(Solved) Strange dial-up related DNS problems

[Willie Viljoen]

I got it fixed (or atleast, as good as it can be fixed)

For future reference, here's what went wrong.

During the weekend, SAIX upgraded and repaired all Cisco equipment on their 
network. During this repair, they somehow managed to break something major. 
The /etc/ppp/options file on the offending BSD box contained the asyncmap 0 
option. This tells pppd not to escape characters leaving as part of packets 
that could be misunderstood as being controle characters by the other side.

This has been woking fine for a long time. however, during SAIX's tinkering, 
they managed to get their PPP gateways to not ignore controle characters 
coming in as part of IP packets, as they should be doing.

What was going wrong was that some part of the DNS query must have been seen 
as some arb. controle character. The machine then handled the packet 
incorrectly, and it never reached the NS it was meant for.

To fix this, just remove asyncmap 0 from your config file. This gives a 
slight performance hit, but with the wonderful resourcefullness of some 
ISPs, what can you do...

Origional message follows:

This gets a 10.0 on my weird-o-meter.

I have a FreeBSD 4.7-RELEASE machine sitting at a client which dials in and 
collects their mail via POP3, and sends outgoing mail via a smarthost which 
points to an SMTP server at their ISP.

This machine has worked fine since late last year, but started giving a 
strange problem this week.

When connected to their ISP, SAIX, the machine can ping any live internet IP 
and it can traceroute to anywhere, but, it can not talk to any DNS server. 
Any traffic to port 53 UDP simply seems to dissapear.

The same with firewalling enabled as normal, or even with ipfw add 1 allow 
ip from any to any

When connected to any other ISP we have tried dialing, all works perfectly. 
When dialed from another FreeBSD box with the same username/password, the 
SAIX connection works perfectly.

Yet, this single machine absolutely flat out refuses to talk to any name 
server while connected to SAIX, firewalling, no firewalling, no difference.

I have tried running tcpdump -i ppp0 udp port 53 in an attempt at capturing 
these packets, nothing, I also looked at rl0 just for interest's sake, 
nothing.

I have run out of ideas, what am I missing?

PS: Please CC me in the reply, I get so much list mail I might miss a reply 
there.
-- 
Willie Viljoen
Freelance IT Consultant

214 Paul Kruger Avenue, Universitas
Bloemfontein
9321
South Africa

+27 51 522 15 60
+27 82 404 03 27 (mobile)

[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: pppoe, can't ping tun0, ipfnat ftp proxy "doesn't work"

[jeremie le-hen]

> > You are complicating things by running both ipfw and ipf.
> > can you not do just one of them?
> 
> I'm not sure.  The literature I've read so far says neither firewall
> does traffic shaping AND supports active FTP in a deny-by-default
> setting.  If google's to be believed, the generally accepted solution is
> to use ipfw2 for DUMMYNET and ipf/ipfnat for firewalling and active FTP
> proxying.

That's exactly what I use on my personal DSL gateway, and it just works fine.
I use the IPFilter framework for firewalling and NAT, since I found it quite
simple and efficient. Furthermore NAT is done in kernel, reducing context
swiches overhead, and it is also supposed to be an application-layer firewall
for FTP, altough I've never succeeded in making it work (probably due to lack
of documentation, it is still considered as an experimental feature).
And, ping works, I even forward it :-) !

I use ipfw(8) for fine grained firewalling (things I can't unfortunately do
with IPFilter, such as filtering on TCP options), and, in conjunction with
dummynet(4), traffic shapping. The latter is indeed very simple to employ and
there is no context switches overhead since everything is done in kernel.
I know it is possible to use ALTQ with IPFilter for a more precise traffic
shapping, but I've never found any documentation on it (I would be grateful
if someone could point me to).

> The combination served me well when I was using ppp(8) to drive a serial
> modem.  Now that I've switched to ADSL and PPPoE, things seem subtly
> broken.  I blame the user (myself), but I haven't found a solution after
> beating on the problem for several days.

Could you show us your ipf(8), ipnat(8) and ipfw(8) configuration files ?
Foolish note: You can see echo requets leaving your box, and even echo replies
comine back; for me, it smells you forgot to use the "keep state" statement
in the rule which allows outgoing echo requests. But maybe I am missing
something.

Regards,
-- 
Jeremie aka TtZ/TataZ
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: pppoe, can't ping tun0, ipfnat ftp proxy "doesn't work"

[Rocco Caputo]

On Thu, Jul 31, 2003 at 10:21:03AM +0200, jeremie le-hen wrote:
> Rocco Caputo wrote:
> > The combination served me well when I was using ppp(8) to drive a serial
> > modem.  Now that I've switched to ADSL and PPPoE, things seem subtly
> > broken.  I blame the user (myself), but I haven't found a solution after
> > beating on the problem for several days.
> 
> Could you show us your ipf(8), ipnat(8) and ipfw(8) configuration files ?
> Foolish note: You can see echo requets leaving your box, and even echo replies
> comine back; for me, it smells you forgot to use the "keep state" statement
> in the rule which allows outgoing echo requests. But maybe I am missing
> something.

