Re: mbuf and sk_buffs

2003-07-12 Thread Wes Peters 
On Thursday 10 July 2003 12:59 am, Van Vinh Vo wrote:
> i am doing the research about network layer of freeBSD
> and linux !
> i want what difference of management and schedule
> beetween freeBSD mbufs and linux sk_buffs !

One of the biggest differences is that the BSD implementation is actually 
documented:

http://www.amazon.com/exec/obidos/tg/detail/-/020163354X/ref=pd_sr_ec_ir_b/103-5986084-6837450?v=glance&s=books

This, along with the companion volume 1, will tell you everything you need 
to know about TCP/IPv4.  I fear to think what the world of IPv6 will be 
like without Richard to explain it to us.

-- 

Where am I, and what am I doing in this handbasket?

Wes Peters   [EMAIL PROTECTED]

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

very strange problem

2003-07-12 Thread Matt Douhan 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello

I am running FBSD on two firewalls in a scenario like below

internet
|
FW2
|
DMZ
|
FW1
|
internal LAN

FW1 is running ipf and fw2 is running ipf and ipnat

hosts on the DMZ can access the internet without problems, ping traceroute and 
mail, http all is working nicely and fast.

hosts on the internal LAN however are seing VERY strange things

for example, check this out

9:04pm mdouhan @ [persika] ~ > traceroute www.cisco.com
traceroute to www.cisco.com (198.133.219.25), 64 hops max, 40 byte packets
 1  192.168.15.254 (192.168.15.254)  0.698 ms  0.532 ms  0.410 ms
 2  192.168.254.254 (192.168.254.254)  0.781 ms  0.757 ms  0.744 ms
 3  gw-l3-ktv-hc.koping.net (81.16.160.113)  1.210 ms  1.203 ms  1.263 ms
 4  gw-l3-ktv-it.koping.net (81.16.160.6)  1.546 ms  4.123 ms  1.272 ms
 5  rif3-r1-jvg-kop.arrowhead.com (81.216.90.1)  3.336 ms  2.813 ms  2.649 ms
 6  www.cisco.com (198.133.219.25)  1.278 ms  2.610 ms  1.962 ms

the host "persika" is connected on the internal LAN, and is located in Sweden, 
Europe and there is NO way it can get to www.cisco.com in 2-3 ms, and I dont 
have any caching or proxies or anything, besides traceroute does not care 
about that anyway AFAIK

same traceroute from a host on the DMZ shows the correct thing as follows

9:05pm mdouhan @ [ananas] ~ > traceroute www.cisco.com
traceroute to www.cisco.com (198.133.219.25), 64 hops max, 40 byte packets
 1  firewall2 (192.168.254.254)  0.671 ms  0.458 ms  0.438 ms
 2  gw-l3-ktv-hc.koping.net (81.16.160.113)  0.901 ms  0.931 ms  0.878 ms
 3  gw-l3-ktv-it.koping.net (81.16.160.6)  1.416 ms  1.191 ms  1.388 ms
 4  rif3-r1-jvg-kop.arrowhead.com (81.216.90.1)  2.345 ms  2.080 ms  2.705 ms
 5  rif2-cr1-vf-kop.arrowhead.com (81.216.2.1)  1.973 ms  2.173 ms  2.263 ms
 6  rif6-cr1-vf-vst.arrowhead.com (81.216.0.53)  3.785 ms  2.708 ms  2.540 ms
 7  rif3-cr1-vf-oby.arrowhead.com (213.187.195.97)  3.363 ms  16.022 ms  3.862 
ms
 8  rif47-rs1-t4-sto.arrowhead.com (213.187.195.93)  4.769 ms  4.396 ms  3.999 
ms
 9  rif5-cr3-kst-sto.arrowhead.com (81.216.0.137)  5.115 ms  4.624 ms  4.762 
ms
10  Gi14-1-kst-p1.sto.se.sn.net (81.216.0.113)  4.496 ms  4.577 ms  4.666 ms
11  pos2-0.vrt-p1.sto.se.sn.net (213.88.255.245)  4.687 ms  4.757 ms  4.806 ms
12  sl-gw20-sto-2-1.sprintlink.net (80.77.97.89)  4.575 ms  4.526 ms  4.576 ms
13  sl-bb21-sto-12-0.sprintlink.net (80.77.96.98)  4.969 ms  5.132 ms  5.526 
ms
14  sl-bb21-cop-12-0.sprintlink.net (213.206.129.33)  14.034 ms *  13.904 ms
15  sl-bb20-cop-15-0.sprintlink.net (80.77.64.33)  13.942 ms  13.498 ms  
13.966 ms
16  sl-bb21-msq-10-0.sprintlink.net (144.232.19.29)  91.125 ms  102.015 ms  
93.908 ms
17  sl-bb22-rly-15-3.sprintlink.net (144.232.19.98)  96.692 ms  95.680 ms  
96.615 ms
18  sl-bb25-rly-12-0.sprintlink.net (144.232.14.166)  96.692 ms  95.879 ms  
95.900 ms
19  sl-bb23-sj-9-0.sprintlink.net (144.232.20.11)  227.115 ms  241.136 ms  
220.680 ms
20  sl-bb25-sj-14-0.sprintlink.net (144.232.3.250)  181.269 ms  173.322 ms  
164.253 ms
21  sl-gw11-sj-10-0.sprintlink.net (144.232.3.134)  172.763 ms  172.362 ms  
172.324 ms
22  sl-ciscopsn2-11-0-0.sprintlink.net (144.228.44.14)  166.180 ms  166.028 ms  
170.228 ms
23  sjck-dirty-gw1.cisco.com (128.107.239.5)  164.721 ms  166.063 ms  166.174 
ms
24  sjck-sdf-ciod-gw2.cisco.com (128.107.239.110)  172.908 ms  173.340 ms  
173.284 ms
25  www.cisco.com (198.133.219.25)  174.149 ms  174.768 ms *

now here is where it gets really weird, I have tries reinstalling FW1 since it 
seems to be the cause of the problem, I have tries STABLE, CURRENT, 5.1-R all 
with the same result, it does NOT work.

I have tried swapping FW1 and FW2 and the problem stays the same, so it seems 
to be a misconfiguration on my part (or a bug but thats less likely I think) 
but I cannot figure out what it is.

my rules are very simple

on FW1 allow anything out on the external fxp interface with keep state so it 
can get back in.

on FW2 I have a number of BIMAP statements and some NAT statements, BIMAP are 
for the servers where we provide services such as mail, www and ftp.

Any input or ideas would be highly appreciated, this is driving me crazy







- -- 
- 
Matt Douhan
www.fruitsalad.org
CCIE #4004
*** ping elvis ***
*** elvis is alive ***
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (FreeBSD)

iD8DBQE/EF0skU5PITZniCURArKOAJ9HuNWbWCJiV0PRMSpFCo5bv4P3aACfXhAn
9G8PqZQeZZ8RUIABr12VA5Q=
=Kda6
-END PGP SIGNATURE-

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: very strange problem

2003-07-12 Thread Matt Douhan 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Sorry for topposting but I will try and answer the requests one by one, I can 
only do FW1 today, and fw2 on monday, but here goes

>
> possible send tcpump record pb ?
> (example: tcpdump -ns 0 -i externalintf_fw1 -w all1.tcpdump
> and tcpdump -ns 0 -i externalintf_fw2 -w all2.tcpdump)

dump is pretty large so I did not want to email it, please download it from

http://www.fruitsalad.org/people/mdouhan/fw1.tar.gz

>
> possible send ipf -V (on two fw) ?

7:47pm mdouhan @ [firewall1] ~ > sudo ipf -V
ipf: IP Filter: v3.4.31 (336)
Kernel: IP Filter: v3.4.31
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 0


>
> possible send ipfstat -nhio (on two fw) ?
>

7:49pm mdouhan @ [firewall1] ~ > sudo ipfstat -nhio
2073551 @1 pass out quick on fxp0 from any to any keep state
1038 @1 pass in quick on fxp0 proto icmp from any to any
1802016 @2 pass in quick on fxp0 from 192.168.254.242/32 to 192.168.15.250/32
1255 @3 pass in quick on fxp0 from 192.168.254.250/32 to 192.168.15.249/32
372304 @4 block in log quick on fxp0 from any to any



> possible send ipnat -slv (on two fw) ?

fw1 is not running NAT, will sedn this on monday when I get to fw2

>
> possible send netstat -ni ?
>

7:50pm mdouhan @ [firewall1] ~ > netstat -ni
NameMtu Network   Address  Ipkts IerrsOpkts Oerrs  
Coll
fxp0   1500   00:02:b3:cc:20:6e 45474907 0 46776572 0 
0
fxp0   1500 192.168.254   192.168.254.1  612 -  673 - 
- -
fxp0   1500 fe80:1::202:b fe80:1::202:b3ff:0 -0 - 
- -
fxp1   1500   00:02:b3:cc:1b:3f 47307566 3 45127446 0 
0
fxp1   1500 192.168.15192.168.15.254  184152 -40018 - 
- -
fxp1   1500 fe80:2::202:b fe80:2::202:b3ff:0 -0 - 
- -
lp0*   15000 00 0 
0
lo0   16384  528 0  528 0 
0
lo0   16384 ::1/128   ::1  0 -0 - 
- -
lo0   16384 fe80:4::1/64  fe80:4::10 -0 - 
- -
lo0   16384 127   127.0.0.1  528 -  528 - 
- -




