RE: Malformed syn packet cause %100 cpu and interrupts FreeBSD 9.0 release
it's of course Syn flood with malformed syn packets around 100.000 packet per second with differents IP address.. around 40.000 pps starting input errors CPU cause %100 (NIC uses 8 core with different irq's x8 bus (2.5 GTs) all cpu's %100). also 60.000 pps can't handle it.. But while normal syn flood same equiment can handle around 1Mpps (different IPs) .. its without any firewall software.. just tune some kernel params.. Today i will get tcpdump with -X param.. and i will share with you. I think this problem about those packets process with cpu and CPU raise UP %100 but those are bogus SYN packets.. İ think if bogus syn packets don't process by CPU.. it will be OK.. Regards Seyit Özgür Network Yöneticisi From: Michael Sierchio [mailto:ku...@tenebras.com] Sent: Friday, March 16, 2012 1:21 AM To: Chuck Swiger Cc: Seyit Özgür; freebsd-net@freebsd.org Subject: Re: Malformed syn packet cause %100 cpu and interrupts FreeBSD 9.0 release 2012/3/15 Chuck Swiger I prefer IPFW myself, but you probably ran out of stateful rule slots. For a high-volume services which is expected to be Internet-reachable (ie, port 80 to a busy webserver), you really just don't want to have stateful rules-- it's too easy to DoS the firewall itself, as you noticed. In any event, you don't need state if you are just blacklisting attack sources. I too prefer ipfw, especially since adding blacklist IP addresses or networks to a table is extremely efficient. You haven't really identified what you mean by "malformed", but maybe you are talking about a SYN flood, in which case make sure that SYN cookies and SYN cache are enabled... I'm still wondering, too. Are the packets malformed, or is this a SYN flood? - M
RE: Malformed syn packet cause %100 cpu and interrupts FreeBSD 9.0 release
Here is my bsd# sysctl -a | grep syncache.hashsize net.inet.tcp.syncache.hashsize: 512 bsd# sysctl -a | grep syncache.cachelimit net.inet.tcp.syncache.cachelimit: 15360 bsd# sysctl -a | grep syncache.bucketlimit net.inet.tcp.syncache.bucketlimit: 30 i will incrase hashsize and cachelimit and retest again.. Seyit Özgür Network Yöneticisi -Original Message- From: owner-freebsd-...@freebsd.org [mailto:owner-freebsd-...@freebsd.org] On Behalf Of Nikolay Denev Sent: Friday, March 16, 2012 12:58 AM To: Seyit Özgür Cc: freebsd-net@freebsd.org Subject: Re: Malformed syn packet cause %100 cpu and interrupts FreeBSD 9.0 release On Mar 15, 2012, at 10:40 PM, Seyit Özgür wrote: > sori my opinion but i m not a BSD guru.. i just working on BSD like 2 months.. > i know that PF or IPFW isn't build multicore arhitecture... As i know if my server got on heavy Syn flood traffic PF or IPFW don't enough 1 core.. > i also tried Syn_cookie, Syn_cookie_only and syn_cache.. if i set up syn_cookie start input errors after 600.000 syn packets per second. But while i set off syn cookie protection.. my server can handle much more syn packets then 600.000.. > Also thats why i don't use syncookies too.. > If there is any statefull Firewall software on freeBSD which support multicore process? (you know ?). i m up to set up.. > > i will get tcpdump again with -X param.. then i will post it again.. > > Thanks for your comments. > > > From: Chuck Swiger [cswi...@mac.com] > Sent: Thursday, March 15, 2012 10:30 PM > To: Seyit Özgür > Cc: freebsd-net@freebsd.org > Subject: Re: Malformed syn packet cause %100 cpu and interrupts > FreeBSD 9.0 release > > On Mar 15, 2012, at 1:17 PM, Seyit Özgür wrote: >> Thanks for quick reply.. but i don't use firewall. i tried to use PF.. >> Packer filter stucks up to 100.000 syn packets flooding(on open >> port).. Without packet filter it handle much more syn flooding. Like 1Mpps can handle w/o interrupts that i see on my equiment But in this case "malformed packets" i got interrupts also input packet error.. cause %100 cpu.. >> Is there any way to stop them without