Re: Sub-interfaces
On Fri, Apr 14, 2006 at 10:53:23AM -0400, Eric W. Bates wrote:
> Jon Otterholm wrote:
> > Eric W. Bates wrote:
> >> Andrew Thompson wrote:
> >>> On Wed, Apr 12, 2006 at 02:38:47PM +0200, Jon Otterholm wrote:
> >> We did run into a problem when we had too many (more than 15)
> >> addresses/interfaces on a system. isc-dhcpd has some table sizes
> >> hard-coded for some data structures. This was solved by patching
> >> common/discover.c (thanks to help from this list).
> >>
> # ***
> # *** 135,144
> # {
> # struct interface_info *tmp, *ip;
> # struct interface_info *last, *next;
> # ! /* In order to support more than 15 interfaces we need to
> # ! increase the size of the buffer. */
> # ! /* char buf [2048]; */
> # ! char buf [32768];
> # struct ifconf ic;
> # struct ifreq ifr;
> # int i;
> # --- 135,141
> # {
> # struct interface_info *tmp, *ip;
> # struct interface_info *last, *next;
> # ! char buf [2048];
> # struct ifconf ic;
> # struct ifreq ifr;
> # int i;
>
> I originally got this patch from a kind soul on this list (sadly I
> didn't keep the name). I do not fully appreciate the consequences of
> patching ISC's code; but our copy has run flawlessly. We currently have
> 151 IP's on the one machine.
I dont see why this needs to be done, the isc-dhcp ports were updated to
use getifaddrs() two years ago.
http://www.freebsd.org/cgi/query-pr.cgi?pr=61011
Andrew
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to use if_bridge
"Daniel O'Connor" <[EMAIL PROTECTED]> wrote: > On Friday 14 April 2006 21:37, Fabian Keil wrote: > > Depending on your firewall setup you might have to disable > > some of the net.link.bridge sysctls as well. > > I don't have any firewalls in the kernel for simplicity at this stage. If I'm not mistaken you have to disable net.link.bridge.pfil_onlyip then. From the if_bridge man page: |net.link.bridge.pfil_onlyip Set to 1 to only allow IP packets to | pass when packet filtering is enabled (subject to | firewall rules), set to 0 to unconditionally | pass all non-IP Ethernet frames. It's enabled by default. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: How to use if_bridge
On Sat, Apr 15, 2006 at 11:53:52AM +0200, Fabian Keil wrote: > "Daniel O'Connor" <[EMAIL PROTECTED]> wrote: > > > On Friday 14 April 2006 21:37, Fabian Keil wrote: > > > > Depending on your firewall setup you might have to disable > > > some of the net.link.bridge sysctls as well. > > > > I don't have any firewalls in the kernel for simplicity at this stage. > > If I'm not mistaken you have to disable net.link.bridge.pfil_onlyip > then. From the if_bridge man page: > > |net.link.bridge.pfil_onlyip Set to 1 to only allow IP packets to > | pass when packet filtering is enabled (subject > to > | firewall rules), set to 0 to unconditionally > | pass all non-IP Ethernet frames. > > It's enabled by default. It may not be entirely clear from the description but that sysctl only has affect when packet filtering is enabled, both for the on and off values. At present there are only pfil(9) hooks for IP and IPv6 filters, the knob contols what happens when filtering is enabled and the packet is not IP so wont be inspected, is it passed or dropped. I'll try and clarify the man page. cheers, Andrew ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to use if_bridge
Andrew Thompson <[EMAIL PROTECTED]> wrote: > On Sat, Apr 15, 2006 at 11:53:52AM +0200, Fabian Keil wrote: > > "Daniel O'Connor" <[EMAIL PROTECTED]> wrote: > > > > > On Friday 14 April 2006 21:37, Fabian Keil wrote: > > > > > > Depending on your firewall setup you might have to disable > > > > some of the net.link.bridge sysctls as well. > > > > > > I don't have any firewalls in the kernel for simplicity at this stage. > > > > If I'm not mistaken you have to disable net.link.bridge.pfil_onlyip > > then. From the if_bridge man page: > > > > |net.link.bridge.pfil_onlyip Set to 1 to only allow IP packets to > > | pass when packet filtering is enabled > > (subject to > > | firewall rules), set to 0 to unconditionally > > | pass all non-IP Ethernet frames. > > > > It's enabled by default. > > It may not be entirely clear from the description but that sysctl only > has affect when packet filtering is enabled, both for the on and off > values. > > At present there are only pfil(9) hooks for IP and IPv6 filters, the > knob contols what happens when filtering is enabled and the packet is > not IP so wont be inspected, is it passed or dropped. > > I'll try and clarify the man page. Thanks. I always interpreted the sentence as "Set to 1 to allow IP packets to pass only if packet filtering is enabled". I thought it should prevent the user from creating an unfiltered bridge by accident. Another thing regarding the man page: The example section has the following sentence "Such a con- figuration could be used to implement a simple 802.11-to-Ethernet bridge (assuming the 802.11 interface is in ad-hoc mode)." I don't get the meaning of the ad-hoc mode part. In my tests if_bridge worked in hostap mode as well, but failed in infrastructure mode. Could you clarify if (or why not) bridging in infrastructure mode should work? Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
