How to set up a gateway?
Hello, I have a machine running FreeBSD 4.5 STABLE. This machine has two NICs in it, one connected to the internal LAN and one connected to a ADSL modem (I'm using PPPoE). I've successfully managed to set them up so that the FreeBSD machine has access to the Internet, that works flawlessly, but I'm not able to get this machine to act as a gateway for other computers on my network. For the time being, internal IP addresses are used, but real once will be put in place in the not so distant future. I've done the following: rc.conf: PPP_NAT="YES" ENABLE_GATWAY="YES" ppp.conf: nat enable yes I've compiled netgraph into the kernel (NETGRAPH, NETGRAPH_EHTER, NETGRAPH_SOCKET). Of the two NICs, only the one connected to the LAN is configured during startup. The ADSL connection is also established during startup and tun0 is added as the default gateway interface. I don't have a firewall running (yet). I have a DNS server on this machine, and other machines can successfully lookup hostnames. But when I tell them that they should use the FreeBSD machine as a gateway, they simply time out when trying to connect to something outside of the LAN. Any idea what I'm forgetting or doing wrong? - IT To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: 5.Current Netgraph, Mutex
Hi,
Call stack looks like this:
witness_destroy
mtx_destroy
fdtree
exit1
sys_exit
syscall
syscall_with_err_pushed
This is all information I have at that moment.
I could also send full texts of driver.
I also have question about ng_rmtype (&typestruct) function.
It seems that no one uses it. Thus all driver are broken as modules.
Best regards,
Roman Kurakin
Julian Elischer wrote:
>I'm sorry I have not tried it for some time (a couple of months)
>I do not know what has been broken.
>
>I will try look tomorrow.
>It only uses mutex in a few places so I will hopefully find what has
>changed..
>
>Can you give more information (e.g. stack trace?)
>
>On Tue, 16 Apr 2002, Roman Kurakin wrote:
>
>>Hi,
>>
>>I am workin with 5.Current branch and I have some problems while
>>unloading
>>my driver or better to say after it done all unload stuff. If I comment
>>kernel options
>>that allow better debuging of MUTEX (WITNESS*) all works, but if I turn
>>them on
>>I will get kernel fault. (sppp + witness also works with out any
>>problems, only
>>netgraph + witness leads to fault) Any suggestions?
>>
>>Best regards,
>>Roman Kurakin
>>
>>
>>
>>
>>
>
>
>To Unsubscribe: send mail to [EMAIL PROTECTED]
>with "unsubscribe freebsd-net" in the body of the message
>
>
/*
* Cronyx-Tau-PCI adapter driver for FreeBSD.
* Supports PPP/HDLC, Cisco/HDLC and FrameRelay protocol in synchronous mode,
* and asyncronous channels with full modem control.
* Keepalive protocol implemented in both Cisco and PPP modes.
*
* Copyright (C) 1999-2002 Cronyx Engineering Ltd.
* Authors:
* Kurakin Roman, <[EMAIL PROTECTED]>
* Serge Vakulenko, <[EMAIL PROTECTED]>
*
* This software is distributed with NO WARRANTIES, not even the implied
* warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*
* Authors grant any other persons or organisations permission to use
* or modify this software as long as this message is kept with the software,
* all derivative works or modified versions.
*/
#include "pci.h"
#if NPCI > 0
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#if __FreeBSD_version >= 40
#include
#endif
#include
#include
#include
#include
#include
#include
#if __FreeBSD_version >= 50
# include
# include
#else
# include
# include
#endif
#include
#include
#include
#include
#include "opt_ng_cronyx.h"
