Current problem reports assigned to you
Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description o kern/92552 netA serious bug in most network drivers from 5.X to 6.X f kern/93220 net[inet6] nd6_lookup: failed to add route for a neighbor 2 problems total. Non-critical problems S Tracker Resp. Description s kern/19875 netA new protocol family, PF_IPOPTION, to handle IP optio o conf/23063 net[PATCH] for static ARP tables in rc.network o kern/54383 net[nfs] [patch] NFS root configurations without dynamic s kern/60293 netFreeBSD arp poison patch o kern/95267 netpacket drops periodically appear o kern/102035 net[plip] plip networking disables parallel port printing o conf/102502 net[patch] ifconfig name does't rename netgraph node in n o kern/102607 net[if_bridge] don't generate random L2 address 8 problems total. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: freebsd-net Digest, Vol 181, Issue 9
[EMAIL PROTECTED] wrote: Send freebsd-net mailing list submissions to
freebsd-net@freebsd.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freebsd.org/mailman/listinfo/freebsd-net
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of freebsd-net digest..."
Today's Topics:
1. Re: FreeBSD 6.1 + ath0 + NAT (Sam Leffler)
2. Re: iwi discarding oversized packets while mtu=1500 for
src/dst (Sam Leffler)
3. Re: NIC Problems ([EMAIL PROTECTED])
4. Re: Can someone take a look at PR 89061 (ipv6 autoconfigure
6to4) ([EMAIL PROTECTED])
5. Re: problems with ng_fec (Michael W. Lucas)
6. Re: ppp command port does not listens on ipv4 unless no INET6
in kernel (Hajimu UMEMOTO)
--
Message: 1
Date: Sat, 16 Sep 2006 09:06:11 -0700
From: Sam Leffler
Subject: Re: FreeBSD 6.1 + ath0 + NAT
To: Phil Chadwick
Cc: freebsd-net@freebsd.org
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1
Phil Chadwick wrote:
> Hi all,
>
> This is my first post, so please be gentle :-)
>
> I have a Linksys WAG54G V.2 ADSL modem (Firmware Version: 1.00.39)
> connection to the Internet, and a Netgear WG311T wireless Ethernet card
> running on FreeBSD 6.1 (PC#1).
>
> Recently I added a second FreeBSD 6.1 system (PC#2) which has no
> wireless card (well it does, but it's a TI chipset not supported in
> FreeBSD). So I connected it to PC#1 with a Gigabit copper wire
> connection. I also added firewall and NATing on PC#1 to provide PC#2
> with a route to the Internet.
>
> When I boot PC#1, the connection between ath0 and the ADSL modem will run
> as expected (routing to the Internet for itself and PC#2) for some time
> (roughly anywhere from 0 to 30 minutes), but always eventually hangs.
> It's then not possible to ping the ADSL modem.
Do you really mean you ping the modem or a host on the far side of the
modem?
>
> The hang happens regardless of whether the new (PC#2) system is booted
> or not.
Then ignore PC#2 and remove it from the system.
>
> The PC#1 ath0 wireless connection has been woking flawlessly (without
> the firewall and NAT changs) for nearly a year (originally under FreeBSD
> 6.0 with Sam Lefflers ath patches) and more recently on FreeBSD 6.1.
>
> Can anybody spot anything obviously wrong with the new setup, or know of
> any bug reports that might impact a NATing gateway on a wireless connection?
