From owner-freebsd-net@FreeBSD.ORG Mon Dec 22 16:59:15 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 81E579F0 for ; Mon, 22 Dec 2014 16:59:15 +0000 (UTC) Received: from mail-wg0-x233.google.com (mail-wg0-x233.google.com [IPv6:2a00:1450:400c:c00::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 13A53645C4 for ; Mon, 22 Dec 2014 16:59:15 +0000 (UTC) Received: by mail-wg0-f51.google.com with SMTP id x12so7091580wgg.38 for ; Mon, 22 Dec 2014 08:59:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=vIzKh2acZDTRTGKgu/lh6jqUdY/zRYIY1jhe3w2JHkY=; b=NEDFHGzjv8RCWRS+uTN14LH9Jzuui96ig+QQd1rLnTlntnRxfHHrXYQDI6xv+kidP1 NeWr2xkd2brWErXvYTalzepC00nXW2QCUj5gBSrxDXZ1vKPF9XSBmcIoE07Q8gd86lyO 7ie1g7Q5xu0VzlBASX7HMxsOTyTwN6WkQZF0VfloPw3ALOVaGMVWVYypaiCYqBDFmonx nPyvoDtPPG7jD94kPznCcUvRqwRugTZH60SKY7yBBSHs7FSrq2n2l2FCb8TFZVdJq02i UzqWjdyAKY6gXrS24+/IDbaOZcp7fGGrmCpbCAjafjYvfvT8PMUW3ahdfz0YyWwSyJe+ YFGA== MIME-Version: 1.0 X-Received: by 10.194.179.166 with SMTP id dh6mr44011240wjc.87.1419267553434; Mon, 22 Dec 2014 08:59:13 -0800 (PST) Sender: jinmei.tatuya@gmail.com Received: by 10.194.44.66 with HTTP; Mon, 22 Dec 2014 08:59:13 -0800 (PST) In-Reply-To: <5495FAE5.8090707@bakulin.de> References: <5495FAE5.8090707@bakulin.de> Date: Mon, 22 Dec 2014 08:59:13 -0800 X-Google-Sender-Auth: cvlIRySWvxoaDSGQQY9lLS2S-Ks Message-ID: Subject: Re: IPv6 fragments handling From: =?UTF-8?B?56We5piO6YGU5ZOJ?= To: Ilya Bakulin Content-Type: text/plain; charset=UTF-8 Cc: FreeBSD Net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2014 16:59:15 -0000 At Sat, 20 Dec 2014 23:40:37 +0100, Ilya Bakulin wrote: > But what we do is just silently discarding the overlapping segment, see [2]. > When using PF with fragment reassembly, the behavior changes to what RFC > says > and the packet is completely dropped. > > There is no security issue with current behavior, because the already > received > part is never overwritten, but following RFC a bit closer would be nice. > > Maybe we should fix the stack to drop such packets? That would be a nice cleanup (the current implementation you cited seems to be written way before RFC5722, so it's not surprising it doesn't follow the latest recommendation). > > [1] https://tools.ietf.org/html/rfc5722#section-4 > [2] https://github.com/freebsd/freebsd/blob/master/sys/netinet6/frag6.c#L443 -- JINMEI, Tatuya From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 03:03:43 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2B78D96F for ; Tue, 23 Dec 2014 03:03:43 +0000 (UTC) Received: from st11p02mm-asmtp002.mac.com (st11p02mm-asmtpout002.mac.com [17.172.220.237]) (using TLSv1.2 with cipher DHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 00FB16602D for ; Tue, 23 Dec 2014 03:03:42 +0000 (UTC) Received: from fukuyama.hsd1.ca.comcast.net (unknown [73.162.13.215]) by st11p02mm-asmtp002.mac.com (Oracle Communications Messaging Server 7.0.5.33.0 64bit (built Aug 27 2014)) with ESMTPSA id <0NH000EPPLU14330@st11p02mm-asmtp002.mac.com> for freebsd-net@freebsd.org; Tue, 23 Dec 2014 03:03:39 +0000 (GMT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.13.68,1.0.33,0.0.0000 definitions=2014-12-23_02:2014-12-23,2014-12-23,1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1412080000 definitions=main-1412230027 From: Rui Paulo Content-type: text/plain; charset=us-ascii Content-transfer-encoding: quoted-printable Subject: LOR in IGMP code Message-id: Date: Mon, 22 Dec 2014 19:03:37 -0800 To: FreeBSD Net MIME-version: 1.0 (Mac OS X Mail 8.1 \(1993\)) X-Mailer: Apple Mail (2.1993) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2014 03:03:43 -0000 Hi, I may look into this, but here it is. HEAD as of this week. lock order reversal: 1st 0xc2be2508 if_addr_lock (if_addr_lock) @ = /home/rpaulo/freebsd/sys/netinet/igmp.c:1716 2nd 0xc070d9bc ifnet_rw (ifnet_rw) @ = /home/rpaulo/freebsd/sys/net/if.c:243 KDB: stack backtrace: db_trace_self() at db_trace_self pc =3D 0xc0551534 lr =3D 0xc0233b58 = (db_trace_self_wrapper+0x30) sp =3D 0xdcfc5a18 fp =3D 0xdcfc5b30 r10 =3D 0xc070d9bc db_trace_self_wrapper() at db_trace_self_wrapper+0x30 pc =3D 0xc0233b58 lr =3D 0xc03a2f34 (kdb_backtrace+0x38) sp =3D 0xdcfc5b38 fp =3D 0xdcfc5b40 r4 =3D 0xc06a7a24 r5 =3D 0xc05a52a1 r6 =3D 0xc05c7a76 r7 =3D 0xc06da464 kdb_backtrace() at kdb_backtrace+0x38 pc =3D 0xc03a2f34 lr =3D 0xc03bd7e0 (witness_checkorder+0xe50) sp =3D 0xdcfc5b48 fp =3D 0xdcfc5b98 r4 =3D 0xc05c8031 witness_checkorder() at witness_checkorder+0xe50 pc =3D 0xc03bd7e0 lr =3D 0xc0369114 (__rw_rlock+0x94) sp =3D 0xdcfc5ba0 fp =3D 0xdcfc5bd0 r4 =3D 0x000000f3 r5 =3D 0xc05c7a73 r6 =3D 0xc070d9cc r7 =3D 0xc070d9bc r8 =3D 0xc2be2400 r9 =3D 0xc0705bfc r10 =3D 0x0000001c __rw_rlock() at __rw_rlock+0x94 pc =3D 0xc0369114 lr =3D 0xc042d2f0 (ifnet_byindex+0x28) sp =3D 0xdcfc5bd8 fp =3D 0xdcfc5be8 r4 =3D 0xc070d9cc r5 =3D 0x00000003 r6 =3D 0x00000000 r7 =3D 0xc0705bc0 r8 =3D 0xc2be2400 r9 =3D 0xc0705bfc r10 =3D 0x0000001c ifnet_byindex() at ifnet_byindex+0x28 pc =3D 0xc042d2f0 lr =3D 0xc0448bac (igmp_intr+0x18) sp =3D 0xdcfc5bf0 fp =3D 0xdcfc5c40 r4 =3D 0xc2bbfa00 r5 =3D 0xc2bbfa00 r6 =3D 0x00000000 igmp_intr() at igmp_intr+0x18 pc =3D 0xc0448bac lr =3D 0xc043a3a4 (netisr_dispatch_src+0xa8) sp =3D 0xdcfc5c48 fp =3D 0xdcfc5c70 r4 =3D 0x00000002 r5 =3D 0xc2bbfa00 r6 =3D 0x00000000 r7 =3D 0xc0705bc0 r8 =3D 0xc2be2400 r9 =3D 0xc0705bfc r10 =3D 0x0000001c netisr_dispatch_src() at netisr_dispatch_src+0xa8 pc =3D 0xc043a3a4 lr =3D 0xc043a734 (netisr_dispatch+0x14) sp =3D 0xdcfc5c78 fp =3D 0xdcfc5c78 r4 =3D 0xc2c27500 r5 =3D 0xc2bbfa00 r6 =3D 0x00000000 r7 =3D 0x00000000 r8 =3D 0xc2be2400 r9 =3D 0x00000016 r10 =3D 0x0000001c netisr_dispatch() at netisr_dispatch+0x14 pc =3D 0xc043a734 lr =3D 0xc04492cc = (igmp_v1v2_queue_report+0x1d8) sp =3D 0xdcfc5c80 fp =3D 0xdcfc5ca8 igmp_v1v2_queue_report() at igmp_v1v2_queue_report+0x1d8 pc =3D 0xc04492cc lr =3D 0xc0447df0 (igmp_fasttimo+0x3c4) sp =3D 0xdcfc5cb0 fp =3D 0xdcfc5d38 r4 =3D 0x00000002 r5 =3D 0xc2c25c00 r6 =3D 0xc05ca12c r7 =3D 0xc2acff60 r8 =3D 0x00000000 r9 =3D 0xc2c27500 r10 =3D 0xc070db70 igmp_fasttimo() at igmp_fasttimo+0x3c4 pc =3D 0xc0447df0 lr =3D 0xc03da754 (pffasttimo+0x4c) sp =3D 0xdcfc5d40 fp =3D 0xdcfc5d60 r4 =3D 0xc0677e40 r5 =3D 0xc0677fb0 r6 =3D 0xc070d648 r7 =3D 0xc070d610 r8 =3D 0xc070d644 r9 =3D 0x00000096 r10 =3D 0xc070d600 pffasttimo() at pffasttimo+0x4c pc =3D 0xc03da754 lr =3D 0xc03815a8 (softclock_call_cc+0x138) sp =3D 0xdcfc5d68 fp =3D 0xdcfc5dc0 r4 =3D 0x00000000 r5 =3D 0xc07046f8 softclock_call_cc() at softclock_call_cc+0x138 pc =3D 0xc03815a8 lr =3D 0xc0381708 (softclock+0x40) sp =3D 0xdcfc5dc8 fp =3D 0xdcfc5dd0 r4 =3D 0xc070d610 r5 =3D 0xc070d600 r6 =3D 0xc2516600 r7 =3D 0xc05af8e1 r8 =3D 0x000004be r9 =3D 0xc251662c r10 =3D 0x00000000 softclock() at softclock+0x40 pc =3D 0xc0381708 lr =3D 0xc033b9dc = (intr_event_execute_handlers+0xb8) sp =3D 0xdcfc5dd8 fp =3D 0xdcfc5df8 r4 =3D 0xc2859700 r5 =3D 0xc2859748 intr_event_execute_handlers() at intr_event_execute_handlers+0xb8 pc =3D 0xc033b9dc lr =3D 0xc033c32c (ithread_loop+0xa8) sp =3D 0xdcfc5e00 fp =3D 0xdcfc5e38 r4 =3D 0xc2505ec0 r5 =3D 0xc297dcc0 r6 =3D 0xc2859700 r7 =3D 0xc0669900 r8 =3D 0xc070d3e4 r9 =3D 0x00000000 r10 =3D 0xc05af8e1 ithread_loop() at ithread_loop+0xa8 pc =3D 0xc033c32c lr =3D 0xc033931c (fork_exit+0x80) sp =3D 0xdcfc5e40 fp =3D 0xdcfc5e58 r4 =3D 0xc297dcc0 r5 =3D 0xc297a6f0 r6 =3D 0xc033c284 r7 =3D 0xc2505ec0 r8 =3D 0xdcfc5e60 r9 =3D 0x00000000 r10 =3D 0x00000000 fork_exit() at fork_exit+0x80 pc =3D 0xc033931c lr =3D 0xc0553284 (swi_exit) sp =3D 0xdcfc5e60 fp =3D 0x00000000 r4 =3D 0xc033c284 r5 =3D 0xc2505ec0 r6 =3D 0x00000000 r7 =3D 0x00000000 r8 =3D 0x00000000 swi_exit() at swi_exit pc =3D 0xc0553284 lr =3D 0xc0553284 (swi_exit) sp =3D 0xdcfc5e60 fp =3D 0x00000000 -- Rui Paulo From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 13:34:21 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0C6B69D0 for ; Tue, 23 Dec 2014 13:34:21 +0000 (UTC) Received: from mx.aknet.kg (mx.aknet.kg [212.112.96.8]) by mx1.freebsd.org (Postfix) with ESMTP id A9F321588 for ; Tue, 23 Dec 2014 13:34:20 +0000 (UTC) Received: from [192.168.0.218] (office.aknet.kg [212.112.96.6]) by mx.aknet.kg (Postfix) with ESMTP id DD0471CCF7 for ; Tue, 23 Dec 2014 19:02:01 +0600 (KGT) To: freebsd-net@freebsd.org From: "IT Department, AkNet ISP" Reply-To: "IT Department, AkNet ISP" Subject: Netmap-ipfw, how to fill a table by 15K entries ? Date: Tue, 23 Dec 2014 19:02:01 +0600 X-LibVersion: 3.3.2 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-MimeOLE: Produced by Group-Office 3.01-stable-5 X-Mailer: Group-Office 3.01-stable-5 Message-ID: <20141223130201.83220.333300601.swift@crm.aknet.kg> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2014 13:34:21 -0000 Hello to All Can anybody tell, how to fill a table with large number of entries ? Sure, It can be done by standard method by ./ipfw table 10 add xxx.xxx.xxx.xxx in a script, but each entry takes couple of seconds to be placed into a table: ./ipfw table 10 add 192.168.10.50 connected to 127.0.0.1:5555 And takes many hours to do all job. May be there is a way to open a socket and place a bulk commands, for example: telnet localhost 5555 table 10 add xxx.xxx.xxx.xxx But it doesn't work as written above. May be Senior Luigi can explane how to do such work as fast as it done by ordinary ipfw ? Best regards Azamat AkNet ISP From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 14:51:40 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C79AAA6F for ; Tue, 23 Dec 2014 14:51:40 +0000 (UTC) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F41766ACA for ; Tue, 23 Dec 2014 14:51:39 +0000 (UTC) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221]) by hz.grosbein.net (8.14.9/8.14.9) with ESMTP id sBNEV2IK033841 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 23 Dec 2014 15:31:07 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: freebsd-net@freebsd.org Received: from eg.sd.rdtc.ru (eugen@localhost [127.0.0.1]) by eg.sd.rdtc.ru (8.14.9/8.14.9) with ESMTP id sBNEUtSu015330; Tue, 23 Dec 2014 21:30:55 +0700 (KRAT) (envelope-from eugen@grosbein.net) Message-ID: <54997C9F.7@grosbein.net> Date: Tue, 23 Dec 2014 21:30:55 +0700 From: Eugene Grosbein User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: "IT Department, AkNet ISP" , "freebsd-net@freebsd.org" Subject: Re: Netmap-ipfw, how to fill a table by 15K entries ? References: <20141223130201.83220.333300601.swift@crm.aknet.kg> In-Reply-To: <20141223130201.83220.333300601.swift@crm.aknet.kg> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=3.0 required=5.0 tests=BAYES_00, DATE_IN_FUTURE_96_Q, LOCAL_FROM autolearn=no version=3.3.2 X-Spam-Report: * 2.7 DATE_IN_FUTURE_96_Q Date: is 4 days to 4 months after Received: date * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on hz.grosbein.net X-Spam-Level: ** X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2014 14:51:40 -0000 On 23.12.2014 20:02, IT Department, AkNet ISP wrote: > Hello to All > > Can anybody tell, how to fill a table with large number of entries ? > > Sure, It can be done by standard method by ./ipfw table 10 add > xxx.xxx.xxx.xxx in a script, but each entry takes couple of seconds to > be placed into a table: > > ./ipfw table 10 add 192.168.10.50 > connected to 127.0.0.1:5555 > > And takes many hours to do all job. > > May be there is a way to open a socket and place a bulk commands, for > example: > telnet localhost 5555 > table 10 add xxx.xxx.xxx.xxx > > But it doesn't work as written above. > > May be Senior Luigi can explane how to do such work as fast as it > done by ordinary ipfw ? /sbin/ipfw can take full pathname of text file containing list of commands like: table 10 add x.x.x.x table 10 add x.x.x.y ... So, it parses them all and executes at once. Read man ipfw, section: LIST OF RULES AND PREPROCESSING Eugene Grosbein From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 15:32:26 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BED5734D for ; Tue, 23 Dec 2014 15:32:26 +0000 (UTC) Received: from mx.aknet.kg (mx.aknet.kg [212.112.96.8]) by mx1.freebsd.org (Postfix) with ESMTP id 6922266FD7 for ; Tue, 23 Dec 2014 15:32:26 +0000 (UTC) Received: from mx.aknet.kg (localhost.aknet.kg [127.0.0.1]) by mx.aknet.kg (Postfix) with ESMTP id 4A9E21CDEE for ; Tue, 23 Dec 2014 21:32:25 +0600 (KGT) Received: (from nobody@localhost) by mx.aknet.kg (8.13.8/8.13.8/Submit) id sBNFWPSm021199; Tue, 23 Dec 2014 21:32:25 +0600 (KGT) (envelope-from info@aknet.kg) X-Authentication-Warning: mx.aknet.kg: nobody set sender to info@aknet.kg using -f To: Subject: Re: Netmap-ipfw, how to fill a table by 15K entries =?UTF-8?Q?=3F?