#ifdef NETGRAPH_CRONYX
# include "opt_netgraph.h"
# ifndef NETGRAPH
# error #option NETGRAPH missed from configuration
# endif
# include
# include
# if __FreeBSD_version >= 50
# include
# else
# include
# endif
#else
# if __FreeBSD_version <= 50
# include "sppp.h"
# if NSPPP <= 0
# error The device cp requires sppp or netgraph.
# endif
# endif
# include
# include
# define PP_CISCO IFF_LINK2
#if __FreeBSD_version < 40
# include
# if NBPFILTER > 0
# include
# endif
#else
# include
# include
# define NBPFILTER NBPF
#endif
#endif
#define DEBUG(d,s) ({if (d->chan->debug) {\
printf ("%s: ", d->name); printf s;}})
#define DEBUG2(d,s) ({if (d->chan->debug>1) {\
printf ("%s: ", d->name); printf s;}})
#define CDEV_MAJOR 134
#if __FreeBSD_version >= 40
static int cp_probe__P((device_t));
static int cp_attach __P((device_t));
static int cp_detach __P((device_t));
static device_method_t cp_methods[] = {
/* Device interface */
DEVMETHOD(device_probe, cp_probe),
DEVMETHOD(device_attach,cp_attach),
DEVMETHOD(device_detach,cp_detach),
{0, 0}
};
typedef struct _bdrv_t {
cp_board_t *board;
struct resource *cp_res;
struct resource *cp_irq;
void*cp_intrhand;
} bdrv_t;
static driver_t cp_driver = {
"cp",
cp_methods,
sizeof(bdrv_t),
};
static devclass_t cp_devclass;
#endif
typedef struct _drv_t {
char name [8];
cp_chan_t *chan;
cp_board_t *board;
cp_buf_t buf;
int running;
#ifdef NETGRAPH
charnodename [NG_NODELEN+1];
hook_p hook;
hook_p debug_hook;
node_p node;
struct ifqueue queue;
struct ifqueue hi_queue;
short timeout;
struct callout_handle timeout_handle;
#else
struct sppp pp;
#endif
#if __FreeBSD_version >= 40
dev_t devt;
#endif
} drv_t;
static void cp_receive (cp_chan_t *c, char *data, int len);
static void cp_transmit (cp_chan_t *c, void *attachment, int len);
static void cp_error (cp_chan_t *c, int data);
static void cp_up (drv_t *d);
static void cp_start (drv_t *d);
static void cp_down (drv_t *d);
static void cp_watchdog (drv_t *d);
#ifdef NETGRAPH
extern struct ng_type typ
FreeBSD 4.5 and network problems
I have installed FreeBSD 4.5. Everything worked OK from the console. But when I tried to connect to it remotely (using SSH) I had some network troubles. From time to time to time the connection hangs for a short time. First of all I've tried to install another network card (I've replaced D-Link 550 with D-Link 538TX). But the problem still exists. Later I've noticed that network timeouts happen also when sending or receiving large files over SMTP/POP3. Can someone help me to solve this problem? Best regards, Alexander Isaev mailto:[EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: 5.Current Netgraph, Mutex
Roman Kurakin wrote: > #if __FreeBSD_version >= 50 > mtx_init (&d->queue.ifq_mtx, "cp_queue", MTX_DEF); > mtx_init (&d->hi_queue.ifq_mtx, "cp_queue_hi", MTX_DEF); > #endif my guess would be that you forgot to call mtx_destroy() for queue and hi_queue mutexes. thanks, max To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: FreeBSD 4.5 and network problems
Are you talking about IP over Satellite link ? On Wed, 17 Apr 2002 11:00:45 -0500 Damon Permezel <[EMAIL PROTECTED]> wrote: > Not sure about the initial delays, but I found a bug which does cause > throughput to drop dramatically once it is hit. > > Consider the sender of a bulk data transfer (1/2 duplex). > When header prediction is successful, the ACK stream coming back > is handled by the fast path code. For this to be true, the window info > in that ACK stream cannot change. > > tiwin && tiwin == tp->snd_wnd -- === Christophe PrevotauxEmail: [EMAIL PROTECTED] HEXANET SARLURL: http://www.hexanet.fr/ Z.A.C Les CharmillesTel: +33 (0)3 26 79 30 05 3 Allée Thierry Sabine Direct: +33 (0)3 26 79 08 02 BP202 Fax: +33 (0)3 26 79 30 06 51686 Reims Cedex 2 FRANCE HEXANET Network Operation Center === To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: FreeBSD 4.5 and network problems
