Lock order reversal in ral driver
Hi, Since upgrading to FreeBSD 7 I have been experiencing some frustrating problems with my RAL wifi card. In particular, it seems to me that dhclient fails when the ral device driver times out while scanning for my access point. At the same time my HP PDA with Spectec WiFi SDIO card has no problems finding my access point. Today I made a kernel with the following options: makeoptions DEBUG=-g options INVARIANTS options INVARIANT_SUPPORT options WITNESS options DEBUG_LOCKS options DEBUG_VFS_LOCKS options DIAGNOSTIC options SOCKBUF_DEBUG options DDB options KDB Upon rebooting the dmesg immediately showed a lock order reversal in the ral driver in ieee80211_scan.c and rt2560.c (see below). Does this correspond to my symptoms? Is there a wizard out there who understands what is happening? Thanks in advance, Rob Mar 23 18:29:49 kraken syslogd: kernel boot file is /boot/kernel/kernel Mar 23 18:29:49 kraken kernel: Copyright (c) 1992-2008 The FreeBSD Project. Mar 23 18:29:49 kraken kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 Mar 23 18:29:49 kraken kernel: The Regents of the University of California. All rights reserved. Mar 23 18:29:49 kraken kernel: FreeBSD is a registered trademark of The FreeBSD Foundation. Mar 23 18:29:49 kraken kernel: FreeBSD 7.0-STABLE #0: Sun Mar 23 17:39:25 EST 2008 Mar 23 18:29:49 kraken kernel: [EMAIL PROTECTED]:/usr/obj/usr/src/sys/KRAKEN_DEBUG Mar 23 18:29:49 kraken kernel: WARNING: WITNESS option enabled, expect reduced performance. Mar 23 18:29:49 kraken kernel: WARNING: DIAGNOSTIC option enabled, expect reduced performance. Mar 23 18:29:49 kraken kernel: Timecounter "i8254" frequency 1193182 Hz quality 0 Mar 23 18:29:49 kraken kernel: CPU: Intel(R) Celeron(R) CPU 2.80GHz (2856.49-MHz 686-class CPU) Mar 23 18:29:49 kraken kernel: Origin = "GenuineIntel" Id = 0xf29 Stepping = 9 Mar 23 18:29:49 kraken kernel: Features=0xbfebfbff Mar 23 18:29:49 kraken kernel: Features2=0x4400 Mar 23 18:29:49 kraken kernel: real memory = 1073676288 (1023 MB) Mar 23 18:29:49 kraken kernel: avail memory = 1040924672 (992 MB) Mar 23 18:29:49 kraken kernel: ACPI APIC Table: Mar 23 18:29:49 kraken kernel: WITNESS: spin lock intrcnt not in order list Mar 23 18:29:49 kraken kernel: ioapic0 irqs 0-23 on motherboard Mar 23 18:29:49 kraken kernel: kbd1 at kbdmux0 Mar 23 18:29:49 kraken kernel: acpi0: on motherboard Mar 23 18:29:49 kraken kernel: acpi0: [ITHREAD] Mar 23 18:29:49 kraken kernel: acpi0: Power Button (fixed) Mar 23 18:29:49 kraken kernel: acpi0: reservation of 0, a (3) failed Mar 23 18:29:49 kraken kernel: acpi0: reservation of 10, 3fef (3) failed Mar 23 18:29:49 kraken kernel: Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 Mar 23 18:29:49 kraken kernel: acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0 Mar 23 18:29:49 kraken kernel: cpu0: on acpi0 Mar 23 18:29:49 kraken kernel: acpi_button0: on acpi0 Mar 23 18:29:49 kraken kernel: pcib0: port 0xcf8-0xcff on acpi0 Mar 23 18:29:49 kraken kernel: pci0: on pcib0 Mar 23 18:29:49 kraken kernel: agp0: on hostb0 Mar 23 18:29:49 kraken kernel: pcib1: at device 1.0 on pci0 Mar 23 18:29:49 kraken kernel: pci1: on pcib1 Mar 23 18:29:49 kraken kernel: vgapci0: port 0x9000-0x90ff mem 0xe000-0xe7ff,0xf100-0xf100 irq 16 at device 0.0 on pci1 Mar 23 18:29:49 kraken kernel: vgapci1: mem 0xe800-0xefff,0xf101-0xf101 at device 0.1 on pci1 Mar 23 18:29:49 kraken kernel: uhci0: port 0xbc00-0xbc1f irq 16 at device 29.0 on pci0 Mar 23 18:29:49 