= X-PHP-Originating-Script: 501:main.inc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Tue, 23 Dec 2014 21:32:25 +0600 From: info@aknet.kg In-Reply-To: <54997C9F.7@grosbein.net> References: <20141223130201.83220.333300601.swift@crm.aknet.kg> <54997C9F.7@grosbein.net> Message-ID: <63ee7a61354bdbe2e588496eb3af384e@aknet.kg> X-Sender: info@aknet.kg User-Agent: Roundcube Webmail/0.7.2 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2014 15:32:26 -0000 Eugene, sure, first we tried was a method with file. But after first 2-3 rules (table 10 add xxx.xxx.xxx.xxx) it hangs and we loose console interaction. (the last FreeBSD-Stable 10.1) It needs to open new console and kill a process ./ipfw /usr/local/.../rules.txt And ./ipfw table 10 list shows only 2-3 new rules from any (20 or 15K in file) May be this case (placing many enties into tables) was not tested by developers? Azamat Eugene Grosbein писал 2014-12-23 20:30: > On 23.12.2014 20:02, IT Department, AkNet ISP wrote: >> Hello to All >> >> Can anybody tell, how to fill a table with large number of entries ? >> >> Sure, It can be done by standard method by ./ipfw table 10 add >> xxx.xxx.xxx.xxx in a script, but each entry takes couple of seconds >> to >> be placed into a table: >> >> ./ipfw table 10 add 192.168.10.50 >> connected to 127.0.0.1:5555 >> >> And takes many hours to do all job. >> >> May be there is a way to open a socket and place a bulk commands, >> for >> example: >> telnet localhost 5555 >> table 10 add xxx.xxx.xxx.xxx >> >> But it doesn't work as written above. >> >> May be Senior Luigi can explane how to do such work as fast as it >> done by ordinary ipfw ? > > /sbin/ipfw can take full pathname of text file containing list of > commands like: > > table 10 add x.x.x.x > table 10 add x.x.x.y > ... > > So, it parses them all and executes at once. Read man ipfw, section: > LIST OF RULES AND PREPROCESSING > > Eugene Grosbein > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to > "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 15:42:53 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 19377A37 for ; Tue, 23 Dec 2014 15:42:53 +0000 (UTC) Received: from mail-la0-x22f.google.com (mail-la0-x22f.google.com [IPv6:2a00:1450:4010:c03::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8ECBC64122 for ; Tue, 23 Dec 2014 15:42:52 +0000 (UTC) Received: by mail-la0-f47.google.com with SMTP id hz20so5570366lab.6 for ; Tue, 23 Dec 2014 07:42:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=ChB420XS7ORVQ1UHRd2AkiOjfVmynFkWvBUwvTmeFR8=; b=XNa0vCGPitk8JZ7j/K4n+DUjXathwD2BSkdv+zFNa2Brd7aBI24T+d/XvZB03zbIdY g/aRxf1pHqBiz491Vr5D4Cn+sdLMrRam4DIzai3SYXQvF06Zud00VIEOEctoiAN1aDZI jZDnjsvzDTeft+0WvTDzxpQWoIH/LPIPFzg7y41PlUfpAkL5IkJgB+JMiwZKa0rv/vsx U+3KUvxnZDGqvoRK/a9OaHYIZ78Q31FxCQ4zM27g7A47b6N063lF6J/pB/81N8ElNsvS YBe2uNnHpsgT2EbPJkQmHHRa48RlkptRykJGaSoPSWMnbwx68z/whamsIV/N9uOpENPF v2pg== MIME-Version: 1.0 X-Received: by 10.152.5.7 with SMTP id o7mr11857054lao.26.1419349369484; Tue, 23 Dec 2014 07:42:49 -0800 (PST) Sender: rizzo.unipi@gmail.com Received: by 10.114.174.169 with HTTP; Tue, 23 Dec 2014 07:42:49 -0800 (PST) In-Reply-To: <20141223130201.83220.333300601.swift@crm.aknet.kg> References: <20141223130201.83220.333300601.swift@crm.aknet.kg> Date: Tue, 23 Dec 2014 16:42:49 +0100 X-Google-Sender-Auth: 1jvxNNNRvQAd3TYlxTCnkgNqoco Message-ID: Subject: Re: Netmap-ipfw, how to fill a table by 15K entries ? From: Luigi Rizzo To: "IT Department, AkNet ISP" Content-Type: text/plain; charset=UTF-8 Cc: "freebsd-net@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2014 15:42:53 -0000 please take the code from code.google.com/p/netmap-ipfw/ The symptoms you describe seem related to a bug that i fixed a couple of months ago. cheers luigi On Tue, Dec 23, 2014 at 2:02 PM, IT Department, AkNet ISP wrote: > Hello to All > > Can anybody tell, how to fill a table with large number of entries ? > > Sure, It can be done by standard method by ./ipfw table 10 add > xxx.xxx.xxx.xxx in a script, but each entry takes couple of seconds to > be placed into a table: > > ./ipfw table 10 add 192.168.10.50 > connected to 127.0.0.1:5555 > > And takes many hours to do all job. > > May be there is a way to open a socket and place a bulk commands, for > example: > telnet localhost 5555 > table 10 add xxx.xxx.xxx.xxx > > But it doesn't work as written above. > > May be Senior Luigi can explane how to do such work as fast as it > done by ordinary ipfw ? > > Best regards > Azamat > AkNet ISP > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- -----------------------------------------+------------------------------- Prof. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL +39-050-2211611 . via Diotisalvi 2 Mobile +39-338-6809875 . 56122 PISA (Italy) -----------------------------------------+------------------------------- From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 16:04:13 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 16DE23BA for ; Tue, 23 Dec 2014 16:04:13 +0000 (UTC) Received: from mx.aknet.kg (mx.aknet.kg [212.112.96.8]) by mx1.freebsd.org (Postfix) with ESMTP id B24BF64CC9 for ; Tue, 23 Dec 2014 16:04:12 +0000 (UTC) Received: from mx.aknet.kg (localhost.aknet.kg [127.0.0.1]) by mx.aknet.kg (Postfix) with ESMTP id 17D1A1CCEC for ; Tue, 23 Dec 2014 22:04:11 +0600 (KGT) Received: (from nobody@localhost) by mx.aknet.kg (8.13.8/8.13.8/Submit) id sBNG4AlF023868; Tue, 23 Dec 2014 22:04:10 +0600 (KGT) (envelope-from info@aknet.kg) X-Authentication-Warning: mx.aknet.kg: nobody set sender to info@aknet.kg using -f To: Subject: Re: Netmap-ipfw, how to fill a table by 15K entries =?UTF-8?Q?=3F?= X-PHP-Originating-Script: 501:main.inc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Tue, 23 Dec 2014 22:04:10 +0600 From: info@aknet.kg In-Reply-To: References: <20141223130201.83220.333300601.swift@crm.aknet.kg> Message-ID: X-Sender: info@aknet.kg User-Agent: Roundcube Webmail/0.7.2 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2014 16:04:13 -0000 Dear Luigi Today I installed the last distribution of FreeBSD-Stable 10.1 and took netmap-ipfw from your place by: git clone https://code.google.com/p/netmap-ipfw/ (hope the latest version) netmap compiled into kenel by device netmap Test computer i7-3770 (3.4Ghz), network card Intel DA-520 (2x10G) Test shown that it needs much more than a hour to put 15K entries to a table by standard ./ipfw table 10 add xxx.xxx.xxx.xxx from sh script. With standard version of ipfw in one of my tables I currently have: ipfw table 0 list | wc -l 27358 and server operates with such tables without problems concerning ipfw part. It will be great to have ability to open connection once to localhost:5555 and than to push commands from a file by this pipe. Regards