I think you're right about "keep state" being a problem.  ipfstat -t
shows several open states for tun0 -> tun0.  The 10sec interval is how
often I ping it.

68.213.211.14268.213.211.1420/0 icmp   4   116 0:50
68.213.211.14268.213.211.1420/0 icmp   4   116 0:30
68.213.211.14268.213.211.1420/0 icmp   4   116 0:00
68.213.211.14268.213.211.1420/0 icmp   4   116 0:10
68.213.211.14268.213.211.1420/0 icmp   4   116 0:40
68.213.211.14268.213.211.1420/0 icmp   4   116 0:20

It looks like state is being kept, but the echo replies aren't matching.
I've verified that the packets cross tun0:

3) eyrie:/home/troc/firewall# tcpdump -i tun0 \
> 'src 68.213.211.142 and dst 68.213.211.142 and icmp'
tcpdump: listening on tun0
10:23:44.035184 68.213.211.142 > 68.213.211.142: icmp: echo request
10:23:44.037761 68.213.211.142 > 68.213.211.142: icmp: echo request
10:23:44.037843 68.213.211.142 > 68.213.211.142: icmp: echo reply
10:23:44.038069 68.213.211.142 > 68.213.211.142: icmp: echo reply

That's odd, though.  I'm only pinging the address once every ten
seconds, but tcpdump shows two requests and replies.

The firewall configurations were included at the start of this thread,
but I'm including them again.  The other files are omitted.

=== ipfstat -i

block in quick on tun0 from 0.0.0.0/8 to any
block in quick on tun0 from 127.0.0.0/8 to any
block in quick on tun0 from 169.254.0.0/16 to any
block in quick on tun0 from 172.16.0.0/12 to any
block in quick on tun0 from 192.0.2.0/24 to any
block in quick on tun0 from 192.168.0.0/16 to any
block in quick on tun0 from 224.0.0.0/4 to any
block in quick on tun0 from 240.0.0.0/4 to any
pass in quick on lo0 from any to any
pass in quick on rl0 from any to any
pass in quick on dc0 from any to any
pass in quick on tun0 proto tcp from any to any port = 80 flags S/FSRPAU keep state 
keep frags
pass in quick on tun0 proto tcp from any to any port = 113 flags S/FSRPAU keep state 
keep frags
pass in quick on tun0 proto tcp from any to any port = 433 flags S/FSRPAU keep state 
keep frags
pass in quick on tun0 proto tcp from any to any port 6881 >< 6999 flags S/FSRPAU keep 
state keep frags
pass in quick on tun0 proto tcp from any to any port = 11512 flags S/FSRPAU keep state 
keep frags
pass in quick on tun0 proto tcp from any to any port 32000 >< 32100 flags S/FSRPAU 
keep state keep frags
block in quick from any to any

=== ipfstat -o

block out quick on tun0 from 0.0.0.0/8 to any
block out quick on tun0 from 127.0.0.0/8 to any
block out quick on tun0 from 169.254.0.0/16 to any
block out quick on tun0 from 172.16.0.0/12 to any
block out quick on tun0 from 192.0.2.0/24 to any
block out quick on tun0 from 192.168.0.0/16 to any
block out quick on tun0 from 224.0.0.0/4 to any
block out quick on tun0 from 240.0.0.0/4 to any
pass out quick on lo0 from any to any
pass out quick on rl0 from any to any
pass out quick on dc0 from any to any
pass out quick on tun0 proto icmp from any to any keep state
pass out quick on tun0 proto tcp from any to any flags S/FSRPAU keep state keep frags
pass out quick on tun0 proto udp from any to any keep state keep frags
block out quick from any to any

=== ipnat -l

List of active MAP/Redirect filters:
map tun0 68.213.211.142/32 -> 68.213.211.142/32 proxy port ftp ftp/tcp

List of active sessions:
(none)

=== ipfw show

01110 queue 18 icmp from any to any in via tun0
01110 queue 18 ip from any to any in via tun0 iptos lowdelay,throughput
01120 queue 18 tcp from any to any in via tun0 tcpflags ack
01120 queue 18 tcp from any to any in via tun0 tcpflags ack
01300 queue 14 ip from any to any in via tun0 iptos lowdelay
01310 queue 14 tcp from any -6669 to any in via tun0
01320 queue 14 tcp from any 80 to any in via tun0
01400 queue 11 tcp from any 119 to any in via tun0
01410 queue 11 tcp from any 5999 to any in via tun0
01420 queue 11 tcp from any to any in via tun0 iplen 1500
01430 queue 11 tcp from any 6881-6889 to any in via tun0
01440 queue 11 tcp from any to any dst-port 6881-6889 in via tun0
01900 queue 12 ip from any to any in via tun0
02100 queue 28 icmp from any to any out via tun0
02110 queue 28 ip from any to any out via tun0 iptos lowdelay,

