Re: Collision on NIC

[Matthew D. Fuller]

On Thu, May 29, 2003 at 03:51:43PM +0200 I heard the voice of
Erwane Breton, and lo! it spake thus:
> 
> On my FreeBSD box
> Network interface status:
> Ipkts Ierrs  IbytesOpkts  Oerrs   Obytes  Coll
> 21852457  0  280187344 28530965   7   3906410421  8584

> Lot of collisions (for 10 days uptime)
> 
> If someone have idea or same problem, and solution :)

Well, I don't see the problem.

My math says that that's .03% collision rate, which is so deep in the
noise as to be practically zero.  What do you _think_ it should be?


-- 
Matthew Fuller (MF4839)   |  [EMAIL PROTECTED]
Systems/Network Administrator |  http://www.over-yonder.net/~fullermd/

"The only reason I'm burning my candle at both ends, is because I
  haven't figured out how to light the middle yet"
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: USB Modem support

[Hellmuth Michaelis]

Brad du Plessis wrote:

> How do I find out before I go and buy a usb modem that its going to be 
> detected as a umodem or a ugen device. 

Take your notebook to the USB-dealer :-) and ask if you can connect the 
thingie to test it.

> Are usb modems with CAPI support always winmodems?

You mix things up. 

A modem (MOdulator / DEModulator) is a piece of hardware usually
interfacing a RS232 serial line to a telephone line. The data
from the serial line is converted into tones sent over the phone
line which are decoded back to computer data on the remote end.
The call control is usually done in-band by using the the Hayes 
AT-protocol.

As Garret said, an USB modem is a device that claims in the USB
control protocol to be a modem ( = RS232 is replaced by the USB).

CAPI is an application programming interface for ISDN applications
interfacing to some (PCI / ISA / USB / whatever) hardware device(s)
(and it is also used for other communication stuff like X.25 etc.)

There is NO such thing which is commonly called "ISDN modem".

A winmodem is a little bit of hardware / silicon which perhaps is
going to look like a modem when it is used by some proprietary 
binary-only software (= libraries = RS232 is replaced by some software
which makes the silicon virtually look like a RS232 connector). I have
no idea if you get this type of s**t with a USB interface ... (and in
case you would get it, i think that the USB would be used to exchange
highly propietary and undocumented data to interface the silicon to the
software library).

hellmuth
-- 
Hellmuth Michaelis   Hamburg, Europe   hm\at\kts.orgwww.kts.org
a duck is like a bicycle because they both have two wheels except the duck (tl)
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Collision on NIC

[Petri Helenius]

> 
> Well, I don't see the problem.
> 
> My math says that that's .03% collision rate, which is so deep in the
> noise as to be practically zero.  What do you _think_ it should be?
> 
Even Mr. Inventor of the ethernet himself regrets calling them collisions because
that term has a bad ring people unfamiliar with the technological detail.

Pete

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: gratuitous ARP with em interface.

[Sreekanth]

Could be attributed to the spanning tree in the switch.I have seen it
happening(especially with cisco switches).I bet you are not able to send
out any packet(Not just Garp).

Sreekanth

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Petri Helenius
> Sent: Thursday, May 29, 2003 4:39 AM
> To: Ruslan Ermilov
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; 
> [EMAIL PROTECTED]
> Subject: Re: gratuitous ARP with em interface.
> 
> 
> 
> I haven't looked that deep into why, but em is quite slow on 
> coming up 
> compared to
> fxp for example. Probably something to do with hardware 
> re-initialization.
> 
> Pete
> 
> 
> Ruslan Ermilov wrote:
> 
> >On Wed, May 28, 2003 at 07:57:07PM -0400, 
> [EMAIL PROTECTED] wrote:
> >  
> >
> >>Hi all,
> >>  
> >>Is there a known issue with alias IPs on em interfaces not 
> sending out 
> >>gratuitous arps ?
> >>
> >>The situation is as follows:
> >> I am running a custom redundancy daemon that migrates the 
> IP address 
> >>of a server from one interface to another in case the 
> active network 
> >>path fails. Till now I was experimenting with two fxp 
> interfaces and 
> >>everything worked perfectly. i.e. when the ip address moved over 
> >>(using a perl script to run ifconfig commands) it sent out 
> grat. arps 
> >>for each of its alias IPs. This allowed the router to 
> update its Arp 
> >>table and talk to the newly active interface.
> >>
> >>Now when I try running the code with em (gigabit Ethernet 
> over copper) 
> >>NICs, I simply do not see the gratuitous arps come out of the new 
> >>interface.
> >>
> >>I am at a loss to understand what has changed. Could it be that the 
> >>line DOWN -> UP time of the em interface is longer thereby 
> causing a 
> >>loss of ARPs ? Any suggestions ?
> >>
> >>
> >>
> >Yes, I can reproduce this too, no gratuitous ARP is sent.
> >
> >
> >Cheers,
> >  
> >
> 
> 
> ___
> [EMAIL PROTECTED] mailing list 
> http://lists.freebsd.org/mailman/listinfo/free> bsd-net
> To 
> unsubscribe, send any mail to 
> "[EMAIL PROTECTED]"
> 
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003
>  
> 

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: gratuitous ARP with em interface.

