From owner-freebsd-questions@freebsd.org Tue Aug 1 12:07:07 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F3FD2DD2558 for ; Tue, 1 Aug 2017 12:07:06 +0000 (UTC) (envelope-from trond@fagskolen.gjovik.no) Received: from smtp.fagskolen.gjovik.no (smtp.fagskolen.gjovik.no [IPv6:2001:700:1100:1:200:ff:fe00:b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.fagskolen.gjovik.no", Issuer "Fagskolen i Gj??vik" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 9D71774071 for ; Tue, 1 Aug 2017 12:07:06 +0000 (UTC) (envelope-from trond@fagskolen.gjovik.no) Received: from mail.fig.ol.no (localhost [127.0.0.1]) by mail.fig.ol.no (8.15.2/8.15.2) with ESMTPS id v71C6lRA057066 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 1 Aug 2017 14:06:47 +0200 (CEST) (envelope-from trond@fagskolen.gjovik.no) Received: from localhost (trond@localhost) by mail.fig.ol.no (8.15.2/8.15.2/Submit) with ESMTP id v71C6kGj057063; Tue, 1 Aug 2017 14:06:46 +0200 (CEST) (envelope-from trond@fagskolen.gjovik.no) X-Authentication-Warning: mail.fig.ol.no: trond owned process doing -bs Date: Tue, 1 Aug 2017 14:06:46 +0200 (CEST) From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= Sender: Trond.Endrestol@fagskolen.gjovik.no To: Mike Tancsa cc: freebsd-questions Subject: Re: default route via SLAAC not working ? In-Reply-To: Message-ID: References: <96b09a19-01e1-e182-e9c0-d1526a12373f@sentex.net> <3e0e0362-d8c8-5f85-46dc-f4e103f78fc2@sentex.net> User-Agent: Alpine 2.21 (BSF 202 2017-01-01) Organization: Fagskolen Innlandet OpenPGP: url=http://fig.ol.no/~trond/trond.key MIME-Version: 1.0 Content-ID: X-Spam-Status: No, score=-2.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail.fig.ol.no Content-Type: text/plain; CHARSET=ISO-8859-1 Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Aug 2017 12:07:07 -0000 On Mon, 31 Jul 2017 15:37-0400, Mike Tancsa wrote: > On 7/31/2017 2:13 PM, Trond Endrestøl wrote: > > > > That's strange. I've never seen such behaviour before. > > Maybe a packet capture can provide more clues. > > Not sure whats going on from the pcap. I dont see any values in there > that would tell the kernel to expire a setting in less than 5min I compared your router's advertisement with the core switch at work: >From your network: 10:05:51.261641 a4:71:74:2b:c1:37 > 33:33:00:00:00:01, ethertype IPv6 (0x86dd), length 118: (hlim 255, next-header ICMPv6 (58) payload length: 64) fe80::a671:74ff:fe2b:c137 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 64 hop limit 64, Flags [managed, other stateful], pref high, router lifetime 1800s, reachable time 0s, retrans time 0s prefix info option (3), length 32 (4): 2605:8d80:6e3:7365::/64, Flags [onlink, auto], valid time 7200s, pref. time 3600s 0x0000: 40c0 0000 1c20 0000 0e10 0000 0000 2605 0x0010: 8d80 06e3 7365 0000 0000 0000 0000 mtu option (5), length 8 (1): 1460 0x0000: 0000 0000 05b4 source link-address option (1), length 8 (1): a4:71:74:2b:c1:37 0x0000: a471 742b c137 >From my work network (slightly anonymized): 13:48:16.506259 IP6 (class 0xe0, hlim 255, next-header ICMPv6 (58) payload length: 64) fe80::1 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 64 hop limit 64, Flags [other stateful], pref high, router lifetime 1800s, reachable time 0s, retrans time 0s source link-address option (1), length 8 (1): 00:12:34:56:78:9a 0x0000: 0012 3456 789a mtu option (5), length 8 (1): 1500 0x0000: 0000 0000 05dc prefix info option (3), length 32 (4): 2001:db8:1234:5::/64, Flags [onlink, auto], valid time 2592000s, pref. time 604800s 0x0000: 40c0 0027 8d00 0009 3a80 0000 0000 2001 0x0010: 0db8 1234 0005 0000 0000 0000 0000 Your router has the "managed" flag and the "other" flag turned on. Does the router provide DHCPv6 service? If it does, then you need a DHCPv6 client, e.g. net/dhcp6 or net/dhcpcd. If you can turn off the "managed" flag in the router's advertisements, then SLAAC should work out of the box. You would still need a DHCPv6 client to extract the DNS information, unless you want to handle that through DHCP for IPv4 or do it manually. -- Trond. From owner-freebsd-questions@freebsd.org Tue Aug 1 13:02:27 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0E8D7DABD00 for ; Tue, 1 Aug 2017 13:02:27 +0000 (UTC) (envelope-from luciano@vespaperitivo.it) Received: from baobab.bilink.net (baobab.bilink.net [212.45.144.44]) by mx1.freebsd.org (Postfix) with ESMTP id C625276871 for ; Tue, 1 Aug 2017 13:02:26 +0000 (UTC) (envelope-from luciano@vespaperitivo.it) Received: from localhost (localhost [127.0.0.1]) by baobab.bilink.it (Postfix) with ESMTP id 3xMGW95TRNz1cXL0 for ; Tue, 1 Aug 2017 14:55:01 +0200 (CEST) X-Virus-Scanned: amavisd-new at mcs.it Received: from baobab.bilink.net ([127.0.0.1]) by localhost (baobab.mcs.it [127.0.0.1]) (amavisd-new, port 11027) with ESMTP id S26yWznxHYQu for ; Tue, 1 Aug 2017 14:55:01 +0200 (CEST) Received: from hermes.mcs.it (hermes.mcs.it [192.168.132.21]) by baobab.bilink.it (Postfix) with ESMTP id 3xMGW94gy6z1cXKx for ; Tue, 1 Aug 2017 14:55:01 +0200 (CEST) Received: from mordeus (unknown [192.168.45.6]) by hermes.mcs.it (Postfix) with ESMTP id 826471B7550 for ; Tue, 1 Aug 2017 14:55:01 +0200 (CEST) Date: Tue, 1 Aug 2017 14:55:01 +0200 From: Luciano Mannucci To: freebsd-questions@freebsd.org Subject: Re: Filesystem antivirus for FreeBSD In-Reply-To: <14613073-fb23-d7a3-a6fd-f0b39753c789@ShaneWare.Biz> References: <3wsWvt0V3Vz1cXL1@baobab.bilink.it> <15cc6291c50.279b.0b331fcf0b21179f1640bd439e3f4a1e@tundraware.com> <3wsY1n1bGTzRRqQ@baobab.bilink.it> <14613073-fb23-d7a3-a6fd-f0b39753c789@ShaneWare.Biz> X-Mailer: Claws Mail 3.15.0 (GTK+ 2.24.31; amd64-portbld-freebsd10.3) X-Face: 4qPv4GNcD; h<7Q/sK>+GqF4=CR@KmnPkSmwd+#%\F`4yjKO3"C]p'z=(oWRnsYBQGM\5g:4skqQY0NnV'dM:Mm:^/_+I@a"; [-s=ogufdF"9ggQ'=y MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <3xMGW94gy6z1cXKx@baobab.bilink.it> X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Aug 2017 13:02:27 -0000 On Wed, 21 Jun 2017 12:11:16 +0930 Shane Ambler wrote: > >> Clamav might, but you'll have to check. > > It failed to catch a virus that Sophos on Linux found. > > Have you submitted a sample that clamav may get a solution added? > > http://www.clamav.net/reports/malware Yes I did. Despite of that, I still get this, ecanning the same files: On FreeBSD, with clamav: ----------- SCAN SUMMARY ----------- Known viruses: 6302176 Engine version: 0.99.2 Scanned directories: 8130 Scanned files: 58163 Infected files: 0 Data scanned: 2996.03 MB Data read: 4024.93 MB (ratio 0.74:1) Time: 964.257 sec (16 m 4 s) On linux, with Sophos: A threat was detected during an on-demand scan. Details follow: 40961 files scanned. Number of infections detected: 3267 Number of infected files detected: 3267 Does someone know how to run sophos on FreeBSD > 10.0? Thanks to everyone anyway, Luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250 X AGAINST HTML MAIL / E-MAIL: posthamster@sublink.sublink.ORG / \ AND POSTINGS / WWW: http://www.lesassaie.IT/