Multiple Interfaces

[Bryce Edwards]

I have two interfaces and the following info in rc.conf.  The first one is
setup properly but the second one never gets configured.

ifconfig_fxp0="inet a.b.c.186 netmask 255.255.255.192"
ifconfig_fxp1="inet a.c.c.187 netmask 255.255.255.192"

I'm running 4.8-STABLE FreeBSD 4.8-STABLE #0: Mon Jul 14 15:41:24 CDT 2003

When I run 'ifconfig -l', I get the following, so leaving
network_interfaces="auto" should work.

fxp0 fxp1 faith0 lo0 ppp0 sl0

What am I missing?

TIA,

Bryce

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

freevrrp

[Bryce Edwards]

I'm trying to run freevrrpd on a server with two interfaces for redundancy.
I want them both to act as one IP in a master/slave setup.  Here's the
errors I'm getting:

Jul 31 11:07:34 ns freevrrpd[207]: launching daemon in background mode
Jul 31 11:07:34 ns freevrrpd[208]: initializing threads and all VRID
Jul 31 11:07:34 ns freevrrpd[208]: reading configuration file
/usr/local/etc/freevrrpd.conf
Jul 31 11:07:34 ns freevrrpd[208]: cannot set ip addr a.b.c.131 for
interface fxp0 (ioctl SIOCAIFADDR): File exists
Jul 31 11:07:34 ns freevrrpd[208]: send ip = a.b.c.186, eth = xxx
Jul 31 11:07:34 ns freevrrpd[208]: server state vrid 10: master
Jul 31 11:07:34 ns freevrrpd[208]: server state vrid 10: backup
Jul 31 11:07:37 ns freevrrpd[208]: cannot set ip addr a.b.c.131 for
interface fxp1 (ioctl SIOCAIFADDR): File exists
Jul 31 11:07:37 ns freevrrpd[208]: server state vrid 10: master
Jul 31 11:07:37 ns freevrrpd[208]: send ip = a.b.c.186, eth = xxx
Jul 31 11:08:08 ns last message repeated 30 times
Jul 31 11:10:09 ns last message repeated 120 times
Jul 31 11:19:03 ns last message repeated 529 times
Jul 31 11:19:03 ns freevrrpd[208]: server state vrid 10: backup
Jul 31 11:19:03 ns freevrrpd[208]: server state vrid 10: backup
Jul 31 11:19:03 ns freevrrpd[208]: select on readfds fd_set failed:
Interrupted system call
Jul 31 11:19:04 ns freevrrpd[208]: cannot set ip addr a.b.c.131 for
interface fxp1 (ioctl SIOCAIFADDR): File exists
Jul 31 11:19:04 ns freevrrpd[208]: server state vrid 10: master
Jul 31 11:21:13 ns freevrrpd[208]: restoring real MAC address: xxx
for interface fxp0
Jul 31 11:21:13 ns freevrrpd[208]: restoring real MAC address: xxx
for interface fxp1

Here's my config:

[VRID]
serverid = 10
interface = fxp0
priority = 255
addr = a.b.c.131/26
password = test

[VRID]
serverid = 10
interface = fxp1
priority = 254
addr = a.b.c.131/26
password = test

And in rc.conf:

ifconfig_fxp0="inet a.b.c.186 netmask 255.255.255.192"
ifconfig_fxp1="inet a.b.c.187 netmask 255.255.255.192"

TIA,

Bryce

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Multiple Interfaces

[Bob]

Greets 

> I have two interfaces and the following info in rc.conf.  The 
> first one is
> setup properly but the second one never gets configured.
 
I just went through this process myself.

The word I have is that FreeBSD cannot run two NICs on
the same subnet, which is what your included config shows.
So try as you may it will not work. I also tested 4.7, 5.0 
and 5.1 with similar results. 

Here is a snippet of an email I received on this topic:

Begin

Well, as long as I can tell, one can't have 2 ifaces on the same subnet 
on FreeBSD. This seems to be regarded as a feature by the guys who have 
written the code. "It's arguable that it should be done any other way, 
since it will put questions like  what interface will be used for 
outgoing segments to the subnet ? etc. which will require to manually  
assign the arp table as log as you have the rest of the nodes of the 
subnet connected throu some kind of switches or to still have all 
outgoing connections throu a preferred interface which will require a 
SRC (IP+MAC) addresses of the other interface and will unnecessary 
complicated the hole thing". So the result will be a gain in the speed 
of incoming segments but more load on the system.

END

>What am I missing?

All you are missing is the fact FreeBSD cannot handle
two NICs the same subnet. OpenBSD does, NetBSD does and Linux does.