[John Polstra]

In article <[EMAIL PROTECTED]>, Petri Helenius
<[EMAIL PROTECTED]> wrote:

> I haven't looked that deep into why, but em is quite slow on coming
> up compared to fxp for example. Probably something to do with
> hardware re-initialization.

I haven't tried this, but I think the problem would go away if you
changed WAIT_FOR_AUTO_NEG_DEFAULT to 0 in "if_em.h".

John
-- 
  John Polstra
  John D. Polstra & Co., Inc.Seattle, Washington USA
  "Two buttocks cannot avoid friction." -- Malawi saying
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: USB Modem support

[Garrett Wollman]

< said:

> How do I find out before I go and buy a usb modem that its going to be 
> detected as a umodem or a ugen device.

A priori, you can't.  Looking in the Macintosh section will usually
assure you of getting something that is not Windows-specific, although
this is not a sufficient condition.  I bought one that worked; I think
it was a D-Link (it's at home right now and I'm not).

-GAWollman

PS: Suggest you learn to format your followups properly.

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: gratuitous ARP with em interface.

[mvsjetti]

hi,
I had checked the kernel code of the freeBsd. In case of fxp port "
fxp_ether_ioctl" fucntional
will be called when we add a new address to an interface(using the if_ioctl
pointer from the
in_ifinit fucntion). And this fuction will inturn call the arp_ifinit
fucntion which sends the gratituos ARP.
I am not able to find this kind of fucntionality for em. I am not the sure
whether the code i am having
was incomplete or some fucntonality was missing in the implementation. This
may be the case of
incomplete intitlaization( if_ioctl of the ifp may not be initlized
properly).

If u can do kernel debugging put break point at the "arp_ifinit" and verify
if this was getting called
or not..
cheers,
mahesh




"Sreekanth" <[EMAIL PROTECTED]>@freebsd.org on 29/05/2003
21:01:29

Sent by:[EMAIL PROTECTED]


To:"'Petri Helenius'" <[EMAIL PROTECTED]>, "'Ruslan Ermilov'"
   <[EMAIL PROTECTED]>
cc:[EMAIL PROTECTED], [EMAIL PROTECTED],
   [EMAIL PROTECTED]

Subject:RE: gratuitous ARP with em interface.


Could be attributed to the spanning tree in the switch.I have seen it
happening(especially with cisco switches).I bet you are not able to send
out any packet(Not just Garp).

Sreekanth

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Petri Helenius
> Sent: Thursday, May 29, 2003 4:39 AM
> To: Ruslan Ermilov
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: Re: gratuitous ARP with em interface.
>
>
>
> I haven't looked that deep into why, but em is quite slow on
> coming up
> compared to
> fxp for example. Probably something to do with hardware
> re-initialization.
>
> Pete
>
>
> Ruslan Ermilov wrote:
>
> >On Wed, May 28, 2003 at 07:57:07PM -0400,
> [EMAIL PROTECTED] wrote:
> >
> >
> >>Hi all,
> >>
> >>Is there a known issue with alias IPs on em interfaces not
> sending out
> >>gratuitous arps ?
> >>
> >>The situation is as follows:
> >> I am running a custom redundancy daemon that migrates the
> IP address
> >>of a server from one interface to another in case the
> active network
> >>path fails. Till now I was experimenting with two fxp
> interfaces and
> >>everything worked perfectly. i.e. when the ip address moved over
> >>(using a perl script to run ifconfig commands) it sent out
> grat. arps
> >>for each of its alias IPs. This allowed the router to
> update its Arp
> >>table and talk to the newly active interface.
> >>
> >>Now when I try running the code with em (gigabit Ethernet
> over copper)
> >>NICs, I simply do not see the gratuitous arps come out of the new
> >>interface.
> >>
> >>I am at a loss to understand what has changed. Could it be that the
> >>line DOWN -> UP time of the em interface is longer thereby
> causing a
> >>loss of ARPs ? Any suggestions ?
> >>
> >>
> >>
> >Yes, I can reproduce this too, no gratuitous ARP is sent.
> >
> >
> >Cheers,
> >
> >
>
>
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/free> bsd-net
> To
> unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003
>
>

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
 To unsubscribe, send any mail to "[EMAIL PROTECTED]"


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Socket option to get dst port

[Scot Loach]

When a UDP packet is read from a socket, the userland program can get the
destination IP address by using the IP_RECVDSTADDR socket option.  This
returns the destination address as ancillary data in the msg_control member
of the msghdr structure passed to recvmsg().

I needed a way to get the destination port for UDP packets that were
forwarded to a local UDP port using ipfw, with the "fwd" option.  There
doesn't seem to be any way to get this information currently.  I added a
IP_RECVDSTPORT socket option for this purpose.  Unfortunately I had to add
the control mbuf within udp_input() instead of within ip_savecontrol() since
that's the only place I have the UDP header.

Patch to 4.7 is below.  Please let me know if you see any problems with it.
If this is generally useful, it could be committed.

