Re: iwi doesn't see a wireless network

[Adam K Kirchhoff]

On Tue, 27 Jan 2009 19:17:38 -0800
Sam Leffler  wrote:

> Adam K Kirchhoff wrote:
> > I'm trying to get my laptop to connect to the wireless access point at
> > work. It has a Intel Pro Wireless 2200BG minipci card, and can
> > associate with my access point at home. In addition, I can get an
> > Ubuntu 8.10 liveCD to connect to the access point at work via
> > NetworkManager. So there is definitely no incompatibility between the
> > wireless card and access point.
> >
> > Here's my wpa_supplicant.conf file:
> >
> > network={
> > ssid="Mckella280Front"
> > key_mgmt=WPA-PSK
> > pairwise=TKIP
> > psk="#"
> > }
> >
> > The preshared key is definitely correct, as it's the one that works
> > with the liveCD. For the sake of testing, I've removed the reference to
> > my wireless AP at home.
> >
> > I'm attaching the output from wpa_supplicant run with -dd.  Basically,
> > it keeps scanning but only ever sees the tmobile network.  That's
> > actually coming from another person in the building using a tmobile
> > wireless broadband card. If she's not here, the scan never picks up
> > anything. Similarly, 'ifconfig iwi0 list scan' only picks up the
> > tmobile ssid.
> >
> > Yet, if I reboot off the liveCD, it works. Here's the output of 'iwlist
> > eth1 scanning' under the liveCD:
> >
> > eth1  Scan completed :
> >   Cell 01 - Address: 00:22:6B:9A:CC:AF
> > ESSID:"Mckella280Front"
> > Protocol:IEEE 802.11bg
> > Mode:Master
> > Frequency:2.457 GHz (Channel 10)
> > Encryption key:on
> > Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
> >   9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
> >   48 Mb/s; 54 Mb/s
> > Quality=50/100  Signal level=-68 dBm  
> > IE: WPA Version 1
> > Group Cipher : TKIP
> > Pairwise Ciphers (1) : TKIP
> > Authentication Suites (1) : PSK
> > IE: IEEE 802.11i/WPA2 Version 1
> > Group Cipher : TKIP
> > Pairwise Ciphers (1) : CCMP
> > Authentication Suites (1) : PSK
> > Extra: Last beacon: 904ms ago
> >
> >
> > And, iwconfig while connected:
> >
> > eth1  IEEE 802.11g  ESSID:"Mckella280Front"  
> >   Mode:Managed  Frequency:2.457 GHz  Access Point: 
> > 00:22:6B:9A:CC:AF   
> >   Bit Rate:54 Mb/s   Tx-Power=20 dBm   Sensitivity=8/0  
> >   Retry limit:7   RTS thr:off   Fragment thr:off
> >   Power Management:off
> >   Link Quality=59/100  Signal level=-66 dBm  Noise level=-87 dBm
> >   Rx invalid nwid:0  Rx invalid crypt:6  Rx invalid frag:0
> >   Tx excessive retries:0  Invalid misc:0   Missed beacon:3
> >
> > The only thing I can think of is that the AP is using some feature that
> > the iwi driver, or wpa_supplicant, doesn't support.
> >
> > Is there someway to get this working?
> >
> >   
> You don't indicate a freebsd version.  Is your ap configured to hide the 
> ssid?
> 
> Sam
> 
> 

Sorry.  This is: FreeBSD 7.1-STABLE #1: Fri Jan 23 11:41:10 EST 2009 

And no, the AP does not hide the ssid.  It shows up in NetworkManager
on the LiveCD without any extra configuration (just asking for the key
when I select it).  But, just to be sure, I've tried setting scan_ssid
to 1 in wpa_supplicant.conf, too, but that didn't change anything.

Adam


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

TCP gets special treatment?

[Per Hurtig (work)]

Hi,

How differently are TCP packets treated compared to e.g. SCTP packets,
while traversing the FreeBSD network stack (up to and including the
IP-layer when using ipfw)?. I do not assume that the firewall (ipfw)
is explicitly configured to check for established sessions or any TCP
specifics. Are there a lot of TCP-specific optimizations conducted by
lower layers anyways (besides possible checksum offloading)?

BR, Per
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

ipsec tunnels & conflicting networks

[Eric Masson]

Hello,

Has anybody seen this entry on undeadly ?
http://undeadly.org/cgi?action=article&sid=20090127205841

Is there some similar feature on FreeBSD (nat on enc0 & support in ike
daemon) ?

TIA

Regards

Éric Masson

-- 
 >Sais-tu pourquoi les bidasses n'ont pas le droit de marcher au pas
 >sur les ponts ?
 si y'en à un qui tombe, ils se suivent tous ?
-+- Rom in Gnu - Un deux, un deux, un deux, un deuu... plouf-+-

___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: Multiple ISP routing by port

[eculp]

Quoting Max Laier :


On Tuesday 27 January 2009 06:18:09 jmaps-fbsd...@fireburns.net wrote:

I've read through what I could find in this list and also in the top 50
results on google... I can't find anything that'll actually make this work.

My DSL ISP is too far away to give me anything faster than 1.5mbps down. In
despiration I signed up for comcast to use for bulk traffic.

Thus, I want to route critical traffic (22, 25, 53, (maybe) 80, 443)
through the DSL provider and the rest through cable.

I really feel like this should be possible with PF with something like:

nat on $dsl_if from ($int_if:network) to any port $dslports -> ($dsl_if)
nat on $cbl_if from ($int_if:network) to any -> ($cbl_if)

or

pass in quick on $int_if route-to { ($dsl_if $dsl_gw) } proto { tcp udp }
from ($int_if:network) to any port $dslports

Neither (or both) seem to do it. All traffic ends up getting routed through
whichever ISP i have set as the default route.


Take a look at: http://www.openbsd.org/faq/pf/pools.html#outgoing

I was aware of the round robin load balancing but I, as the poster, am  
interested in what is referred to "critical traffic" through one ISP  
and all other through a second.  How would that be accomplished with  
pf and or with Julian's fib's ?


Thanks,

ed


You are probably missing the following part of the setup:
| To ensure that packets with a source address belonging to $ext_if1 are
| always routed to $ext_gw1 (and similarly for $ext_if2 and $ext_gw2), the
| following two lines should be included in the ruleset:
|
|pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 \
|   to any
|pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 \
|   to any

This obviously has to be adapted for you specific setup - but in general this
works as expected.


Now, I hear i can go over to linux and just configure both default routes
at the same time (trivial with iproute2). But I'd rather avoid that if at
all possible.

Is there some trick I'm missing? Does quagga (bgpd) allow for this kind of
routing scheme?


--
/"\  Best regards,  | mla...@freebsd.org
\ /  Max Laier  | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mla...@efnet
/ \  ASCII Ribbon Campaign  | Against HTML Mail and News
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: MTU or Fragmentation Problems on 7.0?

[David DeSimone]

Len Gross  wrote:
>
> I guess it is "good news" that this is a result of "common TCP
> methodology." ;->

It can be good or bad.  Just because it's common doesn't mean it always
works.  :)

> BTW: The only firewall I've found in this setup is a Linksys WiFi
> Router that that connects to a cable modem.  Similar setup at a second
> location with a WiFI router to DSL.

Reduced MTU sizes are quite common with DSL setups, and so people using
DSL are most likely to run into these issues.

I should point out that most of the consumer DSL routers such as the
Linksys you mentioned will perform a hack known as "MSS mangling".  They
will watch for TCP SYN packets being sent, and if the MSS is larger than
would be supported by the Path MTU, they will change the MSS value to
an acceptable value before forwarding it along.  Since this causes the
other endpoint to negotiate a smaller initial MSS, the connection "just
works" in nearly all cases.

This is probably the main reason why there has not been a huge outcry
concerning rampant ICMP filtering breaking Path MTU Discovery.  In fact,
you may even want to investigate how you can start doing some MSS
Mangling in your own setup.

> One left over item to ponder.  Why does Google work?  Do they have a
> packet size smaller than 1450 by "default"?

More likely they use firewalls that forward ICMP traffic correctly, as
that would be required.  You should snoop on your BSD1 box to see if
they are sending larger frames and whether your BSD1 box is sending ICMP
responses back to them.