Regards

Bob D

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: freevrrp

[Michael W. Oliver]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

+--- On Thursday, July 31, 2003 12:59,
| Bryce Edwards proclaimed:
|
| I'm trying to run freevrrpd on a server with two interfaces for
| redundancy. I want them both to act as one IP in a master/slave setup. 
| Here's the errors I'm getting:
|
| Jul 31 11:07:34 ns freevrrpd[207]: launching daemon in background mode
| Jul 31 11:07:34 ns freevrrpd[208]: initializing threads and all VRID
| Jul 31 11:07:34 ns freevrrpd[208]: reading configuration file
| /usr/local/etc/freevrrpd.conf
| Jul 31 11:07:34 ns freevrrpd[208]: cannot set ip addr a.b.c.131 for
| interface fxp0 (ioctl SIOCAIFADDR): File exists
| Jul 31 11:07:34 ns freevrrpd[208]: send ip = a.b.c.186, eth = xxx
| Jul 31 11:07:34 ns freevrrpd[208]: server state vrid 10: master
| Jul 31 11:07:34 ns freevrrpd[208]: server state vrid 10: backup
| Jul 31 11:07:37 ns freevrrpd[208]: cannot set ip addr a.b.c.131 for
| interface fxp1 (ioctl SIOCAIFADDR): File exists
| Jul 31 11:07:37 ns freevrrpd[208]: server state vrid 10: master
| Jul 31 11:07:37 ns freevrrpd[208]: send ip = a.b.c.186, eth = xxx
| Jul 31 11:08:08 ns last message repeated 30 times
| Jul 31 11:10:09 ns last message repeated 120 times
| Jul 31 11:19:03 ns last message repeated 529 times
| Jul 31 11:19:03 ns freevrrpd[208]: server state vrid 10: backup
| Jul 31 11:19:03 ns freevrrpd[208]: server state vrid 10: backup
| Jul 31 11:19:03 ns freevrrpd[208]: select on readfds fd_set failed:
| Interrupted system call
| Jul 31 11:19:04 ns freevrrpd[208]: cannot set ip addr a.b.c.131 for
| interface fxp1 (ioctl SIOCAIFADDR): File exists
| Jul 31 11:19:04 ns freevrrpd[208]: server state vrid 10: master
| Jul 31 11:21:13 ns freevrrpd[208]: restoring real MAC address:
| xxx for interface fxp0
| Jul 31 11:21:13 ns freevrrpd[208]: restoring real MAC address:
| xxx for interface fxp1
|
| Here's my config:
|
| [VRID]
| serverid = 10
| interface = fxp0
| priority = 255
| addr = a.b.c.131/26
| password = test
|
| [VRID]
| serverid = 10
| interface = fxp1
| priority = 254
| addr = a.b.c.131/26
| password = test
|
| And in rc.conf:
|
| ifconfig_fxp0="inet a.b.c.186 netmask 255.255.255.192"
| ifconfig_fxp1="inet a.b.c.187 netmask 255.255.255.192"
|
| TIA,
|
| Bryce

Ni Bryce,

Try setting the mask on the VIP to /32 instead of /26.  IIRC, an alias 
address must have a /32 mask, as the routing table already has an entry for 
a.b.c.128/26 (in your case), which is why it is rejecting the VIP address 
assignment.

- -- 
+-+--+
|   Michael W. Oliver, CCNP   | "The tree of liberty must be |
| IPv6 & FreeBSD mark | refreshed from time to time  |
|   [EMAIL PROTECTED]| with the blood of patriots   |
|   http://michael.gargantuan.com/| and tyrants."|
|  ASpath-tree, Looking Glass, etc.   | - President Thomas Jefferson |
| +--+
|  gpg key - http://michael.gargantuan.com/gnupg/pubkey.asc  |
++


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (FreeBSD)

iD8DBQE/KUvWsWv7q8X6o8kRAk49AJ9LRes55+k+HHyzciVY9GSYdXlwpgCfZN8O
FDovoIyfgFXTKtcP6vDlmLQ=
=J2vb
-END PGP SIGNATURE-

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

[PATCH] AODV (RFC 3561) support for tcpdump

[Bruce M Simpson]

Hi all,

I send you this patch in order that I may have your advice. I've added
a module to tcpdump to decode AODV packets as per RFC 3561.
The only extension currently understood is HELLO.

I've submitted this to [EMAIL PROTECTED], but I've been working with
a number of you on wi(4) related things, or have met you in person
recently, thus giving you 'heads up' and opportunity to review.
[Tracker ID 780993]

I haven't been able to test this extensively because:

I have 3 LocustWorld MeshBoxes here which don't seem to be speaking to each
other, and the solitary machine which does send AODV traffic is sending
type 69, which doesn't inspire confidence (but it seems someone's made off
with the passwords for them, too - all will probably be resolved when someone
gets back from holiday).

Yes, Dorothy, this is in lieu of a possible forthcoming BSD aodvd daemon.

Regards,
BMS
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

On demand routing redux (RFC 3561 AODV preparatory)

[Bruce M Simpson]

Hi all,

Here's some more stuff I'd like review on. I've written a simple bit of code
which just sits there listening for RTM_RESOLVE and redirects destination
cloned route using RTM_CHANGE.