Azamat Luigi Rizzo писал 2014-12-23 21:42: > please take the code from code.google.com/p/netmap-ipfw/ > > The symptoms you describe seem related to a bug that i fixed a couple > of months ago. > > cheers > luigi > > On Tue, Dec 23, 2014 at 2:02 PM, IT Department, AkNet ISP > wrote: >> Hello to All >> >> Can anybody tell, how to fill a table with large number of entries ? >> >> Sure, It can be done by standard method by ./ipfw table 10 add >> xxx.xxx.xxx.xxx in a script, but each entry takes couple of seconds >> to >> be placed into a table: >> >> ./ipfw table 10 add 192.168.10.50 >> connected to 127.0.0.1:5555 >> >> And takes many hours to do all job. >> >> May be there is a way to open a socket and place a bulk commands, >> for >> example: >> telnet localhost 5555 >> table 10 add xxx.xxx.xxx.xxx >> >> But it doesn't work as written above. >> >> May be Senior Luigi can explane how to do such work as fast as it >> done by ordinary ipfw ? >> >> Best regards >> Azamat >> AkNet ISP >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to >> "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 16:14:33 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 351A16A3 for ; Tue, 23 Dec 2014 16:14:33 +0000 (UTC) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 07E0064E31 for ; Tue, 23 Dec 2014 16:14:32 +0000 (UTC) Received: from jre-mbp.elischer.org (ppp121-45-252-117.lns20.per2.internode.on.net [121.45.252.117]) (authenticated bits=0) by vps1.elischer.org (8.14.9/8.14.9) with ESMTP id sBNGENJc041552 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 23 Dec 2014 08:14:25 -0800 (PST) (envelope-from julian@freebsd.org) Message-ID: <549994D9.1050503@freebsd.org> Date: Wed, 24 Dec 2014 00:14:17 +0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: info@aknet.kg, freebsd-net@freebsd.org Subject: Re: Netmap-ipfw, how to fill a table by 15K entries ? References: <20141223130201.83220.333300601.swift@crm.aknet.kg> <54997C9F.7@grosbein.net> <63ee7a61354bdbe2e588496eb3af384e@aknet.kg> In-Reply-To: <63ee7a61354bdbe2e588496eb3af384e@aknet.kg> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2014 16:14:33 -0000 On 12/23/14 11:32 PM, info@aknet.kg wrote: > Eugene, > sure, first we tried was a method with file. > But after first 2-3 rules (table 10 add xxx.xxx.xxx.xxx) it hangs > and we loose console interaction. > (the last FreeBSD-Stable 10.1) > > It needs to open new console and kill a process ./ipfw > /usr/local/.../rules.txt > > And ./ipfw table 10 list shows only 2-3 new rules from any (20 or > 15K in file) > > May be this case (placing many enties into tables) was not tested by > developers? I haven't used the file, but I have piped the commands into ipfw.. myscript | ipfw /dev/stdin where "myscript" outputs all the commands derived from my configuration. (actually myscript was a python program when I worked for cisco) > > Azamat > > Eugene Grosbein писал 2014-12-23 20:30: >> On 23.12.2014 20:02, IT Department, AkNet ISP wrote: >>> Hello to All >>> >>> Can anybody tell, how to fill a table with large number of entries ? >>> >>> Sure, It can be done by standard method by ./ipfw table 10 add >>> xxx.xxx.xxx.xxx in a script, but each entry takes couple of >>> seconds to >>> be placed into a table: >>> >>> ./ipfw table 10 add 192.168.10.50 >>> connected to 127.0.0.1:5555 >>> >>> And takes many hours to do all job. >>> >>> May be there is a way to open a socket and place a bulk commands, for >>> example: >>> telnet localhost 5555 >>> table 10 add xxx.xxx.xxx.xxx >>> >>> But it doesn't work as written above. >>> >>> May be Senior Luigi can explane how to do such work as fast as it >>> done by ordinary ipfw ? >> >> /sbin/ipfw can take full pathname of text file containing list of >> commands like: >> >> table 10 add x.x.x.x >> table 10 add x.x.x.y >> ... >> >> So, it parses them all and executes at once. Read man ipfw, section: >> LIST OF RULES AND PREPROCESSING >> >> Eugene Grosbein >> >> >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 17:09:27 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ECFC914D for ; Tue, 23 Dec 2014 17:09:26 +0000 (UTC) Received: from mx.aknet.kg (mx.aknet.kg [212.112.96.8]) by mx1.freebsd.org (Postfix) with ESMTP id 4AAAE1F9F for ; Tue, 23 Dec 2014 17:09:26 +0000 (UTC) Received: from mx.aknet.kg (localhost.aknet.kg [127.0.0.1]) by mx.aknet.kg (Postfix) with ESMTP id 45A2C1CCF7 for ; Tue, 23 Dec 2014 23:09:25 +0600 (KGT) Received: (from nobody@localhost) by mx.aknet.kg (8.13.8/8.13.8/Submit) id sBNH9Pai029139; Tue, 23 Dec 2014 23:09:25 +0600 (KGT) (envelope-from info@aknet.kg) X-Authentication-Warning: mx.aknet.kg: nobody set sender to info@aknet.kg using -f To: Subject: Re: Netmap-ipfw, how to fill a table by 15K entries =?UTF-8?Q?=20=3F?= X-PHP-Originating-Script: 501:main.inc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Tue, 23 Dec 2014 23:09:25 +0600 From: info@aknet.kg In-Reply-To: <549994D9.1050503@freebsd.org> References: <20141223130201.83220.333300601.swift@crm.aknet.kg> <54997C9F.7@grosbein.net> <63ee7a61354bdbe2e588496eb3af384e@aknet.kg> <549994D9.1050503@freebsd.org> Message-ID: <22dc1bd1d57468c1e3ab17a75a3909d6@aknet.kg> X-Sender: info@aknet.kg User-Agent: Roundcube Webmail/0.7.2 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2014 17:09:27 -0000 Julian, I tested your method, result is negative, I see following: First Console: root@testbridge:/usr/local/netmap-ipfw/netmap-ipfw/ipfw # more tab-cont.txt | ./ipfw /dev/stdin connected to 127.0.0.1:5555 ^C Freeze. Have to interrupt by CTRL-C after 30 sec. Second Console: root@testbridge:/usr/local/netmap-ipfw/netmap-ipfw/ipfw # ./ipfw table 10 list connected to 127.0.0.1:5555 192.168.103.10/32 0 192.168.103.100/32 0 but in tab-cont.txt more tab-cont.txt | wc -l 11 table 10 add 192.168.103.10 table 10 add 192.168.103.100 table 10 add 192.168.103.101 table 10 add 192.168.103.102 table 10 add 192.168.103.103 table 10 add 192.168.103.104 table 10 add 192.168.103.105 table 10 add 192.168.103.106 table 10 add 192.168.103.107 table 10 add 192.168.103.109 table 10 add 192.168.103.11 If somebody have idea or wants to make tests - I can give ssh access to my test server :) Azamat Elischer писал 2014-12-23 22:14: > On 12/23/14 11:32 PM, info@aknet.kg wrote: >> Eugene, >> sure, first we tried was a method with file. >> But after first 2-3 rules (table 10 add xxx.xxx.xxx.xxx) it hangs >> and we loose console interaction. >> (the last FreeBSD-Stable 10.1) >> >> It needs to open new console and kill a process ./ipfw >> /usr/local/.../rules.txt >> >> And ./ipfw table 10 list shows only 2-3 new rules from any (20 or >> 15K in file) >> >> May be this case (placing many enties into tables) was not tested by >> developers? > > I haven't used the file, but I have piped the commands into ipfw.. > > myscript | ipfw /dev/stdin > > where "myscript" outputs all the commands derived from my > configuration. > (actually myscript was a python program when I worked for cisco) > >> >> Azamat >> >> Eugene Grosbein писал 2014-12-23 20:30: >>> On 23.12.2014 20:02, IT Department, AkNet ISP wrote: >>>> Hello to All >>>> >>>> Can anybody tell, how to fill a table with large number of entries >>>> ? >>>> >>>> Sure, It can be done by standard method by ./ipfw table 10 add >>>> xxx.xxx.xxx.xxx in a script, but each entry takes couple of >>>> seconds to >>>> be placed into a table: >>>> >>>> ./ipfw table 10 add 192.168.10.50 >>>> connected to 127.0.0.1:5555 >>>> >>>> And takes many hours to do all job. >>>> >>>> May be there is a way to open a socket and place a bulk commands, >>>> for >>>> example: >>>> telnet localhost 5555 >>>> table 10 add xxx.xxx.xxx.xxx >>>> >>>> But it doesn't work as written above. >>>> >>>> May be Senior Luigi can explane how to do such work as fast as it >>>> done by ordinary ipfw ? >>> >>> /sbin/ipfw can take full pathname of text file containing list of >>> commands like: >>> >>> table 10 add x.x.x.x >>> table 10 add x.x.x.y >>> ... >>> >>> So, it parses them all and executes at once. Read man ipfw, >>> section: >>> LIST OF RULES AND PREPROCESSING >>> >>> Eugene Grosbein >>> >>> >>> >>> _______________________________________________ >>> freebsd-net@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-net >>> To unsubscribe, send any mail to >>> "freebsd-net-unsubscribe@freebsd.org" >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to >> "freebsd-net-unsubscribe@freebsd.org" >> >> >> > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to > "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 17:26:31 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1D87C567 for ; Tue, 23 Dec 2014 17:26:31 +0000 (UTC) Received: from mail-lb0-x232.google.com (mail-lb0-x232.google.com [IPv6:2a00:1450:4010:c04::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8FDC82476 for ; Tue, 23 Dec 2014 17:26:30 +0000 (UTC) Received: by mail-lb0-f178.google.com with SMTP id f15so6431657lbj.9 for ; Tue, 23 Dec 2014 09:26:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=/JZlsMlu3VCvGgzmyFX3C2Ukn7Oceb8jqEh8vMNhJmc=; b=KKaG4y2C+PDLYAddvQWdjgN+iJKnwT9piR+qR28V0mcRQoy8GIZ0UcaJsDYO5kBob0 fr/sjFry71NDKY0o27G5UJ6sV+GFdiiwurhJjl/EMDmQ1ns7Oy3S0VmwWYR/Jf+XlMWI Iu/lhl7Jh7pG8BONqah9mJI1GAO9nFyMbo+mBnra0BgwlB9e28nD09nLBY3fV8UaODqL SaDxRLEQceQacFAuv3VqO2SOSNuSQ3ij/ccHY6bYeJg5obaczYthFlNaIWrZrjvQmdRk 3/9l4qMyVPIUQ2Q9VJieNnhYMSg0J4bFgzLedBmeV/j7X7asK3HA53xi0ZPrvhHHaRzW 9TGQ== MIME-Version: 1.0 X-Received: by 10.112.135.6 with SMTP id po6mr29482524lbb.69.1419355588516; Tue, 23 Dec 2014 09:26:28 -0800 (PST) Sender: rizzo.unipi@gmail.com Received: by 10.114.174.169 with HTTP; Tue, 23 Dec 2014 09:26:28 -0800 (PST) In-Reply-To: References: <20141223130201.83220.333300601.swift@crm.aknet.kg> Date: Tue, 23 Dec 2014 18:26:28 +0100 X-Google-Sender-Auth: qHrA4TI_hOM9NnlBjC3b6s2Nt64 Message-ID: Subject: Re: Netmap-ipfw, how to fill a table by 15K entries ? From: Luigi Rizzo To: "IT Department, AkNet ISP" Content-Type: text/plain; charset=UTF-8 Cc: "freebsd-net@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2014 17:26:31 -0000 On Tue, Dec 23, 2014 at 5:04 PM, wrote: > Dear Luigi > > Today I installed the last distribution of FreeBSD-Stable 10.1 and > took netmap-ipfw from your place by: > > git clone https://code.google.com/p/netmap-ipfw/ > (hope the latest version) > i am investigating the problem. First, the "next" branch seems to behave marginally better in terms of robustness, but it still shows entries being inserted exactly every 100 ms which looks like the effect of some timeout (tipfw/ipfw and ./kipfw communicate through a tcp socket, tcpdump shows that the ack is delayed by 100ms which slows down everything. Need to investigate which tcp sockoptions remove this delay.. cheers luigi From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 18:26:15 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2BDA9DFF; Tue, 23 Dec 2014 18:26:15 +0000 (UTC) Received: from mail-la0-x22b.google.com (mail-la0-x22b.google.com [IPv6:2a00:1450:4010:c03::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A27676468F; Tue, 23 Dec 2014 18:26:14 +0000 (UTC) Received: by mail-la0-f43.google.com with SMTP id s18so6013731lam.16; Tue, 23 Dec 2014 10:26:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:cc:content-type; bh=AXg9BNX+dlbK+dEVgjtHaWEvFd6qTp5w4535ORArZhY=; b=UdOTKHeH1ZTwqDZWY23wAyX3h9r5NX4GbazSACLWZsKj7lPwuA6dq6JCRahXxlnc5a 7BGlfPEcauOAy/P5pQR5JuctY7Jl9KD5PE+nTmxVR29Ih/EcPb9OMjqk8Xe0c+6x+qyd SD5YY4r2R9KRa+1Womm/6FePsPmIqDict7TlNZvYXV1V/3wdP9NW8W3MtL0jEQzOfUpt i9nJ6EKw8qC4cTM/X2tNYskF76t5EJBDyPKv/GW1lZByR6Lf5FgkuJudcdDg3On6/nt6 uFxhcl3xm9pt+5prcyGPPabndbHXdvx2Lske0woGtNyfAeHcVFNfCXwR3H3GPyBgFXfH R17w== MIME-Version: 1.0 X-Received: by 10.112.164.240 with SMTP id yt16mr29943010lbb.34.1419359172715; Tue, 23 Dec 2014 10:26:12 -0800 (PST) Sender: rizzo.unipi@gmail.com Received: by 10.114.174.169 with HTTP; Tue, 23 Dec 2014 10:26:12 -0800 (PST) Date: Tue, 23 Dec 2014 19:26:12 +0100 X-Google-Sender-Auth: t8QAC5PtWkAgC1iy-hbpfvC9hKE Message-ID: Subject: FIXED [Re: Netmap-ipfw, how to fill a table by 15K entries ?] From: Luigi Rizzo To: "IT Department, AkNet ISP" Content-Type: text/plain; charset=UTF-8 Cc: "freebsd-net@freebsd.org" , "Alexander V. Chernikov" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2014 18:26:15 -0000 Ok please pull the "next" branch from code.google.com/p/netmap-ipfw/ which has a fix applied (set TCP_NODELAY on the connection). With that i can load a table with 64k entries in about 3 seconds. The "master" branch also has the same fix, but loading a table appears to be buggy when it comes to tables, I think it is pointless to debug the problem in that branch since "next" contains more recent code from Alexander Chernikov which is much more robust for tables. Thanks for the bug report. cheers luigi On Tue, Dec 23, 2014 at 2:02 PM, IT Department, AkNet ISP wrote: > Hello to All > > Can anybody tell, how to fill a table with large number of entries ? > > Sure, It can be done by standard method by ./ipfw table 10 add > xxx.xxx.xxx.xxx in a script, but each entry takes couple of seconds to > be placed into a table: > > ./ipfw table 10 add 192.168.10.50 > connected to 127.0.0.1:5555 > > And takes many hours to do all job. > > May be there is a way to open a socket and place a bulk commands, for > example: > telnet localhost 5555 > table 10 add xxx.xxx.xxx.xxx > > But it doesn't work as written above. > > May be Senior Luigi can explane how to do such work as fast as it > done by ordinary ipfw ? > > Best regards > Azamat > AkNet ISP > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- -----------------------------------------+------------------------------- Prof. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL +39-050-2211611 . via Diotisalvi 2 Mobile +39-338-6809875 . 56122 PISA (Italy) -----------------------------------------+------------------------------- From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 21:44:45 2014 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 96DEB7B5 for ; Tue, 23 Dec 2014 21:44:45 +0000 (UTC) Received: from mail-la0-x229.google.com (mail-la0-x229.google.com [IPv6:2a00:1450:4010:c03::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1BA8C12E1 for ; Tue, 23 Dec 2014 21:44:45 +0000 (UTC) Received: by mail-la0-f41.google.com with SMTP id hv19so6163659lab.0 for ; Tue, 23 Dec 2014 13:44:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=pNwT2ap2HstqVuUR7DcHUYY82QwA9PwIsLBwu24foUI=; b=MxwrlhZK7R/6xvNwGWzXJna1BpujRVi/C0suXARLLrdiNy+0GO6NvZWPXTPw2JJMEU MmNwII27AfkpcIaSAfjZ85OoEffegO7Eolm+53sx22SxPjvG7gsnFX/kUgs1ogrnVdPB 31l9PZvD0pBrNB7k8R+QHtSj8wAYmKPjy1toZQUqhYFwmuxLzkbI3Oz5qBaFOwFR/9WM UruKecqhqSwAd4djp+zZIVX63Ccv3S02MlweovnG6C1RljW1QSYPvUcbQd7AdVGDx9iI 6BcxUJt6evXJDWZQI/1vVJgcq22gSSleSwlvLMYXoQM533UkR/nyCGDpxWnDekbEMvFD ZIrQ== MIME-Version: 1.0 X-Received: by 10.152.36.37 with SMTP id n5mr29475900laj.27.1419371083189; Tue, 23 Dec 2014 13:44:43 -0800 (PST) Received: by 10.25.85.201 with HTTP; Tue, 23 Dec 2014 13:44:43 -0800 (PST) Date: Tue, 23 Dec 2014 16:44:43 -0500 Message-ID: Subject: Netmap/VALE From: Stan Ratliff To: net@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2014 21:44:45 -0000 Hello, If my questions are naive, I apologize. However, I would like to look into moving traffic between Linux network namespaces (or rather, LXC-based applications running in a network name space) via VALE/Netmap. Since the namespaces only work with a "veth" interface, are those already supported in Netmap/VALE? I'm not able to find any documentation on whether that is do-able. Also, if Netmap/VALE currently don't support the "veth" interfaces, how would I go about creating that support? Regards, Stan From owner-freebsd-net@FreeBSD.ORG Wed Dec 24 09:56:27 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8DBC3DAC for ; Wed, 24 Dec 2014 09:56:27 +0000 (UTC) Received: from mail-ie0-x22d.google.com (mail-ie0-x22d.google.com [IPv6:2607:f8b0:4001:c03::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 50EA31F67 for ; Wed, 24 Dec 2014 09:56:27 +0000 (UTC) Received: by mail-ie0-f173.google.com with SMTP id y20so7374387ier.18 for ; Wed, 24 Dec 2014 01:56:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=CXFQqJtvolQg3nbnDBOshiz4lLypOqQyjxX/zxI8rUc=; b=ZXwjPvgJHiRmWqBzJTp8f8S31rhIF4HQiMXvqR53KFeWHNsCjijVoEpN7OpRi3ANTD mwcaFW8zd/dz+ZpV529t6eTqanB5TVvFQjrRgx8qJoogytLV1FKbTLM1Wi78H6+PfWXg cqWp2Hd5GR1tlOWB4H2u2jUX9Q2yZ7ZRoaWAxfJz9FBQMlo3tBnRIqV1OusJzXlDvhYn dK3+S7qLOO6UqcP+MO8Stq0w0rCw1bmtwnexTqRpqwzvDOw9HumyZN178x8S7v9cmLrb U4usMRAwnQ3A0g5L5UJAYJmec6iOoTHWfj1gme7ykPf3IB+XvL7IZ2ifbra75blXKYhH F9xw== X-Received: by 10.42.151.67 with SMTP id d3mr25419301icw.56.1419414982598; Wed, 24 Dec 2014 01:56:22 -0800 (PST) MIME-Version: 1.0 Received: by 10.64.78.225 with HTTP; Wed, 24 Dec 2014 01:56:02 -0800 (PST) In-Reply-To: <549029E8.2020508@bsdinfo.com.br> References: <548C3072.10303@bsdinfo.com.br> <548F2250.3010507@bsdinfo.com.br> <549029E8.2020508@bsdinfo.com.br> From: Mathieu KERJOUAN Date: Wed, 24 Dec 2014 10:56:02 +0100 Message-ID: Subject: Re: DNS resolution problem To: Marcelo Gondim Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: "freebsd-net@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Dec 2014 09:56:27 -0000 Hi everyone, I am suspicious that it's some recent filter due to last vulnerability of > bind. It could not be? I currently have exactly same issue after bind99 update on my DNS platform. And I don't know why only *.freebsd.org domains seems to be impacted. Name : bind99 [26/893] Version : 9.9.6P1 Installed on : Tue Dec 23 11:21:51 CET 2014 Origin : dns/bind99 Architecture : freebsd:9:x86:64 Prefix : /usr/local Categories : net ipv6 dns Licenses : ISCL Maintainer : mat@FreeBSD.org WWW : https://www.isc.org/software/bind Comment : BIND DNS suite with updated DNSSEC and DNS64 Options : DLZ_BDB : off DLZ_FILESYSTEM : off DLZ_LDAP : off DLZ_MYSQL : off DLZ_POSTGRESQL : off DLZ_STUB : off DOCS : on FILTER_AAAA : off FIXED_RRSET : off GOST : off GSSAPI_BASE : off GSSAPI_HEIMDAL : off GSSAPI_MIT : off GSSAPI_NONE : on IDN : on IPV6 : on LARGE_FILE : on LINKS : off NEWSTATS : off PYTHON : off REPLACE_BASE : off RPZ_NSDNAME : off RPZ_NSIP : off RPZ_PATCH : off RRL : off SIGCHASE : off SSL : on THREADS : on Shared Libs required: libxml2.so.2 libidnkit.so.1 libiconv.so.2 libcrypto.so.8 =E2=80=8B =E2=80=8BIf you have an idea why...=E2=80=8B From owner-freebsd-net@FreeBSD.ORG Wed Dec 24 11:32:14 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3966C2E6; Wed, 24 Dec 2014 11:32:14 +0000 (UTC) Received: from mx.aknet.kg (mx.aknet.kg [212.112.96.8]) by mx1.freebsd.org (Postfix) with ESMTP id 447BE64F29; Wed, 24 Dec 2014 11:32:13 +0000 (UTC) Received: from [192.168.0.218] (office.aknet.kg [212.112.96.6]) by mx.aknet.kg (Postfix) with ESMTP id B82F01CDE4; Wed, 24 Dec 2014 17:32:11 +0600 (KGT) To: Luigi Rizzo From: "IT Department, AkNet ISP" Reply-To: "IT Department, AkNet ISP" Subject: FIXED [Re: Netmap-ipfw, how to fill a table by 15K entries ?] - thanks and a question Date: Wed, 24 Dec 2014 17:32:11 +0600 X-LibVersion: 3.3.2 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-MimeOLE: Produced by Group-Office 3.01-stable-5 X-Mailer: Group-Office 3.01-stable-5 Message-ID: <20141224113211.41380.1057557340.swift@crm.aknet.kg> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: freebsd-net@freebsd.org, "Alexander V. Chernikov" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Dec 