-- 
David DeSimone == Network Admin == f...@verio.net
  "I don't like spinach, and I'm glad I don't, because if I
   liked it I'd eat it, and I just hate it." -- Clarence Darrow


This email message is intended for the use of the person to whom it has been 
sent, and may contain information that is confidential or legally protected. If 
you are not the intended recipient or have received this message in error, you 
are not authorized to copy, distribute, or otherwise use this message or its 
attachments. Please notify the sender immediately by return e-mail and 
permanently delete this message and any attachments. Verio, Inc. makes no 
warranty that this email is error or virus free.  Thank you.
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

SCTP, possible bug in peer authentication key

[Yann WANWANSCAPPEL]

Hi all,

I think I found a bug in the SCTP authentication code, in
sctp_load_addresses_from_init() in sctp_pcb.c

keylen = sizeof(*p_random) + random_len + sizeof(*chunks) + num_chunks +
sizeof(*hmacs) + hmacs_len;

The keylen calculation assumes the Chunk List Parameter (CHUNKS)
vl-param was present in the received INIT packet, which can be false if
peer SCTP does not require any chunk to be authenticated (this typically
occurs if peer does not support ASCONF).

>From RFC 4895, 6.1

* An SCTP endpoint has a list of chunks it only accepts if they are
* received in an authenticated way.  This list is included in the INIT
* and INIT-ACK, and MAY be omitted if it is empty.  Since this list
* does not change during the lifetime of the SCTP endpoint there is no
* problem in case of INIT collision.

This case is properly handled later in the build of the key

/* append in the AUTH chunks */
if (chunks != NULL) {
.
}

I think the calculated keylen should be something like this :

keylen = sizeof(*p_random) + random_len + sizeof(*hmacs) + hmacs_len;

if (chunks != NULL) {
   keylen += sizeof(*chunks) + num_chunks
}

This problem results in authenticated packets sent from peer SCTP to be
discarded.

The problem does not occurs if peer SCTP is modified to send an empty
Chunk List Parameter, (eg num_chunks = 0 in the decoding).

Br,
Yann









___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: kern/128917: [wpi] [panic] if_wpi and wpa+tkip causing kernel panic

[Perrin Alexandre]

The following reply was made to PR kern/128917; it has been noted by GNATS.

From: Perrin Alexandre 
To: bug-follo...@freebsd.org, kita...@epicsol.org
Cc:  
Subject: Re: kern/128917: [wpi] [panic] if_wpi and wpa+tkip causing kernel
panic
Date: Wed, 28 Jan 2009 21:41:41 +0100

 --H1spWtNR+x+ondvy
 Content-Type: multipart/mixed; boundary="y0ulUmNC+osPPQO6"
 Content-Disposition: inline
 
 
 --y0ulUmNC+osPPQO6
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 Hi,
 I also got panic from wpi(4) with a WPA/TKIP network at home.
 I'm using 7.1-RELEASE on amd64:
 
 % uname -a
 FreeBSD FriBSD630 7.1-RELEASE-p2 FreeBSD 7.1-RELEASE-p2 #0: Mon Jan 26
 01:29:32 CET 2009 t...@fribsd630:/usr/obj/usr/src/sys/KAWAROU  amd64
 
 Regards,
 Perrin Alexandre
 
 --y0ulUmNC+osPPQO6
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename="kgdb.txt"
 
 Fatal trap 12: page fault while in kernel mode
 cpuid = 0; apic id = 00
 fault virtual address   = 0x
 fault code  = supervisor read data, page not present
 instruction pointer = 0x8:0x8066353c
 stack pointer   = 0x10:0xb0004a90
 frame pointer   = 0x10:0xb0004bb0
 code segment= base 0x0, limit 0xf, type 0x1b
 = DPL 0, pres 1, long 1, def32 0, gran 1
 processor eflags= interrupt enabled, resume, IOPL = 0
 current process = 33 (wpi0 taskq)
 trap number = 12
 panic: page fault
 cpuid = 0
 Uptime: 7h42m19s
 Physical memory: 1514 MB
 Dumping 578 MB: 563 547 531 515 499 483 467 451 435 419 403 387 
371 355 339 323 307 291 275 259 243 227 211 195 179 163 147 131 115 (CTRL-C to 
abort)  99 83 67 (CTRL-C to abort)  51 35 19 3
 