I am talking about IP over gigabit ethernet. Concievably, if one had enough time, one might observe this over a satellite link. The necessary flows are bandwidth independent, but the time to observe the problem is bandwidth dependent. On Wed, Apr 17, 2002 at 06:52:28PM +0200, Christophe Prevotaux wrote: > Are you talking about IP over Satellite link ? > > > > On Wed, 17 Apr 2002 11:00:45 -0500 > Damon Permezel <[EMAIL PROTECTED]> wrote: > > > Not sure about the initial delays, but I found a bug which does cause > > throughput to drop dramatically once it is hit. > > > > Consider the sender of a bulk data transfer (1/2 duplex). > > When header prediction is successful, the ACK stream coming back > > is handled by the fast path code. For this to be true, the window info > > in that ACK stream cannot change. > > > > tiwin && tiwin == tp->snd_wnd > > > > -- > === > Christophe PrevotauxEmail: [EMAIL PROTECTED] > HEXANET SARLURL: http://www.hexanet.fr/ > Z.A.C Les CharmillesTel: +33 (0)3 26 79 30 05 > 3 Allée Thierry Sabine Direct: +33 (0)3 26 79 08 02 > BP202 Fax: +33 (0)3 26 79 30 06 > 51686 Reims Cedex 2 > FRANCE HEXANET Network Operation Center > === -- -- Damon Permezel [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Hello from Mark Filipak
Hello All! This is an introduction and a ping. I live in Mansfield, Ohio, USA, and have some very specific problems and questions. The first should probably be whether this is the right list for me so I just installed GallantWEB. It is a pre-configured version of FreeBSD 3.3 that acts as a gateway/firewall/server. It is up and running but doesn't recognize my D-Link DFE-530TX+ ethernet cards. What I have to work with I have the full FreeBSD 3.3 distribution (6 discs) from Walnut Creek. I have C source code and makefile for the D-Link DFE-530TX+ ethernet card. It was written for Linux. The name of the driver source code is Rtl8139.C. I have Greg Lehey's book: "The Complete FreeBSD". I also have the full FreeBSD 4.0 distribution (4 discs) from Walnut Creek, but I don't want to tackle that right now and would like to get 3.3 fully functional first. What I need === I would appreciate help/advice for porting the D-Link DFE-530TX+ driver to FreeBSD 3.3. There are at least four aspects to this project === 1 - Discovering what I need to grab from the full 3.3 distribution and put into the running system -- for example, the running system has no C compiler or linker -- and where those should go. 2 - Revising the actual C source code and makefile. 3 - Discovering where Rtl8139.o should go in the running system. 4 - Getting the system to actually use the ported driver. About me I'm a 55 year old hardware engineer. I've used UNIX systems in the distant past, but I'm pretty raw. 8^) I write Java and Javascript, but don't have much experience with C -- but it is obviously very similar to Java. Global Question === Is this discussion list (freebsd-net) the right place for me or do I need to subscribe to a driver or hardware list? Thanks. All help is appreciated and some day I'm sure I will be in a position to pass it on. I know I'm taking my first steps down a long road. So here's a wave and a 'Hello' from me to you folks who are so far up the road that I can barely see you. Ciao -- Mark -- See my resume: http://home.earthlink.net/~filipak/resume/ See my music trade pages: http://home.earthlink.net/~filipak/music/ Last updated: 14 April 2002 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: What does FreeBSD do when listen queue is full ?
>I just did a quick look over the code, and it appears that the complete >connection queue is still intact, and takes on 3/2*listen backlog as its >length. Therefore, if sendmail is deciding to not accept() all >connections ASAP, a backlog will build up, and RSTs will be sent to >incoming connections. Boy, I hope not. Incoming SYNs should be ignored if the backlog is met, so that the client can retransmit them. I know Microsoft decided to use RST as a "my queue is full" indicator, but I hope we're not following in their footsteps!... Bill To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
vlan traffic over ipsec tunnel
Hi All, I'd like to accomplish the following: I have two locations, connected via an IPSEC tunnel. Is it possible to connect the vlans at both ends through the tunnel. Is this possible with existing software? What would it take to do something like this? Peter To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: What does FreeBSD do when listen queue is full ?