>
> I have also recently discovered the link goes up and down every 20 or 30
> minutes with what looks like a DHCP lease renewal. This extracted from
> /var/log/messages:
>
> Sep 13 19:42:21 kt400 kernel: ath0: link state changed to DOWN
> Sep 13 19:42:23 kt400 kernel: ath0: link state changed to UP
> Sep 13 19:42:23 kt400 dhclient: New IP Address (ath0): 192.168.1.64
> Sep 13 19:42:23 kt400 dhclient: New Subnet Mask (ath0): 255.255.255.0
> Sep 13 19:42:23 kt400 dhclient: New Broadcast Address (ath0): 192.168.1.255
> Sep 13 19:42:23 kt400 dhclient: New Routers (ath0): 192.168.1.1
> Sep 13 20:12:21 kt400 kernel: ath0: link state changed to DOWN
> Sep 13 20:12:23 kt400 kernel: ath0: link state changed to UP
> Sep 13 20:12:23 kt400 dhclient: New IP Address (ath0): 192.168.1.64
> Sep 13 20:12:23 kt400 dhclient: New Subnet Mask (ath0): 255.255.255.0
> Sep 13 20:12:23 kt400 dhclient: New Broadcast Address (ath0): 192.168.1.255
> Sep 13 20:12:23 kt400 dhclient: New Routers (ath0): 192.168.1.1
> Sep 13 21:32:21 kt400 kernel: ath0: link state changed to DOWN
> Sep 13 21:32:24 kt400 kernel: ath0: link state changed to UP
>
> Looks like a smoking gun? Is this likely to upset the firewall/NATing?
Unlikely.
>
> [I have not yet had a chance to correlate the hang with the lease renewal,
> but will test that tomorrow.]
>
> In the kernel config file I have added:
>
> options IPFIREWALL
> options IPDIVERT
>
> In /etc/rc.conf I have:
>
> # See also /etc/wpa_supplicant.conf
> ifconfig_ath0="WPA DHCP"
> # Private x-over to printer
> ifconfig_rl0="inet kt400pr netmask 255.255.255.0 broadcast 10.0.0.255"
> # Private x-over to Dell 350 (PC#2)
> ifconfig_sk0="inet gbkt400 netmask 255.255.255.0 broadcast 192.168.2.255"
> # These added for firewall/NATing
> gateway_enable="YES"
> firewall_enable="YES"
> firewall_type="OPEN"
> natd_enable="YES"
> natd_interface="ath0"
> natd_flags=""
>
> [kt400.145] cat /etc/wpa_supplicant.conf
> network={
> ssid="linksys"
> key_mgmt=NONE
> wep_key0=xx
> wep_tx_keyidx=0
> }
>
> [kt400.146] ifconfig -a
> sk0: flags=8843 mtu 1500
> options=8
> inet6 fe80::215:e9ff:feb0:e5b0%sk0 prefixlen 64 scopeid 0x1
> inet 192.168.2.1 netmask 0xff00 broadcast 192.168.2.255
> ether 00:15:e9:b0:e5:b0
> media: Ethernet autoselect (none)
> status: no carrier
>
>
Re: Marvell YukonII Status Update?
Hello! On Thu, 29 Jun 2006, Nikolas Britton wrote: Last I checked somebody was developing an experimental driver and Marvell had just released the code to their FreeBSD 5.x/6.x driver: mykbsd60x86-8.12.2.3.tar (bindary kmod package) mykbsd60x86-8.12.1.3-src.tgz (source code) I can confirm that this (mykbsd60x86-8.12.1.3-src.tgz) package compiles and attaches OK to both of built-in LAN controllers on the ASUS P5W DH motherboard under mid-August RELENG_6: myk0: port 0xa800-0xa8ff mem 0xff7fc000-0xff7f irq 16 at device 0.0 on pci3 myk0: Ethernet address: 00:17:31:ee:d1:aa myk1: port 0xb800-0xb8ff mem 0xff8fc000-0xff8f irq 19 at device 0.0 on pci4 myk1: Ethernet address: 00:17:31:ee:d8:7f Data transfers (at least in media auto-detect mode) also work OK both in 10/FULL and 100/FULL mode (haven't tried 1000 yet). Has checksum offloading or the performance problems been fixed? Has Marvell updated their driver? Is someone going to commit Marvell's driver to -CURRENT? And what's happening with the experimental driver? So I've got 2 questions: 1. Has situation with this driver improved somehow (is somebody going to support it and commit into the CURRENT)? 2. What kinds of performance problems / stability issues should I expect with the driver in it's current state under 6-STABLE? Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: [EMAIL PROTECTED] nic-hdl: LYNX-RIPE ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Marvell YukonII Status Update?
