Re: syncache_timer: Response timeout and other msgs, whats up?
Oskar Eyb wrote:
Andre Oppermann schrieb am 03.02.2008 10:26:
85.214.42.62 is the other MTA, 172.16.0.2 is my jail.
I use PF with rdr/nat on FreeBSD 7 RC4.
We have not released 7RC4 yet. You probably run BETA4. An upgrade to
7RC1 or 7RC2 in the next few days fixes all known TCP bugs.
Yeah of course, I mean BETA4. uname says: 7.0-PRERELEASE
Which tag is the best?
currently I use release=cvs tag=RELENG_7. Will I get with this 7RC..?
Yes. Please cvsup and recompile your kernel.
Other than that it looks like your PF rule set may be not entirely
correct. Please post your pf.conf.
expect the filter-rules this is the top of my pf.conf
set timeout { interval 30, frag 10 }
set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
set timeout { icmp.first 20, icmp.error 10 }
set timeout { other.first 60, other.single 30, other.multiple 60 }
# Normalisierung
#scrub in all
set optimization normal
set block-policy return
This information is insufficient to see what happens in PF. I need to
see the actual firewall, nat and rdr rules. You can send them to me by
private mail (entire pf.conf).
--
Andre
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Current problem reports assigned to freebsd-net@FreeBSD.org
Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description a kern/38554 netchanging interface ipaddress doesn't seem to work s kern/39937 netipstealth issue f kern/62374 netpanic: free: multiple frees s kern/81147 net[net] [patch] em0 reinitialization while adding aliase o kern/92552 netA serious bug in most network drivers from 5.X to 6.X s kern/95665 net[if_tun] "ping: sendto: No buffer space available" wit s kern/105943 netNetwork stack may modify read-only mbuf chain copies o kern/106316 net[dummynet] dummynet with multipass ipfw drops packets o kern/108542 net[bce]: Huge network latencies with 6.2-RELEASE / STABL o kern/112528 net[nfs] NFS over TCP under load hangs with "impossible p o kern/112686 net[patm] patm driver freezes System (FreeBSD 6.2-p4) i38 o kern/112722 net[udp] IP v4 udp fragmented packet reject o kern/113457 net[ipv6] deadlock occurs if a tunnel goes down while the o kern/113842 net[ipv6] PF_INET6 proto domain state can't be cleared wi o kern/114714 net[gre][patch] gre(4) is not MPSAFE and does not support o kern/114839 net[fxp] fxp looses ability to speak with traffic o kern/115239 net[ipnat] panic with 'kmem_map too small' using ipnat o kern/116077 net[ip] [patch] 6.2-STABLE panic during use of multi-cast o kern/116172 net[tun] [panic] Network / ipv6 recursive mutex panic o kern/116185 net[iwi] if_iwi driver leads system to reboot o kern/116328 net[bge]: Solid hang with bge interface o kern/116747 net[ndis] FreeBSD 7.0-CURRENT crash with Dell TrueMobile o kern/116837 net[tun] [panic] [patch] ifconfig tunX destroy: panic o kern/117043 net[em] Intel PWLA8492MT Dual-Port Network adapter EEPROM o kern/117271 net[tap] OpenVPN TAP uses 99% CPU on releng_6 when if_tap o kern/117423 net[vlan] Duplicate IP on different interfaces o kern/117448 net[carp] 6.2 kernel crash (regression) o kern/118880 net[ipv6] IP_RECVDSTADDR & IP_SENDSRCADDR not implemented o kern/119225 net[wi] 7.0-RC1 no carrier with Prism 2.5 wifi card (regr o kern/119345 net[ath] Unsuported Atheros 5424/2424 and CPU speedstep n o kern/119361 net[bge] bge(4) transmit performance problem o kern/119548 net[pf] [ath] [patch] PF Altq with ath hostap problem o kern/120130 net[carp] [panic] carp causes kernel panics in any conste 33 problems total. Non-critical problems S Tracker Resp. Description o conf/23063 net[PATCH] for static ARP tables in rc.network s bin/41647netifconfig(8) doesn't accept lladdr along with inet addr o kern/54383 net[nfs] [patch] NFS root configurations without dynamic s kern/60293 netFreeBSD arp poison patch o kern/95267 netpacket drops periodically appear f kern/95277 net[netinet] [patch] IP Encapsulation mask_match() return o kern/100519 net[netisr] suggestion to fix suboptimal network polling o kern/102035 net[plip] plip networking disables parallel port printing o conf/102502 net[patch] ifconfig name does't rename netgraph node in n o conf/107035 net[patch] bridge interface given in rc.conf not taking