kraken kernel: uhci0: [GIANT-LOCKED] Mar 23 18:29:49 kraken kernel: uhci0: [ITHREAD] Mar 23 18:29:49 kraken kernel: usb0: on uhci0 Mar 23 18:29:49 kraken kernel: usb0: USB revision 1.0 Mar 23 18:29:49 kraken kernel: uhub0: on usb0 Mar 23 18:29:49 kraken kernel: uhub0: 2 ports with 2 removable, self powered Mar 23 18:29:49 kraken kernel: uhci1: port 0xb000-0xb01f irq 19 at device 29.1 on pci0 Mar 23 18:29:49 kraken kernel: uhci1: [GIANT-LOCKED] Mar 23 18:29:49 kraken kernel: uhci1: [ITHREAD] Mar 23 18:29:49 kraken kernel: usb1: on uhci1 Mar 23 18:29:49 kraken kernel: usb1: USB revision 1.0 Mar 23 18:29:49 kraken kernel: uhub1: on usb1 Mar 23 18:29:49 kraken kernel: uhub1: 2 ports with 2 removable, self powered Mar 23 18:29:49 kraken kernel: uhci2: port 0xb400-0xb41f irq 18 at device 29.2 on pci0 Mar 23 18:29:49 kraken kernel: uhci2: [GIANT-LOCKED] Mar 23 18:29:49 kraken kernel: uhci2: [ITHREAD] Mar 23 18:29:49 kraken kernel: usb2: on uhci2 Mar 23 18:29:49 kraken kernel: usb2: USB revision 1.0 Mar 23 18:29:49 kraken kernel: uhub2: on usb2 Mar 23 18:29:49 kraken kernel: uhub2: 2 ports with 2 removable, self powered Mar 23 18:29:49 kraken kernel: uhci3: port 0xb800-0xb81f irq 16 at device 29.3 on pci0 Mar 23 18:29:49 kraken kernel: uhci3: [GIANT-LOCKED] Mar 23 18:29:49 kraken kernel: uhci3: [ITHRE
Re: kern/121983: [fxp] fxp0 MBUF and PAE
Old Synopsis: fxp0 MBUF and PAE New Synopsis: [fxp] fxp0 MBUF and PAE Responsible-Changed-From-To: freebsd-bugs->freebsd-net Responsible-Changed-By: gavin Responsible-Changed-When: Sun Mar 23 11:45:57 UTC 2008 Responsible-Changed-Why: Over to -net. fxp doesn't seem to work correctly with PAE, even though it is fxp not excluded from the PAE kernel (ie so should work) http://www.freebsd.org/cgi/query-pr.cgi?pr=121983 ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ALTQ Vlan
Alexandre Biancalana wrote:
> On 3/5/08, Sergey Matveychuk <[EMAIL PROTECTED]> wrote:
> > Alexandre Biancalana wrote:
> > > Hi list,
> > >
> > > Is there any patches or plans to support altq on vlan interfaces ??
> > >
> >
> >
> > The patch is quite trivial:
> > http://people.yandex-team.ru/~sem/FreeBSD/vlan+altq.patch
>
> Is this working on 7 ? with pf ?
>
> >
> > But may be a better way to shape traffic on parent interface for you?
> > I did the patch because I couldn't do shaping on a parent interface for
> > some reason.
>
> My problem is that I've only one physical interface on the server and
> this interface provide vlans for local network and remote links (which
> I want to shape the traffic) then I had problems because I want to
> limit the speed only on remote links.
You can setup atlq on parent interface and assign traffic to queue on
vlan interface:
altq on em0 cbq bandwidth 1Gb queue { def, vlan10 }
queue def bandwidth 80% cbq ( default , borrow )
queue vlan10 bandwidth 20Mb cbq
...
pass out on vlan10 queue vlan10
--
Mykola Dzham, LEFT-(UANIC|RIPE)
JID: [EMAIL PROTECTED]
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD OS Detection and Uptime
On Sat, Mar 22, 2008 at 11:14:28PM -0300, =?ISO-8859-1?Q?Daniel_Dias_Gon=E7alves_ wrote: > Which methods used to prevent OS detection and uptime (nmap) ? > http://nmap.org/misc/defeat-nmap-osdetect.html#BSD > I tried, but not work. The TCP Drop SYN+FIN sysctl might help. % sysctl -d net.inet.tcp.drop_synfin net.inet.tcp.drop_synfin: Drop TCP packets with SYN+FIN set Regards. -- Rui Paulo ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
A general purpose LDAP solution?
Hi list! I have speculated a lot about implementation of (Open)LDAP on my sever. By I haven't yet found the right (and logical) way to do it. I'm running FreeBSD 7.0-Release with some different server applications - Samba PDC - Virtual mail server (Postfix, MySQL, Courier-IMAP) - VPN (currently with mpd4) - Apache-2.2.8 web server (with PHP and MySQL) I would like to implement LDAP for: - authentication of UNIX/login users - authentication of Samba users - authentication/authorization of virtual mail users For the first part, I got useful information from a previsous thread (http://unix.derkeiler.com/Mailing-Lists/FreeBSD/questions/2008-02/msg01047.html) and for the second part, i guess there is sufficient howtos to make it work. My biggest question right now is if is possible to combine all three things in one data structure. And which in which order I should make the different implimentions. Excuse my total lack of understanding, but is it possible to have a structure with a superior unit such as OU= which could contain several virtual domains and the actual doamin for my PDC? -- Jon Theil Nielsen ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: A general purpose LDAP solution?
2008/3/23, Jon Theil Nielsen <[EMAIL PROTECTED]>: > Hi list! > > I have speculated a lot about implementation of (Open)LDAP on my > sever. By I haven't yet found the right (and logical) way to do it. > I'm running FreeBSD 7.0-Release with some different server applications > - Samba PDC > - Virtual mail server (Postfix, MySQL, Courier-IMAP) > - VPN (currently with mpd4) > - Apache-2.2.8 web server (with PHP and MySQL) > I would like to implement LDAP for: > - authentication of UNIX/login users > - authentication of Samba users > - authentication/authorization of virtual mail users > For the first part, I got useful information from a previsous thread > > (http://unix.derkeiler.com/Mailing-Lists/FreeBSD/questions/2008-02/msg01047.html) > and for the second part, i guess there is sufficient howtos to make it > work. > My biggest question right now is if is possible to combine all three > things in one data structure. And which in which order I should make > the different implimentions. > Excuse my total lack of understanding, but is it possible to have a > structure with a superior unit such as OU= which > could contain several virtual domains and the actual doamin for my > PDC? > > -- > Jon Theil Nielsen Oh, i forgot one more thing: I would also like to be able to authenticate VPN users the same way. -- Jon Theil Nielsen ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: natd port forward times out, tcpdump yields nothing
Well, no, see it's hitting natd just fine as shown by my natd verbose
logs, if you're assuming ipfw is blocking me from reaching natd. Are
you talking about adding a firewall rule for each of my round-robin
addresses, too? How would that do any good?
On Sat, Mar 22, 2008 at 9:27 AM, Henri Hennebert <[EMAIL PROTECTED]> wrote:
>
> Kage wrote:
> > Hey guys,
> >
> >This is a fun one that's stumped people in Freenode ##freebsd.
> > Basically, I have this layout:
> >
> > irc.domain.com -> DNS A -> IRC Jail
> >
> > When someone connects to irc.domain.com on IRC ports (6667, 8067,
> > etc.), it round-robins them using natd, otherwise it sends all other
> > port requests to the IRC jail as per normal (such as port 80, which is
> > my primary concern). As for having it setup to have ipfw divert to
> > natd, that's done and works, as shown by natd verbose mode:
> >
> > In {default}[TCP] [TCP] 72.65.73.23:2980 -> 207.210.114.45:6667 aliased
> to
> >[TCP] 72.65.73.23:2980 -> 207.210.114.45:6667
> >
> > (For reference)
> > 207.210.114.45 = jail IP
> > 72.20.28.202 = example target IP in the round-robin
> > 72.65.73.23 = my IP
> >
> > Right now, my ipfw.rules file is as follows:
> >
> > [EMAIL PROTECTED] /etc]# cat ipfw.rules
> > IPF="ipfw -q add"
> > ipfw -f -q flush
> >
> > #loopback
> > $IPF 10 allow all from any to any via lo0
> > $IPF 20 deny all from any to 127.0.0.0/8
> > $IPF 30 deny all from 127.0.0.0/8 to any
> > $IPF 40 deny tcp from any to any frag
> >
> > # statefull
> > $IPF 50 check-state
> > $IPF 60 allow tcp from any to any established
> > $IPF 70 allow all from any to any out keep-state
> > $IPF 54999 allow icmp from any to any
> >
> > # Include the deny file
> > . /etc/ipfw.deny
> >
> > [snip -- some allowed ports]
> > # IRC (natd divert for IRC port-forwarding
> > $IPF 50220 divert natd all from any to 207.210.114.45 6667 via rl0
> > $IPF 50230 divert natd all from any to 207.210.114.45 8067 via rl0
