Can DUMMYNET handle weighting of traffic according to firewall rules?
On Saturday, December 13, 2014, Brett Glass > wrote: > At 10:35 AM 12/12/2014, John Nielsen wrote: > > Is there a reason you can't use a separate pipe for each direction? >> > > We want to limit the total amount of bandwidth consumed, based on the > formula 2U + D <= L. If we used two pipes, there would be no way to keep > track of the sum. > > What I need (and am not sure if DUMMYNET can currently supply) is a pipe > that allows you to feed it a packet and say, "Count this X times toward the > bandwidth limit." > No, as it is now dummynet cannot do what you ask. It would be a one-line change in the kernel, plus the part to handle passing the extra parameter (we could call it "cost") to the queue's configuration. As usual, the UI is 10+ times bigger than the code doing the actual work (though one could rightly blame the existing UI for not being designed for extensibility). Cheers Luigi -- -+--- Prof. Luigi RIZZO, ri...@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/. Universita` di Pisa TEL +39-050-2211611 . via Diotisalvi 2 Mobile +39-338-6809875 . 56122 PISA (Italy) -+--- ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Howto tether my Android hone to FreeBSD10
Hi Bernard: Unless you have compiled a custom kernel, you should have an urndis module, so you can load it quite easily with: # kldload urndis (Note the #, that means its done as root, you can also use "sudo kldload urndis"). By taking a quick look at the handbook ( http://www.freebsd.org/doc/handbook/network-usb-tethering.html): Once the device is attached ue0 will be available for use like a normal network device. I haven't ever used USB tethering on FreeBSD. Is it working now? Hopefuly someone more experienced than me will be able to lend a hand. El Sat Dec 13 2014 at 5:56:31 AM, Bernard Higonnet () escribió: > Hello, > > My searching indicates I need urndis but it isn't in ports and I don't > know what to do with the C source file... > > Is there a simple cookbook way to tether? > > TIA > Bernard Higonnet > ___ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
DNS resolution problem
Dear, I'm having trouble resolving domain name freebsd.org. The portsnap server works correctly but the pkg audit -F does not work and can not even access the site according to the following tests: # host ec2-sa-east-1.portsnap.freebsd.org ec2-sa-east-1.portsnap.freebsd.org has address 177.71.188.240 # host vuxml.freebsd.org Host vuxml.freebsd.org not found: 3(NXDOMAIN) # host -a freebsd.org Trying "freebsd.org" Trying "freebsd.org.intnet.com.br" Host freebsd.org not found: 3(NXDOMAIN) Received 86 bytes from ::1#53 in 0 ms # host www.freebsd.org ;; connection timed out; no servers could be reached Only the first address I'm having name resolution (ec2-sa-east-1.portsnap.freebsd.org). My block IP: 186.193.48.0/20 One could check for any restrictions on our IP block? Thanks and best regards, Gondim ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 194515] Fatal Trap 12 Kernel with vimage
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194515 Craig Rodrigues changed: What|Removed |Added CC||philipp.schmid@openresearch ||.com --- Comment #5 from Craig Rodrigues --- *** Bug 188018 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 194515] Fatal Trap 12 Kernel with vimage
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194515 --- Comment #6 from Craig Rodrigues --- (In reply to Craig Rodrigues from comment #5) > *** Bug 188018 has been marked as a duplicate of this bug. *** Remember to test: pfctl -sr -v -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 194515] Fatal Trap 12 Kernel with vimage
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194515 Craig Rodrigues changed: What|Removed |Added CC||m...@tuupic.org.ru --- Comment #7 from Craig Rodrigues --- *** Bug 143808 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 179264] [vimage] [pf] Core dump with Packet filter and VIMAGE options compile in a kernel
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=179264 Craig Rodrigues changed: What|Removed |Added Status|In Progress |Closed Resolution|--- |DUPLICATE CC||rodr...@freebsd.org --- Comment #3 from Craig Rodrigues --- *** This bug has been marked as a duplicate of bug 194515 *** -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 194515] Fatal Trap 12 Kernel with vimage
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194515 Craig Rodrigues changed: What|Removed |Added CC||titi5...@gmail.com --- Comment #8 from Craig Rodrigues --- *** Bug 179264 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 194515] Fatal Trap 12 Kernel with vimage
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194515 --- Comment #9 from Craig Rodrigues --- (In reply to Craig Rodrigues from comment #8) > *** Bug 179264 has been marked as a duplicate of this bug. *** See also: http://lists.freebsd.org/pipermail/freebsd-virtualization/2013-June/001296.html -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 194515] Fatal Trap 12 Kernel with vimage
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194515 Craig Rodrigues changed: What|Removed |Added CC||pub...@fzwte.net --- Comment #10 from Craig Rodrigues --- *** Bug 161094 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 194515] Fatal Trap 12 Kernel with vimage
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194515 Craig Rodrigues changed: What|Removed |Added CC||m...@wzff.de --- Comment #11 from Craig Rodrigues --- *** Bug 176112 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 194515] Fatal Trap 12 Kernel with vimage
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194515 Craig Rodrigues changed: What|Removed |Added CC||nv...@gmx.com --- Comment #12 from Craig Rodrigues --- *** Bug 160541 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 194515] Fatal Trap 12 Kernel with vimage
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194515 --- Comment #13 from Craig Rodrigues --- *** Bug 160496 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Can DUMMYNET handle weighting of traffic according to firewall rules?
- Menssagem Original - De: "Luigi Rizzo" Para:"Brett Glass" Cópia:"John Nielsen" , "freebsd-net@freebsd.org" Enviado:Sat, 13 Dec 2014 19:15:52 +1100 Assunto:Can DUMMYNET handle weighting of traffic according to firewall rules? On Saturday, December 13, 2014, Brett Glass wrote: > At 10:35 AM 12/12/2014, John Nielsen wrote: > > Is there a reason you can't use a separate pipe for each direction? >> > > We want to limit the total amount of bandwidth consumed, based on the > formula 2U + D track of the sum. > > What I need (and am not sure if DUMMYNET can currently supply) is a pipe > that allows you to feed it a packet and say, "Count this X times toward the > bandwidth limit." > No, as it is now dummynet cannot do what you ask. It would be a one-line change in the kernel, plus the part to handle passing the extra parameter (we could call it "cost") to the queue's configuration. As usual, the UI is 10+ times bigger than the code doing the actual work (though one could rightly blame the existing UI for not being designed for extensibility). Cheers Luigi -- -+--- Prof. Luigi RIZZO, ri...@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL +39-050-2211611 . via Diotisalvi 2 Mobile +39-338-6809875 . 56122 PISA (Italy) -+--- As I understand the problem, there are many ways to do this without actually using any special feature on dummynet. From tagging a traffic twice and feeding both tagged flows to the same pipe, to the easiest and possibily lighter approach of disabling one pass and feeding the traffic twice to the same pipe. I did a simple lazy experiment: # ipfw disable one_pass # ipfw add 1 pipe 1 all from any 22 to me 1 pipe 1 ip from any 22 to me # ipfw add 2 pipe 1 all from any 22 to me 2 pipe 1 ip from any 22 to me # ipfw pipe 1 config bw 256Kbit/s # scp proapps@serveruL800:/tmp/teste.bin /dev/null Password for proapps@serveruL800: teste.bin 0% 976KB 16.4KB/s 3:27:02 ETA ^C Killed by signal 2. So we have 16KB, (*8 = 128Kb, half the pipe configured bw since packets were injected twice). # ipfw delete 2 # scp proapps@serveruL800:/tmp/teste.bin /dev/null Password for proapps@serveruL800: teste.bin 1% 3408KB 31.4KB/s 1:54:00 ETA^CKilled by signal 2. And now you have 31.4M, roughly 256Kbit/s (configured pipe bw). So may you should try something like that: ipfw delete 1-2 ipfw add 1 queue 1 all from any 22 to me ipfw add 2 queue 1 all from any 22 to me ipfw add 3 queue 2 all from me to any 22 ipfw queue 1 config pipe 1 weight 5 ipfw queue 2 config pipe 1 weight 5 ipfw pipe 1 config bw 256Kbit/s ipfw sched 1 config type QFQ # ipfw sched 1 show 1: 256.000 Kbit/s 0 ms burst 0 sched 1 type QFQ flags 0x0 0 buckets 0 active Children flowsets: 2 1 # ipfw queue 1-2 show q1 50 sl. 0 flows (1 buckets) sched 1 weight 5 lmax 1500 pri 0 droptail q2 50 sl. 0 flows (1 buckets) sched 1 weight 5 lmax 1500 pri 0 droptail So there's a single pipe, two flowsets, but flowset 1 is injected twice. Is that what you wanted? -- Patrick Tracanelli - Email sent using ProApps ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 194515] Fatal Trap 12 Kernel with vimage
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194515 Craig Rodrigues changed: What|Removed |Added CC||free...@mosconi.mat.br --- Comment #14 from Craig Rodrigues --- *** Bug 148155 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Differential] [Request, 70 lines] D1309: VIMAGE PF fixes #1
rodrigc created this revision. rodrigc added reviewers: bz, glebius. rodrigc added subscribers: freebsd-net, freebsd-pf, freebsd-virtualization. REVISION SUMMARY Merge: r258322 from projects/pf branch - Split functions that initialize various pf parts into their vimage parts and global parts. - Since global parts appeared to be only mutex initializations, just abandon them and use MTX_SYSINIT() instead. - Kill my incorrect VNET_FOREACH() iterator and instead use correct approach with VNET_SYSINIT(). Submitted by: glebius, Nikos Vassiliadis Reviewed by:trociny TEST PLAN - compiled CURRENT kernel with this patch - booted - created VNET jail - started PF in the jail Eliminated some crashes such as PR 194515 REVISION DETAIL https://reviews.freebsd.org/D1309 AFFECTED FILES sys/net/pfvar.h sys/netpfil/pf/pf.c sys/netpfil/pf/pf_if.c sys/netpfil/pf/pf_ioctl.c sys/netpfil/pf/pf_norm.c To: rodrigc, bz, glebius Cc: freebsd-virtualization, freebsd-pf, freebsd-net ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Differential] [Updated] D1309: VIMAGE PF fixes #1
