From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 02:04:25 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C7AA16A4CF for ; Thu, 16 Sep 2004 02:04:25 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E95C43D31 for ; Thu, 16 Sep 2004 02:04:25 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.207] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1C7ldH-0007Sg-00 for freebsd-pf@freebsd.org; Thu, 16 Sep 2004 04:04:23 +0200 Received: from [217.83.2.225] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1C7ldH-0007xf-00 for freebsd-pf@freebsd.org; Thu, 16 Sep 2004 04:04:23 +0200 From: Max Laier Date: Thu, 16 Sep 2004 04:03:14 +0200 User-Agent: KMail/1.7 To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart5245428.L5CIamXMDg"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200409160403.15508.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Fwd: freebsd-pf created X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Sep 2004 02:04:25 -0000 --nextPart5245428.L5CIamXMDg Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline [ Wellcome to freebsd-pf ... ] All, it's done - big THANK YOU to David Wolfskill for the quick action! We now h= ave=20 an "official" freebsd-pf mailing list, please subscribe here etc. ... To do so, surf to: http://lists.freebsd.org/mailman/listinfo/freebsd-pf and= =20 follow the directions, I guess you know how it works - eh? Thanks to freelists.org for the hosting so far ... I'll completely nuke the= =20 list in a week or so. As for the archives, there is not overly much information in there. Sure th= ere=20 are some interesting threads and posts ... I keep my private archive and lo= ok=20 into publishing it somewhere, but I don't see much point in keeping the=20 freelists list up just for the sake of archives (it'll only be a source of= =20 confusion IMO). =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart5245428.L5CIamXMDg Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBSPRjXyyEoT62BG0RAha5AJ9ovLxWvtnmlx2EKdq+IRvzGU35xACdER2U wqCURvOb2jqg+ss5nKou7Vg= =HStY -----END PGP SIGNATURE----- --nextPart5245428.L5CIamXMDg-- From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 02:31:05 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 004C816A4CF for ; Thu, 16 Sep 2004 02:31:05 +0000 (GMT) Received: from gecea.ist.utl.pt (gecea.ist.utl.pt [193.136.140.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7AB3643D41 for ; Thu, 16 Sep 2004 02:31:04 +0000 (GMT) (envelope-from brunomiguel@dequim.ist.utl.pt) Received: from [10.10.59.250] (unknown [81.84.199.69]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by gecea.ist.utl.pt (Postfix) with ESMTP id 5384C4092 for ; Thu, 16 Sep 2004 03:31:08 +0100 (WEST) Message-ID: <4148FAE3.1090003@dequim.ist.utl.pt> Date: Thu, 16 Sep 2004 03:30:59 +0100 From: Bruno Afonso User-Agent: Mozilla Thunderbird 0.7 (X11/20040619) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: <41476126.7000503@dequim.ist.utl.pt> <41487CDA.7080709@dequim.ist.utl.pt> <200409160156.18049.max@love2party.net> In-Reply-To: <200409160156.18049.max@love2party.net> X-Enigmail-Version: 0.84.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: RELENG_5 and carp patches - Status X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Sep 2004 02:31:05 -0000 I've forgotten to say one thing. I had to add the carp definition to /etc/protocols. In reality, I renamed "vrrp" to "carp" after looking at openbsd's /etc/protocols. So, it's missing in the patch too. Max Laier wrote: > On Wednesday 15 September 2004 19:33, Bruno Afonso wrote: > >>=> WORKS: >> >>I've set carp0 and carp1 with the ips my NAT box uses and it's working >>flawlessly up until now (some hours). I have yet to set the backup box >>as it's really really old and I'm waiting for it to compile world and >>kernel... :) >> >>I will try failover in the next days. >> >> >>=> DOES NOT WORK: >> >>ifconfig pfsync syncif does not work >>carp-testing-box# ifconfig pfsync0 up syncif fxp0 >>ifconfig: syncif: bad value > > > Ugh ... this got completely forgotten. Check the patch at: > http://people.freebsd.org/~mlaier/ifconfig.pfsync.patch (hope it still > applies) it will certainly cause rejects with the carp-ifconfig ... Seems to apply cleanly. You have to cd /usr/src/sbin/ifconfig before "patch -p0 < " though. I can now do "ifconfig pfsync0 up syncif " without any error. >>accessing carp'ed IP address does not work >>carp-testing-box# ping IP >>PING IP (IP): 56 data bytes >>ping: sendto: Operation not permitted > > > EPERM is clearly a problem of your firewalling rules on the box that is trying > to ping. Doh! Damn home made script to generate the pf conf file... :-) I needed to open carp0 from (carp0) to (carp0). Another interesting aspect is that traffic originating from the machine come from the non-carp ips. :-) >>I also get "arp_rtrequest: bad gateway IP (!AF_LINK)" in /var/log/messages. > > > This described in: http://people.freebsd.org/~mlaier/CARP/README and it's not > a problem only a bit distrubing. Ye, doesn't bother. > hmmm ... looks like netstat has been built with different headers as the > kernel. Try make installincludes and rebuild+install netstat. Did it. Same error(s). I'm gonna recompile world and kernel just for the sake of it. :-) and rm -rf /usr/obj. BA -- Bruno Afonso http://dequim.ist.utl.pt/~bruno/sciTocs/ - Bruno's SciTocs! http://freebsd-pt.org/forum/ - Portuguese FreeBSD forum From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:38:02 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id E706116A4CF; Thu, 16 Sep 2004 03:38:02 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 83160 invoked by uid 1005); 29 Apr 2003 11:29:51 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 83157 invoked from network); 29 Apr 2003 11:29:51 -0000 Received: from moutng.kundenserver.de (212.227.126.177) by pd9e39b1f.dip.t-dialin.net with SMTP; 29 Apr 2003 11:29:51 -0000 Received: from [212.227.126.210] (helo=mxng14.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19AUEY-0007F2-00 for max@vampire.homelinux.org; Tue, 29 Apr 2003 14:29:18 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng14.kundenserver.de with esmtp (Exim 3.35 #1) id 19AUEU-0007NH-00 for max@love2party.net; Tue, 29 Apr 2003 14:29:14 +0200 Received: from turing.(none) (localhost [127.0.0.1])ESMTP id 51EDF3909B5; Tue, 29 Apr 2003 07:24:15 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 29 Apr 2003 07:24:14 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183])ESMTP id BD84D390A2E for ; Tue, 29 Apr 2003 07:24:13 -0500 (EST) Received: from [212.227.126.161] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19AUEQ-0006qn-00 for pf4freebsd@freelists.org; Tue, 29 Apr 2003 14:29:10 +0200 Received: from [217.227.155.31] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19AUEO-0005OB-00 for pf4freebsd@freelists.org; Tue, 29 Apr 2003 14:29:09 +0200 Message-ID: <004201c30e4b$6954b140$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-archive-position: 2 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 30 X-Length: 3449 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Version 0.62 released! X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:38:03 -0000 X-Original-Date: Tue, 29 Apr 2003 14:32:29 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:38:03 -0000 Hello, Pyun YongHyeon and myself discussed some optimization to the current way cksums are validated when a packet arrives in the in queue. Until now, the cksum was validated twice. First pf_test (called from the PFIL_HOOK in ip_input.c) validated the cksum with pf_check_proto_cksum and the kernel did the same later in the processing queue (tcp_input.c et. al.). We reworked pf_check_proto_cksum to flag the packet in case the checksum is valid if not, the packet is droped anyways. We make use of mbuf flags that usually indicate, that the cksum was validated by hardware (bge, em, gx, lge, nge, txp, ti and xl NICs) so there may exist problems when such a NIC is installed (even so it should not). If you have such a NIC please get a copy of version 0.62 and check if everything works as exspected. This fix should give a great gain in performance when no hardware cksumming is available and the CPU is very busy with your netio. Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:38:07 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id EC1AF16A4CF; Thu, 16 Sep 2004 03:38:07 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 87634 invoked by uid 1005); 30 Apr 2003 08:03:02 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 87631 invoked from network); 30 Apr 2003 08:03:02 -0000 Received: from moutng.kundenserver.de (212.227.126.183) by pd9e39c1e.dip.t-dialin.net with SMTP; 30 Apr 2003 08:03:02 -0000 Received: from [212.227.126.211] (helo=mxng15.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19AnU0-0004jQ-00 for max@vampire.homelinux.org; Wed, 30 Apr 2003 11:02:32 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng15.kundenserver.de with esmtp (Exim 3.35 #1) id 19AnTy-0001kS-00 for max@love2party.net; Wed, 30 Apr 2003 11:02:31 +0200 Received: from turing.(none) (localhost [127.0.0.1])ESMTP id 55DEE3904A8; Wed, 30 Apr 2003 03:57:23 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Wed, 30 Apr 2003 03:57:23 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177])ESMTP id 11FE0390138 for ; Wed, 30 Apr 2003 03:57:22 -0500 (EST) Received: from [212.227.126.155] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19AnTu-0007Em-00 for pf4freebsd@freelists.org; Wed, 30 Apr 2003 11:02:26 +0200 Received: from [217.227.156.30] (helo=vampire.homelinux.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19AnTu-0000v5-00 for pf4freebsd@freelists.org; Wed, 30 Apr 2003 11:02:26 +0200 Received: (qmail 87622 invoked by uid 80); 30 Apr 2003 08:02:54 -0000 Received: from 141.3.10.100 (proxying for 141.3.12.140) (SquirrelMail authenticated user mlaier) by webmail.vampire.homelinux.org with HTTP; Wed, 30 Apr 2003 10:02:54 +0200 (CEST) Message-ID: <50689.141.3.10.100.1051689774.squirrel@webmail.vampire.homelinux.org> From: "Max Laier" To: X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.11) MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-archive-position: 3 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 33 X-Length: 3937 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] IPv6-Problem in with version 0.62 fix available X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:38:08 -0000 X-Original-Date: Wed, 30 Apr 2003 10:02:54 +0200 (CEST) X-List-Received-Date: Thu, 16 Sep 2004 03:38:08 -0000 Hello, Pyun identified a problem with IPv6 with the newly introduced mbuf-tagging-hack. Please get version 0.62a which fixes this issue. Max =================================================================== Index: pf.c =================================================================== RCS file: /cvs/pf_33_freebsd/pf/pf.c,v retrieving revision 1.7.2.1 retrieving revision 1.9 diff -r1.7.2.1 -r1.9 4725,4729c4725,4734 < if (sum == 0) { < m->m_pkthdr.csum_flags |= < (CSUM_DATA_VALID|CSUM_PSEUDO_HDR); < m->m_pkthdr.csum_data = 0xffff; < } --- > /* > * XXX > * IPv6 H/W cksum off-load not supported yet! > * > * if (sum == 0) { > * m->m_pkthdr.csum_flags |= > * (CSUM_DATA_VALID|CSUM_PSEUDO_HDR); > * m->m_pkthdr.csum_data = 0xffff; > *} > */ From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:38:12 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id F11D216A4CF; Thu, 16 Sep 2004 03:38:12 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 95943 invoked by uid 1005); 2 May 2003 09:33:59 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 95940 invoked from network); 2 May 2003 09:33:59 -0000 Received: from moutng.kundenserver.de (212.227.126.187) by p50839a6f.dip.t-dialin.net with SMTP; 2 May 2003 09:33:59 -0000 Received: from [212.227.126.150] (helo=mxng07.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19BXrA-00013g-00 for max@vampire.homelinux.org; Fri, 02 May 2003 12:33:32 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng07.kundenserver.de with esmtp (Exim 3.35 #1) id 19BXr7-0002se-00 for max@love2party.net; Fri, 02 May 2003 12:33:29 +0200 Received: from turing.(none) (localhost [127.0.0.1])ESMTP id D4E24390718; Fri, 2 May 2003 05:28:02 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Fri, 02 May 2003 05:28:02 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186])ESMTP id AD16839053B for ; Fri, 2 May 2003 05:28:01 -0500 (EST) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19BXr3-0003Ai-00 for pf4freebsd@freelists.org; Fri, 02 May 2003 12:33:25 +0200 Received: from [80.131.154.111] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19BXr3-0005wd-00 for pf4freebsd@freelists.org; Fri, 02 May 2003 12:33:25 +0200 Message-ID: <009b01c31096$c14577c0$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-archive-position: 4 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 35 X-Length: 3815 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Fw: New PF FAQ X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:38:13 -0000 X-Original-Date: Fri, 2 May 2003 12:36:56 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:38:13 -0000 I just like to forward you the following post, made to the official OpenBSD pf-Mailinglist (pf@benzedrine.cx) rescently. The mailinglist is hosted by Daniel Hartmeier (the original author of pf) and surely worth reading, but do not exspect help on pf4freebsd there - even so the people on that list are very helpfull. This new FAQ is really (one of) the best documents around, have a look at it ... I put a pointer on the website. Max ----- Original Message ----- From: "Henning Brauer" To: "PF Mailing List" Sent: Thursday, May 01, 2003 5:54 PM Subject: Re: New PF FAQ > On Thu, May 01, 2003 at 08:09:26AM -0400, Jason Dixon wrote: > > I'd like to take a moment to thank the developers of PF and the author > > of the following document. If you haven't read it yet, you should set > > aside a few minutes for it. It includes documentation and examples on > > all of the newest -release features, including a really nice page on > > queuing. > > > > http://openbsd.org/faq/pf/ > > This was mostly done by Joel Knight, and I think he did excellent > work. Thanks, Joel! > > -- > Henning Brauer, BS Web Services, http://bsws.de > hb@bsws.de - henning@openbsd.org > Unix is very simple, but it takes a genius to understand the simplicity. > (Dennis Ritchie) > From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:38:18 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 026E816A4D0; Thu, 16 Sep 2004 03:38:18 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 1924 invoked by uid 1005); 3 May 2003 11:39:45 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 1921 invoked from network); 3 May 2003 11:39:45 -0000 Received: from moutng.kundenserver.de (212.227.126.177) by pd9530e9a.dip.t-dialin.net with SMTP; 3 May 2003 11:39:45 -0000 Received: from [212.227.126.159] (helo=mxng09.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19BwIR-0006mO-00 for max@vampire.homelinux.org; Sat, 03 May 2003 14:39:19 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng09.kundenserver.de with esmtp (Exim 3.35 #1) id 19BwIO-00085u-00 for max@love2party.net; Sat, 03 May 2003 14:39:16 +0200 Received: from turing.(none) (localhost [127.0.0.1])ESMTP id E347D390543; Sat, 3 May 2003 07:33:39 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sat, 03 May 2003 07:33:39 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.189])ESMTP id B48FA3904A0 for ; Sat, 3 May 2003 07:33:38 -0500 (EST) Received: from [212.227.126.161] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19BwIL-0004Bx-00 for pf4freebsd@freelists.org; Sat, 03 May 2003 14:39:13 +0200 Received: from [217.83.14.154] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19BwIL-00047G-00 for pf4freebsd@freelists.org; Sat, 03 May 2003 14:39:13 +0200 Message-ID: <00a401c31171$7ec2d420$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-archive-position: 5 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 36 X-Length: 2982 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Version 0.63 released X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:38:18 -0000 X-Original-Date: Sat, 3 May 2003 14:42:44 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:38:18 -0000 Hello, once started on the cksum-bottleneck Pyun did some further improvements to in4_cksum, which now uses optimized code for i386 architectures. If you have another architecture please take a look at the changes made (it's mostly copy'n'paste from machine/in_cksum.{h, c}) and try to build a similar approach for your architecture. Any imput is greatly appreachiated. Furthermore Pyun has identified a problem when building on latest -current (limits.h moved) and fixed it. Thanks Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:38:23 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 0762516A4D0; Thu, 16 Sep 2004 03:38:23 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 4349 invoked by uid 1005); 3 May 2003 19:13:13 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 4346 invoked from network); 3 May 2003 19:13:12 -0000 Received: from moutng.kundenserver.de (212.227.126.171) by pd9530e9a.dip.t-dialin.net with SMTP; 3 May 2003 19:13:12 -0000 Received: from [212.227.126.214] (helo=mxng18.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19C3NE-0002GA-00 for max@vampire.homelinux.org; Sat, 03 May 2003 22:12:44 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng18.kundenserver.de with esmtp (Exim 3.35 #1) id 19C3NB-0002M4-00 for max@love2party.net; Sat, 03 May 2003 22:12:41 +0200 Received: from turing.(none) (localhost [127.0.0.1])ESMTP id 72FAB3904AB; Sat, 3 May 2003 15:07:02 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sat, 03 May 2003 15:07:02 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from kundenserver16.yws-admin.de (unknown [217.115.154.106]) ESMTP id 23CC63904DD for ; Sat, 3 May 2003 15:07:01 -0500 (EST) Received: from kasimir.com (p50875C63.dip.t-dialin.net [80.135.92.99]) by kundenserver16.yws-admin.de (Postfix) with ESMTP id C5043352614 for ; Sat, 3 May 2003 22:12:56 +0200 (CEST) Message-ID: <3EB42293.3060809@kasimir.com> From: Florian Smeets User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4a) Gecko/20030427 X-Accept-Language: en-us, en MIME-Version: 1.0 To: pf4freebsd@freelists.org References: <00a401c31171$7ec2d420$01000001@max900> In-Reply-To: <00a401c31171$7ec2d420$01000001@max900> Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-archive-position: 6 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: flo@kasimir.com Precedence: normal X-list: pf4freebsd X-UID: 37 X-Length: 3560 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 Subject: [pf4freebsd] Re: Version 0.63 released X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:38:23 -0000 X-Original-Date: Sat, 03 May 2003 22:12:03 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:38:23 -0000 Max Laier wrote: > Hello, > > once started on the cksum-bottleneck Pyun did some further improvements to > in4_cksum, which now uses optimized code for i386 architectures. If you have > another architecture please take a look at the changes made (it's mostly > copy'n'paste from machine/in_cksum.{h, c}) and try to build a similar > approach for your architecture. Any imput is greatly appreachiated. > Furthermore Pyun has identified a problem when building on latest -current > (limits.h moved) and fixed it. > > Thanks > Max > > > Hi everyone, i made a port for this today. Since this is a first shot and i've never made a port ever before so any suggestions are welcome. If you build the port with "make install WITH_ALTQ=yes" it should build with ALTQ support. I have not been able to test it since i only have a -CURRENT system. So if anyone could test and give me some feedback. The port is available at http://flds.dyndns.org/pf.tar.gz . Just extract the file in /usr/ports/security/ goto /usr/ports/security/pf/ and install it like any other port. I haven't included any stop/start scrips nor a pf.conf yet. Should we add the default OpenBSD pf.conf ? flo From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:38:28 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 0CA7E16A4D0; Thu, 16 Sep 2004 03:38:28 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 4580 invoked by uid 1005); 3 May 2003 19:47:39 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 4577 invoked from network); 3 May 2003 19:47:39 -0000 Received: from moutng.kundenserver.de (212.227.126.186) by pd9530e9a.dip.t-dialin.net with SMTP; 3 May 2003 19:47:39 -0000 Received: from [212.227.126.153] (helo=mxng02.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19C3ub-0000HC-00 for max@vampire.homelinux.org; Sat, 03 May 2003 22:47:13 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng02.kundenserver.de with esmtp (Exim 3.35 #1) id 19C3uY-0004PJ-00 for max@love2party.net; Sat, 03 May 2003 22:47:11 +0200 Received: from turing.(none) (localhost [127.0.0.1])ESMTP id 1FFBC3904DD; Sat, 3 May 2003 15:41:31 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sat, 03 May 2003 15:41:30 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.185])ESMTP id D331539015C for ; Sat, 3 May 2003 15:41:29 -0500 (EST) Received: from [212.227.126.161] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19C3uV-0007R1-00 for pf4freebsd@freelists.org; Sat, 03 May 2003 22:47:07 +0200 Received: from [217.83.14.154] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19C3uU-0004nn-00 for pf4freebsd@freelists.org; Sat, 03 May 2003 22:47:06 +0200 Message-ID: <00a001c311b5$a700dbf0$01000001@max900> From: "Max Laier" To: References: <00a401c31171$7ec2d420$01000001@max900> <3EB42293.3060809@kasimir.com> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-archive-position: 7 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 38 X-Length: 4873 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: Version 0.63 released X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:38:28 -0000 X-Original-Date: Sat, 3 May 2003 22:50:37 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:38:28 -0000 > Hi everyone, > > i made a port for this today. Since this is a first shot and i've never > made a port ever before so any suggestions are welcome. > > If you build the port with "make install WITH_ALTQ=yes" it should build > with ALTQ support. I have not been able to test it since i only have a > -CURRENT system. So if anyone could test and give me some feedback. > > The port is available at http://flds.dyndns.org/pf.tar.gz . Just extract > the file in /usr/ports/security/ goto /usr/ports/security/pf/ and > install it like any other port. > > I haven't included any stop/start scrips nor a pf.conf yet. Should we > add the default OpenBSD pf.conf ? > > > flo Great! Thanks for your effort! There are some issues that need to be addressed though: 1) A port should imho not install everything. authpf and spamd should go into a seperate port. Authpf because of setuid() which might scare away some users and spamd because it's not really in realtion with pf and rather standalone. 2) ftp-proxy, spamd and authpf need special users. These need to be created by a pkg-install script. 3) boot up script, pf.conf.sample and sample entry to inetd.conf as well as required entries in etc/services should be inculded. 4) installing the modules to boot/kernel is not what one would really want. boot/modules or usr/local/somewhere would be the better choice. That can be achived by setting MAKE_ARGS= KMODDIR="whatsoever" I have a port that does that, but it is build apon our (yet internal) 1.0-RC with modified Makefiles which make portbuilding somewhat easier. You can grap a copy of it (with an allready _outdated_ tarball of version 1.0) from http://pf4freebsd.love2party.net/sampleport.tar.gz to see what the Makefiles will be like in the end and what I have in mind. It's my first port as well, so don't exspect too much. There are some things that need to be addressed with my port as well. For example user proxy (for ftp-proxy) is created in group bin while it should rather create it's own group. I was exspecting to get that stuff done some days ago, but didn't find the time :( If you have much time at hand, check out the port and tell me what you think. I hope we can release 1.0 soon and build a port of it. Thanks for your work! Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:38:33 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 10E1A16A4CF; Thu, 16 Sep 2004 03:38:33 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 72084 invoked by uid 1005); 27 Apr 2003 13:42:05 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 72081 invoked from network); 27 Apr 2003 13:42:05 -0000 Received: from moutng.kundenserver.de (212.227.126.171) by p508396a5.dip.t-dialin.net with SMTP; 27 Apr 2003 13:42:05 -0000 Received: from [212.227.126.163] (helo=mxng10.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 199nLR-0002XH-00 for max@vampire.homelinux.org; Sun, 27 Apr 2003 16:41:33 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng10.kundenserver.de with esmtp (Exim 3.35 #1) id 199nLN-0005Uy-00 for max@love2party.net; Sun, 27 Apr 2003 16:41:29 +0200 Received: from turing.(none) (localhost [127.0.0.1]) ESMTP id 708B33904A6 for ; Sun, 27 Apr 2003 09:36:49 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sun, 27 Apr 2003 09:36:49 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.185])ESMTP id 687EF390097 for ; Sun, 27 Apr 2003 09:36:48 -0500 (EST) Received: from [212.227.126.161] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 199nLL-00043W-00 for pf4freebsd@freelists.org; Sun, 27 Apr 2003 16:41:27 +0200 Received: from [80.131.150.165] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 199nLK-0003UR-00 for pf4freebsd@freelists.org; Sun, 27 Apr 2003 16:41:27 +0200 Message-ID: <003601c30ccb$8e590940$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-archive-position: 1 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 41 X-Length: 2677 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Registration complete / First test message X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:38:33 -0000 X-Original-Date: Sun, 27 Apr 2003 16:44:49 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:38:33 -0000 Hello folks, this is the first test-message to the pf4freebsd@freelists.org mailinglist. It's only for testing the list. Have fun Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:38:38 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 162AA16A4CF; Thu, 16 Sep 2004 03:38:38 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 33364 invoked by uid 1005); 8 May 2003 19:01:06 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 33361 invoked from network); 8 May 2003 19:01:06 -0000 Received: from moutng.kundenserver.de (212.227.126.187) by pd9530abf.dip.t-dialin.net with SMTP; 8 May 2003 19:01:06 -0000 Received: from [212.227.126.213] (helo=mxng17.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19DrZO-0006Ct-00 for max@vampire.homelinux.org; Thu, 08 May 2003 22:00:46 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng17.kundenserver.de with esmtp (Exim 3.35 #1) id 19DrZM-000791-00 for max@love2party.net; Thu, 08 May 2003 22:00:44 +0200 Received: from turing.(none) (localhost [127.0.0.1])ESMTP id 2771F390E17; Thu, 8 May 2003 14:53:49 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Thu, 08 May 2003 14:53:48 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171])ESMTP id 41663390E24 for ; Thu, 8 May 2003 14:53:46 -0500 (EST) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19DrYo-00027d-00 for pf4freebsd@freelists.org; Thu, 08 May 2003 22:00:10 +0200 Received: from [217.83.10.191] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19DrYo-0004mp-00 for pf4freebsd@freelists.org; Thu, 08 May 2003 22:00:10 +0200 Message-ID: <003d01c3159c$efb2cda0$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-archive-position: 8 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 48 X-Length: 3523 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Release 1.0 with a port proposal X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:38:38 -0000 X-Original-Date: Thu, 8 May 2003 22:03:47 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:38:38 -0000 Hello, after we got ahead of ourselfs with the latest improvements to the cksum validation in versions 0.62 and 0.63 we decided to release an official 1.0 before we release more untested code. That is why what you will find as version 1.0 on the homepage is mostly what was 0.61 before. Of course we did include all bugfixes and the optimized in4_cksum which we tested ourselfs. Version 1.0 has a bit modified Makefiles to avoid extensive patching when building a port. Check out the release notes: http://pf4freebsd.love2party.net/release.html to learn more details on that. We will submit the port proposal found at: http://pf4freebsd.love2party.net/pf_port.tar.gz after some feedback from your side. Tell us if it worked for you and if you are happy with the way things are done there. We need your feedback! Testing on -Current is most important at the moment! We hope that it'll be possible to get the port to the port-tree before 5.1 is officially released. Thanks for your testing and feedback Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:38:43 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 1B7D116A4CF; Thu, 16 Sep 2004 03:38:43 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 37787 invoked by uid 1005); 9 May 2003 15:21:22 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 37784 invoked from network); 9 May 2003 15:21:22 -0000 Received: from moutng.kundenserver.de (212.227.126.184) by pd9e3907b.dip.t-dialin.net with SMTP; 9 May 2003 15:21:22 -0000 Received: from [212.227.126.147] (helo=mxng04.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19EAcJ-00044k-00 for max@vampire.homelinux.org; Fri, 09 May 2003 18:21:03 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng04.kundenserver.de with esmtp (Exim 3.35 #1) id 19EAcG-0001z8-00 for max@love2party.net; Fri, 09 May 2003 18:21:00 +0200 Received: from turing.(none) (localhost [127.0.0.1]) ESMTP id 78E22390C8D for ; Fri, 9 May 2003 11:14:25 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Fri, 09 May 2003 11:14:21 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188])ESMTP id 3E6C339090F for ; Fri, 9 May 2003 11:14:15 -0500 (EST) Received: from [212.227.126.155] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19EAc3-0003Tx-00 for pf4freebsd@freelists.org; Fri, 09 May 2003 18:20:47 +0200 Received: from [217.227.144.123] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19EAc3-00062E-00 for pf4freebsd@freelists.org; Fri, 09 May 2003 18:20:47 +0200 Message-ID: <001d01c31647$7590d160$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-archive-position: 9 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 50 X-Length: 2960 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Authpf port X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:38:43 -0000 X-Original-Date: Fri, 9 May 2003 18:24:20 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:38:43 -0000 Hello, finally finished the authpf port. There is an issue with pathnames.h which needs adressing in the tarball release as well, for now (avoiding 1.01 that soon after 1.0) I choose to patch instead. I wonder if anybody did try authpf, because it won't work as it is in the tarball. Well, yet another reason for trying the port ;) As allways: Thank you very much for any input on the port! http://pf4freebsd.love2party.net/authpf_port.tar.gz Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:38:48 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 2041F16A4CF; Thu, 16 Sep 2004 03:38:48 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 43790 invoked by uid 1005); 10 May 2003 23:10:33 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 43787 invoked from network); 10 May 2003 23:10:32 -0000 Received: from moutng.kundenserver.de (212.227.126.177) by pd95300bf.dip.t-dialin.net with SMTP; 10 May 2003 23:10:32 -0000 Received: from [212.227.126.152] (helo=mxng01.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19EePv-0003BP-00 for max@vampire.homelinux.org; Sun, 11 May 2003 02:10:15 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng01.kundenserver.de with esmtp (Exim 3.35 #1) id 19EePs-0006rN-00 for max@love2party.net; Sun, 11 May 2003 02:10:12 +0200 Received: from turing.(none) (localhost [127.0.0.1]) ESMTP id 33C3E390AFE for ; Sat, 10 May 2003 19:10:10 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sat, 10 May 2003 19:10:06 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.185])ESMTP id BC6B7390ADF for ; Sat, 10 May 2003 19:10:03 -0500 (EST) Received: from [212.227.126.155] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19EePj-0003e9-00 for pf4freebsd@freelists.org; Sun, 11 May 2003 02:10:03 +0200 Received: from [217.83.0.191] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19EePj-0003Xq-00 for pf4freebsd@freelists.org; Sun, 11 May 2003 02:10:03 +0200 Message-ID: <008d01c31752$2f83a6a0$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-archive-position: 10 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 51 X-Length: 3588 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Minor changes to the port X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:38:48 -0000 X-Original-Date: Sun, 11 May 2003 02:13:43 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:38:48 -0000 Hello, "Chris" found some minor issues with the port. I incooperated his comments and you'll find the new version on the webpage: 1) The sample pf.conf is now installed to ${PREFIX}/etc/pf.conf.default in order not to overwrite a users modified version. 2) pf.sh is installed as pf.sh.sample as well and pfctl is now called with complete pathname (${PREFIX}/sbin/pfctl) instead of pfctl alone. He further asked: > 1) Something about needing Options PFIL_HOOKS and > Options RANDOM_IP_ID compilied into the kernel for pf > when using make for the port. > > 2) Needing to add: gateway_enable="YES" to > /etc/rc.conf if you wish to have this machine act has > a gateway. I personally think, that 1) is covered by pkg-descr and that this is enough. What's your opinon? 2) is a rather generic issue and nothing special about pf. I don't think we need to mention. If one would write a small step-by-step tutorial on getting pf operational after installing from the port, I'd love to include that to the PORTSDOC Thanks for your feedback Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:38:53 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 2651F16A4CF; Thu, 16 Sep 2004 03:38:53 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 55514 invoked by uid 1005); 12 May 2003 09:32:27 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 55511 invoked from network); 12 May 2003 09:32:27 -0000 Received: from moutng.kundenserver.de (212.227.126.171) by pd9530fb4.dip.t-dialin.net with SMTP; 12 May 2003 09:32:27 -0000 Received: from [212.227.126.153] (helo=mxng02.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19FAbM-0001aD-00 for max@vampire.homelinux.org; Mon, 12 May 2003 12:32:12 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng02.kundenserver.de with esmtp (Exim 3.35 #1) id 19FAbJ-0002mJ-00 for max@love2party.net; Mon, 12 May 2003 12:32:09 +0200 Received: from turing.(none) (localhost [127.0.0.1])ESMTP id A8BB0390B46; Mon, 12 May 2003 05:31:53 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Mon, 12 May 2003 05:31:52 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186])ESMTP id 3EDD3390B40 for ; Mon, 12 May 2003 05:31:51 -0500 (EST) Received: from [212.227.126.161] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19FAbE-0008AP-00 for pf4freebsd@freelists.org; Mon, 12 May 2003 12:32:04 +0200 Received: from [217.83.15.180] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19FAbE-0004it-00 for pf4freebsd@freelists.org; Mon, 12 May 2003 12:32:04 +0200 Message-ID: <012101c31871$ae1c7ee0$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-archive-position: 11 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 53 X-Length: 3331 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Some more changes to the port X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:38:53 -0000 X-Original-Date: Mon, 12 May 2003 12:31:42 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:38:53 -0000 Hello, Pyun identified some minor problems with the port and Chris pointed out, that some of the includefiles are needed in order to build squid with --enable-pf-transparent Changes: 1) Include files are installed to ${PREFIX}/include/pf (For building squid et al, you'll have to set your CFLAGS accordingly) Such things should go to a short document in PORTSDOC. Is somebody willing to write such??? 2) The boot script explain why it was not able to determine PREFIX (use full path) 3) The modified manpage for pftcpdump.1 is installed. 4) Fixed a pkg-plist error I introduced when incooperating Chris' last comment about pf.conf.default I guess the port is now pretty ready for submit ... please tell me ASAP if you find anything that troubles you. Thanks a lot to Chris and Pyun. Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:38:58 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 2ABE816A4D0; Thu, 16 Sep 2004 03:38:58 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 59431 invoked by uid 1005); 12 May 2003 14:38:46 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 59428 invoked from network); 12 May 2003 14:38:46 -0000 Received: from moutng.kundenserver.de (212.227.126.171) by pd9530fb4.dip.t-dialin.net with SMTP; 12 May 2003 14:38:46 -0000 Received: from [212.227.126.148] (helo=mxng05.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19FFNj-0005ue-00 for max@vampire.homelinux.org; Mon, 12 May 2003 17:38:27 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng05.kundenserver.de with esmtp (Exim 3.35 #1) id 19FFNd-00043c-00 for max@love2party.net; Mon, 12 May 2003 17:38:21 +0200 Received: from turing.(none) (localhost [127.0.0.1])ESMTP id D2513390C4E; Mon, 12 May 2003 10:37:12 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Mon, 12 May 2003 10:37:11 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187])ESMTP id 6925D390C16 for ; Mon, 12 May 2003 10:37:09 -0500 (EST) Received: from [212.227.126.161] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19FFMj-0005b7-00 for pf4freebsd@freelists.org; Mon, 12 May 2003 17:37:25 +0200 Received: from [217.83.15.180] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19FFMi-0003kX-00 for pf4freebsd@freelists.org; Mon, 12 May 2003 17:37:24 +0200 Message-ID: <007301c3189c$55f23f90$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-archive-position: 12 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 54 X-Length: 2958 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Ports are out ... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:38:58 -0000 X-Original-Date: Mon, 12 May 2003 17:37:02 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:38:58 -0000 Hello, finally I submited the ports keep your fingers crossed that we found all problems and that the responsible people at the ports team like it as much as we do. If you are interested in the status of the ports, these links might help: http://www.freebsd.org/cgi/query-pr.cgi?pr=52121 pf port http://www.freebsd.org/cgi/query-pr.cgi?pr=52123 authpf port Thank you for your continued interest and of course any future feedback/comment/whatsoever Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:39:03 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 3009516A4CF; Thu, 16 Sep 2004 03:39:03 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 11222 invoked by uid 1005); 19 May 2003 07:00:46 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 11219 invoked from network); 19 May 2003 07:00:45 -0000 Received: from moutng.kundenserver.de (212.227.126.187) by pd9e39321.dip.t-dialin.net with SMTP; 19 May 2003 07:00:45 -0000 Received: from [212.227.126.210] (helo=mxng14.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19HfZV-0007z4-00 for max@vampire.homelinux.org; Mon, 19 May 2003 10:00:37 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng14.kundenserver.de with esmtp (Exim 3.35 #1) id 19HfZM-0003rK-00 for max@love2party.net; Mon, 19 May 2003 10:00:28 +0200 Received: from turing.(none) (localhost [127.0.0.1])ESMTP id E5FA439099E; Mon, 19 May 2003 02:58:58 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Mon, 19 May 2003 02:58:57 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from ns.kt-is.co.kr (unknown [211.218.149.125]) ESMTP id 04B3F390997 for ; Mon, 19 May 2003 02:58:55 -0500 (EST) Received: from michelle.kt-is.co.kr ([220.76.118.193]) (authenticated bits=0) by ns.kt-is.co.kr (8.12.5/8.12.5) with ESMTP id h4J7v5WC035114 verify=FAIL); Mon, 19 May 2003 16:57:05 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.8/8.12.8) with ESMTP id h4J7xWqR001588 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 19 May 2003 16:59:32 +0900 (KST) (envelope-from yongari@michelle.kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.8/8.12.8/Submit) id h4J7xTFS001587; Mon, 19 May 2003 16:59:29 +0900 (KST) (envelope-from yongari) From: Pyun YongHyeon To: Ziad Afra Message-ID: <20030519075925.GA1531@kt-is.co.kr> References: <000001c31d94$3cbe0fc0$050410ac@scum> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000001c31d94$3cbe0fc0$050410ac@scum> User-Agent: Mutt/1.4.1i X-Filter-Version: 1.9 (ns.kt-is.co.kr) Content-Transfer-Encoding: 8bit X-archive-position: 13 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: yongari@kt-is.co.kr Precedence: normal X-list: pf4freebsd X-UID: 65 X-Length: 5694 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 cc: pf4freebsd@freelists.org Subject: [pf4freebsd] Re: PF on FREEBSD 5 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:39:03 -0000 X-Original-Date: Mon, 19 May 2003 16:59:25 +0900 X-List-Received-Date: Thu, 16 Sep 2004 03:39:03 -0000 On Mon, May 19, 2003 at 12:21:39AM +0100, Ziad Afra wrote: > Hello > > My experiences are thus > > NAT does not work at all on my configuration. > > > My rules are set as follows: - > > # macros > ext_if = "fxp0" > int_if = "fxp1" > int_lan = "172.16.4.0/24" > icmp_types = "{ 8, 11 }" > > # options > set block-policy return > set loginterface $ext_if > > # scrub > scrub in all > > # nat/rdr > nat on $ext_if from $int_lan to any -> ($ext_if) > > # filter rules > block all > > pass quick on lo0 all > > block drop in quick on $ext_if from any to any ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > block drop out quick on $ext_if from any to any ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ You have completely blocked all packets from this host. Rememer the last matching rule wins!(This is not ipfw.) You should remove quick keyword to continue process remaining rules. > > pass in on $ext_if inet proto tcp from any to ($ext_if) \ > port {22, 80, 53, 113} flags S/SAFR keep state > > pass in inet proto icmp all icmp-type $icmp_types keep state > > pass in on $ext_if from any to $int_if keep state > pass out on $int_if from any to $int_if keep state > pass out on $ext_if from $int_if keep state > Here you may have confused with ipfw style again. Do not keep state on internal network interface if you don't really have to do. This makes rules much harder to maintain. For normal cases for NAT just pass all packets for internal interface. If you need filtering do it on external interface. So above three rules comes to this: pass in quick on $int_if all pass out quick on $int_if all > pass out on $ext_if proto tcp all modulate state flags S/SAFR > pass out on $ext_if proto { udp, icmp } all keep state > > > > When attempting to call out for dns or other external services from my > internal LAN, my internal ip is used for the request i.e. > > Internally 172.16.4.5 calls for nslookup, this address is used on the > external interface to the requested dns server for the call. Simply put > NAT does not seem to be working for my current configuration. > > Regards and hope you can help > > Ziad > > For more detailed information on PF's syntax and configuration, please refer to OpenBSD's excellent FAQ. http://www.openbsd.org/faq/pf/index.html You can find more examples of pf.conf at this URL. https://solarflux.org/pf/ Also there is a mailing list for PF on FreeBSD. You may get more help for FreeBSD specific problems from that list. See http://pf4freebsd.love2party.net/mlist.html For general PF FAQ see http://www.benzedrine.cx/mailinglist.html. Thanks and Good luck. Pyun YongHyeon -- From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:39:08 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 34ACF16A4CF; Thu, 16 Sep 2004 03:39:08 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 54275 invoked by uid 1005); 27 May 2003 20:32:53 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 54272 invoked from network); 27 May 2003 20:32:52 -0000 Received: from moutng.kundenserver.de (212.227.126.185) by pd9e391c8.dip.t-dialin.net with SMTP; 27 May 2003 20:32:52 -0000 Received: from [212.227.126.210] (helo=mxng14.