On Wed, 17 Apr 2002, Bill Fenner wrote: > Boy, I hope not. Incoming SYNs should be ignored if the backlog > is met, so that the client can retransmit them. I know Microsoft > decided to use RST as a "my queue is full" indicator, but I hope > we're not following in their footsteps!... > > Bill Actually, I read the code slightly wrong. We don't send a RST, we just silently drop the connection. However, at the point we're talking about, we're already past the 3-way handshake, so either way the connection has been lost. Heh, actually, I take that back. With a syncookie, a retransmitted ACK should end up reestablishing the connection. Clever... I think that you're referring to the case where we receive an initial SYN, and the listen queue is full. With the syncache/syncookies, this is no longer a problem; either a syn cookie is returned, or the syn is silently dropped (depending on whether or not syn cookies are enabled.) With the pre-syncache code, yes, a RST was sent at that time. Mike "Silby" Silbersack To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
RE: Hello from Mark Filipak
The FreeBSD vr driver supports the DFE530TX NIC. If it is not linked into the GallantWEB kernel, you have two choices. The one I would recommend based on your level of experience is to replace your NICs with ones that are supported. NICs are not expensive, and this may be a very practical approach. The second choice is to build a custom kernel. Greg Lehey's book is a good place to start. The problem with this is you are going to also have to learn all the firewall/ gateway configuration options that came packaged with the GallantWEB software. There is certainly no need to port a LINUX driver to FreeBSD. Basicly you have to redo everything that came with GallantWEB. Jim -Original Message- From: Mark Filipak [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 17, 2002 2:43 PM To: [EMAIL PROTECTED] Subject: Hello from Mark Filipak Hello All! This is an introduction and a ping. I live in Mansfield, Ohio, USA, and have some very specific problems and questions. The first should probably be whether this is the right list for me so I just installed GallantWEB. It is a pre-configured version of FreeBSD 3.3 that acts as a gateway/firewall/server. It is up and running but doesn't recognize my D-Link DFE-530TX+ ethernet cards. What I have to work with I have the full FreeBSD 3.3 distribution (6 discs) from Walnut Creek. I have C source code and makefile for the D-Link DFE-530TX+ ethernet card. It was written for Linux. The name of the driver source code is Rtl8139.C. I have Greg Lehey's book: "The Complete FreeBSD". I also have the full FreeBSD 4.0 distribution (4 discs) from Walnut Creek, but I don't want to tackle that right now and would like to get 3.3 fully functional first. What I need === I would appreciate help/advice for porting the D-Link DFE-530TX+ driver to FreeBSD 3.3. There are at least four aspects to this project === 1 - Discovering what I need to grab from the full 3.3 distribution and put into the running system -- for example, the running system has no C compiler or linker -- and where those should go. 2 - Revising the actual C source code and makefile. 3 - Discovering where Rtl8139.o should go in the running system. 4 - Getting the system to actually use the ported driver. About me I'm a 55 year old hardware engineer. I've used UNIX systems in the distant past, but I'm pretty raw. 8^) I write Java and Javascript, but don't have much experience with C -- but it is obviously very similar to Java. Global Question === Is this discussion list (freebsd-net) the right place for me or do I need to subscribe to a driver or hardware list? Thanks. All help is appreciated and some day I'm sure I will be in a position to pass it on. I know I'm taking my first steps down a long road. So here's a wave and a 'Hello' from me to you folks who are so far up the road that I can barely see you. Ciao -- Mark -- See my resume: http://home.earthlink.net/~filipak/resume/ See my music trade pages: http://home.earthlink.net/~filipak/music/ Last updated: 14 April 2002 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: What does FreeBSD do when listen queue is full ?
>We don't send a RST, we just silently drop the connection. This is wrong too; it should silently drop the ACK and leave the connection in the pending queue. >However, at the point we're talking about, >we're already past the 3-way handshake I thought we were talking about the ACK that finished the 3-way handshake. >I think that you're referring to the case where we receive an initial SYN, >and the listen queue is full. I'm referring to the case where the server has specified a backlog and that backlog is full. RST is never an appropriate response in this condition, whether in response to the SYN or to the ACK of our SYN/ACK, Microsoft's implementation notwithstanding. Bill To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Hello from Mark Filipak
On Wed, 17 Apr 2002, Mark Filipak wrote:
> Hello All!
