0.0.1]) by iscan1.intra.oki.co.jp (8.9.3/8.9.3) with SMTP id BAA21508 for ; Sun, 15 May 2005 01:47:52 +0900 Received: (qmail 8072 invoked from network); 15 May 2005 01:47:52 +0900 Received: from tulip.bmc.oki.co.jp (172.19.234.100) by aoi.bmc.oki.co.jp with SMTP; 15 May 2005 01:47:52 +0900 Received: from localhost (tulip [172.19.234.100]) by tulip.bmc.oki.co.jp (8.13.1/8.12.11) with ESMTP id j4EGlp7l098315; Sun, 15 May 2005 01:47:51 +0900 (JST) (envelope-from yamamoto436@oki.com) Date: Sun, 15 May 2005 01:47:51 +0900 (JST) Message-Id: <20050515.014751.71166865.yamamoto436@oki.com> To: gnn@freebsd.org From: Hideki Yamamoto In-Reply-To: References: <25286.1116015965@www2.gmx.net> X-Mailer: Mew version 3.3 on Emacs 21.2 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: FreeMan@fantasymail.de Subject: Re: Several IPv6 tunnels possible? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 May 2005 16:47:56 -0000 Hi, I am using zebra as IPv6 router with more than two gif tunnels. It are working well. In /etc/rc.conf, we set the following lines. ----start router_enable="YES" router="/usr/local/sbin/zebractl" router_flags="start" ----end Regards, Hideki Yamamoto From: gnn@freebsd.org Subject: Re: Several IPv6 tunnels possible? Date: Fri, 13 May 2005 21:42:15 -0400 Message-ID: > At Fri, 13 May 2005 22:26:05 +0200 (MEST), > FreeMan@fantasymail.de wrote: > > Afaik i can use different gif interfaces but > > i dont know how to define for each tunnel their > > own default gateway. > > > > ipv6_enable="YES" > > ipv6_network_interfaces="xl0 gif0 lo0" > > ipv6_defaultrouter="fe80::1%gif0" > > gifconfig_gif0="myip tunnelserverip" > > ipv6_ifconfig_gif0="ipv6adress prefixlen 128" > > ipv6_ifconfig_gif0_alias0="ipv6adress2 prefixlen 128" > > > > This works for one tunnel but how can i add a > > second one without brake routing? > > You need to set up appropriate routes. You cannot have two default > routes, as far as I know. Why do you want two tunnels? > > Later, > George > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Sat May 14 17:02:52 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 24EC116A4CE for ; Sat, 14 May 2005 17:02:52 +0000 (GMT) Received: from iscan1.intra.oki.co.jp (okigate.oki.co.jp [202.226.91.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id DABED43D6E for ; Sat, 14 May 2005 17:02:49 +0000 (GMT) (envelope-from yamamoto436@oki.com) Received: from aoi.bmc.oki.co.jp (localhost.localdomain [127.0.0.1]) by iscan1.intra.oki.co.jp (8.9.3/8.9.3) with SMTP id CAA22517 for ; Sun, 15 May 2005 02:02:48 +0900 Received: (qmail 8186 invoked from network); 15 May 2005 02:02:48 +0900 Received: from tulip.bmc.oki.co.jp (172.19.234.100) by aoi.bmc.oki.co.jp with SMTP; 15 May 2005 02:02:48 +0900 Received: from localhost (tulip [172.19.234.100]) by tulip.bmc.oki.co.jp (8.13.1/8.12.11) with ESMTP id j4EH2lJo013119; Sun, 15 May 2005 02:02:48 +0900 (JST) (envelope-from yamamoto436@oki.com) Date: Sun, 15 May 2005 02:02:47 +0900 (JST) Message-Id: <20050515.020247.104108009.yamamoto436@oki.com> To: max@love2party.net From: Hideki Yamamoto In-Reply-To: <200504200112.41260.max@love2party.net> References: <200504200112.41260.max@love2party.net> X-Mailer: Mew version 3.3 on Emacs 21.2 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: freebsd-pf@freebsd.org Subject: Re: New PF (OpenBSD 3.7 ***ALPHA-preview***) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 May 2005 17:02:52 -0000 Dear Mr. Max; Thank you for your efforts!! I am expecting full bridge function on FreeBSD 5 as OpenBSD 3.5 or later. Last year, I have tested FreeBSD, NetBSD, and OpenBSD to bridge IPv6 packet