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19Km3x-00063V-00 for max@vampire.homelinux.org; Tue, 27 May 2003 23:32:53 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng14.kundenserver.de with esmtp (Exim 3.35 #1) id 19Km3v-00060V-00 for max@love2party.net; Tue, 27 May 2003 23:32:52 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id B9DB1390BB5; Tue, 27 May 2003 16:30:08 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 27 May 2003 16:30:07 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.185])ESMTP id 414AE390B1F for ; Tue, 27 May 2003 16:30:07 -0500 (EST) Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19Km3q-00062W-00; Tue, 27 May 2003 23:32:46 +0200 Received: from [217.227.145.200] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19Km3q-00068s-00; Tue, 27 May 2003 23:32:46 +0200 Message-ID: <006a01c32497$8345fed0$01000001@max900> From: "Max Laier" To: , References: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-archive-position: 14 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 72 X-Length: 3656 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: "portable" pf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:39:08 -0000 X-Original-Date: Tue, 27 May 2003 23:32:42 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:39:08 -0000 From: "Paul B. Henson" To: Sent: Tuesday, May 27, 2003 9:05 PM Subject: "portable" pf > Is there any widespread interest in developing a portable version of pf, > similar to portable ssh? I know some efforts have been made to port it to > other BSD variants, but I would be very interested in a Solaris port. I've > used ipf under Solaris for a long time, however pf has long since overtaken > it in feature set and reliability. I have ongoing issues with system > crashes under Solaris when a lot of state is maintained. While working on Pyun's FreeBSD-port I did think about such a project as well and (memory allocation provided [pool(9)/zone(9) or alike]) it should not be too hard to get it working on other platforms (with ipf/pfil_hooks). I started to clean up our FreeBSD port in order to make it more easy to keep up with the development in OpenBSD-Current and will keep an eye on the possiblity to include other porting efforts as well. If you are working on something, please contact me. I didn't find time to look at the NetBSD port yet, but I will try to. Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:39:13 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 393A216A4CF; Thu, 16 Sep 2004 03:39:13 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 82269 invoked by uid 1005); 30 May 2003 02:17:43 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 82266 invoked from network); 30 May 2003 02:17:42 -0000 Received: from moutng.kundenserver.de (212.227.126.185) by pd9530d28.dip.t-dialin.net with SMTP; 30 May 2003 02:17:42 -0000 Received: from [212.227.126.149] (helo=mxng06.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19LaOn-0003uw-00 for max@vampire.homelinux.org; Fri, 30 May 2003 05:17:45 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng06.kundenserver.de with esmtp (Exim 3.35 #1) id 19LaOl-0006wB-00 for max@love2party.net; Fri, 30 May 2003 05:17:44 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 38684390D6A for ; Thu, 29 May 2003 22:14:41 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Thu, 29 May 2003 22:14:39 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177])ESMTP id 8BC81390C18 for ; Thu, 29 May 2003 22:14:38 -0500 (EST) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19LaOc-00056Z-00; Fri, 30 May 2003 05:17:34 +0200 Received: from [217.83.13.40] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19LaOb-0004FN-00; Fri, 30 May 2003 05:17:33 +0200 Message-ID: <007201c3265a$046fbe10$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-archive-position: 15 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 82 X-Length: 3620 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 cc: pf@benzedrine.cx cc: pf-r@solarflux.org Subject: [pf4freebsd] New version: pf_freebsd_1.50 - Testers required X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:39:13 -0000 X-Original-Date: Fri, 30 May 2003 05:17:34 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:39:13 -0000 Hello, after some time I can finally announce the first resync with OpenBSD-current since version 0.50! BUT ... syncing involved almost a complete redo of our tree and hence there might be *many* undiscovered errors with both - new and old - functionalities, or even complete fail in some cases. SO ... if you have some time left, please get a copy (http://pf4freebsd.love2party.net/pf_freebsd_1.50.tar.gz) and report whatever you find! Note that this version is yet missing tcpdump (will be in 1.51)! Spamd and pftop will go to independend ports (not a high priority to me - ask if you need them (or send in your version)) Note further, that the pflog-format changed. As OpenBSD used unofficial DLT number for PFLOG befor we can not warn of old logs so please make sure that you move away you old logs before booting up a new version of pflog. Additional information go to http://pf4freebsd.love2party.net/help.html Anyone to rebuild regress? That would be a great help! I hope you like it and if we can get version 1.5X stable - NetBSD merge is next. Thanks for your support Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:39:18 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 3E66116A4CF; Thu, 16 Sep 2004 03:39:18 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 88518 invoked by uid 1005); 30 May 2003 16:27:11 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 88515 invoked from network); 30 May 2003 16:27:11 -0000 Received: from moutng.kundenserver.de (212.227.126.186) by pd9530d28.dip.t-dialin.net with SMTP; 30 May 2003 16:27:11 -0000 Received: from [212.227.126.151] (helo=mxng00.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19Lnep-0006kw-00 for max@vampire.homelinux.org; Fri, 30 May 2003 19:27:11 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng00.kundenserver.de with esmtp (Exim 3.35 #1) id 19Lnel-0002Ey-00 for max@love2party.net; Fri, 30 May 2003 19:27:07 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id F21F8390B0E for ; Fri, 30 May 2003 12:23:58 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Fri, 30 May 2003 12:23:56 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171])ESMTP id 2E3D7390AE6 for ; Fri, 30 May 2003 12:23:56 -0500 (EST) Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19Lneg-0000mr-00 for pf4freebsd@freelists.org; Fri, 30 May 2003 19:27:02 +0200 Received: from [217.83.13.40] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19Lneg-00059h-00 for pf4freebsd@freelists.org; Fri, 30 May 2003 19:27:02 +0200 Message-ID: <009501c326d0$b0a96390$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-archive-position: 16 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 83 X-Length: 2623 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Version 1.51 ... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:39:18 -0000 X-Original-Date: Fri, 30 May 2003 19:27:04 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:39:18 -0000 ... as promised now including tcpdump. http://pf4freebsd.love2party.net/pf_freebsd_1.51.tar.gz Nothing else changed. Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:39:23 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 43B2716A4CF; Thu, 16 Sep 2004 03:39:23 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 11673 invoked by uid 1005); 3 Jun 2003 10:46:19 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 11670 invoked from network); 3 Jun 2003 10:46:19 -0000 Received: from moutng.kundenserver.de (212.227.126.185) by pd9e39492.dip.t-dialin.net with SMTP; 3 Jun 2003 10:46:19 -0000 Received: from [212.227.126.148] (helo=mxng05.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19NAFI-0003P6-00 for max@vampire.homelinux.org; Tue, 03 Jun 2003 13:46:28 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng05.kundenserver.de with esmtp (Exim 3.35 #1) id 19NAFG-0001MK-00 for max@love2party.net; Tue, 03 Jun 2003 13:46:26 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 55B30390A22; Tue, 3 Jun 2003 06:42:38 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 03 Jun 2003 06:42:36 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177])ESMTP id A1B153909F1 for ; Tue, 3 Jun 2003 06:42:35 -0500 (EST) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19NAF7-0007N6-00 for pf4freebsd@freelists.org; Tue, 03 Jun 2003 13:46:17 +0200 Received: from [217.227.148.146] (helo=vampire.homelinux.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19NAF7-0007lP-00 for pf4freebsd@freelists.org; Tue, 03 Jun 2003 13:46:17 +0200 Received: (qmail 11664 invoked by uid 80); 3 Jun 2003 10:46:06 -0000 Received: from 141.3.10.100 (proxying for 141.3.12.206) (SquirrelMail authenticated user mlaier) by webmail.vampire.homelinux.org with HTTP; Tue, 3 Jun 2003 12:46:06 +0200 (CEST) Message-ID: <40481.141.3.10.100.1054637166.squirrel@webmail.vampire.homelinux.org> From: "Max Laier" To: X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.11) MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-archive-position: 17 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 86 X-Length: 3315 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Version 1.52 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:39:23 -0000 X-Original-Date: Tue, 3 Jun 2003 12:46:06 +0200 (CEST) X-List-Received-Date: Thu, 16 Sep 2004 03:39:23 -0000 Hello, just uploaded version 1.52 (http://pf4freebsd.love2party.net/pf_freebsd_1.52.tar.gz) Pyun found some missing initialisations for new structures and fixed a long standing problem with the "WITH_RANDOM_ID=yes" option (which now has an effect again). Please update to the new version. I didn't receive any feedback (neither good nor bad) about the new version. Is someone actually running it on her/his box? I have it on my gateway and didn't see anything bad yet, but I am really curious about your experience. So, if you gave it a try, please let me know. Thanks Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:39:28 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 488C316A4CF; Thu, 16 Sep 2004 03:39:28 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 13885 invoked by uid 1005); 3 Jun 2003 20:34:50 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 13882 invoked from network); 3 Jun 2003 20:34:50 -0000 Received: from moutng.kundenserver.de (212.227.126.189) by pd9e39492.dip.t-dialin.net with SMTP; 3 Jun 2003 20:34:50 -0000 Received: from [212.227.126.149] (helo=mxng06.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19NJQq-0003Sx-00 for max@vampire.homelinux.org; Tue, 03 Jun 2003 23:35:00 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng06.kundenserver.de with esmtp (Exim 3.35 #1) id 19NJQm-00067s-00 for max@love2party.net; Tue, 03 Jun 2003 23:34:56 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 8DD76390A8B; Tue, 3 Jun 2003 16:31:03 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 03 Jun 2003 16:31:01 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from churchill.mywebserver.net (churchill.mywebserver.net [216.118.80.98])ESMTP id BCB97390A70 for ; Tue, 3 Jun 2003 16:31:00 -0500 (EST) Received: from 82-43-209-176.cable.ubr10.newm.blueyonder.co.uk ([82.43.209.176] helo=scum) by churchill.mywebserver.net with asmtp (Exim 3.36 #1) id 19NJQd-0007aS-00 for pf4freebsd@freelists.org; Tue, 03 Jun 2003 17:34:47 -0400 From: "Ziad Afra" To: Message-ID: <000701c32a18$6db7a740$050410ac@scum> MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal In-Reply-To: <40481.141.3.10.100.1054637166.squirrel@webmail.vampire.homelinux.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - churchill.mywebserver.net X-AntiAbuse: Original Domain - freelists.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [0 0] X-AntiAbuse: Sender Address Domain - refraction.co.uk X-archive-position: 18 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: ziad.afra@refraction.co.uk Precedence: normal X-list: pf4freebsd X-UID: 88 X-Length: 6974 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: Version 1.52 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:39:28 -0000 X-Original-Date: Tue, 3 Jun 2003 22:38:09 +0100 X-List-Received-Date: Thu, 16 Sep 2004 03:39:28 -0000 All I still cant get NAT to work correctly on my setup. Its quite frustrating I must say.. My configuration is as follows:- FreeBSD XXX.XXX.XXX 5.0-RELEASE FreeBSD 5.0-RELEASE #6: Wed May 14 00:30:11 BST 2003 root@XXX.XXX.XXX:/usr/obj/usr/src/sys/FREE i386 ===[root] ~ # sysctl -a|grep -i forw kern.smp.forward_signal_enabled: 1 kern.smp.forward_roundrobin_enabled: 1 net.inet.ip.forwarding: 1 net.inet.ip.fastforwarding: 1 net.inet6.ip6.forwarding: 0 ===[root] /boot/kernel # pwd /boot/kernel ### ### ###of concern### -r-xr-xr-x 1 root wheel 124916 May 14 01:46 pf.ko -r-xr-xr-x 1 root wheel 6844 May 14 01:46 pflog.ko -r-xr-xr-x 1 root wheel 8442 May 14 01:46 pfsync.ko ===[root] /boot/kernel # pfctl -sa scrub in all fragment reassemble pass quick on lo0 all nat on fxp0 inet from 172.16.4.1 to any -> 172.16.4.11 pfctl: DIOCGETALTQS: Operation not supported by device Status: Enabled for 1 days 20:58:49 Debug: None State Table Total Rate current entries 0 searches 0 0.0/s inserts 0 0.0/s removals 0 0.0/s Counters match 0 0.0/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 30s interval 10s states hard limit 10000 frags hard limit 5000 ===[root] /usr/local/etc # cat pf.conf # macros ext_if = "fxp0" int_if = "fxp1" int_lan = "172.16.5.255" # scrub scrub in all # nat/rdr nat on $ext_if from 172.16.5.1 to any -> 172.16.4.11 As you can see here I have set explicit rule for 1 internal ip to be used and still no difference. This test firewall is already behind an existing implementation of openbsd using PF which I know works. So what looks like is happening is that NAT is not correctly working as per the tcpdump (fxp0 is my external interface to the ubernet):- ===[root] /usr/local/etc # tcpdump -i fxp0 host 172.16.5.1 tcpdump: listening on fxp0 22:31:58.614125 172.16.5.1.3743 > ns.cableinet.net.domain: 7+[|domain] 22:32:00.606079 172.16.5.1.3744 > ns.cableinet.net.domain: 8+ A? www.hotmail.com. (33) why is 172.16.5.1 requesting on the external interface domain requests when it should be 172.16.4.11? Nat looks like to be borked with regards to my implementation. Perhaps I have done something wrong? Comments please! I could really do with some help here... Regards Ziad -----Original Message----- From: pf4freebsd-bounce@freelists.org [mailto:pf4freebsd-bounce@freelists.org] On Behalf Of Max Laier Sent: 03 June 2003 11:46 To: pf4freebsd@freelists.org Subject: [pf4freebsd] Version 1.52 Hello, just uploaded version 1.52 (http://pf4freebsd.love2party.net/pf_freebsd_1.52.tar.gz) Pyun found some missing initialisations for new structures and fixed a long standing problem with the "WITH_RANDOM_ID=yes" option (which now has an effect again). Please update to the new version. I didn't receive any feedback (neither good nor bad) about the new version. Is someone actually running it on her/his box? I have it on my gateway and didn't see anything bad yet, but I am really curious about your experience. So, if you gave it a try, please let me know. Thanks Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:39:33 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 511A316A4CF; Thu, 16 Sep 2004 03:39:33 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 14995 invoked by uid 1005); 4 Jun 2003 01:59:20 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 14992 invoked from network); 4 Jun 2003 01:59:20 -0000 Received: from moutng.kundenserver.de (212.227.126.185) by pd9530f5c.dip.t-dialin.net with SMTP; 4 Jun 2003 01:59:20 -0000 Received: from [212.227.126.148] (helo=mxng05.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19NOUs-0003vm-00 for max@vampire.homelinux.org; Wed, 04 Jun 2003 04:59:30 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng05.kundenserver.de with esmtp (Exim 3.35 #1) id 19NOUs-0002Zc-00 for max@love2party.net; Wed, 04 Jun 2003 04:59:30 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 1DAED390988; Tue, 3 Jun 2003 21:55:40 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 03 Jun 2003 21:55:37 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from ns.kt-is.co.kr (unknown [211.218.149.125]) ESMTP id EC21F3907B7 for ; Tue, 3 Jun 2003 21:55:35 -0500 (EST) Received: from michelle.kt-is.co.kr ([220.76.118.193]) (authenticated bits=0) by ns.kt-is.co.kr (8.12.5/8.12.5) with ESMTP id h542u3WC034958 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=FAIL) for ; Wed, 4 Jun 2003 11:56:04 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.8/8.12.8) with ESMTP id h542wrTq003473 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 4 Jun 2003 11:58:53 +0900 (KST) (envelope-from yongari@michelle.kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.8/8.12.8/Submit) id h542wrQO003472 for pf4freebsd@freelists.org; Wed, 4 Jun 2003 11:58:53 +0900 (KST) (envelope-from yongari) From: Pyun YongHyeon To: pf4freebsd@freelists.org Message-ID: <20030604025848.GA3290@kt-is.co.kr> References: <40481.141.3.10.100.1054637166.squirrel@webmail.vampire.homelinux.org> <000701c32a18$6db7a740$050410ac@scum> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000701c32a18$6db7a740$050410ac@scum> User-Agent: Mutt/1.4.1i X-Filter-Version: 1.9 (ns.kt-is.co.kr) Content-Transfer-Encoding: 8bit X-archive-position: 19 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: yongari@kt-is.co.kr Precedence: normal X-list: pf4freebsd X-UID: 89 X-Length: 5086 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: Version 1.52 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:39:33 -0000 X-Original-Date: Wed, 4 Jun 2003 11:58:48 +0900 X-List-Received-Date: Thu, 16 Sep 2004 03:39:33 -0000 On Tue, Jun 03, 2003 at 10:38:09PM +0100, Ziad Afra wrote: > All > > I still cant get NAT to work correctly on my setup. Its quite > frustrating I must say.. > > My configuration is as follows:- > > FreeBSD XXX.XXX.XXX 5.0-RELEASE FreeBSD 5.0-RELEASE #6: Wed May 14 > 00:30:11 BST 2003 root@XXX.XXX.XXX:/usr/obj/usr/src/sys/FREE i386 > > ===[root] ~ # sysctl -a|grep -i forw > kern.smp.forward_signal_enabled: 1 > kern.smp.forward_roundrobin_enabled: 1 > net.inet.ip.forwarding: 1 > net.inet.ip.fastforwarding: 1 > net.inet6.ip6.forwarding: 0 > > ===[root] /boot/kernel # pwd > /boot/kernel > ### > ### > ###of concern### > -r-xr-xr-x 1 root wheel 124916 May 14 01:46 pf.ko > -r-xr-xr-x 1 root wheel 6844 May 14 01:46 pflog.ko > -r-xr-xr-x 1 root wheel 8442 May 14 01:46 pfsync.ko > > ===[root] /boot/kernel # pfctl -sa > scrub in all fragment reassemble > pass quick on lo0 all > nat on fxp0 inet from 172.16.4.1 to any -> 172.16.4.11 > pfctl: DIOCGETALTQS: Operation not supported by device ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ What pf version do you use? Did you upgrade your kernel for some other reasons(i.e. security patches)? Do you use ALTQ? It seems that there is a mismatches between your kernel and pf module. Please rebuild pf kernel modules. The above message should not appear whether ALTQ routines enabled or not. Normal procedures to follow are #killall pflogd #kldunload pf #kldunload pfaltq #kldunload pfsync #kldunload pflog #cd /path/to/pf_source_location #make clean #make && make install Please let me know the results. If you can feedback more detailed information, you would get better support. Thanks and good luck. > Status: Enabled for 1 days 20:58:49 Debug: None > > State Table Total Rate > current entries 0 > searches 0 0.0/s [snip] -- Pyun YongHyeon From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:39:38 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 57BE516A4CF; Thu, 16 Sep 2004 03:39:38 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 15593 invoked by uid 1005); 4 Jun 2003 04:46:46 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 15590 invoked from network); 4 Jun 2003 04:46:46 -0000 Received: from moutng.kundenserver.de (212.227.126.184) by pd9530f5c.dip.t-dialin.net with SMTP; 4 Jun 2003 04:46:46 -0000 Received: from [212.227.126.211] (helo=mxng15.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19NR6v-0006PY-00 for max@vampire.homelinux.org; Wed, 04 Jun 2003 07:46:57 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng15.kundenserver.de with esmtp (Exim 3.35 #1) id 19NR6s-0001L1-00 for max@love2party.net; Wed, 04 Jun 2003 07:46:54 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id C13F9390A87; Wed, 4 Jun 2003 00:43:03 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Wed, 04 Jun 2003 00:43:01 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177])ESMTP id 135D8390A5B for ; Wed, 4 Jun 2003 00:43:01 -0500 (EST) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19NR6o-0001xj-00 for pf4freebsd@freelists.org; Wed, 04 Jun 2003 07:46:50 +0200 Received: from [217.83.15.92] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19NR6o-0002SF-00 for pf4freebsd@freelists.org; Wed, 04 Jun 2003 07:46:50 +0200 Message-ID: <000901c32a5c$b7283810$01000001@max900> From: "Max Laier" To: References: <000701c32a18$6db7a740$050410ac@scum> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-archive-position: 20 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 90 X-Length: 3435 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: Version 1.52 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:39:38 -0000 X-Original-Date: Wed, 4 Jun 2003 07:46:58 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:39:38 -0000 I see a little contrast here: > ===[root] /boot/kernel # pfctl -sa > scrub in all fragment reassemble > pass quick on lo0 all > nat on fxp0 inet from 172.16.4.1 to any -> 172.16.4.11 > ===[root] /usr/local/etc # cat pf.conf [...] > nat on $ext_if from 172.16.5.1 to any -> 172.16.4.11 Are your sure that you did load the ruleset you are cat'ing? As you see, pfctl tells you that it will "nat ... from 172.16.4.1 ..." that is a point of interest! What is your LAN-Layout (i.e. in what way are 172.16.5.1, 172.16.4.11 and your external gateway connected) ? Is default route and netmask correct on all boxes involved? We will get thisone working! So please look at the issue with xxx4.1 vs. xxx5.1 and maybe paste output of "netstat -rn" and "ifconfig -a" of 172.16.5.1 and 172.16.4.11 as well. Thank you very much for your feedback, I really hope that we can settle this problem soon Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:39:43 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 5D97C16A4D0; Thu, 16 Sep 2004 03:39:43 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 18332 invoked by uid 1005); 4 Jun 2003 16:55:15 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 18329 invoked from network); 4 Jun 2003 16:55:15 -0000 Received: from moutng.kundenserver.de (212.227.126.189) by pd9530f5c.dip.t-dialin.net with SMTP; 4 Jun 2003 16:55:15 -0000 Received: from [212.227.126.213] (helo=mxng17.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19NcTu-0004xz-00 for max@vampire.homelinux.org; Wed, 04 Jun 2003 19:55:26 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng17.kundenserver.de with esmtp (Exim 3.35 #1) id 19NcTp-0006Qz-00 for max@love2party.net; Wed, 04 Jun 2003 19:55:21 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 3864E390970; Wed, 4 Jun 2003 12:51:26 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Wed, 04 Jun 2003 12:51:23 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.184])ESMTP id 8DFF73902A3 for ; Wed, 4 Jun 2003 12:51:23 -0500 (EST) Received: from [212.227.126.155] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19NcTh-00060c-00 for pf4freebsd@freelists.org; Wed, 04 Jun 2003 19:55:13 +0200 Received: from [217.83.15.92] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19NcTg-0001Im-00 for pf4freebsd@freelists.org; Wed, 04 Jun 2003 19:55:12 +0200 Message-ID: <000f01c32ac2$781d6440$01000001@max900> From: "Max Laier" To: References: <006e01c32aaa$0fb5b780$01000001@max900> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-archive-position: 22 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 91 X-Length: 2777 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: NAT-Problem (was Re: Version 1.52) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:39:43 -0000 X-Original-Date: Wed, 4 Jun 2003 19:55:21 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:39:43 -0000 > -- Binary/unsupported file stripped by Ecartis -- > -- Type: application/octet-stream > -- File: pf_ioctl.diff http://pf4freebsd.love2party.net/pf_ioctl.c.diff Better ... I have to investigate why they do not allow such things. From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:39:48 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 623C216A4CF; Thu, 16 Sep 2004 03:39:48 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 17759 invoked by uid 1005); 4 Jun 2003 14:00:44 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 17756 invoked from network); 4 Jun 2003 14:00:44 -0000 Received: from moutng.kundenserver.de (212.227.126.177) by pd9530f5c.dip.t-dialin.net with SMTP; 4 Jun 2003 14:00:44 -0000 Received: from [212.227.126.213] (helo=mxng17.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19NZl1-0001ma-00 for max@vampire.homelinux.org; Wed, 04 Jun 2003 17:00:55 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng17.kundenserver.de with esmtp (Exim 3.35 #1) id 19NZkw-0005bE-00 for max@love2party.net; Wed, 04 Jun 2003 17:00:50 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id C11973908A8; Wed, 4 Jun 2003 09:56:45 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Wed, 04 Jun 2003 09:56:43 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187])ESMTP id 1AF8B390775 for ; Wed, 4 Jun 2003 09:56:43 -0500 (EST) Received: from [212.227.126.155] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19NZkd-0002rs-00 for pf4freebsd@freelists.org; Wed, 04 Jun 2003 17:00:31 +0200 Received: from [217.83.15.92] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19NZkb-00084N-00 for pf4freebsd@freelists.org; Wed, 04 Jun 2003 17:00:29 +0200 Message-ID: <006e01c32aaa$0fb5b780$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Content-Transfer-Encoding: 8bit X-archive-position: 21 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 92 X-Length: 2998 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] NAT-Problem (was Re: Version 1.52) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:39:48 -0000 X-Original-Date: Wed, 4 Jun 2003 17:00:38 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:39:48 -0000 Here is a little diagnostic diff against version 1.52. It describes every packet run thru the filter before and after pf_test() was performed. The output (on the console) might be helpful to further hunt down your problem. I hope/think that reloading the ruleset will help (s. earlier post). If not, please apply the patch and send the output of "dmesg -a" after some traffic. Thank you and good luck Max -- Binary/unsupported file stripped by Ecartis -- -- Type: application/octet-stream -- File: pf_ioctl.diff From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:39:53 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 66AA516A4CF; Thu, 16 Sep 2004 03:39:53 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 38790 invoked by uid 1005); 9 Jun 2003 03:13:33 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 38787 invoked from network); 9 Jun 2003 03:13:33 -0000 Received: from moutng.kundenserver.de (212.227.126.171) by pd9e39874.dip.t-dialin.net with SMTP; 9 Jun 2003 03:13:33 -0000 Received: from [212.227.126.215] (helo=mxng19.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19PE2U-0003Sl-00 for max@vampire.homelinux.org; Mon, 09 Jun 2003 06:13:46 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng19.kundenserver.de with esmtp (Exim 3.35 #1) id 19PE2Q-0006AD-00 for max@love2party.net; Mon, 09 Jun 2003 06:13:42 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 8C94A390BFD; Sun, 8 Jun 2003 23:09:04 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sun, 08 Jun 2003 23:09:01 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from ns.kt-is.co.kr (unknown [211.218.149.125]) ESMTP id 0CE18390BD7 for ; Sun, 8 Jun 2003 23:09:00 -0500 (EST) Received: from michelle.kt-is.co.kr ([220.76.118.193]) (authenticated bits=0) by ns.kt-is.co.kr (8.12.5/8.12.5) with ESMTP id h594AJWC057660 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=FAIL) for ; Mon, 9 Jun 2003 13:10:20 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.8/8.12.8) with ESMTP id h594D7sW001077 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 9 Jun 2003 13:13:07 +0900 (KST) (envelope-from yongari@michelle.kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.8/8.12.8/Submit) id h594CvXH001076 for pf4freebsd@freelists.org; Mon, 9 Jun 2003 13:12:57 +0900 (KST) (envelope-from yongari) From: Pyun YongHyeon To: pf4freebsd@freelists.org Message-ID: <20030609041253.GA976@kt-is.co.kr> References: Mime-Version: 1.0 Content-type: text/plain; charset=euc-kr Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.4.1i X-Filter-Version: 1.9 (ns.kt-is.co.kr) X-archive-position: 24 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: yongari@kt-is.co.kr Precedence: normal X-list: pf4freebsd X-UID: 97 X-Length: 5080 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: Version 1.52 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:39:53 -0000 X-Original-Date: Mon, 9 Jun 2003 13:12:53 +0900 X-List-Received-Date: Thu, 16 Sep 2004 03:39:53 -0000 On Sun, Jun 08, 2003 at 10:50:38PM +0200, Rolf wrote: > > Hi, keep up the good work guys! > > I've just upgraded my gateway to fbsd 5.1 RELEASE #0. > Then I installed your pf_freebsd_1.52 package, guess what! It works!! BUT! > I am an xDSL user, and got some problems with NAT through pf when using ppp protocol to connect PPPoE ,and have not (yet) had time and effort to lookup this error. > > My NAT rule in pf.conf is exatly as posted here: nat on ! ?Int from $Int/24 to any -> $Ext > where Int=xl1 and Ext=tun0. > Thanks for your feedback. There are two methods on FreeBSD to use xDSL, also known as user mode and kernel mode. It seems that you use userland PPPoE client becuase your external interface is tun0. Right? You should first check your xDSL connection without pf. (To narrow down the problem.) There may be some differences between OpenBSD ppp and FreeBSD ppp configuration. Currently, FreeBSD pf can't detect address changes accomplished by ppp client software(ppp or mpd). OpenBSD pf knows about that and takes care about it. This is one of differences between FreeBSD pf and OpenBSD one. You should reload your pf rule whenever your external address(tun0) chanages. This can be done via /etc/ppp/ppp.linkup file. See ppp(8) for more detailes.(This problem can be fixed if we can have a write access FreeBSD kernel sources.) If you can't NAT with this, please let me know. Please include the following information. 1. FreeBSD/pf version used 2. your kernel configuration if you have customized one 3. your complete pf rule set 4. your network configuration 5. your ppp start up script in /etc/ppp/ppp.linkup You would get more stable version if users like you report more problems. Thank you and good luck. > This worked great on my former OBSD box, and should have worked on my FBSD to. > > I would love to use pf's NAT(RDR works great). > OH, IPv6 works great for me, that's it so far.. > > I have not been able or have found the time and effort to test any other functions... > > Rolf > -- Pyun YongHyeon From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:39:58 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 6C0BA16A4CF; Thu, 16 Sep 2004 03:39:58 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 40821 invoked by uid 1005); 9 Jun 2003 15:11:35 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 40818 invoked from network); 9 Jun 2003 15:11:33 -0000 Received: from moutng.kundenserver.de (212.227.126.171) by pd9e39874.dip.t-dialin.net with SMTP; 9 Jun 2003 15:11:33 -0000 Received: from [212.227.126.150] (helo=mxng07.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19PPFO-0001Jq-00 for max@vampire.homelinux.org; Mon, 09 Jun 2003 18:11:50 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng07.kundenserver.de with esmtp (Exim 3.35 #1) id 19PPFN-000666-00 for max@love2party.net; Mon, 09 Jun 2003 18:11:49 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id CD755390AF7; Mon, 9 Jun 2003 11:07:06 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Mon, 09 Jun 2003 11:07:04 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from pals013.palantir.no (pals013.palantir.no [213.236.208.10]) SMTP id 5FBD0390C73 for ; Mon, 9 Jun 2003 10:55:18 -0500 (EST) Received: (qmail 25239 invoked by uid 67); 9 Jun 2003 15:59:57 -0000 Message-ID: X-Mailer: BasiliX 1.1.0 -- http://basilix.org X-SenderIP: 80.212.167.90 From: Rolf Skaar To: pf4freebsd@freelists.org X-archive-position: 25 X-Approved-By: max@love2party.net X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: rasgal@palantir.no Precedence: normal X-list: pf4freebsd Content-Type: X-UID: 101 X-Length: 23538 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: Version 1.52 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:39:58 -0000 X-Original-Date: Mon, 09 Jun 2003 17:59:57 CEST X-List-Received-Date: Thu, 16 Sep 2004 03:39:58 -0000 On 09 Jun 2003 06:14 CEST you wrote: > On Sun, Jun 08, 2003 at 10:50:38PM 0200, Rolf wrote: > > > > Hi, keep up the good work guys! > > > > I've just upgraded my gateway to fbsd 5.1 RELEASE #0. > > Then I installed your pf_freebsd_1.52 package, guess what! It works!! BUT! > > I am an xDSL user, and got some problems with NAT through pf when using ppp protocol to connect PPPoE ,and have not (yet) had time and effort to lookup this error. > > > > My NAT rule in pf.conf is exatly as posted here: nat on ! ?Int from $Int/24 to any -> $Ext > > where Int=xl1 and Ext=tun0. > > > Thanks for your feedback. > There are two methods on FreeBSD to use xDSL, also known as user mode and > kernel mode. It seems that you use userland PPPoE client becuase your > external interface is tun0. Right? > You should first check your xDSL connection without pf. > (To narrow down the problem.) > There may be some differences between OpenBSD ppp and FreeBSD ppp > configuration. > > Currently, FreeBSD pf can't detect address changes accomplished by ppp > client software(ppp or mpd). OpenBSD pf knows about that and takes care > about it. > This is one of differences between FreeBSD pf and OpenBSD one. > You should reload your pf rule whenever your external address(tun0) > chanages. This can be done via /etc/ppp/ppp.linkup file. See ppp(8) for > more detailes.(This problem can be fixed if we can have a write access > FreeBSD kernel sources.) > > If you can't NAT with this, please let me know. Please include the > following information. > 1. FreeBSD/pf version used > 2. your kernel configuration if you have customized one > 3. your complete pf rule set > 4. your network configuration > 5. your ppp start up script in /etc/ppp/ppp.linkup > > You would get more stable version if users like you report more problems. > Thank you and good luck. > > > This worked great on my former OBSD box, and should have worked on my FBSD to. > > > > I would love to use pf's NAT(RDR works great). > > OH, IPv6 works great for me, that's it so far.. > > > > I have not been able or have found the time and effort to test any other functions... > > > > Rolf > > > > -- > Pyun YongHyeon > No problem, I am glad if i can help. Here is my network layout; INET <--> GATEWAY <--> WORKSTATION [ISP_gateway <--> my_tun0_IP ] <--> [xl1:10.10.0.1 <--> xl0:10.10.0.250] External Internal I have configured my box to configure everything at boot time to maximise uptime on my box as im not around all the time, pf version is pf_freebsd_1.52.tar.gz. I begin with my kernel configuration witch is mostly generic: machine i386 cpu I586_CPU cpu I686_CPU ident ashaman options SC_DISABLE_REBOOT options VESA options SC_PIXEL_MODE options PFIL_HOOKS options RANDOM_IP_ID #options ALTQ options SCHED_4BSD #4BSD scheduler options INET #InterNETworking options INET6 #IPv6 communications protocols options FFS #Berkeley Fast Filesystem options SOFTUPDATES #Enable FFS soft updates support options UFS_ACL #Support for access control lists options UFS_DIRHASH #Improve performance on big directories options MD_ROOT #MD is a potential root device options NFSCLIENT #Network Filesystem Client options NFSSERVER #Network Filesystem Server options NFS_ROOT #NFS usable as root device, requires NFSCLIENT options MSDOSFS #MSDOS Filesystem options CD9660 #ISO 9660 Filesystem options PROCFS #Process filesystem (requires PSEUDOFS) options PSEUDOFS #Pseudo-filesystem framework options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!] options COMPAT_FREEBSD4 #Compatible with FreeBSD4 options SCSI_DELAY=15000 #Delay (in ms) before probing SCSI options KTRACE #ktrace(1) support options SYSVSHM #SYSV-style shared memory options SYSVMSG #SYSV-style message queues options SYSVSEM #SYSV-style semaphores options _KPOSIX_PRIORITY_SCHEDULING #Posix P1003_1B real-time extensions options KBD_INSTALL_CDEV # install a CDEV entry in /dev options AHC_REG_PRETTY_PRINT # Print register bitfields in debug # output. Adds ~128k to driver. options AHD_REG_PRETTY_PRINT # Print register bitfields in debug # output. Adds ~215k to driver. device isa device eisa device pci # Floppy drives device fdc # ATA and ATAPI devices device ata device atadisk # ATA disk drives device atapicd # ATAPI CDROM drives device atapifd # ATAPI floppy drives device atapist # ATAPI tape drives options ATA_STATIC_ID #Static device numbering # atkbdc0 controls both the keyboard and the PS/2 mouse device atkbdc # AT keyboard controller device atkbd # AT keyboard device psm # PS/2 mouse device vga # VGA video card driver device splash # Splash screen and screen saver support # syscons is the default console driver, resembling an SCO console device sc device agp # support several AGP chipsets # Floating point support - do not disable. device npx # Add suspend/resume support for the i8254. device pmtimer # PCI Ethernet NICs. device de # DEC/Intel DC21x4x (``Tulip'') device em # Intel PRO/1000 adapter Gigabit Ethernet Card device txp # 3Com 3cR990 (``Typhoon'') device vx # 3Com 3c590, 3c595 (``Vortex'') # PCI Ethernet NICs that use the common MII bus controller code. # NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! device miibus # MII bus support device dc # DEC/Intel 21143 and various workalikes device fxp # Intel EtherExpress PRO/100B (82557, 82558) device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'') device cs # Crystal Semiconductor CS89x0 NIC # 'device ed' requires 'device miibus' device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards device ep # Etherlink III based cards # Pseudo devices - the number indicates how many units to allocate. device random # Entropy device device loop # Network loopback device ether # Ethernet support device sl # Kernel SLIP device ppp # Kernel PPP device tun # Packet tunnel. device pty # Pseudo-ttys (telnet etc) device md # Memory "disks" device gif # IPv6 and IPv4 tunneling device faith # IPv6-to-IPv4 relaying (translation) # The `bpf' device enables the Berkeley Packet Filter. # Be aware of the administrative consequences of enabling this! device bpf # Berkeley packet filter device ppbus device plip device ppc As you probably see i have only added 5 options, and have not cared to remove any unnessesary devices yet. rc.conf is like this: gateway_enable="YES" ipv6_enable="YES" hostname="ashaman.inquisitors.org" ifconfig_xl0="up" ifconfig_xl1="inet 10.10.0.1 netmask 255.255.255.0" ipv6_ifconfig_xl1="2001:470:1f00:509::1111 prefixlen 64" ppp_enable="YES" ppp_nat="NO" ppp_mode="ddial" ppp_profile="TelenorADSL" #pppoed_enable="YES" # Run the PPP over Ethernet daemon. #pppoed_provider="pppoe" # Provider and ppp(8) config file entry. #pppoed_flags="-P /var/run/pppoed.pid" # Flags to pppoed (if enabled). #pppoed_interface="xl0" # The interface that pppoed runs on. #pf_enable="YES" #pf_logd="YES" #pf_conf="/home/rasgal/myconfig/pf.conf" #pfctl_flags="" inetd_enable="YES" kern_securelevel_enable="NO" keymap="norwegian.iso" keyrate="fast" keybell="off" nfs_client_enable="YES" nfs_server_enable="YES" router_enable="NO" rpcbind_enable="YES" sendmail_enable="NONE" sshd_enable="YES" font8x8="swiss-8x8" font8x14="NO" font8x16="swiss-8x16" allscreens_flags="VESA_132x60 yellow blue" I have changed ppp_nat= from "YES" to "NO" to use pf's nat. ppp.conf is like this: default: set log Phase Chat LCP IPCP CCP tun command set redial 15 0 set reconnect 15 10000 TelenorADSL: set device PPPoE:xl0 disable acfcomp protocomp deny acfcomp set mtu max 1492 set speed sync enable lqr set lqrperiod 5 set cd 5 set dial set login set timeout 0 set authname ************** set authkey ******** add! default HISADDR enable dns enable mssfixup and here is my ppp.linkup: MYADDR: ! sh -c "/sbin/ifconfig pflog0 up" ! sh -c "/sbin/ifconfig pfsync0 up" !bg sh -c "/home/rasgal/myscripts/tunnel.sh" ! sh -c "/usr/local/sbin/pflogd" ! sh -c "/usr/local/sbin/`pfctl -e -q -Fa -f /home/rasgal/myconfig/pf.conf`" this loads all the rules and every thing should be up and running now... what tunnel.sh does is setting up my ipv6 connection. ok, my rule set is somewhat simple (pass all in/out), and blocks only services that i want it to: Ext = "tun0" Int = "xl1" tunnel = "gif0" Loop = "lo0" portblock = "{ 21, 111, 1023 }" portpass = "{ 53 }" scrub in all fragment reassemble # IPv4 NAT configuration # #nat on ! $Int from $Int/24 to any -> $Ext #nat on $Ext from $Int/24 to any -> $Ext # Redirect # rdr on $Ext proto tcp from any to any port 60000:60010 -> 10.10.0.250 port 60000:* rdr on $Ext proto tcp from any to any port 62003 -> 10.10.0.250 port 62003 # IPv4 packet filter rules # block in quick on $Ext proto {tcp} from any to any port $portblock # basic passes # pass in quick on $Loop all pass out quick on $Loop all pass in quick on $Ext all pass out quick on $Ext all # IPv6 packet filter rules # # Basic ipv6 rules # pass in quick on gif0 proto ipv6 from any to any pass out quick on gif0 proto ipv6 from any to any and here is my outout from "pfctl -sa": [ _- ~ -_ 4:30:02pm Mon Jun 09 ] %pfctl -sa scrub in all fragment reassemble block drop in quick on tun0 proto tcp from any to any port = ftp block drop in quick on tun0 proto tcp from any to any port = sunrpc block drop in quick on tun0 proto tcp from any to any port = 1023 pass in quick on lo0 all pass out quick on lo0 all pass in quick on tun0 all pass out quick on tun0 all pass in quick on gif0 proto ipv6 all pass out quick on gif0 proto ipv6 all nat on ! xl1 inet from 10.10.0.0/24 to any -> 80.212.169.91 rdr on tun0 inet proto tcp from any to any port 60000:60010 -> 10.10.0.250 port 60000:60010 rdr on tun0 inet proto tcp from any to any port = 62003 -> 10.10.0.250 port 62003 pfctl: DIOCGETALTQS: Operation not supported by device Status: Enabled for 0 days 00:35:08 Debug: None State Table Total Rate current entries 0 searches 0 0.0/s inserts 0 0.0/s removals 0 0.0/s Counters match 0 0.0/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 30s interval 10s adaptive.start 0 states adaptive.end 0 states states hard limit 10000 frags hard limit 5000 when my boot is done "ifconfig -a" end very similar to this one: [ _- ~ -_ 3:52:09pm Mon Jun 09 ] %ifconfig -a xl0: flags=8843 mtu 1500 inet6 fe80::260:97ff:fe9f:c2a7%xl0 prefixlen 64 scopeid 0x1 ether 00:60:97:9f:c2:a7 media: Ethernet 10baseT/UTP (10baseT/UTP ) xl1: flags=8843 mtu 1500 options=3 inet 10.10.0.1 netmask 0xffffff00 broadcast 10.10.0.255 inet6 fe80::210:5aff:fecb:72cf%xl1 prefixlen 64 scopeid 0x2 inet6 2001:470:1f00:509::1111 prefixlen 64 ether 00:10:5a:cb:72:cf media: Ethernet autoselect (100baseTX ) status: active pflog0: flags=141 mtu 33208 lo0: flags=8049 mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff000000 pfsync0: flags=41 mtu 2032 tun0: flags=8051 mtu 1492 inet 80.212.169.91 --> 80.212.160.0 netmask 0xffffffff Opened by PID 202 gif0: flags=8051 mtu 1280 tunnel inet 80.212.169.91 --> 64.71.128.82 inet6 2001:470:1f00:ffff::333 --> 2001:470:1f00:ffff::332 prefixlen 128 inet6 fe80::260:97ff:fe9f:c2a7%gif0 prefixlen 64 scopeid 0x7 and "ps aux" show this: USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 11 98.1 0.0 0 12 ?? RL 4:38PM 1:48.02 (idle) root 10 0.0 0.0 0 12 ?? DL 4:38PM 0:00.00 (ktrace) root 1 0.0 0.2 740 392 ?? ILs 4:38PM 0:00.03 /sbin/init -- root 12 0.0 0.0 0 12 ?? WL 4:38PM 0:00.02 (swi1: net) root 13 0.0 0.0 0 12 ?? WL 4:38PM 0:00.41 (swi7: clock) root 2 0.0 0.0 0 12 ?? DL 4:38PM 0:00.05 (g_event) root 3 0.0 0.0 0 12 ?? DL 4:38PM 0:00.08 (g_up) root 4 0.0 0.0 0 12 ?? DL 4:38PM 0:00.14 (g_down) root 15 0.0 0.0 0 12 ?? DL 4:38PM 0:00.05 (random) root 19 0.0 0.0 0 12 ?? WL 4:38PM 0:00.08 (irq14: ata0) root 20 0.0 0.0 0 12 ?? WL 4:38PM 0:00.00 (irq15: ata1) root 21 0.0 0.0 0 12 ?? WL 4:38PM 0:00.01 (irq9: xl0) root 22 0.0 0.0 0 12 ?? WL 4:38PM 0:00.01 (irq11: xl1) root 23 0.0 0.0 0 12 ?? WL 4:38PM 0:00.00 (irq1: atkbd0) root 24 0.0 0.0 0 12 ?? WL 4:38PM 0:00.00 (irq6: fdc0) root 5 0.0 0.0 0 12 ?? DL 4:38PM 0:00.00 (pagedaemon) root 6 0.0 0.0 0 12 ?? DL 4:38PM 0:00.00 (vmdaemon) root 7 0.0 0.0 0 12 ?? DL 4:38PM 0:02.56 (pagezero) root 8 0.0 0.0 0 12 ?? DL 4:38PM 0:00.00 (bufdaemon) root 9 0.0 0.0 0 12 ?? DL 4:38PM 0:00.00 (vnlru) root 27 0.0 0.0 0 12 ?? DL 4:38PM 0:00.02 (syncer) root 28 0.0 0.0 0 12 ?? IL 4:38PM 0:00.00 (nfsiod 0) root 29 0.0 0.0 0 12 ?? IL 4:38PM 0:00.00 (nfsiod 1) root 30 0.0 0.0 0 12 ?? IL 4:38PM 0:00.00 (nfsiod 2) root 31 0.0 0.0 0 12 ?? IL 4:38PM 0:00.00 (nfsiod 3) root 132 0.0 0.0 228 120 ?? Is 4:38PM 0:00.00 adjkerntz -i root 202 0.0 0.7 3112 1800 ?? Ss 4:38PM 0:01.14 /usr/sbin/ppp -quiet -ddial TelenorADSL root 245 0.0 0.3 1308 816 ?? Ss 4:38PM 0:00.03 /usr/local/sbin/pflogd root 305 0.0 0.3 1272 852 ?? Ss 4:39PM 0:00.14 /usr/sbin/syslogd -s root 319 0.0 0.4 1404 1008 ?? Ss 4:39PM 0:00.06 /usr/sbin/rpcbind root 404 0.0 0.4 1280 916 ?? Is 4:39PM 0:00.02 /usr/sbin/mountd -r root 406 0.0 0.4 1236 932 ?? Is 4:39PM 0:00.48 nfsd: master (nfsd) root 407 0.0 0.3 1180 784 ?? I 4:39PM 0:00.00 nfsd: server (nfsd) root 408 0.0 0.3 1180 784 ?? I 4:39PM 0:00.00 nfsd: server (nfsd) root 409 0.0 0.3 1180 784 ?? I 4:39PM 0:00.00 nfsd: server (nfsd) root 410 0.0 0.3 1180 784 ?? I 4:39PM 0:00.00 nfsd: server (nfsd) root 437 0.0 0.8 2532 1984 ?? Is 4:39PM 0:00.10 /usr/sbin/named root 439 0.0 0.4 1292 924 ?? Is 4:39PM 0:00.00 /usr/local/sbin/oidentd root 493 0.0 0.9 3432 2408 ?? Is 4:39PM 0:00.01 /usr/sbin/sshd root 511 0.0 0.4 1296 984 ?? Is 4:39PM 0:00.03 /usr/sbin/cron root 540 0.0 0.4 1376 1008 ?? Is 4:39PM 0:00.02 /usr/sbin/inetd -wW root 546 0.0 1.1 6172 2792 ?? Is 4:39PM 0:00.20 sshd: rasgal [priv] (sshd) root 554 0.0 0.4 1236 908 v0 Is 4:39PM 0:00.02 /usr/libexec/getty Pc ttyv0 root 555 0.0 0.4 1236 908 v1 Is 4:39PM 0:00.02 /usr/libexec/getty Pc ttyv1 root 556 0.0 0.4 1236 908 v2 Is 4:39PM 0:00.02 /usr/libexec/getty Pc ttyv2 root 557 0.0 0.4 1236 908 v3 Is 4:39PM 0:00.02 /usr/libexec/getty Pc ttyv3 root 558 0.0 0.4 1236 908 v4 Is 4:39PM 0:00.02 /usr/libexec/getty Pc ttyv4 root 559 0.0 0.4 1236 908 v5 Is 4:39PM 0:00.02 /usr/libexec/getty Pc ttyv5 root 560 0.0 0.4 1236 908 v6 Is 4:39PM 0:00.02 /usr/libexec/getty Pc ttyv6 root 561 0.0 0.4 1236 908 v7 Is 4:39PM 0:00.02 /usr/libexec/getty Pc ttyv7 rasgal 562 0.0 1.1 6164 2908 ?? S 4:39PM 0:00.17 sshd: rasgal@ttyp0 (sshd) rasgal 563 0.0 0.5 1708 1332 p0 Is 4:39PM 0:00.40 -tcsh (tcsh) root 566 0.0 0.5 1580 1240 p0 I 4:39PM 0:00.08 su -l root 567 0.0 0.5 1636 1264 p0 S 4:39PM 0:00.27 -su (tcsh) root 0 0.0 0.0 0 4 ?? DLs 4:38PM 0:00.00 (swapper) root 577 0.0 0.2 692 524 p0 R 4:40PM 0:00.00 ps aux as you see named and oidentd have been started, i did this trough rc.local. and everything should be ok, nat won't work.. i did an tcpdump and paste it: [ _- ~ -_ 4:43:23pm Mon Jun 09 ] %pftcpdump -e -n -ttt -i tun0 pftcpdump: listening on tun0 000000 AF 2 60: 10.10.0.250 > 193.69.165.20: icmp: echo request 5. 