On Mon, Sep 18, 2006 at 03:25:25PM +0300, Dmitry Pryanishnikov wrote: > > Hello! > > On Thu, 29 Jun 2006, Nikolas Britton wrote: > >Last I checked somebody was developing an experimental driver and > >Marvell had just released the code to their FreeBSD 5.x/6.x driver: > >mykbsd60x86-8.12.2.3.tar (bindary kmod package) > >mykbsd60x86-8.12.1.3-src.tgz (source code) > > I can confirm that this (mykbsd60x86-8.12.1.3-src.tgz) package compiles and > attaches OK to both of built-in LAN controllers on the ASUS P5W DH > motherboard > under mid-August RELENG_6: > > myk0: port > 0xa800-0xa8ff mem 0xff7fc000-0xff7f irq 16 at device 0.0 on pci3 > myk0: Ethernet address: 00:17:31:ee:d1:aa > myk1: port > 0xb800-0xb8ff mem 0xff8fc000-0xff8f irq 19 at device 0.0 on pci4 > myk1: Ethernet address: 00:17:31:ee:d8:7f > > Data transfers (at least in media auto-detect mode) also work OK both in > 10/FULL and 100/FULL mode (haven't tried 1000 yet). > > >Has checksum offloading or the performance problems been fixed? Has > >Marvell updated their driver? Is someone going to commit Marvell's > >driver to -CURRENT? And what's happening with the experimental driver? > > So I've got 2 questions: > > 1. Has situation with this driver improved somehow (is somebody going to >support it and commit into the CURRENT)? > I'm working on it. Unlike OpenBSD/NetBSD msk(4) my code is based on sk(4) and myk(4) from Marvell. I've managed to send packets with new driver but it needs more testing and codes to support hardware features(VLAN tagging, TSO support, RX checksum offload etc). I can't sure TSO support could be done due to lack of documentation. > 2. What kinds of performance problems / stability issues should I expect >with the driver in it's current state under 6-STABLE? > You can see lots of witness warnings. Unloading the driver module or using Jumboframe may panic your system. -- Regards, Pyun YongHyeon ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: DNS query performance
Hello Mike, > Although it sounds silly, could you try recompiling 6.1 and 7.0 with a > non-SMP kernel and see how they perform? That would at least tell us if > it's a general performance problem in 6.x and 7.x, or if SMP is somehow > hurting performance in this case. I have this numbers spread over my e-mails. Just putting they together: OS q/s --- --- FreeBSD 6.1 SMP 14953 FreeBSD 6.1 UP 15516 FreeBSD 7.x SMP 15323 FreeBSD 7.x UP 16200 FreeBSD 4.11 SMP34977 FreeBSD 4.11 UP 33926 I think is a general problem in 6.x and 7.x. UP kernel is always a little bit better, but I can't see big changes tweaking from SMP to UP. On the other hand, with the same hardware, 4.11 is twice better in performance. -- Att., Marcelo Gardini ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FAST_IPSEC NAT-T support
On Sun, Sep 17, 2006 at 11:58:17AM -0400, Scott Ullrich wrote: > On 9/17/06, VANHULLEBUS Yvan <[EMAIL PROTECTED]> wrote: > >Make sure your ipsec-tools port have been recompiled after your system > >has been patched / compiled / upgraded, and use > >/usr/local/sbin/setkey. > > > >FreeBSD's setkey does not (yet ?) support NAT-T extensions at all. > > I tried both /sbin/setkey and /usr/locals/bin/setkey and both result > in the same Invalid extension type errors. Strange [] > # /usr/local/sbin/setkey -D > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > Invalid extension type > > Can you think of anything else to try? I re-compiled ipsec-tools on > the same host before sending this. That really looks like ipsec-tools have been compiled without NAT-T support. By default in FreeBSd's port, NAT-T support is enabled if support is detected on the system (checks for some structs in include/net/pfkeyv2.h). Can you compile again ipsec-tools port, but not clean it, and check in config.h if you have NAT-T support enabled. Yvan. -- NETASQ http://www.netasq.com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FAST_IPSEC NAT-T support
On Mon, 18 Sep 2006, VANHULLEBUS Yvan wrote: By default in FreeBSd's port, NAT-T support is enabled if support is detected on the system (checks for some structs in include/net/pfkeyv2.h). Can you compile again ipsec-tools port, but not clean it, and check in config.h if you have NAT-T support enabled. What I had found in the past is that the port (more exactly ipsec-tools) does not complain if configure is run with --enable-natt but the correct header files are no there. It silently continues and just disables natt support. That beahvior would be fine for "autodetect" but not for a command line option that says "I want natt support and you give me". -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FAST_IPSEC NAT-T support