Hi
>
>
> I just installed GallantWEB. It is a pre-configured version of FreeBSD
> 3.3 that acts as a gateway/firewall/server. It is up and running but
> doesn't recognize my D-Link DFE-530TX+ ethernet cards.
The RL driver supprts this card..
from teh 4.5 rlease notes:
RealTek 8129/8139 Fast Ethernet NICs ( rl(4) driver)
Accton ``Cheetah'' EN1207D (MPX 5030/5038; RealTek 8139 clone)
Allied Telesyn AT2550
Allied Telesyn AT2500TX
D-Link DFE-538TX <-(**)
Farallon NetLINE 10/100 PCI
Genius GF100TXR (RTL8139)
KTX-9130TX 10/100 Fast Ethernet
NDC Communications NE100TX-E
Netronix Inc. EA-1210 NetEther 10/100
OvisLink LEF-8129TX
OvisLink LEF-8139TX
SMC EZ Card 10/100 PCI 1211-TX
>
> What I have to work with
>
> I have the full FreeBSD 3.3 distribution (6 discs) from Walnut Creek.
>
> I have C source code and makefile for the D-Link DFE-530TX+ ethernet card. It was
>written for Linux. The name of the driver source code is Rtl8139.C.
>
> I have Greg Lehey's book: "The Complete FreeBSD".
>
> I also have the full FreeBSD 4.0 distribution (4 discs) from Walnut Creek, but I
>don't want to tackle that right now and would like to get 3.3 fully functional first.
the driver was added for release 3.1
check:
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/pci/if_rl.c
and
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/pci/if_rlreg.h
support for the Dlink was added at version 1.58
see note:
Revision 1.58 / (download) - annotate - [select for diffs], Wed Feb 21
20:54:21 2001 UTC (13 months, 3
weeks ago) by wpaul
Branch: MAIN
Changes since 1.57: +8 -6 lines
Diff to previous 1.57 (colored)
Big round of minor updates:
- Use pci_get_powerstate()/pci_set_powerstate() in all the other drivers
that need them so we don't have to fiddle with the PCI power management
registers directly.
- Use pci_enable_busmaster()/pci_enable_io() to turn on busmastering and
PIO/memory mapped accesses.
- Add support to the RealTek driver for the D-Link DFE-530TX+ which has
a RealTek 8139 with its own PCI ID. (Submitted by Jason Wright)
- Have the SiS 900/National DP83815 driver be sure to disable PME
mode in sis_reset(). This apparently fixes a problem on some
motherboards where the DP83815 chip fails to receive packets.
(Submitted by Chuck McCrobie <[EMAIL PROTECTED]>)
how much you can just use the 1.58 version of the file depends on
what else was changed, but it's probably easier than starting withj a
LINUX driver :-)
you may need toonly add the following lines to your present driver:
/*
@@ -152,6 +152,8 @@ static struct rl_type rl_devs[] = {
"Delta Electronics 8139 10/100BaseTX" },
{ ADDTRON_VENDORID, ADDTRON_DEVICEID_8139,
"Addtron Technolgy 8139 10/100BaseTX" },
+ { DLINK_VENDORID, DLINK_DEVICEID_530TXPLUS,
+ "D-Link DFE-530TX+ 10/100BaseTX" },
{ 0, 0, NULL }
};
>
> What I need
> ===
> I would appreciate help/advice for porting the
> D-Link DFE-530TX+ driver to FreeBSD 3.3.
see above.. you are just runing an old version of freeBSD..
regards..
Julian
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
Re: Hello from Mark Filipak
On Wed, 17 Apr 2002, Mark Filipak wrote: > Hello All! > > This is an introduction and a ping. > > I live in Mansfield, Ohio, USA, and have some very specific problems and questions. >The first should probably be whether this is the right list for me so > > I just installed GallantWEB. It is a pre-configured version of FreeBSD 3.3 that acts >as a gateway/firewall/server. It is up and running but doesn't recognize my D-Link >DFE-530TX+ ethernet cards. > > What I have to work with > > I have the full FreeBSD 3.3 distribution (6 discs) from Walnut Creek. > > I have C source code and makefile for the D-Link DFE-530TX+ ethernet > card. It was written for Linux. The name of the driver source code is > Rtl8139.C. > > I have Greg Lehey's book: "The Complete FreeBSD". > > I also have the full FreeBSD 4.0 distribution (4 discs) from Walnut > Creek, but I don't want to tackle that right now and would like to get > 3.3 fully functional first. The DFE-530TX+ driver was first supported in FreeBSD 4.4. You'll inflict the least amount of pain if you just get a copy of FreeBSD 4.4 or 4.5. You might be able to backfit this driver to FreeBSD 4.0 -- I've successfully done it for 4.2 and 4.3. -- Matt Emmerton To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: What does FreeBSD do when listen queue is full ?