103137 AF 2 60: 10.10.0.250 > 193.69.165.20: icmp: echo request 5. 007455 AF 2 60: 10.10.0.250 > 193.69.165.20: icmp: echo request 5. 007450 AF 2 60: 10.10.0.250 > 193.69.165.20: icmp: echo request 5. 180525 AF 2 78: 80.212.169.190.1027 > 80.212.169.91.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 000179 AF 2 56: 80.212.169.91 > 80.212.169.190: icmp: 80.212.169.91 udp port 137 unreachable ^C 6 packets received by filter 0 packets dropped by kernel [ _- ~ -_ 4:44:50pm Mon Jun 09 ] %pftcpdump -e -n -ttt -i xl1 pftcpdump: listening on xl1 000000 0:60:8:9:ad:c1 0:10:5a:cb:72:cf 0800 74: 10.10.0.250 > 193.69.165.20: icmp: echo request 5. 435292 0:60:8:9:ad:c1 0:10:5a:cb:72:cf 0800 74: 10.10.0.250 > 193.69.165.20: icmp: echo request 5. 007458 0:60:8:9:ad:c1 0:10:5a:cb:72:cf 0800 74: 10.10.0.250 > 193.69.165.20: icmp: echo request 5. 007464 0:60:8:9:ad:c1 ff:ff:ff:ff:ff:ff 0806 60: arp who-has 10.10.0.1 tell 10.10.0.250 000114 0:10:5a:cb:72:cf 0:60:8:9:ad:c1 0806 60: arp reply 10.10.0.1 is-at 0:10:5a:cb:72:cf 000163 0:60:8:9:ad:c1 0:10:5a:cb:72:cf 0800 74: 10.10.0.250 > 193.69.165.20: icmp: echo request both dumps shows my workstation don't get any answer on my pings to www.vg.no(193.69.165.20) when usin pf's nat. I hope this helps, and tell me if i'm doing something wrong or you need anything else. :) Regards Rolf Skår -- From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:40:03 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 79AB916A4CF; Thu, 16 Sep 2004 03:40:03 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 48702 invoked by uid 1005); 10 Jun 2003 06:11:03 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 48699 invoked from network); 10 Jun 2003 06:11:03 -0000 Received: from moutng.kundenserver.de (212.227.126.187) by pd9530fa8.dip.t-dialin.net with SMTP; 10 Jun 2003 06:11:03 -0000 Received: from [212.227.126.159] (helo=mxng09.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19PdHs-0003L4-00 for max@vampire.homelinux.org; Tue, 10 Jun 2003 09:11:20 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng09.kundenserver.de with esmtp (Exim 3.35 #1) id 19PdHn-0003YY-00 for max@love2party.net; Tue, 10 Jun 2003 09:11:16 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id D545239098A; Tue, 10 Jun 2003 02:05:20 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 10 Jun 2003 02:05:18 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from ns.kt-is.co.kr (unknown [211.218.149.125]) ESMTP id E2564390982 for ; Tue, 10 Jun 2003 02:05:15 -0500 (EST) Received: from michelle.kt-is.co.kr ([220.76.118.193]) (authenticated bits=0) by ns.kt-is.co.kr (8.12.5/8.12.5) with ESMTP id h5A76gWC065227 verify=FAIL); Tue, 10 Jun 2003 16:06:42 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.8/8.12.8) with ESMTP id h5A79gax001913 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 10 Jun 2003 16:09:42 +0900 (KST) (envelope-from yongari@michelle.kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.8/8.12.8/Submit) id h5A79fdF001912; Tue, 10 Jun 2003 16:09:41 +0900 (KST) (envelope-from yongari) From: Pyun YongHyeon To: pf4freebsd@freelists.org Message-ID: <20030610070936.GA1767@kt-is.co.kr> References: Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-Filter-Version: 1.9 (ns.kt-is.co.kr) Content-Transfer-Encoding: 8bit X-archive-position: 26 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: yongari@kt-is.co.kr Precedence: normal X-list: pf4freebsd X-UID: 104 X-Length: 7427 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 cc: rasgal@palantir.no Subject: [pf4freebsd] Re: Version 1.52 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:40:03 -0000 X-Original-Date: Tue, 10 Jun 2003 16:09:36 +0900 X-List-Received-Date: Thu, 16 Sep 2004 03:40:03 -0000 On Mon, Jun 09, 2003 at 05:59:57PM +0200, Rolf Skaar wrote: > > [snip] > > No problem, I am glad if i can help. > > Here is my network layout; INET <--> GATEWAY <--> WORKSTATION > [ISP_gateway <--> my_tun0_IP ] <--> [xl1:10.10.0.1 <--> xl0:10.10.0.250] > External Internal > > I have configured my box to configure everything at boot time to maximise uptime on my box as im not around all the time, > pf version is pf_freebsd_1.52.tar.gz. > [snip] > > and here is my ppp.linkup: > > MYADDR: > ! sh -c "/sbin/ifconfig pflog0 up" > ! sh -c "/sbin/ifconfig pfsync0 up" > !bg sh -c "/home/rasgal/myscripts/tunnel.sh" > ! sh -c "/usr/local/sbin/pflogd" > ! sh -c "/usr/local/sbin/`pfctl -e -q -Fa -f /home/rasgal/myconfig/pf.conf`" > > this loads all the rules and every thing should be up and running now... > what tunnel.sh does is setting up my ipv6 connection. > You should not do like this. Because the file ppp.linkup is executed whenever tun0's address changes it should contain only a command to set up a new pf rule set or route commands.(i.e. You should have a pf rule update command only.) All the other commands(pflog0 up, pflogd, etc) should be called before pf update command. Also note if your tunnel.sh configures a interface address that pf references it should be run before pf rule set updates. Because you have used background execution to run tunnel.sh, there is no guarantee the script would be completed before you invoke pfctl. > ok, my rule set is somewhat simple (pass all in/out), and blocks only services that i want it to: > > Ext = "tun0" > Int = "xl1" > tunnel = "gif0" > Loop = "lo0" > portblock = "{ 21, 111, 1023 }" > portpass = "{ 53 }" > > scrub in all fragment reassemble > > # IPv4 NAT configuration # > #nat on ! $Int from $Int/24 to any -> $Ext > #nat on $Ext from $Int/24 to any -> $Ext ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ You don't have any valid NAT entry. Above rule should be read as follows: nat on $Ext from 10.10.0.0/24 to any -> $Ext > > # Redirect # > rdr on $Ext proto tcp from any to any port 60000:60010 -> 10.10.0.250 port 60000:* > rdr on $Ext proto tcp from any to any port 62003 -> 10.10.0.250 port 62003 > [snip] > > and here is my outout from "pfctl -sa": > > [ _- ~ -_ 4:30:02pm Mon Jun 09 ] > %pfctl -sa > > scrub in all fragment reassemble > block drop in quick on tun0 proto tcp from any to any port = ftp > block drop in quick on tun0 proto tcp from any to any port = sunrpc > block drop in quick on tun0 proto tcp from any to any port = 1023 > pass in quick on lo0 all > pass out quick on lo0 all > pass in quick on tun0 all > pass out quick on tun0 all > pass in quick on gif0 proto ipv6 all > pass out quick on gif0 proto ipv6 all > nat on ! xl1 inet from 10.10.0.0/24 to any -> 80.212.169.91 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ It's strange to me. You don't have any valid NAT in your rule file but pfctl says you have a one. Did you use really a rule really presented here? > rdr on tun0 inet proto tcp from any to any port 60000:60010 -> 10.10.0.250 port 60000:60010 > rdr on tun0 inet proto tcp from any to any port = 62003 -> 10.10.0.250 port 62003 > pfctl: DIOCGETALTQS: Operation not supported by device ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This message should not show up. Do you use ALTQ enabled kernel? According to your kernel configuation you don't use ALTQ at all. Have you rebuild pf kernel module after kernel changes? (i.e. pf kernel module tries to use ALTQ but your kernel do not support ALTQ.) > [snip] Please rebuild your FreeBSD pf first.(Assumes you do not use ALTQ.) #killall pflogd #kldunload pf #kldunload pfaltq(if you have loaded) #kldunload pfsync #kldunload pflog #cd /path/to/pf_source_location #make clean #make && make install Load pf module only after your ppp connection completed. Start from the following simple rule and add more rules when needed. nat on tun0 from 10.10.0.0/24 to any -> tun0 Yes it's a single rule. Thank you. -- Pyun YongHyeon From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:40:08 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 8A74E16A4CF; Thu, 16 Sep 2004 03:40:08 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 3031 invoked by uid 1005); 10 Jun 2003 18:22:20 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 3028 invoked from network); 10 Jun 2003 18:22:18 -0000 Received: from moutng.kundenserver.de (212.227.126.184) by p50839416.dip.t-dialin.net with SMTP; 10 Jun 2003 18:22:18 -0000 Received: from [212.227.126.152] (helo=mxng01.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19PofD-0006JX-00 for max@vampire.homelinux.org; Tue, 10 Jun 2003 21:20:11 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng01.kundenserver.de with esmtp (Exim 3.35 #1) id 19PofB-00022U-00 for max@love2party.net; Tue, 10 Jun 2003 21:20:09 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 0C740390938; Tue, 10 Jun 2003 14:13:10 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 10 Jun 2003 14:13:07 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188])ESMTP id 21704390543 for ; Tue, 10 Jun 2003 14:13:07 -0500 (EST) Received: from [212.227.126.155] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19Pod3-0001iQ-00; Tue, 10 Jun 2003 21:17:57 +0200 Received: from [80.131.148.22] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19Pod2-0003jM-00; Tue, 10 Jun 2003 21:17:56 +0200 Message-ID: <005901c32f85$09558020$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-archive-position: 27 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 106 X-Length: 3693 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 cc: pf-r@solarflux.org Subject: [pf4freebsd] Version 1.53 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:40:08 -0000 X-Original-Date: Tue, 10 Jun 2003 21:18:10 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:40:08 -0000 Hello, just uploaded version 1.53 (http://pf4freebsd.love2party.net/pf_freebsd_1.53.tar.gz) It's yet another resync with OpenBSD-Current (I promised to keep track ;)) which brings in: - tables in anchors. - better documentation. - updated licences. - Fix for "pfctl -vvss" output bug (/128 on IPv4) Additionally there was an issue with multicast hosts (see pf60 from regress for details) discoverd by Pyun. Version 1.53 brings back a workaround (from earlier version of OpenBSD-code) and I reported to FreeBSD pr-system: http://www.freebsd.org/cgi/query-pr.cgi?pr=53151 Please update to the new version. Altq compilation was broken since 1.50, but should work again. Please note that "official" ALTQ integration in FreeBSD project seems stalled at the moment, so there is no working patch against 5.1 or -Current. If you can provide an updated patchset, we (and I guess many others as well) would really apreachiate! Please send me a headsup if you are going to look into that issue so that we can coordinate our actions. Rebuilding the regress-tests is on the TODO-list as well, so if you have some time at hand, that would be a great help to our project. Thank you for your feedback and suggestions, Max max@love2party.net From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:40:13 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 9A6ED16A4CF; Thu, 16 Sep 2004 03:40:13 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 5714 invoked by uid 1005); 11 Jun 2003 06:43:20 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 5711 invoked from network); 11 Jun 2003 06:43:19 -0000 Received: from moutng.kundenserver.de (212.227.126.183) by p50839416.dip.t-dialin.net with SMTP; 11 Jun 2003 06:43:19 -0000 Received: from [212.227.126.214] (helo=mxng18.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19Q0EP-0008MG-00 for max@vampire.homelinux.org; Wed, 11 Jun 2003 09:41:17 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng18.kundenserver.de with esmtp (Exim 3.35 #1) id 19Q0EO-0001yY-00 for max@love2party.net; Wed, 11 Jun 2003 09:41:16 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 9F1B6390978; Wed, 11 Jun 2003 02:36:03 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Wed, 11 Jun 2003 02:35:58 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from pals013.palantir.no (pals013.palantir.no [213.236.208.10]) SMTP id AD15C390B22 for ; Tue, 10 Jun 2003 18:45:44 -0500 (EST) Received: (qmail 1449 invoked by uid 67); 10 Jun 2003 23:50:34 -0000 Message-ID: X-Mailer: BasiliX 1.1.0 -- http://basilix.org X-SenderIP: 80.212.168.76 From: Rolf "Skår" To: pf4freebsd@freelists.org X-archive-position: 28 X-Approved-By: max@love2party.net X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: rasgal@palantir.no Precedence: normal X-list: pf4freebsd Content-Type: X-UID: 108 X-Length: 10684 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: Version 1.52 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:40:13 -0000 X-Original-Date: Wed, 11 Jun 2003 01:50:33 CEST X-List-Received-Date: Thu, 16 Sep 2004 03:40:13 -0000 On 10 Jun 2003 09:11 CEST you wrote: > On Mon, Jun 09, 2003 at 05:59:57PM 0200, Rolf Skaar wrote: > > > > > [snip] > > > > No problem, I am glad if i can help. > > > > Here is my network layout; INET <--> GATEWAY <--> WORKSTATION > > [ISP_gateway <--> my_tun0_IP ] <--> [xl1:10.10.0.1 <--> xl0:10.10.0.250] > > External Internal > > > > I have configured my box to configure everything at boot time to maximise uptime on my box as im not around all the time, > > pf version is pf_freebsd_1.52.tar.gz. > > > [snip] > > > > and here is my ppp.linkup: > > > > MYADDR: > > ! sh -c "/sbin/ifconfig pflog0 up" > > ! sh -c "/sbin/ifconfig pfsync0 up" > > !bg sh -c "/home/rasgal/myscripts/tunnel.sh" > > ! sh -c "/usr/local/sbin/pflogd" > > ! sh -c "/usr/local/sbin/`pfctl -e -q -Fa -f /home/rasgal/myconfig/pf.conf`" > > > > this loads all the rules and every thing should be up and running now... > > what tunnel.sh does is setting up my ipv6 connection. > > > You should not do like this. Because the file ppp.linkup is executed > whenever tun0's address changes it should contain only a command to set > up a new pf rule set or route commands.(i.e. You should have a pf rule > update command only.) All the other commands(pflog0 up, pflogd, etc) > should be called before pf update command. > Also note if your tunnel.sh configures a interface address that pf > references it should be run before pf rule set updates. Because you > have used background execution to run tunnel.sh, there is no guarantee > the script would be completed before you invoke pfctl. > > > ok, my rule set is somewhat simple (pass all in/out), and blocks only services that i want it to: > > > > Ext = "tun0" > > Int = "xl1" > > tunnel = "gif0" > > Loop = "lo0" > > portblock = "{ 21, 111, 1023 }" > > portpass = "{ 53 }" > > > > scrub in all fragment reassemble > > > > # IPv4 NAT configuration # > > #nat on ! $Int from $Int/24 to any -> $Ext > > #nat on $Ext from $Int/24 to any -> $Ext > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > You don't have any valid NAT entry. Above rule should be read as follows: > nat on $Ext from 10.10.0.0/24 to any -> $Ext > > > > > # Redirect # > > rdr on $Ext proto tcp from any to any port 60000:60010 -> 10.10.0.250 port 60000:* > > rdr on $Ext proto tcp from any to any port 62003 -> 10.10.0.250 port 62003 > > > [snip] > > > > and here is my outout from "pfctl -sa": > > > > [ _- ~ -_ 4:30:02pm Mon Jun 09 ] > > %pfctl -sa > > > > scrub in all fragment reassemble > > block drop in quick on tun0 proto tcp from any to any port = ftp > > block drop in quick on tun0 proto tcp from any to any port = sunrpc > > block drop in quick on tun0 proto tcp from any to any port = 1023 > > pass in quick on lo0 all > > pass out quick on lo0 all > > pass in quick on tun0 all > > pass out quick on tun0 all > > pass in quick on gif0 proto ipv6 all > > pass out quick on gif0 proto ipv6 all > > nat on ! xl1 inet from 10.10.0.0/24 to any -> 80.212.169.91 > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > It's strange to me. You don't have any valid NAT in your rule file but > pfctl says you have a one. Did you use really a rule really presented > here? > > > rdr on tun0 inet proto tcp from any to any port 60000:60010 -> 10.10.0.250 port 60000:60010 > > rdr on tun0 inet proto tcp from any to any port = 62003 -> 10.10.0.250 port 62003 > > pfctl: DIOCGETALTQS: Operation not supported by device > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > This message should not show up. Do you use ALTQ enabled kernel? > According to your kernel configuation you don't use ALTQ at all. > Have you rebuild pf kernel module after kernel changes? > (i.e. pf kernel module tries to use ALTQ but your kernel do not > support ALTQ.) > > > > [snip] > > Please rebuild your FreeBSD pf first.(Assumes you do not use ALTQ.) > #killall pflogd > #kldunload pf > #kldunload pfaltq(if you have loaded) > #kldunload pfsync > #kldunload pflog > #cd /path/to/pf_source_location > #make clean > #make && make install > > Load pf module only after your ppp connection completed. > Start from the following simple rule and add more rules when needed. > > nat on tun0 from 10.10.0.0/24 to any -> tun0 > > Yes it's a single rule. > Thank you. > > -- > Pyun YongHyeon > Ehh, ops, I began the mail before i started test, forgot to uncomment the hash on this rule "#nat on ! $Int from $Int/24 to any -> $Ext" in the mail. Sorry. The rule was parsed in the test.. (nat on ! $Int from $Int/24 to any -> $Ext) OK. hmm, i have found out that pf is updated only when i do it manually, but it fails when the update process is invoked trough ppp.linkup. No matter what.. so i set up an 3 stage configuration. current ppp.linkup file: MYADDR: ! sh -c "/home/rasgal/myscripts/`tunnel.sh dynamic`" <-- sets up ipv6 through gif0 ! sh -c "/home/rasgal/myscripts/tun0ip.sh" <-- gets new ip. current tun0ip.sh file: #!/bin/sh ifconfig tun0 | grep inet | tr ' ' '\n' | tail -6 | head -1 > /home/rasgal/temp/NEW.IP current pf.sh file: this file was rewritten with pf.sh.sample as base. this file is crontab'ed to run with pppupdate variable at every 10 min. to compare current ip and stored ip at this interval. #!/bin/sh prefix_path="/usr/local" pf_conf="/home/rasgal/myconfig/pf.conf" pfctl_flags="" ppp_pfctl_flags="" IP_files="/home/rasgal/temp" case "$1" in start) echo -n ' pf' kldload ${prefix_path}/modules/pflog.ko kldload ${prefix_path}/modules/pfsync.ko if [ -f ${prefix_path}/modules/pfaltq.ko ]; then kldload ${prefix_path}/modules/pfaltq.ko fi ifconfig pflog0 up ifconfig pfsync0 up if [ -x ${prefix_path}/sbin/pflogd ]; then echo -n ' pflogd' ${prefix_path}/sbin/pflogd fi kldload ${prefix_path}/modules/pf.ko if [ -x ${prefix_path}/sbin/pfctl ]; then ${prefix_path}/sbin/`pfctl -e \ -f ${pf_conf} \ ${pfctl_flags}` fi ;; pppupdate) if [ -f ${IP_files}/OLD.IP ]; then old_IP="`cat ${IP_files}/OLD.IP`" else ifconfig tun0 | grep inet | tr ' ' '\n' | tail -6 | head -1 > ${IP_files}/OLD.IP old_IP="`cat ${IP_files}/OLD.IP`" fi if [ -f ${IP_files}/NEW.IP ]; then new_IP="`cat ${IP_files}/NEW.IP`" else ifconfig tun0 | grep inet | tr ' ' '\n' | tail -6 | head -1 > ${IP_files}/NEW.IP new_IP="`cat ${IP_files}/NEW.IP`" fi if [ ${new_IP} != ${old_IP} ]; then if [ -x ${prefix_path}/sbin/pfctl ]; then ${prefix_path}/sbin/`pfctl -F all \ -f ${pf_conf} \ ${ppp_pfctl_flags}` fi /bin/cp ${IP_files}/NEW.IP ${IP_files}/OLD.IP fi ;; stop) if [ -x ${prefix_path}/sbin/pfctl ]; then ${prefix_path}/sbin/pfctl -d fi killall pflogd kldunload pf if [ -f ${prefix_path}/modules/pfaltq.ko ]; then kldunload pfaltq fi kldunload pflog kldunload pfsync ;; *) echo "Usage: `basename $0` {start|pppupdate|stop}" >&2 ;; esac exit 0 Pf nat works now, when i invoked pf trough ppp.linkup the way i did, it simply did not work.. This message " pfctl: DIOCGETALTQS: Operation not supported by device" has not gone away. I have recompiled my pf, and i'm 100% sure my kernel in not compiled with "options ALTQ" Thank you, for helping me Pyun YongHyeon. Regards Rolf Skår From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:40:18 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id A8C4B16A4CF; Thu, 16 Sep 2004 03:40:18 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 13914 invoked by uid 1005); 12 Jun 2003 04:30:35 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 13911 invoked from network); 12 Jun 2003 04:30:35 -0000 Received: from moutng.kundenserver.de (212.227.126.186) by pd9530974.dip.t-dialin.net with SMTP; 12 Jun 2003 04:30:35 -0000 Received: from [212.227.126.159] (helo=mxng09.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19QKdV-0001ej-00 for max@vampire.homelinux.org; Thu, 12 Jun 2003 07:28:33 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng09.kundenserver.de with esmtp (Exim 3.35 #1) id 19QKdQ-0000HC-00 for max@love2party.net; Thu, 12 Jun 2003 07:28:29 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id B77F5390AC8; Thu, 12 Jun 2003 00:23:21 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Thu, 12 Jun 2003 00:23:19 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from ns.kt-is.co.kr (unknown [211.218.149.125]) ESMTP id 3737C390ABA for ; Thu, 12 Jun 2003 00:23:17 -0500 (EST) Received: from michelle.kt-is.co.kr ([220.76.118.193]) (authenticated bits=0) by ns.kt-is.co.kr (8.12.5/8.12.5) with ESMTP id h5C5OXPD074947 verify=FAIL); Thu, 12 Jun 2003 14:24:34 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.9/8.12.9) with ESMTP id h5C5RXBO040683 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 12 Jun 2003 14:27:33 +0900 (KST) (envelope-from yongari@michelle.kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.9/8.12.9/Submit) id h5C5RVsX040682; Thu, 12 Jun 2003 14:27:31 +0900 (KST) (envelope-from yongari) From: Pyun YongHyeon To: pf4freebsd@freelists.org Message-ID: <20030612052722.GA40573@kt-is.co.kr> References: Mime-Version: 1.0 Content-type: text/plain; charset=euc-kr Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.4.1i X-Filter-Version: 1.9 (ns.kt-is.co.kr) X-archive-position: 29 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: yongari@kt-is.co.kr Precedence: normal X-list: pf4freebsd X-UID: 109 X-Length: 6080 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 cc: rasgal@palantir.no Subject: [pf4freebsd] Re: Version 1.52 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:40:18 -0000 X-Original-Date: Thu, 12 Jun 2003 14:27:22 +0900 X-List-Received-Date: Thu, 16 Sep 2004 03:40:18 -0000 On Wed, Jun 11, 2003 at 01:50:33AM +0200, Rolf Sk?r wrote: > [snip] > > Ehh, ops, I began the mail before i started test, forgot to uncomment the hash on this rule "#nat on ! $Int from $Int/24 to any -> $Ext" in the mail. > > Sorry. > > The rule was parsed in the test.. (nat on ! $Int from $Int/24 to any -> $Ext) > > OK. hmm, i have found out that pf is updated only when i do it manually, but it fails when the update process is invoked trough ppp.linkup. It seems that there is a problem script invocation. > No matter what.. so i set up an 3 stage configuration. > > current ppp.linkup file: > > MYADDR: > ! sh -c "/home/rasgal/myscripts/`tunnel.sh dynamic`" <-- sets up ipv6 through gif0 > ! sh -c "/home/rasgal/myscripts/tun0ip.sh" <-- gets new ip. > > current tun0ip.sh file: > > #!/bin/sh > > ifconfig tun0 | grep inet | tr ' ' '\n' | tail -6 | head -1 > /home/rasgal/temp/NEW.IP > > current pf.sh file: > this file was rewritten with pf.sh.sample as base. > this file is crontab'ed to run with pppupdate variable at every 10 min. to compare current ip and stored ip at this interval. There is no need to run program via crontab. ppp.linkup file is just for this prupose. Due to currrent FreeBSD pf's lack of detection of address changes, it is somewhat tricky to use pf with xDSL. FreeBSD pf modules should be loaded before any other network setup such as ppp. After ppp connection established, pf rule should be activated. I use mpd to use kernel mode PPPoE and use rc.local to load FreeBSD pf kernel module and set up like this. # # rc.local # # kernel mode PPPoE setup # # First, load pf kernel module # if [ -f /boot/kernel/pf.ko]; then /sbin/kldload pflog /sbin/kldload pfsync /sbin/ifconfig pflog0 up /sbin/ifconfig pfsync0 up /sbin/pflogd /sbin/kldload pf echo 'pf module loaded.' fi # # Then, invoke mpd # if [ -x /usr/local/sbin/mpd -a -f /usr/local/etc/mpd/mpd.conf ]; then /sbin/kldload ng_ether echo -n " mpd"; /usr/local/sbin/mpd -b fi mpd also has a script to be run after PPPoE connection established. My script for this purpose is #!/bin/sh # # mpd startup scrip for pf /sbin/pfctl -Fa -e -f /etc/pf.conf The file's mode is 0555. Also note option -e is required because I have not enabled the pf after load. Whenever my IP address changes the script would be invoked by mpd and this time option -e is no harm. Though above example is for mpd, it is still valid for ppp(8) also. Did check /var/log/ppp.log file? ppp(8) will record almost all events. The log can reveal more hidden facts.(Your scrip might not executed due to unexpected reasons. The log will record this too.) > [snip] > > This message " pfctl: DIOCGETALTQS: Operation not supported by device" has not gone away. > I have recompiled my pf, and i'm 100% sure my kernel in not compiled with "options ALTQ" OK. I'll check FreeBSD pf source. > > Thank you, for helping me Pyun YongHyeon. > No problem! Hope this works for you. Thank you. > Regards > > Rolf Sk?r > -- Pyun YongHyeon From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:40:23 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id B0E9C16A4D2; Thu, 16 Sep 2004 03:40:23 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 18981 invoked by uid 1005); 13 Jun 2003 05:01:51 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 18978 invoked from network); 13 Jun 2003 05:01:50 -0000 Received: from moutng.kundenserver.de (212.227.126.185) by p50839288.dip.t-dialin.net with SMTP; 13 Jun 2003 05:01:50 -0000 Received: from [212.227.126.150] (helo=mxng07.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19QhbJ-0005Q3-00 for max@vampire.homelinux.org; Fri, 13 Jun 2003 07:59:49 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng07.kundenserver.de with esmtp (Exim 3.35 #1) id 19QhbH-00050O-00 for max@love2party.net; Fri, 13 Jun 2003 07:59:48 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id BED99390CC9; Fri, 13 Jun 2003 00:54:30 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Fri, 13 Jun 2003 00:54:28 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from ns.kt-is.co.kr (unknown [211.218.149.125]) ESMTP id C755D390C2C for ; Fri, 13 Jun 2003 00:54:19 -0500 (EST) Received: from michelle.kt-is.co.kr ([220.76.118.193]) (authenticated bits=0) by ns.kt-is.co.kr (8.12.5/8.12.5) with ESMTP id h5D5u7PD081462 verify=FAIL); Fri, 13 Jun 2003 14:56:08 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.9/8.12.9) with ESMTP id h5D5x3wq004864 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 13 Jun 2003 14:59:03 +0900 (KST) (envelope-from yongari@michelle.kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.9/8.12.9/Submit) id h5D5x0Y1004862; Fri, 13 Jun 2003 14:59:00 +0900 (KST) (envelope-from yongari) From: Pyun YongHyeon To: pf4freebsd@freelists.org Message-ID: <20030613055856.GA3235@kt-is.co.kr> References: <20030612052722.GA40573@kt-is.co.kr> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030612052722.GA40573@kt-is.co.kr> User-Agent: Mutt/1.4.1i X-Filter-Version: 1.9 (ns.kt-is.co.kr) Content-Transfer-Encoding: 8bit X-archive-position: 30 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: yongari@kt-is.co.kr Precedence: normal X-list: pf4freebsd X-UID: 113 X-Length: 3638 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 cc: rasgal@palantir.no Subject: [pf4freebsd] Re: Version 1.52 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:40:23 -0000 X-Original-Date: Fri, 13 Jun 2003 14:58:56 +0900 X-List-Received-Date: Thu, 16 Sep 2004 03:40:23 -0000 On Thu, Jun 12, 2003 at 02:27:22PM +0900, To pf4freebsd@freelists.org wrote: > [snip] > > > > This message " pfctl: DIOCGETALTQS: Operation not supported by device" has not gone away. > > I have recompiled my pf, and i'm 100% sure my kernel in not compiled with "options ALTQ" > > OK. I'll check FreeBSD pf source. > I have found a long standing bug in pfctl's code. The phenomenon shows when you use 'pfctl -sa' or 'pfctl -sq' when ALTQ disabled. I have committed a patch to CVS. Next release version will correct this problem. Thank you very much. Without your feedback this might not detected. (Even OpenBSD guys didn't notice that!) Thanks again. -- Pyun YongHyeon From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:40:28 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id B5F7016A4CF; Thu, 16 Sep 2004 03:40:28 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 38625 invoked by uid 1005); 9 Jun 2003 02:26:02 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 38622 invoked from network); 9 Jun 2003 02:26:00 -0000 Received: from moutng.kundenserver.de (212.227.126.183) by pd9e39874.dip.t-dialin.net with SMTP; 9 Jun 2003 02:26:00 -0000 Received: from [212.227.126.158] (helo=mxng08.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19PDIT-0000b6-00 for max@vampire.homelinux.org; Mon, 09 Jun 2003 05:26:13 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng08.kundenserver.de with esmtp (Exim 3.35 #1) id 19PDIQ-0003k7-00 for max@love2party.net; Mon, 09 Jun 2003 05:26:10 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id A6F21390688; Sun, 8 Jun 2003 22:21:32 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sun, 08 Jun 2003 22:21:29 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from pals013.palantir.no (pals013.palantir.no [213.236.208.10]) SMTP id 6A2F3390623 for ; Sun, 8 Jun 2003 15:46:08 -0500 (EST) Received: (qmail 8673 invoked by uid 67); 8 Jun 2003 20:50:38 -0000 Message-ID: X-Mailer: BasiliX 1.1.0 -- http://basilix.org X-SenderIP: 80.212.162.172 From: Rolf To: pf4freebsd@freelists.org X-archive-position: 23 X-Approved-By: max@love2party.net X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: rasgal@palantir.no Precedence: normal X-list: pf4freebsd Content-Type: X-UID: 114 X-Length: 3411 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: Version 1.52 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:40:28 -0000 X-Original-Date: Sun, 08 Jun 2003 22:50:38 CEST X-List-Received-Date: Thu, 16 Sep 2004 03:40:28 -0000 On 03 Jun 2003 13:46 CEST you wrote: > Hello, > > just uploaded version 1.52 > (http://pf4freebsd.love2party.net/pf_freebsd_1.52.tar.gz) > Pyun found some missing initialisations for new structures and fixed a > long standing problem with the "WITH_RANDOM_ID=yes" option (which now has > an effect again). > Please update to the new version. > > I didn't receive any feedback (neither good nor bad) about the new > version. Is someone actually running it on her/his box? I have it on my > gateway and didn't see anything bad yet, but I am really curious about > your experience. So, if you gave it a try, please let me know. > > Thanks > Max > > > > Hi, keep up the good work guys! I've just upgraded my gateway to fbsd 5.1 RELEASE #0. Then I installed your pf_freebsd_1.52 package, guess what! It works!! BUT! I am an xDSL user, and got some problems with NAT through pf when using ppp protocol to connect PPPoE ,and have not (yet) had time and effort to lookup this error. My NAT rule in pf.conf is exatly as posted here: nat on ! §Int from $Int/24 to any -> $Ext where Int=xl1 and Ext=tun0. This worked great on my former OBSD box, and should have worked on my FBSD to. I would love to use pf's NAT(RDR works great). OH, IPv6 works great for me, that's it so far.. I have not been able or have found the time and effort to test any other functions... Rolf From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:40:33 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id BBAD316A4CF; Thu, 16 Sep 2004 03:40:33 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 19668 invoked by uid 1005); 13 Jun 2003 09:15:18 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 19665 invoked from network); 13 Jun 2003 09:15:18 -0000 Received: from moutng.kundenserver.de (212.227.126.188) by p50839288.dip.t-dialin.net with SMTP; 13 Jun 2003 09:15:18 -0000 Received: from [212.227.126.215] (helo=mxng19.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19QlYW-0000qk-00 for max@vampire.homelinux.org; Fri, 13 Jun 2003 12:13:12 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng19.kundenserver.de with esmtp (Exim 3.35 #1) id 19QlYU-0000vG-00 for max@love2party.net; Fri, 13 Jun 2003 12:13:10 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 66D74390AFC; Fri, 13 Jun 2003 05:07:49 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Fri, 13 Jun 2003 05:07:47 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177])ESMTP id 96E30390A10 for ; Fri, 13 Jun 2003 05:07:46 -0500 (EST) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19QlYM-0003uq-00 for pf4freebsd@freelists.org; Fri, 13 Jun 2003 12:13:02 +0200 Received: from [80.131.146.136] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19QlYM-0006Zy-00 for pf4freebsd@freelists.org; Fri, 13 Jun 2003 12:13:02 +0200 Message-ID: <009801c33194$6bb65c60$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 31 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 115 X-Length: 3187 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Ports commited! X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:40:33 -0000 X-Original-Date: Fri, 13 Jun 2003 12:13:21 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:40:33 -0000 Hello, finally, pf got submitted to the ports-tree: http://www.freshports.org/security/pf/ and http://www.freshports.org/security/authpf/ Let's hope that we can gain a large userbase from those ports. Thanks to all who have helped getting those ports as good as they are and for your contiued support of our project. In the -Current branch (1.5x) a new version is almost there with a bunch of small fixes from us and OpenBSD, just need to take care of some 5.0-issues first. I am thinking about a pf-devel port, to provide the -current branch in the ports-tree as well. Do you think that this is helpful, or do you prefer tarball installation? Please tell me! Thank you for your feedback, Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:40:38 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id BFDDA16A4CF; Thu, 16 Sep 2004 03:40:38 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 22451 invoked by uid 1005); 13 Jun 2003 15:47:38 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 22448 invoked from network); 13 Jun 2003 15:47:37 -0000 Received: from moutng.kundenserver.de (212.227.126.186) by p50839288.dip.t-dialin.net with SMTP; 13 Jun 2003 15:47:37 -0000 Received: from [212.227.126.163] (helo=mxng10.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19QrgG-00064H-00 for max@vampire.homelinux.org; Fri, 13 Jun 2003 18:45:36 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng10.kundenserver.de with esmtp (Exim 3.35 #1) id 19QrgC-0003oe-00 for max@love2party.net; Fri, 13 Jun 2003 18:45:32 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 5F7AB391144; Fri, 13 Jun 2003 11:40:11 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Fri, 13 Jun 2003 11:40:09 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from kundenserver16.yws-admin.de (unknown [217.115.154.106]) ESMTP id 8A87A390BBA for ; Fri, 13 Jun 2003 11:40:08 -0500 (EST) Received: from kasimir.com (pD951E7C8.dip.t-dialin.net [217.81.231.200]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by kundenserver16.yws-admin.de (Postfix) with ESMTP id 76A2435261E for ; Fri, 13 Jun 2003 18:46:41 +0200 (CEST) Message-ID: <3EE9FFA2.5000108@kasimir.com> From: Florian Smeets User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4b) Gecko/20030517 X-Accept-Language: en-us, en MIME-Version: 1.0 To: pf4freebsd@freelists.org References: <009801c33194$6bb65c60$01000001@max900> In-Reply-To: <009801c33194$6bb65c60$01000001@max900> Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-archive-position: 32 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: flo@kasimir.com Precedence: normal X-list: pf4freebsd X-UID: 116 X-Length: 3243 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 Subject: [pf4freebsd] Re: Ports commited! X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:40:38 -0000 X-Original-Date: Fri, 13 Jun 2003 18:45:22 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:40:38 -0000 Hello! Max Laier wrote: > Hello, > [...] > > In the -Current branch (1.5x) a new version is almost there with a bunch of > small fixes from us and OpenBSD, just need to take care of some 5.0-issues > first. I am thinking about a pf-devel port, to provide the -current branch > in the ports-tree as well. Do you think that this is helpful, or do you > prefer tarball installation? Please tell me! I think tarball is the way to go for the pf-Current branch since it would take too long that one of the ports-committers commits the changes each time. I don't know if they want you to open a PR each time for a new version or if they will commit it if you email them. So if they would update it when you email them then we can also live with the pf-devel port i think. Just a thought... flo From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:40:43 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id C507416A4CF; Thu, 16 Sep 2004 03:40:43 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 35297 invoked by uid 1005); 14 Jun 2003 21:36:22 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 35294 invoked from network); 14 Jun 2003 21:36:21 -0000 Received: from moutng.kundenserver.de (212.227.126.187) by pd9530c80.dip.t-dialin.net with SMTP; 14 Jun 2003 21:36:21 -0000 Received: from [212.227.126.150] (helo=mxng07.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19RJbK-0006jm-00 for max@vampire.homelinux.org; Sun, 15 Jun 2003 00:34:22 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng07.kundenserver.de with esmtp (Exim 3.35 #1) id 19RJbF-00026f-00 for max@love2party.net; Sun, 15 Jun 2003 00:34:18 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 2EAAA39085F; Sat, 14 Jun 2003 17:28:40 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sat, 14 Jun 2003 17:28:37 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.184])ESMTP id 47A4B3908A3 for ; Sat, 14 Jun 2003 17:28:37 -0500 (EST) Received: from [212.227.126.155] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19RJb6-0001WD-00 for pf4freebsd@freelists.org; Sun, 15 Jun 2003 00:34:08 +0200 Received: from [217.83.12.128] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19RJb5-0001Ya-00 for pf4freebsd@freelists.org; Sun, 15 Jun 2003 00:34:07 +0200 Message-ID: <002e01c332c5$1db54170$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 33 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 120 X-Length: 3840 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Version 1.54 (delayed) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:40:43 -0000 X-Original-Date: Sun, 15 Jun 2003 00:34:22 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:40:43 -0000 Hello, just uploaded version 1.54 (http://pf4freebsd.love2party.net/pf_freebsd_1.54.tar.gz) this version is not so much influenced by changes in OpenBSD but brings in a couple of bugfixes and new versions of libpcap and tcpdump from 5.1-release: - Fixed masking bug (see pf77.in) from OpenBSD henning@ - Fixed altqsupport-testing in pfctl to avoid unsupported DIOCs on /dev/pf - Fixed a problem in print-pflog.c when makeing with NOINET6 turned on. - Pulled in new versions of libpcap and tcpdump from 5.1-release and made them fit for 5.0 as well. - MLD6_xxx is now MDL_xxx from OpenBSD. FreeBSD has done conversion pre 5.0 The libpcap/tcpdump merge is not too clean, so there may be an issues when useing pftcpdump on normal interfaces with FreeBSD-5.0 (but it's very unlikely) The ALTQ-patch from http://www.rofug.ro/projects/freebsd-altq/ still does not work with 5.1 (or there is no updated patch) so we are looking for alternatives and will find a patch to work with. The port-release brings a lot of valueable feedback and the NOINET6 fix from above is the first outcome. Thanks to Andrzej Tobola for the report. Regards, Max P.S.: This message was meant to be sent out some hours ago, but my ISP got blacklisted (for good reason I'm afraid) so it took some time. Hope you have fun with the new version anyways. From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:40:48 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id CA04816A4CF; Thu, 16 Sep 2004 03:40:48 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 53246 invoked by uid 1005); 17 Jun 2003 16:08:44 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 53243 invoked from network); 17 Jun 2003 16:08:44 -0000 Received: from moutng.kundenserver.de (212.227.126.186) by pd95303b0.dip.t-dialin.net with SMTP; 17 Jun 2003 16:08:43 -0000 Received: from [212.227.126.159] (helo=mxng09.