I wrote this to prove we could implement in-demand routing protocols, in
userland, without any of the stupid kernel modifications we've seen for
Linux implementations.

Specify a CIDR network on the command line; it will configure a disc(4)
interface and add a network route via that interface. Currently, the netmask
code is broken; Bill Fenner has given me feedback on how to fix this.

You can sidestep this by creating the disc0 route before running rtmhack:
 # ifconfig disc0 create
 # route -n add 10.0.0.0/8 -iface disc0

The name 'disc0' was not chosen deliberately.

Needless to say, this code is really hackish, and will be getting cleaned
up thoroughly before it is anywhere near production quality.

Please let me know your thoughts. Comments and feedback solicited.

BMS

The proof of concept code simply updates the route to point to a
loopback interface (which deliberately creates a local routing loop
for the purposes of demonstration).

A cloning XRESOLVE route is bound to a local 'bit bucket' interface,
disc0, for a given network prefix. Any use of this route will cause a child
route to be created via the CLONING mechanism, and an RTM_RESOLVE message
will be generated which we later reply to.

The only information delivered in an RTM_RESOLVE message is the address for
which the kernel is requesting routing information. Therefore it will be
necessary to check the sockaddr against the list of addresses for hosts
and/or networks which we manage, and discard the message if it doesn't match.

It looks as though we can't send an RTM_RESOLVE back to the kernel.
Instead, we have to use RTM_CHANGE to modify the cloned route.

The CLONING mechanism sets the IFP. So we must reset that when sending an
RTM_CHANGE to the kernel, by using an empty sockaddr_dl for the IFP; this
means that it will be inferred from RTAX_GATEWAY.

The required fields for an RTM_CHANGE are: destination, gateway, flags
(and genmask if specifying a network route).  ifa/ifp should also be
specified if changing an interface route.

RTA_AUTHOR doesn't appear to be used anywhere in the kernel. This attribute
could be potentially useful for recording the originator of AODV routes
in-kernel; for now, this information shall reside only in aodvd's MIB.
/*  $FreeBSD$ */

/*
 * This is a hack to demonstrate the concept of hooking for the
 * RTM_RESOLVE message being sent from the FreeBSD routing code,
 * as a means of looking up routes on demand using a routing protocol
 * such as AODV.
 * This code will probably be vastly cleaned up and tested more thoroughly
 * before being used as the basis for a user-space BSD AODV implementation.
 */

/*
 * Copyright (c) 2003 Bruce M. Simpson <[EMAIL PROTECTED]>
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *notice, this list of conditions and the following disclaimer in the
 *documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *must display the following acknowledgement:
 *This product includes software developed by Bruce M. Simpson.
 * 4. Neither the name of Bruce M. Simpson nor the names of co-
 *contributors may be used to endorse or promote products derived
 *from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY Bruce M. Simpson AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL Bruce M. Simpson OR CONTRIBUTORS
 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include 
#include 
#include 
#include 
#include 
#include 
#include 

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 

void usage(void);
int add_xresolve_route(char *ifname, struct sockaddr_in *sin, int bits);
int i

Re: Multiple Interfaces

[Barney Wolff]

On Thu, Jul 31, 2003 at 11:07:18AM -0600, Bob wrote:
> 
> All you are missing is the fact FreeBSD cannot handle
> two NICs the same subnet. OpenBSD does, NetBSD does and Linux does.

Wrong.  As already stated, make the netmask on the second one /32.

Re freevrrpd, so far as I know it's intended for the case of two machines
where one backs up the other, not two interfaces on one machine taking
over for each other.

-- 
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Multiple Interfaces

[Oleg Polyakov]

--- Bob <[EMAIL PROTECTED]> wrote:
> Greets 
> 
> > I have two interfaces and the following info in rc.conf.  The 
> > first one is
> > setup properly but the second one never gets configured.
>  
> I just went through this process myself.
> 
> The word I have is that FreeBSD cannot run two NICs on
> the same subnet, which is what your included config shows.
> So try as you may it will not work. I also tested 4.7, 5.0 
> and 5.1 with similar results. 

The trick is to configure second interface with netmask 255.255.255.255.
That interface can't be default gateway. But if anything listen to that address
than it responds on that address.

You may see log messages like this:
arp: 10.13.1.2 is on fxp0 but got reply from 00:00:0c:61:2e:c0 on fxp1

To disable it run:
sysctl net.link.ether.inet.log_arp_wrong_iface=0

> Here is a snippet of an email I received on this topic:
> 
> Begin
> 
> Well, as long as I can tell, one can't have 2 ifaces on the same subnet 
> on FreeBSD. This seems to be regarded as a feature by the guys who have 
> written the code. "It's arguable that it should be done any other way, 
> since it will put questions like  what interface will be used for 
> outgoing segments to the subnet ? etc. which will require to manually  
> assign the arp table as log as you have the rest of the nodes of the 
> subnet connected throu some kind of switches or to still have all 
> outgoing connections throu a preferred interface which will require a 
> SRC (IP+MAC) addresses of the other interface and will unnecessary 
> complicated the hole thing". So the result will be a gain in the speed 
> of incoming segments but more load on the system.
> 
> END
> 
> >What am I missing?
> 
> All you are missing is the fact FreeBSD cannot handle
> two NICs the same subnet. OpenBSD does, NetBSD does and Linux does.