On Mon, Sep 18, 2006 at 03:04:04PM +, Bjoern A. Zeeb wrote: > On Mon, 18 Sep 2006, VANHULLEBUS Yvan wrote: > > >By default in FreeBSd's port, NAT-T support is enabled if support is > >detected on the system (checks for some structs in > >include/net/pfkeyv2.h). > > > >Can you compile again ipsec-tools port, but not clean it, and check in > >config.h if you have NAT-T support enabled. > > What I had found in the past is that the port (more exactly > ipsec-tools) does not complain if configure is run with > --enable-natt but the correct header files are no there. It silently > continues and just disables natt support. > That beahvior would be fine for "autodetect" but not for a command > line option that says "I want natt support and you give me". By default, I have set the value of port's configuration to "kernel", which is exactly "use it if supported". I just checked ./configure --enable-natt=yes (which forces NAT-T support) on a FreeBSD 6.1 without NAT-T patchset, and I got that: checking kernel NAT-Traversal support... checking for struct sadb_x_nat_t_type.sadb_x_nat_t_type_len... no no checking whether to support NAT-T... yes configure: error: NAT-T requested, but no kernel support! Aborting. If I start again with just --enable-natt, I get the same. if I use --enable-natt=kernel, I'll have: checking kernel NAT-Traversal support... checking for struct sadb_x_nat_t_type.sadb_x_nat_t_type_len... no no checking whether to support NAT-T... no checking which NAT-T versions to support... none [etc] If you are able to reproduce that problem, please send me at least the output of configure, and, if possible, the corresponding part of config.log ! Yvan. -- NETASQ http://www.netasq.com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FAST_IPSEC NAT-T support
On 9/18/06, VANHULLEBUS Yvan <[EMAIL PROTECTED]> wrote: By default, I have set the value of port's configuration to "kernel", which is exactly "use it if supported". I just checked ./configure --enable-natt=yes (which forces NAT-T support) on a FreeBSD 6.1 without NAT-T patchset, and I got that: checking kernel NAT-Traversal support... checking for struct sadb_x_nat_t_type.sadb_x_nat_t_type_len... no no checking whether to support NAT-T... yes configure: error: NAT-T requested, but no kernel support! Aborting. If I start again with just --enable-natt, I get the same. if I use --enable-natt=kernel, I'll have: checking kernel NAT-Traversal support... checking for struct sadb_x_nat_t_type.sadb_x_nat_t_type_len... no no checking whether to support NAT-T... no checking which NAT-T versions to support... none [etc] If you are able to reproduce that problem, please send me at least the output of configure, and, if possible, the corresponding part of config.log ! Hello, here is what I attempted: 1. Reinstalled kernel with NAT-T support 2. cd /usr/ports/security/ipsec-tools && make rmconfig && make install * Selected NAT-T support The portions of configure that mentions NAT-T: builder# make | grep NAT-T ===> ATTENTION: You need a kernel patch to enable NAT-Traversal functionality! checking kernel NAT-Traversal support... checking for struct sadb_x_nat_t_type.sadb_x_nat_t_type_len... no checking whether to support NAT-T... no checking which NAT-T versions to support... none And finally the config.log file (rather long so I posted to my home directory): http://www.pfsense.com/~sullrich/logs/ipsec-tools/config.log Thanks for all your help! Scott ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
FreeBSD kernel: smb_maperror: Unmapped error 1:158
Hello all,I'm writing you because I found that at some point in the past, you had trouble with FreeBSD and the smb_maperror: Unmapped error 1:158 message. For the folks who wrote about it, has anyone here resolved this issue? I have also copied the freebsd mailing list on the issue. The background seems to be that there are over 640 messages on Google about smb_maperror: Unmapped error 1:158 (many of them duplicates), with no answer. There's a general agreement from looking at the sourcecode that Windows is handing samba some sort of error it can't understand. So far I've tried: -check all permissions on windows box against info used for logon; check smb and nsmb.conf -set up more verbose event logging on windows box, check event log for permission related problems. Other notes: -only seems to happen under streaming or heavy loading. Hardware: -250GB IDE (PATA) drive shared via Windows -Linksys WRT64G router operating via wired mode (100Mb/s.) I might try in the future: -reinstall windows-run perfmon to check for performance-related problems like dropping net packets, or disk thrashing due to page fault.