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19SJuw-0004QI-00 for max@vampire.homelinux.org; Tue, 17 Jun 2003 19:06:46 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng09.kundenserver.de with esmtp (Exim 3.35 #1) id 19SJuv-00010y-00 for max@love2party.net; Tue, 17 Jun 2003 19:06:45 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id E5F47390941; Tue, 17 Jun 2003 12:00:46 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 17 Jun 2003 12:00:44 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188])ESMTP id 7A7D23908E3 for ; Tue, 17 Jun 2003 12:00:43 -0500 (EST) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19SJup-0004rl-00 for pf4freebsd@freelists.org; Tue, 17 Jun 2003 19:06:39 +0200 Received: from [217.83.3.176] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19SJup-0003uP-00 for pf4freebsd@freelists.org; Tue, 17 Jun 2003 19:06:39 +0200 Message-ID: <009601c334f2$dfe98920$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 34 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 122 X-Length: 3472 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Version 1.55 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:40:48 -0000 X-Original-Date: Tue, 17 Jun 2003 19:07:03 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:40:48 -0000 Hello, just uploaded version 1.55 (http://pf4freebsd.love2party.net/pf_freebsd_1.55.tar.gz) this version fixes some very critical problems and we recommend to update asap. The changes in detail (sorted by priority): - Fixed conflicting mbuf TAG definitions (port) - Fixed state removal on MOD_UNLOAD (only in 1.5x) - Fixed wrong ackskew correction in connection with SACK (port) - Fixed quite flag for pfctl with anchors. - Added debug output to shutdown procedure (pfctl -xm to activate) - Updated README files (port) = a patch for the port is available via ports-tree soon. Upon request from Munish Chopra a spamd port is available (http://pf4freebsd.love2party.net/spamd_0.50.tar.gz). Spamd is completely indemendent from pf and it may be possible to get it working with any other firewall (but who would want any other firewall ;)) It should be working with version 1.0 (aka the port) as well. I am looking forward to see your reports! I hope you enjoy the release Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:40:53 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id CEFF416A4CF; Thu, 16 Sep 2004 03:40:53 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 6234 invoked by uid 1005); 20 Jun 2003 13:39:18 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 6231 invoked from network); 20 Jun 2003 13:39:18 -0000 Received: from moutng.kundenserver.de (212.227.126.187) by p50839e6f.dip.t-dialin.net with SMTP; 20 Jun 2003 13:39:18 -0000 Received: from [212.227.126.212] (helo=mxng16.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19TN0g-0000dR-00 for max@vampire.homelinux.org; Fri, 20 Jun 2003 16:37:02 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng16.kundenserver.de with esmtp (Exim 3.35 #1) id 19TN0f-0008FO-00 for max@love2party.net; Fri, 20 Jun 2003 16:37:01 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 0308A390C08; Fri, 20 Jun 2003 09:30:27 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Fri, 20 Jun 2003 09:30:24 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.184])ESMTP id 56C20390C0A for ; Fri, 20 Jun 2003 09:30:23 -0500 (EST) Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19TN0J-0000yF-00 for pf4freebsd@freelists.org; Fri, 20 Jun 2003 16:36:39 +0200 Received: from [80.131.158.111] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19TN0J-0002qT-00 for pf4freebsd@freelists.org; Fri, 20 Jun 2003 16:36:39 +0200 Message-ID: <002401c33739$6c7fbc40$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 35 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 123 X-Length: 3213 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Regress for 1.5x and 64bit-testers? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:40:53 -0000 X-Original-Date: Fri, 20 Jun 2003 16:36:58 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:40:53 -0000 Hello, finally Pyun got round porting the regress-tests for 1.5x and you can (and should) get it at http://pf4freebsd.love2party.net/pfregress.tar.gz We need to know if you get any errors (esp. if you have exotic/unusual platform (i.e. 64bit, Big Endian)) Success reports on such platforms are wellcome as well (include dmesg and uname -a) For further information on the test procedure, get the suite and read README.FreeBSD. Another issue is portsbuilding on 64bit system (esp. ia64), if you have such a system at hand, it would be great if you can get in contact with us to test patches and provide feedback. Currently authpf build is broken on 64bit and we want to resolve that asap. Thank you Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:40:58 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id D528916A4D0; Thu, 16 Sep 2004 03:40:58 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 59280 invoked by uid 1005); 23 Jun 2003 12:37:03 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 59277 invoked from network); 23 Jun 2003 12:37:03 -0000 Received: from moutng.kundenserver.de (212.227.126.188) by p50839fa8.dip.t-dialin.net with SMTP; 23 Jun 2003 12:37:03 -0000 Received: from [212.227.126.159] (helo=mxng09.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19URT8-0001qa-00 for max@vampire.homelinux.org; Mon, 23 Jun 2003 15:34:50 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng09.kundenserver.de with esmtp (Exim 3.35 #1) id 19URT3-0002JK-00 for max@love2party.net; Mon, 23 Jun 2003 15:34:46 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 3865F390946; Mon, 23 Jun 2003 08:27:49 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Mon, 23 Jun 2003 08:27:46 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.189])ESMTP id 416B63907C5 for ; Mon, 23 Jun 2003 08:27:46 -0500 (EST) Received: from [212.227.126.155] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19URSw-0008Ps-00 for pf4freebsd@freelists.org; Mon, 23 Jun 2003 15:34:38 +0200 Received: from [80.131.159.168] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19URSw-0005PN-00 for pf4freebsd@freelists.org; Mon, 23 Jun 2003 15:34:38 +0200 Message-ID: <012601c3398c$43bdc220$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 36 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 125 X-Length: 3233 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Version 1.56 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:40:59 -0000 X-Original-Date: Mon, 23 Jun 2003 15:35:08 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:40:59 -0000 Hello, just uploaded version 1.56 (http://pf4freebsd.love2party.net/pf_freebsd_1.56.tar.gz) this version fixes one very annoying bug in "table in anchor" code introduced in version 1.53. Updateing is very recommend. In addition there are other things you'll like to know about this version: - comes with regress test suite. Information on the test process can be found in regress/README.FreeBSD - comes with brand new contrib suite. You'll find port Makefiles for: - spamd - pfflowd - squid (with pf-transparent option turned on by default) - brings MSS support to the synproxy (this needs intense testing!) - fixes some minor problems, such as 64bit-save printf-formatstrings. Please update and provide feedback! Regards Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:41:03 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id D9D0E16A4CF; Thu, 16 Sep 2004 03:41:03 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 64688 invoked by uid 1005); 24 Jun 2003 14:35:28 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 64685 invoked from network); 24 Jun 2003 14:35:28 -0000 Received: from moutng.kundenserver.de (212.227.126.189) by pd9530718.dip.t-dialin.net with SMTP; 24 Jun 2003 14:35:28 -0000 Received: from [212.227.126.213] (helo=mxng17.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19UpnH-0006uI-00 for max@vampire.homelinux.org; Tue, 24 Jun 2003 17:33:15 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng17.kundenserver.de with esmtp (Exim 3.35 #1) id 19UpnF-00055e-00 for max@love2party.net; Tue, 24 Jun 2003 17:33:13 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 35F6B390AB4 for ; Tue, 24 Jun 2003 10:26:05 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 24 Jun 2003 10:26:01 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177])ESMTP id 38F59390A08 for ; Tue, 24 Jun 2003 10:26:01 -0500 (EST) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19Upn5-0002sK-00 for pf4freebsd@freelists.org; Tue, 24 Jun 2003 17:33:03 +0200 Received: from [217.83.7.24] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19Upn4-0005bk-00 for pf4freebsd@freelists.org; Tue, 24 Jun 2003 17:33:02 +0200 Message-ID: <002b01c33a65$f95a04c0$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 37 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 130 X-Length: 2720 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Happy Brithday X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:41:04 -0000 X-Original-Date: Tue, 24 Jun 2003 17:33:31 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:41:04 -0000 From: http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf.c Revision 1.1 / (download) - annotate - [select for diffs] , Sun Jun 24 19:48:58 2001 UTC (23 months, 4 weeks ago) by kjell 2 years! All the best for the future! From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:41:08 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id DECA416A4CF; Thu, 16 Sep 2004 03:41:08 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 89630 invoked by uid 1005); 27 Jun 2003 07:53:00 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 89627 invoked from network); 27 Jun 2003 07:53:00 -0000 Received: from moutng.kundenserver.de (212.227.126.185) by p50839ba1.dip.t-dialin.net with SMTP; 27 Jun 2003 07:53:00 -0000 Received: from [212.227.126.214] (helo=mxng18.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19VowV-0005uJ-00 for max@vampire.homelinux.org; Fri, 27 Jun 2003 10:50:51 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng18.kundenserver.de with esmtp (Exim 3.35 #1) id 19VowU-0006J7-00 for max@love2party.net; Fri, 27 Jun 2003 10:50:50 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 07D9C390AD2; Fri, 27 Jun 2003 03:43:21 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Fri, 27 Jun 2003 03:43:17 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from mwinf0503.wanadoo.fr (smtp4.wanadoo.fr [193.252.22.26]) ESMTP id AE1A7390BC0 for ; Fri, 27 Jun 2003 01:27:03 -0500 (EST) Received: from venus.vincentjardin.net (unknown [80.13.229.125]) by mwinf0503.wanadoo.fr (SMTP Server) with ESMTP id 7CA2768000FF; Fri, 27 Jun 2003 08:34:30 +0200 (CEST) Content-type: text/plain; charset=iso-8859-1 From: Vincent Jardin To: pf4freebsd@freelists.org, "Max Laier" User-Agent: KMail/1.4.3 References: <005901c32f85$09558020$01000001@max900> In-Reply-To: <005901c32f85$09558020$01000001@max900> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200306270835.48858.vjardin@wanadoo.fr> X-archive-position: 38 X-Approved-By: max@love2party.net X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: vjardin@wanadoo.fr Precedence: normal X-list: pf4freebsd X-UID: 131 X-Length: 2953 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] 2 ports of PF for FreeBSD X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:41:09 -0000 X-Original-Date: Fri, 27 Jun 2003 08:35:48 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:41:09 -0000 On the tech-net@netbsd.org mailing list, Itojun announces that he is work= ing=20 on the integration of PF into kame. Then, it means that there would be 2=20 ports for FreeBSD, doesn't it ?=20 How difficult would it be to merge both pf4freebsd and the Kame's port ? Regards, Vincent ------------- >Le Jeudi 26 Juin 2003 12:09, itojun@iijlab.net a =3DE9crit : >> ftp://ftp.kame.net/pub/kame/misc/netbsd-pf-20030626.diff >Do you plan to integrate PF into Kame ? i'm using kame tree to port PF onto other platforms. (in KAME repository we have open/net/free3/4/5/bsdi3/4 with share= d portion) itojun From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:41:13 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id E495816A4CF; Thu, 16 Sep 2004 03:41:13 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 89914 invoked by uid 1005); 27 Jun 2003 09:00:34 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 89911 invoked from network); 27 Jun 2003 09:00:33 -0000 Received: from moutng.kundenserver.de (212.227.126.188) by p50839ba1.dip.t-dialin.net with SMTP; 27 Jun 2003 09:00:33 -0000 Received: from [212.227.126.159] (helo=mxng09.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19Vpzs-0004jT-00 for max@vampire.homelinux.org; Fri, 27 Jun 2003 11:58:24 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng09.kundenserver.de with esmtp (Exim 3.35 #1) id 19Vpzn-0007z0-00 for max@love2party.net; Fri, 27 Jun 2003 11:58:19 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 370003905CF; Fri, 27 Jun 2003 04:50:48 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Fri, 27 Jun 2003 04:50:43 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from ns.kt-is.co.kr (unknown [211.218.149.125]) ESMTP id EA7B03909EA for ; Fri, 27 Jun 2003 04:50:41 -0500 (EST) Received: from michelle.kt-is.co.kr ([220.76.118.193]) (authenticated bits=0) by ns.kt-is.co.kr (8.12.5/8.12.5) with ESMTP id h5R9sS7m061369 verify=FAIL); Fri, 27 Jun 2003 18:54:29 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.9/8.12.9) with ESMTP id h5R9vfYI090885 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 27 Jun 2003 18:57:41 +0900 (KST) (envelope-from yongari@michelle.kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.9/8.12.9/Submit) id h5R9vQf3090883; Fri, 27 Jun 2003 18:57:26 +0900 (KST) (envelope-from yongari) From: Pyun YongHyeon To: pf4freebsd@freelists.org Message-ID: <20030627095725.GC90519@kt-is.co.kr> References: <005901c32f85$09558020$01000001@max900> <200306270835.48858.vjardin@wanadoo.fr> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200306270835.48858.vjardin@wanadoo.fr> User-Agent: Mutt/1.4.1i X-Filter-Version: 1.9 (ns.kt-is.co.kr) Content-Transfer-Encoding: 8bit X-archive-position: 39 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: yongari@kt-is.co.kr Precedence: normal X-list: pf4freebsd X-UID: 132 X-Length: 5125 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 cc: vjardin@wanadoo.fr Subject: [pf4freebsd] Re: 2 ports of PF for FreeBSD X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:41:14 -0000 X-Original-Date: Fri, 27 Jun 2003 18:57:25 +0900 X-List-Received-Date: Thu, 16 Sep 2004 03:41:14 -0000 On Fri, Jun 27, 2003 at 08:35:48AM +0200, Vincent Jardin wrote: > On the tech-net@netbsd.org mailing list, Itojun announces that he is work= > ing=20 > on the integration of PF into kame. Then, it means that there would be 2=20 > ports for FreeBSD, doesn't it ?=20 > > How difficult would it be to merge both pf4freebsd and the Kame's port ? > > Regards, > Vincent > This is interesting news. Coders participated in *BSD have began to know the real truth. Currently PF is the best filter on *BSD world. It has nearly all features and rapidly evolving package. Users already might know how ipfw2, ipf lagged behind regarding new features that required for todays' complex network environments. I think Itojun can make it work for NetBSD without much trouble. Supporters for ipf may object to replace ipf with pf. But I'm sure they may change their mind if they give pf try. At least NetBSD can ship both ipf and pf as FreeBSD does. For FreeBSD, there is more problems than NetBSD. FreeBSD have no ALTQ support and its IPv6 code is somewhat dated. I don't know why the Core members resync with KAME and import ALTQ. If ALTQ is really immature and unstable does this mean both NetBSD and OpenBSD has the same problem? As users already know, both NetBSD and OpenBSD is stable enough compared to FreeBSD. Itojun may import PF into KAME tree. Which PF(our ported one or a new one made by him) would be imported is not important to me. I just wanted to use PF on FreeBSD. Because no one made PF work on FreeBSD, I did it myself. The most important thing is whether the FreeBSD Core Members will import KAME tree. Our ported version can be a help until FreeBSD imports KAME with PF. > ------------- > > >Le Jeudi 26 Juin 2003 12:09, itojun@iijlab.net a =3DE9crit : > >> ftp://ftp.kame.net/pub/kame/misc/netbsd-pf-20030626.diff > >Do you plan to integrate PF into Kame ? > > i'm using kame tree to port PF onto other platforms. > (in KAME repository we have open/net/free3/4/5/bsdi3/4 with share= > d > portion) > > itojun > > Reagrds Pyun YongHyeon -- Pyun YongHyeon From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:41:19 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id E90ED16A4D0; Thu, 16 Sep 2004 03:41:18 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 90055 invoked by uid 1005); 27 Jun 2003 09:18:44 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 90052 invoked from network); 27 Jun 2003 09:18:44 -0000 Received: from moutng.kundenserver.de (212.227.126.187) by p50839ba1.dip.t-dialin.net with SMTP; 27 Jun 2003 09:18:44 -0000 Received: from [212.227.126.150] (helo=mxng07.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19VqHS-0001Fu-00 for max@vampire.homelinux.org; Fri, 27 Jun 2003 12:16:34 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng07.kundenserver.de with esmtp (Exim 3.35 #1) id 19VqHJ-00055m-00 for max@love2party.net; Fri, 27 Jun 2003 12:16:25 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 1DCAD390B28; Fri, 27 Jun 2003 05:08:32 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Fri, 27 Jun 2003 05:08:28 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188])ESMTP id 0C760390B5C for ; Fri, 27 Jun 2003 05:08:27 -0500 (EST) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19VqGp-0001RA-00 for pf4freebsd@freelists.org; Fri, 27 Jun 2003 12:15:55 +0200 Received: from [80.131.155.161] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19VqGo-00038d-00 for pf4freebsd@freelists.org; Fri, 27 Jun 2003 12:15:54 +0200 Message-ID: <002501c33c95$2cc83da0$01000001@max900> From: "Max Laier" To: References: <005901c32f85$09558020$01000001@max900> <200306270835.48858.vjardin@wanadoo.fr> <20030627095725.GC90519@kt-is.co.kr> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 40 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 133 X-Length: 3412 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: 2 ports of PF for FreeBSD X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:41:19 -0000 X-Original-Date: Fri, 27 Jun 2003 12:16:28 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:41:19 -0000 > Itojun may import PF into KAME tree. Which PF(our ported one or a new > one made by him) would be imported is not important to me. > I just wanted to use PF on FreeBSD. Because no one made PF work on > FreeBSD, I did it myself. > The most important thing is whether the FreeBSD Core Members will > import KAME tree. Our ported version can be a help until FreeBSD > imports KAME with PF. And furthermore, our port will help to understand the needed modifications/locks and whatsoever to make if work in FreeBSD with ungigantified network. I guess once KAME's version of pf is there our port will be a valueable resource to refer to. So let's keep going. If we make our port stable, chances are much higher of getting in the KAME code into the tree, once it is available. Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:41:23 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id ED47B16A4CF; Thu, 16 Sep 2004 03:41:23 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 93237 invoked by uid 1005); 27 Jun 2003 19:42:50 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 93234 invoked from network); 27 Jun 2003 19:42:49 -0000 Received: from moutng.kundenserver.de (212.227.126.188) by pd9e39763.dip.t-dialin.net with SMTP; 27 Jun 2003 19:42:49 -0000 Received: from [212.227.126.159] (helo=mxng09.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19W01P-00085x-00 for max@vampire.homelinux.org; Fri, 27 Jun 2003 22:40:39 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng09.kundenserver.de with esmtp (Exim 3.35 #1) id 19W01N-0002cI-00 for max@love2party.net; Fri, 27 Jun 2003 22:40:37 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 0A760390ED9; Fri, 27 Jun 2003 15:33:03 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Fri, 27 Jun 2003 15:32:58 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from mwinf0203.wanadoo.fr (smtp7.wanadoo.fr [193.252.22.29]) ESMTP id 52A6C390883 for ; Fri, 27 Jun 2003 14:02:29 -0500 (EST) Received: from venus.vincentjardin.net (unknown [80.13.229.29]) by mwinf0203.wanadoo.fr (SMTP Server) with ESMTP id F0D9010001ED for ; Fri, 27 Jun 2003 21:10:00 +0200 (CEST) Content-type: text/plain; charset=iso-8859-1 From: Vincent Jardin To: pf4freebsd@freelists.org User-Agent: KMail/1.4.3 References: <005901c32f85$09558020$01000001@max900> <20030627095725.GC90519@kt-is.co.kr> <002501c33c95$2cc83da0$01000001@max900> In-Reply-To: <002501c33c95$2cc83da0$01000001@max900> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200306272111.20750.vjardin@wanadoo.fr> X-archive-position: 41 X-Approved-By: max@love2party.net X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: vjardin@wanadoo.fr Precedence: normal X-list: pf4freebsd X-UID: 136 X-Length: 3440 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: 2 ports of PF for FreeBSD X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:41:24 -0000 X-Original-Date: Fri, 27 Jun 2003 21:11:20 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:41:24 -0000 FYI, the Netbsd thread about PF can be read at the following URL: http://mail-index.netbsd.org/tech-net/2003/06/ Itojun has commited his patch today: U kame/pfctl/Makefile U kame/pfctl/parse.y U kame/pfctl/pf_print_state.c U kame/pfctl/pfctl.8 U kame/pfctl/pfctl.c U kame/pfctl/pfctl.h U kame/pfctl/pfctl_altq.c U kame/pfctl/pfctl_parser.c U kame/pfctl/pfctl_parser.h U kame/pfctl/pfctl_qstats.c U kame/pfctl/pfctl_radix.c U kame/pfctl/pfctl_table.c U kame/pflogd/Makefile U kame/pflogd/pflogd.8 U kame/pflogd/pflogd.c P sys/altq/altq_hfsc.c P sys/altq/altq_hfsc.h P sys/altq/altq_priq.c P sys/altq/altq_priq.h U sys/net/if_pflog.c U sys/net/if_pflog.h U sys/net/if_pfsync.c U sys/net/if_pfsync.h U sys/net/pf.c U sys/net/pf_ioctl.c U sys/net/pf_norm.c U sys/net/pf_table.c P sys/net/pfkeyv2.h U sys/net/pfvar.h P sys/netinet6/ip6_forward.c P sys/netinet6/ip6_output.c P sys/netinet6/ipsec.c P sys/netinet6/ipsec.h P sys/netkey/key.c P sys/netkey/key.h P sys/netkey/key_debug.c [...] Regards, Vincent From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:41:28 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id F26DE16A4CF; Thu, 16 Sep 2004 03:41:28 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 2185 invoked by uid 1005); 28 Jun 2003 11:22:28 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 2182 invoked from network); 28 Jun 2003 11:22:28 -0000 Received: from moutng.kundenserver.de (212.227.126.187) by pd9e39763.dip.t-dialin.net with SMTP; 28 Jun 2003 11:22:28 -0000 Received: from [212.227.126.153] (helo=mxng02.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19WEgl-0004ha-00 for max@vampire.homelinux.org; Sat, 28 Jun 2003 14:20:19 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng02.kundenserver.de with esmtp (Exim 3.35 #1) id 19WEgl-0005Dw-00 for max@love2party.net; Sat, 28 Jun 2003 14:20:19 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id AB7B23908CF; Sat, 28 Jun 2003 07:12:34 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sat, 28 Jun 2003 07:12:31 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.184])ESMTP id 601B1390891 for ; Sat, 28 Jun 2003 07:12:30 -0500 (EST) Received: from [212.227.126.206] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19WEgb-0005c5-00 for pf4freebsd@freelists.org; Sat, 28 Jun 2003 14:20:09 +0200 Received: from [217.227.151.99] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19WEgb-0002iU-00 for pf4freebsd@freelists.org; Sat, 28 Jun 2003 14:20:09 +0200 Message-ID: <002501c33d6f$b3c37060$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 42 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 137 X-Length: 3342 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Version 1.57 & Sourceforge (=Anoncvs) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:41:29 -0000 X-Original-Date: Sat, 28 Jun 2003 14:20:45 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:41:29 -0000 Hello, just uploaded version 1.57 (http://prdownloads.sourceforge.net/pf4freebsd/pf4freebsd_1.57.tar.gz?downlo ad) this version includes a similar fix as the last one and some cleanups. Pftop was added to the contrib section. There is an issue with an old IOCTL I have to patch for, but general functionality is provided. The most noteable change, however, is that we moved to SourceForge. This is not a final decision, but we belive that anoncvs-access is a valueable tool at the current project phase, as we sync very frequent and pulling a fresh tarball every other day sure is annoying. In addition we hope to get some attention from there as well, which will help the project to improve. I hope you like it and make use of the new services provided (esp. anoncvs) - if you don't, however, please let me know! Regards Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:41:34 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 0385D16A4CF; Thu, 16 Sep 2004 03:41:34 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 2750 invoked by uid 1005); 28 Jun 2003 13:10:45 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 2747 invoked from network); 28 Jun 2003 13:10:44 -0000 Received: from moutng.kundenserver.de (212.227.126.186) by pd9e39763.dip.t-dialin.net with SMTP; 28 Jun 2003 13:10:44 -0000 Received: from [212.227.126.140] (helo=mxng13.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19WGNY-0005wB-00 for max@vampire.homelinux.org; Sat, 28 Jun 2003 16:08:36 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng13.kundenserver.de with esmtp (Exim 3.35 #1) id 19WGNX-0005z6-00 for max@love2party.net; Sat, 28 Jun 2003 16:08:35 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 27CEF390858; Sat, 28 Jun 2003 09:00:54 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sat, 28 Jun 2003 09:00:49 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from kundenserver16.yws-admin.de (unknown [217.115.154.106]) ESMTP id 68A443906EE for ; Sat, 28 Jun 2003 09:00:48 -0500 (EST) Received: from kasimir.com (pD951E68D.dip.t-dialin.net [217.81.230.141]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by kundenserver16.yws-admin.de (Postfix) with ESMTP id 717C735261E for ; Sat, 28 Jun 2003 16:10:14 +0200 (CEST) Message-ID: <3EFDA15B.8030901@kasimir.com> From: Florian Smeets User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4b) Gecko/20030517 X-Accept-Language: en-us, en MIME-Version: 1.0 To: pf4freebsd@freelists.org References: <002501c33d6f$b3c37060$01000001@max900> In-Reply-To: <002501c33d6f$b3c37060$01000001@max900> Content-type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-archive-position: 43 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: flo@kasimir.com Precedence: normal X-list: pf4freebsd X-UID: 138 X-Length: 3830 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 Subject: [pf4freebsd] Re: Version 1.57 & Sourceforge (=Anoncvs) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:41:34 -0000 X-Original-Date: Sat, 28 Jun 2003 16:08:27 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:41:34 -0000 Max Laier wrote: Hey Max, > Hello, > > just uploaded version 1.57 > (http://prdownloads.sourceforge.net/pf4freebsd/pf4freebsd_1.57.tar.gz?downlo > ad) this version includes a similar fix as the last one and some cleanups. > Pftop was added to the contrib section. There is an issue with an old IOCTL > I have to patch for, but general functionality is provided. > > The most noteable change, however, is that we moved to SourceForge. This is > not a final decision, but we belive that anoncvs-access is a valueable tool > at the current project phase, as we sync very frequent and pulling a fresh > tarball every other day sure is annoying. > In addition we hope to get some attention from there as well, which will > help the project to improve. > I hope you like it and make use of the new services provided (esp. > anoncvs) - if you don't, however, please let me know! > > Regards > Max > > > anoncvs doen“t relly work yet: flo@flo [~/cvs] 38 #cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/pf4freebsd login Logging in to :pserver:anonymous@cvs.sourceforge.net:2401/cvsroot/pf4freebsd CVS password: cvs login: authorization failed: server cvs.sourceforge.net rejected access to /cvsroot/pf4freebsd for user anonymous flo@flo [~/cvs] 39 # I“d love to use anoncvs! Just keep up the really great work!!! Tanks, flo From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:41:39 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 0A08F16A4CF; Thu, 16 Sep 2004 03:41:39 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 9493 invoked by uid 1005); 29 Jun 2003 14:57:04 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 9490 invoked from network); 29 Jun 2003 14:57:04 -0000 Received: from moutng.kundenserver.de (212.227.126.186) by p508399a2.dip.t-dialin.net with SMTP; 29 Jun 2003 14:57:04 -0000 Received: from [212.227.126.146] (helo=mxng03.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19WeW0-00071A-00 for max@vampire.homelinux.org; Sun, 29 Jun 2003 17:54:56 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng03.kundenserver.de with esmtp (Exim 3.35 #1) id 19WeW0-00035u-00 for max@love2party.net; Sun, 29 Jun 2003 17:54:56 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id A8B63390981; Sun, 29 Jun 2003 10:47:04 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sun, 29 Jun 2003 10:47:00 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186])ESMTP id 5A1E8390940 for ; Sun, 29 Jun 2003 10:46:58 -0500 (EST) Received: from [212.227.126.155] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19WeVs-00070Q-00 for pf4freebsd@freelists.org; Sun, 29 Jun 2003 17:54:48 +0200 Received: from [80.131.153.162] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19WeVs-0002hP-00 for pf4freebsd@freelists.org; Sun, 29 Jun 2003 17:54:48 +0200 Message-ID: <002301c33e56$dad249f0$01000001@max900> From: "Max Laier" To: References: <002501c33d6f$b3c37060$01000001@max900> <3EFDA15B.8030901@kasimir.com> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 44 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 139 X-Length: 3158 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: Version 1.57 & Sourceforge (=Anoncvs) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:41:39 -0000 X-Original-Date: Sun, 29 Jun 2003 17:55:24 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:41:39 -0000 Looks like bad timeing: https://sourceforge.net/docman/display_doc.php?docid=2352&group_id=1 :( > anoncvs doen“t relly work yet: > > flo@flo [~/cvs] 38 #cvs > -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/pf4freebsd login > Logging in to :pserver:anonymous@cvs.sourceforge.net:2401/cvsroot/pf4freebsd > CVS password: > cvs login: authorization failed: server cvs.sourceforge.net rejected > access to /cvsroot/pf4freebsd for user anonymous > flo@flo [~/cvs] 39 # > > I“d love to use anoncvs! > > Just keep up the really great work!!! > > Tanks, > flo From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:41:44 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 0FB2E16A4CF; Thu, 16 Sep 2004 03:41:44 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 31918 invoked by uid 1005); 3 Jul 2003 14:51:45 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 31915 invoked from network); 3 Jul 2003 14:51:45 -0000 Received: from moutng.kundenserver.de (212.227.126.185) by p508396f3.dip.t-dialin.net with SMTP; 3 Jul 2003 14:51:45 -0000 Received: from [212.227.126.214] (helo=mxng18.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19Y6L7-0007WP-00 for max@vampire.homelinux.org; Thu, 03 Jul 2003 17:49:41 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng18.kundenserver.de with esmtp (Exim 3.35 #1) id 19Y6L3-0001dS-00 for max@love2party.net; Thu, 03 Jul 2003 17:49:38 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 9FC3239147E; Thu, 3 Jul 2003 10:40:09 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Thu, 03 Jul 2003 10:40:03 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177])ESMTP id 12497391346 for ; Thu, 3 Jul 2003 10:39:59 -0500 (EST) Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19Y6Ju-00054Q-00 for pf4freebsd@freelists.org; Thu, 03 Jul 2003 17:48:26 +0200 Received: from [80.131.150.243] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19Y6Ju-0001cQ-00 for pf4freebsd@freelists.org; Thu, 03 Jul 2003 17:48:26 +0200 Message-ID: <005601c3417a$a45f9950$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 45 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 143 X-Length: 2886 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Fw: [book announcement] Building Firewalls with OpenBSD and PF X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:41:44 -0000 X-Original-Date: Thu, 3 Jul 2003 17:49:09 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:41:44 -0000 If you prefer printed documentation, this might be interesting for you: > devguide.net is taking orders for "Building Firewalls with OpenBSD and > PF" by Jacek Artymiak > > http://www.devguide.net/books/buildingfirewallswithopenbsdandpf/ > > Best regards, > > Jacek Artymiak > > PS. This message was sent with Daniel's permission. Thank you, Daniel! > > From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:41:49 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 14D8416A4CF; Thu, 16 Sep 2004 03:41:49 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 35636 invoked by uid 1005); 3 Jul 2003 16:38:21 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 35633 invoked from network); 3 Jul 2003 16:38:20 -0000 Received: from moutng.kundenserver.de (212.227.126.189) by pd9530f8f.dip.t-dialin.net with SMTP; 3 Jul 2003 16:38:20 -0000 Received: from [212.227.126.158] (helo=mxng08.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19Y80H-0006B6-00 for max@vampire.homelinux.org; Thu, 03 Jul 2003 19:36:17 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng08.kundenserver.de with esmtp (Exim 3.35 #1) id 19Y80D-0005xO-00 for max@love2party.net; Thu, 03 Jul 2003 19:36:13 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 533D8390A9F; Thu, 3 Jul 2003 12:27:40 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Thu, 03 Jul 2003 12:27:36 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187])ESMTP id 3F33C390C79 for ; Thu, 3 Jul 2003 12:27:35 -0500 (EST) Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19Y803-0003bI-00 for pf4freebsd@freelists.org; Thu, 03 Jul 2003 19:36:03 +0200 Received: from [217.83.15.143] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19Y803-0007U0-00 for pf4freebsd@freelists.org; Thu, 03 Jul 2003 19:36:03 +0200 Message-ID: <004001c34189$acde7150$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 46 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 144 X-Length: 2731 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Version 1.58 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:41:49 -0000 X-Original-Date: Thu, 3 Jul 2003 19:36:45 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:41:49 -0000 Hello, sorry for making it short this time: http://pf4freebsd.love2party.net/pf_freebsd_1.58.tar.gz Please update! Includes a very critical fix found by Pyun! Our SF page was closed for the moment, as CVS is far from working and we won't use it atm. Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:41:54 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 1C08016A4D0; Thu, 16 Sep 2004 03:41:54 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 21049 invoked by uid 1005); 22 Jul 2003 06:34:24 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 21046 invoked from network); 22 Jul 2003 06:34:24 -0000 Received: from moutng.kundenserver.de (212.227.126.188) by p50839ca4.dip.t-dialin.net with SMTP; 22 Jul 2003 06:34:24 -0000 Received: from [212.227.126.150] (helo=mxng07.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19erdW-0000rv-00 for max@vampire.homelinux.org; Tue, 22 Jul 2003 09:32:38 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng07.kundenserver.de with esmtp (Exim 3.35 #1) id 19erdU-0001sl-00 for max@love2party.net; Tue, 22 Jul 2003 09:32:36 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id BD7C639506D; Tue, 22 Jul 2003 02:39:11 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 22 Jul 2003 02:39:07 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from ns.kt-is.co.kr (unknown [211.218.149.125]) ESMTP id 85BB5395052 for ; Tue, 22 Jul 2003 02:39:04 -0500 (EST) Received: from michelle.kt-is.co.kr ([220.76.118.193]) (authenticated bits=0) by ns.kt-is.co.kr (8.12.5/8.12.5) with ESMTP id h6M7Rx7m008473 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=FAIL) for ; Tue, 22 Jul 2003 16:27:59 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.9/8.12.9) with ESMTP id h6M7VmiJ005247 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 22 Jul 2003 16:31:48 +0900 (KST) (envelope-from yongari@michelle.kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.9/8.12.9/Submit) id h6M7VmLf005246 for pf4freebsd@freelists.org; Tue, 22 Jul 2003 16:31:48 +0900 (KST) (envelope-from yongari) From: Pyun YongHyeon To: pf4freebsd@freelists.org Message-ID: <20030722073144.GA4876@kt-is.co.kr> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Filter-Version: 1.9 (ns.kt-is.co.kr) Content-Transfer-Encoding: 8bit X-archive-position: 47 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: yongari@kt-is.co.kr Precedence: normal X-list: pf4freebsd X-UID: 148 X-Length: 3892 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Current status on FreeBSD pf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:41:54 -0000 X-Original-Date: Tue, 22 Jul 2003 16:31:44 +0900 X-List-Received-Date: Thu, 16 Sep 2004 03:41:54 -0000 Hello All, Recent ip_len/ip_off field's byte ordering changes in OpenBSD pf have introduced a few bugs. I have found a one bug and it was fixed and several people have fixed other parts of OpenBSD pf. I'm afraid there may be other bugs in the code and we should wait until OpenBSD pf stablizes.(Just a couple of weeks, IMO) Good news is we may get ALTQ support on FreeBSD 5.1. Bennis Berger has announced his own ALTQ patch against 5.1R. You can get the patch at the following URL. http://www.nipsi.de/FreeBSD/altq-freebsd-5.1-release.tar.gz Note! Currently the patch supports only fxp(4) driver. For those who are eager to experiment it, please share experience. Because one of my test system crashed during last week, I can't give the patch try on. As soon as recovering the system, I will test the code and let you know the results. If this patch work without problems, we can add more ALTQ-enabled drivers to the patch based on KAME drvier. Thank you. Regards, Pyun YongHyeon -- Pyun YongHyeon From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:41:59 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 21AF316A4CF; Thu, 16 Sep 2004 03:41:59 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 21106 invoked by uid 1005); 22 Jul 2003 06:51:50 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 21103 invoked from network); 22 Jul 2003 06:51:49 -0000 Received: from moutng.kundenserver.de (212.227.126.185) by p50839ca4.dip.t-dialin.net with SMTP; 22 Jul 2003 06:51:49 -0000 Received: from [212.227.126.153] (helo=mxng02.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19eruN-0007b0-00 for max@vampire.homelinux.org; Tue, 22 Jul 2003 09:50:03 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng02.kundenserver.de with esmtp (Exim 3.35 #1) id 19eruJ-0007Un-00 for max@love2party.net; Tue, 22 Jul 2003 09:49:59 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id A0E013950A3; Tue, 22 Jul 2003 02:56:34 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 22 Jul 2003 02:56:30 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from ns.kt-is.co.kr (unknown [211.218.149.125]) ESMTP id 6ED8E395087 for ; Tue, 22 Jul 2003 02:56:28 -0500 (EST) Received: from michelle.kt-is.co.kr ([220.76.118.193]) (authenticated bits=0) by ns.kt-is.co.kr (8.12.5/8.12.5) with ESMTP id h6M7jY7m008644 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=FAIL) for ; Tue, 22 Jul 2003 16:45:34 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.9/8.12.9) with ESMTP id h6M7nXiJ005324 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 22 Jul 2003 16:49:33 +0900 (KST) (envelope-from yongari@michelle.kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.9/8.12.9/Submit) id h6M7nXcW005323 for pf4freebsd@freelists.org; Tue, 22 Jul 2003 16:49:33 +0900 (KST) (envelope-from yongari) From: Pyun YongHyeon To: pf4freebsd@freelists.org Message-ID: <20030722074933.GD4876@kt-is.co.kr> References: <20030722073144.GA4876@kt-is.co.kr> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030722073144.GA4876@kt-is.co.kr> User-Agent: Mutt/1.4.1i X-Filter-Version: 1.9 (ns.kt-is.co.kr) Content-Transfer-Encoding: 8bit X-archive-position: 48 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: yongari@kt-is.co.kr Precedence: normal X-list: pf4freebsd X-UID: 149 X-Length: 4258 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: Current status on FreeBSD pf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:41:59 -0000 X-Original-Date: Tue, 22 Jul 2003 16:49:33 +0900 X-List-Received-Date: Thu, 16 Sep 2004 03:41:59 -0000 On Tue, Jul 22, 2003 at 04:31:44PM +0900, To pf4freebsd@freelists.org wrote: > > Recent ip_len/ip_off field's byte ordering changes in OpenBSD pf > have introduced a few bugs. I have found a one bug and it was > fixed and several people have fixed other parts of OpenBSD pf. > I'm afraid there may be other bugs in the code and we should > wait until OpenBSD pf stablizes.(Just a couple of weeks, IMO) > > Good news is we may get ALTQ support on FreeBSD 5.1. > Bennis Berger has announced his own ALTQ patch against 5.1R. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ thomas vogt pointed out typo. It's Dennis Berger, not Bennis Berger. I'm sorry. > You can get the patch at the following URL. > http://www.nipsi.de/FreeBSD/altq-freebsd-5.1-release.tar.gz > Note! Currently the patch supports only fxp(4) driver. > For those who are eager to experiment it, please share experience. > > Because one of my test system crashed during last week, I can't > give the patch try on. As soon as recovering the system, I will > test the code and let you know the results. If this patch work > without problems, we can add more ALTQ-enabled drivers to the > patch based on KAME drvier. > -- Pyun YongHyeon KTIS, Inc. +82-2-597-0600 From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:42:04 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 2863D16A4EF; Thu, 16 Sep 2004 03:42:04 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 50353 invoked by uid 1005); 28 Jul 2003 11:54:14 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 50350 invoked from network); 28 Jul 2003 11:54:14 -0000 Received: from moutng.kundenserver.de (212.227.126.187) by p50839528.dip.t-dialin.net with SMTP; 28 Jul 2003 11:54:14 -0000 Received: from [212.227.126.148] (helo=mxng05.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19h7UP-0002Yd-00 for max@vampire.homelinux.org; Mon, 28 Jul 2003 14:52:33 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng05.kundenserver.de with esmtp (Exim 3.35 #1) id 19h7UJ-0008W7-00 for max@love2party.net; Mon, 28 Jul 2003 14:52:27 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id ABACB39513A; Mon, 28 Jul 2003 07:58:03 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Mon, 28 Jul 2003 07:57:59 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188])ESMTP id 6CDD239509E for ; Mon, 28 Jul 2003 07:57:58 -0500 (EST) Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19h7U8-0005nE-00 for pf4freebsd@freelists.org; Mon, 28 Jul 2003 14:52:16 +0200 Received: from [80.131.149.40] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19h7U7-00055B-00 for pf4freebsd@freelists.org; Mon, 28 Jul 2003 14:52:15 +0200 Message-ID: <006301c35507$3d354860$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 49 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 150 X-Length: 3378 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Version 1.59 - Test with care! X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:42:04 -0000 X-Original-Date: Mon, 28 Jul 2003 14:53:24 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:42:04 -0000 Hello, after more than three weeks of silence from our side, Pyun announces a new snapshot: http://pf4freebsd.love2party.net/pf_freebsd_1.59.tar.gz This snapshot is the first which was tested against Dennis Berger's ALTQ-patchset for FreeBSD 5.1R found at: http://www.nipsi.de/FreeBSD/altq-freebsd-5.1-release.tar.gz Please note that: 1) OpenBSD changed byteorder inside pf, which exposed problems on us, many were discovered and fixed, but some may still exist. 