That sounds misleading. FreeBSD handles two or more NICS on one subnet.
You just can't configure them with same netmask or have them behave
identically.
Only one can be default gateway.

> Regards
> 
> Bob D
> 
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"


__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Multihomed Routing (was Re: Multiple Interfaces)

[Michael W. Oliver]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

+--- On Thursday, July 31, 2003 14:13,
| Barney Wolff proclaimed:
|
| On Thu, Jul 31, 2003 at 11:07:18AM -0600, Bob wrote:
| > All you are missing is the fact FreeBSD cannot handle
| > two NICs the same subnet. OpenBSD does, NetBSD does and Linux does.
|
| Wrong.  As already stated, make the netmask on the second one /32.
|
| Re freevrrpd, so far as I know it's intended for the case of two machines
| where one backs up the other, not two interfaces on one machine taking
| over for each other.

I may be wrong here, but the problem lies in having duplicate routes in the 
routing table, which is what would happen if two interfaces were in the 
same network and had the same mask (/26 for example).  This is solved by 
having a different mask for the second interface (much like using the /32 
for VRRPd), but it is only a band-aid.

I am no programmer, so forgive my ignorance in that respect, but why can't a 
metric be used to differentiate routes to the same destination network 
within the routing table?  I happened to be googling and found:

http://daily.daemonnews.org/view_story.php3?story_id=3878

which describes exactly what I am talking about.  Is there any reason why 
this shouldn't be implemented by default in the OS?  Personally, I would 
very much like the ability of Zebra to feed the kernel the same route to 
multiple destinations, differentiating those routes by metric value.

Comments?

- -- 
+-+--+
|   Michael W. Oliver, CCNP   | "The tree of liberty must be |
| IPv6 & FreeBSD mark | refreshed from time to time  |
|   [EMAIL PROTECTED]| with the blood of patriots   |
|   http://michael.gargantuan.com/| and tyrants."|
|  ASpath-tree, Looking Glass, etc.   | - President Thomas Jefferson |
| +--+
|  gpg key - http://michael.gargantuan.com/gnupg/pubkey.asc  |
++


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (FreeBSD)

iD8DBQE/KWG9sWv7q8X6o8kRAvsBAJwMhuja+N/U/W9Oqbb406Al1dI5MgCgjIQz
aQxPupNElWciMWw9cXLMYjo=
=kg2R
-END PGP SIGNATURE-

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

freevrrp

[Andrea Venturoli]

** Reply to note from "Bryce Edwards" <[EMAIL PROTECTED]> Thu, 31 Jul 2003 11:59:14 
-0500


> I'm trying to run freevrrpd on a server with two interfaces for redundancy. 
> I want them both to act as one IP in a master/slave setup.  Here's the 
> errors I'm getting: 
>  
> Jul 31 11:07:34 ns freevrrpd[208]: cannot set ip addr a.b.c.131 for 
> interface fxp0 (ioctl SIOCAIFADDR): File exists 
>  
> Here's my config: 
>  
> addr = a.b.c.131/26 
>  
> addr = a.b.c.131/26 

Try /32 instead.

 bye
av.



___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: pppoe, can't ping tun0, ipfnat ftp proxy "doesn't work"

[jeremie le-hen]

Your problem looks very strange. I didn't succeed in reproducing the same
behaviour on my personal gateway.

But I noticed that, although you use ipnat(8), nat is also enabled in your
ppp(8) configuration, this *may* explains some of your problems, such as
seeing double packets. Try to remove all "nat*" lines.

-- 
Jeremie aka TtZ/TataZ
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Multiple Interfaces

[Wes Peters]

On Thursday 31 July 2003 11:21, Oleg Polyakov wrote:
> --- Bob <[EMAIL PROTECTED]> wrote:
> > Greets
> >
> > > I have two interfaces and the following info in rc.conf.  The
> > > first one is
> > > setup properly but the second one never gets configured.
> >
> > I just went through this process myself.
> >
> > The word I have is that FreeBSD cannot run two NICs on
> > the same subnet, which is what your included config shows.
> > So try as you may it will not work. I also tested 4.7, 5.0
> > and 5.1 with similar results.
>
> The trick is to configure second interface with netmask
> 255.255.255.255. That interface can't be default gateway. But if
> anything listen to that address than it responds on that address.