-sniff network to see what's going on ScottPS Some of the guys using Openoffice mentioned this might be related to .net Framework(?) _ Check the weather nationwide with MSN Search: Try it now! http://search.msn.com/results.aspx?q=weather&FORM=WLMTAG___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FAST_IPSEC NAT-T support
On Mon, 18 Sep 2006, Scott Ullrich wrote: 1. Reinstalled kernel with NAT-T support you need to re-install the includes/header files too (which is part of installworld). -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FAST_IPSEC NAT-T support
On Mon, 18 Sep 2006, VANHULLEBUS Yvan wrote: On Mon, Sep 18, 2006 at 03:04:04PM +, Bjoern A. Zeeb wrote: On Mon, 18 Sep 2006, VANHULLEBUS Yvan wrote: By default in FreeBSd's port, NAT-T support is enabled if support is detected on the system (checks for some structs in include/net/pfkeyv2.h). Can you compile again ipsec-tools port, but not clean it, and check in config.h if you have NAT-T support enabled. What I had found in the past is that the port (more exactly ipsec-tools) does not complain if configure is run with --enable-natt but the correct header files are no there. It silently continues and just disables natt support. That beahvior would be fine for "autodetect" but not for a command line option that says "I want natt support and you give me". By default, I have set the value of port's configuration to "kernel", which is exactly "use it if supported". could you change that in the port to "yes" then. If NATT is enabled the build must fail else the choice in make config does not make any sense - does it? -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FAST_IPSEC NAT-T support
On 9/18/06, Bjoern A. Zeeb <[EMAIL PROTECTED]> wrote: On Mon, 18 Sep 2006, Scott Ullrich wrote: > 1. Reinstalled kernel with NAT-T support you need to re-install the includes/header files too (which is part of installworld). Okay, now that makes more sense. For the record, I am using FreeSBIE to build these images so this explains why this is not working now. Thanks for the hint, I'll give it a try. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FAST_IPSEC NAT-T support
In article <[EMAIL PROTECTED]> you wrote: > On Mon, 18 Sep 2006, Scott Ullrich wrote: > >> 1. Reinstalled kernel with NAT-T support > > you need to re-install the includes/header files too (which is part of > installworld). >From my testing on a new 6.x box I just set up, I was wondering if this was the step that was being left out. Glad to hear it was something easy. Larry -- Larry Baird| http://www.gta.com Global Technology Associates, Inc. | Orlando, FL Email: [EMAIL PROTECTED] | TEL 407-380-0220, FAX 407-380-6080 ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FAST_IPSEC NAT-T support
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
first of all, a big thanks to Yvan and Larry, and all others, for their
work. IPSEC_NAT_T is working fine for me with either IPSEC or FAST_IPSEC
with RELENG_6 as server and FAST_IPSEC with CURRENT (small modifications
after patching where necessary) as client.
Regarding the /sbin/setkey against ${LOCALBASE}/sbin/setkey (ipsec-tools
version) discussion, i found a minor difference in the output between
those two when using aes/rijndael encryption and executing "setkey -D".
The FreeBSD base version of setkey outputs something like this:
E: rijndael-cbc ...
and the ipsec-tools version of setkey outputs this:
E: 12 ...
The difference comes out of libipsec/pfkey_dump.c .
In the FreeBSD base version of this file we have this:
#ifdef SADB_X_EALG_RIJNDAELCBC
{ SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", },
#endif
and in the ipsec-tools version this:
#ifdef SADB_X_EALG_AESCBC
{ SADB_X_EALG_AESCBC, "aes-cbc", },
#endif
Unfortunately, we have no definition for SADB_X_EALG_AESCBC in FreeBSD's
pfkeyv2.h file. The definition for encryption algorithm number 12 in
pfkeyv2.h is the following:
#define SADB_X_EALG_RIJNDAELCBC 12
#define SADB_X_EALG_AES 12
I'm not sure which one is right in this case, but as a quick fix i've
attached two small patches for the ipsec-tools port.