2) ALTQ-Support is *alpha*! Documentation currently only in README.ALTQ => Testers required!!! 3) All work for this release was done by Pyun YongHyeon, as I am too busy at the moment! Big thanks to him for the hard work! 4) There were changes in the regress-suite and the way one should conduct the tests, please re-read the README before reporting problems. 5) Thanks for your feedback!!! Regards, Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:42:09 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 2F8E916A4CF; Thu, 16 Sep 2004 03:42:09 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 53994 invoked by uid 1005); 29 Jul 2003 01:15:27 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 53991 invoked from network); 29 Jul 2003 01:15:27 -0000 Received: from moutng.kundenserver.de (212.227.126.188) by pd9e398b1.dip.t-dialin.net with SMTP; 29 Jul 2003 01:15:27 -0000 Received: from [212.227.126.211] (helo=mxng15.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19hJzn-0001bZ-00 for max@vampire.homelinux.org; Tue, 29 Jul 2003 04:13:47 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng15.kundenserver.de with esmtp (Exim 3.35 #1) id 19hJzj-0005j7-00 for max@love2party.net; Tue, 29 Jul 2003 04:13:43 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 14437394FB6; Mon, 28 Jul 2003 21:19:12 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Mon, 28 Jul 2003 21:19:08 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from ns.kt-is.co.kr (unknown [211.218.149.125]) ESMTP id 807A4394039 for ; Mon, 28 Jul 2003 21:19:06 -0500 (EST) Received: from michelle.kt-is.co.kr ([220.76.118.193]) (authenticated bits=0) by ns.kt-is.co.kr (8.12.5/8.12.5) with ESMTP id h6T28u7m048557 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=FAIL) for ; Tue, 29 Jul 2003 11:08:56 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.9/8.12.9) with ESMTP id h6T2CqJT004387 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 29 Jul 2003 11:12:52 +0900 (KST) (envelope-from yongari@michelle.kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.9/8.12.9/Submit) id h6T2CpX8004386 for pf4freebsd@freelists.org; Tue, 29 Jul 2003 11:12:51 +0900 (KST) (envelope-from yongari) From: Pyun YongHyeon To: pf4freebsd@freelists.org Message-ID: <20030729021246.GA4291@kt-is.co.kr> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Filter-Version: 1.9 (ns.kt-is.co.kr) Content-Transfer-Encoding: 8bit X-archive-position: 50 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: yongari@kt-is.co.kr Precedence: normal X-list: pf4freebsd X-UID: 151 X-Length: 3436 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] patches for ALTQ on 5.1R X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:42:09 -0000 X-Original-Date: Tue, 29 Jul 2003 11:12:46 +0900 X-List-Received-Date: Thu, 16 Sep 2004 03:42:09 -0000 Hello All, There is a patch for Dennis Berger's ALTQ. This patch was posted to Dennis and he published the patch on this URL. His next release will include this patch. http://www.nipsi.de/FreeBSD/altqfixes.0.1 Above patch solves Dennis' IF_POLL macro problem. It also touches wi(4) driver and provide a new ALTQ driver tun(4). Beware! Both wi(4) and tun(4) driver was not tested at all. So you may get panics!(I just have fxp(4)) I hope the tun(4) driver can be used to experiment "prioritizing empty TCP acks". Thank you. Regards, -- Pyun YongHyeon From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:42:14 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 3582016A4CF; Thu, 16 Sep 2004 03:42:14 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 55742 invoked by uid 1005); 29 Jul 2003 12:41:40 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 55739 invoked from network); 29 Jul 2003 12:41:39 -0000 Received: from moutng.kundenserver.de (212.227.126.171) by pd9e398b1.dip.t-dialin.net with SMTP; 29 Jul 2003 12:41:39 -0000 Received: from [212.227.126.164] (helo=mxng11.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19hUhs-0002kX-00 for max@vampire.homelinux.org; Tue, 29 Jul 2003 15:40:00 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng11.kundenserver.de with esmtp (Exim 3.35 #1) id 19hUhm-0006cX-00 for max@love2party.net; Tue, 29 Jul 2003 15:39:54 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 6BEDF39503C; Tue, 29 Jul 2003 08:45:21 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 29 Jul 2003 08:45:16 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from ns.kt-is.co.kr (unknown [211.218.149.125]) ESMTP id C6447394F83 for ; Tue, 29 Jul 2003 08:45:14 -0500 (EST) Received: from michelle.kt-is.co.kr ([220.76.118.193]) (authenticated bits=0) by ns.kt-is.co.kr (8.12.5/8.12.5) with ESMTP id h6TDZB7m052390 verify=FAIL); Tue, 29 Jul 2003 22:35:11 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.9/8.12.9) with ESMTP id h6TDcvJT006118 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 29 Jul 2003 22:38:57 +0900 (KST) (envelope-from yongari@michelle.kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.9/8.12.9/Submit) id h6TDcnuC006116; Tue, 29 Jul 2003 22:38:49 +0900 (KST) (envelope-from yongari) From: Pyun YongHyeon To: pf4freebsd@freelists.org Message-ID: <20030729133844.GA5934@kt-is.co.kr> References: <20030729021246.GA4291@kt-is.co.kr> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030729021246.GA4291@kt-is.co.kr> User-Agent: Mutt/1.4.1i X-Filter-Version: 1.9 (ns.kt-is.co.kr) Content-Transfer-Encoding: 8bit X-archive-position: 51 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: yongari@kt-is.co.kr Precedence: normal X-list: pf4freebsd X-UID: 152 X-Length: 4617 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 cc: Dennis.Berger@BSDsystems.de Subject: [pf4freebsd] Re: patches for ALTQ on 5.1R X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:42:14 -0000 X-Original-Date: Tue, 29 Jul 2003 22:38:44 +0900 X-List-Received-Date: Thu, 16 Sep 2004 03:42:14 -0000 On Tue, Jul 29, 2003 at 11:12:46AM +0900, To pf4freebsd@freelists.org wrote: > > Hello All, > > There is a patch for Dennis Berger's ALTQ. > This patch was posted to Dennis and he published the patch > on this URL. His next release will include this patch. > > http://www.nipsi.de/FreeBSD/altqfixes.0.1 > > Above patch solves Dennis' IF_POLL macro problem. It also > touches wi(4) driver and provide a new ALTQ driver tun(4). > Beware! Both wi(4) and tun(4) driver was not tested at all. > So you may get panics!(I just have fxp(4)) > I hope the tun(4) driver can be used to experiment > "prioritizing empty TCP acks". > Hello All, I got several random lockups when I enable ALTQ. If I ping to the victim system during boot, the system is paniced. I think this problem comes from ALTQ fxp(4) driver. Based on http://people.freebsd.org/~hmp/patches/if_fxp-alt.diff I made a patch for ALTQ fxp driver. This patch was generated after applying Dennis's ALTQ patch. I can't sure this patch solves all fxp(4) problems but it works for me at least up to now. --- ./sys.altq/dev/fxp/if_fxpvar.h.ORG Tue Jul 29 22:25:51 2003 +++ ./sys.altq/dev/fxp/if_fxpvar.h Tue Jul 29 22:13:34 2003 @@ -111,8 +111,14 @@ #define mtx_destroy(a) struct mtx { int dummy; }; #else -#define FXP_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx) -#define FXP_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx) +#define FXP_LOCK(_sc) do { \ + if (!mtx_owned(&(_sc)->sc_mtx)) \ + mtx_lock(&(_sc)->sc_mtx); \ +} while(0) +#define FXP_UNLOCK(_sc) do { \ + if (mtx_owned(&(_sc)->sc_mtx)); \ + mtx_unlock(&(_sc)->sc_mtx); \ +} while(0) #endif /* Thanks. Regards, -- Pyun YongHyeon From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:42:19 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 3AF9916A4CF; Thu, 16 Sep 2004 03:42:19 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 71811 invoked by uid 1005); 29 Jul 2003 17:16:09 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 71808 invoked from network); 29 Jul 2003 17:16:08 -0000 Received: from moutng.kundenserver.de (212.227.126.189) by p50839292.dip.t-dialin.net with SMTP; 29 Jul 2003 17:16:08 -0000 Received: from [212.227.126.159] (helo=mxng09.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19hYzV-0004KN-00 for max@vampire.homelinux.org; Tue, 29 Jul 2003 20:14:29 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng09.kundenserver.de with esmtp (Exim 3.35 #1) id 19hYzR-0003sW-00 for max@love2party.net; Tue, 29 Jul 2003 20:14:25 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 5FD40395206; Tue, 29 Jul 2003 13:19:51 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 29 Jul 2003 13:19:47 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from mail.nipsi.de (b121252.adsl.hansenet.de [62.109.121.252]) ESMTP id 147FC39516A for ; Tue, 29 Jul 2003 13:19:46 -0500 (EST) Received: from blackbox.home.net (blackbox.home.net [172.16.1.13]) (TLS: TLSv1/SSLv3,256bits,AES256-SHA) by mail.nipsi.de with esmtp; Tue, 29 Jul 2003 20:14:17 +0200 Received: from BSDsystems.de (blackbox.home.net [172.16.1.13]) by blackbox.home.net (8.12.9/8.12.9) with ESMTP id h6TIELQu030721 for ; Tue, 29 Jul 2003 20:14:22 +0200 (CEST) (envelope-from Dennis.Berger@BSDsystems.de) Message-ID: <3F26B97C.6060808@BSDsystems.de> From: Dennis Berger User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030704 X-Accept-Language: en-us, en MIME-Version: 1.0 To: pf4freebsd@freelists.org References: <20030729021246.GA4291@kt-is.co.kr> <20030729133844.GA5934@kt-is.co.kr> In-Reply-To: <20030729133844.GA5934@kt-is.co.kr> Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-archive-position: 52 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: Dennis.Berger@BSDsystems.de Precedence: normal X-list: pf4freebsd X-UID: 153 X-Length: 4543 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: patches for ALTQ on 5.1R X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:42:19 -0000 X-Original-Date: Tue, 29 Jul 2003 20:14:20 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:42:19 -0000 Pyun YongHyeon wrote: >On Tue, Jul 29, 2003 at 11:12:46AM +0900, To pf4freebsd@freelists.org wrote: > > > > Hello All, > > > > There is a patch for Dennis Berger's ALTQ. > > This patch was posted to Dennis and he published the patch > > on this URL. His next release will include this patch. > > > > http://www.nipsi.de/FreeBSD/altqfixes.0.1 > > > > Above patch solves Dennis' IF_POLL macro problem. It also > > touches wi(4) driver and provide a new ALTQ driver tun(4). > > Beware! Both wi(4) and tun(4) driver was not tested at all. > > So you may get panics!(I just have fxp(4)) > > I hope the tun(4) driver can be used to experiment > > "prioritizing empty TCP acks". > > >Hello All, > >I got several random lockups when I enable ALTQ. >If I ping to the victim system during boot, the system is paniced. >I think this problem comes from ALTQ fxp(4) driver. >Based on http://people.freebsd.org/~hmp/patches/if_fxp-alt.diff >I made a patch for ALTQ fxp driver. >This patch was generated after applying Dennis's ALTQ patch. >I can't sure this patch solves all fxp(4) problems but it works >for me at least up to now. > >--- ./sys.altq/dev/fxp/if_fxpvar.h.ORG Tue Jul 29 22:25:51 2003 >+++ ./sys.altq/dev/fxp/if_fxpvar.h Tue Jul 29 22:13:34 2003 >@@ -111,8 +111,14 @@ > #define mtx_destroy(a) > struct mtx { int dummy; }; > #else >-#define FXP_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx) >-#define FXP_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx) >+#define FXP_LOCK(_sc) do { \ >+ if (!mtx_owned(&(_sc)->sc_mtx)) \ >+ mtx_lock(&(_sc)->sc_mtx); \ >+} while(0) >+#define FXP_UNLOCK(_sc) do { \ >+ if (mtx_owned(&(_sc)->sc_mtx)); \ >+ mtx_unlock(&(_sc)->sc_mtx); \ >+} while(0) > #endif > > /* > >Thanks. > >Regards, > > http://www.nipsi.de/FreeBSD/altq-freebsd-5.1-release.tar.gz this release includs all fixes till today... if_var, if_wi, if_tun, fxp... greets Dennis From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:42:24 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 4006C16A4CF; Thu, 16 Sep 2004 03:42:24 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 38927 invoked by uid 1005); 3 Aug 2003 12:53:16 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 38924 invoked from network); 3 Aug 2003 12:53:13 -0000 Received: from moutng.kundenserver.de (212.227.126.186) by p508399e4.dip.t-dialin.net with SMTP; 3 Aug 2003 12:53:13 -0000 Received: from [212.227.126.215] (helo=mxng19.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jJF8-00006y-00 for max@vampire.homelinux.org; Sun, 03 Aug 2003 15:49:50 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng19.kundenserver.de with esmtp (Exim 3.35 #1) id 19jJF4-0000Sz-00 for max@love2party.net; Sun, 03 Aug 2003 15:49:46 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 9A9E6395048; Sun, 3 Aug 2003 08:54:23 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sun, 03 Aug 2003 08:54:19 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from web12804.mail.yahoo.com (web12804.mail.yahoo.com [216.136.174.39])SMTP id 8E55A394FCE for ; Sun, 3 Aug 2003 08:54:18 -0500 (EST) Message-ID: <20030803134932.51529.qmail@web12804.mail.yahoo.com> Received: from [207.188.198.140] by web12804.mail.yahoo.com via HTTP; Sun, 03 Aug 2003 06:49:32 PDT From: cipherbk To: pf4freebsd@freelists.org MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-archive-position: 53 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: cipherbk@yahoo.com Precedence: normal X-list: pf4freebsd X-UID: 154 X-Length: 4695 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] pf 1.59 and ALTQ install trouble X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:42:24 -0000 X-Original-Date: Sun, 3 Aug 2003 06:49:32 -0700 (PDT) X-List-Received-Date: Thu, 16 Sep 2004 03:42:24 -0000 Hello, I've been battling with PF 1.59 and the new ALTQ (0.4) patches for 5.1 and having no luck getting them to install. I've tried using the install instructions from PF's README.ALTQ (which is way outdated) and I've followed the instructions from the ALTQ README: INSTALL Kernel: 1. copy your sys tree to a new sys.altq directory # cd /usr/src # cp -pr sys sys.altq 2. move your old sys away # mv /usr/src/sys /usr/src/sys.orig 3. link the new sys.altq # ln -s /usr/src/sys.altq /usr/src/sys 4. apply sys-altq-current.diff to the kernel sources in sys.altq # cd altq-distdir # patch -d /usr/src/sys.altq -p0 < sys-altq-freebsd-5.1-release.diff 5. copy the altq kernel files into sys.altq/altq # cp -pr altq /usr/src/sys.altq 6. add "options ALTQ" to your KERNEL or use the KERNEL named "ALTQ" 7. rebuild your kernel and reboot your system Headers: 1. create symbolic link /usr/include/altq -> /usr/src/sys.altq/altq I am using the 'new' way to build a kernel, i.e., specify KERNCONF=ALTQKERNEL in /etc/make.conf, then when it's time to build and install the kernel, I run 'make buildkernel' and 'make installkernel' from /usr/src. Now, PF doesn't load, even though I didn't get any errors during the kernel build/install, nor during the install of PF after the ALTQ kernel was installed. When attempting to bring up pf.ko, it complains with: kldload: can't load /boot/kernel/pf.ko: No such file or directory However, it's clearly present: # ls -la /boot/kernel|grep pf.ko -r-xr-xr-x 1 root wheel 141897 Aug 3 09:10 pf.ko BTW, it gives the same for pfaltq.ko, and that's in /boot/kernel also. Obviously, PF fails to start. PF was working fine before I tried to install ALTQ. I even blew away everything in /usr/src, re-cvsup'd and started from scratch and get the same result. Again, I was successful in getting ALTQ working on 5.0 (first try, even!), but the ALTQ install procedure for 5.0 was somewhat different. dmesg: Mounting root from ufs:/dev/da0s1a link_elf: symbol altq_lookup undefined link_elf: symbol altq_lookup undefined KLD pf.ko: depends on pfaltq - not available I'm attempting to load pfaltq.ko, then pf.ko at startup (as well as bring up pflog0, pfsync0, pflog.ko) Any ideas, fellas? Is there something missing from the instructions? __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:42:29 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 4466616A4CF; Thu, 16 Sep 2004 03:42:29 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 39138 invoked by uid 1005); 3 Aug 2003 13:19:25 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 39135 invoked from network); 3 Aug 2003 13:19:25 -0000 Received: from moutng.kundenserver.de (212.227.126.171) by p508399e4.dip.t-dialin.net with SMTP; 3 Aug 2003 13:19:25 -0000 Received: from [212.227.126.163] (helo=mxng10.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jJOo-00017I-00 for max@vampire.homelinux.org; Sun, 03 Aug 2003 15:59:50 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng10.kundenserver.de with esmtp (Exim 3.35 #1) id 19jJOm-0000gS-00 for max@love2party.net; Sun, 03 Aug 2003 15:59:48 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id EFB7339505C; Sun, 3 Aug 2003 09:04:27 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sun, 03 Aug 2003 09:04:24 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from web12803.mail.yahoo.com (web12803.mail.yahoo.com [216.136.174.38])SMTP id 3F885395072 for ; Sun, 3 Aug 2003 09:04:23 -0500 (EST) Message-ID: <20030803135941.76316.qmail@web12803.mail.yahoo.com> Received: from [207.188.198.140] by web12803.mail.yahoo.com via HTTP; Sun, 03 Aug 2003 06:59:41 PDT From: cipherbk To: pf4freebsd@freelists.org In-Reply-To: <20030803134932.51529.qmail@web12804.mail.yahoo.com> MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-archive-position: 54 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: cipherbk@yahoo.com Precedence: normal X-list: pf4freebsd X-UID: 155 X-Length: 2761 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: pf 1.59 and ALTQ install trouble (disregard original msg) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:42:29 -0000 X-Original-Date: Sun, 3 Aug 2003 06:59:41 -0700 (PDT) X-List-Received-Date: Thu, 16 Sep 2004 03:42:29 -0000 Bah, never mind, I just found the issue (of course, right after I sent the first message)! When I copied my kernel config from the old one, I neglected to uncomment the ALTQ option (it was there, just commented out). I should have noticed that sooner from the dmesg. My bad. One other thing to note is that if you are using an SMP system, you need to specify ALTQ_NOPCC instead of ALTQ in the kernel config. It's compiling now, we'll see how it goes... __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:42:34 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 498D716A4CF; Thu, 16 Sep 2004 03:42:34 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 39203 invoked by uid 1005); 3 Aug 2003 13:47:44 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 39200 invoked from network); 3 Aug 2003 13:47:44 -0000 Received: from moutng.kundenserver.de (212.227.126.187) by p508399e4.dip.t-dialin.net with SMTP; 3 Aug 2003 13:47:44 -0000 Received: from [212.227.126.214] (helo=mxng18.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jK5t-0005cS-00 for max@vampire.homelinux.org; Sun, 03 Aug 2003 16:44:21 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng18.kundenserver.de with esmtp (Exim 3.35 #1) id 19jK5o-00053t-00 for max@love2party.net; Sun, 03 Aug 2003 16:44:16 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 084053950E5; Sun, 3 Aug 2003 09:48:54 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sun, 03 Aug 2003 09:48:49 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from web12809.mail.yahoo.com (web12809.mail.yahoo.com [216.136.174.136])SMTP id A930A39506C for ; Sun, 3 Aug 2003 09:48:48 -0500 (EST) Message-ID: <20030803144407.81045.qmail@web12809.mail.yahoo.com> Received: from [207.188.198.140] by web12809.mail.yahoo.com via HTTP; Sun, 03 Aug 2003 07:44:07 PDT From: cipherbk To: pf4freebsd@freelists.org In-Reply-To: <20030803135941.76316.qmail@web12803.mail.yahoo.com> MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-archive-position: 55 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: cipherbk@yahoo.com Precedence: normal X-list: pf4freebsd X-UID: 156 X-Length: 3186 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: pf 1.59 and ALTQ install trouble X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:42:34 -0000 X-Original-Date: Sun, 3 Aug 2003 07:44:07 -0700 (PDT) X-List-Received-Date: Thu, 16 Sep 2004 03:42:34 -0000 Interestingly, that didn't make a difference, buildkernel/installkernel worked, as did the PF installation, but still dmesg gives the same error messages: link_elf: symbol altq_lookup undefined link_elf: symbol altq_lookup undefined KLD pf.ko: depends on pfaltq - not available So, I do need assistance on the first issue after all. Something's amiss with the ALTQ install procedure. --- cipherbk wrote: > Bah, never mind, I just found the issue (of course, right after I > sent > the first message)! > > When I copied my kernel config from the old one, I neglected to > uncomment the ALTQ option (it was there, just commented out). I > should > have noticed that sooner from the dmesg. My bad. > > One other thing to note is that if you are using an SMP system, you > need to specify ALTQ_NOPCC instead of ALTQ in the kernel config. > > It's compiling now, we'll see how it goes... __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:42:39 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 4F2E016A4CF; Thu, 16 Sep 2004 03:42:39 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 39366 invoked by uid 1005); 3 Aug 2003 15:02:54 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 39363 invoked from network); 3 Aug 2003 15:02:53 -0000 Received: from moutng.kundenserver.de (212.227.126.189) by p508399e4.dip.t-dialin.net with SMTP; 3 Aug 2003 15:02:53 -0000 Received: from [212.227.126.139] (helo=mxng12.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jLGj-0000NV-00 for max@vampire.homelinux.org; Sun, 03 Aug 2003 17:59:37 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng12.kundenserver.de with esmtp (Exim 3.35 #1) id 19jLGf-0007Tz-00 for max@love2party.net; Sun, 03 Aug 2003 17:59:33 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 257CE39505C; Sun, 3 Aug 2003 11:04:10 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sun, 03 Aug 2003 11:04:06 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from phobos.raisdorf.net (phobos.raisdorf.net [195.244.235.251]) ESMTP id 239B2395032 for ; Sun, 3 Aug 2003 11:04:05 -0500 (EST) Received: by phobos.raisdorf.net (Postfix, from userid 66) id 5902623854; Sun, 3 Aug 2003 17:59:23 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by pandemonium.lan.raisdorf.net (Postfix) with ESMTP id 116C56C6C4 for ; Sun, 3 Aug 2003 17:54:37 +0200 (CEST) Received: from pandemonium.lan.raisdorf.net ([127.0.0.1])port 10024) with ESMTP id 83471-09 for ; Sun, 3 Aug 2003 17:53:54 +0200 (CEST) Received: by pandemonium.lan.raisdorf.net (Postfix, from userid 1001) id ABD666C6DE; Sun, 3 Aug 2003 17:35:53 +0200 (CEST) From: Hendrik Scholz To: pf4freebsd@freelists.org Message-ID: <20030803153553.GA84041@pandemonium.lan.raisdorf.net> References: <20030803135941.76316.qmail@web12803.mail.yahoo.com> <20030803144407.81045.qmail@web12809.mail.yahoo.com> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030803144407.81045.qmail@web12809.mail.yahoo.com> User-Agent: Mutt/1.5.4i X-Virus-Scanned: by amavisd-new at mail.lan.raisdorf.net Content-Transfer-Encoding: 8bit X-archive-position: 56 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: hscholz@raisdorf.net Precedence: normal X-list: pf4freebsd X-UID: 157 X-Length: 3760 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: pf 1.59 and ALTQ install trouble X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:42:39 -0000 X-Original-Date: Sun, 3 Aug 2003 17:35:53 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:42:39 -0000 Hi! On Sun, Aug 03, 2003 at 07:44:07AM -0700, cipherbk wrote: > link_elf: symbol altq_lookup undefined > link_elf: symbol altq_lookup undefined > KLD pf.ko: depends on pfaltq - not available This looks like a dependency problem. $ strings /boot/kernel/kernel|grep -c altq_lookup should return a value >0 (1 in my case) as this function is in the kernel itself. Since misc. pf modules need functions implemented in other modules the modules have to be loaded in a certain order: - pflog.ko - pfsync.ko - pfaltq.ko - pf.ko IIRC this is the order given in the README file. In your situation the kernel itself is missing ALTQ support thus preventing pfaltq.ko (and thus pf.ko) to load. Hendrik -- Hendrik Scholz - - http://raisdorf.net/ drag me, drop me - treat me like an object From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:42:44 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 5482E16A4CF; Thu, 16 Sep 2004 03:42:44 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 39415 invoked by uid 1005); 3 Aug 2003 15:26:01 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 39412 invoked from network); 3 Aug 2003 15:26:00 -0000 Received: from moutng.kundenserver.de (212.227.126.187) by p508399e4.dip.t-dialin.net with SMTP; 3 Aug 2003 15:26:00 -0000 Received: from [212.227.126.159] (helo=mxng09.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jLd6-0005p2-00 for max@vampire.homelinux.org; Sun, 03 Aug 2003 18:22:44 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng09.kundenserver.de with esmtp (Exim 3.35 #1) id 19jLd3-0002mf-00 for max@love2party.net; Sun, 03 Aug 2003 18:22:42 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id E3A01395094; Sun, 3 Aug 2003 11:27:20 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sun, 03 Aug 2003 11:27:16 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from web12805.mail.yahoo.com (web12805.mail.yahoo.com [216.136.174.40])SMTP id D051C394FB9 for ; Sun, 3 Aug 2003 11:27:15 -0500 (EST) Message-ID: <20030803162235.7402.qmail@web12805.mail.yahoo.com> Received: from [207.188.198.140] by web12805.mail.yahoo.com via HTTP; Sun, 03 Aug 2003 09:22:35 PDT From: cipherbk To: pf4freebsd@freelists.org In-Reply-To: <20030803153553.GA84041@pandemonium.lan.raisdorf.net> MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-archive-position: 57 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: cipherbk@yahoo.com Precedence: normal X-list: pf4freebsd X-UID: 158 X-Length: 3520 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: pf 1.59 and ALTQ install trouble X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:42:44 -0000 X-Original-Date: Sun, 3 Aug 2003 09:22:35 -0700 (PDT) X-List-Received-Date: Thu, 16 Sep 2004 03:42:44 -0000 Right, I indeed received 0 (which I expected) in response to the strings command, which furthers my belief that the install instructions are incomplete, as I followed them verbatim. Has anyone installed 0.4 within the last 24 hours and have an updated install procedure for ALTQ? Thanks --- Hendrik Scholz wrote: > Hi! > > On Sun, Aug 03, 2003 at 07:44:07AM -0700, cipherbk wrote: > > link_elf: symbol altq_lookup undefined > > link_elf: symbol altq_lookup undefined > > KLD pf.ko: depends on pfaltq - not available > > This looks like a dependency problem. > $ strings /boot/kernel/kernel|grep -c altq_lookup > should return a value >0 (1 in my case) as this function is in the > kernel itself. > Since misc. pf modules need functions implemented in other modules > the > modules have to be loaded in a certain order: > - pflog.ko > - pfsync.ko > - pfaltq.ko > - pf.ko > > IIRC this is the order given in the README file. > > In your situation the kernel itself is missing ALTQ support thus > preventing pfaltq.ko (and thus pf.ko) to load. > > Hendrik > > -- > Hendrik Scholz - - http://raisdorf.net/ > > drag me, drop me - treat me like an object > __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:42:49 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 589B416A4CF; Thu, 16 Sep 2004 03:42:49 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 39519 invoked by uid 1005); 3 Aug 2003 16:03:29 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 39516 invoked from network); 3 Aug 2003 16:03:29 -0000 Received: from moutng.kundenserver.de (212.227.126.186) by pd953052f.dip.t-dialin.net with SMTP; 3 Aug 2003 16:03:29 -0000 Received: from [212.227.126.147] (helo=mxng04.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jMDN-0000Ss-00 for max@vampire.homelinux.org; Sun, 03 Aug 2003 19:00:13 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng04.kundenserver.de with esmtp (Exim 3.35 #1) id 19jMDL-0004rC-00 for max@love2party.net; Sun, 03 Aug 2003 19:00:11 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 8B9D239513A; Sun, 3 Aug 2003 12:04:48 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sun, 03 Aug 2003 12:04:36 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from phobos.raisdorf.net (phobos.raisdorf.net [195.244.235.251]) ESMTP id 510C63950FB for ; Sun, 3 Aug 2003 12:04:32 -0500 (EST) Received: by phobos.raisdorf.net (Postfix, from userid 66) id 7F6352384E; Sun, 3 Aug 2003 18:59:51 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by pandemonium.lan.raisdorf.net (Postfix) with ESMTP id D1B5164D79 for ; Sun, 3 Aug 2003 18:44:22 +0200 (CEST) Received: from pandemonium.lan.raisdorf.net ([127.0.0.1])port 10024) with ESMTP id 84804-06 for ; Sun, 3 Aug 2003 18:43:54 +0200 (CEST) Received: by pandemonium.lan.raisdorf.net (Postfix, from userid 1001) id 8ADD96C6E6; Sun, 3 Aug 2003 17:46:30 +0200 (CEST) From: Hendrik Scholz To: pf4freebsd@freelists.org Message-ID: <20030803154630.GB84041@pandemonium.lan.raisdorf.net> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.4i X-Virus-Scanned: by amavisd-new at mail.lan.raisdorf.net Content-Transfer-Encoding: 8bit X-archive-position: 58 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: hscholz@raisdorf.net Precedence: normal X-list: pf4freebsd X-UID: 159 X-Length: 3915 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] pf hack: use scrub rule to set TOS bits X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:42:49 -0000 X-Original-Date: Sun, 3 Aug 2003 17:46:30 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:42:49 -0000 Hi! I've got pf 1.59 w/ ALTQ running and now get into the situation that outgoing packets are queued correctly but I don't have the chance to configure the opposite side (DSL access concentrator, Cisco router). I'm just hacking up pfctl and pf to recognize a rule like this: scrub out on $ext_if proto icmp from $internal to any tos 0x10 keep state or scrub out on $ext_if proto udp from $internal to any port 4000 tos 0x10 keep state This will set the ip_tos bits to 0x10 (if not set otherwise). I still have to conduct some tests (prolly using nemesis-icmp) to see whether my upstream routers will return the answer with the same tos bits. In case a) the destination host and b) the upstream router both make their queuing decisions based on the tos bits we might manage to influence our upstream routers behaviour and finally play Diablo while doing large downloads. Since weather is nice and I have other things to hack on this might take a few days until it proofs stable. Just FYI, Hendrik -- Hendrik Scholz - - http://raisdorf.net/ drag me, drop me - treat me like an object From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:42:54 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 6FE8116A4CF; Thu, 16 Sep 2004 03:42:54 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 39638 invoked by uid 1005); 3 Aug 2003 16:33:12 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 39635 invoked from network); 3 Aug 2003 16:33:12 -0000 Received: from moutng.kundenserver.de (212.227.126.183) by pd953052f.dip.t-dialin.net with SMTP; 3 Aug 2003 16:33:12 -0000 Received: from [212.227.126.150] (helo=mxng07.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jMg8-0000b6-00 for max@vampire.homelinux.org; Sun, 03 Aug 2003 19:29:56 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng07.kundenserver.de with esmtp (Exim 3.35 #1) id 19jMg6-0000u5-00 for max@love2party.net; Sun, 03 Aug 2003 19:29:54 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id F293439513C; Sun, 3 Aug 2003 12:34:23 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sun, 03 Aug 2003 12:34:17 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from phobos.raisdorf.net (phobos.raisdorf.net [195.244.235.251]) ESMTP id D3B9A395137 for ; Sun, 3 Aug 2003 12:34:13 -0500 (EST) Received: by phobos.raisdorf.net (Postfix, from userid 66) id 4E0F22384E; Sun, 3 Aug 2003 19:29:33 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by pandemonium.lan.raisdorf.net (Postfix) with ESMTP id 8C1666B8B0 for ; Sun, 3 Aug 2003 19:17:44 +0200 (CEST) Received: from pandemonium.lan.raisdorf.net ([127.0.0.1])port 10024) with ESMTP id 06076-01 for ; Sun, 3 Aug 2003 19:17:15 +0200 (CEST) Received: by pandemonium.lan.raisdorf.net (Postfix, from userid 1001) id 7CBA06C6F1; Sun, 3 Aug 2003 18:55:01 +0200 (CEST) From: Hendrik Scholz To: pf4freebsd@freelists.org Message-ID: <20030803165501.GA96486@pandemonium.lan.raisdorf.net> References: <20030803153553.GA84041@pandemonium.lan.raisdorf.net> <20030803162235.7402.qmail@web12805.mail.yahoo.com> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030803162235.7402.qmail@web12805.mail.yahoo.com> User-Agent: Mutt/1.5.4i X-Virus-Scanned: by amavisd-new at mail.lan.raisdorf.net Content-Transfer-Encoding: 8bit X-archive-position: 59 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: hscholz@raisdorf.net Precedence: normal X-list: pf4freebsd X-UID: 160 X-Length: 3727 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: pf 1.59 and ALTQ install trouble X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:42:54 -0000 X-Original-Date: Sun, 3 Aug 2003 18:55:01 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:42:54 -0000 Hi! On Sun, Aug 03, 2003 at 09:22:35AM -0700, cipherbk wrote: > Right, I indeed received 0 (which I expected) in response to the > strings command, which furthers my belief that the install instructions > are incomplete, as I followed them verbatim. Just build a kernel including 'options ALTQ'. strings did show that your kernel does NOT contain ALTQ but the install instructions stated you should include it (README.ALTQ iirc). Just add the option to your kernel and do $ cd /sys/i386/compile/FOO && make clean $ cd /sys/i386/conf && config FOO $ cd ../compile/FOO && make depend && make && make install $ strings /boot/kernel/kernel |grep -c altq_lookup Hendrik -- Hendrik Scholz - - http://raisdorf.net/ drag me, drop me - treat me like an object From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:42:59 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 73BEE16A4CF; Thu, 16 Sep 2004 03:42:59 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 39687 invoked by uid 1005); 3 Aug 2003 16:58:37 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 39684 invoked from network); 3 Aug 2003 16:58:37 -0000 Received: from moutng.kundenserver.de (212.227.126.184) by pd953052f.dip.t-dialin.net with SMTP; 3 Aug 2003 16:58:37 -0000 Received: from [212.227.126.150] (helo=mxng07.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jN4j-0007Ab-00 for max@vampire.homelinux.org; Sun, 03 Aug 2003 19:55:21 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng07.kundenserver.de with esmtp (Exim 3.35 #1) id 19jN4f-00080t-00 for max@love2party.net; Sun, 03 Aug 2003 19:55:17 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id A07BA3950E7; Sun, 3 Aug 2003 12:59:54 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sun, 03 Aug 2003 12:59:50 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from web12802.mail.yahoo.com (web12802.mail.yahoo.com [216.136.174.37])SMTP id E38623950C4 for ; Sun, 3 Aug 2003 12:59:48 -0500 (EST) Message-ID: <20030803175508.67887.qmail@web12802.mail.yahoo.com> Received: from [207.188.198.140] by web12802.mail.yahoo.com via HTTP; Sun, 03 Aug 2003 10:55:08 PDT From: cipherbk To: pf4freebsd@freelists.org In-Reply-To: <20030803165501.GA96486@pandemonium.lan.raisdorf.net> MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-archive-position: 60 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: cipherbk@yahoo.com Precedence: normal X-list: pf4freebsd X-UID: 161 X-Length: 4085 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: pf 1.59 and ALTQ install trouble X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:42:59 -0000 X-Original-Date: Sun, 3 Aug 2003 10:55:08 -0700 (PDT) X-List-Received-Date: Thu, 16 Sep 2004 03:42:59 -0000 Hi again, yes, I understood all that; I now think my problem is that I'm building and installing the kernel in the 'new' (and preferred, according to FreeBSD) way and not the 'old' way. The PF instructions mention the 'old' way for building/installing the kernel, but I figured I'd try the 'new' way to see if it worked. I took both the PF and ALTQ instructions and meshed them together, since section 5 in the PF instructions is where it is outdated. Everything else is spot-on. I'm trying again with the 'old' method. I think the ALTQ (and PF) instructions should explicitly state that the 'old' kernel build/install method must be used. Which leads to my request that they be enhanced so that either the 'old' or 'new' kernel method can be used. I haven't used the 'old' method since about 4.6. Build's about done. Time to verify. Thanks for the response and info. --- Hendrik Scholz wrote: > Hi! > > On Sun, Aug 03, 2003 at 09:22:35AM -0700, cipherbk wrote: > > Right, I indeed received 0 (which I expected) in response to the > > strings command, which furthers my belief that the install > instructions > > are incomplete, as I followed them verbatim. > > Just build a kernel including 'options ALTQ'. strings did show that > your kernel does NOT contain ALTQ but the install instructions stated > you > should include it (README.ALTQ iirc). > > Just add the option to your kernel and do > $ cd /sys/i386/compile/FOO && make clean > $ cd /sys/i386/conf && config FOO > $ cd ../compile/FOO && make depend && make && make install > $ strings /boot/kernel/kernel |grep -c altq_lookup > > Hendrik > > -- > Hendrik Scholz - - http://raisdorf.net/ > > drag me, drop me - treat me like an object > __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:43:04 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 7AA5C16A4CF; Thu, 16 Sep 2004 03:43:04 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 40816 invoked by uid 1005); 3 Aug 2003 23:03:59 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 40813 invoked from network); 3 Aug 2003 23:03:59 -0000 Received: from moutng.kundenserver.de (212.227.126.185) by pd953052f.dip.t-dialin.net with SMTP; 3 Aug 2003 23:03:59 -0000 Received: from [212.227.126.211] (helo=mxng15.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jSmI-0008Lu-00 for max@vampire.homelinux.org; Mon, 04 Aug 2003 02:00:42 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng15.kundenserver.de with esmtp (Exim 3.35 #1) id 19jSmE-0001wU-00 for max@love2party.net; Mon, 04 Aug 2003 02:00:38 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 6A643395182; Sun, 3 Aug 2003 19:05:14 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sun, 03 Aug 2003 19:05:10 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.185])ESMTP id 0274E39503E for ; Sun, 3 Aug 2003 19:05:08 -0500 (EST) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jSm6-0008Js-00 for pf4freebsd@freelists.org; Mon, 04 Aug 2003 02:00:30 +0200 Received: from [217.83.5.47] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19jSm6-00081t-00 for pf4freebsd@freelists.org; Mon, 04 Aug 2003 02:00:30 +0200 Message-ID: <001701c35a1b$9ac192e0$01000001@max900> From: "Max Laier" To: References: <20030803175508.67887.qmail@web12802.mail.yahoo.com> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 61 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 162 X-Length: 4294 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: pf 1.59 and ALTQ install trouble X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:43:04 -0000 X-Original-Date: Mon, 4 Aug 2003 02:01:49 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:43:04 -0000 Hello, if you followed the instructions in README.ALTQ step by step (1-5) you created a directory "sys.altq" which holds the patched system source. If you now try to build the kernel "the new way" (which isn't really new, but more automated) you use the sources from sys *not* from sys.altq! That is why you don't have altq_* symbols in your kernel. If that wasn't the case (i.e. you patched in sys and did not create sys.altq) I am very interested to hear what else went wrong. Regards, Max > Hi again, > > yes, I understood all that; I now think my problem is that I'm building > and installing the kernel in the 'new' (and preferred, according to > FreeBSD) way and not the 'old' way. The PF instructions mention the > 'old' way for building/installing the kernel, but I figured I'd try the > 'new' way to see if it worked. I took both the PF and ALTQ > instructions and meshed them together, since section 5 in the PF > instructions is where it is outdated. Everything else is spot-on. > > I'm trying again with the 'old' method. I think the ALTQ (and PF) > instructions should explicitly state that the 'old' kernel > build/install method must be used. > > Which leads to my request that they be enhanced so that either the > 'old' or 'new' kernel method can be used. I haven't used the 'old' > method since about 4.6. Well, "step-by-step"-instructions are to be followed step-by-step. That is why we provide them as such. If you know what you are doing, you can build your kernel "the new way" (i.e. patch in sys not in sys.altq or modify the Makefile to reflect the change (good luck with that one ;)) > Build's about done. Time to verify. > > Thanks for the response and info. > From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:43:09 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 80E5616A4CF; Thu, 16 Sep 2004 03:43:09 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 41706 invoked by uid 1005); 3 Aug 2003 23:52:58 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 41703 invoked from network); 3 Aug 2003 23:52:58 -0000 Received: from moutng.kundenserver.de (212.227.126.183) by pd953052f.dip.t-dialin.net with SMTP; 3 Aug 2003 23:52:58 -0000 Received: from [212.227.126.140] (helo=mxng13.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jTXi-0008PK-00 for max@vampire.homelinux.org; Mon, 04 Aug 2003 02:49:42 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng13.kundenserver.de with esmtp (Exim 3.35 #1) id 19jTXh-0007H1-00 for max@love2party.net; Mon, 04 Aug 2003 02:49:41 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id F0D9B395171; Sun, 3 Aug 2003 19:54:16 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sun, 03 Aug 2003 19:54:13 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177])ESMTP id E8A92395169 for ; Sun, 3 Aug 2003 19:54:11 -0500 (EST) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jTXa-0005Ra-00 for pf4freebsd@freelists.org; Mon, 04 Aug 2003 02:49:34 +0200 Received: from [217.83.5.47] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19jTXa-0001zp-00 for pf4freebsd@freelists.org; Mon, 04 Aug 2003 02:49:34 +0200 Message-ID: <009501c35a22$75836880$01000001@max900> From: "Max Laier" To: References: <20030803154630.GB84041@pandemonium.lan.raisdorf.net> <003801c35a1e$877757d0$01000001@max900> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 63 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 163 X-Length: 2706 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Sorry X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:43:09 -0000 X-Original-Date: Mon, 4 Aug 2003 02:50:53 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:43:09 -0000 Hello all, please just disregard the german message I wrote to the list. Too late, lack of coffee, ... Me bad - no cookie. Sorry, Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:43:14 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 855B816A4CF; Thu, 16 Sep 2004 03:43:14 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 40992 invoked by uid 1005); 3 Aug 2003 23:24:55 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 40989 invoked from network); 3 Aug 2003 23:24:55 -0000 Received: from moutng.kundenserver.de (212.227.126.177) by pd953052f.dip.t-dialin.net with SMTP; 3 Aug 2003 23:24:55 -0000 Received: from [212.227.126.151] (helo=mxng00.