2014 11:32:14 -0000 Dear Luigi many thanks, we got new code from netmap codebase and see dramaticaly improved perfomance ! We have a little question about working of netmap-ipfw. It's very important for us to switch   net.inet.ip.fw.one_pass   variable to 0 value: net.inet.ip.fw.one_pass=0 How to use this variable in such matter with netmap-ipfw ? Or may be it behaviour depends on global variable net.inet.ip.fw.one_pass which we set while boot process of a server ? Azamat AkNet ISP Тема: FIXED [Re: Netmap-ipfw, how to fill a table by 15K entries ?] От:  Luigi Rizzo Кому: "IT Department, AkNet ISP" CC: "freebsd-net@freebsd.org" ,"Alexander V. Chernikov" Дата: 24-12-2014 0:26 Ok please pull the "next" branch from code.google.com/p/netmap-ipfw/ which has a fix applied (set TCP_NODELAY on the connection). With that i can load a table with 64k entries in about 3 seconds. The "master" branch also has the same fix, but loading a table appears to be buggy when it comes to tables, I think it is pointless to debug the problem in that branch since "next" contains more recent code from Alexander Chernikov which is much more robust for tables. Thanks for the bug report. cheers luigi On Tue, Dec 23, 2014 at 2:02 PM, IT Department, AkNet ISP wrote: > Hello to All > > Can anybody tell, how to fill a table with large number of entries ? > > Sure, It can be done by standard method by ./ipfw table 10 add > xxx.xxx.xxx.xxx in a script, but each entry takes couple of seconds to > be placed into a table: > > ./ipfw table 10 add 192.168.10.50 > connected to 127.0.0.1:5555 > > And takes many hours to do all job. > > May be there is a way to open a socket and place a bulk commands, for > example: > telnet localhost 5555 > table 10 add xxx.xxx.xxx.xxx > > But it doesn't work as written above. > > May be Senior Luigi can explane how to do such work as fast as it > done by ordinary ipfw ? > > Best regards > Azamat > AkNet ISP > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- -----------------------------------------+------------------------------- Prof. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL +39-050-2211611 . via Diotisalvi 2 Mobile +39-338-6809875 . 56122 PISA (Italy) -----------------------------------------+------------------------------- _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Wed Dec 24 13:59:12 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7D172A7C for ; Wed, 24 Dec 2014 13:59:12 +0000 (UTC) Received: from fipqcsb01.cogeco.net (smtp6.cogeco.ca [216.221.81.96]) by mx1.freebsd.org (Postfix) with ESMTP id 44FB338BA for ; Wed, 24 Dec 2014 13:59:10 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgEJAEvFmlQYelQW/2dsb2JhbABbgkNDUohdvlGFcASBFBcBAQEBAX2EEwglKQknBQYHC1AgHwEEHoghBQimXqUpBJAPhBMFiUuESk2CcoZBjQqDOSKEDCCCdAEBAQ X-IPAS-Result: AgEJAEvFmlQYelQW/2dsb2JhbABbgkNDUohdvlGFcASBFBcBAQEBAX2EEwglKQknBQYHC1AgHwEEHoghBQimXqUpBJAPhBMFiUuESk2CcoZBjQqDOSKEDCCCdAEBAQ X-IronPort-AV: E=Sophos;i="5.07,638,1413259200"; d="scan'208,217";a="274041075" Received: from 24-122-84-22.dr.cgocable.ca (HELO MartinDesktop) ([24.122.84.22]) by fipqcsb01.cogeco.net with ESMTP; 24 Dec 2014 08:58:02 -0500 From: "Martin Blais" To: Subject: Network Interface going up and down. Date: Wed, 24 Dec 2014 08:58:00 -0500 Message-ID: <004301d01f81$a153a480$e3faed80$@v.Blais@USherbrooke.ca> MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AdAfgaEkc7iGFvUoS/iAVPjodbX6Vw== Content-Language: fr-ca Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Dec 2014 13:59:12 -0000 Hi there, Someone in the following thread suggests to bring the bug up to your ears: https://bugs.freenas.org/issues/7227 If you decide that it is worth investigating and if you need any thing to help you, I'm available. Thanks Martin From owner-freebsd-net@FreeBSD.ORG Fri Dec 26 14:09:28 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 149CB187 for ; Fri, 26 Dec 2014 14:09:28 +0000 (UTC) Received: from mail-la0-f51.google.com (mail-la0-f51.google.com [209.85.215.51]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 90E0C2093 for ; Fri, 26 Dec 2014 14:09:27 +0000 (UTC) Received: by mail-la0-f51.google.com with SMTP id ms9so8820403lab.10 for ; Fri, 26 Dec 2014 06:09:18 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:user-agent :mime-version:content-transfer-encoding:content-type; bh=nCQPygFHxFsJv3YZsAKVA/iuP5k2oMj7FhyTv8NcBYI=; b=Ovh4PWtMA+dbXH0kystQXG6EPIQPNhU1ld1Ecjv0Ke2tK/9QylGrUPVcrd+MXwAeud 2+TzE8tATlCyvQTuXebFQWgKkWECiCeGjXQQptJ9ARUm5Lemgsk9JI+1l1hhss1Lppmg Ly+UHNBT6rh17kTYst538/9KCOJiY+y2IthrPDuT1Bmc4Mx6QBwrC8LSoqEhiejFbjsK l7tvt2wfmHOdcql/UQVDScWSuQqCfG/A7wzjUkZa/HcGSdcBvKBth+bClWv5k3q467x3 ccAHUqtqLNV34oGHBM77RFer2pn40joPEUSlSvCxTB31pUBy5ov/G9CZ28dsExNhjmUo RVIA== X-Gm-Message-State: ALoCoQnGVpXn1ST89moxvcxfHL3yK4/w02BJktwVOUUeo7ElzLeqPwJDuEzOlVamupiqIZTXDEI3 X-Received: by 10.152.20.98 with SMTP id m2mr44173866lae.49.1419602958700; Fri, 26 Dec 2014 06:09:18 -0800 (PST) Received: from kde4.my.domain ([188.227.89.2]) by mx.google.com with ESMTPSA id l5sm7946164lam.48.2014.12.26.06.09.17 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 26 Dec 2014 06:09:17 -0800 (PST) From: Oleg Ginzburg To: freebsd-net@freebsd.org Subject: SIOCSVH, SIOCGVH ioctl(2) and virtio ethernet driver Date: Fri, 26 Dec 2014 17:09:56 +0300 Message-ID: <36413168.TE9MLvZCzL@kde4.my.domain> User-Agent: KMail/4.14.2 (FreeBSD/11.0-CURRENT; KDE/4.14.2; amd64; ; ) MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Cc: Bryan Venteicher X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Dec 2014 14:09:28 -0000 is it possible to use the carp(4) protocol with vtnet(4) interfaces ( which is used, for example, in bhyve(8) ) Currently, the standard carp init operation causes an SIOCGVH error: /sbin/ifconfig vtnet0 vhid 1 advskew 100 pass pass 10.10.10.10/24 alias ifconfig: SIOCGVH: Protocol not supported From owner-freebsd-net@FreeBSD.ORG Fri Dec 26 14:41:15 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1B90FC4B for ; Fri, 26 Dec 2014 14:41:15 +0000 (UTC) Received: from mail-wg0-x233.google.com (mail-wg0-x233.google.com [IPv6:2a00:1450:400c:c00::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A34A5263E for ; Fri, 26 Dec 2014 14:41:14 +0000 (UTC) Received: by mail-wg0-f51.google.com with SMTP id x12so14554333wgg.10 for ; Fri, 26 Dec 2014 06:41:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=aJe493adxIEt6hCdFE1YiMXQwxcQKXpJkXPvxPtZoUU=; b=Nbnvs38gAfZEt60ksXhC1cK2oXAXR6IweZv+4C51JZFQUTdXx/sC5nUa7g3CFZNo4T