Index: in.h
===
RCS file: /usr/cvs/src/sys/netinet/in.h,v
retrieving revision 1.48.2.9
diff -U3 -r1.48.2.9 in.h
--- in.h1 Dec 2002 14:03:10 -   1.48.2.9
+++ in.h29 May 2003 15:56:19 -
@@ -333,6 +333,8 @@
 #defineIP_DUMMYNET_FLUSH   62   /* flush dummynet */
 #defineIP_DUMMYNET_GET 64   /* get entire dummynet pipes */

+#define IP_RECVDSTPORT  80   /* bool; receive IP dst port w/dgram
*/
+
 /*
  * Defaults and limits for options
  */
Index: in_pcb.h
===
RCS file: /usr/cvs/src/sys/netinet/in_pcb.h,v
retrieving revision 1.32.2.6
diff -U3 -r1.32.2.6 in_pcb.h
--- in_pcb.h29 Jul 2002 18:56:37 -  1.32.2.6
+++ in_pcb.h29 May 2003 15:56:13 -
@@ -273,8 +273,10 @@
 #defineIN6P_RTHDRDSTOPTS   0x20 /* receive dstoptions
before rt
hdr */
 #define IN6P_AUTOFLOWLABEL 0x80 /* attach flowlabel automatically
*/

+#define INP_RECVDSTPORT 0x0100 /* receive UDP dst port */
+
 #defineINP_CONTROLOPTS
(INP_RECVOPTS|INP_RECVRETOPTS|INP_RECVDS
TADDR|\
-   INP_RECVIF|\
+   INP_RECVIF| INP_RECVDSTPORT |\
 IN6P_PKTINFO|IN6P_HOPLIMIT|IN6P_HOPOPTS|\
 IN6P_DSTOPTS|IN6P_RTHDR|IN6P_RTHDRDSTOPTS|\
 IN6P_AUTOFLOWLABEL)
Index: ip_output.c
===
RCS file: /usr/cvs/src/sys/netinet/ip_output.c,v
retrieving revision 1.99.2.31
diff -U3 -r1.99.2.31 ip_output.c
--- ip_output.c 12 Jul 2002 22:14:12 -  1.99.2.31
+++ ip_output.c 28 May 2003 19:32:57 -
@@ -1181,6 +1181,7 @@
case IP_RECVOPTS:
case IP_RECVRETOPTS:
case IP_RECVDSTADDR:
+case IP_RECVDSTPORT:
case IP_RECVIF:
case IP_FAITH:
error = sooptcopyin(sopt, &optval, sizeof optval,
@@ -1213,6 +1214,10 @@
case IP_RECVDSTADDR:
OPTSET(INP_RECVDSTADDR);
break;
+
+case IP_RECVDSTPORT:
+OPTSET(INP_RECVDSTPORT);
+break;

case IP_RECVIF:
OPTSET(INP_RECVIF);
Index: udp_usrreq.c
===
RCS file: /usr/cvs/src/sys/netinet/udp_usrreq.c,v
retrieving revision 1.64.2.16.1000.2
diff -U3 -r1.64.2.16.1000.2 udp_usrreq.c
--- udp_usrreq.c27 Jan 2003 16:38:06 -  1.64.2.16.1000.2
+++ udp_usrreq.c29 May 2003 15:55:24 -
@@ -450,7 +450,18 @@
inp->inp_flags = savedflags;
} else
 #endif
-   ip_savecontrol(inp, &opts, ip, m);
+   {
+   ip_savecontrol(inp, &opts, ip, m);
+   if (inp->inp_flags & INP_RECVDSTPORT) {
+   struct mbuf **mp = &opts;
+   while (*mp) {
+   mp = &(*mp)->m_next;
+   }
+   *mp = sbcreatecontrol((caddr_t)
&uh->uh_dport,
+sizeof(u_int16_t), IP_RECVDSTPORT,
+IPPROTO_IP);
+   }
+   }
}
m_adj(m, iphlen + sizeof(struct udphdr));
 #ifdef INET6
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: gratuitous ARP with em interface.

[Sreekanth]

em_ioctl() has a call to ether_ioctl() which in turn calls arp_ifinit().