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jT6Y-0001ME-00 for max@vampire.homelinux.org; Mon, 04 Aug 2003 02:21:38 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng00.kundenserver.de with esmtp (Exim 3.35 #1) id 19jT6X-0001fk-00 for max@love2party.net; Mon, 04 Aug 2003 02:21:37 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 33D7A395156; Sun, 3 Aug 2003 19:26:09 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sun, 03 Aug 2003 19:26:05 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.185])ESMTP id 2357F395148 for ; Sun, 3 Aug 2003 19:26:04 -0500 (EST) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jT6M-0002Sa-00 for pf4freebsd@freelists.org; Mon, 04 Aug 2003 02:21:26 +0200 Received: from [217.83.5.47] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19jT6M-0000V0-00 for pf4freebsd@freelists.org; Mon, 04 Aug 2003 02:21:26 +0200 Message-ID: <003801c35a1e$877757d0$01000001@max900> From: "Max Laier" To: References: <20030803154630.GB84041@pandemonium.lan.raisdorf.net> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 62 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 164 X-Length: 4445 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: pf hack: use scrub rule to set TOS bits X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:43:14 -0000 X-Original-Date: Mon, 4 Aug 2003 02:22:46 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:43:14 -0000 Hallo Hendrik, nette Idee! Aber ich sag's mal lieber gleich explizit: Wir machen keinen "fork" vom OpenBSD Development. Soll heißen, auch wenn Dein Patch einwandfrei läuft wird er nur aufgenommen nachdem er in OpenBSD ist. Ich hoffe das bremst Deinen Enthusiasmus und Ideenreichtum nicht! Wir machen natürlich gerne "Werbung" für gute Ideen, aber wie gesagt wir sind ein Port kein Fork. Keep the good work up! Gruß, Max ----- Original Message ----- From: "Hendrik Scholz" To: Sent: Sunday, August 03, 2003 5:46 PM Subject: [pf4freebsd] pf hack: use scrub rule to set TOS bits > Hi! > > I've got pf 1.59 w/ ALTQ running and now get into the situation > that outgoing packets are queued correctly but I don't have > the chance to configure the opposite side (DSL access concentrator, Cisco > router). > I'm just hacking up pfctl and pf to recognize a rule like this: > > scrub out on $ext_if proto icmp from $internal to any tos 0x10 keep state > or > scrub out on $ext_if proto udp from $internal to any port 4000 tos 0x10 keep state > > This will set the ip_tos bits to 0x10 (if not set otherwise). I still > have to conduct some tests (prolly using nemesis-icmp) to see whether > my upstream routers will return the answer with the same tos bits. > > In case a) the destination host and b) the upstream router both make > their queuing decisions based on the tos bits we might manage to > influence our upstream routers behaviour and finally play Diablo > while doing large downloads. > > Since weather is nice and I have other things to hack on this might > take a few days until it proofs stable. > > Just FYI, Hendrik > > -- > Hendrik Scholz - - http://raisdorf.net/ > > drag me, drop me - treat me like an object > > From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:43:19 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 8AE4B16A4CF; Thu, 16 Sep 2004 03:43:19 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 43752 invoked by uid 1005); 4 Aug 2003 01:07:18 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 43749 invoked from network); 4 Aug 2003 01:07:17 -0000 Received: from moutng.kundenserver.de (212.227.126.185) by pd953052f.dip.t-dialin.net with SMTP; 4 Aug 2003 01:07:17 -0000 Received: from [212.227.126.153] (helo=mxng02.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jUhb-0003uA-00 for max@vampire.homelinux.org; Mon, 04 Aug 2003 04:03:59 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng02.kundenserver.de with esmtp (Exim 3.35 #1) id 19jUhY-0003ma-00 for max@love2party.net; Mon, 04 Aug 2003 04:03:56 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id AB815395095; Sun, 3 Aug 2003 21:08:29 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sun, 03 Aug 2003 21:08:26 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from web12806.mail.yahoo.com (web12806.mail.yahoo.com [216.136.174.41])SMTP id C6C6C394F78 for ; Sun, 3 Aug 2003 21:08:24 -0500 (EST) Message-ID: <20030804020348.29746.qmail@web12806.mail.yahoo.com> Received: from [207.188.198.140] by web12806.mail.yahoo.com via HTTP; Sun, 03 Aug 2003 19:03:48 PDT From: cipherbk To: pf4freebsd@freelists.org In-Reply-To: <001701c35a1b$9ac192e0$01000001@max900> MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-archive-position: 64 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: cipherbk@yahoo.com Precedence: normal X-list: pf4freebsd X-UID: 165 X-Length: 3637 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: pf 1.59 and ALTQ install trouble (success) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:43:19 -0000 X-Original-Date: Sun, 3 Aug 2003 19:03:48 -0700 (PDT) X-List-Received-Date: Thu, 16 Sep 2004 03:43:19 -0000 I went back, started from scratch and did it once more, building and installing the kernel using the old way. I also had to add this to the kernel because I'm using SMP: options ALTQ_NOPCC I know the PF README.ALTQ says not to enable any other ALTQ options, but there was no way around this, aside from disabling SMP (which isn't an option). It's working now and the modules are loaded, I just need to throw some rules in there to test it out, but I'm exhausted. I created a symbolic link as per the ALTQ instructions: ln -s /usr/src/sys.altq /usr/src/sys Which should have resolved that, but I didn't try to do it the new way this last time. I just wanted to get it installed and working. Maybe someone else can try it. Thanks for the feedback. --- Max Laier wrote: > Hello, > > if you followed the instructions in README.ALTQ step by step (1-5) > you > created a directory "sys.altq" which holds the patched system source. > If you > now try to build the kernel "the new way" (which isn't really new, > but more > automated) you use the sources from sys *not* from sys.altq! That is > why you > don't have altq_* symbols in your kernel. > > If that wasn't the case (i.e. you patched in sys and did not create > sys.altq) I am very interested to hear what else went wrong. > > Regards, > Max __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:43:24 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 9084816A4D0; Thu, 16 Sep 2004 03:43:24 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 44039 invoked by uid 1005); 4 Aug 2003 01:39:26 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 44036 invoked from network); 4 Aug 2003 01:39:26 -0000 Received: from moutng.kundenserver.de (212.227.126.185) by pd953052f.dip.t-dialin.net with SMTP; 4 Aug 2003 01:39:26 -0000 Received: from [212.227.126.152] (helo=mxng01.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jVCk-00081h-00 for max@vampire.homelinux.org; Mon, 04 Aug 2003 04:36:10 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng01.kundenserver.de with esmtp (Exim 3.35 #1) id 19jVCg-0000JD-00 for max@love2party.net; Mon, 04 Aug 2003 04:36:06 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 5D4413951CE; Sun, 3 Aug 2003 21:40:39 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sun, 03 Aug 2003 21:40:34 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188])ESMTP id 7EE853951C7 for ; Sun, 3 Aug 2003 21:40:33 -0500 (EST) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jVCU-0002Cf-00 for pf4freebsd@freelists.org; Mon, 04 Aug 2003 04:35:54 +0200 Received: from [217.83.5.47] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19jVCU-0007Ik-00 for pf4freebsd@freelists.org; Mon, 04 Aug 2003 04:35:54 +0200 Message-ID: <011b01c35a31$50757c40$01000001@max900> From: "Max Laier" To: References: <20030804020348.29746.qmail@web12806.mail.yahoo.com> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 65 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 166 X-Length: 2980 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: pf 1.59 and ALTQ install trouble (success) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:43:24 -0000 X-Original-Date: Mon, 4 Aug 2003 04:37:14 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:43:24 -0000 > I went back, started from scratch and did it once more, building and > installing the kernel using the old way. I also had to add this to the > kernel because I'm using SMP: > > options ALTQ_NOPCC > > I know the PF README.ALTQ says not to enable any other ALTQ options, > but there was no way around this, aside from disabling SMP (which isn't > an option). Good point! Added that to README.ALTQ. Thanks! From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:43:29 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 9497F16A4CF; Thu, 16 Sep 2004 03:43:29 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 25455 invoked by uid 1005); 4 Aug 2003 07:47:48 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 25452 invoked from network); 4 Aug 2003 07:47:48 -0000 Received: from moutng.kundenserver.de (212.227.126.177) by pd95308b7.dip.t-dialin.net with SMTP; 4 Aug 2003 07:47:48 -0000 Received: from [212.227.126.146] (helo=mxng03.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jax3-0002xB-00 for max@vampire.homelinux.org; Mon, 04 Aug 2003 10:44:21 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng03.kundenserver.de with esmtp (Exim 3.35 #1) id 19jawy-0005kl-00 for max@love2party.net; Mon, 04 Aug 2003 10:44:16 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 109A93951A0; Mon, 4 Aug 2003 03:48:48 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Mon, 04 Aug 2003 03:48:44 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from mail.nipsi.de (b121252.adsl.hansenet.de [62.109.121.252]) ESMTP id 83D1439507D for ; Mon, 4 Aug 2003 03:48:42 -0500 (EST) Received: from blackbox.home.net (blackbox.home.net [172.16.1.13]) (TLS: TLSv1/SSLv3,256bits,AES256-SHA) by mail.nipsi.de with esmtp; Mon, 04 Aug 2003 10:44:07 +0200 Received: from BSDsystems.de (blackbox.home.net [172.16.1.13]) by blackbox.home.net (8.12.9/8.12.9) with ESMTP id h748i9N5083005 for ; Mon, 4 Aug 2003 10:44:09 +0200 (CEST) (envelope-from Dennis.Berger@BSDsystems.de) Message-ID: <3F2E1CD9.6080800@BSDsystems.de> From: Dennis Berger User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030704 X-Accept-Language: en-us, en MIME-Version: 1.0 To: pf4freebsd@freelists.org References: <20030804020348.29746.qmail@web12806.mail.yahoo.com> <011b01c35a31$50757c40$01000001@max900> In-Reply-To: <011b01c35a31$50757c40$01000001@max900> Content-type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-archive-position: 66 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: Dennis.Berger@BSDsystems.de Precedence: normal X-list: pf4freebsd X-UID: 167 X-Length: 3438 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: pf 1.59 and ALTQ install trouble (success) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:43:29 -0000 X-Original-Date: Mon, 04 Aug 2003 10:44:09 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:43:29 -0000 Max Laier wrote: >>I went back, started from scratch and did it once more, building and >>installing the kernel using the old way. I also had to add this to the >>kernel because I'm using SMP: >> >>options ALTQ_NOPCC >> >>I know the PF README.ALTQ says not to enable any other ALTQ options, >>but there was no way around this, aside from disabling SMP (which isn't >>an option). >> >> > >Good point! Added that to README.ALTQ. Thanks! > > > I added a a hint to my README... and of cause DON'T forget to link your sys, it has to look like this lrwxr-xr-x 1 root wheel - 8 2 Aug 19:11 sys@ -> sys.altq drwxr-xr-x 53 root wheel - 1024 2 Aug 19:29 sys.altq/ drwxr-xr-x 52 root wheel - 1024 2 Aug 19:07 sys.orig/ db From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:43:34 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 996A816A4CF; Thu, 16 Sep 2004 03:43:34 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 26901 invoked by uid 1005); 4 Aug 2003 14:13:15 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 26898 invoked from network); 4 Aug 2003 14:13:14 -0000 Received: from moutng.kundenserver.de (212.227.126.171) by pd95308b7.dip.t-dialin.net with SMTP; 4 Aug 2003 14:13:14 -0000 Received: from [212.227.126.158] (helo=mxng08.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jgy4-00075B-00 for max@vampire.homelinux.org; Mon, 04 Aug 2003 17:09:48 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng08.kundenserver.de with esmtp (Exim 3.35 #1) id 19jgy2-0005TM-00 for max@love2party.net; Mon, 04 Aug 2003 17:09:46 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id CB41339510A; Mon, 4 Aug 2003 10:14:13 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Mon, 04 Aug 2003 10:14:10 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.184])ESMTP id 23362395048 for ; Mon, 4 Aug 2003 10:14:09 -0500 (EST) Received: from [212.227.126.155] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jgxr-0002Kq-00 for pf4freebsd@freelists.org; Mon, 04 Aug 2003 17:09:35 +0200 Received: from [217.83.8.183] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19jgxr-0006J5-00 for pf4freebsd@freelists.org; Mon, 04 Aug 2003 17:09:35 +0200 Message-ID: <000701c35a9a$9a8f4590$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 67 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 168 X-Length: 3094 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Version 1.60 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:43:34 -0000 X-Original-Date: Mon, 4 Aug 2003 17:10:55 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:43:34 -0000 Hello, released version 1.60 today: http://pf4freebsd.love2party.net/pf_freebsd_1.60.tar.gz The most noteable change is a fix for the byte order hack. Introduced in version 1.59. We tried - in some rare cases - to modify an allready freed mbuf. That should no longer happen. Sync brings: A small fix for ftp-proxy, new (more agressive) skip steps and some api changes to make table ioctl more uniform with the rest of pf's ioctls. The regress had to be updated as well ... please run it and report problems/failures as well as successes on non-standart hardware (i.e. != i386) Thanks for your feedback, Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:43:44 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id A38D616A4CF; Thu, 16 Sep 2004 03:43:44 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 27853 invoked by uid 1005); 4 Aug 2003 17:00:00 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 27850 invoked from network); 4 Aug 2003 17:00:00 -0000 Received: from moutng.kundenserver.de (212.227.126.183) by pd95308b7.dip.t-dialin.net with SMTP; 4 Aug 2003 17:00:00 -0000 Received: from [212.227.126.159] (helo=mxng09.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jjZS-0004wT-00 for max@vampire.homelinux.org; Mon, 04 Aug 2003 19:56:34 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng09.kundenserver.de with esmtp (Exim 3.35 #1) id 19jjZQ-0001sd-00 for max@love2party.net; Mon, 04 Aug 2003 19:56:32 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id A395D3950B5; Mon, 4 Aug 2003 13:01:00 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Mon, 04 Aug 2003 13:00:56 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from insomnia.benzedrine.cx (insomnia.benzedrine.cx [62.65.145.30]) ESMTP id 3436B394F77 for ; Mon, 4 Aug 2003 13:00:55 -0500 (EST) Received: from insomnia.benzedrine.cx (dhartmei@localhost [127.0.0.1]) by insomnia.benzedrine.cx (8.12.9/8.12.6) with ESMTP id h74HuOBK012125 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO) for ; Mon, 4 Aug 2003 19:56:24 +0200 (MEST) Received: (from dhartmei@localhost) by insomnia.benzedrine.cx (8.12.9/8.12.6/Submit) id h74HuNKC017243 for pf4freebsd@freelists.org; Mon, 4 Aug 2003 19:56:23 +0200 (MEST) From: Daniel Hartmeier To: pf4freebsd@freelists.org Message-ID: <20030804175623.GG31093@insomnia.benzedrine.cx> References: <000701c35a9a$9a8f4590$01000001@max900> <1060017371.3f2e94db7ef03@mail.fluidhosting.com> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1060017371.3f2e94db7ef03@mail.fluidhosting.com> User-Agent: Mutt/1.4.1i Content-Transfer-Encoding: 8bit X-archive-position: 69 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: daniel@benzedrine.cx Precedence: normal X-list: pf4freebsd X-UID: 170 X-Length: 3374 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 Subject: [pf4freebsd] Re: Version 1.60 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:43:44 -0000 X-Original-Date: Mon, 4 Aug 2003 19:56:23 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:43:44 -0000 On Mon, Aug 04, 2003 at 01:16:11PM -0400, pf-r@solarflux.org wrote: > Lastly, any tips on testing/verifying that ALTQ is actually working? When I > enable/disable pf, it doesn't give any indication about ALTQ like it does on > OpenBSD. Run pfctl -vsq, it should print all the queues you have defined, and the counters pkts/bytes should increase when packets are assigned to queues (if they aren't, check pfctl -vsr to make sure your queue rules match). When pfctl -vsq shows dropped pkts/bytes, ALTQ is working and dropping packets. One relatively simple application is described on http://www.benzedrine.cx/ackpri.html If you can reproduce the results of this test, at least priq is working, and you can then try other schedulers. Daniel From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:43:54 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id AD8DC16A4CF; Thu, 16 Sep 2004 03:43:54 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 28503 invoked by uid 1005); 4 Aug 2003 21:05:09 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 28500 invoked from network); 4 Aug 2003 21:05:09 -0000 Received: from moutng.kundenserver.de (212.227.126.188) by pd95308b7.dip.t-dialin.net with SMTP; 4 Aug 2003 21:05:09 -0000 Received: from [212.227.126.146] (helo=mxng03.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19jnOh-0008Vt-00 for max@vampire.homelinux.org; Tue, 05 Aug 2003 00:01:43 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng03.kundenserver.de with esmtp (Exim 3.35 #1) id 19jnOe-0001VB-00 for max@love2party.net; Tue, 05 Aug 2003 00:01:40 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id D784C395124; Mon, 4 Aug 2003 17:06:06 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Mon, 04 Aug 2003 17:06:03 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from insomnia.benzedrine.cx (insomnia.benzedrine.cx [62.65.145.30]) ESMTP id 027283950A6 for ; Mon, 4 Aug 2003 17:06:01 -0500 (EST) Received: from insomnia.benzedrine.cx (dhartmei@localhost [127.0.0.1]) by insomnia.benzedrine.cx (8.12.9/8.12.6) with ESMTP id h74M1XBK003475 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO) for ; Tue, 5 Aug 2003 00:01:33 +0200 (MEST) Received: (from dhartmei@localhost) by insomnia.benzedrine.cx (8.12.9/8.12.6/Submit) id h74M1XtO010024 for pf4freebsd@freelists.org; Tue, 5 Aug 2003 00:01:33 +0200 (MEST) From: Daniel Hartmeier To: pf4freebsd@freelists.org Message-ID: <20030804220133.GA14205@insomnia.benzedrine.cx> References: <000701c35a9a$9a8f4590$01000001@max900> <1060017371.3f2e94db7ef03@mail.fluidhosting.com> <20030804175623.GG31093@insomnia.benzedrine.cx> <1060025504.3f2eb4a032ea3@mail.fluidhosting.com> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1060025504.3f2eb4a032ea3@mail.fluidhosting.com> User-Agent: Mutt/1.4.1i Content-Transfer-Encoding: 8bit X-archive-position: 71 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: daniel@benzedrine.cx Precedence: normal X-list: pf4freebsd X-UID: 172 X-Length: 3099 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 Subject: [pf4freebsd] Re: Version 1.60 (ALTQ & BLUE) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:43:54 -0000 X-Original-Date: Tue, 5 Aug 2003 00:01:33 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:43:54 -0000 On Mon, Aug 04, 2003 at 03:31:44PM -0400, pf-r@solarflux.org wrote: > I really would like to use BLUE though, will that be supported soon in pf? It's the ALTQ parts that provide the schedulers, not pf itself. The guy to ask about additional schedulers in ALTQ would be Kenjiro Cho (kjc@openbsd.org), who implemented the existing ones (entire ALTQ, actually). Daniel From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:43:59 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id B2BF516A4CF; Thu, 16 Sep 2004 03:43:59 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 880 invoked by uid 1005); 5 Aug 2003 12:26:01 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 877 invoked from network); 5 Aug 2003 12:26:00 -0000 Received: from moutng.kundenserver.de (212.227.126.186) by pd9530e20.dip.t-dialin.net with SMTP; 5 Aug 2003 12:26:00 -0000 Received: from [212.227.126.146] (helo=mxng03.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19k1ln-0005XV-00 for max@vampire.homelinux.org; Tue, 05 Aug 2003 15:22:31 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng03.kundenserver.de with esmtp (Exim 3.35 #1) id 19k1le-0003Mi-00 for max@love2party.net; Tue, 05 Aug 2003 15:22:22 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 6C2B03953A0; Tue, 5 Aug 2003 08:26:42 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 05 Aug 2003 08:26:38 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.189])ESMTP id 3E5C8394FA8 for ; Tue, 5 Aug 2003 08:26:37 -0500 (EST) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19k1lV-0001oE-00; Tue, 05 Aug 2003 15:22:13 +0200 Received: from [217.83.14.32] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19k1lU-000776-00; Tue, 05 Aug 2003 15:22:12 +0200 Message-ID: <003501c35b54$c5187240$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Content-Transfer-Encoding: 8bit X-archive-position: 72 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 174 X-Length: 3677 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 cc: Dennis Berger cc: freebsd-altq@rofug.ro Subject: [pf4freebsd] Patch: if_tun.c (forgot the polling) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:43:59 -0000 X-Original-Date: Tue, 5 Aug 2003 15:23:33 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:43:59 -0000 Here is a patch for if_tun.c. This should finally enable tun(4) for queueing. In my earlier patch sent to Dennis I forgot to modify the polling as well: @@ -838,12 +861,14 @@ struct tun_softc *tp = dev->si_drv1; struct ifnet *ifp = &tp->tun_if; int revents = 0; + struct mbuf *m; s = splimp(); TUNDEBUG("%s%d: tunpoll\n", ifp->if_name, ifp->if_unit); if (events & (POLLIN | POLLRDNORM)) { - if (ifp->if_snd.ifq_len > 0) { + IFQ_POLL_NOLOCK(&ifp->if_snd, m); + if (m != NULL) { TUNDEBUG("%s%d: tunpoll q=%d\n", ifp->if_name, ifp->if_unit, ifp->if_snd.ifq_len); revents |= events & (POLLIN | POLLRDNORM); I hope this now really does the trick. Tests with Daniel's ACKPRI-Tutorial show good results. @Dennis: What patch format is best for you to incooperate into your release? This one is a unified diff against unpatched source. Regards, Max -- Binary/unsupported file stripped by Ecartis -- -- Type: application/octet-stream -- File: if_tun.c.diff From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:44:04 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id B800A16A4CF; Thu, 16 Sep 2004 03:44:04 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 1066 invoked by uid 1005); 5 Aug 2003 12:48:57 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 1063 invoked from network); 5 Aug 2003 12:48:57 -0000 Received: from moutng.kundenserver.de (212.227.126.185) by pd9530e20.dip.t-dialin.net with SMTP; 5 Aug 2003 12:48:57 -0000 Received: from [212.227.126.146] (helo=mxng03.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19k280-0005PK-00 for max@vampire.homelinux.org; Tue, 05 Aug 2003 15:45:28 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng03.kundenserver.de with esmtp (Exim 3.35 #1) id 19k27s-0003tw-00 for max@love2party.net; Tue, 05 Aug 2003 15:45:20 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 0D18739537E; Tue, 5 Aug 2003 08:49:41 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 05 Aug 2003 08:49:37 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183])ESMTP id 596133952B6 for ; Tue, 5 Aug 2003 08:49:36 -0500 (EST) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19k27m-000490-00 for pf4freebsd@freelists.org; Tue, 05 Aug 2003 15:45:14 +0200 Received: from [217.83.14.32] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19k27l-0002ke-00 for pf4freebsd@freelists.org; Tue, 05 Aug 2003 15:45:13 +0200 Message-ID: <007e01c35b57$fc433090$01000001@max900> From: "Max Laier" To: References: <003501c35b54$c5187240$01000001@max900> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 73 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 175 X-Length: 2729 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: Patch: if_tun.c (forgot the polling) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:44:04 -0000 X-Original-Date: Tue, 5 Aug 2003 15:46:34 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:44:04 -0000 > -- Binary/unsupported file stripped by Ecartis -- > -- Type: application/octet-stream > -- File: if_tun.c.diff hmmm ... find it here: http://pf4freebsd.love2party.net/if_tun.c.diff From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:44:09 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id BCDDC16A4CF; Thu, 16 Sep 2004 03:44:09 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 4758 invoked by uid 1005); 5 Aug 2003 20:08:09 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 4755 invoked from network); 5 Aug 2003 20:08:02 -0000 Received: from moutng.kundenserver.de (212.227.126.177) by pd9530e20.dip.t-dialin.net with SMTP; 5 Aug 2003 20:08:02 -0000 Received: from [212.227.126.164] (helo=mxng11.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19k8yj-0000s2-00 for max@vampire.homelinux.org; Tue, 05 Aug 2003 23:04:21 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng11.kundenserver.de with esmtp (Exim 3.35 #1) id 19k8yh-000829-00 for max@love2party.net; Tue, 05 Aug 2003 23:04:19 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id EB22539534B; Tue, 5 Aug 2003 16:08:34 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 05 Aug 2003 16:08:28 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from mail.nipsi.de (b121252.adsl.hansenet.de [62.109.121.252]) ESMTP id 74B69395340 for ; Tue, 5 Aug 2003 16:08:24 -0500 (EST) Received: from blackbox.home.net (blackbox.home.net [172.16.1.13]) (TLS: TLSv1/SSLv3,256bits,AES256-SHA) by mail.nipsi.de with esmtp; Tue, 05 Aug 2003 23:04:02 +0200 Received: from BSDsystems.de (blackbox.home.net [172.16.1.13]) by blackbox.home.net (8.12.9/8.12.9) with ESMTP id h75L48N5089703; Tue, 5 Aug 2003 23:04:09 +0200 (CEST) (envelope-from Dennis.Berger@BSDsystems.de) Message-ID: <3F301BC8.9000700@BSDsystems.de> From: Dennis Berger User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030704 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-altq@rofug.ro References: <003501c35b54$c5187240$01000001@max900> In-Reply-To: <003501c35b54$c5187240$01000001@max900> Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-archive-position: 74 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: Dennis.Berger@BSDsystems.de Precedence: normal X-list: pf4freebsd X-UID: 180 X-Length: 3906 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 cc: pf4freebsd@freelists.org Subject: [pf4freebsd] Re: [ALTQ/FreeBSD] Patch: if_tun.c (forgot the polling) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:44:09 -0000 X-Original-Date: Tue, 05 Aug 2003 23:04:08 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:44:09 -0000 Max Laier wrote: >Here is a patch for if_tun.c. This should finally enable tun(4) for >queueing. In my earlier patch sent to Dennis I forgot to modify the polling >as well: > > >@@ -838,12 +861,14 @@ > struct tun_softc *tp = dev->si_drv1; > struct ifnet *ifp = &tp->tun_if; > int revents = 0; >+ struct mbuf *m; > > s = splimp(); > TUNDEBUG("%s%d: tunpoll\n", ifp->if_name, ifp->if_unit); > > if (events & (POLLIN | POLLRDNORM)) { >- if (ifp->if_snd.ifq_len > 0) { >+ IFQ_POLL_NOLOCK(&ifp->if_snd, m); >+ if (m != NULL) { > TUNDEBUG("%s%d: tunpoll q=%d\n", ifp->if_name, > ifp->if_unit, ifp->if_snd.ifq_len); > revents |= events & (POLLIN | POLLRDNORM); > > >I hope this now really does the trick. Tests with Daniel's ACKPRI-Tutorial >show good results. > >@Dennis: What patch format is best for you to incooperate into your release? >This one is a unified diff against unpatched source. > >Regards, > Max > > OK it's integrated and working _very_ well I released a new patchset 0.4.1 available on http://www.nipsi.de/FreeBSD/altq-freebsd-5.1-release-0.4.1.tar.gz -db From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:44:14 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id C1CE516A4CF; Thu, 16 Sep 2004 03:44:14 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 4766 invoked by uid 1005); 5 Aug 2003 20:09:00 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 4763 invoked from network); 5 Aug 2003 20:08:54 -0000 Received: from moutng.kundenserver.de (212.227.126.184) by pd9530e20.dip.t-dialin.net with SMTP; 5 Aug 2003 20:08:54 -0000 Received: from [212.227.126.159] (helo=mxng09.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19k8zD-0003GJ-00 for max@vampire.homelinux.org; Tue, 05 Aug 2003 23:04:51 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng09.kundenserver.de with esmtp (Exim 3.35 #1) id 19k8z8-0006x0-00 for max@love2party.net; Tue, 05 Aug 2003 23:04:46 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 44FD739523C; Tue, 5 Aug 2003 16:08:48 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 05 Aug 2003 16:08:44 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from mail.nipsi.de (b121252.adsl.hansenet.de [62.109.121.252]) ESMTP id 6F4D0395352 for ; Tue, 5 Aug 2003 16:08:42 -0500 (EST) Received: from blackbox.home.net (blackbox.home.net [172.16.1.13]) (TLS: TLSv1/SSLv3,256bits,AES256-SHA) by mail.nipsi.de with esmtp; Tue, 05 Aug 2003 23:04:22 +0200 Received: from BSDsystems.de (blackbox.home.net [172.16.1.13]) by blackbox.home.net (8.12.9/8.12.9) with ESMTP id h75L4WN5089707; Tue, 5 Aug 2003 23:04:32 +0200 (CEST) (envelope-from Dennis.Berger@BSDsystems.de) Message-ID: <3F301BE0.1040103@BSDsystems.de> From: Dennis Berger User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030704 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-altq@rofug.ro References: <003501c35b54$c5187240$01000001@max900> In-Reply-To: <003501c35b54$c5187240$01000001@max900> Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-archive-position: 75 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: Dennis.Berger@BSDsystems.de Precedence: normal X-list: pf4freebsd X-UID: 181 X-Length: 3906 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 cc: pf4freebsd@freelists.org Subject: [pf4freebsd] Re: [ALTQ/FreeBSD] Patch: if_tun.c (forgot the polling) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:44:14 -0000 X-Original-Date: Tue, 05 Aug 2003 23:04:32 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:44:14 -0000 Max Laier wrote: >Here is a patch for if_tun.c. This should finally enable tun(4) for >queueing. In my earlier patch sent to Dennis I forgot to modify the polling >as well: > > >@@ -838,12 +861,14 @@ > struct tun_softc *tp = dev->si_drv1; > struct ifnet *ifp = &tp->tun_if; > int revents = 0; >+ struct mbuf *m; > > s = splimp(); > TUNDEBUG("%s%d: tunpoll\n", ifp->if_name, ifp->if_unit); > > if (events & (POLLIN | POLLRDNORM)) { >- if (ifp->if_snd.ifq_len > 0) { >+ IFQ_POLL_NOLOCK(&ifp->if_snd, m); >+ if (m != NULL) { > TUNDEBUG("%s%d: tunpoll q=%d\n", ifp->if_name, > ifp->if_unit, ifp->if_snd.ifq_len); > revents |= events & (POLLIN | POLLRDNORM); > > >I hope this now really does the trick. Tests with Daniel's ACKPRI-Tutorial >show good results. > >@Dennis: What patch format is best for you to incooperate into your release? >This one is a unified diff against unpatched source. > >Regards, > Max > > OK it's integrated and working _very_ well I released a new patchset 0.4.1 available on http://www.nipsi.de/FreeBSD/altq-freebsd-5.1-release-0.4.1.tar.gz -db From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:44:29 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id D1C5416A4CF; Thu, 16 Sep 2004 03:44:29 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 12825 invoked by uid 1005); 6 Aug 2003 20:54:42 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 12822 invoked from network); 6 Aug 2003 20:54:42 -0000 Received: from moutng.kundenserver.de (212.227.126.171) by p50839001.dip.t-dialin.net with SMTP; 6 Aug 2003 20:54:42 -0000 Received: from [212.227.126.215] (helo=mxng19.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19kWBe-0000yv-00 for max@vampire.homelinux.org; Wed, 06 Aug 2003 23:51:14 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng19.kundenserver.de with esmtp (Exim 3.35 #1) id 19kWBe-0001A1-00 for max@love2party.net; Wed, 06 Aug 2003 23:51:14 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 1DFFB3950AC for ; Wed, 6 Aug 2003 16:55:17 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Wed, 06 Aug 2003 16:55:11 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187])ESMTP id 1716739504D for ; Wed, 6 Aug 2003 16:55:10 -0500 (EST) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19kWBQ-0008M6-00 for pf4freebsd@freelists.org; Wed, 06 Aug 2003 23:51:00 +0200 Received: from [80.131.144.1] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19kWBQ-0004Z4-00 for pf4freebsd@freelists.org; Wed, 06 Aug 2003 23:51:00 +0200 Message-ID: <00ba01c35c65$04036710$01000001@max900> From: "Max Laier" To: References: <003501c35b54$c5187240$01000001@max900> <3F301BE0.1040103@BSDsystems.de> <1060129200.3f3049b09d4fa@mail.fluidhosting.com> <1060205566.3f3173fe72132@mail.fluidhosting.com> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 78 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 184 X-Length: 3113 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: pftop X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:44:29 -0000 X-Original-Date: Wed, 6 Aug 2003 23:52:22 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:44:29 -0000 See pf_freebsd_1.60/contrib/pftop Things in contrib can be build as any other port from /usr/port In most cases "make install" will do the trick. And pkg_delete/pkg_info can be used on these applications. For pftop please note, that is has some issues as the official pftop only supports pf as of OpenBSD 3.3 > Someone asked me about pftop for use with pf 1.60, is this available somewhere? > I don't see it on the pf4freebsd site. From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:44:44 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id E056F16A4CF; Thu, 16 Sep 2004 03:44:44 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 14152 invoked by uid 1005); 6 Aug 2003 22:48:29 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 14149 invoked from network); 6 Aug 2003 22:48:29 -0000 Received: from moutng.kundenserver.de (212.227.126.187) by p50839001.dip.t-dialin.net with SMTP; 6 Aug 2003 22:48:29 -0000 Received: from [212.227.126.139] (helo=mxng12.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19kXxm-0005hC-00 for max@vampire.homelinux.org; Thu, 07 Aug 2003 01:45:02 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng12.kundenserver.de with esmtp (Exim 3.35 #1) id 19kXxi-0006FP-00 for max@love2party.net; Thu, 07 Aug 2003 01:44:58 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 44E463953EF for ; Wed, 6 Aug 2003 18:49:06 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Wed, 06 Aug 2003 18:49:01 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.184])ESMTP id 585A3394F9E for ; Wed, 6 Aug 2003 18:49:00 -0500 (EST) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19kXxb-0006OS-00 for pf4freebsd@freelists.org; Thu, 07 Aug 2003 01:44:51 +0200 Received: from [80.131.144.1] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19kXxa-0001WI-00 for pf4freebsd@freelists.org; Thu, 07 Aug 2003 01:44:50 +0200 Message-ID: <000901c35c74$eb8639f0$01000001@max900> From: "Max Laier" To: References: <003501c35b54$c5187240$01000001@max900> <3F301BE0.1040103@BSDsystems.de> <1060129200.3f3049b09d4fa@mail.fluidhosting.com> <1060205566.3f3173fe72132@mail.fluidhosting.com> <00ba01c35c65$04036710$01000001@max900> <1060212294.3f318e46db813@mail.fluidhosting.com> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 81 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 187 X-Length: 3835 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: pftop X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:44:45 -0000 X-Original-Date: Thu, 7 Aug 2003 01:46:12 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:44:45 -0000 > Doesn't build for me... > > >> pftop-0.3.tar.gz doesn't seem to exist in /usr/ports/distfiles/. > >> Attempting to fetch from http://www.eee.metu.edu.tr/~canacar/. > Receiving pftop-0.3.tar.gz (12855 bytes): 100% > 12855 bytes transferred in 0.4 seconds (29.71 kBps) > ===> Extracting for pftop-0.3 > >> Checksum OK for pftop-0.3.tar.gz. > ===> Patching for pftop-0.3 > ===> Applying FreeBSD patches for pftop-0.3 > ===> Configuring for pftop-0.3 > ===> Building for pftop-0.3 > Warning: Object directory not changed from original > /pf/pf_freebsd_1.60/contrib/pftop/work/pftop-0.3 > cc -O -pipe -mcpu=pentiumpro -Wall -DOS_LEVEL=33 -c pftop.c > pftop.c:41:23: net/pfvar.h: No such file or directory hmmm ... your Makefile seems messed up. In the correct Makefile you have: CFLAGS+= -I${.CURDIR}/../../include Which produces output like: cc -O -pipe -mcpu=pentiumpro -I/somewhere/pf_freebsd_1.60/contrib/pftop/../. ./include -mcpu=pentiumpro -Wall -DOS_LEVEL=33 -c pftop.c Please check that ... here it builds without any problem. From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:44:54 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id EC29516A4D0; Thu, 16 Sep 2004 03:44:54 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 14837 invoked by uid 1005); 6 Aug 2003 23:43:30 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 14834 invoked from network); 6 Aug 2003 23:43:30 -0000 Received: from moutng.kundenserver.de (212.227.126.177) by p50839001.dip.t-dialin.net with SMTP; 6 Aug 2003 23:43:30 -0000 Received: from [212.227.126.150] (helo=mxng07.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19kYp1-000717-00 for max@vampire.homelinux.org; Thu, 07 Aug 2003 02:40:03 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng07.kundenserver.de with esmtp (Exim 3.35 #1) id 19kYp0-0000wA-00 for max@love2party.net; Thu, 07 Aug 2003 02:40:02 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 8AF733951FB for ; Wed, 6 Aug 2003 19:44:08 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Wed, 06 Aug 2003 19:43:58 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.185])ESMTP id 2EF213952D2 for ; Wed, 6 Aug 2003 19:43:54 -0500 (EST) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19kYoi-0007DP-00 for pf4freebsd@freelists.org; Thu, 07 Aug 2003 02:39:44 +0200 Received: from [80.131.144.1] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19kYoi-0003Qs-00 for pf4freebsd@freelists.org; Thu, 07 Aug 2003 02:39:44 +0200 Message-ID: <002b01c35c7c$96c30850$01000001@max900> From: "Max Laier" To: References: <003501c35b54$c5187240$01000001@max900> <3F301BE0.1040103@BSDsystems.de> <1060129200.3f3049b09d4fa@mail.fluidhosting.com> <1060205566.3f3173fe72132@mail.fluidhosting.com> <00ba01c35c65$04036710$01000001@max900> <1060212294.3f318e46db813@mail.fluidhosting.com> <000901c35c74$eb8639f0$01000001@max900> <1060215989.3f319cb5b5ac8@mail.fluidhosting.com> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 83 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 189 X-Length: 3300 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] make.conf vs. ports Makefile (was Re: pftop) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:44:55 -0000 X-Original-Date: Thu, 7 Aug 2003 02:41:06 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:44:55 -0000 Interesting. Does anybody know how to work around this (wrong/brainfucked) behaviour? Is there any way to pass CFLAGS from a ports Makefile over to the gcc building the application? Or does make.conf always interfere? Thanks Max > The Makefile was the same, so I commented out the following that is in my > /etc/make.conf: > > #CFLAGS= -O -pipe > > Then it built without issue. > > Thanks, > > -S From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:44:59 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id F19EF16A4CF; Thu, 16 Sep 2004 03:44:59 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 16963 invoked by uid 1005); 7 Aug 2003 08:14:57 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 16960 invoked from network); 7 Aug 2003 08:14:56 -0000 Received: from moutng.kundenserver.de (212.227.126.184) by p50839001.dip.t-dialin.net with SMTP; 7 Aug 2003 08:14:56 -0000 Received: from [212.227.126.152] (helo=mxng01.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19kgnx-00082T-00 for max@vampire.homelinux.org; Thu, 07 Aug 2003 11:11:29 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng01.kundenserver.de with esmtp (Exim 3.35 #1) id 19kgnc-0000ZP-00 for max@love2party.net; Thu, 07 Aug 2003 11:11:09 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id A36A0394FF4 for ; Thu, 7 Aug 2003 03:49:30 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Thu, 07 Aug 2003 03:49:16 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from ns.kt-is.co.kr (unknown [211.218.149.125]) ESMTP id 34849394FE2 for ; Thu, 7 Aug 2003 03:49:12 -0500 (EST) Received: from michelle.kt-is.co.kr ([220.76.118.193]) (authenticated bits=0) by ns.kt-is.co.kr (8.12.5/8.12.5) with ESMTP id h778eO7m003407 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=FAIL) for ; Thu, 7 Aug 2003 17:40:25 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.9/8.12.9) with ESMTP id h778ifLA003683 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 7 Aug 2003 17:44:41 +0900 (KST) (envelope-from yongari@michelle.kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.9/8.12.9/Submit) id h778ielF003682 for pf4freebsd@freelists.org; Thu, 7 Aug 2003 17:44:40 +0900 (KST) (envelope-from yongari) From: Pyun YongHyeon To: pf4freebsd@freelists.org Message-ID: <20030807084439.GA3633@kt-is.co.kr> References: <003501c35b54$c5187240$01000001@max900> <3F301BE0.1040103@BSDsystems.de> <1060129200.3f3049b09d4fa@mail.fluidhosting.com> <1060205566.3f3173fe72132@mail.fluidhosting.com> <00ba01c35c65$04036710$01000001@max900> <1060212294.3f318e46db813@mail.fluidhosting.com> <000901c35c74$eb8639f0$01000001@max900> <1060215989.3f319cb5b5ac8@mail.fluidhosting.com> <002b01c35c7c$96c30850$01000001@max900> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <002b01c35c7c$96c30850$01000001@max900> User-Agent: Mutt/1.4.1i X-Filter-Version: 1.9 (ns.kt-is.co.kr) Content-Transfer-Encoding: 8bit X-archive-position: 84 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: yongari@kt-is.co.kr Precedence: normal X-list: pf4freebsd X-UID: 190 X-Length: 4557 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: make.conf vs. ports Makefile (was Re: pftop) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:45:00 -0000 X-Original-Date: Thu, 7 Aug 2003 17:44:39 +0900 X-List-Received-Date: Thu, 16 Sep 2004 03:45:00 -0000 On Thu, Aug 07, 2003 at 02:41:06AM +0200, Max Laier wrote: > Interesting. Does anybody know how to work around this (wrong/brainfucked) > behaviour? Is there any way to pass CFLAGS from a ports Makefile over to the > gcc building the application? Or does make.conf always interfere? > I'm afraid /etc/make.conf clobbers our CFLAGS. You have cc forced to ignore CFLAGS with CFLAGS in /etc/make.conf. We may fix this problem if we touch bsd.port.mk file. However, I think, the more easy way is to add an extra args in Makefile of pftop. For example, --- work/pftop-0.3/Makefile.orig Thu Aug 7 17:39:22 2003 +++ work/pftop-0.3/Makefile Thu Aug 7 17:31:06 2003 @@ -10,6 +10,7 @@ MAN= pftop.8 CFLAGS+= -Wall -DOS_LEVEL=${OSLEVEL} +CFLAGS+= -I${.CURDIR}/../../../../include LDADD+= -lcurses MANDIR=/usr/local/man/cat This should work on any CFLAGS setup in /etc/make.conf. > Thanks > Max > > > The Makefile was the same, so I commented out the following that is in my > > /etc/make.conf: > > > > #CFLAGS= -O -pipe > > > > Then it built without issue. > > > > Thanks, > > > > -S > > Thanks. Regards, -- Pyun YongHyeon From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:45:05 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 0AD9F16A4CE; Thu, 16 Sep 2004 03:45:05 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 37726 invoked by uid 1005); 7 Aug 2003 15:48:26 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 37723 invoked from network); 7 Aug 2003 15:48:26 -0000 Received: from moutng.kundenserver.de (212.227.126.183) by p50839486.dip.t-dialin.net with SMTP; 7 Aug 2003 15:48:26 -0000 Received: from [212.227.126.149] (helo=mxng06.