On Wed, 17 Apr 2002, Bill Fenner wrote: > >We don't send a RST, we just silently drop the connection. > > This is wrong too; it should silently drop the ACK and leave the > connection in the pending queue. Hm, I suppose that could work. It still feels icky, though; if the problem is that the app is building up a backlog, I'd think that it should be handled by increasing the length of the backlog queue. OTOH, keeping a syncache socket around waiting for an ack to be retransmitted IS better than dropping the connection... Accept filters might interact badly with such a change, that'd have to be checked. Also, this would open up the potential that one bad app could fill the syncache. That would require a lot of work though; someone with a local account can already do much worse things. How do the apps which try to rate-limit connections (OpenSSH, sendmail) do it? Would that behavior be defeated with your proposed changes? I'm not opposed to your idea, I'd just like to fully understand the implications before any changes are made. Mike "Silby" Silbersack To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: What does FreeBSD do when listen queue is full ?
On Wed, Apr 17, 2002 at 09:32:34PM -0500, Mike Silbersack allegedly wrote: > > This is wrong too; it should silently drop the ACK and leave the > > connection in the pending queue. > How do the apps which try to rate-limit connections (OpenSSH, sendmail) do > it? Would that behavior be defeated with your proposed changes? Are we discussing what happens when the number of pending connections exceeds the backlog? If the suggestion is to leave such connections pending then the question becomes what's the real purpose of backlog? If the suggestion is something else, then excuse me for misconstruing as it makes my following comments irrelevant. FWIW, I use backlog as a method of indicating how long a client can expect to wait before getting serviced. This is especially useful with servers behind load balancers. For arguments sake, say I have a web server that I know handles 10 requests per second and I want to offer a 2 second response time. To do this I set the backlog to 20 on each of the web servers and configure the load balancer to periodically check each server by attempting to establish a session. If the load balancer connection attempt fails then it knows that that particular server already has 2 seconds worth of work so it should not consider that server as available at the moment (note that some load balancer configurations mean that connection counting is not possible and, oftentimes they don't do so accurately anyway). By making the backlog effectively infinite, my application cannot give feedback on anticipated service times and the load balancers will have to timeout on their periodic checks. Neither sounds very satisfactory to me. To be sure there are philosophical arguments about whether the client or the server should decide on waiting times or indeed whether there are better load balancer strategies, but I think genuine cases exist where a server wants to communicate service times back to the client and backlog strikes me as a reasonable way to do this. Regards. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
VLANS in Netgraph..