Sreekanth

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, May 29, 2003 9:17 AM
> To: Sreekanth
> Cc: 'Petri Helenius'; 'Ruslan Ermilov'; 
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; 
> [EMAIL PROTECTED]
> Subject: RE: gratuitous ARP with em interface.
> 
> 
> 
> 
> 
> 
> 
> hi,
> I had checked the kernel code of the freeBsd. In case of fxp 
> port " fxp_ether_ioctl" fucntional will be called when we add 
> a new address to an interface(using the if_ioctl pointer from 
> the in_ifinit fucntion). And this fuction will inturn call 
> the arp_ifinit fucntion which sends the gratituos ARP. I am 
> not able to find this kind of fucntionality for em. I am not 
> the sure whether the code i am having was incomplete or some 
> fucntonality was missing in the implementation. This may be 
> the case of incomplete intitlaization( if_ioctl of the ifp 
> may not be initlized properly).
> 
> If u can do kernel debugging put break point at the 
> "arp_ifinit" and verify if this was getting called or 
> not.. cheers, mahesh
> 
> 
> 
> 
> "Sreekanth" <[EMAIL PROTECTED]>@freebsd.org on 
> 29/05/2003 21:01:29
> 
> Sent by:[EMAIL PROTECTED]
> 
> 
> To:"'Petri Helenius'" <[EMAIL PROTECTED]>, "'Ruslan Ermilov'"
><[EMAIL PROTECTED]>
> cc:[EMAIL PROTECTED], [EMAIL PROTECTED],
>[EMAIL PROTECTED]
> 
> Subject:RE: gratuitous ARP with em interface.
> 
> 
> Could be attributed to the spanning tree in the switch.I have 
> seen it happening(especially with cisco switches).I bet you 
> are not able to send out any packet(Not just Garp).
> 
> Sreekanth
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] 
> > [mailto:[EMAIL PROTECTED] On Behalf Of Petri Helenius
> > Sent: Thursday, May 29, 2003 4:39 AM
> > To: Ruslan Ermilov
> > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; 
> > [EMAIL PROTECTED]
> > Subject: Re: gratuitous ARP with em interface.
> >
> >
> >
> > I haven't looked that deep into why, but em is quite slow 
> on coming up
> > compared to
> > fxp for example. Probably something to do with hardware
> > re-initialization.
> >
> > Pete
> >
> >
> > Ruslan Ermilov wrote:
> >
> > >On Wed, May 28, 2003 at 07:57:07PM -0400,
> > [EMAIL PROTECTED] wrote:
> > >
> > >
> > >>Hi all,
> > >>
> > >>Is there a known issue with alias IPs on em interfaces not
> > sending out
> > >>gratuitous arps ?
> > >>
> > >>The situation is as follows:
> > >> I am running a custom redundancy daemon that migrates the
> > IP address
> > >>of a server from one interface to another in case the
> > active network
> > >>path fails. Till now I was experimenting with two fxp
> > interfaces and
> > >>everything worked perfectly. i.e. when the ip address moved over 
> > >>(using a perl script to run ifconfig commands) it sent out
> > grat. arps
> > >>for each of its alias IPs. This allowed the router to
> > update its Arp
> > >>table and talk to the newly active interface.
> > >>
> > >>Now when I try running the code with em (gigabit Ethernet
> > over copper)
> > >>NICs, I simply do not see the gratuitous arps come out of the new 
> > >>interface.
> > >>
> > >>I am at a loss to understand what has changed. Could it 
> be that the 
> > >>line DOWN -> UP time of the em interface is longer thereby
> > causing a
> > >>loss of ARPs ? Any suggestions ?
> > >>
> > >>
> > >>
> > >Yes, I can reproduce this too, no gratuitous ARP is sent.
> > >
> > >
> > >Cheers,
> > >
> > >
> >
> >
> > ___
> > [EMAIL PROTECTED] mailing list 
> > http://lists.freebsd.org/mailman/listinfo/free> bsd-net To
> > unsubscribe, send any mail to
> > "[EMAIL PROTECTED]"
> >
> > ---
> > Incoming mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003
> >
> >
> 
> ___
> [EMAIL PROTECTED] mailing list 
> http://lists.freebsd.org/mailman/listinfo/free> bsd-net
>  To 
> unsubscribe, send any mail to 
> "[EMAIL PROTECTED]"
> 
> 
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003
>  
> 

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Cascading qmail servers

[Barney Wolff]

On Thu, May 29, 2003 at 12:14:34AM -0700, Wes Peters wrote:
> On Wednesday 28 May 2003 08:00 am, Barney Wolff wrote:
> > On Wed, May 28, 2003 at 07:45:10AM -0700, Wes Peters wrote:
> > > > Don't assume that you can't create an alias for each user.  When I
> > > > worked at a very large NY bank, with well over 100,000 employees,
> > > > /etc/mail/aliases was that big, and sendmail worked just fine.
> > >
> > > In sendmail, you can do domain routing with mailertable.  I think you
> > > can do the same in Postfix with relay_domains.
> >
> > The question I thought I was answering was how to make the address
> >   <[EMAIL PROTECTED]>
> > route to my actual account,
> > <[EMAIL PROTECTED]>.
> >
> > If external correspondents use the sub-domains the problem is easier,
> > but employees in large orgs move around so often it's impractical.
> 
> It's also impractical to deliver copies of every message to each of the 
> various offices, leaving thousands and thousands of unread messages for 
> the employees that don't work in each office.
> 
> This is where directory technologies like LDAP come into play, when you 
> have large user bases.  I think this has strayed pretty far from the 
> question that was asked, though, which seemed to me to be a 'mail 
> gateway' attached to the internet at the company HQ that would route to 
> ~3 internal mail servers, delivering the correct accounts to each one.  
> Wasn't that the original question?

You can try a fancy solution with LDAP, yes.  Or you can just have an
/etc/mail/aliases with a line for each employee.  All I'm saying is
that this simpleminded solution actually worked, even for one of the
largest corps in the world.  Of course the alias file was not hand-edited,
but derived from the HR database, daily.

-- 
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: gratuitous ARP with em interface.

[Sreekanth]

A related topic.Whenever an alias gets added to the interface, the
interface is reset.In my opinion this is uncalled for.The Interface
should be reset only when adding the first Ip address.As far as
interface is concerned Adding an IP address has no effect,except in the
first instance.My suggestion is to use the flags IFF_RUNNING|IFF_OACTIVE
to decide if we want to reset the interface again.