over IPv4 tunnel with bridge. Though only OpenBSD supported the above function, it is not stable. Kernel panic happens wheneve we type reboot command, or booting process sometimes stop when chekecking USB devices. I hope FreeBSD pf porting supports full function of bridge. Thanks in advance. From: Max Laier Subject: New PF (OpenBSD 3.7 ***ALPHA-preview***) Date: Wed, 20 Apr 2005 01:12:30 +0200 Message-ID: <200504200112.41260.max@love2party.net> > All, > > at: > http://people.freebsd.org/~mlaier/pf37/ > > you will find the first shot at the long awaited import of a new version of > pf. This is level with what is likely to be shipped as OpenBSD 3.7 and > includes *most* of the features. Some are not yet implemented: > > - Filtering on route labels (we don't have any). > - Return-rst on IP-less bridges (bridge support is still behind; There is > work ongoing to improve this as well, though.). > - Congestion prevention/graceful comeback (subject to future work). > > There are, however, some hightlights that came with OpenBSD 3.6 and will be > coming with OpenBSD 3.7 (from the OpenBSD release notes): > > + pfctl(8) now provides a rules optimizer to help improve filtering speed. > + pf, now supports nested anchors. > + Support limiting TCP connections by establishment rate, automatically > adding flooding IP addresses to tables and flushing states > (max-src-conn-rate, overload , flush global). > + Improved functionality of tags (tag and tagged for translation rules, > tagging of all packets matching state entries). > + Improved diagnostics (error messages and additional counters from > pfctl -si). > + New keyword set skip on to skip filtering on arbitrary interfaces, like > loopback. > + Several bugfixes improving stability. > > This import is in a very early stage and you should keep this in mind! > > However, it should build and boot just fine. I have done some basic tests to > weed out the common problems seen during the last imports, but didn't do > extensive testing yet. If you are in a position where you can test this, I > am looking forward to getting your feedback! > > Updates will be posted to the freebsd-pf mailing list. Thanks. > > -- > /"\ Best regards, | mlaier@freebsd.org > \ / Max Laier | ICQ #67774661 > X http://pf4freebsd.love2party.net/ | mlaier@EFnet > / \ ASCII Ribbon Campaign | Against HTML Mail and News ----------------------------------------------------------------- Hideki YAMAMOTO | Broadband Media Solutions Department | E-mail: yamamoto436@oki.com Broadband Media Company | Tel: +81-48-420-7012 Oki Electric Industry Co., Ltd. | FAX: +81-48-420-7016 From owner-freebsd-net@FreeBSD.ORG Sat May 14 18:09:41 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C2B1016A4D0 for ; Sat, 14 May 2005 18:09:41 +0000 (GMT) Received: from smtp102.rog.mail.re2.yahoo.com (smtp102.rog.mail.re2.yahoo.com [206.190.36.80]) by mx1.FreeBSD.org (Postfix) with SMTP id 34EC743D3F for ; Sat, 14 May 2005 18:09:41 +0000 (GMT) (envelope-from mikej@rogers.com) Received: from unknown (HELO 172.16.0.1) (mikej@69.193.222.195 with login) by smtp102.rog.mail.re2.yahoo.com with SMTP; 14 May 2005 18:09:40 -0000 Received: from 172.16.0.199 (SquirrelMail authenticated user mikej) by 172.16.0.1 with HTTP; Sat, 14 May 2005 14:09:46 -0400 (EDT) Message-ID: <4603.172.16.0.199.1116094186.squirrel@172.16.0.1> In-Reply-To: <4285836E.3AD4B37@freebsd.org> References: <20050505133250.GA73885@us.svf.stuba.sk> <20050506065950.GA1999@us.svf.stuba.sk> <20050507043712.GB28373@xor.obsecurity.org> <1318.172.16.0.199.1115846681.squirrel@172.16.0.1> <1424.172.16.0.199.1115851128.squirrel@172.16.0.1> <20050512072754.GB92476@us.svf.stuba.sk> <3973.172.16.0.199.1116028322.squirrel@172.16.0.1> <4285836E.3AD4B37@freebsd.org> Date: Sat, 14 May 2005 14:09:46 -0400 (EDT) From: "Mike Jakubik" To: "Andre Oppermann" User-Agent: SquirrelMail/1.5.1 [CVS] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org cc: current@freebsd.org cc: Marian Durkovic Subject: Re: Outgoing speed problems in -CURRENT (was: Re: SOLVED: Degraded TCP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 May 2005 18:09:41 -0000 On Sat, May 14, 2005 12:49 am, Andre Oppermann said: > Mike Jakubik wrote: >> I just tried your patch, but unfortunately it does not seem to affect >> my problem, the speeds are identical. I am still getting half the >> performance when sending out. The fact that this also occurs using >> another machine and a different card, leads me to belive something is >> broken in -CURRENT. > > net.inet.tcp.sendspace=65536 and try again. Im sorry, i mean to say receiving, not sending. I did try adjusting this, but it made no difference. Just to recap: netio server running windows xp, connecting from fbsd: TCP/IP connection established. Packet size 1 KByte: 41103 KByte/s Packet size 2 KByte: 39601 KByte/s Packet size 4 KByte: 43463 KByte/s Packet size 8 KByte: 43734 KByte/s Packet size 16 KByte: 43719 KByte/s Packet size 32 KByte: 43656 KByte/s netio server running on fbsd, connecting from windows xp: TCP/IP connection established. Packet size 1 KByte: 19347 KByte/s Packet size 2 KByte: 21056 KByte/s Packet size 4 KByte: 22845 KByte/s Packet size 8 KByte: 23445 KByte/s Packet size 16 KByte: 25082 KByte/s Packet size 32 KByte: 25294 KByte/s So as we can see, i am getting nearly half the performance when sending to the fbsd server. I get simillar results when substituting the windows server with a fbsd 5.4 server, and using 100mbit cards on both. From owner-freebsd-net@FreeBSD.ORG Sat May 14 18:21:06 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9770616A4D0 for ; Sat, 14 May 2005 18:21:06 +0000 (GMT) Received: from relay03.pair.com (relay03.pair.com [209.68.5.17]) by mx1.FreeBSD.org (Postfix) with SMTP id E6E3743D83 for ; Sat, 14 May 2005 18:21:05 +0000 (GMT) (envelope-from silby@silby.com) Received: (qmail 86214 invoked from network); 14 May 2005 18:21:04 -0000 Received: from unknown (HELO localhost) (unknown) by unknown with SMTP; 14 May 2005 18:21:04 -0000 X-pair-Authenticated: 209.68.2.70 Date: Sat, 14 May 2005 13:20:50 -0500 (CDT) From: Mike Silbersack To: Mike Jakubik In-Reply-To: <4603.172.16.0.199.1116094186.squirrel@172.16.0.1> Message-ID: <20050514132028.T727@odysseus.silby.com> References: <20050505133250.GA73885@us.svf.stuba.sk> <20050507043712.GB28373@xor.obsecurity.org> <1318.172.16.0.199.1115846681.squirrel@172.16.0.1> <1424.172.16.0.199.1115851128.squirrel@172.16.0.1> <3973.172.16.0.199.1116028322.squirrel@172.16.0.1> <4603.172.16.0.199.1116094186.squirrel@172.16.0.1> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-net@freebsd.org cc: Andre Oppermann cc: current@freebsd.org cc: Marian Durkovic Subject: Re: Outgoing speed problems in -CURRENT (was: Re: SOLVED: Degraded TCP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 May 2005 18:21:06 -0000 On Sat, 14 May 2005, Mike Jakubik wrote: > Im sorry, i mean to say receiving, not sending. I did try adjusting this, > but it made no difference. Just to recap: Try changing net.inet.tcp.delayed_ack=0 and see if that changes anything. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Sat May 14 19:20:19 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E81FB16A4CE; Sat, 14 May 2005 19:20:18 +0000 (GMT) Received: from lexi.siliconlandmark.com (lexi.siliconlandmark.com [209.69.98.