Right.  The problem is, you have two interfaces on the same network.  
This isn't an error per se, but only one of them is going to be used 
because there can only be one route to the associated network.

By giving the second interface an all-ones netmask, you've effectively 
placed it into a different network.  This prevents the ifconfig command 
from trying to duplicate the route to the local network.  You can add 
other routes through this interface now, for instance as a dedicated 
interface for another IP network.

What you haven't told us is what you're attempting to accomplish with 
this second interface.

By the way, this topic of conversation is actually more appropriate for 
freebsd-questions, this list is supposedly for discussing 
implementation details on the various FreeBSD network stacks.

> You may see log messages like this:
> arp: 10.13.1.2 is on fxp0 but got reply from 00:00:0c:61:2e:c0 on
> fxp1
>
> To disable it run:
> sysctl net.link.ether.inet.log_arp_wrong_iface=0

Yeah, that'll turn off the messages but not the errors. ;^)

> > Here is a snippet of an email I received on this topic:
> >
> > Begin
> >
> > Well, as long as I can tell, one can't have 2 ifaces on the same
> > subnet on FreeBSD. This seems to be regarded as a feature by the
> > guys who have written the code.

Yup, it is.  In the absence of being able to do something sensible, a 
warning message seems like a good alternative.

> > "It's arguable that it should be
> > done any other way, since it will put questions like  what
> > interface will be used for outgoing segments to the subnet ? etc.

Uh, no, that's exactly the questions that come up when you DO try to 
configure two interfaces on the same network.  Look at it this way: if 
I have two interfaces on a 192.168.1 network and I open a socket, bind 
the local address to INADDR_ANY and the remote address to something 
else on the 192.168.1 network, which interface do I pick for outgoing 
packets?

The dark secret in OpenBSD and NetBSD here is that they always pick the 
same one.  You think you're "load balancing" by putting two interfaces 
in there, but the general truth is that you're just pouring electrons 
into unused hardware unless you've carefully configured the system to 
make use of both interfaces.

> > which will require to manually assign the arp table as log as you
> > have the rest of the nodes of the subnet connected throu some kind
> > of switches or to still have all outgoing connections throu a
> > preferred interface which will require a SRC (IP+MAC) addresses of
> > the other interface and will unnecessary complicated the hole
> > thing". So the result will be a gain in the speed of incoming
> > segments but more load on the system.

This has nothing to the with the ARP table and everything to do with the 
routing table.

> > >What am I missing?
> >
> > All you are missing is the fact FreeBSD cannot handle
> > two NICs the same subnet. OpenBSD does, NetBSD does and Linux does.
>
> That sounds misleading. FreeBSD handles two or more NICS on one
> subnet. You just can't configure them with same netmask or have them
> behave identically.
> Only one can be default gateway.

In point of fact, it's just completely wrong.  I guess it depends on 
what you mean by "cannot handle", it certainly doesn't crash the kernel 
or halt networking or anything like that.  In fact, the first interface 
you brought up continues to work just fine.  FreeBSD does the same 
thing OpenBSD and NetBSD do, it just tells you that you've done 
something stupid while the other two merrily let you configure hardware 
that isn't going to be used.

-- 
 "Where am I, and what am I doing in this handbasket?"

Wes Peters  [EMAIL PROTECTED]


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Multipath Routing

[Michael W. Oliver]

[this was posted under another thread, so I am reposting as a new thread to 
hopefully generate some responses.  thanks.]

I am no programmer, so forgive my ignorance in that respect, but why can't a 
metric be used to differentiate routes to the same destination network 
within the routing table?  I happened to be googling and found:

http://daily.daemonnews.org/view_story.php3?story_id=3878

which describes a patch to -STABLE that does exactly what I am talking 
about.

Is there any reason why this shouldn't be implemented by default in the OS?  
I am not being critical of the FreeBSD operating system by any means, just 
curious.

Personally, I would very much like the ability of Zebra to feed the kernel 
the same route via multiple gateways, differentiating those routes by 
metric value.

Comments?

-- 
+-+--+
|   Michael W. Oliver, CCNP   | "The tree of liberty must be |
| IPv6 & FreeBSD mark | refreshed from time to time  |
|   [EMAIL PROTECTED]| with the blood of patriots   |
|   http://michael.gargantuan.com/| and tyrants."|
|  ASpath-tree, Looking Glass, etc.   | - President Thomas Jefferson |
| +--+
|  gpg key - http://michael.gargantuan.com/gnupg/pubkey.asc  |
++




pgp0.pgp
Description: signature

Netgraph node, first steps in kernel land and a bloody crash dump

[Paolo Pisati]

Hi guys, 

still here with my netgraph node.

Today, after a couple of nice days without a problem,
i spent the last 4 hours trying to understand why the hell,
my module crash my stable box.

