100mhz Wavelab on -current PCI and PCCARD.
Does anyone have wireless experience? I'm off to the US next week and I thought I'd buy some (cheaper) wireless kit whilst I'm out there. I would like to run 100mb wireless (802.11g?) on both my laptop and my home server which I guess means that I'd like a recommendation for both pccard as well as pci. I'm running -current on the laptop and -stable on the server, although this can be upgraded to 5.x if necessary. The server is currently an ethernet bridging firewall (IPFW) and ideally I'd like to be able to filter the wireless segment also. Is it possible to using a wireless card in the machine and be able to filter at a MAC address level? I want a bit of control of the network. Is there a recommended configuration? Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgpS8wo9EiZBX.pgp Description: PGP signature
Re: Wireless support for the Netgear WG311T?
On Sun, Jun 20, 2004 at 02:39:36PM +0100, Josef Karthauser wrote: > Dear wireless geeks, > > The ath manual pages says that we support the Netgear WG311 and the > WG511T, but do we also support the WG311T? (Is the T significant?). > > Many thanks if you know the answer to this question. I should have said that the atheros web site states that the 511T and the 311T use the same chipset, which is the AR5002G, but that the FreeBSD manual page states that the 511T uses the AR5212 chipset and doesn't mention the AR5002G by name at all. Addionally the atheros web site doesn't mention a WG311 card at at all, only a HA311, WAG311 and WG311T. Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgptq2IwTeOu1.pgp Description: PGP signature
Wireless support for the Netgear WG311T?
Dear wireless geeks, The ath manual pages says that we support the Netgear WG311 and the WG511T, but do we also support the WG311T? (Is the T significant?). Many thanks if you know the answer to this question. Regards, Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgpUFOniuVznA.pgp Description: PGP signature
Re: Wireless support for the Netgear WG311T?
On Sun, Jun 20, 2004 at 06:52:05PM +0100, David Malone wrote: > On Sun, Jun 20, 2004 at 02:54:34PM +0100, Josef Karthauser wrote: > > I should have said that the atheros web site states that the 511T and > > the 311T use the same chipset, which is the AR5002G, but that the > > I know someone with a 511T, and it works with the ath driver, I > believe. I also have a WAG511, which also works with the ath driver. > The WG511 and WG311 a non-Atheros chipset and so you'd have to try > project evil. > Is there a bug in the ath manual page then? Netgear WAG311 AR5212PCIa/b/g Netgear WAB501 AR5211CardBusa/b Netgear WAG511 AR5212CardBusa/b/g Netgear WG311AR5212PCIb/g Netgear WG511T AR5212CardBusb/g It clearly says that the WG311 is an atheros chipset. > > FreeBSD manual page states that the 511T uses the AR5212 chipset and > > doesn't mention the AR5002G by name at all. Addionally the atheros web > > site doesn't mention a WG311 card at at all, only a HA311, WAG311 and > > WG311T. > > I think that's 'cos they are a different chipset all together. Hmm, it looks like someone in the know could do with reviewing the ath manual page. Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgpO2PZ4rUZRb.pgp Description: PGP signature
Re: Wireless support for the Netgear WG311T?
On Sun, Jun 20, 2004 at 08:30:04PM +0200, Stefan E?er wrote: > On 2004-06-20 14:54 +0100, Josef Karthauser <[EMAIL PROTECTED]> wrote: > > On Sun, Jun 20, 2004 at 02:39:36PM +0100, Josef Karthauser wrote: > > > The ath manual pages says that we support the Netgear WG311 and the > > > WG511T, but do we also support the WG311T? (Is the T significant?). > > AFAIK, the WG311T and WG511T use an enhanced Atheros chip with > improved S/N ratio. (The Netgear web site talks about improved > antenna technology, but I don't see what's special about that > antenna at all. There used to be a more specific technical data > sheet, which talked about the improved sensitivity and S/N of the > new radio, and I guess that's what actually makes the difference. > I also seem to remember some article on "www.smallnetbuilder.com" > that talked about a new Atheros chip set with increased range back > in September 2003. Hmmm, might have been: In the end I decided to purchase both a WG311T and WG511T to start my wireless network. Hopefully it will work out fine. Thanks to everyone who contributed to enabling me to come to a decision. Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgpKEKgZSKnml.pgp Description: PGP signature
bridging and ipfw under 5.4-RC3.
I'm having a bit of trouble getting ipfw and bridging working under 5.4-RC3. I've just upgraded a 4.11 machine to RELENG_5_4 expecting the preexisting bridging configuration to work, but it doesn't. Or at least it does at boot time and then after a little while bridging just stops altogether. If I kldunload bridge and ipfw and then reload them I can get it working again, but only for a short period. Does anyone else see this too or is it just me? sysctl.conf: net.link.ether.bridge.enable=1 net.link.ether.bridge.ipfw=1 net.link.ether.bridge.config=fxp0,fxp1 rc.conf: firewall_enable="YES" firewall_script="/etc/rc.firewall-ours" firewall_type="ours" (The firewall rules aren't the problem here...) Any ideas how to debug this? Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgpHB8cCxMDMr.pgp Description: PGP signature
Re: bridging and ipfw under 5.4-RC3.
On Mon, May 02, 2005 at 09:04:13PM +0100, Josef Karthauser wrote: > I'm having a bit of trouble getting ipfw and bridging working under > 5.4-RC3. I've just upgraded a 4.11 machine to RELENG_5_4 expecting the > preexisting bridging configuration to work, but it doesn't. Or at least > it does at boot time and then after a little while bridging just stops > altogether. If I kldunload bridge and ipfw and then reload them I can > get it working again, but only for a short period. Does anyone else see > this too or is it just me? Ok, refining the solution slightly. I can fix the problem by doing: # kldunload ipfw && kldload ipfw && /etc/netstart This clears the problem every time. Definitely smells like a bug to me. Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgpY4rVGBQLpw.pgp Description: PGP signature
ipfw broken with bridge under 5.x (5.3 and 5.4)
It appear that ipfw doesn't work with bridge in 5.3 and 5.4. The symptoms are that the bridge stops forwarding packets altogether, for me a few minutes after it is set up. It takes a # net.link.ether.bridge_ipfw=0 && sleep 5 && net.link.ether.bridge_ipfw=1 to get it back up and running, which it does, but only for a few minutes before it stops working again. The five second sleep is sometimes too long, and sometimes not enough time. Would someone in the know be able to help me to trouble shoot it? (I'm scared of ipfw! :). Thanks! Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgputnz89pNwU.pgp Description: PGP signature
Re: ipfw broken with bridge under 5.x (5.3 and 5.4)
On Wed, May 04, 2005 at 06:13:22PM +0100, Gavin Atkinson wrote: > > I believe I am seeing similar problems to you, though uptime for me is > generally measurable in days rather than minutes. I've found that > adding an explicit "allow all from any to any" and then removing it > again seems to get it working. I will test your solution when mine > fails again. > > The comment about arp is an interesting one, I will see what I can find > out. I have however seen situations where (eg) UDP DNS through the > bridge works but web traffic or terminal services etc may not. > > If you want to share firewall rules and other configuration with me > off-list to see if there are any similarities I'd be happy to help. > It appears that the solution is obtained by adding the rule: allow ip from any to any layer2 mac-type arp to the beginning of the firewall list. IPFW2 drops non-IP traffic whereas IPFW1 passes it though. This is the reason why my configuration stopped working after the upgrade. Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgpjE0gMvJzTX.pgp Description: PGP signature
iwi driver: Probes but no association (FreeBSD5.4).
I'm trying to get the iwi driver working on my sony A290 laptop. It's got a BG2200 chipset in it and the driver probes and finds the adapter, but it doesn't appear to work. This is the probe message: iwi0: mem 0xff6fd000-0xff6fdfff irq 7 at device 2.0 on pci2 iwi0: Ethernet address: 00:0e:35:38:1e:14 iwi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps iwi0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps This is the output of ifconfig: iwi0: flags=8802 mtu 1500 inet6 fe80::20e:35ff:fe38:1e14%iwi0 prefixlen 64 scopeid 0x2 ether 00:0e:35:38:1e:14 media: IEEE 802.11 Wireless Ethernet autoselect status: no carrier ssid tao 1:tao channel -1 authmode OPEN powersavemode OFF powersavesleep 100 rtsthreshold 2312 protmode CTS txpower 100 wepmode OFF weptxkey 1 The device says in 'no carrier' mode even though my wireless network is seen by the same device (booting into windows native). The other end is provided by an athalon chipset device in my server: ath0: flags=8843 mtu 1500 inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 ether 00:09:5b:e5:1f:a4 media: IEEE 802.11 Wireless Ethernet autoselect mode 11g status: associated ssid tao 1:tao channel 1 authmode OPEN powersavemode OFF powersavesleep 100 rtsthreshold 2312 protmode CTS wepmode OFF weptxkey 1 wepkey 1:104-bit Have you any ideas as to what to try next? I really fancy me a bit of wireless. Joe. ps I'm running a driver compiled from iwi-freebsd-1.3.4.tgz on Damien Bergamini's website. The machine in question is: FreeBSD XXX 5.4-STABLE FreeBSD 5.4-STABLE #10: Fri Apr 29 10:39:24 -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgpM1D6rk70cI.pgp Description: PGP signature
Re: iwi driver: Probes but no association (FreeBSD5.4).
On Mon, May 23, 2005 at 02:26:42PM -0700, Darren Pilgrim wrote: > > The interface isn't in the UP state. At least with the iwi driver, the NIC > won't associate to the AP until the interface is brought up. Usually this > is done the first time something tries to send a packet (typically > dhclient). You can also make it associate by giving the "up" parameter to > ifconfig. I tried that: genius# ifconfig iwi0 up genius# ifconfig iwi0 iwi0: flags=8802 mtu 1500 inet6 fe80::20e:35ff:fe38:1e14%iwi0 prefixlen 64 scopeid 0x2 ether 00:0e:35:38:1e:14 media: IEEE 802.11 Wireless Ethernet autoselect status: no carrier ssid tao 1:tao channel -1 authmode OPEN powersavemode OFF powersavesleep 100 rtsthreshold 2312 protmode CTS txpower 100 Doesn't make any difference. Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgpKxSz7rYyUv.pgp Description: PGP signature
Re: iwi driver: Probes but no association (FreeBSD5.4).
On Mon, May 23, 2005 at 12:52:36PM +0200, Jeremie Le Hen wrote: > > What is the output of iwicontrol iwi0 -r ? genius# ifconfig iwi0 up genius# /tmp/wireless/iwi-freebsd-1.3.4/src/usr.sbin/iwicontrol/iwicontrol iwi0 -r Radio is ON genius# ifconfig iwi0 iwi0: flags=8802 mtu 1500 inet6 fe80::20e:35ff:fe38:1e14%iwi0 prefixlen 64 scopeid 0x2 ether 00:0e:35:38:1e:14 media: IEEE 802.11 Wireless Ethernet autoselect status: no carrier ssid tao 1:tao channel -1 authmode OPEN powersavemode OFF powersavesleep 100 rtsthreshold 2312 protmode CTS txpower 100 wepmode OFF weptxkey 1 > > ps I'm running a driver compiled from iwi-freebsd-1.3.4.tgz on > > Damien Bergamini's website. The machine in question is: FreeBSD > > XXX 5.4-STABLE FreeBSD 5.4-STABLE #10: Fri Apr 29 10:39:24 > > As far as I can tell, this driver is not longer updated, the developpement > is done in BSD source trees (look at the file modification date). > Any idea how easy it is to port over to 5.x? Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgpyaFkb9IZ0u.pgp Description: PGP signature
Re: iwi driver: Probes but no association (FreeBSD5.4).
On Tue, May 24, 2005 at 09:47:15AM +0200, Jeremie Le Hen wrote: > > > > Any idea how easy it is to port over to 5.x? > > I think it's mostly impossible as the iwi(4) should be using the new > Sam Leffler's net80211 framework which is not going to be MFC'd to > RELENG_5. I believe you should definitely try -CURRENT. > I tried a couple of months ago to get it running using the ndis driver and although it was correctly probes it didn't work there either. Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgpjk4BCXAT3M.pgp Description: PGP signature
Re: HEADSUP! New netgraph code coming
On Fri, Jan 12, 2001 at 06:41:12AM -0800, Julian Elischer wrote: > Jun Kuriyama wrote: > > > > Hi Julian, > > > > I tried netgraph for the first time to work with latest vmware2 port. > > > > When I try to load netgraph kernel module, it failed with: > > > > # kldload ng_bridge > > kldload: can't load ng_bridge: Exec format error > > something is terribly broken with the kld loading at the moment. > netgraph actually tries to load modules it needs but it hasn't been > able to for some months. Also kldload ca SEE what the dependency is > so the module is telling it correctly, just the kernel is failing > to load the dependency.. I don't think this is Netgraph's fault. > we haven;t changed anything.. it just stopped working one day. It was broken for me last week - but upon testing yesterday it appeared to work again: genius# uname -a FreeBSD genius.tao.org.uk 5.0-CURRENT FreeBSD 5.0-CURRENT #12: Thu Jan 11 15:32:11 GMT 2001 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENIUS i386 genius# kldload /boot/kernel/ng_bridge.ko genius# kldstat Id Refs AddressSize Name 1 13 0xc010 2c90f0 kernel 21 0xc144c000 7000 linprocfs.ko 33 0xc1454000 12000linux.ko 41 0xc14b9000 3000 daemon_saver.ko 51 0xc0a7c000 2000 rtc.ko 61 0xc0a86000 9000 vmmon_up.ko 71 0xc0a92000 4000 if_tap.ko 81 0xc1adb000 5000 ng_bridge.ko 91 0xc1ae1000 4000 ng_ether.ko Joe To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: GRE tunnel ipv6 aware?
On Mon, Jan 22, 2001 at 01:52:39AM -0300, [EMAIL PROTECTED] wrote: > ¡Hola! > > I need to set a GRE tunnel to send ipv6 traffic. Can I with fbsd? > > I've tried with gre-tun, but it says that ipv6 socket family isn't > supported. > Does it need to be GRE? If you're happy using IP-ENCAP instead then check out the gif(4) man page. Joe PGP signature
Re: BRIDGE breaks ARP? (more info)
On Mon, Feb 05, 2001 at 01:53:12PM -0800, Luigi Rizzo wrote: > > If people wonders what is this "cluster-id" -- that code comes > from some unreleased code that i wrote in 2.2.x times > which makes FreeBSD work as a VLAN bridge. > So the cluster-id is essentially the VLAN-ID, and the > special ID 0 corresponds to a "trunk" (where essentially > all traffic goes prefixed with the VLAN header). > Talking about trunks and VLANs, I've got some code for implementing ISL, but no ISL switches to hand anymore, if anyone's interested? Joe PGP signature
Re: BRIDGE breaks ARP? (more info)
On Mon, Feb 05, 2001 at 04:34:50PM -0800, Luigi Rizzo wrote: > > > If people wonders what is this "cluster-id" -- that code comes > > > from some unreleased code that i wrote in 2.2.x times > > > which makes FreeBSD work as a VLAN bridge. > .. > > Talking about trunks and VLANs, I've got some code for implementing ISL, > > but no ISL switches to hand anymore, if anyone's interested? > > for the ignorants (like me), what does ISL mean ? It's Cisco's precursor to 802.1q trunking. It stands for something like Inter-Switch Link. It's a jumbo ether packet with a vlan/color header encapsulating the original ether frame. Lots of small older Cisco switches have it. We could plug a FreeBSD box into, say, a c1924 and have 24 virtual interfaces from the router, each on its own vlan. :) Joe PGP signature
Re: Quick question about IP aliasing
On Tue, Feb 27, 2001 at 07:16:14AM +0100, Rogier R. Mulhuijzen wrote: > > >The point is that you need to use a netmask of 255.255.255.255 for aliased > >IPs on FreeBSD, regardless of the alias of the primary (non-alias) IP. > > Everybody is saying use 255.255.255.255 for an alias. Noone is giving > reasons why. I don't understand this either. To my mind it's a bug if it doesn't work with the full netmask for an IP alias address. Joe PGP signature
Stat counters for interfaces.
A few months ago I added a struct if_data to struct ifaddr for keeping stats on a per interface address basis. Not all protocols current use this though, and not all values are meaningful. What I'd like to do is preload the members that aren't being used with -1, and then detect this in 'netstat -in' and print '-' instead of '0'. Does this make sense, or is it a hack :) ? The members of this structure carrying statistics are currently u_long, and so maybe I should use ULONG_MAX instead? Any opinions? Joe PGP signature
Re: A few nasty bugs in the networking code
On Tue, Mar 20, 2001 at 01:04:48AM +0100, Luigi Rizzo wrote: > > Actually, I think quoting PR#s is a more than acceptable way of > > pointing things out. They're very easy to look up for anyone (and > > committers get the extra advantage of using query-pr on freefall) and > > IF you have connectivity while you are reading, which is my whole > point. The one big advantage of mailing lists over news or web > access is that you can download your emails and browse through it > offline. Why not cvsup the gnats distribution? It's only 178mb - you'll always have it local then :) genius% du -s /home/gnats 178456 /home/gnats I do it just in case I need access to a PR. It's come in handy having it lying around. Joe PGP signature
Re: netstat(1) bug in per-address packet counts?
On Thu, Mar 29, 2001 at 04:59:17AM +0900, Hajimu UMEMOTO wrote: > > On Tue, 20 Mar 2001 09:30:47 -0800 > > Bruce A. Mah <[EMAIL PROTECTED]> said: > > bmah> I was playing around with netstat(1) on a recent RELENG_4 machine, and > bmah> noticed something odd. Apparently, the input packet counter for the > bmah> IPv6 loopback address never gets incremented (even after some pings, > bmah> the input packet count on lo0 is still 0): > > I received the patch and just committed it. Thanks both of you for working on this. I've not got an ipv6 test rig so I probably didn't test it sufficiently in the first instance. Thanks, Joe PGP signature
Re: Patch to allow disabling logging of arp movements through sysctl
You should really send this to [EMAIL PROTECTED] (Cc'd). Filing a -PR is a good
thing too, as you can always refer to the -PR number in any mail to the
list.