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19knsn-0008Ep-00 for max@vampire.homelinux.org; Thu, 07 Aug 2003 18:44:57 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng06.kundenserver.de with esmtp (Exim 3.35 #1) id 19knsj-0003OM-00 for max@love2party.net; Thu, 07 Aug 2003 18:44:53 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 12D783953B7 for ; Thu, 7 Aug 2003 11:48:54 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Thu, 07 Aug 2003 11:48:49 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from mail.nipsi.de (b121252.adsl.hansenet.de [62.109.121.252]) ESMTP id 980F3394F7F for ; Thu, 7 Aug 2003 11:48:47 -0500 (EST) Received: from blackbox.home.net (blackbox.home.net [172.16.1.13]) (TLS: TLSv1/SSLv3,256bits,AES256-SHA) by mail.nipsi.de with esmtp; Thu, 07 Aug 2003 18:44:44 +0200 Received: from BSDsystems.de (blackbox.home.net [172.16.1.13]) by blackbox.home.net (8.12.9/8.12.9) with ESMTP id h77Gie1m002092; Thu, 7 Aug 2003 18:44:40 +0200 (CEST) (envelope-from Dennis.Berger@BSDsystems.de) Message-ID: <3F3281F8.4000707@BSDsystems.de> From: Dennis Berger User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030704 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-altq@rofug.ro Content-type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-archive-position: 85 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: Dennis.Berger@BSDsystems.de Precedence: normal X-list: pf4freebsd X-UID: 191 X-Length: 2747 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 cc: pf4freebsd@freelists.org Subject: [pf4freebsd] altq for freebsd 0.4.2 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:45:05 -0000 X-Original-Date: Thu, 07 Aug 2003 18:44:40 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:45:05 -0000 new release. from changelog ---------------- release 0.4.2 import if_vrreg.h this should avoid the kernelpanic MFC if_tun, if_vr, buildrelease script fix tag the tree RELENG_5_1 altqsupport for ex (10mbit eepro/10) driver release 0.4.1 regards, db From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:45:19 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id C989716A4D7; Thu, 16 Sep 2004 03:45:10 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 36069 invoked by uid 1005); 8 Aug 2003 03:29:13 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 36066 invoked from network); 8 Aug 2003 03:29:13 -0000 Received: from moutng.kundenserver.de (212.227.126.184) by p50839486.dip.t-dialin.net with SMTP; 8 Aug 2003 03:29:13 -0000 Received: from [212.227.126.148] (helo=mxng05.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19kyp1-00067K-00 for max@vampire.homelinux.org; Fri, 08 Aug 2003 06:25:47 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng05.kundenserver.de with esmtp (Exim 3.35 #1) id 19kyov-0003TD-00 for max@love2party.net; Fri, 08 Aug 2003 06:25:41 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 539E239570C for ; Thu, 7 Aug 2003 23:29:37 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Thu, 07 Aug 2003 23:29:30 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187])ESMTP id F358B395499 for ; Thu, 7 Aug 2003 23:29:28 -0500 (EST) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19kyoi-0002gg-00 for pf4freebsd@freelists.org; Fri, 08 Aug 2003 06:25:28 +0200 Received: from [80.131.148.134] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19kyoi-0004Z7-00 for pf4freebsd@freelists.org; Fri, 08 Aug 2003 06:25:28 +0200 Message-ID: <02e001c35d65$4a1695a0$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 86 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 192 X-Length: 3271 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Free Beer if you build it ... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:45:20 -0000 X-Original-Date: Fri, 8 Aug 2003 06:26:50 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:45:20 -0000 Dennis and I started a patchset to bring pf+altq to FreeBSD. After 11h of patching (see http://www.nipsi.de/cgi-bin/cvsweb.cgi/pfaltq-fbsd for the whole story) it's done. It compiles, links and boots (on my Laptop). And as it's 6am now and as I am in a mood to share the work of the past hours: http://pf4freebsd.love2party.net/pfaltq-freebsd-0.1alpha.tar.gz brings the fun. Note: - There are no userland applications in there (so you'll have to build pfctl from a pf4freebsd package). - ALTQ is broken, so don't except to load ALTQ-rulesets. - I turely belive, that everything - despite ALTQ - works. But that must not be true. - If you build it and send me proof you get a FREE BEER (must come to Karlsruhe Germany to claim it) Off now Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:45:20 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 632AF16A4F2; Thu, 16 Sep 2004 03:45:20 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 40055 invoked by uid 1005); 8 Aug 2003 21:40:21 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 40052 invoked from network); 8 Aug 2003 21:40:21 -0000 Received: from moutng.kundenserver.de (212.227.126.185) by pd9e39c79.dip.t-dialin.net with SMTP; 8 Aug 2003 21:40:21 -0000 Received: from [212.227.126.152] (helo=mxng01.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19lFqx-0006fk-00 for max@vampire.homelinux.org; Sat, 09 Aug 2003 00:36:55 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng01.kundenserver.de with esmtp (Exim 3.35 #1) id 19lFqr-0007Mq-00 for max@love2party.net; Sat, 09 Aug 2003 00:36:49 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id D02E9395490 for ; Fri, 8 Aug 2003 17:40:38 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Fri, 08 Aug 2003 17:40:31 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.184])ESMTP id 491F139524F for ; Fri, 8 Aug 2003 17:40:30 -0500 (EST) Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19lFqf-0001wp-00 for pf4freebsd@freelists.org; Sat, 09 Aug 2003 00:36:37 +0200 Received: from [217.227.156.121] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19lFqe-0003MU-00 for pf4freebsd@freelists.org; Sat, 09 Aug 2003 00:36:37 +0200 Message-ID: <003701c35dfd$b8fdb690$01000001@max900> From: "Max Laier" To: References: <02e001c35d65$4a1695a0$01000001@max900> <1060318642.3f332db257246@mail.fluidhosting.com> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 88 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 194 X-Length: 3574 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 Subject: [pf4freebsd] Re: Free Beer if you build it ... (Congrats) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:45:20 -0000 X-Original-Date: Sat, 9 Aug 2003 00:38:00 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:45:20 -0000 > Congrats, guys! Thanks. > Unfortunately, since I finally have PF+ALTQ working on 5.1, I won't be > installing that anytime soon... > > Glad to see you're joining forces to merge them into one offering. That'll be > nice once it matures. > > Does this mean no more separate versions? I'm assuming this is still for 5.1... > How are you planning for 5.2 (tentative release date is 09.29.2003)? No! pf4freebsd will continue to release new versions chaseing OpenBSD-Current. Work on the altq-freebsd will continue as well. The new project is mainly a "research project", to see how pf+altq could be merged into FreeBSD. FreeBSD schedule mentions a point "KAME Synchronization" without responsible party yet, so our project might produce valueable input for this. And - if FreeBSD continues without ALTQ et al - the project brings a complete SMP kernel with ALTQ and pf which might be of value to some people, we hope. Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:45:25 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 368AE16A4CF; Thu, 16 Sep 2004 03:45:25 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 82082 invoked by uid 1005); 11 Aug 2003 18:38:30 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 82079 invoked from network); 11 Aug 2003 18:38:30 -0000 Received: from moutng.kundenserver.de (212.227.126.171) by pd9e39ec1.dip.t-dialin.net with SMTP; 11 Aug 2003 18:38:30 -0000 Received: from [212.227.126.149] (helo=mxng06.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19mIRf-0005H2-00 for max@vampire.homelinux.org; Mon, 11 Aug 2003 21:35:07 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng06.kundenserver.de with esmtp (Exim 3.35 #1) id 19mIRe-0006Qm-00 for max@love2party.net; Mon, 11 Aug 2003 21:35:07 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 70ECC39538D; Mon, 11 Aug 2003 14:38:28 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Mon, 11 Aug 2003 14:38:24 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183])ESMTP id 6B7E4395393 for ; Mon, 11 Aug 2003 14:38:23 -0500 (EST) Received: from [212.227.126.161] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19mIRW-0000EG-00 for pf4freebsd@freelists.org; Mon, 11 Aug 2003 21:34:58 +0200 Received: from [217.227.158.193] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19mIRV-0004jc-00 for pf4freebsd@freelists.org; Mon, 11 Aug 2003 21:34:57 +0200 Message-ID: <009801c3603f$d8afc570$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 89 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 199 X-Length: 3524 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 Subject: [pf4freebsd] Version 1.61 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:45:25 -0000 X-Original-Date: Mon, 11 Aug 2003 21:36:22 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:45:25 -0000 Hello, just released version 1.61, as usual found here: http://pf4freebsd.love2party.net/pf_freebsd_1.61.tar.gz (MD5 (pf_freebsd_1.61.tar.gz) = 23f703943595501dfe7f432b66961aea) Most notable change is a patch from Cedric to enable tables in pools: "This patch remove the restriction that tables cannot be used in routing or redirection rules... The advantage of using tables in redirection/routing rules is not efficiency, in fact it will run slower than straight address pools. However, this brings a lot of flexibility to PF, allowing simple scripts/daemons to add/remove addresses from redirection/routing pools easily. This implementation support all table features, including cidr blocks and negated addresses. So specifying { 10.0.0.0/29 !10.0.0.0 !10.0.0.7 } will correctly round-robin between the six addresses: .1, .2, .3, .4, .5, .6. Tables can also be combined with simple addresses, so the following rule will work as expected: "nat on foo0 -> { 1.1.1.1 }"" Plus some minor changes and fixes. Regards, Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:45:30 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 3C2EA16A4CF; Thu, 16 Sep 2004 03:45:30 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 7484 invoked by uid 1005); 16 Aug 2003 01:53:16 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 7481 invoked from network); 16 Aug 2003 01:53:16 -0000 Received: from moutng.kundenserver.de (212.227.126.184) by p50839b54.dip.t-dialin.net with SMTP; 16 Aug 2003 01:53:16 -0000 Received: from [212.227.126.210] (helo=mxng14.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19nr8f-0005YT-00 for max@vampire.homelinux.org; Sat, 16 Aug 2003 04:49:57 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng14.kundenserver.de with esmtp (Exim 3.35 #1) id 19nr8e-0008Qb-00 for max@love2party.net; Sat, 16 Aug 2003 04:49:56 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id D4019390882 for ; Fri, 15 Aug 2003 21:52:17 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Fri, 15 Aug 2003 21:52:10 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from qubix.ca (d57-114-109.home.cgocable.net [24.57.114.109]) ESMTP id E0EA6390BEC for ; Fri, 15 Aug 2003 21:24:28 -0500 (EST) Received: by qubix.ca (Postfix, from userid 1010) id B81BA450A9; Fri, 15 Aug 2003 22:21:45 -0400 (EDT) Received: from qubix.ca (lan [192.168.1.1]) by qubix.ca (Postfix) with ESMTP id 7D29545062 for ; Fri, 15 Aug 2003 22:21:42 -0400 (EDT) Message-ID: <3F3D9534.6080802@qubix.ca> From: Mo User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030813 Thunderbird/0.2a X-Accept-Language: en-us, en MIME-Version: 1.0 To: pf4freebsd@freelists.org Content-type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Status: No, hits=-0.1 required=5.0 tests=USER_AGENT_MOZILLA_UA,X_ACCEPT_LANG version=2.55 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) X-archive-position: 90 X-Approved-By: max@love2party.net X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: mo@qubix.ca Precedence: normal X-list: pf4freebsd X-UID: 200 X-Length: 3099 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Whitelist IPs via pf 1.61 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:45:30 -0000 X-Original-Date: Fri, 15 Aug 2003 22:21:40 -0400 X-List-Received-Date: Thu, 16 Sep 2004 03:45:30 -0000 Hello. This is my first time posting to this mailing list, but it looks like I would probably get some good ideas/answers here. Anyway, I have a specific subnet (65.192.x.x) blocked from accessing port 80, but I want to "whitelist" (if that is the proper term) and have it be able to access port 80. So basically, I want the whole subnet blocked still, except if I can whitelist one IP to allow traffic to/from port 80 from it. Is this possible? I'm running pf 1.61 and FreeBSD 5.1-CURRENT (last rebuilt world on Aug. 15, 2003). Thanks From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:45:35 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 40AA616A4CF; Thu, 16 Sep 2004 03:45:35 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 7581 invoked by uid 1005); 16 Aug 2003 02:08:16 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 7578 invoked from network); 16 Aug 2003 02:08:15 -0000 Received: from moutng.kundenserver.de (212.227.126.186) by p50839b54.dip.t-dialin.net with SMTP; 16 Aug 2003 02:08:15 -0000 Received: from [212.227.126.210] (helo=mxng14.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19nrNB-0008Q3-00 for max@vampire.homelinux.org; Sat, 16 Aug 2003 05:04:57 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng14.kundenserver.de with esmtp (Exim 3.35 #1) id 19nrNA-0004IO-00 for max@love2party.net; Sat, 16 Aug 2003 05:04:56 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id B05493909F8 for ; Fri, 15 Aug 2003 22:07:37 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Fri, 15 Aug 2003 22:07:33 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183])ESMTP id 98B0C390B52 for ; Fri, 15 Aug 2003 22:07:32 -0500 (EST) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19nrN4-0006Fk-00 for pf4freebsd@freelists.org; Sat, 16 Aug 2003 05:04:50 +0200 Received: from [80.131.155.84] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19nrN3-0003op-00 for pf4freebsd@freelists.org; Sat, 16 Aug 2003 05:04:49 +0200 Message-ID: <002201c363a3$5d01e450$01000001@max900> From: "Max Laier" To: References: <3F3D9534.6080802@qubix.ca> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 91 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 201 X-Length: 4188 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 Subject: [pf4freebsd] Re: Whitelist IPs via pf 1.61 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:45:35 -0000 X-Original-Date: Sat, 16 Aug 2003 05:06:18 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:45:35 -0000 This can be done in various ways, the most powerfull and yet easy way is to use a table: >>> pf.conf <<< table persist file "/etc/port80.allow" # block here pass out on $ext_if from to any port 80 >>> pf.conf <<< This will read all the entries in /etc/port80.allow to the table as you load the ruleset. You can add hosts or subnets temporaly by issueing: #pfctl -t surfers -Tadd 65.192.5.1 or #pfctl -t surfers -Tadd 66.192.5.0/24 You can even add negated entries, if you want to allow a whole subnet, but one or two hosts: #pfctl -t surfers -Tadd 65.192.6.0/24 #pfctl -t surfers -Tadd !65.192.6.13 will allow all hosts from 65.192.6.0/24 but disallow 65.192.6.13 The contens of the table can be viewed by: #pfctl -t surfers -Tshow More information at: pfctl(8) http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8&manpath=OpenBSD+3.3 pf.conf(5) http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5&manpath=OpenBSD+3.3 And the pf-faq: http://www.openbsd.org/faq/pf/tables.html > Hello. This is my first time posting to this mailing list, but it looks > like I would probably get some good ideas/answers here. Anyway, I have > a specific subnet (65.192.x.x) blocked from accessing port 80, but I > want to "whitelist" (if that is the proper term) and have it be able to > access port 80. So basically, I want the whole subnet blocked still, > except if I can whitelist one IP to allow traffic to/from port 80 from > it. Is this possible? I'm running pf 1.61 and FreeBSD 5.1-CURRENT > (last rebuilt world on Aug. 15, 2003). > > Thanks > > > > From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:45:40 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 479FE16A4D0; Thu, 16 Sep 2004 03:45:40 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 7807 invoked by uid 1005); 16 Aug 2003 02:20:02 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 7804 invoked from network); 16 Aug 2003 02:20:02 -0000 Received: from moutng.kundenserver.de (212.227.126.184) by p50839b54.dip.t-dialin.net with SMTP; 16 Aug 2003 02:20:02 -0000 Received: from [212.227.126.153] (helo=mxng02.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19nrYa-0002Ox-00 for max@vampire.homelinux.org; Sat, 16 Aug 2003 05:16:44 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng02.kundenserver.de with esmtp (Exim 3.35 #1) id 19nrYZ-0007xn-00 for max@love2party.net; Sat, 16 Aug 2003 05:16:43 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 782A2390B57 for ; Fri, 15 Aug 2003 22:19:24 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Fri, 15 Aug 2003 22:19:20 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183])ESMTP id 80AD1390833 for ; Fri, 15 Aug 2003 22:19:19 -0500 (EST) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19nrYT-0008Qy-00 for pf4freebsd@freelists.org; Sat, 16 Aug 2003 05:16:37 +0200 Received: from [80.131.155.84] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19nrYS-0004Wi-00 for pf4freebsd@freelists.org; Sat, 16 Aug 2003 05:16:36 +0200 Message-ID: <000901c363a5$02752090$01000001@max900> From: "Max Laier" To: References: <3F3D9534.6080802@qubix.ca> <002201c363a3$5d01e450$01000001@max900> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 92 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 202 X-Length: 4554 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 Subject: [pf4freebsd] Re: Whitelist IPs via pf 1.61 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:45:40 -0000 X-Original-Date: Sat, 16 Aug 2003 05:18:05 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:45:40 -0000 Forgot to tell about the best part: This gives you per-table-entry accounting, meaning that: #pfctl -vt surfers -Tshow #note the -v flag will give you detailed output about every entries activities, so you can interfere if someone surfes too much. > This can be done in various ways, the most powerfull and yet easy way is to > use a table: > > >>> pf.conf <<< > table persist file "/etc/port80.allow" > > # block here > > pass out on $ext_if from to any port 80 > >>> pf.conf <<< > > This will read all the entries in /etc/port80.allow to the table as you load > the ruleset. You can add hosts or subnets temporaly by issueing: > #pfctl -t surfers -Tadd 65.192.5.1 or > #pfctl -t surfers -Tadd 66.192.5.0/24 > You can even add negated entries, if you want to allow a whole subnet, but > one or two hosts: > #pfctl -t surfers -Tadd 65.192.6.0/24 > #pfctl -t surfers -Tadd !65.192.6.13 > will allow all hosts from 65.192.6.0/24 but disallow 65.192.6.13 > The contens of the table can be viewed by: > #pfctl -t surfers -Tshow > > More information at: > pfctl(8) > http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8&manpath=OpenBSD+3.3 > pf.conf(5) > http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5&manpath=OpenBSD+3.3 > And the pf-faq: > http://www.openbsd.org/faq/pf/tables.html > > > Hello. This is my first time posting to this mailing list, but it looks > > like I would probably get some good ideas/answers here. Anyway, I have > > a specific subnet (65.192.x.x) blocked from accessing port 80, but I > > want to "whitelist" (if that is the proper term) and have it be able to > > access port 80. So basically, I want the whole subnet blocked still, > > except if I can whitelist one IP to allow traffic to/from port 80 from > > it. Is this possible? I'm running pf 1.61 and FreeBSD 5.1-CURRENT > > (last rebuilt world on Aug. 15, 2003). > > > > Thanks From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:45:45 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 4DFB816A4D0; Thu, 16 Sep 2004 03:45:45 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 9064 invoked by uid 1005); 16 Aug 2003 10:51:48 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 9061 invoked from network); 16 Aug 2003 10:51:48 -0000 Received: from moutng.kundenserver.de (212.227.126.177) by p50839b54.dip.t-dialin.net with SMTP; 16 Aug 2003 10:51:48 -0000 Received: from [212.227.126.214] (helo=mxng18.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19nzXq-0008Tp-00 for max@vampire.homelinux.org; Sat, 16 Aug 2003 13:48:30 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng18.kundenserver.de with esmtp (Exim 3.35 #1) id 19nzXl-0005Mg-00 for max@love2party.net; Sat, 16 Aug 2003 13:48:26 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 1B7E0390782 for ; Sat, 16 Aug 2003 06:45:16 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sat, 16 Aug 2003 06:45:11 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from mail.nipsi.de (b121252.adsl.hansenet.de [62.109.121.252]) ESMTP id 2A6DB39076C for ; Sat, 16 Aug 2003 06:45:05 -0500 (EST) Received: from blackbox.home.net (blackbox.home.net [172.16.1.13]) (TLS: TLSv1/SSLv3,256bits,AES256-SHA) by mail.nipsi.de with esmtp; Sat, 16 Aug 2003 13:42:23 +0200 Received: from BSDsystems.de (blackbox.home.net [172.16.1.13]) by blackbox.home.net (8.12.9/8.12.9) with ESMTP id h7GBgORv038677 for ; Sat, 16 Aug 2003 13:42:26 +0200 (CEST) (envelope-from Dennis.Berger@BSDsystems.de) Message-ID: <3F3E18A0.2020607@BSDsystems.de> From: Dennis Berger User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030704 X-Accept-Language: en-us, en MIME-Version: 1.0 To: pf4freebsd@freelists.org Content-type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-archive-position: 93 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: Dennis.Berger@BSDsystems.de Precedence: normal X-list: pf4freebsd X-UID: 203 X-Length: 3256 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] pfaltq-fbsd second part X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:45:45 -0000 X-Original-Date: Sat, 16 Aug 2003 13:42:24 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:45:45 -0000 Max and I are pround to announce pfaltq version 0.3 for FreeBSD 5.1. Here is the first official release of our PF ALTQ merge. It's based on the most recent version of OpenBSD's PF. The ALTQ part in this package is based on the most recent version from kame. We disabled ALTQ3_COMPAT, and introduced finegrained locking. JoBS, other schedulers and compatparts are still in this tree for two reasons. First it's much easier to sync with kame. Second we will start work to support JoBS, we are in contact with the author. This release is working on FreeBSD 5.1 at any patchlevel. So here is what you're looking for http://www.nipsi.de/FreeBSD/pfaltq-freebsd-5.1-0.3.tar.gz Projectpage is http://www.nipsi.de/altq/index.html Regards, Dennis From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:45:50 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 51FD716A4CF; Thu, 16 Sep 2004 03:45:50 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 9072 invoked by uid 1005); 16 Aug 2003 10:53:10 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 9069 invoked from network); 16 Aug 2003 10:53:10 -0000 Received: from moutng.kundenserver.de (212.227.126.171) by p50839b54.dip.t-dialin.net with SMTP; 16 Aug 2003 10:53:10 -0000 Received: from [212.227.126.146] (helo=mxng03.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19nzZA-0000hm-00 for max@vampire.homelinux.org; Sat, 16 Aug 2003 13:49:52 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng03.kundenserver.de with esmtp (Exim 3.35 #1) id 19nzZ8-0004Nz-00 for max@love2party.net; Sat, 16 Aug 2003 13:49:50 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 0307D3906B7 for ; Sat, 16 Aug 2003 06:52:19 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sat, 16 Aug 2003 06:52:13 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from mail.nipsi.de (b121252.adsl.hansenet.de [62.109.121.252]) ESMTP id 6D3EE3901F9 for ; Sat, 16 Aug 2003 06:52:10 -0500 (EST) Received: from blackbox.home.net (blackbox.home.net [172.16.1.13]) (TLS: TLSv1/SSLv3,256bits,AES256-SHA) by mail.nipsi.de with esmtp; Sat, 16 Aug 2003 13:49:30 +0200 Received: from BSDsystems.de (blackbox.home.net [172.16.1.13]) by blackbox.home.net (8.12.9/8.12.9) with ESMTP id h7GBnXRv038703 for ; Sat, 16 Aug 2003 13:49:33 +0200 (CEST) (envelope-from Dennis.Berger@BSDsystems.de) Message-ID: <3F3E1A4D.1070309@BSDsystems.de> From: Dennis Berger User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030704 X-Accept-Language: en-us, en MIME-Version: 1.0 To: pf4freebsd@freelists.org References: <3F3E18A0.2020607@BSDsystems.de> In-Reply-To: <3F3E18A0.2020607@BSDsystems.de> Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-archive-position: 94 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: Dennis.Berger@BSDsystems.de Precedence: normal X-list: pf4freebsd X-UID: 204 X-Length: 3571 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: pfaltq-fbsd second part X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:45:50 -0000 X-Original-Date: Sat, 16 Aug 2003 13:49:33 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:45:50 -0000 Dennis Berger wrote: >Max and I are pround to announce pfaltq version 0.3 for FreeBSD 5.1. >Here is the first official release of our PF ALTQ merge. It's based on >the most recent version of OpenBSD's PF. The ALTQ part in this package >is based on the most recent version from kame. We disabled ALTQ3_COMPAT, >and introduced finegrained locking. JoBS, other schedulers and >compatparts are still in this tree for two reasons. First it's much >easier to sync with kame. Second we will start work to support JoBS, we >are in contact with the author. This release is working on FreeBSD 5.1 >at any patchlevel. >So here is what you're looking for >http://www.nipsi.de/FreeBSD/pfaltq-freebsd-5.1-0.3.tar.gz >Projectpage is http://www.nipsi.de/altq/index.html > >Regards, > Dennis > forgot to say that we created the RELENG_5_1 branch and work has begun toward FreeBSD CURRENT. So if you check out via anoncvs don't forget to specify which branch you want. From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:46:00 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 5C4D916A4CF; Thu, 16 Sep 2004 03:46:00 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 9699 invoked by uid 1005); 16 Aug 2003 14:59:59 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 9696 invoked from network); 16 Aug 2003 14:59:59 -0000 Received: from moutng.kundenserver.de (212.227.126.188) by p50839b54.dip.t-dialin.net with SMTP; 16 Aug 2003 14:59:59 -0000 Received: from [212.227.126.210] (helo=mxng14.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19o3Q2-0002Vr-00 for max@vampire.homelinux.org; Sat, 16 Aug 2003 17:56:42 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng14.kundenserver.de with esmtp (Exim 3.35 #1) id 19o3Q1-00028D-00 for max@love2party.net; Sat, 16 Aug 2003 17:56:41 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id BF1CB390874 for ; Sat, 16 Aug 2003 10:59:17 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sat, 16 Aug 2003 10:59:13 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from mail.nipsi.de (b121252.adsl.hansenet.de [62.109.121.252]) ESMTP id 57955390845 for ; Sat, 16 Aug 2003 10:59:12 -0500 (EST) Received: from blackbox.home.net (blackbox.home.net [172.16.1.13]) (TLS: TLSv1/SSLv3,256bits,AES256-SHA) by mail.nipsi.de with esmtp; Sat, 16 Aug 2003 17:56:32 +0200 Received: from BSDsystems.de (blackbox.home.net [172.16.1.13]) by blackbox.home.net (8.12.9/8.12.9) with ESMTP id h7GFuTRv037619 for ; Sat, 16 Aug 2003 17:56:30 +0200 (CEST) (envelope-from Dennis.Berger@BSDsystems.de) Message-ID: <3F3E542D.3050709@BSDsystems.de> From: Dennis Berger User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030704 X-Accept-Language: en-us, en MIME-Version: 1.0 To: pf4freebsd@freelists.org References: <3F3E18A0.2020607@BSDsystems.de> <3F3E1A4D.1070309@BSDsystems.de> <1061048776.3f3e51c82b96a@mail.fluidhosting.com> In-Reply-To: <1061048776.3f3e51c82b96a@mail.fluidhosting.com> Content-type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-archive-position: 96 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: Dennis.Berger@BSDsystems.de Precedence: normal X-list: pf4freebsd X-UID: 206 X-Length: 4116 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: pfaltq-fbsd merge X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:46:00 -0000 X-Original-Date: Sat, 16 Aug 2003 17:56:29 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:46:00 -0000 pf-r@solarflux.org wrote: >Hi, > >ok, now I'm starting to get interested in this... Is the functionality the same >now as pf 1.61 + ALTQ 0.4.1? Any differences? Also, what's the best way to >remove the separate pieces completely before installing the merged offering? > > 1. It's clean design because we removed lots of reduntant code pfaltq for example... 2. we introduced latest ALTQ from kame altq 0.4.2 was based on altq shipped with altq-freebsd-release-5.0 3. the versions are PF 1.61 + latest fixes in CVS (upcoming 1.62) + latest ALTQ from kame 4. adding pf+altq to the basesystem ist much easier... hopefully Regards, Dennis >-S > > >Quoting Dennis Berger : > > > >>Dennis Berger wrote: >> >> >> >>>Max and I are pround to announce pfaltq version 0.3 for FreeBSD 5.1. >>>Here is the first official release of our PF ALTQ merge. It's based on >>>the most recent version of OpenBSD's PF. The ALTQ part in this package >>>is based on the most recent version from kame. We disabled ALTQ3_COMPAT, >>>and introduced finegrained locking. JoBS, other schedulers and >>>compatparts are still in this tree for two reasons. First it's much >>>easier to sync with kame. Second we will start work to support JoBS, we >>>are in contact with the author. This release is working on FreeBSD 5.1 >>>at any patchlevel. >>> >>> > > > > From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:46:05 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 6134916A4CF; Thu, 16 Sep 2004 03:46:05 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 9843 invoked by uid 1005); 16 Aug 2003 15:14:15 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 9840 invoked from network); 16 Aug 2003 15:14:15 -0000 Received: from moutng.kundenserver.de (212.227.126.171) by p50839b54.dip.t-dialin.net with SMTP; 16 Aug 2003 15:14:15 -0000 Received: from [212.227.126.212] (helo=mxng16.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19o3dp-00050g-00 for max@vampire.homelinux.org; Sat, 16 Aug 2003 18:10:57 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng16.kundenserver.de with esmtp (Exim 3.35 #1) id 19o3dj-0001bG-00 for max@love2party.net; Sat, 16 Aug 2003 18:10:54 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 828BF3908C6 for ; Sat, 16 Aug 2003 11:08:44 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sat, 16 Aug 2003 11:08:40 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from qubix.ca (d57-114-109.home.cgocable.net [24.57.114.109]) ESMTP id C853D390B3E for ; Fri, 15 Aug 2003 22:27:28 -0500 (EST) Received: by qubix.ca (Postfix, from userid 1005) id 5704D450B8; Fri, 15 Aug 2003 23:24:46 -0400 (EDT) From: Mo To: pf4freebsd@freelists.org Message-ID: <20030816032446.GA3047@qubix.ca> References: <3F3D9534.6080802@qubix.ca> <002201c363a3$5d01e450$01000001@max900> <000901c363a5$02752090$01000001@max900> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000901c363a5$02752090$01000001@max900> User-Agent: Mutt/1.5.4i Content-Transfer-Encoding: 8bit X-archive-position: 97 X-Approved-By: max@love2party.net X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: mo@qubix.ca Precedence: normal X-list: pf4freebsd X-UID: 207 X-Length: 4704 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: Whitelist IPs via pf 1.61 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:46:05 -0000 X-Original-Date: Fri, 15 Aug 2003 23:24:46 -0400 X-List-Received-Date: Thu, 16 Sep 2004 03:46:05 -0000 Thanks very much for the assistance, I am just waiting for the guy to try it out. I e-mailed him and hopefully he will try it tomorrow morning and let me know. I really appreciate your enthusiasm and going above and beyond when answering my question. Thanks again On Saturday, 16 August 2003 at 5:18:05 +0200, Max Laier wrote: > Forgot to tell about the best part: > This gives you per-table-entry accounting, meaning that: > #pfctl -vt surfers -Tshow #note the -v flag > will give you detailed output about every entries activities, so you can > interfere if someone surfes too much. > > > This can be done in various ways, the most powerfull and yet easy way is > to > > use a table: > > > > >>> pf.conf <<< > > table persist file "/etc/port80.allow" > > > > # block here > > > > pass out on $ext_if from to any port 80 > > >>> pf.conf <<< > > > > This will read all the entries in /etc/port80.allow to the table as you > load > > the ruleset. You can add hosts or subnets temporaly by issueing: > > #pfctl -t surfers -Tadd 65.192.5.1 or > > #pfctl -t surfers -Tadd 66.192.5.0/24 > > You can even add negated entries, if you want to allow a whole subnet, but > > one or two hosts: > > #pfctl -t surfers -Tadd 65.192.6.0/24 > > #pfctl -t surfers -Tadd !65.192.6.13 > > will allow all hosts from 65.192.6.0/24 but disallow 65.192.6.13 > > The contens of the table can be viewed by: > > #pfctl -t surfers -Tshow > > > > More information at: > > pfctl(8) > > > http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8&manpath=OpenBSD+3.3 > > pf.conf(5) > > > http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5&manpath=OpenBSD+3.3 > > And the pf-faq: > > http://www.openbsd.org/faq/pf/tables.html > > > > > Hello. This is my first time posting to this mailing list, but it looks > > > like I would probably get some good ideas/answers here. Anyway, I have > > > a specific subnet (65.192.x.x) blocked from accessing port 80, but I > > > want to "whitelist" (if that is the proper term) and have it be able to > > > access port 80. So basically, I want the whole subnet blocked still, > > > except if I can whitelist one IP to allow traffic to/from port 80 from > > > it. Is this possible? I'm running pf 1.61 and FreeBSD 5.1-CURRENT > > > (last rebuilt world on Aug. 15, 2003). > > > > > > Thanks > > From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:46:10 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 66E8216A4CF; Thu, 16 Sep 2004 03:46:10 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 9931 invoked by uid 1005); 16 Aug 2003 15:25:44 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 9928 invoked from network); 16 Aug 2003 15:25:44 -0000 Received: from moutng.kundenserver.de (212.227.126.183) by p50839b54.dip.t-dialin.net with SMTP; 16 Aug 2003 15:25:44 -0000 Received: from [212.227.126.146] (helo=mxng03.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19o3ow-0000ZM-00 for max@vampire.homelinux.org; Sat, 16 Aug 2003 18:22:26 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng03.kundenserver.de with esmtp (Exim 3.35 #1) id 19o3ou-0000cf-00 for max@love2party.net; Sat, 16 Aug 2003 18:22:24 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 9CF7139099F for ; Sat, 16 Aug 2003 11:24:40 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sat, 16 Aug 2003 11:24:36 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from mail.nipsi.de (b121252.adsl.hansenet.de [62.109.121.252]) ESMTP id 17BEA39098B for ; Sat, 16 Aug 2003 11:24:34 -0500 (EST) Received: from blackbox.home.net (blackbox.home.net [172.16.1.13]) (TLS: TLSv1/SSLv3,256bits,AES256-SHA) by mail.nipsi.de with esmtp; Sat, 16 Aug 2003 18:21:55 +0200 Received: from BSDsystems.de (blackbox.home.net [172.16.1.13]) by blackbox.home.net (8.12.9/8.12.9) with ESMTP id h7GGLvRv067111 for ; Sat, 16 Aug 2003 18:21:58 +0200 (CEST) (envelope-from Dennis.Berger@BSDsystems.de) Message-ID: <3F3E5A25.3040209@BSDsystems.de> From: Dennis Berger User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030704 X-Accept-Language: en-us, en MIME-Version: 1.0 To: pf4freebsd@freelists.org References: <3F3E18A0.2020607@BSDsystems.de> <3F3E1A4D.1070309@BSDsystems.de> <1061048776.3f3e51c82b96a@mail.fluidhosting.com> In-Reply-To: <1061048776.3f3e51c82b96a@mail.fluidhosting.com> Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-archive-position: 98 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: Dennis.Berger@BSDsystems.de Precedence: normal X-list: pf4freebsd X-UID: 208 X-Length: 3885 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: pfaltq-fbsd merge X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:46:10 -0000 X-Original-Date: Sat, 16 Aug 2003 18:21:57 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:46:10 -0000 pf-r@solarflux.org wrote: >Hi, > >ok, now I'm starting to get interested in this... Is the functionality the same >now as pf 1.61 + ALTQ 0.4.1? Any differences? Also, what's the best way to >remove the separate pieces completely before installing the merged offering? > best way is get a clean /usr/src/sys based on RELENG_5_1 remove /usr/src/sys.*; remove the sys link to sys.altq just one clean /usr/src/sys thats it... >-S > > >Quoting Dennis Berger : > > > >>Dennis Berger wrote: >> >> >> >>>Max and I are pround to announce pfaltq version 0.3 for FreeBSD 5.1. >>>Here is the first official release of our PF ALTQ merge. It's based on >>>the most recent version of OpenBSD's PF. The ALTQ part in this package >>>is based on the most recent version from kame. We disabled ALTQ3_COMPAT, >>>and introduced finegrained locking. JoBS, other schedulers and >>>compatparts are still in this tree for two reasons. First it's much >>>easier to sync with kame. Second we will start work to support JoBS, we >>>are in contact with the author. This release is working on FreeBSD 5.1 >>>at any patchlevel. >>> >>> > > > > From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:46:15 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 6C61216A4CF; Thu, 16 Sep 2004 03:46:15 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 50713 invoked by uid 1005); 22 Aug 2003 16:58:17 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 50710 invoked from network); 22 Aug 2003 16:58:16 -0000 Received: from moutng.kundenserver.de (212.227.126.177) by pd9530eae.dip.t-dialin.net with SMTP; 22 Aug 2003 16:58:16 -0000 Received: from [212.227.126.149] (helo=mxng06.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19qG7s-0002le-00 for max@vampire.homelinux.org; Fri, 22 Aug 2003 19:55:04 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng06.kundenserver.de with esmtp (Exim 3.35 #1) id 19qG7p-0003UE-00 for max@love2party.net; Fri, 22 Aug 2003 19:55:02 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 25B77390C79; Fri, 22 Aug 2003 12:56:11 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Fri, 22 Aug 2003 12:56:06 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.189])ESMTP id D1D47390853 for ; Fri, 22 Aug 2003 12:56:05 -0500 (EST) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19qG6z-0002sd-00 for pf4freebsd@freelists.org; Fri, 22 Aug 2003 19:54:09 +0200 Received: from [217.83.14.174] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19qG6z-0000UO-00 for pf4freebsd@freelists.org; Fri, 22 Aug 2003 19:54:09 +0200 Message-ID: <015401c368d6$9c9ef8e0$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 99 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 209 X-Length: 4279 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 Subject: [pf4freebsd] Fw: PF filter decisions based on source OS type X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:46:15 -0000 X-Original-Date: Fri, 22 Aug 2003 19:55:44 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:46:15 -0000 for those curious about this feature: It's on the way! I'll just wait a bit for Daniel et al to discover the more obvious problems and build a release as soon as these are available via CVS. One minor in pfvar.h was allready fixed as well as a problem in pfctl. Give it 2 hours ... pftcpdump will come with the fancy "-o" switch, it's working fine =) For pfaltq-fbsd testers: Sync is on the way ... but give me a day or two on that one ... CBA to do two syncs in a row. Regards, Max N.B.: This is not a security feature!!! http://www.benzedrine.cx/pf/msg03089.html : >>>> From: "Mike Frantzen" To: Sent: Thursday, August 21, 2003 9:18 PM > Just committed a diff to -current that lets adds Michal Zalewski's > p0f v2 style passive fingerprinting to PF. It allows PF to filter on > the operating system of the source host by passively fingerprinting > the SYN packets. Powerfuly policy enforcement is now possible: > block proto tcp from any os Windows to any port smtp > block proto tcp from any os SCO > pass proto tcp from any os $UNIXES keep state queue high-bandwidth > > # Send older windows to a web page telling them to upgrade > rdr on le0 proto tcp from any os "Windows 98" to any port 80 \ > -> 127.0.0.1 port 8001 > > Passive fingerprinting has also been added to tcpdump via the -o > parameter to print out the sender OS of TCP SYN packets. > > There is a short writeup at http://www.w4g.org/fingerprinting.html > > We need your help to populate the operating system database. Please > go to http://lcamtuf.coredump.cx/p0f-help with as many machines with > web browsers as possible and type in your OS name if it doesn't > recognize the machine. > > .mike From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:46:20 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 76A4716A4CF; Thu, 16 Sep 2004 03:46:20 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 59776 invoked by uid 1005); 22 Aug 2003 21:11:42 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 59773 invoked from network); 22 Aug 2003 21:11:41 -0000 Received: from moutng.kundenserver.de (212.227.126.186) by pd9530eae.dip.t-dialin.net with SMTP; 22 Aug 2003 21:11:41 -0000 Received: from [212.227.126.164] (helo=mxng11.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19qK57-0005J7-00 for max@vampire.homelinux.org; Sat, 23 Aug 2003 00:08:29 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng11.kundenserver.de with esmtp (Exim 3.35 #1) id 19qK55-0006RO-00 for max@love2party.net; Sat, 23 Aug 2003 00:08:27 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id D00CB390B17; Fri, 22 Aug 2003 17:08:45 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Fri, 22 Aug 2003 17:08:41 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.189])ESMTP id D536C390835 for ; Fri, 22 Aug 2003 17:08:40 -0500 (EST) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19qK3S-0000t3-00 for pf4freebsd@freelists.org; Sat, 23 Aug 2003 00:06:46 +0200 Received: from [217.83.14.174] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19qK3R-0003ub-00 for pf4freebsd@freelists.org; Sat, 23 Aug 2003 00:06:46 +0200 Message-ID: <023a01c368f9$e6c1c5b0$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 100 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 210 X-Length: 3550 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 Subject: [pf4freebsd] Version 1.62 (took a little long then 2h) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:46:20 -0000 X-Original-Date: Sat, 23 Aug 2003 00:08:20 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:46:20 -0000 Hello, version 1.62 (http://pf4freebsd.love2party.net/pf_freebsd_1.62.tar.gz) is ready. It brings the (allready announced) passive OS fingerprinting as filter criteria: http://www.benzedrine.cx/pf/msg03089.html Additional it adds missing locks to new table-code from version 1.61 and cleans up the general locking of pf to prepare for Giant removal! You will need to get a copy of the OS Fingerprint database to /etc/pf.os Get it from: http://www.openbsd.org/cgi-bin/cvsweb/src/etc/pf.os http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/pf.os?rev=1.1&content-type=text/plain is the latest as of now, but you should check for new versions from time to time. Try "pftcpdump -o -i " to get and idea what OS you want to filter on. Note that the OS guessing only works on (complete, unmodified) SYN packets. Once again: ***This is not a security feature*** Have fun with the release and please report any problems. Max P.S.: $md5 pf_freebsd_1.62.tar.gz 7d6f5dfbacb784afc04ced7c4f48ab2a pf_freebsd_1.62.tar.gz From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:46:25 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 7E46A16A4CF; Thu, 16 Sep 2004 03:46:25 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 62977 invoked by uid 1005); 23 Aug 2003 10:30:20 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 62974 invoked from network); 23 Aug 2003 10:30:20 -0000 Received: from moutng.kundenserver.de (212.227.126.188) by pd95302b9.dip.t-dialin.net with SMTP; 23 Aug 2003 10:30:20 -0000 Received: from [212.227.126.150] (helo=mxng07.