a o kern/109470 net[wi] Orinoco Classic Gold PC Card Can't Channel Hop o kern/114915 net[patch] [pcn] pcn (sys/pci/if_pcn.c) ethernet driver f o bin/116643 net[patch] [request] fstat(1): add INET/INET6 socket deta o bin/117339 net[patch] route(8): loading routing management commands f kern/118722 net[tcp] Many old TCP connections in SYN_RCVD state o kern/118727 net[ng] [patch] [request] add new ng_pf module a kern/118879 net[bge] [patch] bge has checksum problems on the 5703 ch o kern/118975 net[bge] [patch] Broadcom 5906 not handled by FreeBSD o bin/118987 netifconfig(8): ifconfig -l (address_family) does not wor o kern/119432 net[arp] route add -host -iface causes arp e o kern/119617 net[nfs] nfs error on wpa network when reseting/shutdown o kern/119791 net[nfs] UDP NFS mount of aliased IP addresses from a Sol 22 problems total. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
FreeBSD network stack Vs others
I 'd like to learn what are the basic differences ( pros and cons ) between the FreeBSD network stack and the other OSs' ( especially linux ) I know that linux has had everything rewritten from scratch as far as the implementation of tcp-ip and the sockets are concerned and would like to know if this has made it actually more robust or state-of-the-art than FreeBSD's or the opposite. Some actual technical details and references would be appreciated. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
dummynet.expire q'n
# ipfw pipe show | wc -l sorry this should be: ipfw pipe show | awk '$2 == "ip"' | wc -l ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: syncache_timer: Response timeout and other msgs, whats up?
Andre Oppermann wrote: Oskar Eyb wrote: Andre Oppermann schrieb am 03.02.2008 10:26: 85.214.42.62 is the other MTA, 172.16.0.2 is my jail. I use PF with rdr/nat on FreeBSD 7 RC4. We have not released 7RC4 yet. You probably run BETA4. An upgrade to 7RC1 or 7RC2 in the next few days fixes all known TCP bugs. Yeah of course, I mean BETA4. uname says: 7.0-PRERELEASE Which tag is the best? currently I use release=cvs tag=RELENG_7. Will I get with this 7RC..? Yes. Please cvsup and recompile your kernel. Really, if he wants to get -RC1, he should cvsup tag=RELENG_7_0. RELENG_7 still identified as -PRERELEASE. -- Dixi. Sem. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD network stack Vs others
* ithilgore -- <[EMAIL PROTECTED]> [080204 06:59] wrote: > I 'd like to learn what are the basic differences ( pros and cons ) between > the > FreeBSD network stack and the other OSs' ( especially linux ) > > I know that linux has had everything rewritten from scratch as far as the > implementation of tcp-ip and the sockets are concerned and would like to > know if this has made it actually more robust or state-of-the-art than > FreeBSD's or the opposite. > > Some actual technical details and references would be appreciated. Linux's stack hasn't been rewritten from the BSD one, it was written from scratch. Linux's tcp/ip stack has been rewritten many times over the years with the promise of large performance gains. The fact of the matter is that the performance on the "bleeding edge" of both systems, FreeBSD and Linux, is about the same. >From a BSD proponent's perspective, I would take the pragmatic viewpoint that everytime Linux reinvents its stack to get performance or some other feature FreeBSD isn't far behind with a relatively minor change to its stack to accomplish the same feat. -Alfred ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: modifying permissions in /dev
lysergius2001 wrote: Hi Recently installed AMD64 6.3-stable and I am having a problem with devfs.conf and /dev. I understand the entries in devfs.conf should modify the permissions on devices in /dev. For some reason or other this is not happening. Can anyone shed some light on this? What am I doing wrong? Try using devfs.rules -- devfs.conf entries will not be applied after boot, unless you force them to be reapplied by running /etc/rc.d/devfs start from a superuser shell. BMS ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD network stack Vs others