> possible send ifconfig -a ?
>

7:50pm mdouhan @ [firewall1] ~ > ifconfig -a
fxp0: flags=8843 mtu 1500
options=3
inet 192.168.254.1 netmask 0xff00 broadcast 192.168.254.255
inet6 fe80::202:b3ff:fecc:206e%fxp0 prefixlen 64 scopeid 0x1
ether 00:02:b3:cc:20:6e
media: Ethernet autoselect (100baseTX )
status: active
fxp1: flags=8843 mtu 1500
options=3
inet 192.168.15.254 netmask 0xff00 broadcast 192.168.15.255
inet6 fe80::202:b3ff:fecc:1b3f%fxp1 prefixlen 64 scopeid 0x2
ether 00:02:b3:cc:1b:3f
media: Ethernet autoselect (100baseTX )
status: active
lp0: flags=8810 mtu 1500
lo0: flags=8049 mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff00


> possible dmesg ?
>

7:51pm mdouhan @ [firewall1] ~ > dmesg
Copyright (c) 1992-2003 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 5.1-CURRENT #2: Wed Jul  2 15:40:03 GMT 2003
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/FIREWALL1
Preloaded elf kernel "/boot/kernel/kernel" at 0xc052a000.
Preloaded elf module "/boot/kernel/acpi.ko" at 0xc052a1cc.
Timecounter "i8254"  frequency 1193182 Hz
Timecounter "TSC"  frequency 1799806528 Hz
CPU: Intel(R) Celeron(R) CPU 1.80GHz (1799.81-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0xf13  Stepping = 3
  
Features=0x3febfbff
real memory  = 536805376 (511 MB)
avail memory = 515776512 (491 MB)
Pentium Pro MTRR support enabled
npx0:  on motherboard
npx0: INT 16 interface
acpi0:  on motherboard
pcibios: BIOS version 2.10
Using $PIR table, 11 entries at 0xc00fdeb0
acpi0: power button is handled as a fixed feature programming model.
Timecounter "ACPI-fast"  frequency 3579545 Hz
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0
acpi_cpu0:  on acpi0
acpi_cpu1:  on acpi0
acpi_tz0:  on acpi0
acpi_button0:  on acpi0
pcib0:  port 0xcf8-0xcff on acpi0
pci0:  on pcib0
pcib0: slot 29 INTA is routed to irq 12
pcib0: slot 29 INTB is routed to irq 11
pcib0: slot 29 INTC is routed to irq 12
pcib0: slot 29 INTD is routed to irq 10
pcib0: slot 31 INTB is routed to irq 11
pcib0: slot 31 INTB is routed to irq 11
agp0:  mem 0xe000-0xe3ff at device 0.0 
on pci0
pcib1:  at device 1.0 on pci0
pci1:  on pcib1
pcib0: slot 1 INTA is routed to irq 12
pcib1: slot 0 INTA is routed to irq 12
pci1:  at device 0.0 (no driver attached)
uhci0:  port 0xd800-0xd81f irq 12 
at device 29.0 on pci0
usb0:  on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2

SV: very strange problem

2003-07-12 Thread Matt Douhan 


-Ursprungligt meddelande-
Fran: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] rmkml
Skickat: den 12 juli 2003 22:21
Till: Matt Douhan
Amne: Re: very strange problem


ok thanks,

-> http://www.fruitsalad.org/people/mdouhan/fw1.tar.gw

please send ipfstat

5:30am mdouhan @ [firewall1] ~ > sudo ipfstat
 IPv6 packets:  in 0 out 10
 input packets: blocked 386941 passed 95001949 nomatch 2013466
counted 0 short 0
output packets: blocked 0 passed 94853315 nomatch 12710 counted 0
short 0
 input packets logged:  blocked 386941 passed 0
output packets logged:  blocked 0 passed 0
 packets logged:input 0 output 0
 log failures:  input 174353 output 0
fragment state(in): kept 0  lost 0
fragment state(out):kept 0  lost 0
packet state(in):   kept 0  lost 0
packet state(out):  kept 1981715lost 195926
ICMP replies:   0   TCP RSTs sent:  0
Invalid source(in): 0
Result cache hits(in):  2177076 (out):  1832605
IN Pullups succeeded:   0   failed: 0
OUT Pullups succeeded:  0   failed: 0
Fastroute successes:0   failures:   0
TCP cksum fails(in):0   (out):  0
Packet log flags set: (0)
none

rgds

Matt

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"