> > $IPF 50240 divert natd all from any to 207.210.114.45 8068 via rl0
> > $IPF 50250 divert natd all from any to 207.210.114.45 6697 via rl0
> > $IPF 50260 divert natd all from any to 207.210.114.45 7000 via rl0
>
>
> You must also divert the response trafic AFAIK eg:
>
> $IPF 50220 divert natd all from 72.20.28.202 6667 to 207.210.114.45 via rl0
>
>
>
> > # keep these two IRC ports normally open for BNC
> > $IPF 50270 allow all from any to any 31337 in
> > $IPF 50380 allow all from any to any 31337 out
> > [snip -- more allowed ports]
> > # deny and log everything
> > $IPF 55000 deny log all from any to any
> >
> > -
> >
> > Here's a dump of ipfw show, with some stuff cut out for space purposes
> > (they're just denied DDoS IPs)
> >
> > [EMAIL PROTECTED] /etc]# ipfw show
> > 00010 61124 16056802 allow ip from any to any via lo0
> > 00020 0 0 deny ip from any to 127.0.0.0/8
> > 00030 0 0 deny ip from 127.0.0.0/8 to any
> > 00040 0 0 deny tcp from any to any frag
> > 00050 0 0 check-state
> > 00060 670616 455926379 allow tcp from any to any established
> > 00070 16213 14071853 allow ip from any to any out keep-state
> > [snip]
> > 50220468 22464 divert 8668 ip from any to 207.210.114.45
> > dst-port 6667 via rl0
> > 50230 0 0 divert 8668 ip from any to 207.210.114.45
> > dst-port 8067 via rl0
> > 50240 0 0 divert 8668 ip from any to 207.210.114.45
> > dst-port 8068 via rl0
> > 50250 0 0 divert 8668 ip from any to 207.210.114.45
> > dst-port 6697 via rl0
> > 50260 0 0 divert 8668 ip from any to 207.210.114.45
> > dst-port 7000 via rl0
> > 50270 160 allow ip from any to any dst-port 31337 in
> > 54999 66 3991 allow icmp from any to any
> > 55000 4364343609 deny log logamount 100 ip from any to any
> > 65535 29 4176 allow ip from any to any
> >
> > My natd.conf is as follows:
> >
> > [EMAIL PROTECTED] /etc]# cat natd.conf
> > # Nub.Core NATd
> > verbose
> > alias_address 207.210.114.45
> > log
> > log_denied
> > log_ipfw_denied
> > pid_file /var/run/natd.pid
> >
> >
> > ### IRC Redirect Ports
> > # 6667
>
>
> If I understand man natd
>
>
> > redirect_port tcp 72.20.28.202:6667 207.210.114.45:6667 207.210.114.45:6667
>
>^
> Trafic is comming from 72.65.73.23 - so the rule don't apply
>
>
> > [EMAIL PROTECTED] /etc]#
> >
> > And, as stated above, I am showing connection diverts to natd. When I
> > run the following three tcpdumps:
> >
> > tcpdump -s 0 -w me_to_nat.pcap -vvv -i rl0 src host 72.65.73.23 and
> > dst host 207.210.114.45 and dst port 6667
> > tcpdump -s 0 -w nat_to_jail.pcap -vvv -i rl0 src host 72.20.28.202 and
> > dst host 207.210.114.45 and dst port 6667
> > tcpdump -s 0 -w jail_to_nat.pcap -vvv -i rl0 src host 207.210.114.45
> > and dst h
novice question: unable to kldunload netgraph.ko
Hi, I have started to play around with netgraph this weekend, and I am finding a very strange problem of not being able to kldunload any of the ng*.ko modules, as well as netgraph.ko itself. I tried on two systems running 5.4-RELEASE and 7.0-RELEASE, and the result is the same. On both systems, I compiled netgraph after the main kernel compilation by specifying netgraph on the MODULES_OVERRIDE line in /etc/make.conf. Not sure if I left some component that netgraph depends on inside the kernel? I have tried the following with regard to netgraph.ko on both systems. 1. plain kldload and following by kldunload. The error message is device busy. 2. sitting in front of the console with no active network connections, i brought down all ethernet interfaces, tried kldunload, same device busy error. I tried on a freshly booted system, same problem. 3. in front of the console, brought down all ethernet interfaces, tried kldload followed by kldunload. Same problem. I think at some point, I didnt get the device-busy error message with kldunload, but netgraph.ko wasnt unloaded either. I tried googling around and looked through all the netgraph related man pages and netgraph related examples, and it seems that I am the only one having this problem so I wonder if there was something really simple thing that I overlooked? Thanks, Cheng --- On the 5.4 system, kldstat shows the following once netgraph.ko is loaded. It has three ethernet interfaces bge0, bge1, and em0 Id Refs AddressSize Name 14 0xc040 4dd4a8 kernel 21 0xc08de000 6d90 dummynet.ko 31 0xc2a79000 12000netgraph.ko On the 7.0 system with fxp0 and em0 Id Refs AddressSize Name 12 0x8010 5e4560 kernel 21 0xc221c000 87d4 netgraph.ko If I try to look at details with ngctl, it loads ng_socket.ko, which only makes the unloading problem harder! Not sure why the ref count is 1 almost right away. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