ithilgore wrote: Alfred Perlstein wrote: * ithilgore -- <[EMAIL PROTECTED]> [080204 06:59] wrote: I 'd like to learn what are the basic differences ( pros and cons ) between the FreeBSD network stack and the other OSs' ( especially linux ) I know that linux has had everything rewritten from scratch as far as the implementation of tcp-ip and the sockets are concerned and would like to know if this has made it actually more robust or state-of-the-art than FreeBSD's or the opposite. Some actual technical details and references would be appreciated. Linux's stack hasn't been rewritten from the BSD one, it was written from scratch. Linux's tcp/ip stack has been rewritten many times over the years with the promise of large performance gains. The fact of the matter is that the performance on the "bleeding edge" of both systems, FreeBSD and Linux, is about the same. From a BSD proponent's perspective, I would take the pragmatic viewpoint that everytime Linux reinvents its stack to get performance or some other feature FreeBSD isn't far behind with a relatively minor change to its stack to accomplish the same feat. -Alfred This means less work for the same gain, if it is as you say. FreeBSD's TCP/IP stack is a descendant of the original reference TCP/IP implementation from the University of California at Berkeley. The Internet was pretty much invented and developed on the BSD operating system source code. The reference standard book named "TCP/IP Illustrated Vol. 2" describes the BSD (and FreeBSD's) TCP/IP stack in great detail. This book is used to teach TCP/IP implementations to almost all Computer Science students all over the world. Of course FreeBSD has further refined the implementation and added support for RFCs features that came after the original code base. As far as special cases are concerned, has FreeBSD taken extra care for them ? Yes. We have SYN flood attack protection (called syncache) and many more advanced features. Like for example error checking on more things or additional care for a special bad condition not to happen. What about the security hardening ? Would the FreeBSD network stack succumb less easily to attacks (supposing one doesn't use any additional protection mechanism ) ? No, the stack is *very* robust. You can't crash it. Though you have to differentiate between attacks that try to cause the operating system to break (which you can't on FreeBSD); and attacks that overload the (any) system by opening so many connections that it can't deal with them anymore. Here we have pretty much all parts covered too. Syncache, compressed time_ wait states, etc. No to say something great can't improved further. I'm currently doing that with long term view. However the FreeBSD approach is evolutionary instead of revolutionary as it happens so often on Linux. This gives us a very stable and very proven long living code base. -- Andre ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD network stack Vs others
Alfred Perlstein wrote: * ithilgore -- <[EMAIL PROTECTED]> [080204 06:59] wrote: I 'd like to learn what are the basic differences ( pros and cons ) between the FreeBSD network stack and the other OSs' ( especially linux ) I know that linux has had everything rewritten from scratch as far as the implementation of tcp-ip and the sockets are concerned and would like to know if this has made it actually more robust or state-of-the-art than FreeBSD's or the opposite. Some actual technical details and references would be appreciated. Linux's stack hasn't been rewritten from the BSD one, it was written from scratch. Linux's tcp/ip stack has been rewritten many times over the years with the promise of large performance gains. The fact of the matter is that the performance on the "bleeding edge" of both systems, FreeBSD and Linux, is about the same. From a BSD proponent's perspective, I would take the pragmatic viewpoint that everytime Linux reinvents its stack to get performance or some other feature FreeBSD isn't far behind with a relatively minor change to its stack to accomplish the same feat. -Alfred This means less work for the same gain, if it is as you say. As far as special cases are concerned, has FreeBSD taken extra care for them ? Like for example error checking on more things or additional care for a special bad condition not to happen. What about the security hardening ? Would the FreeBSD network stack succumb less easily to attacks (supposing one doesn't use any additional protection mechanism ) ? ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: kern/120266: [panic] gnugk causes kernel panic when closing UDP sockets