firewall ? Any rfc kernel feature can check and stop those bogus packets ? >> Or do i something wrong on PF ? > > I prefer IPFW myself, but you probably ran out of stateful rule slots. For a high-volume services which is expected to be Internet-reachable (ie, port 80 to a busy webserver), you really just don't want to have stateful rules-- it's too easy to DoS the firewall itself, as you noticed. In any event, you don't need state if you are just blacklisting attack sources. > > You haven't really identified what you mean by "malformed", but maybe you are talking about a SYN flood, in which case make sure that SYN cookies and SYN cache are enabled... > > Regards, > -- > -Chuck > > In my experience you will endure a lot more SYN flood traffic if you use only syncache, and also increase the syncache sysctls. Sycookies are somewhat more expensive to calculate and they cause 100% CPU load much sooner. I use : net.inet.tcp.syncache.hashsize=2048 net.inet.tcp.syncache.cachelimit=61440 net.inet.tcp.syncache.bucketlimit=30 Does this works better for you? ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
LAGG and CARP troubles
Hello. I'm using 7.4p6/i386 and this is (a part of) my configuration cloned_interfaces="lagg0 vlan1 vlan2 vlan3 carp0 carp1 carp6 carp7 carp9 carp10" ifconfig_em0="up" ifconfig_em1="up" ifconfig_lagg0="laggproto lacp laggport em0 laggport em1 192.168.101.1 netmask 255.255.255.0" ifconfig_carp0="vhid 1 pass xxx 192.168.101.10" ifconfig_carp1="vhid 2 advskew 200 pass 192.168.101.10" lagg0 would work fine (using two cables, recovering from one disconnection, etc...). However carp0 will stay MASTER only with one cable; as soon as I connect both em interfaces, I'll get: kernel: carp0: MASTER -> BACKUP (more frequent advertisement received) What am I doing wrong? bye & Thanks av. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: LAGG and CARP troubles
On Fri, Mar 16, 2012 at 1:51 PM, Andrea Venturoli wrote: > I'm using 7.4p6/i386 and this is (a part of) my configuration > >> cloned_interfaces="lagg0 vlan1 vlan2 vlan3 carp0 carp1 carp6 carp7 carp9 >> carp10" >> ifconfig_em0="up" >> ifconfig_em1="up" >> ifconfig_lagg0="laggproto lacp laggport em0 laggport em1 192.168.101.1 >> netmask 255.255.255.0" >> ifconfig_carp0="vhid 1 pass xxx 192.168.101.10" >> ifconfig_carp1="vhid 2 advskew 200 pass 192.168.101.10" > > > lagg0 would work fine (using two cables, recovering from one disconnection, > etc...). > > However carp0 will stay MASTER only with one cable; as soon as I connect > both em interfaces, I'll get: > >> kernel: carp0: MASTER -> BACKUP (more frequent advertisement received) > > > What am I doing wrong? I think it is somehow related to my problem "carp over openvpn", maybe? Your carp interfaces behaving just like mine then. http://docs.freebsd.org/cgi/mid.cgi?CABk4_A7ii-9-cUTcrVGA2-LAuWhGm4zFVXbaw3jwjpygeobjBQ I wonder if this problem can be solved too. -- your sweet isn't ready yet > > bye & Thanks > av. > ___ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: if_bridge stops when running virtualbox 4.1.8
Hi, Thank you for your information. Now I can use both VirtualBox and WI-FI HOSTAP mode. I refered below URL for TAP setup. http://forums.freebsd.org/showthread.php?t=7153 1. load kernel modules kldload /boot/kernel/if_bridge.ko kldload /boot/kernel/if_tap.ko 2. setup tap interface sysctl net.link.tap.user_open=1 chown root:vboxusers /dev/tap0 chmod 660 /dev/tap0 3. create tap interface and bridge interface - I use bridge1 for tap, because I use bridge0 for WI-FI HOSTAP - net0 is for my ehternet network ifconfig bridge1 create ifconfig bridge1 addm net0 ifconfig tap0 192.168.1.111 netmask 255.255.255.0 ifconfig bridge1 addm tap0 ifconfig bridge1 up 4. start virtualbox and change bridge adapter to tap0 5. enable WI-FI with src/tools/tools/net80211/scripts/setup.wpa2 / Florian >On 14.03.2012 13:59, MIHIRA Sanpei Yoshiro wrote: >> Hi, >> >> I also have this