Simply copy both files to ${PORTSDIR}/security/ipsec-tools/files and
rebuild/reinstall the port.
Any comments on this?
Kind regards
Joerg
- --
The beginning is the most important part of the work.
-Plato
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (FreeBSD)
iD8DBQFFDvbwSPOsGF+KA+MRAuofAKCoYZnYVBFOTsV4WtEZKhcl2tKp6gCfYLrw
/vYWOKnjgBUe0zMppDNFarQ=
=OH/c
-END PGP SIGNATURE src/libipsec/pfkey_dump.c.orig Mon Sep 18 20:56:02 2006
+++ src/libipsec/pfkey_dump.c Mon Sep 18 20:58:13 2006
@@ -190,6 +190,9 @@
#ifdef SADB_X_EALG_AESCBC
{ SADB_X_EALG_AESCBC, "aes-cbc", },
#endif
+#ifdef SADB_X_EALG_RIJNDAELCBC
+ { SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", },
+#endif
#ifdef SADB_X_EALG_TWOFISHCBC
{ SADB_X_EALG_TWOFISHCBC, "twofish-cbc", },
#endif
--- src/setkey/token.l.orig Mon Sep 18 21:30:18 2006
+++ src/setkey/token.l Mon Sep 18 21:31:05 2006
@@ -208,8 +208,8 @@
#endif
}
rijndael-cbc {
-#ifdef SADB_X_EALG_AESCBC
- yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC);
+#ifdef SADB_X_EALG_RIJNDAELCBC
+ yylval.num = SADB_X_EALG_RIJNDAELCBC; BEGIN INITIAL; return(ALG_ENC);
#endif
}
aes-ctr { yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL;
return(ALG_ENC); }
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FAST_IPSEC NAT-T support
On Mon, Sep 18, 2006 at 09:43:41PM +0200, Joerg Pulz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> Hi,
>
> first of all, a big thanks to Yvan and Larry, and all others, for their
> work. IPSEC_NAT_T is working fine for me with either IPSEC or FAST_IPSEC
> with RELENG_6 as server and FAST_IPSEC with CURRENT (small modifications
> after patching where necessary) as client.
>
>
> Regarding the /sbin/setkey against ${LOCALBASE}/sbin/setkey (ipsec-tools
> version) discussion, i found a minor difference in the output between
> those two when using aes/rijndael encryption and executing "setkey -D".
> The FreeBSD base version of setkey outputs something like this:
> E: rijndael-cbc ...
> and the ipsec-tools version of setkey outputs this:
> E: 12 ...
>
> The difference comes out of libipsec/pfkey_dump.c .
> In the FreeBSD base version of this file we have this:
> #ifdef SADB_X_EALG_RIJNDAELCBC
> { SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", },
> #endif
>
> and in the ipsec-tools version this:
> #ifdef SADB_X_EALG_AESCBC
> { SADB_X_EALG_AESCBC, "aes-cbc", },
> #endif
>
> Unfortunately, we have no definition for SADB_X_EALG_AESCBC in FreeBSD's
> pfkeyv2.h file. The definition for encryption algorithm number 12 in
> pfkeyv2.h is the following:
> #define SADB_X_EALG_RIJNDAELCBC 12
> #define SADB_X_EALG_AES 12
I have attached a slight different and in mind cleaner patch for this
problem. I initially thought the problem was with FreeBSD's pfkeyv2.h.
To be consistent it would seem that:
#define SADB_X_EALG_AES 12
should be
#define SADB_X_EALG_AESCBC 12
Looking at NetBSD, they have the same definition as FreeBSD. It would
seem that this problem exists for both FreebSD and NetBSD. For what its
worth, Linux uses SADB_X_EALG_AESCBC.