rodrigc added a reviewer: network. REVISION DETAIL https://reviews.freebsd.org/D1309 To: rodrigc, bz, glebius, np, melifaro, hrs, wollman, bryanv, rpaulo, adrian, gnn, hiren, rwatson Cc: freebsd-virtualization, freebsd-pf, freebsd-net ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Differential] [Updated] D1309: VIMAGE PF fixes #1
rodrigc added a reviewer: trociny. REVISION DETAIL https://reviews.freebsd.org/D1309 To: rodrigc, bz, glebius, np, melifaro, hrs, wollman, bryanv, rpaulo, adrian, gnn, hiren, rwatson, trociny Cc: freebsd-virtualization, freebsd-pf, freebsd-net ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: DNS resolution problem
On Sat, Dec 13, 2014 at 4:26 AM, Marcelo Gondim wrote: > Dear, > > I'm having trouble resolving domain name freebsd.org. The portsnap server > works correctly but the pkg audit -F does not work and can not even access > the site according to the following tests: > > # host ec2-sa-east-1.portsnap.freebsd.org > ec2-sa-east-1.portsnap.freebsd.org has address 177.71.188.240 > > # host vuxml.freebsd.org > Host vuxml.freebsd.org not found: 3(NXDOMAIN) > > # host -a freebsd.org > Trying "freebsd.org" > Trying "freebsd.org.intnet.com.br" > Host freebsd.org not found: 3(NXDOMAIN) > Received 86 bytes from ::1#53 in 0 ms > > # host www.freebsd.org > ;; connection timed out; no servers could be reached > > Only the first address I'm having name resolution (ec2-sa-east-1.portsnap. > freebsd.org). > > My block IP: 186.193.48.0/20 > > One could check for any restrictions on our IP block? > > I think a bit of DNS debugging is in order. I could resolve all of the nodes you listed, but there are some potential issues I see. First, when looking up hostname with host(1), always terminate the name: > host -a freebsd.org. Trying "freebsd.org" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24171 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;freebsd.org.INTYPE255 ;; ANSWER SECTION: freebsd.org.534IN2001:1900:2254:206a::50:0 freebsd.org.534INMX10 mx1.freebsd.org. freebsd.org.534INA8.8.178.110 But "ANY" queries are fuzzy things at best as the first resolver you hit will just return whatever is cached and not try getting an authoritative response. www.freebsd.org and vuxml.freebsd.org are CNAME entries pointing to the same place, 8.8.178.110. This is in FreeBSD's own address space from Yahoo nd is probably in the mail FreeBSD cluster. I was a bit surprised to find that is is an Amazon AWS address, so the portsnap files are actually coming from a totally different place. DNS is provided by ISC-SNS. 72.52.71.1, 38.103.2.1 and 63.243.194.1. Try pinging these. Since BIND, the second oldest and most popular DNS server is written and supported by ISA, I would think that it is well run. Try pinging and tracing to these addresses. All of them are in very dispersed locations on different provider backbones. (Cogent, Hurricane Electric, and ISC, itself. You might try directing queries to each system to see if one fails when other succeed. Use "dig @servr-addr host". -- R. Kevin Oberman, Network Engineer, Retired E-mail: rkober...@gmail.com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Differential] [Request, 46 lines] D1312: VNET PF fixes #2
rodrigc created this revision. rodrigc added reviewers: bz, glebius, trociny. rodrigc added subscribers: freebsd-net, freebsd-virtualization, freebsd-pf. REVISION SUMMARY Virtualize the pfr_ktables variable. Submitted by: Nikos Vassiliadis REVISION DETAIL https://reviews.freebsd.org/D1312 AFFECTED FILES sys/netpfil/pf/pf_table.c To: rodrigc, bz, glebius, trociny Cc: freebsd-pf, freebsd-virtualization, freebsd-net ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Differential] [Updated] D1312: VIMAGE PF fixes #2
rodrigc retitled this revision from "VNET PF fixes #2" to "VIMAGE PF fixes #2". REVISION DETAIL https://reviews.freebsd.org/D1312 To: rodrigc, bz, glebius, trociny Cc: freebsd-pf, freebsd-virtualization, freebsd-net ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Differential] [Request, 26 lines] D1313: VIMAGE PF fixes #3
rodrigc created this revision. rodrigc added reviewers: bz, glebius, trociny, network. rodrigc added subscribers: freebsd-net, freebsd-pf, freebsd-virtualization. REVISION SUMMARY Only register attach/detach event handlers if the current vnet is vnet0. Submitted by: Nikos Vassiliadis REVISION DETAIL https://reviews.freebsd.org/D1313 AFFECTED FILES sys/netpfil/pf/pf_if.c To: rodrigc, bz, glebius, trociny, np, melifaro, hrs, wollman, bryanv, rpaulo, adrian, gnn, hiren, rwatson Cc: freebsd-virtualization, freebsd-pf, freebsd-net ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