problem. >> My environment is below >>- FreeBSD-8.2-RELEASE/amd64 and FreeBSD-10-current/i386 >> - Virtualbox 4.0.14(now I'm compiling new version 4.1.8) >> - WI-FI HOSTAP mode(if_bridge) >> >> I hope to use both function(VirtualBox and if_bridge) at same. >> Please let us to know the appropriate settings. >> >>> I just noticed that when running Virtualbox 4.1.8 with a bridged >>> network >>> interface, I loose connectivity to another virtual host running in >>> qemu >>> whose network interface is bridged to my ethernet interface. After >>> stopping the Virtualbox instance, I regain connection to the virtual >>> host under qemu. Ifconfig doesn't give a clue. Has anyone seen >>> this >>> behaviour or, even better, have a solution? >> > >What i did was create another tap interface add that to the bridge >and configure VirtualBox to use the tap interface. Seems to work for >me. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: if_bridge stops when running virtualbox 4.1.8
Hi, Thank you for your information. I mistake bridge interface settings. I use only one bridge interface(bridge0) and add ethernet, wi-fi and tap interfaces. Now I can use both VirtualBox and WI-FI HOSTAP mode. I refered below URL for TAP setup. http://forums.freebsd.org/showthread.php?t=7153 1. load kernel modules kldload /boot/kernel/if_bridge.ko kldload /boot/kernel/if_tap.ko 2. setup tap interface sysctl net.link.tap.user_open=1 chown root:vboxusers /dev/tap0 chmod 660 /dev/tap0 3. create tap interface and bridge interface - wlan0 is for WI-FI interface - net0 is for my ehternet network ifconfig bridge0 create ifconfig bridge0 addm net0 ifconfig tap0 192.168.1.111 netmask 255.255.255.0 ifconfig bridge0 addm tap0 ifconfig bridge0 addm wlan0 ifconfig bridge0 up 4. start virtualbox and change bridge adapter to tap0 5. enable WI-FI with src/tools/tools/net80211/scripts/setup.wpa2 / Florian >On 14.03.2012 13:59, MIHIRA Sanpei Yoshiro wrote: >> Hi, >> >> I also have this problem. >> My environment is below >>- FreeBSD-8.2-RELEASE/amd64 and FreeBSD-10-current/i386 >> - Virtualbox 4.0.14(now I'm compiling new version 4.1.8) >> - WI-FI HOSTAP mode(if_bridge) >> >> I hope to use both function(VirtualBox and if_bridge) at same. >> Please let us to know the appropriate settings. >> >>> I just noticed that when running Virtualbox 4.1.8 with a bridged >>> network >>> interface, I loose connectivity to another virtual host running in >>> qemu >>> whose network interface is bridged to my ethernet interface. After >>> stopping the Virtualbox instance, I regain connection to the virtual >>> host under qemu. Ifconfig doesn't give a clue. Has anyone seen >>> this >>> behaviour or, even better, have a solution? >> > >What i did was create another tap interface add that to the bridge >and configure VirtualBox to use the tap interface. Seems to work for >me. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Intel 82574L interface wedging - em7.3.2/8.2-STABLE
On Thursday, March 15, 2012 7:41:09 pm Sean Bruno wrote:
>
> >
> > Hmm, so I have yet to test this, but I found several bugs related to
transmit
> > in em(4) and igb(4) recently just reading the code. (Mostly unnecessary
> > scheduling of tasks for transmit.) I've included your change of
restarting
> > TX when link becomes active. I've also updated it to fix resume for em
> > and igb to DTRT when buf_ring is used, and to not include old-style start
> > routines at all when using multiq. It is at
> > http://www.freebsd.org/~jhb/patches/e1000_txeof2.patch
> >
>
> I think that some of the code being removed originated from our universe
> over here at Yahoo. We were seeing the driver assert IFF_OACTIVE and
> never clearing out.
>
> Reviewing this patch at a glance I note that the check of IFF_OACTIVE
> was removed, if the kernel can get us out of that state without the
> IFF_OACTIVE checks, then I'm good with it.
Yes, it was buggy before in that it would just sit and poll unnecessarily.