--
Larry Baird| http://www.gta.com
Global Technology Associates, Inc. | Orlando, FL
Email: [EMAIL PROTECTED] | TEL 407-380-0220, FAX 407-380-6080
--- src/libipsec/pfkey_dump.c.orig Mon Sep 18 16:20:41 2006
+++ src/libipsec/pfkey_dump.c Mon Sep 18 16:22:17 2006
@@ -78,6 +78,9 @@
#define SADB_X_EALG_RC5CBC SADB_EALG_RC5CBC
#endif
#endif
+#if defined(SADB_X_EALG_AES) && ! defined(SADB_X_EALG_AESCBC)
+#define SADB_X_EALG_AESCBC SADB_X_EALG_AES
+#endif
#define GETMSGSTR(str, num) \
do { \
--- src/setkey/token.l.orig Mon Sep 18 16:20:55 2006
+++ src/setkey/token.l Mon Sep 18 16:22:33 2006
@@ -84,6 +84,9 @@
#ifndef SADB_X_EALG_AESCTR
#define SADB_X_EALG_AESCTR (-1)
#endif
+#if defined(SADB_X_EALG_AES) && ! defined(SADB_X_EALG_AESCBC)
+#define SADB_X_EALG_AESCBC SADB_X_EALG_AES
+#endif
%}
/* common section */
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FAST_IPSEC NAT-T support
On 18 Sep 2006 18:00:53 -, Larry Baird <[EMAIL PROTECTED]> wrote: >From my testing on a new 6.x box I just set up, I was wondering if this was the step that was being left out. Glad to hear it was something easy. Thanks for all of the help, I am now up and running after the installworld. I should have known better to begin with but regardless, thanks for putting up with all my questions :) Scott ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ppp command port does not listens on ipv4 unless no INET6 in kernel
> Tested. It Works. Thanks ! > I tested the patch on PPP running under both kernels IPV4+6 & V4only > just to be sure, it works on both, & allows me to type dial & down > (all I tried or wanted.) I'd been wondering why I was the first person to notice the problem. Then I noticed my kernel (unlike GENERIC) did not have device faith (which I had removed thinking I didnt need V6). Not sure if significant, but thought I should mention it. Julian -- Julian Stacey. BSD Unix C Net Consultancy, Munich/Muenchen http://berklix.com Don't buy it ! Get it free ! http://berklix.org/free-software Mail Ascii, not HTML. Ihr Rauch = mein allergischer Kopfschmerz. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ppp command port does not listens on ipv4 unless no INET6 in kernel
Hi, > On Mon, 18 Sep 2006 23:46:09 +0200 (CEST) > "Julian Stacey" <[EMAIL PROTECTED]> said: jhs> I'd been wondering why I was the first person to notice the problem. I'm not sure why there was no report about it, but I had never been using inet socket. I don't want to open inet socket for controlling ppp(8) for security reason, and I used to to use just unix domain socket to control ppp(8). jhs> Then I noticed my kernel (unlike GENERIC) did not have jhs>device faith jhs> (which I had removed thinking I didnt need V6). jhs> Not sure if significant, but thought I should mention it. It is for an IPv6-to-IPv4 TCP relay. I think that most of the people are not using it, actually. So, it shouldn't be a problem. Sincerely, -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan [EMAIL PROTECTED] [EMAIL PROTECTED],jp.}FreeBSD.org http://www.imasy.org/~ume/ ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ppp command port does not listens on ipv4 unless no INET6 in kernel
On Mon, Sep 18, 2006 at 11:46:09PM +0200 I heard the voice of Julian Stacey, and lo! it spake thus: > > I'd been wondering why I was the first person to notice the problem. Actually, I noticed it a while back (6 months or so? Something like that...) when I tried to run pppctl from my workstation instead of the router. I looked at sockstat, said "Huh, that's kinda annoying", and just always used pppctl from the router. -- Matthew Fuller (MF4839) | [EMAIL PROTECTED] Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ On the Internet, nobody can hear you scream. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
How to access the values of the kenv variables in driver code?
Hi all, I would like to have some of the configuration parameters of my driver to be present as part of the /boot/device.hints file. After adding a variable I could see that variable and it's value as part of kevn's ouput. Can any one please let me know how to access the value of these variables in my drive code? Thanks, ~Siva The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
