ah_input: packet replay failure
Hi. What does this message means ? I'm getting a lots of those. ===Cut=== Dec 2 14:35:15 ural85-gw0-omega kernel: ah_input: packet replay failure: SA(SPI=3662816 src=10.50.116.6 dst=10.50.110.210) ===Cut=== I'm using FreeBSD as a security gateway: FreeBSD A >==ipsec over gre===> FreeBSD B A is 10.50.110.210 B is 10.50.116.6 А is a 8.1-RELEASE amd64 box, B is 8.0-RELEASE-p2 i386. A is not the only ipsec peer of B, B has a dozen of another cisco/freebsd peers. Keys are exchanged via the ipsec-tools racoon fork. However, I'm getting much lesser of messages on B (and all of them are about A), for example: ===Cut=== Dec 2 14:35:09 wizard kernel: ah_input: packet replay failure: SA(SPI=136093282 src=10.50.110.210 dst=10.50.116.6) ===Cut=== And I'm getting no messages aboyut other FreeBSD/Cisco hosts (and all of them are using IKE). All of other FreeBSD boxes are i386. I'm using ah+esp policy (can post it here if it's related). All seems to be working fine, except those messages. I'm worrying because the cause of those messages can be the cause of rarely encountered VoIP distortions, but to be honest, the messages occurs much more frequently than the distortions and can be releted with overloaded channel, but still. Thanks. Eugene. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: kern/124753: [ieee80211] net80211 discards power-save queue packets early
The following reply was made to PR kern/124753; it has been noted by GNATS. From: =?windows-1251?B?1e7w8+bo6SDR5fDj5ekg3vD85eLo9w==?= To: bug-follo...@freebsd.org, nugun...@nugundam.best.vwh.net Cc: Subject: Re: kern/124753: [ieee80211] net80211 discards power-save queue packets early Date: Thu, 2 Dec 2010 18:07:32 +0300 I had the exact same problem with Atheros 9285 and 8.1-STABLE, such as 9-CU= RRENT. Changing kernel source as a=20 http://thread.gmane.org/gmane.os.freebsd.current/110707 didn't help. What else can I do to it work properly? ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: kern/152768: [mfi] Weird check in mfi(4)
Old Synopsis: Weird check in mfi(4) New Synopsis: [mfi] Weird check in mfi(4) Responsible-Changed-From-To: freebsd-bugs->freebsd-net Responsible-Changed-By: linimon Responsible-Changed-When: Thu Dec 2 18:09:11 UTC 2010 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=152768 ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: kern/152768: [mfi] Weird check in mfi(4)
Synopsis: [mfi] Weird check in mfi(4) Responsible-Changed-From-To: freebsd-net->freebsd-bugs Responsible-Changed-By: linimon Responsible-Changed-When: Thu Dec 2 18:09:40 UTC 2010 Responsible-Changed-Why: bah. too early in the morning, I guess. http://www.freebsd.org/cgi/query-pr.cgi?pr=152768 ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
kern/152141: [vlan] encapsulate vlan in ng_ether before output to if
Hi! This is a patch for ng_ether_rcv_lower function in ng_ether.c to encapsulate vlan before send to net. -- Rozhuk Ivan ng_ether.patch Description: Binary data ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Problem with re0
Hi, Could someone pls advise how to inject HEAD driver to stable release without full kernel rebuild (if possible)? I tried this way but found no assurance/evidence actually kernel using the new driver: 1. download full HEAD source with help of csup 2. in /usr/src/sys/modules/re did make install which in turn compiled re driver and installed into default /boot/kernel 3. reboot So far so good but still re0 driver cannot properly handle rtl8111 chip seeing the very same symptoms as in case of the driver shipped with RELEASE. Thanks. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: ah_input: packet replay failure
On Thu, 2 Dec 2010, Eugene M. Zheganin wrote: Hi, What does this message means ? I'm getting a lots of those. ===Cut=== Dec 2 14:35:15 ural85-gw0-omega kernel: ah_input: packet replay failure: SA(SPI=3662816 src=10.50.116.6 dst=10.50.110.210) ===Cut=== you are running with debugging turn on; otherwise you'd just see the statistics being updated. I'm using FreeBSD as a security gateway: FreeBSD A >==ipsec over gre===> FreeBSD B What it means is that a packet with either an invalid sequence, a sequence lower than the last seen and outside the window, or a sequence seen already (lately) has arrived. Could it be that something is duplicating packets or that you have packet loss between A and B? Given that you say that you are running IPsec on top of GRE (which sounds strange anyway) I'd monitor the outer tunnel endpoints independently to see what's going on. /bz -- Bjoern A. Zeeb Welcome a new stage of life. Going to jail sucks -- All my daemons like it! http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails.html ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Problem with re0
On Thu, Dec 02, 2010 at 09:56:42PM +0100, Gabor Radnai wrote: > Hi, > > Could someone pls advise how to inject HEAD driver to stable release without > full kernel rebuild (if possible)? > If you have updated to stable/8, the driver code would be the same. So need to replace driver with HEAD version. > I tried this way but found no assurance/evidence actually kernel using the > new driver: > 1. download full HEAD source with help of csup > 2. in /usr/src/sys/modules/re did make install which in turn compiled re > driver and installed into default /boot/kernel > 3. reboot > > So far so good but still re0 driver cannot properly handle rtl8111 chip > seeing the very same symptoms as in case of > the driver shipped with RELEASE. > If my memory is correct, your controller is somewhat old 8168 PCIe controller. I also have the same TP-Link TG-3468 PCIe network card which seems to be the only stand-alone PCIe 8168 controller in market. I don't see any problems using the controller so would you summarize your issue again?(Sorry, if you already post it) > Thanks. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Problem with igb(4) updated to version 2.0.7
On 02.12.2010 12:18, Eugene Grosbein wrote: > Hi! > > I'm building new router using 8.2-PRERELEASE containing new igb(4) driver. > I use SuperMicro SuperServer 5016T-MTFB based on X8STi-F motherboard > with add-on Intel Gigabit ET Dual Port Server Adapter in PCIe slot. > > pciconf -lv shows: > > i...@pci0:3:0:0:class=0x02 card=0xa03c8086 chip=0x10c98086 > rev=0x01 hdr=0x00 > class = network > subclass = ethernet > i...@pci0:3:0:1:class=0x02 card=0xa03c8086 chip=0x10c98086 > rev=0x01 hdr=0x00 > class = network > subclass = ethernet > > I connect both ports to Cisco 7606 core router and they link > after "ifconfig ibg1 up" command. > > But "ifconfig igb1 down" does NOT bring link down: > - ifconfig igb still shows "status: active" (but not UP nor RUNNING); > - LEDs are on (both SuperServer's and Cisco's) > - Cisco also shows interfaces in "up" state. > > That's bad as I plan to use EtherChannel/lagg configuration > and need working up/down management. > This SuperServer box has two built-in em(4) ports that have not this problem. Really em(4) does have this probem too. How do I lock link down using em/igb NICs? Eugene Grosbein ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