The problem was that it wasn't actually kicking off retransmits in some cases
(e.g. igb_msix_que and em_msix_tx). That was the real cause of it hanging
on OACTIVE. The current code schedules more tasks as a much more expensive
workaround and I remove all that.
> Sean
>
> ref:
>
> @@ -1497,10 +1509,11 @@
> if (!drbr_empty(ifp, txr->br))
> em_mq_start_locked(ifp, txr, NULL);
> #else
> - em_start_locked(ifp, txr);
> + if (!IFQ_DRV_IS_EMPTY(&ifp->if_snd))
> + em_start_locked(ifp, txr);
> #endif
> EM_TX_UNLOCK(txr);
> - if (more || (ifp->if_drv_flags & IFF_DRV_OACTIVE)) {
> + if (more) {
> taskqueue_enqueue(adapter->tq, &adapter->que_task);
> return;
>
>
>
>
--
John Baldwin
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Use of network_interfaces in rc.conf
On Thu, Mar 15, 2012 at 08:49:55PM -0400, Eric W. Bates wrote: > On 3/15/2012 7:27 PM, Kevin Oberman wrote: > > 2012/3/14 Eugene Grosbein: > >> 15.03.2012 06:33, hiren panchasara ?: > >> > >>> network_interfaces is basically historic rudiment > >>> used in 2.2.x FreeBSD version and alike. > >>> > >>> In general, you should not use it in modern version at all. > >>> > >>> > >>> Thanks Eugene. > >>> > >>> So, the only way to specify boottime configuration (that survives > >>> reboots) for an interface in rc.conf is: > >>> ifconfig_em0="dhcp" ? > >> > >> Yes, thats what man rc.conf says. > > > > Minor correction, but the man page says 'ifconfig_em0="DHCP". It may > > not be case sensitive, but I have always uded CAPS like the man page > > specifies. Also, I usually end up specifying SYNCDHCP to avoid having > > something else that requires network starting before the interface is > > configured. > > > > Of course, ifconfig_* may have any valid ifconfig argument in it, but > > remember the rc.conf is shell, so you must put all of the definition > > in a single statement. You can't do: > > ifconfig_em0="DHCP" > > ifconfig_em0="mediaopt half-duplex" > > That will not do DHCP, so hte interface will not come up. Of course, > > you can concatinate a second entry to the first using normal sh > > syntax. > > FreeBSD rc has a clever way around this. In /etc/network.subr > ifscript_up(), if the file /etc/start_if.em0 is readable, it will be dot > executed. So you can put as much multi-line config info in there as you > would like. e.g.: > > ifconfig em0 mediaopt half-duplex > dhclient em0 > > As long as network_interfaces includes em0 (and it will be automatically > included by default), then start_if.em0 will be run. Conversely, > stop_if.em0 will also run when rc runs at shutdown. On many cases you can simply use: ifconfig_em0="DHCP mediaopt half-duplex" While DHCP is not an actual ifconfig option we strip it from the list (along with several other psuedo-arguments) and pass the remainder to ifconfig. Not all option will work this way, but I believe mediaopt does. -- Brooks pgpzAv7HRBImJ.pgp Description: PGP signature
Re: LAGG and CARP troubles
If you're adventurous, could you upgrade a test box to 10-CURRENT and try the new CARP code? ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Intel 82574L interface wedging - em7.3.2/8.2-STABLE
Can someone please just send me some recent em/igb hardware? I'll sit down and find ways to break things and help Jack fix them. I've been knee deep in this crap with ath(4) so I'm well versed now in the art of "making your NIC and network stack not angry." Adrian ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Problem with FreeBSD working with squid and WCCPv2 Cisco 6500 series