DISCLAIMER: this is my first real attempt to work
in kernel land, so it's quite possibile that i did
something so stupid to not recognize it... =P

anyway, this is a crash dump:

(kgdb) exec-file /var/crash/kernel.0
(kgdb) core-file /var/crash/vmcore.0
IdlePTD at phsyical address 0x0033c000
initial pcb at physical address 0x0026bb20
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x310
fault code  = supervisor read, page not present
instruction pointer = 0x8:0x310
stack pointer   = 0x10:0xccf7ece4
frame pointer   = 0x10:0xccf7ecf0
code segment= base 0x0, limit 0xf, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags= interrupt enabled, resume, IOPL = 0
current process = 620 (thesis)
interrupt mask  =
trap number = 12
panic: page fault
syncing disks... 13 1
done
Uptime: 13m29s
dumping to dev #ad/0x20001, offset 230752
dump ata0: resetting devices .. done
128 127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111 110 109
108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86 85
 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61 60 59 5
8 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32
31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3
2 1
---
#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
487 if (dumping++) {
(kgdb) where
#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
#1  0xc0157b9f in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:316
#2  0xc0157fc4 in poweroff_wait (junk=0xc023f64c, howto=-1071386289)
at /usr/src/sys/kern/kern_shutdown.c:595
#3  0xc02056a6 in trap_fatal (frame=0xccf7eca4, eva=784)
at /usr/src/sys/i386/i386/trap.c:974
#4  0xc0205379 in trap_pfault (frame=0xccf7eca4, usermode=0, eva=784)
at /usr/src/sys/i386/i386/trap.c:867
#5  0xc0204f63 in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16,
  tf_edi = -856166976, tf_esi = 0, tf_ebp = -856167184,
  tf_isp = -856167216, tf_ebx = 69, tf_edx = 0, tf_ecx = 0,
  tf_eax = -6422529, tf_trapno = 12, tf_err = 0, tf_eip = 784, tf_cs = 8,
  tf_eflags = 66118, tf_esp = -1071208512, tf_ss = 1861})
at /usr/src/sys/i386/i386/trap.c:466
#6  0x310 in ?? ()
#7  0xc0163e70 in putchar (c=69, arg=0xccf7edc0)
at /usr/src/sys/kern/subr_prf.c:355
#8  0xc0164086 in kvprintf (fmt=0xc0e24baa "AF NODE\n",
func=0xc0163dd0 , arg=0xccf7edc0, radix=10, ap=0xccf7edd8 "")
at /usr/src/sys/kern/subr_prf.c:532
#9  0xc0163d4c in printf (fmt=0xc0e24ba8 "LEAF NODE\n")
at /usr/src/sys/kern/subr_prf.c:305
#10 0xc0e2348a in ?? ()
#11 0xc0e23354 in ?? ()
#12 0xc019bc15 in ng_send_data (hook=0xc0cf4a40, m=0xc0748d00, meta=0x0)
at /usr/src/sys/netgraph/ng_base.c:1649
#13 0xc0de12be in ?? ()
#14 0xc01769e3 in sosend (so=0xcc6e0580, addr=0xc0bc44c0, uio=0xccf80ed8,
top=0xc0748d00, control=0x0, flags=0, p=0xc7bd9080)
at /usr/src/sys/kern/uipc_socket.c:609
#15 0xc0179e27 in sendit (p=0xc7bd9080, s=4, mp=0xccf80f18, flags=0)
at /usr/src/sys/kern/uipc_syscalls.c:590
#16 0xc0179ee6 in sendto (p=0xc7bd9080, uap=0xccf80f80)
at /usr/src/sys/kern/uipc_syscalls.c:643
#17 0xc02058ca in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47,
  tf_edi = -1077937886, tf_esi = 671679608, tf_ebp = -1077937864,
  tf_isp = -856158252, tf_ebx = 671679968, tf_edx = 134565966,
  tf_ecx = -9, tf_eax = 133, tf_trapno = 0, tf_err = 2,
  tf_eip = 671912972, tf_cs = 31, tf_eflags = 643, tf_esp = -1077937956,
  tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1175
#18 0xc01f9615 in Xint0x80_syscall ()
#19 0x80522c4 in ?? ()
#20 0x80523b0 in ?? ()
#22 0x805251a in ?? ()
#23 0x805251a in ?? ()
#24 0x805251a in ?? ()
#25 0x805251a in ?? ()
#26 0x80495ce in ?? ()
#27 0x8048ada in ?? ()

Ok, i'm not a guru, but it looks like the culprit is printf in kernel
land, or at least, a bad use of it from myself... (see #9).

I would like to fill the missing ?? in this dump, but i couldn't
find how to load the symbols from my node (and yes, i've
tried what's written in the handbook about the modules and
it didn't work).

Ok, enough for today, i wish someone could shed some
light here, cause i really gave up... =(

on a side note: 
[EMAIL PROTECTED] flag]$ man 9 printf
No entry for printf in section 9 of the manual
[EMAIL PROTECTED] flag]$

what's happened to the man page?

thank you.

-- 

Paolo

GUFI: http://www.gufi.org

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"