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19qWY0-00055X-00 for max@vampire.homelinux.org; Sat, 23 Aug 2003 13:27:08 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng07.kundenserver.de with esmtp (Exim 3.35 #1) id 19qWXw-0007Si-00 for max@love2party.net; Sat, 23 Aug 2003 13:27:05 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 30F0B390994; Sat, 23 Aug 2003 06:28:15 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sat, 23 Aug 2003 06:28:10 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.185])ESMTP id 23674390977 for ; Sat, 23 Aug 2003 06:28:10 -0500 (EST) Received: from [212.227.126.161] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19qWXK-0005EJ-00; Sat, 23 Aug 2003 13:26:26 +0200 Received: from [217.83.2.185] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19qWXK-0006Bt-00; Sat, 23 Aug 2003 13:26:26 +0200 Message-ID: <000701c36969$9df2bf40$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 101 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 211 X-Length: 2867 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 cc: freebsd-altq@rofug.ro Subject: [pf4freebsd] pfaltq-fbsd: Sync is done! X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:46:25 -0000 X-Original-Date: Sat, 23 Aug 2003 13:28:02 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:46:25 -0000 Hello, the MAIN branch of pfaltq-fbsd has been synced with newest pf code. If you are curious checkout and apply. All patch offsets where synced to current and some new userland defines where synced in from kame (which are used in pfctl now). More information on checking it out: http://www.nipsi.de/altq/index.html and http://www.nipsi.de/cgi-bin/cvsweb.cgi/pfaltq-fbsd/ for a preview Have fun, Max From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:46:30 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 8410916A4CF; Thu, 16 Sep 2004 03:46:30 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 64856 invoked by uid 1005); 23 Aug 2003 15:09:41 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 64853 invoked from network); 23 Aug 2003 15:09:41 -0000 Received: from moutng.kundenserver.de (212.227.126.177) by pd95302b9.dip.t-dialin.net with SMTP; 23 Aug 2003 15:09:41 -0000 Received: from [212.227.126.212] (helo=mxng16.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19qauM-0002NZ-00 for max@vampire.homelinux.org; Sat, 23 Aug 2003 18:06:30 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng16.kundenserver.de with esmtp (Exim 3.35 #1) id 19qauK-0002L4-00 for max@love2party.net; Sat, 23 Aug 2003 18:06:28 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id CDB3C39024E; Sat, 23 Aug 2003 11:07:41 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sat, 23 Aug 2003 11:07:37 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171])ESMTP id 0A67E39080E for ; Sat, 23 Aug 2003 11:07:37 -0500 (EST) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19qatn-0002Dy-00 for pf4freebsd@freelists.org; Sat, 23 Aug 2003 18:05:55 +0200 Received: from [217.83.2.185] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19qatn-00037q-00 for pf4freebsd@freelists.org; Sat, 23 Aug 2003 18:05:55 +0200 Message-ID: <007201c36990$a942f2d0$01000001@max900> From: "Max Laier" To: References: <3F47797C.5040401@kasimir.com> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 103 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 213 X-Length: 2873 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 Subject: [pf4freebsd] Re: Compile failure pfaltq X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:46:30 -0000 X-Original-Date: Sat, 23 Aug 2003 18:07:31 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:46:30 -0000 You didn't use a clean sys-dir to start from. This error happens when you have old module/altq/XXX in your sys-dir. Please make sure, that you don't have any old garbage lying around (cvs up -dPA) > cc1: -I- specified twice > mkdep: compile failed > *** Error code 1 > > Stop in /space/src/sys/modules/altq/altq_blue. > *** Error code 1 From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:46:45 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 947A016A4CF; Thu, 16 Sep 2004 03:46:45 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 89495 invoked by uid 1005); 26 Aug 2003 12:00:46 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 89492 invoked from network); 26 Aug 2003 12:00:45 -0000 Received: from moutng.kundenserver.de (212.227.126.186) by pd95304f8.dip.t-dialin.net with SMTP; 26 Aug 2003 12:00:45 -0000 Received: from [212.227.126.214] (helo=mxng18.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19rdOD-0001O1-00 for max@vampire.homelinux.org; Tue, 26 Aug 2003 14:57:37 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng18.kundenserver.de with esmtp (Exim 3.35 #1) id 19rdNs-0001uU-00 for max@love2party.net; Tue, 26 Aug 2003 14:57:16 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id BF29A390883; Tue, 26 Aug 2003 07:58:18 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 26 Aug 2003 07:58:13 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from mail.nipsi.de (b121252.adsl.hansenet.de [62.109.121.252]) ESMTP id 9935B39086E for ; Tue, 26 Aug 2003 07:58:12 -0500 (EST) Received: from blackbox.home.net (blackbox.home.net [172.16.1.13]) (TLS: TLSv1/SSLv3,256bits,AES256-SHA) by mail.nipsi.de with esmtp; Tue, 26 Aug 2003 14:57:07 +0200 Received: from BSDsystems.de (blackbox.home.net [172.16.1.13]) by blackbox.home.net (8.12.9/8.12.9) with ESMTP id h7QCv5xb001126 for ; Tue, 26 Aug 2003 14:57:06 +0200 (CEST) (envelope-from Dennis.Berger@BSDsystems.de) Message-ID: <3F4B5920.4010405@BSDsystems.de> From: Dennis Berger User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030704 X-Accept-Language: en-us, en MIME-Version: 1.0 To: pf4freebsd@freelists.org Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-archive-position: 105 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: Dennis.Berger@BSDsystems.de Precedence: normal X-list: pf4freebsd X-UID: 216 X-Length: 2599 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] pfaltq-fbsd 0.4 released X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:46:45 -0000 X-Original-Date: Tue, 26 Aug 2003 14:57:04 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:46:45 -0000 pfaltq-fbsd 0.4 has been released. -sync kernelpart and tools with pf_freebsd-1.62 -sync sys/altq with kame regards Dennis From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:46:50 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 9CEC816A4CF; Thu, 16 Sep 2004 03:46:50 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 96929 invoked by uid 1005); 27 Aug 2003 03:06:33 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 96926 invoked from network); 27 Aug 2003 03:06:33 -0000 Received: from moutng.kundenserver.de (212.227.126.177) by pd95308d3.dip.t-dialin.net with SMTP; 27 Aug 2003 03:06:33 -0000 Received: from [212.227.126.152] (helo=mxng01.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19rrWn-0006dI-00 for max@vampire.homelinux.org; Wed, 27 Aug 2003 06:03:25 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng01.kundenserver.de with esmtp (Exim 3.35 #1) id 19rrWl-0004Ms-00 for max@love2party.net; Wed, 27 Aug 2003 06:03:24 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 543BC390A01; Tue, 26 Aug 2003 23:04:20 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 26 Aug 2003 23:04:15 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from mail.precisionautobody.com (adsl-63-194-17-43.dsl.lsan03.pacbell.net [63.194.17.43]) ESMTP id 175F839099E for ; Tue, 26 Aug 2003 23:04:15 -0500 (EST) Received: from alan.precisionautobody.com (ip68-4-151-98.oc.oc.cox.net [68.4.151.98]) by mail.precisionautobody.com (Postfix) with ESMTP id CB0722111 for ; Tue, 26 Aug 2003 21:03:35 -0700 (PDT) From: Alan Bryan To: pf4freebsd@freelists.org User-Agent: KMail/1.5 MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200308262103.12394.alan@precisionautobody.com> X-archive-position: 106 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: alan@precisionautobody.com Precedence: normal X-list: pf4freebsd X-UID: 217 X-Length: 2533 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Bridging? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:46:50 -0000 X-Original-Date: Tue, 26 Aug 2003 21:03:12 -0700 X-List-Received-Date: Thu, 16 Sep 2004 03:46:50 -0000 I can't seem to find any information about pf and bridging on FreeBSD. I've got my bridge set up and working but seem to be unable to get pf to block any traffic through the bridge. Before I waste more time on this has anyone else successfully used pf on a FreeBSD bridge? Thanks, Alan From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:46:55 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id A3BB316A4D0; Thu, 16 Sep 2004 03:46:55 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 97116 invoked by uid 1005); 27 Aug 2003 03:31:58 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 97113 invoked from network); 27 Aug 2003 03:31:58 -0000 Received: from moutng.kundenserver.de (212.227.126.183) by pd95308d3.dip.t-dialin.net with SMTP; 27 Aug 2003 03:31:58 -0000 Received: from [212.227.126.164] (helo=mxng11.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19rrvO-0002b6-00 for max@vampire.homelinux.org; Wed, 27 Aug 2003 06:28:50 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng11.kundenserver.de with esmtp (Exim 3.35 #1) id 19rrvL-0004H5-00 for max@love2party.net; Wed, 27 Aug 2003 06:28:47 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 3E55639099D; Tue, 26 Aug 2003 23:29:44 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 26 Aug 2003 23:29:39 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186])ESMTP id 331333906C1 for ; Tue, 26 Aug 2003 23:29:38 -0500 (EST) Received: from [212.227.126.161] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19rrvE-0004Gp-00 for pf4freebsd@freelists.org; Wed, 27 Aug 2003 06:28:40 +0200 Received: from [217.83.8.211] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19rrvD-0000UC-00 for pf4freebsd@freelists.org; Wed, 27 Aug 2003 06:28:40 +0200 Message-ID: <004701c36c53$ed0c0860$01000001@max900> From: "Max Laier" To: References: <200308262103.12394.alan@precisionautobody.com> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 107 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 218 X-Length: 3597 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 Subject: [pf4freebsd] Re: Bridging? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:46:55 -0000 X-Original-Date: Wed, 27 Aug 2003 06:30:20 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:46:55 -0000 bridge.c has PFIL_HOOKS implemented. All you should have to do is: # sysctl net.link.ether.bdg_ipf=1 More documentation can be found in the sources: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/net/bridge.c#rev1.48 Note the part about "This will not work in (...) the bridge.ko module.", you need built in bridge to make it work. Best way to test, is to load a ruleset only containing: block log and then $pftcpdump -n -e -ttt -i pflog0 while generating traffic from both sides. This will give you an idea what filter rules you'll need. ----- Original Message ----- From: "Alan Bryan" To: Sent: Wednesday, August 27, 2003 6:03 AM Subject: [pf4freebsd] Bridging? > I can't seem to find any information about pf and bridging on FreeBSD. I've > got my bridge set up and working but seem to be unable to get pf to block any > traffic through the bridge. > > Before I waste more time on this has anyone else successfully used pf on a > FreeBSD bridge? > > Thanks, > Alan > From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:47:00 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id AA42116A4D0; Thu, 16 Sep 2004 03:47:00 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 97575 invoked by uid 1005); 27 Aug 2003 04:51:37 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 97572 invoked from network); 27 Aug 2003 04:51:37 -0000 Received: from moutng.kundenserver.de (212.227.126.177) by pd95308d3.dip.t-dialin.net with SMTP; 27 Aug 2003 04:51:37 -0000 Received: from [212.227.126.163] (helo=mxng10.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19rtAT-0005k8-00 for max@vampire.homelinux.org; Wed, 27 Aug 2003 07:48:29 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng10.kundenserver.de with esmtp (Exim 3.35 #1) id 19rt9x-0003UF-00 for max@love2party.net; Wed, 27 Aug 2003 07:47:57 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 18F06390945; Wed, 27 Aug 2003 00:48:53 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Wed, 27 Aug 2003 00:48:48 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from mail.precisionautobody.com (adsl-63-194-17-43.dsl.lsan03.pacbell.net [63.194.17.43]) ESMTP id 3E30D3908F3 for ; Wed, 27 Aug 2003 00:48:48 -0500 (EST) Received: from alan.precisionautobody.com (ip68-4-151-98.oc.oc.cox.net [68.4.151.98]) by mail.precisionautobody.com (Postfix) with ESMTP id 9D3562118; Tue, 26 Aug 2003 22:48:10 -0700 (PDT) From: Alan Bryan To: pf4freebsd@freelists.org, "Max Laier" User-Agent: KMail/1.5 References: <200308262103.12394.alan@precisionautobody.com> <004701c36c53$ed0c0860$01000001@max900> In-Reply-To: <004701c36c53$ed0c0860$01000001@max900> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200308262247.46254.alan@precisionautobody.com> X-archive-position: 108 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: alan@precisionautobody.com Precedence: normal X-list: pf4freebsd X-UID: 219 X-Length: 4378 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: Bridging? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:47:00 -0000 X-Original-Date: Tue, 26 Aug 2003 22:47:46 -0700 X-List-Received-Date: Thu, 16 Sep 2004 03:47:00 -0000 Thanks for the quick response! Here's a bit more info: FreeBSD 5.1 Release. Rebuilt Kernel with: options BRIDGE options PFIL_HOOKS options RANDOM_IP_ID options INET6 my /etc/sysctl.conf has: net.link.ether.bridge_cfg=dc0, dc1 net.link.ether.bridge_ipf=1 net.link.ether.bridge=1 No IPs are assigned to either NIC My /usr/local/etc/pf.conf: block log When I do all of that I get a working bridge but it doesn't block anything except some port 137 broadcast packets (by watching pftcpdump results as recommended). I can still ping through the bridge both directions and connect via ssh through the bridge. Given the above config shouldn't everything be blocked? Does anyone see something I've done wrong or omitted? Thanks, Alan On Tuesday 26 August 2003 09:30 pm, Max Laier wrote: > bridge.c has PFIL_HOOKS implemented. All you should have to do is: > > # sysctl net.link.ether.bdg_ipf=1 > > More documentation can be found in the sources: > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/net/bridge.c#rev1.48 > Note the part about "This will not work in (...) the bridge.ko module.", > you need built in bridge to make it work. > > Best way to test, is to load a ruleset only containing: > block log > and then > $pftcpdump -n -e -ttt -i pflog0 > while generating traffic from both sides. This will give you an idea what > filter rules you'll need. > > ----- Original Message ----- > From: "Alan Bryan" > To: > Sent: Wednesday, August 27, 2003 6:03 AM > Subject: [pf4freebsd] Bridging? > > > I can't seem to find any information about pf and bridging on FreeBSD. > > I've > > > got my bridge set up and working but seem to be unable to get pf to block > > any > > > traffic through the bridge. > > > > Before I waste more time on this has anyone else successfully used pf on > > a FreeBSD bridge? > > > > Thanks, > > Alan From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:47:10 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id B3BB216A4CF; Thu, 16 Sep 2004 03:47:10 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 3923 invoked by uid 1005); 27 Aug 2003 21:45:24 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 3920 invoked from network); 27 Aug 2003 21:45:23 -0000 Received: from moutng.kundenserver.de (212.227.126.186) by pd95308d3.dip.t-dialin.net with SMTP; 27 Aug 2003 21:45:23 -0000 Received: from [212.227.126.153] (helo=mxng02.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19s8zZ-00084p-00 for max@vampire.homelinux.org; Thu, 28 Aug 2003 00:42:17 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng02.kundenserver.de with esmtp (Exim 3.35 #1) id 19s8zV-0007ZD-00 for max@love2party.net; Thu, 28 Aug 2003 00:42:13 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 44E3B390DEF; Wed, 27 Aug 2003 17:43:02 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Wed, 27 Aug 2003 17:42:57 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.185])ESMTP id 4A837390DCF for ; Wed, 27 Aug 2003 17:42:57 -0500 (EST) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19s8zO-0000C1-00 for pf4freebsd@freelists.org; Thu, 28 Aug 2003 00:42:06 +0200 Received: from [217.83.8.211] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19s8zO-0002jt-00 for pf4freebsd@freelists.org; Thu, 28 Aug 2003 00:42:06 +0200 Message-ID: <01a301c36cec$ae04d5e0$01000001@max900> From: "Max Laier" To: References: <3F4D2D3B.1070900@kasimir.com> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 110 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 221 X-Length: 5131 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 Subject: [pf4freebsd] Re: non-sleepable locks held X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:47:10 -0000 X-Original-Date: Thu, 28 Aug 2003 00:43:47 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:47:10 -0000 This is "options WITNESS" output telling us that we have some work to do regarding the locks to make pf and altq fit for Giant free kernel. In fact work we work hard in that area at the moment and have some promising stuff allready. However, as this is non-trivial we take our time before we commit. So please allow us to get that right before revealing to public. For now this won't cause trouble (other than messing up your dmesg). If you ever get to see a "lock order removal" in connection with pf, this information (including the stack backtrace and exact version information) is very valueable to us. If you want to be really helpfull keep your kernel objects so we can get back to you for objdump output and alike. Thank you for your report. Regards, Max > i got these today: > > Aug 28 00:01:18 flds kernel: malloc() of "128" with the following > non-sleepable locks held: > Aug 28 00:01:18 flds kernel: exclusive sleep mutex pf task mtx r = 0 > (0xc0424de0) locked @ /space/src/sys/net/pf_ioctl.c:859 > Aug 28 00:01:18 flds kernel: malloc() of "64" with the following > non-sleepable locks held: > Aug 28 00:01:18 flds kernel: exclusive sleep mutex pf task mtx r = 0 > (0xc0424de0) locked @ /space/src/sys/net/pf_ioctl.c:859 > Aug 28 00:01:18 flds kernel: malloc() of "16" with the following > non-sleepable locks held: > Aug 28 00:01:18 flds kernel: exclusive sleep mutex pf task mtx r = 0 > (0xc0424de0) locked @ /space/src/sys/net/pf_ioctl.c:859 > Aug 28 00:01:18 flds kernel: malloc() of "64" with the following > non-sleepable locks held: > Aug 28 00:01:18 flds kernel: exclusive sleep mutex pf task mtx r = 0 > (0xc0424de0) locked @ /space/src/sys/net/pf_ioctl.c:859 > Aug 28 00:01:18 flds kernel: malloc() of "16" with the following > non-sleepable locks held: > Aug 28 00:01:18 flds kernel: exclusive sleep mutex pf task mtx r = 0 > (0xc0424de0) locked @ /space/src/sys/net/pf_ioctl.c:859 > Aug 28 00:01:18 flds kernel: malloc() of "64" with the following > non-sleepable locks held: > Aug 28 00:01:18 flds kernel: exclusive sleep mutex ifnet r = 0 > (0xc0422cc0) locked @ /space/src/sys/net/if.c:1219 > Aug 28 00:01:18 flds kernel: exclusive sleep mutex pf task mtx r = 0 > (0xc0424de0) locked @ /space/src/sys/net/pf_ioctl.c:859 > > My System is: > FreeBSD flds 5.1-CURRENT FreeBSD 5.1-CURRENT #1: Sun Aug 24 12:57:30 > CEST 2003 root@flds:/usr/obj/space/src/sys/FLDS i386 > > i got pfaltq-fbsd the same day from cvs. > > I actually don't know how usefull this is but who knows what it is good for. > > Regards, > flo From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:47:15 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id B9A7516A4CF; Thu, 16 Sep 2004 03:47:15 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 3973 invoked by uid 1005); 27 Aug 2003 21:55:14 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 3970 invoked from network); 27 Aug 2003 21:55:14 -0000 Received: from moutng.kundenserver.de (212.227.126.188) by pd95308d3.dip.t-dialin.net with SMTP; 27 Aug 2003 21:55:14 -0000 Received: from [212.227.126.212] (helo=mxng16.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19s995-0003uN-00 for max@vampire.homelinux.org; Thu, 28 Aug 2003 00:52:07 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng16.kundenserver.de with esmtp (Exim 3.35 #1) id 19s990-0005r4-00 for max@love2party.net; Thu, 28 Aug 2003 00:52:02 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 2A4C4390C6E; Wed, 27 Aug 2003 17:52:46 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Wed, 27 Aug 2003 17:52:41 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186])ESMTP id DD95F390D9E for ; Wed, 27 Aug 2003 17:52:40 -0500 (EST) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19s98n-00022u-00 for pf4freebsd@freelists.org; Thu, 28 Aug 2003 00:51:49 +0200 Received: from [217.83.8.211] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19s98n-0003La-00 for pf4freebsd@freelists.org; Thu, 28 Aug 2003 00:51:49 +0200 Message-ID: <01a901c36cee$09bd6810$01000001@max900> From: "Max Laier" To: References: <200308262103.12394.alan@precisionautobody.com> <004701c36c53$ed0c0860$01000001@max900> <200308262247.46254.alan@precisionautobody.com> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 111 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 222 X-Length: 3303 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 Subject: [pf4freebsd] Re: Bridging? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:47:15 -0000 X-Original-Date: Thu, 28 Aug 2003 00:53:30 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:47:15 -0000 That's strange. Can you send output of "pfctl -gvvsa" after some traffic. Maybe with this ruleset: >>>> block in log block out log <<<< If you have time to test a bit, I'd like to send you some debugging code to run, as I don't have a bridge setup at hand for testing. Regards, Max > When I do all of that I get a working bridge but it doesn't block anything > except some port 137 broadcast packets (by watching pftcpdump results as > recommended). I can still ping through the bridge both directions and > connect via ssh through the bridge. > > Given the above config shouldn't everything be blocked? Does anyone see > something I've done wrong or omitted? From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:47:20 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id BDF3416A4CF; Thu, 16 Sep 2004 03:47:20 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 4261 invoked by uid 1005); 27 Aug 2003 22:28:34 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 4258 invoked from network); 27 Aug 2003 22:28:33 -0000 Received: from moutng.kundenserver.de (212.227.126.187) by pd95308d3.dip.t-dialin.net with SMTP; 27 Aug 2003 22:28:33 -0000 Received: from [212.227.126.139] (helo=mxng12.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19s9fL-0000ZW-00 for max@vampire.homelinux.org; Thu, 28 Aug 2003 01:25:27 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng12.kundenserver.de with esmtp (Exim 3.35 #1) id 19s9fH-0003rF-00 for max@love2party.net; Thu, 28 Aug 2003 01:25:23 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 1F5A6390864; Wed, 27 Aug 2003 18:26:01 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Wed, 27 Aug 2003 18:25:56 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from mail.precisionautobody.com (adsl-63-194-17-43.dsl.lsan03.pacbell.net [63.194.17.43]) ESMTP id 4DC86390E71 for ; Wed, 27 Aug 2003 18:25:55 -0500 (EST) Received: from alan.precisionautobody.com (ip68-4-151-98.oc.oc.cox.net [68.4.151.98]) by mail.precisionautobody.com (Postfix) with ESMTP id 4FAD52272; Wed, 27 Aug 2003 16:25:34 -0700 (PDT) From: Alan Bryan To: pf4freebsd@freelists.org, "Max Laier" User-Agent: KMail/1.5 References: <200308262103.12394.alan@precisionautobody.com> <200308262247.46254.alan@precisionautobody.com> <01a901c36cee$09bd6810$01000001@max900> In-Reply-To: <01a901c36cee$09bd6810$01000001@max900> MIME-Version: 1.0 Content-type: text/plain Message-Id: <200308271625.05235.alan@precisionautobody.com> Content-Transfer-Encoding: 8bit X-archive-position: 112 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: alan@precisionautobody.com Precedence: normal X-list: pf4freebsd X-UID: 223 X-Length: 7171 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: Bridging? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:47:20 -0000 X-Original-Date: Wed, 27 Aug 2003 16:25:05 -0700 X-List-Received-Date: Thu, 16 Sep 2004 03:47:20 -0000 On Wednesday 27 August 2003 03:53 pm, Max Laier wrote: > That's strange. Can you send output of "pfctl -gvvsa" after some traffic. > Maybe with this ruleset: > > block in log > block out log > <<<< Done. See way down below (also attached in case formatting is weird). I sent traffic in both directions. A port scan in one direction and a machine browsing the web in the other. About 5 minutes of traffic. > > If you have time to test a bit, I'd like to send you some debugging code to > run, as I don't have a bridge setup at hand for testing. > OK - send away. Anything I can do to help. I have tons of time and really need to get this working ASAP. Another strange tidbit of info - I needed to get the results of "pfctl -gvvsa" onto my other machine to type up this email so I enabled the default route and gave one card an IP in rc.conf and rebooted. When it came back up I couldn't ssh to the box (as expected) because the block rules were still there. So pf seems to work once I've bound an IP address to a NIC but ignores the bridge??? Thanks for the help, Alan @0 block drop in log all [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 50 Packets: 50 Bytes: 6853 States: 0 ] @1 block drop out log all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 50 Packets: 0 Bytes: 0 States: 0 ] Status: Enabled for 0 days 00:06:53 Debug: None State Table Total Rate current entries 0 searches 50 0.1/s inserts 0 0.0/s removals 0 0.0/s Counters match 50 0.1/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 30s interval 10s states hard limit 10000 frags hard limit 5000 -- Attached file included as plaintext by Ecartis -- -- File: results.txt @0 block drop in log all [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 50 Packets: 50 Bytes: 6853 States: 0 ] @1 block drop out log all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 50 Packets: 0 Bytes: 0 States: 0 ] Status: Enabled for 0 days 00:06:53 Debug: None State Table Total Rate current entries 0 searches 50 0.1/s inserts 0 0.0/s removals 0 0.0/s Counters match 50 0.1/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 30s interval 10s states hard limit 10000 frags hard limit 5000 From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:47:25 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id C2AF016A4D0; Thu, 16 Sep 2004 03:47:25 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 4253 invoked by uid 1005); 27 Aug 2003 22:28:19 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 4250 invoked from network); 27 Aug 2003 22:28:19 -0000 Received: from moutng.kundenserver.de (212.227.126.184) by pd95308d3.dip.t-dialin.net with SMTP; 27 Aug 2003 22:28:19 -0000 Received: from [212.227.126.158] (helo=mxng08.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19s9f6-00071L-00 for max@vampire.homelinux.org; Thu, 28 Aug 2003 01:25:12 +0200 Received: from [63.194.17.43] (helo=mail.precisionautobody.com) by mxng08.kundenserver.de with esmtp (Exim 3.35 #1) id 19s9f1-0004bU-00 for max@love2party.net; Thu, 28 Aug 2003 01:25:08 +0200 Received: from alan.precisionautobody.com (ip68-4-151-98.oc.oc.cox.net [68.4.151.98]) by mail.precisionautobody.com (Postfix) with ESMTP id 4FAD52272; Wed, 27 Aug 2003 16:25:34 -0700 (PDT) From: Alan Bryan To: pf4freebsd@freelists.org, "Max Laier" User-Agent: KMail/1.5 References: <200308262103.12394.alan@precisionautobody.com> <200308262247.46254.alan@precisionautobody.com> <01a901c36cee$09bd6810$01000001@max900> In-Reply-To: <01a901c36cee$09bd6810$01000001@max900> MIME-Version: 1.0 Content-Type: Multipart/Mixed; boundary="Boundary-00=_R3TT/37exXmc8yD" Message-Id: <200308271625.05235.alan@precisionautobody.com> X-UID: 224 X-Length: 6693 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: Re: [pf4freebsd] Re: Bridging? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: alan@precisionautobody.com List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:47:25 -0000 X-Original-Date: Wed, 27 Aug 2003 16:25:05 -0700 X-List-Received-Date: Thu, 16 Sep 2004 03:47:25 -0000 --Boundary-00=_R3TT/37exXmc8yD Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline On Wednesday 27 August 2003 03:53 pm, Max Laier wrote: > That's strange. Can you send output of "pfctl -gvvsa" after some traffic. > Maybe with this ruleset: > > block in log > block out log > <<<< Done. See way down below (also attached in case formatting is weird). I sent traffic in both directions. A port scan in one direction and a machine browsing the web in the other. About 5 minutes of traffic. > > If you have time to test a bit, I'd like to send you some debugging code to > run, as I don't have a bridge setup at hand for testing. > OK - send away. Anything I can do to help. I have tons of time and really need to get this working ASAP. Another strange tidbit of info - I needed to get the results of "pfctl -gvvsa" onto my other machine to type up this email so I enabled the default route and gave one card an IP in rc.conf and rebooted. When it came back up I couldn't ssh to the box (as expected) because the block rules were still there. So pf seems to work once I've bound an IP address to a NIC but ignores the bridge??? Thanks for the help, Alan @0 block drop in log all [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 50 Packets: 50 Bytes: 6853 States: 0 ] @1 block drop out log all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 50 Packets: 0 Bytes: 0 States: 0 ] Status: Enabled for 0 days 00:06:53 Debug: None State Table Total Rate current entries 0 searches 50 0.1/s inserts 0 0.0/s removals 0 0.0/s Counters match 50 0.1/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 30s interval 10s states hard limit 10000 frags hard limit 5000 --Boundary-00=_R3TT/37exXmc8yD Content-Type: text/plain; charset="iso-8859-1"; name="results.txt" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="results.txt" @0 block drop in log all [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 50 Packets: 50 Bytes: 6853 States: 0 ] @1 block drop out log all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 50 Packets: 0 Bytes: 0 States: 0 ] Status: Enabled for 0 days 00:06:53 Debug: None State Table Total Rate current entries 0 searches 50 0.1/s inserts 0 0.0/s removals 0 0.0/s Counters match 50 0.1/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 30s interval 10s states hard limit 10000 frags hard limit 5000 --Boundary-00=_R3TT/37exXmc8yD-- From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:47:30 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id C840C16A4CF; Thu, 16 Sep 2004 03:47:30 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 4645 invoked by uid 1005); 27 Aug 2003 23:22:31 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 4642 invoked from network); 27 Aug 2003 23:22:30 -0000 Received: from moutng.kundenserver.de (212.227.126.187) by pd95308d3.dip.t-dialin.net with SMTP; 27 Aug 2003 23:22:30 -0000 Received: from [212.227.126.163] (helo=mxng10.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19sAVX-00081S-00 for max@vampire.homelinux.org; Thu, 28 Aug 2003 02:19:23 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng10.kundenserver.de with esmtp (Exim 3.35 #1) id 19sAVS-0005n2-00 for max@love2party.net; Thu, 28 Aug 2003 02:19:18 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 3B46C390D93; Wed, 27 Aug 2003 19:20:07 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Wed, 27 Aug 2003 19:20:02 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188])ESMTP id 47658390D23 for ; Wed, 27 Aug 2003 19:20:02 -0500 (EST) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19sAVM-0002PO-00 for pf4freebsd@freelists.org; Thu, 28 Aug 2003 02:19:12 +0200 Received: from [217.83.8.211] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19sAVL-0007jp-00 for pf4freebsd@freelists.org; Thu, 28 Aug 2003 02:19:12 +0200 Message-ID: <025801c36cfa$3e756290$01000001@max900> From: "Max Laier" To: References: <200308262103.12394.alan@precisionautobody.com> <200308262247.46254.alan@precisionautobody.com> <01a901c36cee$09bd6810$01000001@max900> <200308271625.05235.alan@precisionautobody.com> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 113 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 225 X-Length: 3604 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 Subject: [pf4freebsd] Re: Bridging? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:47:30 -0000 X-Original-Date: Thu, 28 Aug 2003 02:20:53 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:47:30 -0000 DAMN IT ... what is this ... your mailserver won't let me send plain-text *.diff and tells me to "zip" and doesn't accept zip either ... find the patch at: http://pf4freebsd.love2party.net/bridge.c.diff > > OK - send away. Anything I can do to help. I have tons of time and > really > > need to get this working ASAP. > > First off, if that's true you better go install OpenBSD or learn what ipfw > can do for you. I don't think that we will have it working too soon. If you > are still interested in testing: > > The attchment is a really noisy patch against sys/net/bridge.c > Apply it, rebuild your kernel and generate traffic without pf module loaded. > $dmesg -a >file.pfoff > load pf and enable it and generate some traffic > $dmesg -a >file.pfon > unload pf and generate some traffic > $dmesg -a >file.pfoffagain > and send my the output files. > > That's all for the start. > > Regards, > Max > From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:47:35 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id CE02816A4D0; Thu, 16 Sep 2004 03:47:35 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 5041 invoked by uid 1005); 28 Aug 2003 00:20:00 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 5038 invoked from network); 28 Aug 2003 00:19:59 -0000 Received: from moutng.kundenserver.de (212.227.126.186) by pd95308d3.dip.t-dialin.net with SMTP; 28 Aug 2003 00:19:59 -0000 Received: from [212.227.126.164] (helo=mxng11.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19sBPB-0006tr-00 for max@vampire.homelinux.org; Thu, 28 Aug 2003 03:16:53 +0200 Received: from [63.194.17.43] (helo=mail.precisionautobody.com) by mxng11.kundenserver.de with esmtp (Exim 3.35 #1) id 19sBP7-0000lZ-00 for max@love2party.net; Thu, 28 Aug 2003 03:16:49 +0200 Received: from alan.precisionautobody.com (ip68-4-151-98.oc.oc.cox.net [68.4.151.98]) by mail.precisionautobody.com (Postfix) with ESMTP id 376362118 for ; Wed, 27 Aug 2003 18:17:19 -0700 (PDT) From: Alan Bryan To: "Max Laier" User-Agent: KMail/1.5 References: <200308262103.12394.alan@precisionautobody.com> <200308271625.05235.alan@precisionautobody.com> <025801c36cfa$3e756290$01000001@max900> In-Reply-To: <025801c36cfa$3e756290$01000001@max900> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200308271816.49158.alan@precisionautobody.com> X-UID: 226 X-Length: 2259 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: Re: [pf4freebsd] Re: Bridging? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: alan@precisionautobody.com List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:47:36 -0000 X-Original-Date: Wed, 27 Aug 2003 18:16:49 -0700 X-List-Received-Date: Thu, 16 Sep 2004 03:47:36 -0000 On Wednesday 27 August 2003 05:20 pm, Max Laier wrote: > DAMN IT ... what is this ... your mailserver won't let me send plain-text > *.diff and tells me to "zip" and doesn't accept zip either ... Strange - not sure why your zip wouldn't work. I just sent one through just fine. Looked at the raw logs and I see the attempts with the *.diff but no attempts with *.zip. I'm trying to get ahold of another machine. This will let me switch to ipfw to get the current task done but then I'll also have spare hardware to help get the pf bridging issue sorted out. Thanks for the help, Alan From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:47:40 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id D23C416A4CF; Thu, 16 Sep 2004 03:47:40 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 8711 invoked by uid 1005); 28 Aug 2003 12:28:16 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 8708 invoked from network); 28 Aug 2003 12:28:16 -0000 Received: from moutng.kundenserver.de (212.227.126.186) by pd9530da6.dip.t-dialin.net with SMTP; 28 Aug 2003 12:28:16 -0000 Received: from [212.227.126.147] (helo=mxng04.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19sMlx-0000t7-00 for max@vampire.homelinux.org; Thu, 28 Aug 2003 15:25:09 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng04.kundenserver.de with esmtp (Exim 3.35 #1) id 19sMlt-00015b-00 for max@love2party.net; Thu, 28 Aug 2003 15:25:05 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 233C3390A94; Thu, 28 Aug 2003 08:16:37 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Thu, 28 Aug 2003 08:16:30 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from judge.thecrucible.ca (judge.thecrucible.ca [69.41.232.130]) ESMTP id 5051639064C for ; Thu, 28 Aug 2003 08:16:22 -0500 (EST) Received: (qmail 82615 invoked by uid 0); 28 Aug 2003 13:15:35 -0000 Received: from unknown (HELO ?24.116.191.114?) (brandon@thecrucible.ca@24.116.191.114) by judge.thecrucible.ca with SMTP; 28 Aug 2003 13:15:35 -0000 From: Brandon Weisz To: pf4freebsd@freelists.org In-Reply-To: <025801c36cfa$3e756290$01000001@max900> References: <200308262103.12394.alan@precisionautobody.com> <200308262247.46254.alan@precisionautobody.com> <01a901c36cee$09bd6810$01000001@max900> <200308271625.05235.alan@precisionautobody.com> <025801c36cfa$3e756290$01000001@max900> Content-type: text/plain Message-Id: <1062074062.31217.14.camel@quark.avioc.org> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.4 Content-Transfer-Encoding: 8bit X-archive-position: 114 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: brandon@mail.avioc.org Precedence: normal X-list: pf4freebsd X-UID: 227 X-Length: 17208 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: Bridging? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:47:40 -0000 X-Original-Date: Thu, 28 Aug 2003 08:15:45 -0500 X-List-Received-Date: Thu, 16 Sep 2004 03:47:40 -0000 Max, I tested your patch with basically the same setup as Alan. I'm using the pf port, not sure if I should be testing with 1.62. The quick and dirty is I didn't see any of the debug messages from bridge.c.diff in the dmesg. The results(?) along with my setup are attached. labrat# uname -a FreeBSD labrat.internal.avioc.org 5.1-RELEASE-p2 FreeBSD 5.1-RELEASE-p2 #1: Sun Aug 31 22:14:14 CDT 2003 root@labrat.internal.avioc.org:/usr/obj/usr/src/sys/CORE-L i386 labrat# sysctl -a | grep bridge net.link.ether.bridge_cfg: xl0,xl1 net.link.ether.bridge: 1 net.link.ether.bridge_ipfw: 0 net.link.ether.bridge_ipf: 1 net.link.ether.bridge_ipfw_drop: 0 net.link.ether.bridge_ipfw_collisions: 0 labrat# cat /usr/local/etc/pf.conf set loginterface xl0 #pass in all #pass out all block log Regards, Brandon On Wed, 2003-08-27 at 19:20, Max Laier wrote: > DAMN IT ... what is this ... your mailserver won't let me send plain-text > *.diff and tells me to "zip" and doesn't accept zip either ... > > find the patch at: http://pf4freebsd.love2party.net/bridge.c.diff > > > > > OK - send away. Anything I can do to help. I have tons of time and > > really > > > need to get this working ASAP. > > > > First off, if that's true you better go install OpenBSD or learn what ipfw > > can do for you. I don't think that we will have it working too soon. If > you > > are still interested in testing: > > > > The attchment is a really noisy patch against sys/net/bridge.c > > Apply it, rebuild your kernel and generate traffic without pf module > loaded. > > $dmesg -a >file.pfoff > > load pf and enable it and generate some traffic > > $dmesg -a >file.pfon > > unload pf and generate some traffic > > $dmesg -a >file.pfoffagain > > and send my the output files. > > > > That's all for the start. > > > > Regards, > > Max > > > > -- Attached file included as plaintext by Ecartis -- -- File: dmesg.pfoff Copyright (c) 1992-2003 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.1-RELEASE-p2 #1: Sun Aug 31 22:14:14 CDT 2003 root@labrat.internal.avioc.org:/usr/obj/usr/src/sys/CORE-L Preloaded elf kernel "/boot/kernel/kernel" at 0xc06df000. Preloaded elf module "/boot/kernel/acpi.ko" at 0xc06df1f4. Timecounter "i8254" frequency 1193182 Hz Timecounter "TSC" frequency 451024650 Hz CPU: AMD-K6(tm) 3D processor (451.02-MHz 586-class CPU) Origin = "AuthenticAMD" Id = 0x58c Stepping = 12 Features=0x8021bf AMD Features=0x80000800 real memory = 402587648 (383 MB) avail memory = 383578112 (365 MB) K6-family MTRR support enabled (2 registers) npx0: on motherboard npx0: INT 16 interface acpi0: on motherboard pcibios: BIOS version 2.10 Using $PIR table, 6 entries at 0xc00fdf00 acpi0: power button is handled as a fixed feature programming model. Timecounter "ACPI-safe" frequency 3579545 Hz acpi_timer0: <32-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0 acpi_cpu0: on acpi0 acpi_tz0: on acpi0 acpi_button0: on acpi0 pcib0: port 0x4d6,0x40b,0x480-0x48f,0x5000-0x501f,0x4000-0x403f,0xcf8-0xcff on acpi0 pci0: on pcib0 agp0: mem 0xe0000000-0xe3ffffff at device 0.0 on pci0 pcib1: at device 1.0 on pci0 pci1: on pcib1 pci1: at device 0.0 (no driver attached) isab0: at device 7.0 on pci0 isa0: on isab0 xl0: <3Com 3c905C-TX Fast Etherlink XL> port 0xd000-0xd07f mem 0xe9006000-0xe900607f irq 5 at device 9.0 on pci0 xl0: Ethernet address: 00:50:da:c6:d6:f7 miibus0: on xl0 xlphy0: <3c905C 10/100 internal PHY> on miibus0 xlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto xl1: <3Com 3c905B-TX Fast Etherlink XL> port 0xd400-0xd47f mem 0xe9005000-0xe900507f irq 10 at device 10.0 on pci0 xl1: Ethernet address: 00:50:04:d2:26:a1 miibus1: on xl1 bmtphy0: <3c905B 10/100 internal PHY> on miibus1 bmtphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto atapci0: port 0xe800-0xe80f,0xe400-0xe403,0xe000-0xe007,0xdc00-0xdc03,0xd800-0xd807 mem 0xe9000000-0xe9003fff irq 11 at device 11.0 on pci0 ata2: at 0xd800 on atapci0 ata3: at 0xe000 on atapci0 atapci1: port 0xec00-0xec0f at device 15.0 on pci0 ata0: at 0x1f0 irq 14 on atapci1 ata1: at 0x170 irq 15 on atapci1 fdc0: port 0x3f7,0x3f2-0x3f5 irq 6 drq 2 on acpi0 sio0 port 0x3f8-0x3ff irq 4 on acpi0 sio0: type 16550A sio1 port 0x2f8-0x2ff irq 3 on acpi0 sio1: type 16550A ppc0 port 0x378-0x37f irq 7 on acpi0 ppc0: Generic chipset (EPP/NIBBLE) in COMPATIBLE mode ppbus0: on ppc0 plip0: on ppbus0 lpt0: on ppbus0 lpt0: Interrupt-driven port ppi0: on ppbus0 atkbdc0: port 0x64,0x60 irq 1 on acpi0 atkbd0: flags 0x1 irq 1 on atkbdc0 kbd0 at atkbd0 psm0: irq 12 on atkbdc0 psm0: model IntelliMouse, device ID 3 orm0: