Current problem reports assigned to freebsd-net@FreeBSD.org

[FreeBSD bugmaster]

Note: to view an individual PR, use:
  http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.


S Tracker  Resp.  Description

o kern/140970  net[bce] The two NetXtreme II BCM5709S NICs on our HP Bl4
o kern/140796  net[ath] [panic] privileged instruction fault
o kern/140778  net[em] randomly panic in vlan/em
o kern/140742  netrum(4) Two asus-WL167G adapters cannot talk to each ot
o kern/140728  net[em] [patch] Fast irq registration in em driver
o kern/140684  net[bce] Broadcom NetXtreme II BCM5709 1000Base-T - fail 
o kern/140647  net[em] [patch] e1000 driver does not correctly handle mu
o kern/140634  net[vlan] destroying if_lagg interface with if_vlan membe
o kern/140619  net[ifnet] [patch] refine obsolete if_var.h comments desc
s kern/140597  net[request] implement Lost Retransmission Detection
f bin/140571   net[patch] ifconfig(8) does not set country DE
o kern/140567  net[ath] [patch] ath is not worked on my notebook PC
o kern/140564  net[wpi] Problem with Intel(R) PRO/Wireless 3945ABG
o kern/140358  net8.0RC2: [arp] arp: writing to routing socket: Invalid 
o kern/140346  net[wlan] High bandwidth use causes loss of wlan connecti
o kern/140326  net[em] em0: watchdog timeout when communicating to windo
o kern/140245  net[ath] [panic] Kernel panic during network activity on 
o kern/140142  net[ip6] [panic] FreeBSD 7.2-amd64 panic w/IPv6
o kern/140066  net[bwi] install report for 8.0 RC 2 (multiple problems)
o kern/140051  net[bce] [arp] ARP not sent through Bridge Firewall with 
o kern/140036  net[iwn] [lor] lock order reversal with iwn0_com_lock and
o kern/139761  net[bce] bce driver on IBM HS22 [No PHY found on Child MI
o kern/139565  net[ipfilter] ipfilter ioctl SIOCDELST broken
o kern/139559  net[tun] several tun(4) interfaces can be created with sa
o kern/139387  net[ipsec] Wrong lenth of PF_KEY messages in promiscuous 
o bin/139346   net[patch] arp(8) add option to remove static entries lis
o kern/139268  net[if_bridge] [patch] allow if_bridge to forward just VL
o kern/139204  net[arp] DHCP server replies rejected, ARP entry lost bef
o kern/139162  net[fwip] [panic] 8.0-RC1 panics if using IP over firewir
o kern/139145  net[ip6] IPv6 blackhole / reject routes broken
o kern/139117  net[lagg] + wlan boot timing (EBUSY)
o kern/139113  net[arp] removing IP alias doesn't delete permanent arp e
o kern/139058  net[ipfilter] mbuf cluster leak on FreeBSD 7.2
o kern/138999  net[libc] lighttpd/php-cgi with freebsd sendfile(2) enabl
o kern/138850  net[dummynet] dummynet doesn't work correctly on a bridge
o kern/138782  net[panic] sbflush_internal: cc 0 || mb 0xff004127b00
o kern/138739  net[wpi] wpi(4) does not work very well under 8.0-BETA4
o kern/138694  net[bge] FreeBSD 6.3 release does not recognize Broadcom 
o amd64/138688 net[rum] possibly broken on 8 Beta 4 amd64: able to wpa a
o kern/138678  net[lo] FreeBSD does not assign linklocal address to loop
o kern/138676  net[route] after buildworld not work local routes [regres
f kern/138666  net[multicast] [panic] not working multicast through igmp
o kern/138660  net[igb] igb driver troubles in 8.0-BETA4
o kern/138652  netTCP window scaling value calculated incorrectly?
o kern/138620  net[lagg] [patch] lagg port bpf-writes blocked
o kern/138427  net[wpi] [panic] Kernel panic after trying set monitor wl
o kern/138407  net[gre] gre(4) interface does not come up after reboot
o kern/138332  net[tun] [lor] ifconfig tun0 destroy causes LOR on 8.0-BE
o kern/138266  net[panic] kernel panic when udp benchmark test used as r
o kern/138177  net[ipfilter] FreeBSD crashing repeatedly in ip_nat.c:257
o kern/138046  net[tcp] tcp sockets stay in SYN_SENT even after receivin
o kern/137881  net[netgraph] [panic] ng_pppoe fatal trap 12
o bin/137841   net[patch] wpa_supplicant(8) cannot verify SHA256 signed 
p kern/137795  net[sctp] [panic] mtx_lock() of destroyed mutex
o kern/137776  net[rum] panic in rum(4) driver on 8.0-BETA2
o kern/137775  net[netgraph] [patch] Add XMIT_FAILOVER to ng_one2many
o bin/137641   netifconfig(8): various problems with "vlan_device.vlan_i
o kern/137592  net[ath] panic - 7-STABLE (Aug 7, 2009 UTC) crashes on ne
o bin/137484   net[patch] Integer overflow in wpa_supplicant(8) base64 e
o kern/137392  net

Re: svn commit: r198994 - in stable/6/sys/dev: bce mii

[Doug Ambrisko]

pluknet writes:
[ Charset ISO-8859-1 unsupported, converting... ]
| 2009/11/6 Doug Ambrisko :
| > Author: ambrisko
| > Date: Fri Nov ?6 17:58:44 2009
| > New Revision: 198994
| > URL: http://svn.freebsd.org/changeset/base/198994
| >
| > Log:
| > ?MFC: Merge in minimal 5709/5716 support into 6.X extracted from current.
| > ?This is not a direct merge since I tried to only extra the changes to
| > ?support the 5709 from all of the other changes that have happened in
| > ?head. ?This should not introduce any issues that the other changes may
| > ?have caused. ?We have been running this code for months on Dell r710's.
| > ?It has been lightly tested on systems with 5716's.
| >
| > ?This is to allow people to run newer hardware on 6.X.
| 
| Very nice. Thank you.
| 
| I'm afraid not all the chunks were merged since I cannot run on 6.x
| with my BCM5709.
| 
| FreeBSD 7.2 - works
| FreeBSD 6.4-stable - does not
| 
| It locks up somewhere in the late stage of multiuser (usually in a
| random step of rc.d) and getty cannot take the control.
| Here it still pings via network, I can achieve ssh stage where ssh
| warns me "The authenticity of host '$HOST' can't be established."
| If I type "yes", then it stops here and no go. After return from ddb
| it stops even ping until next reboot.
| 
| I use boot via NFS/PXE, so it may interfere there, since rc.d usually
| write something to disk, which is NFS-mounted here.
| So it probably could run fine if booting from a local disk (I can't
| test this setup).

You might try to instrument the rc stuff even though you mention it 
appears random.  Might try to make sure that it isn't re-initializing 
the network or something like that.  I tried with a fresh checkout
of 6-stable and I PXE booted it fine.  A side note is that Dell's
have a bug with their uarts starting with the 2950 rev 2 in which
the TX does work with the speed that we do the reset.  RX works 
fine so you can recover it with a {Ctrl}d since it doesn't always
fail.
 
| I've attached dmesg (doesn't differs much from 7.2) and some ddb output below.
| Looking in alltrace I see no obvious lockups, no nfs stuck. But
| sometimes sh stucks somewhere in nfsreq.
| 
| The same box boots fine via NFS on different NFS setup with 7.2,
| a different (in h/w) box boots fine on these NFS setup and NFS root,
| so no mistakes in setup part.
| 
| I remember that back to August I tried to boot 6.4 with what is in bce
| of RELENG_7 on this box and it booted fine and I xmitted some traffic
| with it.
| So I guess the problem is in NFS-boot.
| 
| I'll try to find ways to boot the system locally and report back..

I didn't see anything in the logs.

Doug A.
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: [CFR] unified rc.firewall

[John Baldwin]

On Wednesday 25 November 2009 11:01:16 am Hajimu UMEMOTO wrote:
> Hi,
> 
> > On Mon, 23 Nov 2009 12:55:25 -0500
> > John Baldwin  said:
> 
> I updated the patch.
> 
> jhb> I had missed the me vs any.  It is true that the equivalent rule would 
> use
> jhb> me6.  I would rather figure out the IPv6 bug so that TCP is treated the
> jhb> same for both protocols instead of having a weaker firewall for IPv6 than
> jhb> IPV4.
> 
> Yes, it is better, definitely.  I thought that we could change to use
> dynamic rule, once it was fixed.
> Since the PR kern/117234 fixed it, I changed to use dynamic rule for
> IPv6 as well.  So, it requires the patch in the PR.
> 
> jhb> I do find the shorter version easier to read, and it matches the existing
> jhb> style as well as the examples in the manual page, handbook, etc.
> 
> Okay, I changed 'ip6' to 'all' where we can use it, and stopped use of
> 'proto xxx'' as possible.
> 
> I reconsidered oif vs oif6 and iif vs iif6 issue.  Now, if
> $firewall_simple_oif_ipv6 is not set, $firewall_simple_oif is assumed
> for oif6, and, $firewall_simple_iif_ipv6 is not set,
> $firewall_simple_iif is assumed for iif6.
> Further, I think we don't assign a global IPv6 address to oif in
> usual.  So, I made $firewall_simple_onet_ipv6 optional.
> One more change is that DHCPv6 is allowed as well as IPv4 DHCP for
> WORKSTATION type.  I'm using DHCPv6 in usual; L2TP + DHCPv6 PD, DHCPv6
> DNS option ...
> 
> Sincerely,

I think you can just remove the ipv6_firewall_* variables from
/etc/defaults/rc.conf completely.  Perhaps you can use 'set_rcvar_obsolete'
in /etc/rc.firewall to emit a warning if ipv6_firewall_enable is defined?
Or maybe just emit an explicit warning in /etc/rc.firewall in that case?

Other than that I think this patch looks good.  Thanks for fixing this!

-- 
John Baldwin
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: kern/134079: [em] "em0: Invalid MAC address" in FreeBSD-Current ( 8.0)

[Korba]

The following reply was made to PR kern/134079; it has been noted by GNATS.

From: Korba 
To: bug-follo...@freebsd.org, g.zhengm...@gmail.com
Cc:  
Subject: Re: kern/134079: [em] "em0: Invalid MAC address" in FreeBSD-Current ( 
8.0)
Date: Mon, 30 Nov 2009 19:52:45 +0100

 I had the same problem. I changed the e1000_read_mac_addr_generic()
 function in /usr/src/sys/dev/e1000/e1000_nvm.c to the 7.2 version. It
 works for me.
 
 Good luck,
 Piotr "Korba" Tomczyk
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: kern/141023: [carp] CARP arp replays with wrong src mac

[linimon]

Old Synopsis: CARP arp replays with wrong src mac
New Synopsis: [carp] CARP arp replays with wrong src mac

Responsible-Changed-From-To: freebsd-bugs->freebsd-net
Responsible-Changed-By: linimon
Responsible-Changed-When: Mon Nov 30 21:21:50 UTC 2009
Responsible-Changed-Why: 
Over to maintainer(s).

http://www.freebsd.org/cgi/query-pr.cgi?pr=141023
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Connecting to a WatchGuard box

[Andrea Venturoli]

Hello.
A customer of mine was connecting to a remote WatchGuard box through 
their Mobile VPN client.

Now I'd like the server to take over that and le the whole network connect.

Did anyone ever succeded in this? Is it possible?
Should be IPSEC, but anyone has an how-to?

 bye & Thanks
av.
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: MPD Multiple PPPoE to same ISP

[Thodoris Stamatopoulos]

Thank you very much Nikos, at first it didnt worked with the 7.2 Release kernel 
(cant compile kernel with radix option), but with 8 it worked like a charm, all 
interface now have the same gateway
and all ng interfaces have ip at last...

Thanks
Thodoris
(euxaristw:))


On Nov 21, 2009, at 7:20 PM, Nikos Vassiliadis wrote:

> Thodoris S. wrote:
>> I am trying to make Multiple PPPoE Connections to the Same ISP for
>> Load Balancing  reasons
>> my mpd.conf is:
>> default:
>>load adsl0
>>load adsl1
>>load adsl2
>> adsl0:
>>new -i ng0 pppoe0 pppoe0
>>set iface route default
>>set iface disable on-demand
>>set iface idle 0
>>set bundle disable multilink
>>set bundle authname "***"
>>set bundle password "***"
>>set bundle no noretry
>>set link keep-alive 10 60
>>set link max-redial 0
>>set link no acfcomp protocomp
>>set link disable pap chap
>>set link accept chap
>>set link mtu 1492
>>set ipcp yes vjcomp
>>set ipcp ranges 0.0.0.0/0.0.0.0/0
>>set ipcp enable req-pri-dns
>>set ipcp enable req-sec-dns
>>open
>> adsl1:
>>new -i ng1 pppoe1 pppoe1
>>set iface route default
>>set iface disable on-demand
>>set iface idle 0
>>set bundle disable multilink
>>set bundle authname "***"
>>set bundle password "***"
>>set bundle no noretry
>>set link keep-alive 10 60
>>set link max-redial 0
>>set link no acfcomp protocomp
>>set link disable pap chap
>>set link accept chap
>>set link mtu 1492
>>set ipcp yes vjcomp
>>set ipcp ranges 0.0.0.0/0.0.0.0/0
>>set ipcp enable req-pri-dns
>>set ipcp enable req-sec-dns
>>open
>> adsl2:
>>new -i ng2 pppoe2 pppoe2
>>set iface route default
>>set iface disable on-demand
>>set iface idle 0
>>set bundle disable multilink
>>set bundle authname "***"
>>set bundle password "***"
>>set bundle no noretry
>>set link keep-alive 10 60
>>set link max-redial 0
>>set link no acfcomp protocomp
>>set link disable pap chap
>>set link accept chap
>>set link mtu 1492
>>set ipcp yes vjcomp
>>set ipcp ranges 0.0.0.0/0.0.0.0/0
>>set ipcp enable req-pri-dns
>>set ipcp enable req-sec-dns
>>open
>> And mpd.links is:
>> pppoe0:
>>set link type pppoe
>>set pppoe iface em0
>>set pppoe service "we"
>>set pppoe enable originate
>>set pppoe disable incoming
>> pppoe1:
>>set link type pppoe
>>set pppoe iface em1
>>set pppoe service "we1"
>>set pppoe enable originate
>>set pppoe disable incoming
>> pppoe2:
>>set link type pppoe
>>set pppoe iface bce1
>>set pppoe service "we2"
>>set pppoe enable originate
>>set pppoe disable incoming
>> The problem is tha only one (the first logged in) ng interface gets ip
>> assigned to it, all others assigned to lo0 interface
>> and when i am trying to NAT them with PF it gives me this error:
>> /etc/pf.conf:26: could not parse host specification
>> im giving you ifconfig and netstat -nr
>> ifconfig:
>> [r...@emperor ~]# ifconfig
>> bce0: flags=8843 metric 0 mtu 1500
>>  
>> options=1bb
>>  ether 00:1e:c9:db:24:7f
>>  inet 192.168.0.1 netmask 0xfff8 broadcast 192.168.0.7
>>  media: Ethernet autoselect (1000baseTX )
>>  status: active
>> em0: flags=8843 metric 0 mtu 1500
>>  options=19b
>>  ether 00:15:17:78:fd:56
>>  inet 192.168.101.1 netmask 0xff00 broadcast 192.168.101.255
>>  media: Ethernet autoselect (100baseTX )
>>  status: active
>> em1: flags=8843 metric 0 mtu 1500
>>  options=19b
>>  ether 00:15:17:78:fb:41
>>  inet 192.168.102.1 netmask 0xff00 broadcast 192.168.102.255
>>  media: Ethernet autoselect (100baseTX )
>>  status: active
>> bce1: flags=8843 metric 0 mtu 1500
>>  
>> options=1bb
>>  ether 00:1e:c9:db:24:7d
>>  inet 192.168.103.1 netmask 0xff00 broadcast 192.168.103.255
>>  media: Ethernet autoselect (100baseTX )
>>  status: active
>> lo0: flags=8049 metric 0 mtu 16384
>>  inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
>>  inet6 ::1 prefixlen 128
>>  inet 127.0.0.1 netmask 0xff00
>> pflog0: flags=141 metric 0 mtu 33204
>> ng0: flags=88d1 metric
>> 0 mtu 1492
>>  inet 11.11.11.11 --> 12.12.12.2 netmask 0x
>> ng1: flags=88d1 metric
>> 0 mtu 1492
>> ng2: flags=88d1 metric
>> 0 mtu 1492
>> nestat -nr:
>> Routing tables
>> Internet:
>> DestinationGatewayFlagsRefs  Use  Netif Expire
>> default192.168.0.2  UGS 013812   bce0
>> 192.168.0.0/29   link#1 UC  00   bce0
>> 12.12.12.2   11

Re: Connecting to a WatchGuard box

[Oleg Baranov]

Hi!

I've been working with Watchguard 8.3 & 9.0 for some time.
In general it was fine but we've suffered connection recovery problems 
after ISP blackouts from time to time.


Here is my section of racoon.conf

remote a.b.c.d
{
   exchange_mode main;

   lifetime time 8 hour ;   # sec,min,hour

   my_identifier fqdn "my.dom.ain";
   peers_identifier fqdn "watchguard.fw.dn";

   initial_contact on;

   proposal {
   encryption_algorithm 3des;
   hash_algorithm sha1;
   authentication_method pre_shared_key;
   dh_group 1;
   }
   proposal_check obey;
}


Setkey and PSK file records are standard as well as gif interfaces setup.
On Watchguard it was Branch Office Gateway and tunnel set up accordingly 
to the parameters above...




Andrea Venturoli wrote:

Hello.
A customer of mine was connecting to a remote WatchGuard box through 
their Mobile VPN client.
Now I'd like the server to take over that and le the whole network 
connect.


Did anyone ever succeded in this? Is it possible?
Should be IPSEC, but anyone has an how-to?

 bye & Thanks
av.
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"


___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: MPD Multiple PPPoE to same ISP

[Thodoris Stamatopoulos]

I didnt knew it!, thanks again guys :) very nice tip especially when you have a 
bunch of connections


On Dec 1, 2009, at 12:26 AM, Julian Elischer wrote:

> Thodoris Stamatopoulos wrote:
>> Thank you very much Nikos, at first it didnt worked with the 7.2 Release 
>> kernel (cant compile kernel with radix option), but with 8 it worked like a 
>> charm, all interface now have the same gateway
>> and all ng interfaces have ip at last...
>> Thanks
>> Thodoris
>> (euxaristw:))
>> On Nov 21, 2009, at 7:20 PM, Nikos Vassiliadis wrote:
>>> Thodoris S. wrote:
 I am trying to make Multiple PPPoE Connections to the Same ISP for
 Load Balancing  reasons
 my mpd.conf is:
 default:
   load adsl0
   load adsl1
   load adsl2
 adsl0:
   new -i ng0 pppoe0 pppoe0
   set iface route default
   set iface disable on-demand
   set iface idle 0
   set bundle disable multilink
   set bundle authname "***"
   set bundle password "***"
   set bundle no noretry
   set link keep-alive 10 60
   set link max-redial 0
   set link no acfcomp protocomp
   set link disable pap chap
   set link accept chap
   set link mtu 1492
   set ipcp yes vjcomp
   set ipcp ranges 0.0.0.0/0.0.0.0/0
   set ipcp enable req-pri-dns
   set ipcp enable req-sec-dns
   open
 adsl1:
   new -i ng1 pppoe1 pppoe1
   set iface route default
   set iface disable on-demand
   set iface idle 0
   set bundle disable multilink
   set bundle authname "***"
   set bundle password "***"
   set bundle no noretry
   set link keep-alive 10 60
   set link max-redial 0
   set link no acfcomp protocomp
   set link disable pap chap
   set link accept chap
   set link mtu 1492
   set ipcp yes vjcomp
   set ipcp ranges 0.0.0.0/0.0.0.0/0
   set ipcp enable req-pri-dns
   set ipcp enable req-sec-dns
   open
 adsl2:
   new -i ng2 pppoe2 pppoe2
   set iface route default
   set iface disable on-demand
   set iface idle 0
   set bundle disable multilink
   set bundle authname "***"
   set bundle password "***"
   set bundle no noretry
   set link keep-alive 10 60
   set link max-redial 0
   set link no acfcomp protocomp
   set link disable pap chap
   set link accept chap
   set link mtu 1492
   set ipcp yes vjcomp
   set ipcp ranges 0.0.0.0/0.0.0.0/0
   set ipcp enable req-pri-dns
   set ipcp enable req-sec-dns
   open
> As a side issue, to improve readability, might I suggest
> something like:
> 
> adsl0:
>new -i ng0 pppoe0 pppoe0
>set bundle authname "***"
>set bundle password "***"
>load adsldflt
> 
> adsl1:
>new -i ng1 pppoe1 pppoe1
>set bundle authname "***"
>set bundle password "***"
>load adsldflt
> 
> adsl2:
>new -i ng2 pppoe2 pppoe2
>set bundle authname "***"
>set bundle password "***"
>load adsldflt
> 
> adsldflt:
>set iface route default
>set iface disable on-demand
>set iface idle 0
>set bundle disable multilink
>set bundle no noretry
>set link keep-alive 10 60
>set link max-redial 0
>set link no acfcomp protocomp
>set link disable pap chap
>set link accept chap
>set link mtu 1492
>set ipcp yes vjcomp
>set ipcp ranges 0.0.0.0/0.0.0.0/0
>set ipcp enable req-pri-dns
>set ipcp enable req-sec-dns
>open
> 
> 
> 
> 

___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"