Comments..?

Sreekanth


> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Sreekanth
> Sent: Thursday, May 29, 2003 9:36 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; 
> [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: gratuitous ARP with em interface.
> 
> 
> em_ioctl() has a call to ether_ioctl() which in turn calls 
> arp_ifinit().
> 
> Sreekanth
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, May 29, 2003 9:17 AM
> > To: Sreekanth
> > Cc: 'Petri Helenius'; 'Ruslan Ermilov'; 
> > [EMAIL PROTECTED]; [EMAIL PROTECTED]; 
> > [EMAIL PROTECTED]
> > Subject: RE: gratuitous ARP with em interface.
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > hi,
> > I had checked the kernel code of the freeBsd. In case of fxp
> > port " fxp_ether_ioctl" fucntional will be called when we add 
> > a new address to an interface(using the if_ioctl pointer from 
> > the in_ifinit fucntion). And this fuction will inturn call 
> > the arp_ifinit fucntion which sends the gratituos ARP. I am 
> > not able to find this kind of fucntionality for em. I am not 
> > the sure whether the code i am having was incomplete or some 
> > fucntonality was missing in the implementation. This may be 
> > the case of incomplete intitlaization( if_ioctl of the ifp 
> > may not be initlized properly).
> > 
> > If u can do kernel debugging put break point at the
> > "arp_ifinit" and verify if this was getting called or 
> > not.. cheers, mahesh
> > 
> > 
> > 
> > 
> > "Sreekanth" <[EMAIL PROTECTED]>@freebsd.org on
> > 29/05/2003 21:01:29
> > 
> > Sent by:[EMAIL PROTECTED]
> > 
> > 
> > To:"'Petri Helenius'" <[EMAIL PROTECTED]>, "'Ruslan Ermilov'"
> ><[EMAIL PROTECTED]>
> > cc:[EMAIL PROTECTED], [EMAIL PROTECTED],
> >[EMAIL PROTECTED]
> > 
> > Subject:RE: gratuitous ARP with em interface.
> > 
> > 
> > Could be attributed to the spanning tree in the switch.I have
> > seen it happening(especially with cisco switches).I bet you 
> > are not able to send out any packet(Not just Garp).
> > 
> > Sreekanth
> > 
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of Petri Helenius
> > > Sent: Thursday, May 29, 2003 4:39 AM
> > > To: Ruslan Ermilov
> > > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; 
> > > [EMAIL PROTECTED]
> > > Subject: Re: gratuitous ARP with em interface.
> > >
> > >
> > >
> > > I haven't looked that deep into why, but em is quite slow
> > on coming up
> > > compared to
> > > fxp for example. Probably something to do with hardware 
> > > re-initialization.
> > >
> > > Pete
> > >
> > >
> > > Ruslan Ermilov wrote:
> > >
> > > >On Wed, May 28, 2003 at 07:57:07PM -0400,
> > > [EMAIL PROTECTED] wrote:
> > > >
> > > >
> > > >>Hi all,
> > > >>
> > > >>Is there a known issue with alias IPs on em interfaces not
> > > sending out
> > > >>gratuitous arps ?
> > > >>
> > > >>The situation is as follows:
> > > >> I am running a custom redundancy daemon that migrates the
> > > IP address
> > > >>of a server from one interface to another in case the
> > > active network
> > > >>path fails. Till now I was experimenting with two fxp
> > > interfaces and
> > > >>everything worked perfectly. i.e. when the ip address moved over
> > > >>(using a perl script to run ifconfig commands) it sent out
> > > grat. arps
> > > >>for each of its alias IPs. This allowed the router to
> > > update its Arp
> > > >>table and talk to the newly active interface.
> > > >>
> > > >>Now when I try running the code with em (gigabit Ethernet
> > > over copper)
> > > >>NICs, I simply do not see the gratuitous arps come out 
> of the new
> > > >>interface.
> > > >>
> > > >>I am at a loss to understand what has changed. Could it
> > be that the
> > > >>line DOWN -> UP time of the em interface is longer thereby
> > > causing a
> > > >>loss of ARPs ? Any suggestions ?
> > > >>
> > > >>
> > > >>
> > > >Yes, I can reproduce this too, no gratuitous ARP is sent.
> > > >
> > > >
> > > >Cheers,
> > > >
> > > >
> > >
> > >
> > > ___
> > > [EMAIL PROTECTED] mailing list
> > > http://lists.freebsd.org/mailman/listinfo/free> bsd-net To
> > > unsubscribe, send any mail to
> > > "[EMAIL PROTECTED]"
> > >
> > > ---
> > > Incoming mail is certified Virus Free.
> > > Checked by AVG anti-virus system (http://www.grisoft.com).
> > > Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003
> > >
> > >
> > 
> > ___
> > [EMAIL

Re: ipfw rules vs routes to localhost?

[.]

> I'm considering:
> 
>   ipfw add N deny ip from a.b.c.d to any
> 
> vs.
> 
>   route add -host a.b.c.d localhost
> 
> I need to block traffic to a number of IP addresses.  I thought I'd use
> ipfw to avoid things like UDP DNS lookups that might come in ant take up
> resources while my system tried to respond, but it's been suggested on
> another list that setting routes to localhost will use less resources.
> Ideally, I'd like to be able to block a few tens of thousands of IPs.
> 
> What's the scoop?
ipfw with huge list works slow.
Dont try huge route tables.

use in kernel:
pseudo-device   disc#Discard device (ds0, ds1, etc)

and
ifconfig ds0 inet 0.0.0.1/32 (or else)
route add -host a.b.c.d 0.0.0.1
instead of localhost

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: gratuitous ARP with em interface.

[[EMAIL PROTECTED]]

Thanks all for you replies.

> I haven't tried this, but I think the problem would go away if you
> changed WAIT_FOR_AUTO_NEG_DEFAULT to 0 in "if_em.h".

Changed this. Did not work. 

> If u can do kernel debugging put break point at the 
> "arp_ifinit" and verify if this was getting called or 
> not.. cheers, mahesh

Will try this.

> Could be attributed to the spanning tree in the switch.I have 
> seen it happening(especially with cisco switches).I bet you 
> are not able to send out any packet(Not just Garp).

No. Spanning tree is turned off (Tried it with both IOS and Catalyst
switches).

>  I haven't looked that deep into why, but em is quite slow 
> on coming up  compared to fxp for example. Probably something to do with 
> hardware re-initialization.

Correct, there is a delay. "ifconfig em0 inet x.x.x.x/y" takes a few
seconds to complete whereas "ifconfig fxp0 inet x.x.x.x/y" returns
instantly.


Is there a way to force gratituous arp ? ( Short of writing a raw socket
utility)

Thanks,
-ansh

> > >On Wed, May 28, 2003 at 07:57:07PM -0400,
> > [EMAIL PROTECTED] wrote:
> > >
> > >
> > >>Hi all,
> > >>
> > >>Is there a known issue with alias IPs on em interfaces not
> > sending out
> > >>gratuitous arps ?
> > >>
> > >>The situation is as follows:
> > >> I am running a custom redundancy daemon that migrates the
> > IP address
> > >>of a server from one interface to another in case the
> > active network
> > >>path fails. Till now I was experimenting with two fxp
> > interfaces and
> > >>everything worked perfectly. i.e. when the ip address moved over 
> > >>(using a perl script to run ifconfig commands) it sent out
> > grat. arps
> > >>for each of its alias IPs. This allowed the router to
> > update its Arp
> > >>table and talk to the newly active interface.
> > >>
> > >>Now when I try running the code with em (gigabit Ethernet
> > over copper)
> > >>NICs, I simply do not see the gratuitous arps come out of the new 
> > >>interface.
> > >>
> > >>I am at a loss to understand what has changed. Could it 
> be that the 
> > >>line DOWN -> UP time of the em interface is longer thereby
> > causing a
> > >>loss of ARPs ? Any suggestions ?
> > >>
> > >>
> > >>
> > >Yes, I can reproduce this too, no gratuitous ARP is sent.
> > >
> > >
> > >Cheers,
> > >
> > >
> >
> >
> > ___
> > [EMAIL PROTECTED] mailing list 
> > http://lists.freebsd.org/mailman/listinfo/free> bsd-net To
> > unsubscribe, send any mail to
> > "[EMAIL PROTECTED]"
> >
> > ---
> > Incoming mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003
> >
> >
> 
> ___
> [EMAIL PROTECTED] mailing list 
> http://lists.freebsd.org/mailman/listinfo/free> bsd-net
>  To 
> unsubscribe, send any mail to 
> "[EMAIL PROTECTED]"
> 
> 
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003
>  
> 




mail2web - Check your email from the web at
http://mail2web.com/ .


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: gratuitous ARP with em interface.

[Sreekanth]

I did a quick test just now and...
Interestingly I did see GARP packets on the network with Em copper
connected to a 100base Switch(I don't have a gigabit Copper switch
rightnow).
You might want to try these things.
1) Ping immediately after the link comes up and see if it succeeds.(In
1000baseTX switch).
2) Connect it to a 100Base port and try.
3) Connect to another machine with crossover cable and try

First try 1 and if it fails try 2 and 3.

Hope it helps.