Someone was writing some VLAN code using Netgraph. I think they told me they were almost done and it just required some documentation to be done.. since then I have heard nothing. It that was YOU then if I dropped the ball, I'm sorry. Either way, if you know who/where/when let me know.. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Bridging vlan0 with de0
Szia! el aptom azt email-szimet? (probably unintelligable :-) did I give you this guy's address? On Thu, 20 Dec 2001, Julian Elischer wrote: > it is being donated by a french fellow. > He is just polishing it. > I will try commit it in the next few days. > > On Thu, 20 Dec 2001, Attila Nagy wrote: > > > Hello, > > > > > I believe you can bridge a vlan interface if you use the new upcoming > > > netgraph vlan node. It shuold be committed soon. (Vlans done the way > > > it should have been done ;-) > > Is it possible that this one will fix my FEC and VLAN problems? Is there a > > patch for -STABLE out there? I would be glad to test this :) > > > > -- > > Attila Nagye-mail: [EMAIL PROTECTED] > > Budapest Polytechnic (BMF.HU) @work: +361 210 1415 (194) > > H-1084 Budapest, Tavaszmezo u. 15-17. cell.: +3630 306 6758 > > > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
3com pcmcia nic
can a 3com pcmcia nic be put in promiscuous mode? if so what models? thanks-- Jon mailto:[EMAIL PROTECTED]Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax
Re: vlan traffic over ipsec tunnel
I don't know of a way to do this in FreeBSD, however OpenBSD's bridging code does support this. man brconfig on an OpenBSD box. Simply bridging a tunneling device and an ethernet device might work under FreeBSD. Matt On Wed, 17 Apr 2002, Peter J. Blok wrote: > Hi All, > > I'd like to accomplish the following: I have two locations, connected via an > IPSEC tunnel. Is it possible to connect the vlans at both ends through the > tunnel. > > Is this possible with existing software? What would it take to do something > like this? > > Peter > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: 5.Current Netgraph, Mutex
I can't find this code, where is it? On Wed, 17 Apr 2002, Maksim Yevmenkin wrote: > Roman Kurakin wrote: > > > #if __FreeBSD_version >= 50 > > mtx_init (&d->queue.ifq_mtx, "cp_queue", MTX_DEF); > > mtx_init (&d->hi_queue.ifq_mtx, "cp_queue_hi", MTX_DEF); > > #endif > > my guess would be that you forgot to call mtx_destroy() for > queue and hi_queue mutexes. > > thanks, > max > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: 5.Current Netgraph, Mutex
Roman, Having finally found the original mail, I concur. it looks like you have 'leaked' mutexes. (and the witness code accesses all mutexes even after the driver has unloaded... (*boom*)) I have not looked at the locks yet but you may be able to take advantage of netgraph's inherrant locking and queueing to simplify your usage of mutexes in some cases. (But I have to look at it more..) On Wed, 17 Apr 2002, Maksim Yevmenkin wrote: > Roman Kurakin wrote: > > > #if __FreeBSD_version >= 50 > > mtx_init (&d->queue.ifq_mtx, "cp_queue", MTX_DEF); > > mtx_init (&d->hi_queue.ifq_mtx, "cp_queue_hi", MTX_DEF); > > #endif > > my guess would be that you forgot to call mtx_destroy() for > queue and hi_queue mutexes. > > thanks, > max > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: What does FreeBSD do when listen queue is full ?
On Wed, 17 Apr 2002, Mark Delany wrote: > Are we discussing what happens when the number of pending connections > exceeds the backlog? If the suggestion is to leave such connections > pending then the question becomes what's the real purpose of backlog? Yes, that is what we're discussing. > For arguments sake, say I have a web server that I know handles 10 > requests per second and I want to offer a 2 second response time. To > do this I set the backlog to 20 on each of the web servers and > configure the load balancer to periodically check each server by > attempting to establish a session. > > If the load balancer connection attempt fails then it knows that that > particular server already has 2 seconds worth of work so it should not > consider that server as available at the moment (note that some load > balancer configurations mean that connection counting is not possible > and, oftentimes they don't do so accurately anyway). Well, 4.5+ would already be considered broken by your standards; it does not send a RST when dropping connections that have exceeded the backlog. I understand your method, but it seems perhaps a bit too simplistic. Have you considered having the load balancer make a simple request (fetching a static piece of html) every .25 seconds or so? The total response time from such connections would presumably give you a much better picture of how loaded the server is. If we do go ahead and make the changes that Bill proposes, it should be possible to add a sysctl that would cause a RST to be emitted rather than the connection to be returned to the syncache. Mike "Silby" Silbersack To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: vlan traffic over ipsec tunnel
On Wed, Apr 17, 2002 at 09:11:28PM +0200, Peter J. Blok wrote: > Hi All, > > I'd like to accomplish the following: I have two locations, connected via an > IPSEC tunnel. Is it possible to connect the vlans at both ends through the > tunnel. > > Is this possible with existing software? What would it take to do something > like this? With netgraph you can bridge ethernets over IP which then gets encypted via ipsec - at least in theory. But If you only want to connect IP based lans you should route instead. -- B.Walter COSMO-Project http://www.cosmo-project.de [EMAIL PROTECTED] Usergroup [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
xauth support in ipsec ?