Joe
On Mon, Sep 03, 2001 at 03:43:41PM -0600, Stephen Hurd wrote:
> I've had a problem with my DSL connection for some time now, the bridging they
> use appears to forward arp responses AND respond to arp requests. This ends up
> filling my log with:
>
> Sep 3 15:17:57 tw2 /kernel: arp: 216.13.207.2 moved from 00:06:29:d5:04:c7 to
> 00:10:b5:4f:d1:1a on rl0
> Sep 3 15:17:57 tw2 /kernel: arp: 216.13.207.2 moved from 00:10:b5:4f:d1:1a to
> 00:06:29:d5:04:c7 on rl0
>
> I've dug around on the list archives, and it looks like I'm not the first person
> to get annoyed at this, but I haven't found a solution. So, I've finally gotten
> so annoyed at my huge logs that I broke down and added the following patch to
> add the sysctl variable net.link.ether.inet.log_arp_movements
>
> Is this the "right place" to send the patch or should I file a PR?
>
> --- /usr/src/sys/netinet/if_ether.c.old Mon Sep 3 14:26:38 2001
> +++ /usr/src/sys/netinet/if_ether.c Mon Sep 3 15:13:08 2001
> @@ -497,10 +497,15 @@
> * but formerly didn't normally send requests.
> */
> static int log_arp_wrong_iface = 1;
> +static int log_arp_movements = 1;
>
> SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_wrong_iface, CTLFLAG_RW,
> &log_arp_wrong_iface, 0,
> "log arp packets arriving on the wrong interface");
> +SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_movements, CTLFLAG_RW,
> +&log_arp_movements, 0,
> +"log arp replies from MACs different the the one in the cache");
> +
>
> static void
> in_arpinput(m)
> @@ -586,12 +591,13 @@
> }
> if (sdl->sdl_alen &&
> bcmp((caddr_t)ea->arp_sha, LLADDR(sdl), sdl->sdl_alen)) {
> - if (rt->rt_expire)
> - log(LOG_INFO, "arp: %s moved from %6D to %6D on %s%d\n",
> - inet_ntoa(isaddr), (u_char *)LLADDR(sdl), ":",
> - ea->arp_sha, ":",
> - ac->ac_if.if_name, ac->ac_if.if_unit);
> - else {
> + if (rt->rt_expire) {
> + if (log_arp_movements)
> + log(LOG_INFO, "arp: %s moved from %6D to %6D on
>%s%d\n",
> + inet_ntoa(isaddr), (u_char *)LLADDR(sdl), ":",
> + ea->arp_sha, ":",
> + ac->ac_if.if_name, ac->ac_if.if_unit);
> + } else {
> log(LOG_ERR,
> "arp: %6D attempts to modify permanent entry for %s on
>%s%d\n",
> ea->arp_sha, ":", inet_ntoa(isaddr),
>
>
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-hackers" in the body of the message
PGP signature
Re: Final Request for Review
On Wed, Sep 12, 2001 at 12:16:56PM -0300, Daniel C. Sobral wrote: > Now that 4.4 is almost out, I'd like people to test > http://people.freebsd.org/~dcs/ip_output.c.diff for merge to stable > something like a week after 4.4 is out. > > The patch makes the IP stack capable of sending multicast packets out > application-selected interfaces in the absence of a default route (or a > multicast route). If the interface has no IP assigned, the packet goes > out with address 0.0.0.0. All this is in conformance with the multicast > RFC, and would bring our behavior in sync with other unices out there > (though other BSDs still don't allow this, it seems). > > It has been working on current for a few weeks now (releases 1.128 > through 1.131, iirc -- there may have been an additional release before > we got it right). Excellent work Daniel. This should fix zebra's OSPF handling. :) Joe PGP signature
Re: PXE boot vs. DHCP
On Wed, Oct 24, 2001 at 08:13:52AM -0700, John Polstra wrote: > Not quite. It's not the "PXE level," it's the normal operating state > of the system. The only difference is that it was booted with PXE > instead of by some other means. PXE booting is being used more and > more at large installations. My change addresses a common situation > which is becoming more common all the time. > > Shouldn't the standard dhclient installation function properly, > regardless of how the system was booted? I think it should. > > Also, I don't feel that my patch is a hack. The entire purpose of > dhclient's PREINIT phase is to put the network interface into an > enabled state so that IP packets can be sent. If the interface is > already up, then it is already in that state. By failing to check the > interface first, the current dhclient-script needlessly destroys its > configuration and hangs the system. That is a bug, and my patch fixes > it. Hear hear. Joe PGP signature
Re: Does 4.4 FreeBSD kernel supports TCP simultaneous open?
On Thu, Nov 29, 2001 at 03:03:04PM +0800, ¼B¾JÂ× wrote: > Thanks...I know where my problem is now...It's indeed a duplicate SYN. > > By the way, the tcp_input function is so long and large and there are > several goto statements which make reading the code even more difficult. Is > this intened to be like this? Even with Steven's TCP/IP Vol.2, it took me > three whole days to draw a Visio flow chart of this function. Has anybody > ever considered of reorganizing this module? Any chance that you could release the chart as a graphic to the community? I'd be interested to see that. Joe msg04168/pgp0.pgp Description: PGP signature
Re: Is there a way to clear stats from netstat -i
Hi Ruslan, You've been near this code recently. Do you have any suggestions for how this may work? Joe On Tue, Dec 11, 2001 at 12:35:04PM +0800, Yusuf Goolamabbas wrote: > 4.4-stable box > > netstat -i shows the number of packets and number of errors > sent/received via the IPkt/Ierrs/Opkts/Oerrs fields. I would like to see > if changing network cables and reset those fields shows reduction in the > Ierrs/Oerrs field > > Is there a way to clear those flags > > netstat -sz doesn't seem to clear those flags and whilst netstat -iz > doesn't barf on me even though the man page doesn't seem to indicate > that this is a valid option > > Regards, Yusuf > -- > Yusuf Goolamabbas > [EMAIL PROTECTED] > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message msg04505/pgp0.pgp Description: PGP signature
Re: Is there a way to clear stats from netstat -i
On Thu, Dec 20, 2001 at 03:10:38PM +0200, Ruslan Ermilov wrote: > On Wed, Dec 19, 2001 at 06:21:39PM +0000, Josef Karthauser wrote: > > Hi Ruslan, > > > > You've been near this code recently. Do you have any suggestions for > > how this may work? > > > This would require a new SIOCCIFDATA ioctl in group 'i'. What's group 'i'? Joe msg04590/pgp0.pgp Description: PGP signature
Re: zebra OSPF + redistributing static
On Thu, Jan 03, 2002 at 10:54:37AM +0200, Girnet Vladimir wrote: > Hi > > I use zebra OSPFD to connect to my OSPF network. The router have 4 ethernet > adapters, with diferrent subnets on them. > Only one interface is connected to ospf network. So, I use "redistribute > connected" option in ospf. > > I have such strange situation: Routes, that are distributed with > "redistribute connected" are recalculated on other OSPF routers in the same > area every minute. Hiya Vladimir, You should ask this question on the zebra mailing list. Take a stroll over to their web site (http://www.zebra.org) for its address. Joe msg04617/pgp0.pgp Description: PGP signature
Re: Is there a way to clear stats from netstat -i
On Wed, Jan 09, 2002 at 02:29:32PM +0200, Ruslan Ermilov wrote: > On Fri, Dec 28, 2001 at 01:30:44PM +0000, Josef Karthauser wrote: > > On Thu, Dec 20, 2001 at 03:10:38PM +0200, Ruslan Ermilov wrote: > > > On Wed, Dec 19, 2001 at 06:21:39PM +, Josef Karthauser wrote: > > > > Hi Ruslan, > > > > > > > > You've been near this code recently. Do you have any suggestions for > > > > how this may work? > > > > > > > This would require a new SIOCCIFDATA ioctl in group 'i'. > > > > What's group 'i'? > > > _IO*()'s macro first argument. See for details. > 's' refers to socket level ioctls, 'r' to routing ioctls, and > 'i' to interface ioctls. Ahha! :) Ignore my last email. I'll digest this first ;) Thanks, Joe msg04666/pgp0.pgp Description: PGP signature
Re: Freebsd REL_ENG 4.3 p28 freezes every 30 minutes.
On Mon, Mar 18, 2002 at 02:19:32PM -0800, W Alexander Hagen wrote: > > Re: Freebsd REL_ENG 4.3 p28 freezes every 30 minutes. What's REL_ENG 4.3 p28? Have you tried upgrading to the RELENG_4 branch in our cvs repository? We're currently up to RELENG_4_5_0_RELEASE, which was the last release. You look like you're running something based on 4.3. Joe msg05385/pgp0.pgp Description: PGP signature
Re: Freebsd REL_ENG 4.3 p28 freezes every 30 minutes.
On Mon, Mar 18, 2002 at 02:53:13PM -0800, W Alexander Hagen wrote: > > Well and good. p28 is the cvsup revision level. My question is how > do I find out what is causing the system to crash. The revision level of what? Every file has it's own revision level, and there isn't a global revision number for the whole system. How are you getting the p28 number? > Are there any good articles on this ? should I turn everythinh to > max log and verbose output ? can I monitor the system ? And can all > this be done in an eight hour period of time ? > I like to understand the problem, before upgrading out of it. This > is the 28th patch of REL ENG 4.3 after all. It should be very stable. 4.3 is two whole major releases ago. You should be running 4.5, which you can get by cvsuping using the tag RELENG_4_5_0_RELEASE, or the tag RELENG_4 if you wish to be at the head of developments on the -stable branch. Joe msg05387/pgp0.pgp Description: PGP signature
Re: Freebsd REL_ENG 4.3 p28 freezes every 30 minutes.
On Tue, Mar 19, 2002 at 10:51:09AM -0800, W Alexander Hagen wrote: > > The problem only occurs during large file transfers. This box has 10 10/100 cards >and is acting as a router. > Are there any sysctl parameters that I should look at to optimize operation as a >router ? Optimization or not the machine shouldn't be crashing. Please follow the advice below so that you can catch some debug info when it next happens. Joe > Mike Silbersack <[EMAIL PROTECTED]> wrote: > On Mon, 18 Mar 2002, W Alexander Hagen wrote: > > > > > How do I find out how to run the box so it outputs the errant code line > > when it crashes ? Is there a good faq ? > > Check out: > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/kerneldebug.html > > Part 16.4, "On-Line Kernel Debugging Using DDB" is what you should > probably focus on. > > Once you compile DDB into the kernel, it should throw you into DDB > whenever a system crash occurs. If the system seems to crash, but does > not throw you into DDB, you can then try ctrl-alt-esc to manually enter > it. In either case, you can then run "trace" to get a backtrace of where > the problem occured. From that, we should be able to help you. > > If you can't even break into DDB whenever your computer crashes, then > something is seriously wrong, _probably_ bad hardware of some sort. > > Mike "Silby" Silbersack msg05409/pgp0.pgp Description: PGP signature
Re: Linksys USB100M ... usbd.conf help needed.
On Sat, Jul 06, 2002 at 03:17:28PM -0700, Patrick Thomas wrote:
>
> I have just purchased a Linksys USB100M - it is a very small key-style USB
> NIC. I am running 5.0-DP1. I have all of the USB items except for the
> removable disk device compiled into my kernel - I also have the three
> aue/cue/kue options compiled into the kernel.
>
> I put the device in and got this message on the console:
>
> Jul 6 15:06:49 hostname kernel: ugen0: Linksys Linksys USB LAN Adapter,
> rev 1.10/1.00, addr 2
>
> Then I ran `usbdevs -v`:
>
> Controller /dev/usb0:
> addr 1: self powered, config 1, UHCI root hub(0x), Intel(0x), rev
> 1.00 port 1 addr 2: full speed, power 120 mA, config 1, Linksys USB LAN
> Adapter(0x8150), Linksys(0x0bda), rev 1.00
> port 2 powered
Let's assume for a minute that it's an aue device (are all LinkSys').
Try applying the attached patch file to /sys/dev/usb/if_aue.c and
recompiling the kernel. Do you get an aue0 attaching now when you plug
the adapter in, and does it work?
Joe
Index: if_aue.c
===
RCS file: /home/ncvs/src/sys/dev/usb/if_aue.c,v
retrieving revision 1.60
diff -u -r1.60 if_aue.c
--- if_aue.c27 May 2002 00:00:48 - 1.60
+++ if_aue.c7 Jul 2002 10:50:21 -
@@ -151,6 +151,7 @@
{{ USB_VENDOR_IODATA, USB_PRODUCT_IODATA_USBETTX}, 0 },
{{ USB_VENDOR_IODATA, USB_PRODUCT_IODATA_USBETTXS}, PII },
{{ USB_VENDOR_KINGSTON, USB_PRODUCT_KINGSTON_KNU101TX}, 0 },
+ {{ USB_VENDOR_LINKSYS,0x8150 }, LSYS },
{{ USB_VENDOR_LINKSYS,USB_PRODUCT_LINKSYS_USB10TX1},LSYS|PII },
{{ USB_VENDOR_LINKSYS,USB_PRODUCT_LINKSYS_USB10T}, LSYS },
{{ USB_VENDOR_LINKSYS,USB_PRODUCT_LINKSYS_USB100TX},LSYS },
Re: Bluetooth stack for FreeBSD
On Tue, Oct 01, 2002 at 09:42:08AM -0700, Maksim Yevmenkin wrote: > Hello Julian, > > Sorry to bug you, but are you still interested in this? Not sure if you > were following but the latest snapshot (2002/09/22) is available for download > at http://www.geocities.com/m_evmenkin/ > > I asking because you are the only person who has some interest and actually > looked at the code. Also NetBSD folks (Lennart Augustsson) seem to work on > Bluetooth too. Is it better for FreeBSD to wait until NetBSD stack is done > and then port it back? > I've not taken a look at the blue tooth stuff in NetBSD, but if you're working in this area you ought to take a look at their code yourself to see how far they've got. Joe -- "As far as the laws of mathematics refer to reality, they are not certain; and as far as they are certain, they do not refer to reality." - Albert Einstein, 1921 msg06900/pgp0.pgp Description: PGP signature
Crashes with aue0 and FBSD-6.X
Hi folks, I've just upgraded a box from 5 to 6 and am having all sorts of woes with the aue interface. (SHORT_TRANSFERS followed by panic). Anyone know who to speak to about aue problems with RELENG_6? Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgp3qpp7JjnLv.pgp Description: PGP signature
Problems with ath under FreeBSD-6x
Hi Sam (and [EMAIL PROTECTED] list), I was wondering if you could help me. I've upgraded a server from FreeBSD-5x to FreeBSD-6x and since the upgrade I cannot get my ath interface to work. Everything is consistant with network packets not being forwarded through the wireless interface. Here's my config: FreeBSD x 6.0-STABLE FreeBSD 6.0-STABLE #59: Sat Jan 7 00:53:43 GMT 2006 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/X i386 And boot time device probe: ath0: mem 0xf420-0xf420 irq 23 at device 7.0 on pci2 ath0: Ethernet address: 00:09:5b:e5:1f:a4 ath0: mac 5.6 phy 4.1 radio 1.7 /etc/rc.conf: ifconfig_ath0="ssid tao mode 11g mediaopt hostap wepmode on wepkey 0x11" x# ifconfig ath0 ath0: flags=8843 mtu 1500 inet6 fe80::209:5bff:fee5:1fa4%ath0 prefixlen 64 scopeid 0x1 inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 ether 00:09:5b:e5:1f:a4 media: IEEE 802.11 Wireless Ethernet autoselect mode 11g status: associated ssid tao channel 2 bssid 00:09:5b:e5:1f:a4 authmode OPEN privacy ON deftxkey UNDEF wepkey 1:40-bit txpowmax 30 protmode CTS burst dtimperiod 1 bintval 100 And the kernel config: # Wireless NIC cards device ath device ath_hal device ath_rate_sample #device ath_rate_onoe device wlan# 802.11 support device wlan_wep #device wlan_tkip #device wlan_ccmp #device wlan_acl On FreeBSD 5.x I had it working with ath_rate_onoe, but I switched to ath_rate_sample under FreeBSD 6.x as that's what the manual page said I should do. Now what happens is as follows. I've got a windows PC with a wireless card in that always used to work. It sees the 'tao' wireless segment and appears to negotiate the WEP stuff. If I give it 10.0.0.2 (the FreeBSD box is on 10.0.0.1) and ping I can see traffic arriving at the FreeBSD box with tcpdump. On the FreeBSD box I get an arp entry for the windows PC: x# arp -a ? (10.0.0.1) at 00:09:5b:e5:1f:a4 on ath0 permanent [ethernet] ? (10.0.0.2) at 00:90:4b:77:cc:a2 on ath0 [ethernet] and I see arp requests from the PC with tcpdump: x# tcpdump -n -i ath0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ath0, link-type EN10MB (Ethernet), capture size 96 bytes 13:56:07.095607 arp who-has 10.0.0.1 tell 10.0.0.2 13:56:07.095636 arp who-has 10.0.0.1 tell 10.0.0.2 13:56:07.095771 arp reply 10.0.0.1 is-at 00:09:5b:e5:1f:a4 13:56:12.437757 arp who-has 10.0.0.1 tell 10.0.0.2 13:56:12.437783 arp who-has 10.0.0.1 tell 10.0.0.2 13:56:12.437902 arp reply 10.0.0.1 is-at 00:09:5b:e5:1f:a4 but the windows PC never gets an ARP entry for the FreeBSD box. That's what's happening. Could it be that no network packets are forwarded over the wireless from the FreeBSD side? Oh, yes, I'm also running IPFW, but that shouldn't be the problem: X# ipfw show | head -4 1 34133606 allow ip from 10.0.0.0/24 to 10.0.0.0/24 00100 44460 5358720 allow ip from any to any via lo0 00200 00 deny ip from any to 127.0.0.0/8 01000 21043 967978 allow ip from any to any layer2 mac-type 0x0806 and: X# sysctl -a | grep ipfw net.link.ether.ipfw: 0 net.link.ether.bridge.ipfw: 1 net.link.ether.bridge.ipfw_drop: 0 net.link.ether.bridge.ipfw_collisions: 0 net.link.ether.bridge_ipfw: 1 net.link.bridge.ipfw: 0 Is this to be expected and I've just not got it configured correctly, or is there a genuine bug here? Many thanks, Joe pgpeM0cQRsQ5l.pgp Description: PGP signature
Re: Problems with ath under FreeBSD-6x
On Sat, Jan 14, 2006 at 02:03:04PM +, Josef Karthauser wrote:
> x# ifconfig ath0
> ath0: flags=8843 mtu 1500
> inet6 fe80::209:5bff:fee5:1fa4%ath0 prefixlen 64 scopeid 0x1
> inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255
> ether 00:09:5b:e5:1f:a4
> media: IEEE 802.11 Wireless Ethernet autoselect mode 11g
> status: associated
> ssid tao channel 2 bssid 00:09:5b:e5:1f:a4
> authmode OPEN privacy ON deftxkey UNDEF wepkey 1:40-bit txpowmax 30
> protmode CTS burst dtimperiod 1 bintval 100
Problem solved. Ian Dowse pointed me in the right direction. What I
need under 6 that I didn't need under 5 is:
ifconfig ath0 weptxkey 1
Joe
--
Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/
FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/
Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/
An eclectic mix of fact and theory. =
pgpTUsOqxUXjT.pgp
Description: PGP signature
Default gateway - wrong interface. !
Hey guys, I'm guessing that this is a bug (or feature!). I've got a machine with a wlan interface (iwi0), with an ipv4 network address and a default gateway. I also have an ethernet card in the same machine (em0) with the same IP address. The idea is that I can bring the wireless down, and the wired interface up to get fast transfers when approriate, and be wireless the rest of the time. That works fine, apart from the default gateway: # ifconfig iwi0 down # ifconfig em0 up # arp -ad # netstat -rn Internet: DestinationGatewayFlagsRefs Use Netif Expire default87.74.4.33 UGS 0 123 iwi0 87.74.4.32/27 link#3 UC 00em0 87.74.4.33 00:90:d0:02:3f:16 UHLW21em0 87.74.4.34 00:d0:b7:88:c8:20 UHLW1 1191414em0 127.0.0.1 127.0.0.1 UH 02lo0 Notice, the local subnet is off the em0, but the default route is still wired off the iwi0. # route delete default # route add default 87.74.4.33 # netstat -rn Internet: DestinationGatewayFlagsRefs Use Netif Expire default87.74.4.33 UGS 0 123 iwi0 87.74.4.32/27 link#3 UC 00em0 87.74.4.33 00:90:d0:02:3f:16 UHLW21em0 87.74.4.34 00:d0:b7:88:c8:20 UHLW1 1191414em0 127.0.0.1 127.0.0.1 UH 02lo0 The default route is _still_ off iwi0; but should be off em0. There's obviously something dumb doing on here. Why does the default route have to be nailed to an interface? It's clear that 87.74.4.33 is available from em0 as far as the routing table is concerned. Joe pgp4zq78oRunt.pgp Description: PGP signature
Re: Default gateway - wrong interface. !
On Sun, Feb 26, 2006 at 01:27:56PM +0300, Gleb Smirnoff wrote: > On Sun, Feb 19, 2006 at 03:14:35PM +0000, Josef Karthauser wrote: > J> I'm guessing that this is a bug (or feature!). > > This is not a bug, nor a feature. This is a feature, that hasn't > been implemented to the end. > > Historically, the routes in kernel were static. And they are static > now. Historically, BSD won't permit you to install same IP addresses, > or even addresses in the same subnet, on different interfaces. Now, > FreeBSD permits addresses in the same subnet. But route entries are > still static, and aren't reconfigring when an interface changes its > flags. I expected it was something like that, but I thought I'd still make a little noise about it in case someone was right on the verge of having it fixed :). Joe p.s. have you seen kern/93305? It looks like my em0 still has a few problems. Would you mind taking a look? -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgphurtlWTUjN.pgp Description: PGP signature
Laptop panics, related to networking after resume. (kern/94380)
Hi guys, I wonder whether I might bring this ticket to someone's notice? 6.x is currently broken with respect to suspend/resume and networking (at least on my sony laptop), where it wasn't a few months ago. Thanks :) Joe - Forwarded message from [EMAIL PROTECTED] - Date: Sun, 12 Mar 2006 09:41:00 GMT To: Josef Karthauser <[EMAIL PROTECTED]> From: [EMAIL PROTECTED] Subject: Re: kern/94380: Laptop panics, related to networking after resume. Reply-To: [EMAIL PROTECTED], [EMAIL PROTECTED] Thank you very much for your problem report. It has the internal identification `kern/94380'. The individual assigned to look at your report is: freebsd-bugs. You can access the state of your problem report at any time via this link: http://www.freebsd.org/cgi/query-pr.cgi?pr=94380 >Category: kern >Responsible:freebsd-bugs >Synopsis: Laptop panics, related to networking after resume. >Arrival-Date: Sun Mar 12 09:41:00 GMT 2006 - End forwarded message - -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgpi3UXbDCJtW.pgp Description: PGP signature
Problems - page fault in kernel, whilst running dhclient
Hi guys,
My laptop is running:
6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #30: Thu Mar 23 09:04:30 GMT 2006
Recently something went belly up, and now when I run 'dhclient em0' on
the primary interface after a 'acpiconf -s 3' / resume cycle the machine
panics.
Here's the backtrace:
(kgdb) bt
#0 doadump () at pcpu.h:165
#1 0xc052b7b0 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
#2 0xc052ba5b in panic (fmt=0xc066a469 "%s")
at /usr/src/sys/kern/kern_shutdown.c:555
#3 0xc0642ac6 in trap_fatal (frame=0xf5083ad4, eva=3735929055)
at /usr/src/sys/i386/i386/trap.c:836
#4 0xc06427f7 in trap_pfault (frame=0xf5083ad4, usermode=0, eva=3735929055)
at /usr/src/sys/i386/i386/trap.c:744
#5 0xc0642441 in trap (frame=
{tf_fs = -1067909112, tf_es = -993329112, tf_ds = -991428568,
tf_edi = -184009872, tf_esi = -559038242, tf_ebp = -184009924, tf_isp =
-184009984, tf_ebx = -184009872, tf_edx = 0, tf_ecx = 0, tf_eax =
-559038242, tf_trapno = 12, tf_err = 0, tf_eip = -1067871110, tf_cs =
32, tf_eflags = 66198, tf_esp = -991386368, tf_ss = -993285120}) at
/usr/src/sys/i386/i386/trap.c:434
#6 0xc0631d7a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7 0xc059947a in rtrequest1 (req=1, info=0xf5083b70, ret_nrt=0xf5083b64)
at /usr/src/sys/net/route.c:659
#8 0xc059a277 in rtinit (ifa=0xc4ee8900, cmd=1, flags=1)
at /usr/src/sys/net/route.c:1191
#9 0xc05b189d in in_addprefix (target=0xc4ee8900, flags=1)
at /usr/src/sys/netinet/in.c:842
#10 0xc05b17c9 in in_ifinit (ifp=0xc4cbac00, ia=0xc4ee8900, sin=0x0, scrub=0)
at /usr/src/sys/netinet/in.c:769
#11 0xc05b0b8a in in_control (so=0xc4eee42c, cmd=1, data=0xc4d59880 "em0",
ifp=0xc4cbac00, td=0xc4bd8c00) at /usr/src/sys/netinet/in.c:439
#12 0xc0591737 in ifioctl (so=0xc4eee42c, cmd=2151704858,
data=0xc4d59880 "em0", td=0xc4bd8c00) at /usr/src/sys/net/if.c:1568
#13 0xc0554053 in soo_ioctl (fp=0xdeadc0de, cmd=2151704858, data=0xc4d59880,
active_cred=0xc4a9cd80, td=0xc4bd8c00)
at /usr/src/sys/kern/sys_socket.c:214
#14 0xc054ee18 in ioctl (td=0xc4bd8c00, uap=0xf5083d04) at file.h:258
#15 0xc0642d53 in syscall (frame=
{tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 134574016, tf_esi =
134582976, tf_ebp = -1077940728, tf_isp = -184009372, tf_ebx =
-2143262438, tf_edx = 134585692, tf_ecx = 134574016, tf_eax = 54,
tf_trapno = 12, tf_err = 2, tf_eip = 671900563, tf_cs = 51, tf_eflags =
646, tf_esp = -1077942852, tf_ss = 59})
at /usr/src/sys/i386/i386/trap.c:981
#16 0xc0631dcf in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200
#17 0x0033 in ?? ()
Looking at the trap frame and a few above I see this:
At #7:
(kgdb) up
#7 0xc059947a in rtrequest1 (req=1, info=0xf5083b70, ret_nrt=0xf5083b64) at
/usr/src/sys/net/route.c:659
659 rnh = rt_tables[dst->sa_family];
Current language: auto; currently c
(kgdb) print *info
$3 = {rti_addrs = 0, rti_info = {0xdeadc0de, 0xdeadc0de, 0xdeadc0de, 0x0, 0x0,
0x0, 0x0, 0x0}, rti_flags = 49631, rti_ifa = 0xc4ee8900, rti_ifp = 0x0}
(kgdb) print *ret_nrt
$5 = (struct rtentry *) 0x0
Hmm, that's a lot of deadc0de!
Here too:
(kgdb) print *info->rti_ifa
$7 = {ifa_addr = 0xdeadc0de, ifa_dstaddr = 0xdeadc0de,
ifa_netmask = 0xdeadc0de, if_data = {ifi_type = 222 '?',
ifi_physical = 192 '?', ifi_addrlen = 173 '?', ifi_hdrlen = 222 '?',
ifi_link_state = 222 '?', ifi_recvquota = 192 '?',
ifi_xmitquota = 173 '?', ifi_datalen = 222 '?', ifi_mtu = 3735929054,
ifi_metric = 3735929054, ifi_baudrate = 3735929054,
ifi_ipackets = 3735929054, ifi_ierrors = 3735929054,
ifi_opackets = 3735929054, ifi_oerrors = 3735929054,
ifi_collisions = 3735929054, ifi_ibytes = 3735929054,
ifi_obytes = 3735929054, ifi_imcasts = 3735929054,
ifi_omcasts = 3735929054, ifi_iqdrops = 3735929054,
ifi_noproto = 3735929054, ifi_hwassist = 3735929054,
ifi_epoch = -559038242, ifi_lastchange = {tv_sec = -559038242,
tv_usec = -559038242}}, ifa_ifp = 0xdeadc0de, ifa_link = {
tqe_next = 0xdeadc0de, tqe_prev = 0xdeadc0de},
ifa_rtrequest = 0xc05ae384 , ifa_flags = 49630,
ifa_refcnt = 3735929054, ifa_metric = 0, ifa_claim_addr = 0xdeadc0de,
ifa_mtx = {mtx_object = {lo_class = 0xdeadc0de,
lo_name = 0xdeadc0de ,
lo_type = 0xdeadc0de ,
lo_flags = 3735929054, lo_list = {tqe_next = 0xdeadc0de,
tqe_prev = 0xdeadc0de}, lo_witness = 0xdeadc0de},
mtx_lock = 3735929054, mtx_recurse = 3735929054}}
Working up the stack:
(kgdb) up
#8 0xc059a277 in rtinit (ifa=0xc4ee8900, cmd=1, flags=1)
at /usr/src/sys/net/route.c:1191
1191error = rtrequest1(cmd, &info, &rt);
(kgdb) print *ifa
$8 = {ifa_addr = 0xdeadc0de, ifa_dstaddr = 0xdeadc0de,
ifa_netmask = 0xdeadc0de, if_data = {ifi_type = 222 '?',
ifi_physical = 192 '?', ifi_addrlen = 173 '?', ifi_hdrlen = 222 '?',
ifi_link_state = 222 '?', ifi_recvquota = 192 '?',
ifi_xmitquota = 173 '?', ifi_datalen = 222 '?', ifi_mt
Multiple IP addresses in a jail.
Hi, I've got a jail on a machine running some web stuff and I need to add a second SSL web site to it. This would mean binding another IP address to the jail. Has anyone got a work around for this? Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgpjz9oeUWcwO.pgp Description: PGP signature
Can I pursuade someone to commit this patch? (Re: Multiple IP addresses in a jail.)
Dear current folk, I'm forwarding this thread from the -net list where I asked the question, is it possible to have more than one IP address in a jail? The answer is yes, with Pawel's patch. The question here is can I pursuade anyone to commit this to head and MFC it please? The motivation is simple. I need to run a second SSL web server inside of a jail, however that needs another IP address because SSL is incompatible with HTTP/1.1. Thanks :). Joe On Thu, Jun 29, 2006 at 03:40:33AM +0100, Chris wrote: > On 28/06/06, Phil Regnauld <[EMAIL PROTECTED]> wrote: > >Josef Karthauser (joe) writes: > >> Hi, > >> > >> I've got a jail on a machine running some web stuff and I need to add a > >> second SSL web site to it. This would mean binding another IP address > >> to the jail. Has anyone got a work around for this? > > > > Yes, use Pawel's patches: > > > > http://people.freebsd.org/~pjd/patches/jail_2006012001.patch > > > > Older readme here: > > > > http://garage.freebsd.pl/mijail5.README > > > > > > these patches have been around a while, any reason why its not been > ported to the base code? seems a trivial function to have, single ip > jail is very limiting. > > thanks > > Chris > > -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgpFX5AfkigCe.pgp Description: PGP signature
Re: Can I pursuade someone to commit this patch? (Re: Multiple IP addresses in a jail.)
On Tue, Aug 01, 2006 at 10:40:53AM +0200, Phil Regnauld wrote: > Josef Karthauser (joe) writes: > > Dear current folk, I'm forwarding this thread from the -net list where I > > asked the question, is it possible to have more than one IP address in a > > jail? The answer is yes, with Pawel's patch. The question here is can > > I pursuade anyone to commit this to head and MFC it please? The > > motivation is simple. I need to run a second SSL web server inside of a > > jail, however that needs another IP address because SSL is incompatible > > with HTTP/1.1. > > We have been using these patches all the way back since 5-CURRENT and > they work very stable for us. I seem to remember that there were > some reservations about the way it was being done, but for that matter > it wouldn't be the first hack in jail (like u_int32_t for the ip_number > in struct jail :) > I no longer have a commit bit, so I can't commit these myself :/. Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgpvAToQ4zjmz.pgp Description: PGP signature
Re: Can I pursuade someone to commit this patch? (Re: Multiple IP addresses in a jail.)
On Fri, Aug 04, 2006 at 05:00:58PM +0200, Phil Regnauld wrote: > Dmitry Morozovsky (marck) writes: > > > > I suppose pinging pjd@ did not work? ;) > > Good question -- why did Pawel not commit them himself if he could ? :) > No idea. I sent him an email asking on 28 Jun 2006, but I've not had a reply. Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgpdGhiTTILdz.pgp Description: PGP signature
Re: USB ethernet problem
On Tue, Nov 05, 2002 at 09:05:47PM +0300, Anton Vinokurov wrote: > Hi! > > I am running FreeBSD 4.7-release and try to use ATEN UC10T USB-to-Ethernet > adapter. Unfortunately it causes my system to print something like: > kue0: watchdog timeout > kue0: usb error on tx: TIMEOUT > following by freeze. I got this problem while forwarding 50pps/64kbit UDP > packet stream which comes from Cisco ATA186 voice gateway in several minutes > after call starts. Same time, OpenBSD 3.2 with a similar if_kue.c driver > works fine at least under one day voice traffic load. I tried original > driver and altq modifed with no success. > Could someone suggest me a way to fix my problem? There are a number of bugs in the usb stack in -stable, which are waiting for a merge from -current to get fixed. Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = msg07483/pgp0.pgp Description: PGP signature
Re: aue driver problem
On Sun, Jun 08, 2003 at 04:29:41PM +0100, cartman wrote: > Hi, ive recently installed a aue usb ethernet card (aue0: ADMtek USB To LAN > Converter, rev 1.10/1.01, addr 2), added usb support to the kernel, device aue etc. > It detects it and assigns a ip ok but whenever a ip is assigned to it and i try to > connect to other hosts, etc i get this error constantly: aue0: usb error on rx: > IOERROR > > Could anyone help with this problem? > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgp0.pgp Description: PGP signature
Re: aue driver problem
On Mon, Jun 09, 2003 at 06:50:54PM +0100, Josef Karthauser wrote: > On Sun, Jun 08, 2003 at 04:29:41PM +0100, cartman wrote: > > Hi, ive recently installed a aue usb ethernet card (aue0: ADMtek > > USB To LAN Converter, rev 1.10/1.01, addr 2), added usb support to > > the kernel, device aue etc. It detects it and assigns a ip ok but > > whenever a ip is assigned to it and i try to connect to other hosts, > > etc i get this error constantly: aue0: usb error on rx: IOERROR > > > > Could anyone help with this problem? Whoops, sorry about sending an empty message. I was going to say that you don't say whether you're using 4.x or 5.x. Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgp0.pgp Description: PGP signature
Traffic analysis ports?
Dear all, I'm looking for some software to basically analyse the traffic I've got going over a particular pipe so that I can work out whether or what to traffic shape. Can anyone recommend anything? Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgp0.pgp Description: PGP signature
Re: Traffic analysis ports?
On Thu, Sep 18, 2003 at 02:14:23PM -0400, Robert Watson wrote: > > On Thu, 18 Sep 2003, Josef Karthauser wrote: > > > I'm looking for some software to basically analyse the traffic I've got > > going over a particular pipe so that I can work out whether or what to > > traffic shape. Can anyone recommend anything? > > I tend to cut my own BPF-based tools as needed to measure particular types > of traffic, but that's not a very scalable approach. There are commercial > products, such as NAI's Sniffer tool (I think it can read playback from > pcap output), which claim to be able to help with that sort of analysis, > but I've never really used them. For a "first cut" visualization of > currently active network connections, tools such as ntop, trafshow, > tcpstat, etc, can actually provide surprising amounts of insight. > Ahha, ntop. That looks like just the kind of thing I was looking for. Thanks :). Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgp0.pgp Description: PGP signature
Re: Speedtouch internal PCI card support
On Tue, Oct 14, 2003 at 10:30:04PM +0100, Steve Wilson wrote: > I have a freebsd 4.8 machine currently using an old speedtouch USB > device to connect to DSL service. > > This works fine so maybe I should leave it alone .. But heyho. I have > notice that Alcatel have now brought out a PCI version of the speedtouch > and I wondered if it is supported by the freebsd driver, but cannot find > any mention of it for freebsd, quite a bit for linux which suggests it > is supported. > > Anybody know, or got it working already? > > Thanks There is no support for it under FreeBSD at the moment. I've got several sites connected with the usb version and that seems to be the favoured connection type. Most ISPs are happier to sell an external usb box than an internal card. If there is linux support it would probably be possible to adapt this for Freebsd but it will only happen if there's a developer with enough time and motivation to make it happen. Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgp0.pgp Description: PGP signature
Support for RealTek RTL 8101L chipset?