nMgg83coMMt06CG0/reMT8bZRe0SMnOaApIlloSeTojn/bYWpcHB3CZIiuM3vDlH0z4g BNi+pcOFSgxSV8gwY47CCO//6k5bM33KzlbmfHqj5ieuzxv4VRHfJuPUWi8D2ApbmBg1 kKXiW9e2xxmesnqisBf6JyCe6XbcL3Tbzikyz41crKAiSH5qYh9ooyFgzEZMgPBvKdvw 3rp7luDKS6ZREpO8Dy6lHKxd4nRzVcggAgbAEh5gDKiVL6ggcRfhNrso5S6Wl9EkfAE7 a6zw== MIME-Version: 1.0 X-Received: by 10.180.76.144 with SMTP id k16mr68646995wiw.3.1419604872876; Fri, 26 Dec 2014 06:41:12 -0800 (PST) Received: by 10.27.177.218 with HTTP; Fri, 26 Dec 2014 06:41:12 -0800 (PST) Date: Fri, 26 Dec 2014 15:41:12 +0100 Message-ID: Subject: setfib and RSTs From: Nikolay Denev To: "freebsd-net@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Dec 2014 14:41:15 -0000 Hi, I have a process (bittorrent client) running in a non-default fib and using a VPN for default gateway: from /etc/rc.local : /usr/sbin/setfib 1 route add $vpn_provider 10.0.0.1 /usr/sbin/setfib 1 /usr/local/sbin/openvpn --config /usr/local/etc/openvpn/provider.ovpn /usr/sbin/setfib 1 /usr/sbin/service transmission onestart Then openvpn installs default gateway in fib 1 to point to the tun(4) interface. Stil, I'm seeing RST packets from the bittorrent client process to be sent not via the tunnel, but to the default gateway of the lan which seems wrong. As if when the kernel generates the RST it does not take into account the FIB of the socket? Any ideas? From owner-freebsd-net@FreeBSD.ORG Sat Dec 27 12:10:15 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 954131E9 for ; Sat, 27 Dec 2014 12:10:15 +0000 (UTC) Received: from frv191.fwdcdn.com (frv191.fwdcdn.com [212.42.77.191]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 55969178F for ; Sat, 27 Dec 2014 12:10:14 +0000 (UTC) Received: from [10.10.1.26] (helo=frv197.fwdcdn.com) by frv191.fwdcdn.com with esmtp ID 1Y4pxB-0009Wk-Iu for freebsd-net@freebsd.org; Sat, 27 Dec 2014 13:54:41 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net; s=ffe; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-Id:To:Subject:From:Date; bh=aG53Ky/pyqnVgsBxwhVnCU9Sib3Lo6wumkHxHR+O3G4=; b=wliAItHXzsIj2rGzfGNcOa35DqEf8VosfXAdjgl4JyN2GrrBWmR3TyYtOZUofStdmrbRusnfrDxGnFJ1g9v/78fFPd55fNBwyKG3TaMz64lRQHmTu5kNZ0RCjq+sM+sCj8wguwqHQJbYsBuh2MUVnH9ZnciUTpLgXpRgR3tZNfQ=; Received: from [10.10.10.34] (helo=frv34.fwdcdn.com) by frv197.fwdcdn.com with smtp ID 1Y4px4-00094H-GX for freebsd-net@freebsd.org; Sat, 27 Dec 2014 13:54:34 +0200 Date: Sat, 27 Dec 2014 13:54:33 +0200 From: wishmaster Subject: USB Tethering and forwarding To: freebsd-net@freebsd.org X-Mailer: mail.ukr.net 5.0 Message-Id: <1419680989.938234917.k6otv1bh@frv34.fwdcdn.com> MIME-Version: 1.0 Received: from artemrts@ukr.net by frv34.fwdcdn.com; Sat, 27 Dec 2014 13:54:34 +0200 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: binary Content-Disposition: inline X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Dec 2014 12:10:15 -0000 Hi, list. Server works as router for small network and some services in the jails. When I connect Android-based smartphone and attempt to use USB Tethering, the net.inet.ip.forwarding becomes 0 and I must change it to 1 every time. Is this normal behavior? FreeBSD server.local 10.1-STABLE FreeBSD 10.1-STABLE #1 r275636: Mon Dec 22 11:05:33 EET 2014 wishmaster@server.local:/usr/obj/usr/src/sys/SMS i386 Kernel has been compiled with VIMAGE Cheers, Vitaliy From owner-freebsd-net@FreeBSD.ORG Sat Dec 27 13:32:47 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4202712D; Sat, 27 Dec 2014 13:32:47 +0000 (UTC) Received: from mail.ipfw.ru (mail.ipfw.ru [IPv6:2a01:4f8:120:6141::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 63BB61123; Sat, 27 Dec 2014 13:32:01 +0000 (UTC) Received: from secured.by.ipfw.ru ([95.143.220.47] helo=[10.0.0.124]) by mail.ipfw.ru with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.82 (FreeBSD)) (envelope-from ) id 1Y4rTJ-0005Df-MV; Sat, 27 Dec 2014 17:31:57 +0400 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\)) Subject: Re: FIXED [Re: Netmap-ipfw, how to fill a table by 15K entries ?] From: "Alexander V. Chernikov" In-Reply-To: Date: Sat, 27 Dec 2014 16:31:55 +0300 Content-Transfer-Encoding: quoted-printable Message-Id: <4A917898-0659-4ECE-976F-241A989A4E77@ipfw.ru> References: To: Luigi Rizzo X-Mailer: Apple Mail (2.1993) Cc: "freebsd-net@freebsd.org" , "IT Department, AkNet ISP" , "Alexander V. Chernikov" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Dec 2014 13:32:47 -0000 > On 23 Dec 2014, at 21:26, Luigi Rizzo wrote: >=20 > Ok please pull the "next" branch from code.google.com/p/netmap-ipfw/ > which has a fix applied (set TCP_NODELAY on the connection). > With that i can load a table with 64k entries in about 3 seconds. >=20 > The "master" branch also has the same fix, but loading a table > appears to be buggy when it comes to tables, > I think it is pointless to debug the problem in that branch > since "next" contains more recent code from > Alexander Chernikov which is much more robust for tables. The only thing I can add here is that new table code is capable of = doing batch add/del operations via ipfw table AAA add cidr1 value1 [cidr2 value2] [cidr3 value3] ...=20 >=20 > Thanks for the bug report. >=20 > cheers > luigi >=20 > On Tue, Dec 23, 2014 at 2:02 PM, IT Department, AkNet ISP = wrote: >> Hello to All >>=20 >> Can anybody tell, how to fill a table with large number of entries ? >>=20 >> Sure, It can be done by standard method by ./ipfw table 10 add >> xxx.xxx.xxx.xxx in a script, but each entry takes couple of seconds = to >> be placed into a table: >>=20 >> ./ipfw table 10 add 192.168.10.50 >> connected to 127.0.0.1:5555 >>=20 >> And takes many hours to do all job. >>=20 >> May be there is a way to open a socket and place a bulk commands, for >> example: >> telnet localhost 5555 >> table 10 add xxx.xxx.xxx.xxx >>=20 >> But it doesn't work as written above. >>=20 >> May be Senior Luigi can explane how to do such work as fast as it >> done by ordinary ipfw ? >>=20 >> Best regards >> Azamat >> AkNet ISP >>=20 >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to = "freebsd-net-unsubscribe@freebsd.org" >=20 >=20 >=20 > --=20 > = -----------------------------------------+------------------------------- > Prof. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. = dell'Informazione > http://www.iet.unipi.it/~luigi/ . Universita` di Pisa > TEL +39-050-2211611 . via Diotisalvi 2 > Mobile +39-338-6809875 . 56122 PISA (Italy) > = -----------------------------------------+------------------------------- >=20