error to use kmem_free() function
I have modified tcp_subr.c function , in which i make use of kmem_free(kmem_map, , ) function. However, the compiling error says: wanrning: implicit declaration of kmem_free() function and kmem_map undeclared. do i miss including some header file or other reasons? thanks in advance. chunlei ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
how to do kernel debug?
Dear all: i have modifiy some part of TCP code, while after compiling and reboot, shows me fatal 12 page fault. I want to ask nomally how to do kernel debug ? what are the steps. thanks. chunlei ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Please review this diff...
Hi,
I would like to check in the following diff against FreeBSD-CURRENT
and to get feedback from the Kame folks on the general usefulness of
these fixes. All changes are against icmp6.c.
The first part of the diff removes dead code as I suspect MCLBYTES,
the size of a cluster, will never be less than 48, which is the size
of maxlen set above those lines.
The second part checks for error returns from the duplication of the
packets before starting to copy things around.
Thanks,
George
Index: icmp6.c
===
RCS file: /Volumes/exported/FreeBSD-CVS/src/sys/netinet6/icmp6.c,v
retrieving revision 1.60
diff -u -r1.60 icmp6.c
--- icmp6.c 2 Mar 2005 05:14:15 - 1.60
+++ icmp6.c 7 Apr 2005 15:26:28 -
@@ -524,15 +524,6 @@
const int maxlen = sizeof(*nip6) + sizeof(*nicmp6);
int n0len;
- /*
-* Prepare an internal mbuf. m_pullup() doesn't
-* always copy the length we specified.
-*/
- if (maxlen >= MCLBYTES) {
- /* Give up remote */
- m_freem(n0);
- break;
- }
MGETHDR(n, M_DONTWAIT, n0->m_type);
n0len = n0->m_pkthdr.len; /* save for use below */
if (n)
@@ -1943,9 +1934,14 @@
m->m_len <= MHLEN) {
MGET(n, M_DONTWAIT, m->m_type);
if (n != NULL) {
- m_dup_pkthdr(n, m, M_NOWAIT);
- bcopy(m->m_data, n->m_data, m->m_len);
- n->m_len = m->m_len;
+ if (m_dup_pkthdr(n, m, M_NOWAIT)) {
+ bcopy(m->m_data, n->m_data,
+ m->m_len);
+ n->m_len = m->m_len;
+ } else {
+ m_free(n);
+ n = NULL;
+ }
}
}
if (n != NULL ||
@@ -1983,12 +1979,16 @@
MGET(n, M_DONTWAIT, m->m_type);
if (n != NULL) {
- m_dup_pkthdr(n, m, M_NOWAIT);
- bcopy(m->m_data, n->m_data, m->m_len);
- n->m_len = m->m_len;
-
- m_freem(m);
- m = n;
+ if (m_dup_pkthdr(n, m, M_NOWAIT)) {
+ bcopy(m->m_data, n->m_data, m->m_len);
+ n->m_len = m->m_len;
+
+ m_freem(m);
+ m = n;
+ } else {
+ m_freem(n);
+ n = NULL;
+ }
}
}
if (sbappendaddr(&last->in6p_socket->so_rcv,
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: FreeBSD Firewall + NAT Traversal + IPsec
I do this with the cisco VPN client (to PIX),
I am firewalling with pf.
Client --- FreeBSD firewall+NAT using pf --- internet - PIX
The only problem I had was that isakmp needs to come from
port 500 as well as go to port 500 so I needed to add a rule
To stop pf changing the source port. My nat rules are:
nat on $ext_if inet proto { tcp, udp } from $int_net port = 500 \
to any -> ($ext_if:0) port 500
nat on $ext_if from $int_net to any -> $ext_addr1
Havent tried checkpoint though.
Vince
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of John Mok
> Sent: 07 April 2005 17:15
> To: freebsd-net@freebsd.org
> Subject: FreeBSD Firewall + NAT Traversal + IPsec
>
> Hi,
>
> I'm new to FreeBSD. Is it possible make a FreeBSD box with
> firewall + NAT, such that client PC(s) from the NATed
> internal network could connect to a VPN gateway on the Internet :-
>
> client PC - FreeBSD Firewall + NAT Internet
> IPsec VPN gateway
> 192.168.x.x/16 (e.g.