All, Probably this mail should be directed at the kame newsgroup. But anyone know if xauth authorization scheme which is in draft stage is incorporated in the ipsec protocol in FreeBSD ? I know some corporate vpn gateways started incorporating xauth so, standard based clients will fail establishment process. (Ref: http://www.ietf.org/internet-drafts/draft-beaulieu-ike-xauth-02.txt ) Thanks! Naga. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: vlan traffic over ipsec tunnel
"Peter J. Blok" wrote: > I'd like to accomplish the following: I have two locations, connected via an > IPSEC tunnel. Is it possible to connect the vlans at both ends through the > tunnel. > > Is this possible with existing software? What would it take to do something > like this? Bridging doesn't work with the vlanX interface currently in FreeBSD. Julian promised (last December) that he would be committing a VLAN netgraph node for doing VLAN "the right way", but I have not seen anything. I tried to ping him twice on this, but I think he's pretending not to get the pings... 8-). -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: vlan traffic over ipsec tunnel
Terry Lambert wrote: > Bridging doesn't work with the vlanX interface currently in > FreeBSD. > > Julian promised (last December) that he would be committing a > VLAN netgraph node for doing VLAN "the right way", but I have > not seen anything. I tried to ping him twice on this, but I > think he's pretending not to get the pings... 8-). Spoke too soon... just saw his posting to -net... -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: What does FreeBSD do when listen queue is full ?
On Thu, Apr 18, 2002 at 12:49:45AM -0500, Mike Silbersack allegedly wrote: > > On Wed, 17 Apr 2002, Mark Delany wrote: > > > Are we discussing what happens when the number of pending connections > > exceeds the backlog? If the suggestion is to leave such connections > > pending then the question becomes what's the real purpose of backlog? > > Yes, that is what we're discussing. Goodo. > > For arguments sake, say I have a web server that I know handles 10 > Well, 4.5+ would already be considered broken by your standards; it does > not send a RST when dropping connections that have exceeded the backlog. Agreed. I think that RST is the right choice actually. > I understand your method, but it seems perhaps a bit too simplistic. Have Right. It was really only intended as an example to demonstrate the concept. It raises the question as to the purpose of backlog. Is it really only intended as a resource hint or does it represent a firm threshold beyond which the OS should act differently? If the latter, then the purpose of the threshold can only be of real benefit to the client as the server can trivially track its own resource usage, true? So, if backlog is a threshold for communicating to clients, then I think RST is the right choice as it communicates server state unambiguously. Conversely dropping the ACK is ambiguous to the client - is the server busy or is the network dropping packets? Additional dropping the ACK is a painfully slow way to communicate as the client has to timeout the connection attempt to find out that service is not forthcoming. Regards. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: What does FreeBSD do when listen queue is full ?
>So, if backlog is a threshold for communicating to clients, then I >think RST is the right choice as it communicates server state >unambiguously. I disagree; RST does not communicate server state unambiguously. RST is used in response to an erroneous packet on a synchronized connection, in response to a packet to a connection that doesn't exist (e.g. SYN to a closed port), or in response to an ACK that acknowledges something that hasn't been sent. None of these applies to this situation. Dropping the ACK and allowing the TCP backoff to retry the connection is exactly the right behavior when there is one server supplying the service, because the retries are subject to exponential backoffs. Please don't break the normal case for the load-balanced case. Bill To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: What does FreeBSD do when listen queue is full ?
On 18 Apr 2002, Mark Delany wrote: > It raises the question as to the purpose of backlog. Is it really only > intended as a resource hint or does it represent a firm threshold > beyond which the OS should act differently? > > If the latter, then the purpose of the threshold can only be of real > benefit to the client as the server can trivially track its own > resource usage, true? Well, the problem with being fast and free with RSTs is that I don't think many clients react well to them. Hence, in the standalone server case I suspect that Bill's idea of ignoring the ACK and waiting for it to be retransmitted is the better idea. After that is done, adding a sysctl which enables the RST functionality wouldn't be a problem if you think that it may be beneficial for those using load balancers. Mike "Silby" Silbersack To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