Sreekanth


> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> [EMAIL PROTECTED]
> Sent: Thursday, May 29, 2003 4:54 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; 
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; 
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; 
> [EMAIL PROTECTED]
> Subject: RE: gratuitous ARP with em interface.
> 
> 
> Thanks all for you replies.
> 
> > I haven't tried this, but I think the problem would go away if you 
> > changed WAIT_FOR_AUTO_NEG_DEFAULT to 0 in "if_em.h".
> 
> Changed this. Did not work. 
> 
> > If u can do kernel debugging put break point at the
> > "arp_ifinit" and verify if this was getting called or 
> > not.. cheers, mahesh
> 
> Will try this.
> 
> > Could be attributed to the spanning tree in the switch.I have
> > seen it happening(especially with cisco switches).I bet you 
> > are not able to send out any packet(Not just Garp).
> 
> No. Spanning tree is turned off (Tried it with both IOS and 
> Catalyst switches).
> 
> >  I haven't looked that deep into why, but em is quite slow
> > on coming up  compared to fxp for example. Probably 
> something to do with 
> > hardware re-initialization.
> 
> Correct, there is a delay. "ifconfig em0 inet x.x.x.x/y" 
> takes a few seconds to complete whereas "ifconfig fxp0 inet 
> x.x.x.x/y" returns instantly.
> 
> 
> Is there a way to force gratituous arp ? ( Short of writing a 
> raw socket
> utility)
> 
> Thanks,
> -ansh
> 
> > > >On Wed, May 28, 2003 at 07:57:07PM -0400,
> > > [EMAIL PROTECTED] wrote:
> > > >
> > > >
> > > >>Hi all,
> > > >>
> > > >>Is there a known issue with alias IPs on em interfaces not
> > > sending out
> > > >>gratuitous arps ?
> > > >>
> > > >>The situation is as follows:
> > > >> I am running a custom redundancy daemon that migrates the
> > > IP address
> > > >>of a server from one interface to another in case the
> > > active network
> > > >>path fails. Till now I was experimenting with two fxp
> > > interfaces and
> > > >>everything worked perfectly. i.e. when the ip address moved over
> > > >>(using a perl script to run ifconfig commands) it sent out
> > > grat. arps
> > > >>for each of its alias IPs. This allowed the router to
> > > update its Arp
> > > >>table and talk to the newly active interface.
> > > >>
> > > >>Now when I try running the code with em (gigabit Ethernet
> > > over copper)
> > > >>NICs, I simply do not see the gratuitous arps come out 
> of the new
> > > >>interface.
> > > >>
> > > >>I am at a loss to understand what has changed. Could it
> > be that the
> > > >>line DOWN -> UP time of the em interface is longer thereby
> > > causing a
> > > >>loss of ARPs ? Any suggestions ?
> > > >>
> > > >>
> > > >>
> > > >Yes, I can reproduce this too, no gratuitous ARP is sent.
> > > >
> > > >
> > > >Cheers,
> > > >
> > > >
> > >
> > >
> > > ___
> > > [EMAIL PROTECTED] mailing list
> > > http://lists.freebsd.org/mailman/listinfo/free> bsd-net To
> > > unsubscribe, send any mail to
> > > "[EMAIL PROTECTED]"
> > >
> > > ---
> > > Incoming mail is certified Virus Free.
> > > Checked by AVG anti-virus system (http://www.grisoft.com).
> > > Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003
> > >
> > >
> > 
> > ___
> > [EMAIL PROTECTED] mailing list
> > http://lists.freebsd.org/mailman/listinfo/free> bsd-net
> >  To 
> > unsubscribe, send any mail to 
> > "[EMAIL PROTECTED]"
> > 
> > 
> > ---
> > Incoming mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003
> >  
> > 
> 
> 
> 
> 
> mail2web - Check your email from the web at http://mail2web.com/ .
> 
> 
> ___
> [EMAIL PROTECTED] mailing list 
> http://lists.freebsd.org/mailman/listinfo/free> bsd-net
> To 
> unsubscribe, send any mail to 
> "[EMAIL PROTECTED]"
> 
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/2003
>  
> 

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ipfw rules vs routes to localhost?

[Neelkanth Natu]

--- [EMAIL PROTECTED] wrote:
> > I'm considering:
> > 
> >   ipfw add N deny ip from a.b.c.d to any
> > 
> > vs.
> > 
> >   route add -host a.b.c.d localhost
> > 
> > I need to block traffic to a number of IP addresses.  I thought I'd use
> > ipfw to avoid things like UDP DNS lookups that might come in ant take up
> > resources while my system tried to respond, but it's been suggested on
> > another list that setting routes to localhost will use less resources.
> > Ideally, I'd like to be able to block a few tens of thousands of IPs.
> > 
> > What's the scoop?
> ipfw with huge list works slow.
> Dont try huge route tables.
> 
> use in kernel:
> pseudo-device   disc#Discard device (ds0, ds1, etc)
> 
> and
> ifconfig ds0 inet 0.0.0.1/32 (or else)
> route add -host a.b.c.d 0.0.0.1
> instead of localhost

An advantage of using "disc" is that you can monitor interface
counters and use tcpdump to see the discarded traffic. A blackhole
route to the loopback interface does not offer you this luxury.

best
Neel

__
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Spontan reboot of FreeBSD 4,x box

[Dennis Pedersen]

If i understand the man page of periodic correctly then it should'nt run if
cron is'nt running? (ps aux |grep cron gives nothing and cron_enable is set
to 'NO' in rc.conf)
Can i simply remove the scripts from daily to make sure nothing is running
from there or will that possibly crash the box? (i dont have access to the
box with anything other than ssh right now.)
Memory i having trouoble beliving in , its 3 different box's. 2 running 4,4
and one running 4,7. All on different hardware (except the nics are 3com,
not same model.)

Regards,
Dennis

- Original Message -
From: "Don Bowman" <[EMAIL PROTECTED]>
To: "'Dennis Pedersen'" <[EMAIL PROTECTED]>; "Don Bowman"
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Wednesday, May 28, 2003 10:49 PM
Subject: RE: Spontan reboot of FreeBSD 4,x box


well, I would speculate that your /etc/periodic is
running @ 3am doing things like looking for setuid files,
pruning /tmp, etc, which sparks up some disk activity, forks
a few processes, walks the filesystem, etc, which is tripping some
bug you have in the kernel, or bad memory. [i have a version
of memtest86 which can be loaded from 'loader' and placed on
a fbsd file system if you wish to try the bad memory theory
conveniently].