 Reading symbols from /boot/kernel/zfs.ko...Reading symbols from 
/bootdir/boot/kernel/zfs.ko.symbols...done.
 done.
 Loaded symbols for /boot/kernel/zfs.ko
 Reading symbols from /boot/kernel/opensolaris.ko...Reading symbols 
from /bootdir/boot/kernel/opensolaris.ko.symbols...done.
 done.
 Loaded symbols for /boot/kernel/opensolaris.ko
 Reading symbols from /boot/kernel/wpifw.ko...Reading symbols from 
/bootdir/boot/kernel/wpifw.ko.symbols...done.
 done.
 Loaded symbols for /boot/kernel/wpifw.ko
 Reading symbols from /boot/kernel/i915.ko...Reading symbols from 
/bootdir/boot/kernel/i915.ko.symbols...done.
 done.
 Loaded symbols for /boot/kernel/i915.ko
 Reading symbols from /boot/kernel/drm.ko...Reading symbols from 
/bootdir/boot/kernel/drm.ko.symbols...done.
 done.
 Loaded symbols for /boot/kernel/drm.ko
 #0  doadump () at pcpu.h:195
 195 pcpu.h: No such file or directory.
 in pcpu.h
 (kgdb) bt
 #0  doadump () at pcpu.h:195
 #1  0x803fecc8 in boot (howto=260) at 
/usr/src/sys/kern/kern_shutdown.c:418
 #2  0x803ff10c in panic (fmt=0x806b748f "%s") at 
/usr/src/sys/kern/kern_shutdown.c:574
 #3  0x8063f51c in trap_fatal (frame=0xff00012af000, eva=Variable 
"eva" is not available.
 ) at /usr/src/sys/amd64/amd64/trap.c:764
 #4  0x8063f8e4 in trap_pfault (frame=0xb00049e0, usermode=0) 
at /usr/src/sys/amd64/amd64/trap.c:680
 #5  0x806402c2 in trap (frame=0xb00049e0) at 
/usr/src/sys/amd64/amd64/trap.c:449
 #6  0x806257b3 in calltrap () at 
/usr/src/sys/amd64/amd64/exception.S:209
 #7  0x8066353c in wpi_ops (arg0=Variable "arg0" is not available.
 ) at /usr/src/sys/dev/wpi/if_wpi.c:2411
 #8  0x80434cbd in taskqueue_run (queue=0xff00012d8180) at 
/usr/src/sys/kern/subr_taskqueue.c:282
 #9  0x80434f82 in taskqueue_thread_loop (arg=Variable "arg" is not 
available.
 ) at /usr/src/sys/kern/subr_taskqueue.c:401
 #10 0x803dc0df in fork_exit (callout=0x80434f10 
, arg=0x80e4a0c0, frame=0xb0004c80) at 
/usr/src/sys/kern/kern_fork.c:804
 #11 0x80625b8e in fork_trampoline () at 
/usr/src/sys/amd64/amd64/exception.S:455
 
 --y0ulUmNC+osPPQO6
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename="network-infos.txt"
 
 bssid=00:02:cf:xx:xx:xx
 ssid=Nope
 id=1
 pairwise_cipher=TKIP
 group_cipher=TKIP
 key_mgmt=WPA-PSK
 wpa_state=COMPLETED
 ip_address=192.168.1.X
 
 --y0ulUmNC+osPPQO6--
 
 --H1spWtNR+x+ondvy
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v2.0.10 (FreeBSD)
 
 iEYEARECAAYFAkmAwwUACgkQ6rsYM89HSUBZlQCfeEbOEhJ81MuHu9u30iQUnLO+
 lfQAn22xBmPwp+TTVRARURSB6t5K7rpq
 =1mVs
 -END PGP SIGNATURE-
 
 --H1spWtNR+x+ondvy--
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd

Creating more than one interfaces pointing to the same gateway.

[Ashish SHUKLA]

Hi all,

I've 2 ADSL connections (PPPoE) from the same ISP. The gateway
(remote-endpoint) which I get after dialing both PPP connections is
same, due to which I'm not able to use both connections in FreeBSD
simultaneously. Last time, I checked I was using 6.2 and there is no
such functionality present. I'm wondering if there is any patch which
providing similar functionality exists somewhere waiting to be tested or
committed in 8.0-CURRENT or 7.1-STABLE ?

TiA
-- 
Ashish SHUKLA


pgpBCOTCBQxze.pgp
Description: PGP signature

reminder: bugathon upcoming this weekend

[Mark Linimon]

Starting this Friday, we are going to hold a bugathon to work through
some of the network-related PRs.  More details, and a list of resources,
are available at http://wiki.freebsd.org/Bugathons/January2009.

I have come up with a page that details a subset of those PRs as a set
of suggested PRs:

http://people.freebsd.org/~linimon/annotated_prs_bugathon.html

Please join us to work through some PRs.  Thanks!

mcl
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"