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5EF8843D1F; Sat, 14 May 2005 19:20:18 +0000 (GMT) (envelope-from andy@siliconlandmark.com) Received: from lexi.siliconlandmark.com (localhost [127.0.0.1]) j4EJKFqO003905; Sat, 14 May 2005 15:20:15 -0400 (EDT) (envelope-from andy@siliconlandmark.com) Received: from localhost (andy@localhost)j4EJKB83003902; Sat, 14 May 2005 15:20:15 -0400 (EDT) (envelope-from andy@siliconlandmark.com) X-Authentication-Warning: lexi.siliconlandmark.com: andy owned process doing -bs Date: Sat, 14 May 2005 15:20:11 -0400 (EDT) From: Andre Guibert de Bruet To: Mike Jakubik In-Reply-To: <4603.172.16.0.199.1116094186.squirrel@172.16.0.1> Message-ID: <20050514150435.I3060@lexi.siliconlandmark.com> References: <20050505133250.GA73885@us.svf.stuba.sk> <20050507043712.GB28373@xor.obsecurity.org> <1318.172.16.0.199.1115846681.squirrel@172.16.0.1> <1424.172.16.0.199.1115851128.squirrel@172.16.0.1> <3973.172.16.0.199.1116028322.squirrel@172.16.0.1> <4603.172.16.0.199.1116094186.squirrel@172.16.0.1> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Information: Please contact the ISP for more information X-SL-MailScanner: Found to be clean X-SL-SpamCheck: not spam, SpamAssassin (score=-2.548, required 6, autolearn=not spam, AWL 0.05, BAYES_00 -2.60) X-MailScanner-From: andy@siliconlandmark.com cc: freebsd-net@freebsd.org cc: Andre Oppermann cc: current@freebsd.org Subject: Re: Outgoing speed problems in -CURRENT (was: Re: SOLVED: Degraded TCP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 May 2005 19:20:19 -0000 On Sat, 14 May 2005, Mike Jakubik wrote: > On Sat, May 14, 2005 12:49 am, Andre Oppermann said: >> Mike Jakubik wrote: > >>> I just tried your patch, but unfortunately it does not seem to affect >>> my problem, the speeds are identical. I am still getting half the >>> performance when sending out. The fact that this also occurs using >>> another machine and a different card, leads me to belive something is >>> broken in -CURRENT. >> >> net.inet.tcp.sendspace=65536 and try again. > > Im sorry, i mean to say receiving, not sending. I did try adjusting this, > but it made no difference. Just to recap: > > netio server running windows xp, connecting from fbsd: > > TCP/IP connection established. > Packet size 1 KByte: 41103 KByte/s > Packet size 2 KByte: 39601 KByte/s > Packet size 4 KByte: 43463 KByte/s > Packet size 8 KByte: 43734 KByte/s > Packet size 16 KByte: 43719 KByte/s > Packet size 32 KByte: 43656 KByte/s > > netio server running on fbsd, connecting from windows xp: > > TCP/IP connection established. > Packet size 1 KByte: 19347 KByte/s > Packet size 2 KByte: 21056 KByte/s > Packet size 4 KByte: 22845 KByte/s > Packet size 8 KByte: 23445 KByte/s > Packet size 16 KByte: 25082 KByte/s > Packet size 32 KByte: 25294 KByte/s > > So as we can see, i am getting nearly half the performance when sending to > the fbsd server. I get simillar results when substituting the windows > server with a fbsd 5.4 server, and using 100mbit cards on both. You surely must have meant 1000 Mbit cards. These numbers exceed the theoretical throughput of 100 Mbit networking (12500 KBytes/s). Do the numbers differ significantly if you try this test between your CURRENT machine and say, a FreeBSD 4.x or Linux 2.6 machine? Andy /* Andre Guibert de Bruet * 6f43 6564 7020 656f 2e74 4220 7469 6a20 */ /* Code poet / Sysadmin * 636f 656b 2e79 5320 7379 6461 696d 2e6e */ /* GSM: +1 734 846 8758 * 5520 494e 2058 6c73 7565 6874 002e 0000 */ /* WWW: siliconlandmark.com * Tormenting bytes since 1980. */