> Checkpoint FW-1)
> (VPN client)
>
> I hope someone could help to advise what software is required
> on the FreeBSD box to NAT traversal work and where to get the
> HOWTO(s)?
>
> Thanks a lot.
>
> John Mok
>
> ___
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
>
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Firewall + NAT Traversal + IPsec
To my understanding, the mechanism of how NAT works is that, the client
connections from the intranet are mapped to separate ports on the NAT
with one single IP address by means of a mapping table, such that the
reply packet from the outside to the NAT could be reversely mapped to
the respective client connections. If there are more than one VPN
clients being NATed to the VPN gateway, and all client isakmp
connections to port 500 are mapped to port 500 on the external interface
of the NAT, then how the NAT could reversely mapped the isakmp replies
to the clients unambigously?
John Mok
Vince wrote:
I do this with the cisco VPN client (to PIX),
I am firewalling with pf.
Client --- FreeBSD firewall+NAT using pf --- internet - PIX
The only problem I had was that isakmp needs to come from
port 500 as well as go to port 500 so I needed to add a rule
To stop pf changing the source port. My nat rules are:
nat on $ext_if inet proto { tcp, udp } from $int_net port = 500 \
to any -> ($ext_if:0) port 500
nat on $ext_if from $int_net to any -> $ext_addr1
Havent tried checkpoint though.
Vince
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Mok
Sent: 07 April 2005 17:15
To: freebsd-net@freebsd.org
Subject: FreeBSD Firewall + NAT Traversal + IPsec
Hi,
I'm new to FreeBSD. Is it possible make a FreeBSD box with
firewall + NAT, such that client PC(s) from the NATed
internal network could connect to a VPN gateway on the Internet :-
client PC - FreeBSD Firewall + NAT Internet
IPsec VPN gateway
192.168.x.x/16 (e.g.
Checkpoint FW-1)
(VPN client)
I hope someone could help to advise what software is required
on the FreeBSD box to NAT traversal work and where to get the
HOWTO(s)?
Thanks a lot.
John Mok
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Firewall + NAT Traversal + IPsec
On Sat, 9 Apr 2005, John Mok wrote:
To my understanding, the mechanism of how NAT works is that, the client
connections from the intranet are mapped to separate ports on the NAT with
one single IP address by means of a mapping table, such that the reply packet
from the outside to the NAT could be reversely mapped to the respective
client connections. If there are more than one VPN clients being NATed to the
VPN gateway, and all client isakmp connections to port 500 are mapped to port
500 on the external interface of the NAT, then how the NAT could reversely
mapped the isakmp replies to the clients unambigously?
Sorry the one Caveat i forgot is that I can only have one VPN session at a
time, If you are likely to have multiple users using the vpn at one
time then it wont work. if you have multiple VPN users accessing the same
checkpoint then have a look at making a lan to lan tunnel, see:
http://www.freebsd.org/doc/en/articles/checkpoint/
its a little old and you need to do some config on the checkpoint, but its
a good starting point.
Vince
John Mok
Vince wrote:
I do this with the cisco VPN client (to PIX), I am firewalling with pf.
Client --- FreeBSD firewall+NAT using pf --- internet - PIX
The only problem I had was that isakmp needs to come from port 500 as well
as go to port 500 so I needed to add a rule To stop pf changing the source
port. My nat rules are: nat on $ext_if inet proto { tcp, udp } from
$int_net port = 500 \ to any -> ($ext_if:0) port 500
nat on $ext_if from $int_net to any -> $ext_addr1
Havent tried checkpoint though.
Vince
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of John Mok
Sent: 07 April 2005 17:15
To: freebsd-net@freebsd.org
Subject: FreeBSD Firewall + NAT Traversal + IPsec
Hi,
I'm new to FreeBSD. Is it possible make a FreeBSD box with firewall + NAT,
such that client PC(s) from the NATed internal network could connect to a
VPN gateway on the Internet :-
client PC - FreeBSD Firewall + NAT Internet IPsec VPN
gateway
192.168.x.x/16 (e.g.
Checkpoint FW-1)
(VPN client)
I hope someone could help to advise what software is required on the
FreeBSD box to NAT traversal work and where to get the HOWTO(s)?
Thanks a lot.
John Mok
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