Hi, i have some query and would like to ask anyone on squid with cisco catalyst 6500 switch with wccpv2 My setup: - squid2.7-stable9 on freebsd 7.2-RELEASE - cisco switch catalyst 6500 with ios 12.2(33)SXJ1 Internet | | - Cisco FWSM firewall | | | | | cisco switch catalyst 6500 (Core switch) 10.4.10.1 DMZ Segment | || | Internal LAN (10.0.0.0/8) | | | | Squid box User (202.188.244.8) FreeBSD conf : ifconfig gre0 - gre0: flags=d051 metric 0 mtu 1476 tunnel inet 202.188.244.8 --> 10.4.10.1 inet 202.188.244.8 --> 192.168.249.2 netmask 0x ipnat rules: rdr bce0 0.0.0.0/0 port 80 -> 202.188.244.8 port 7788 rdr bce0 0.0.0.0/0 port 443 -> 202.188.244.8 port 7788 rdr gre0 0.0.0.0/0 port 80 -> 202.188.244.8 port 7788 rdr gre0 0.0.0.0/0 port 443 -> 202.188.244.8 port 7788 ipf rules: - pass in log first on gre0 all pass out log first on gre0 all pass in log first on bce0 all pass out log first on bce0 all /etc/rc.conf - ifconfig_bce0="inet 202.188.244.8 netmask 255.255.255.0" cloned_interfaces="gre0" ifconfig_gre0="inet 202.188.244.8 192.168.249.2 netmask 255.255.255.255 link2 tunnel 202.188.244.8 10.4.10.1 up" sysctl.conf -- net.inet.ip.forwarding: 1 net.inet.ip.fastforwarding: 1 squid.conf --- wccp2_router 10.4.10.1 wccp2_forwarding_method 1 wccp2_return_method 1 wccp2_service standard 0 wccp2_address 0.0.0.0 wccp2_assignment_method 1 Cisco 6500 output: --- #show ip wccp web-cache Global WCCP information: Router information: Router Identifier: 192.168.250.2 Protocol Version:2.0 Service Identifier: web-cache Number of Service Group Clients: 1 Number of Service Group Routers: 1 Total Packets s/w Redirected:3799 Process: 0 CEF: 3799 Redirect access-list:120 Total Packets Denied Redirect: 0 Total Packets Unassigned:382 Group access-list: 20 Total Messages Denied to Group: 0 Total Authentication failures: 0 Total Bypassed Packets Received: 0 #show ip wccp web-cache detail WCCP Client information: WCCP Client ID: 202.188.244.8 Protocol Version:2.0 State: Usable Redirection: GRE Packet Return: GRE Assignment: HASH Initial Hash Info: Assigned Hash Info: Hash Allotment: 256 (100.00%) Packets s/w Redirected: 3139 Connect Time:00:48:27 Bypassed Packets Process: 0 CEF: 0 Errors:0 squid cache log: 2012/03/14 19:31:51| wccp2HereIam: sending to service id 0 2012/03/14 19:31:51| Sending HereIam packet size 144 2012/03/14 19:31:51| Incoming WCCPv2 I_SEE_YOU length 132. 2012/03/14 19:31:51| Complete packet received 2012/03/14 19:31:51| Incoming WCCP2_I_SEE_YOU Received ID old=1591 new=1592. 2012/03/14 19:31:51| Cleaning out cache list Cisco 6500 debug message: *Mar 14 18:53:43.291: WCCP-EVNT:wccp_update_assignment_status: enter *Mar 14 18:53:43.291: WCCP-EVNT:wccp_update_assignment_status: exit *Mar 14 18:53:43.291: WCCP-EVNT:wccp_validate_wc_assignments: enter *Mar 14 18:53:43.291: WCCP-EVNT:wccp_validate_wc_assignments: not mask assignment, exit *Mar 14 18:53:43.291: WCCP-PKT:S00: Sending I_See_You packet to 202.188.244.8 w/ rcv_id 05F4 *Mar 14 18:53:53.291: WCCP-EVNT:wccp_update_assignment_status: enter *Mar 14 18:53:53.291: WCCP-EVNT:wccp_update_assignment_status: exit *Mar 14 18:53:53.291: WCCP-EVNT:wccp_validate_wc_assignments: enter *Mar 14 18:53:53.291: WCCP-EVNT:wccp_validate_wc_assignments: not mask assignment, exit *Mar 14 18:53:53.291: WCCP-PKT:S00: Sending I_See_You packet to 202.188.244.8 w/ rcv_id 05F5 *Mar 14 18:54:03.295: WCCP-EVNT:wccp_update_assignment_status: enter *Mar 14 18:54:03.295: WCCP-EVNT:wccp_update_assignment_status: exit *Mar 14 18:54:03.295: WCCP-EVNT:wccp_validate_wc_assignments: enter *Mar 14 18:54:03.295: WCCP-EVNT:wccp_validate_wc_assignments: not mask assignment, exit *Mar 14 18:54:03.295: WCCP-PKT:S00: Sending I_See_You packet to 202.188.2
Re[2]: Intel 82574L interface wedging - em7.3.2/8.2-STABLE
Здравствуйте, Adrian. Вы писали 16 марта 2012 г., 17:52:26: AC> Can someone please just send me some recent em/igb hardware? I'll sit AC> down and find ways to break things and help Jack fix them. AC> I've been knee deep in this crap with ath(4) so I'm well versed now in AC> the art of "making your NIC and network stack not angry." I can give to you root access to machine with igb hardware. will that be enough? -- С уважением, Коньков mailto:kes-...@yandex.ru ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Intel 82574L interface wedging - em7.3.2/8.2-STABLE