Does anyone know whether we support the Realtek RTL 8101L chipset? (-stable and/or -current). Joe -- Josef Karthauser ([EMAIL PROTECTED]) http://www.josef-k.net/ FreeBSD (cvs meister, admin and hacker) http://www.uk.FreeBSD.org/ Physics Particle Theory (student) http://www.pact.cpes.sussex.ac.uk/ An eclectic mix of fact and theory. = pgp0.pgp Description: PGP signature
epair failure in production on 11.1-STABLE (r328930) ? weird!
We’re experiencing a strange issue in production failure with epair (which we’re using to talk vimage to jails). FreeBSD s5 11.1-STABLE FreeBSD 11.1-STABLE #2 r328930: Tue Feb 6 16:05:59 GMT 2018 root@s5:/usr/obj/usr/src/sys/TRUESPEED amd64 Looks like epair has suddenly stopped forwarding packets between the pair interfaces. Our server has been up for 82 days and it’s been working fine, but suddenly packets have stopped being forwarded between epairs across the entire system. (We’ve got around 30 epairs on the host). So, we’ve got a sudden ARP resolution failure which is affecting all services. :(. Here’s the test. On a working machine this works fine: # Create an email and put an IP address on it, so we can generate ARP traffic with PING. root@magnesium:/usr/home/systems # ifconfig epair create epair7a root@magnesium:/usr/home/systems # ifconfig epair7a up root@magnesium:/usr/home/systems # ifconfig epair7b up root@magnesium:/usr/home/systems # ifconfig epair7a inet 10.140.0.1/30 # Generate ARP traffic over the epair… should see arp requests on epair7b. root@magnesium:/usr/home/systems # ping 10.140.0.2 PING 10.140.0.2 (10.140.0.2): 56 data bytes # Watch traffic coming in from the epair root@magnesium:/usr/home/systems # tcpdump -i epair7b 10:22:27.446651 ARP, Request who-has 10.140.0.2 tell 10.140.0.1, length 28 10:22:28.475086 ARP, Request who-has 10.140.0.2 tell 10.140.0.1, length 28 ^C 2 packets captured 2 packets received by filter 0 packets dropped by kernel Works fine. However, on the failing machine we don’t get any packets forwarded (any more — remember it’s been working fine for a few months - suddenly stopped working :( ). root@s5:/usr/home/systems # ifconfig pair create epair19a root@s5:/usr/home/systems # ifconfig epair19a up root@s5:/usr/home/systems # ifconfig epair7b up root@s5:/usr/home/systems # ifconfig epair7a inet 10.140.0.1/30 root@s5:/usr/home/systems # ping 10.140.0.2 PING 10.140.0.2 (10.140.0.2): 56 data bytes root@s5:/usr/home/systems # tcpdump -ni epair19a 09:24:20.396384 ARP, Request who-has 10.130.0.2 tell 10.130.0.1, length 28 09:24:21.404737 ARP, Request who-has 10.130.0.2 tell 10.130.0.1, length 28 ^C root@s5:/usr/home/systems # tcpdump -ni epair19b [Tumble weed - no traffic seen] ^C Has anyone seen this before? We’re going to reboot and see if that fixes the problem. The failing kernel in question is: FreeBSD s5 11.1-STABLE FreeBSD 11.1-STABLE #2 r328930: Tue Feb 6 16:05:59 GMT 2018 root@s5:/usr/obj/usr/src/sys/TRUESPEED amd64 Break break. We’ve just seen a bug bugzilla report 22710, reporting that epair fails when the queue limit is hit (net.link.epair.netisr_maxqlen). We’ve just introduced a high bandwidth service on this machine and so it’s probably that that’s what’s caused the issue. We’ve currently got a value of: net.link.epair.netisr_maxqlen: 2100 root@s5:/usr/home/systems # netstat -Q Configuration: SettingCurrentLimit Thread count 11 Default queue limit25610240 Dispatch policy direct n/a Threads bound to CPUs disabled n/a Protocols: Name Proto QLimit Policy Dispatch Flags ip 1256 flow default --- igmp 2256 source default --- rtsock 3256 source default --- arp4256 source default --- ether 5256 source direct --- ip66256 flow default --- epair 8 2100cpu default CD- Workstreams: WSID CPU Name Len WMark Disp'd HDisp'd QDrops Queued Handled 0 0 ip 0 253 38546868900 49360754 434829441 0 0 igmp 0 000000 0 0 rtsock 0 5000 1144 1144 0 0 arp0 0 5573045000 5573045 0 0 ether 0 0 1125223166000 1125223166 0 0 ip60 4 9000 1220274 1220364 0 0 epair 0 210000 214 4994675481 4994675481 But we can’t see how much of the queue is currently being used, or what size we need to set it to. But, why has hitting the queue limit broken it entirely! Help! Cheers, Joe — Dr Josef Karthauser Chief Technical Officer (01225) 300371 / (07703) 596893 www.truespeed.com <http://www.truespeed.com/> / theTRUESPEED <http://www.facebook.com/theTRUESPEED> @theTRUESPEED <https://twitter.com/thetruespeed> This email contains TrueSpeed information, which may be privileged or confidential. It's meant only for the in
IPFW with NAT : Problems with duplicate packets on FreeBSD 10.3-RC3
at/FrontPage";>Wiki [CUT] Other Documentation http://tomcat.apache.org/connectors-doc/";>Tomcat Connectors http://tomcat.apache.org/connectors-doc/";>mod_jk Documentation HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/html;charset=ISO-8859-1 Transfer-Encoding: chunked Date: Thu, 07 Apr 2016 16:02:02 GMT 2000 Apache Tomcat/7.0.68 [CUT] Server Status * Malformed encoding found in chunked-encoding * Closing connection 0 curl: (56) Malformed encoding found in chunked-encoding phoenix:~ joe$ Looks like the first packet is being retransmitted, which means that the nat is probably misconfigured and the TCP connection is broken in some strange way. Does anyone have a clue as to where to look? The ipfw rules are simple enough - what have I missed? Thanks, Joe p.s. I also have one_pass disabled: # sysctl net.inet.ip.fw.one_pass net.inet.ip.fw.one_pass: 0 — Dr Josef Karthauser Chief Technical Officer (01225) 300371 / (07703) 596893 www.truespeed.com <http://www.truespeed.com/> / theTRUESPEED <http://www.facebook.com/theTRUESPEED> @theTRUESPEED <https://twitter.com/thetruespeed> This email contains TrueSpeed information, which may be privileged or confidential. It's meant only for the individual(s) or entity named above. If you're not the intended recipient, note that disclosing, copying, distributing or using this information is prohibited. If you've received this email in error, please let me know immediately on the email address above. Thank you. We monitor our email system, and may record your emails. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: IPFW with NAT : Problems with duplicate packets on FreeBSD 10.3-RC3
> On 7 Apr 2016, at 17:08, Dr Josef Karthauser wrote: > > Looks like the first packet is being retransmitted, which means that the nat > is probably misconfigured and the TCP connection is broken in some strange > way. > > Does anyone have a clue as to where to look? The ipfw rules are simple enough > - what have I missed? Ok, the packet definitely isn’t being retransmitted. I’ve done a tcpdump/pcap capture and taken a look and I get a packet that I’ve included below. It’s got a 'HTTP/1.1 200 OK’ inserted mid-flow right in the middle of an HTTP response. Looking at this I’d be inclined to think it’s a bug in the webserver/tomcat, however, what’s strange is that if I ‘curl' the jailed web server directly from the host machine on the private IP address (bypassing the NAT), the HTTP response received is perfectly fine. It’s only when I do an HTTP request to the public IP address and go through the NAT that I experience the problem. How could this happen? Is it a buggy packet reassembly in the kernel perhaps? Joe p.s here’s the strange packet with an HTTP response injected in the middle of a HTML stream: 23:01:07.204016 IP (tos 0x0, ttl 64, id 4190, offset 0, flags [DF], proto TCP (6), length 1500) 31.210.26.216.8080 > infiniverse.karthauser.co.uk.62475: Flags [.], cksum 0xda1c (incorrect -> 0x7ff7), seq 8689:10137, ack 86, win 1040, options [nop,nop,TS val 124159447 ecr 1737359970], length 1448 .g.). .f..g..b Other Documentation http://tomcat.apache.org/connectors-doc/";>Tomcat Connectors http://tomcat.apache.org/connectors-doc/";>mod_jk Documentation HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/html;charset=ISO-8859-1 Transfer-Encoding: chunked Date: Thu, 07 Apr 2016 23:01:05 GMT 2000 Apache Tomcat/7.0.68 http://tomcat.apache.org/";>Home Documentation Configuration Examples http://wiki.apache.org/tomcat/FrontPage";>Wiki http://tomcat.apache.org/lists.html";>Mailing Lists https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: IPFW with NAT : Problems with duplicate packets on FreeBSD 10.3-RC3