Synopsis: [panic] gnugk causes kernel panic when closing UDP sockets Responsible-Changed-From-To: freebsd-bugs->freebsd-net Responsible-Changed-By: linimon Responsible-Changed-When: Tue Feb 5 02:09:50 UTC 2008 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=120266 ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
PR kern/119791: [nfs] UDP NFS mount of aliased IP addresses from a Solaris 10 NFS v4 server fail
UNCLASSIFIED It would be good if we could first attack the issue of "sysctl -w vfs.nfs.nfs_ip_paranoia=0 doesn't work even though mount_nfs -c does" as then my FreeBSD clients could just set the sysctl and everything would work. With the situation as is, UDP NFS mounts have to be avoided which means that the configuration of the AMD automounter needs fixing as it's broken default configuration results in a UDP NFS mount request even when it is clearly trying to attempt a TCP request (but that's for another PR). Even with AMD set properly to do TCP NFS mount requests, I am having problems with AMD crashing so it would be really good to get UDP mounts working again. With the situation as is I have resorted to a permanent TCP NFS mount in /etc/fstab which is not a good workaround. Matthew Thyer Phone: +61 8 8259 7249 Science Corporate Information Systems Fax:+61 8 8259 5537 Defence Science and Technology Organisation, Edinburgh PO Box 1500 EDINBURGH South Australia 5111 IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914. If you have received this email in error, you are requested to contact the sender and delete the email. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: kern/116837: [tun] [panic] [patch] ifconfig tunX destroy: panic
The following reply was made to PR kern/116837; it has been noted by GNATS.
From: KUROSAWA Takahiro <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Cc:
Subject: Re: kern/116837: [tun] [panic] [patch] ifconfig tunX destroy: panic
Date: Tue, 5 Feb 2008 12:58:31 +0900
It seems that lackness of waking up a process sleeping on select(2)
caused the panic. The following patch (instead of the previous one)
might fix the problem.
--- sys/net/if_tun.c 2008/01/11 04:14:11 1.1
+++ sys/net/if_tun.c 2008/01/29 02:22:43
@@ -249,15 +249,16 @@ tun_destroy(struct tun_softc *tp)
{
struct cdev *dev;
- /* Unlocked read. */
- KASSERT((tp->tun_flags & TUN_OPEN) == 0,
- ("tununits is out of sync - unit %d", TUN2IFP(tp)->if_dunit));
-
dev = tp->tun_dev;
+ /* destroy_dev() ensures no threads access /dev/tunX anymore. */
+ destroy_dev(dev);
bpfdetach(TUN2IFP(tp));
if_detach(TUN2IFP(tp));
if_free(TUN2IFP(tp));
- destroy_dev(dev);
+
+ funsetown(&tp->tun_sigio);
+ selwakeuppri(&tp->tun_rsel, PZERO + 1);
+ KNOTE_UNLOCKED(&tp->tun_rsel.si_note, 0);
knlist_destroy(&tp->tun_rsel.si_note);
mtx_destroy(&tp->tun_mtx);
free(tp, M_TUN);
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: kern/116837: [tun] [panic] [patch] ifconfig tunX destroy: panic
The following reply was made to PR kern/116837; it has been noted by GNATS. From: Bob Van Zant <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: Subject: Re: kern/116837: [tun] [panic] [patch] ifconfig tunX destroy: panic Date: Tue, 05 Feb 2008 10:04:08 +0530 I've been running this patch for the past ~6 days and haven't seen a panic yet. Prior to this I was panicing 2-3 times a day so I think this patch fixes the problem. I believe that this same problem exists with the tap interface. Should we fix it at the same time? -Bob ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: i386/120264: double fault in freebsd 7.0
Synopsis: double fault in freebsd 7.0 Responsible-Changed-From-To: freebsd-i386->freebsd-net Responsible-Changed-By: remko Responsible-Changed-When: Tue Feb 5 06:32:56 UTC 2008 Responsible-Changed-Why: >From the backtrace this appears to be something in the networking code (as far as I am able to interpret) http://www.freebsd.org/cgi/query-pr.cgi?pr=120264 ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