I have a similar problem in 4.7 that occurs once in a while
@ 3:01am which seems to randomly corrupt memory. I've been
chasing it for a while but is hasn't been reproducible enough
to find.

This is pure speculation.

man 8 periodic
see /etc/periodic.conf

> -Original Message-
> From: Dennis Pedersen [mailto:[EMAIL PROTECTED]
> Sent: May 28, 2003 16:46
> To: Don Bowman; [EMAIL PROTECTED]
> Subject: Re: Spontan reboot of FreeBSD 4,x box
>
>
>
> - Original Message -
> From: "Don Bowman" <[EMAIL PROTECTED]>
> To: "'Dennis Pedersen'" <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]>
> Sent: Wednesday, May 28, 2003 3:56 PM
> Subject: RE: Spontan reboot of FreeBSD 4,x box
>
>
> > > From: Dennis Pedersen [mailto:[EMAIL PROTECTED]
> > >
> > > I have a couple of FreeBSD 4,4 and one 4,7 that are beeing
> > > used as firewalls
> > > in different locations.
> > > Lately i haven noticed that one of the firewall's was
> > > starting to reboot at
> > > a certin time of the day (give or take maybe 10min).
> >
> > The time it resets wouldn't correlate to the periodic (e.g.
> > 3am) would it?
>
> On one of the box´s that fits yeah..
> What am i missing?
> cron_enable is set to no in rc.conf and the cron deamon isnt running?
>
>
> Regards,
> Dennis
>

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

limiting connections per IP w/FreeBSD ftpd?

[Andrew Gallatin]

At my company, some bonehead (not sure if it was maliciousness or just
a stupid customer), opened 60 simultaneous connections to our ftp
server and totally swamped our T1.This is the second or third time
this has happened recently.

So I'm looking for some way to limit the number of connections per-IP.
I understand this may be bad for sites behind NAT boxes, or for
multiuser systems, and I don't want to start a thread debating its
merits.  

I'd like to avoid downgrading to one of the swiss-army knife ftpds
that always seems to have a vulnerability in the headlines, but I
don't have time to hack FreeBSD ftpd myself.

So: Does anybody have patches to allow FreeBSD's ftpd to limit
connections per IP?  Or am I stuck with proftpd or wuftpd

Thanks,

Drew

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: limiting connections per IP w/FreeBSD ftpd?

[Simon L. Nielsen]

On 2003.05.30 09:25:31 -0400, Andrew Gallatin wrote:
> 
> At my company, some bonehead (not sure if it was maliciousness or just
> a stupid customer), opened 60 simultaneous connections to our ftp
> server and totally swamped our T1.This is the second or third time
> this has happened recently.

How about just restricting the bandwidth usage with ipfw/dummynet ?

-- 
Simon L. Nielsen


pgp0.pgp
Description: PGP signature

Re: limiting connections per IP w/FreeBSD ftpd?

[Andrew Gallatin]

Simon L. Nielsen writes:
 > On 2003.05.30 09:25:31 -0400, Andrew Gallatin wrote:
 > > 
 > > At my company, some bonehead (not sure if it was maliciousness or just
 > > a stupid customer), opened 60 simultaneous connections to our ftp
 > > server and totally swamped our T1.This is the second or third time
 > > this has happened recently.
 > 
 > How about just restricting the bandwidth usage with ipfw/dummynet ?
 > 

Our firewall is elsewhere, and I don't admin it.   

As for adding it to the server itself, its an alpha, and I don't think
dummnet/ipfw are production quality on alpha...

Drew



___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: limiting connections per IP w/FreeBSD ftpd?

[Maxim Konovalov]

On 09:25-0400, May 30, 2003, Andrew Gallatin wrote:

>
> At my company, some bonehead (not sure if it was maliciousness or just
> a stupid customer), opened 60 simultaneous connections to our ftp
> server and totally swamped our T1.This is the second or third time
> this has happened recently.
>
> So I'm looking for some way to limit the number of connections per-IP.
> I understand this may be bad for sites behind NAT boxes, or for
> multiuser systems, and I don't want to start a thread debating its
> merits.
>
> I'd like to avoid downgrading to one of the swiss-army knife ftpds
> that always seems to have a vulnerability in the headlines, but I
> don't have time to hack FreeBSD ftpd myself.
>
> So: Does anybody have patches to allow FreeBSD's ftpd to limit
> connections per IP?  Or am I stuck with proftpd or wuftpd

a) run ftpd from inetd -s, man inetd;

b) ipfw2 limit src-addr, man ipfw.

-- 
Maxim Konovalov, [EMAIL PROTECTED], [EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: limiting connections per IP w/FreeBSD ftpd?

[Andrew Gallatin]

Maxim Konovalov writes:
 > a) run ftpd from inetd -s, man inetd;

Duh! Thanks!  Works fine. 

Drew
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"