On 3/16/2012 11:52 AM, Adrian Chadd wrote: > Can someone please just send me some recent em/igb hardware? I'll sit > down and find ways to break things and help Jack fix them. > > I've been knee deep in this crap with ath(4) so I'm well versed now in > the art of "making your NIC and network stack not angry." The 82574L is not that common on NICs and tends to be on server motherboards. igb is easy enough to source. ---Mike > > > > Adrian > ___ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" > > -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Intel 82574L interface wedging - em7.3.2/8.2-STABLE
Its looking like I will be able to provide him with some hardware. Cheers, Jack On Fri, Mar 16, 2012 at 11:00 AM, Mike Tancsa wrote: > On 3/16/2012 11:52 AM, Adrian Chadd wrote: > > Can someone please just send me some recent em/igb hardware? I'll sit > > down and find ways to break things and help Jack fix them. > > > > I've been knee deep in this crap with ath(4) so I'm well versed now in > > the art of "making your NIC and network stack not angry." > > The 82574L is not that common on NICs and tends to be on server > motherboards. igb is easy enough to source. > >---Mike > > > > > > > > > Adrian > > ___ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" > > > > > > > -- > --- > Mike Tancsa, tel +1 519 651 3400 > Sentex Communications, m...@sentex.net > Providing Internet services since 1994 www.sentex.net > Cambridge, Ontario Canada http://www.tancsa.com/ > ___ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Assigning multiple IPs in the same network to an interface
On Feb 18, 2012, at 5:39 AM, Damien Fleuriot wrote: > On 2/16/12 3:39 PM, Andrew Boyer wrote: >> >> On Feb 16, 2012, at 8:16 AM, Damien Fleuriot wrote: >> >>> On 2/16/12 8:08 AM, M. V. wrote: hi everybody, i have a problem with setting multiple IPs in the same network in FreeBSD: - suppose I assign two new IP addresses in the same network to eth0 with ifconfig: #ifconfig eth0 add 192.168.10.1/24 #ifconfig eth0 add 192.168.10.2/24 - everything works fine and the output of "netstat -r" is like what it should be: #netstat -r 192.168.10.0 eth0 192.168.10.1lo0 192.168.10.2lo0 ... - but now if I delete first IP address, connection to 192.168.10.0 network will be gone. and in output of "netstat -r" the route to 192.168.10.0 (via eth0) is gone: #ifconfig eth0 delete 192.168.10.1 #netstat -r 192.168.10.2lo0 . - am i missing something here? shouldn't the route to the network remain in routing table (because we still have 192.168.10.2 assigned to interface)? Thanks. >>> >>> You shouldn't assign your secondary IP with a /24 mask, use /32. >>> >>> You'll run into problems otherwise. >>> >>> As a rule of thumb, your aliases = /32 >>> >> >> M.V. - >> What you are doing should work fine. There were a handful of routing table >> bugs fixed in the last few months that corrected this behavior. The last >> two were just merged to stable/8 yesterday. What release are you running? >> >> -Andrew >> > > This is of interest to me. > > Do these fixes allow one to use say /24 aliases instead of /32 without > running into problems ? > Sorry for the long delay. I'm not aware of any restriction on how many IPs or subnets you can install, as long as the subnets don't conflict. I haven't tried IPv6, though... -Andrew -- Andrew Boyerabo...@averesystems.com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
netmap
Hi. I read most of the netmap paper. In short, cool work :) I have one question... is this meant only for use with dedicated tap interfaces? Or will it be integrated with the mangement interface? Example... Today: fxp0 - onboard NIC, 192.168.0.10, ssh, httpd, smtp, tcpdump, etc. ixgbe0 - PCIe addon NIC, tap interface, netmap Tomorrow: ixgbe0 - all the above functions in one NIC It would seem to me that an 'emulate an interface' shim/driver could be written that would hook into netmap below and provide all the normal interface semantics above. netmap interface <--> emulation driver <--> 'net0' interface So example... /etc/rc.conf:netmap_emulate1='ixgbe0 net0' /etc/rc.conf:netmap_emulate2='em0 net1' /etc/rc.conf:netmap_emulate3='fxp1 net2' /etc/rc.conf:ifconfig_net0='inet 10.0.0.3/24' ifconfig net0 192.168.0.10/24 -alias ifconfig net0 ::1 tcpdump, httpd, sshd, ... ipfw, pf, netgraph, vlan, bridge, carp, ... and all the other various capabilities of a physical NIC, etc... Also, though perhaps not needed for line rate capture, but for making a standard interface to them... will various 10/100/1000 NICS such as fxp, em, de, bfe, etc... end up being netmap capable? ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: netmap
On Fri, Mar 16, 2012 at 06:48:48PM -0400, grarpamp wrote: > Hi. I read most of the netmap paper. In short, cool work :) > > I have one question... is this meant only for use with dedicated > tap interfaces? Or will it be integrated with the mangement interface? > > Example... > > Today: > fxp0 - onboard NIC, 192.168.0.10, ssh, httpd, smtp, tcpdump, etc. > ixgbe0 - PCIe addon NIC, tap interface, netmap > > Tomorrow: > ixgbe0 - all the above functions in one NIC > > It would seem to me that an 'emulate an interface' shim/driver > could be written that would hook into netmap below and provide > all the normal interface semantics above. yes this is the long term plan (actually, kind of works now too if the netmap-attached client then passes the packets to the host stack). The tricky question is who select which (incoming) traffic needs to go to the host, and which one should be filtered out. I have some ideas but need to figure out what is the best way to go. > netmap interface <--> emulation driver <--> 'net0' interface > > So example... > > /etc/rc.conf:netmap_emulate1='ixgbe0 net0' > /etc/rc.conf:netmap_emulate2='em0 net1' > /etc/rc.conf:netmap_emulate3='fxp1 net2' > /etc/rc.conf:ifconfig_net0='inet 10.0.0.3/24' > ifconfig net0 192.168.0.10/24 -alias > ifconfig net0 ::1 > tcpdump, httpd, sshd, ... > ipfw, pf, netgraph, vlan, bridge, carp, ... > and all the other various capabilities of a physical NIC, etc... > > Also, though perhaps not needed for line rate capture, but for > making a standard interface to them... will various 10/100/1000 > NICS such as fxp, em, de, bfe, etc... end up being netmap capable? the em family is already supported. For the 100Mbit ports there is really no point, as CPUs are fast enough already. cheers luigi > ___ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: netmap
> yes this is the long term plan (actually, kind of works now too > if the netmap-attached client then passes the packets to the host > stack). I would not know how to do that as a common user. Maybe like divert/natd socket in ipfw. But perhaps natd is the only example of user tool in base for that kind of thing right now. > The tricky question is who select which (incoming) traffic needs > to go to the host, and which one should be filtered out. I have > some ideas but need to figure out what is the best way to go. I guess it would need to have all the usual interface semantics... MAC, multicast, promiscuous, alias, vlan, jumbo, v4/v6, checksum, routing, bpf, statistics. I doubt userland interface for all those to the kernel exists yet, and some are only accessible by the code nearest the iron. Maybe better to let the full emulator be kernel space. And it seems there is some additional configuration, or loss of service risk, if the emulator is userland and that account gets compromised. If that is what you meant by 'who'. If the user wanted to then run divert/natd, raw, quagga, and other processing for read/write, they could as normal, just with net0 interface. Anyways, I don't know much. > the em family is already supported. For the 100Mbit ports there > is really no point, as CPUs are fast enough already. Of course, it would just be a consistency thing, /dev/netmap ed0 :) And much boring work when 1000Mbit parts is cheap standard to use now. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