> On 8 Apr 2016, at 00:11, Dr Josef Karthauser wrote: > >> On 7 Apr 2016, at 17:08, Dr Josef Karthauser > <mailto:j...@truespeed.com>> wrote: >> >> Looks like the first packet is being retransmitted, which means that the nat >> is probably misconfigured and the TCP connection is broken in some strange >> way. >> >> Does anyone have a clue as to where to look? The ipfw rules are simple >> enough - what have I missed? > > Ok, the packet definitely isn’t being retransmitted. I’ve done a tcpdump/pcap > capture and taken a look and I get a packet that I’ve included below. > > It’s got a 'HTTP/1.1 200 OK’ inserted mid-flow right in the middle of an HTTP > response. Looking at this I’d be inclined to think it’s a bug in the > webserver/tomcat, however, what’s strange is that if I ‘curl' the jailed web > server directly from the host machine on the private IP address (bypassing > the NAT), the HTTP response received is perfectly fine. It’s only when I do > an HTTP request to the public IP address and go through the NAT that I > experience the problem. > > How could this happen? Is it a buggy packet reassembly in the kernel perhaps? > Adding: "ipfw add reass all from any to any” to the beginning of the ipfw rule set doesn’t make any difference to the behaviour. Joe ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: IPFW with NAT : Problems with duplicate packets on FreeBSD 10.3-RC3
> On 8 Apr 2016, at 06:51, Ian Smith wrote: > > On Thu, 7 Apr 2016 17:08:38 +0100, Dr Josef Karthauser wrote: > > [ AppleMail msgs fail to quote properly in pine, so a partial quote: ] > >> Looks like the first packet is being retransmitted, which means that >> the nat is probably misconfigured and the TCP connection is broken in >> some strange way. > >> Does anyone have a clue as to where to look? The ipfw rules are >> simple enough - what have I missed? > > Do you have TSO enabled on that NIC? If so, see ipfw(8) BUGS, third > last para. If not, no idea .. > Thanks Ian, It was exactly that issue! I wish I had remembered that I’d seen that in the man page; would have saved hours of debugging :) Joe — Dr Josef Karthauser Chief Technical Officer (01225) 300371 / (07703) 596893 www.truespeed.com / theTRUESPEED @theTRUESPEED ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
IPFW with NAT (breakage with vlanhwtag enabled) Re: IPFW with NAT : Problems with duplicate packets on FreeBSD 10.3-RC3
> On 8 Apr 2016, at 10:03, Dr Josef Karthauser wrote: > >> On 8 Apr 2016, at 06:51, Ian Smith > <mailto:smi...@nimnet.asn.au>> wrote: >> >> On Thu, 7 Apr 2016 17:08:38 +0100, Dr Josef Karthauser wrote: >> >>> Looks like the first packet is being retransmitted, which means that >>> the nat is probably misconfigured and the TCP connection is broken in >>> some strange way. >> >>> Does anyone have a clue as to where to look? The ipfw rules are >>> simple enough - what have I missed? >> >> Do you have TSO enabled on that NIC? If so, see ipfw(8) BUGS, third >> last para. If not, no idea .. So, disabling TSO did partially fix the problem; at least the “duplicate data” issue. However, I’ve now added an https service in the jails (an haproxy), and that fails a TLS handshake from some hosts. Bizarrely that problem goes away when I disable hw vlan tag processing (-vlanhwtag); that seems weird, and perhaps another bug. The configuration of my machine is as follows: vlan10 (on igb0) [public address] <— [ipfw nat] -> igb1 [private address in a jail on the host, also bound to a physical network] Is there any obvious reason why hardware vlan tagging should get in the way of a NAT session? I can’t think why that would be, but disabling it definitely fixes the problem. Joe — Dr Josef Karthauser Chief Technical Officer (01225) 300371 / (07703) 596893 www.truespeed.com <http://www.truespeed.com/> / theTRUESPEED <http://www.facebook.com/theTRUESPEED> @theTRUESPEED <https://twitter.com/thetruespeed> ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
IPFW: Packet forwarding with bridges and vlans and Vimage? With an IP address.
I’m bridging traffic on a FreeBSD-10.3 machine, between a vlan and a VIMAGE enabled Jail: vlan9: flags=8943 metric 0 mtu 1500 ether 0c:c4:7a:7d:4f:1e nd6 options=29 media: Ethernet autoselect (1000baseT ) status: active vlan: 9 parent interface: igb0 bridge9: flags=8943 metric 0 mtu 1500 ether 02:02:28:ac:d2:09 nd6 options=9 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: vnet0:6 flags=143 ifmaxaddr 0 port 12 priority 128 path cost 2000 member: vlan9 flags=143 ifmaxaddr 0 port 9 priority 128 path cost 2 vnet0:6: flags=8943 metric 0 mtu 1500 description: associated with jail: aec07207-31b9-11e6-8bed-0cc47a7d4f1e options=8 ether 02:ff:60:ae:c0:72 inet6 fe80::ff:60ff:feae:c072%vnet0:6 prefixlen 64 scopeid 0xc nd6 options=21 media: Ethernet 10Gbase-T (10Gbase-T ) status: active All is good in the world, until I also add an IP address to vlan9. When that happens IPFW appears to gobble up packages originating from vnet0:6. They appear on bridge9, but aren’t forwarded in an egress direction down vlan9. I don’t have any sysctls relating to bridge filtering enabled: net.link.ether.ipfw: 0 net.link.bridge.ipfw: 0 net.link.bridge.ipfw_arp: 0 But, with an IP address assigned to vlan9, packets are getting filtered: # ifconfig vlan9 inet 192.168.9.250/24 # tcpdump -i bridge9 13:58:02.498307 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:14:f2:76:46:e6 (oui Unknown), length 320 13:58:02.498442 IP 192.168.9.3.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300 13:58:10.497760 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:14:f2:76:46:e6 (oui Unknown), length 320 13:58:10.497892 IP 192.168.9.3.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300 # tcpdump -i vlan9 13:58:02.498273 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:14:f2:76:46:e6 (oui Unknown), length 320 13:58:10.497725 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:14:f2:76:46:e6 (oui Unknown), length 320 # ifconfig vlan9 inet delete # tcpdump -i bridge9 14:00:58.486653 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:14:f2:76:46:e6 (oui Unknown), length 320 14:00:58.486795 IP 192.168.9.3.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300 # tcpdump -i vlan9 14:00:58.486634 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:14:f2:76:46:e6 (oui Unknown), length 320 14:00:58.486792 IP 192.168.9.3.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300 I don’t have IP forwarding switched on and so I’d expect bridged packets to carry on being bridged irrespective of whether vlan9 has an IP address or not. What’s strange is that ingress packets to the bridge are being forwarded ok, but egress packets out onto the vlan are being filtered. Is there something obvious that I’ve missed? Cheers, Joe — Dr Josef Karthauser Chief Technical Officer (01225) 300371 / (07703) 596893 www.truespeed.com <http://www.truespeed.com/> / theTRUESPEED <http://www.facebook.com/theTRUESPEED> @theTRUESPEED <https://twitter.com/thetruespeed> This email contains TrueSpeed information, which may be privileged or confidential. It's meant only for the individual(s) or entity named above. If you're not the intended recipient, note that disclosing, copying, distributing or using this information is prohibited. If you've received this email in error, please let me know immediately on the email address above. Thank you. We monitor our email system, and may record your emails. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: IPFW: Packet forwarding with bridges and vlans and Vimage? With an IP address.
> On 15 Jun 2016, at 14:04, Dr Josef Karthauser wrote: > > I don’t have IP forwarding switched on and so I’d expect bridged packets to > carry on being bridged irrespective of whether vlan9 has an IP address or not. > > What’s strange is that ingress packets to the bridge are being forwarded ok, > but egress packets out onto the vlan are being filtered. > > Is there something obvious that I’ve missed? > > Cheers, > Joe Ok, I’ve narrowed the problem down. It’s related to the anti spoofing ruleset. I’ve also got this in my ruleset: deny log ip from any to any not antispoof in What’s strange is that when vlan9 has an ip address this rule starts triggering for interfaces that it didn’t before: Jun 15 14:19:39 kernel: ipfw: 1 Deny UDP 192.168.9.3:67 255.255.255.255:68 in via vnet0:13 Jun 15 14:19:39 kernel: ipfw: 1 Deny UDP 192.168.9.3:67 255.255.255.255:68 in via bridge9 Jun 15 14:19:39 kernel: ipfw: 1 Deny UDP 192.168.9.3:67 255.255.255.255:68 in via vnet0:13 Without the IP address I don’t get any of these logged and no packets are filtered. Why would anti-spoof filtering filter traffic on interfaces without IP addresses assigned when vlan9 is given an interface? I might expect that behaviour on the vlan, but but the other bridged interfaces. Is this a “feature”? Joe — Dr Josef Karthauser Chief Technical Officer (01225) 300371 / (07703) 596893 www.truespeed.com <http://www.truespeed.com/> / theTRUESPEED <http://www.facebook.com/theTRUESPEED> @theTRUESPEED <https://twitter.com/thetruespeed> This email contains TrueSpeed information, which may be privileged or confidential. It's meant only for the individual(s) or entity named above. If you're not the intended recipient, note that disclosing, copying, distributing or using this information is prohibited. If you've received this email in error, please let me know immediately on the email address above. Thank you. We monitor our email system, and may record your emails. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
