On Fri, Mar 09, 2001 at 12:08:17PM -0800, Jonathan Graehl wrote:
> Specific to your problem: it seems that requires ,
> but does not #include it. n_long is defined in in_systm.h and used in ip_icmp.h
> and ip.h (not tcp.h) I have complained without response (on freebsd-arch, maybe
> not the ri
Is anyone working on route caching functionality within FreeBSD? This
would eliminate a lot of problems with using FreeBSD as a router...which
seems to be a common role of which FreeBSD seems to fit. Especially for
machine that are dual-homed.
It may be implemented nicely as a sysctl var or ma
Replying to self (multiple personality disorder?):
Once caveat ... if you're trying to simulate the resource-exhaustion effects of
a true SYN flood (rather than simply testing the ability of your firewall /
intrusion detection system to react to a flood), then you will need to prevent
autogenerat
"Jonathan Graehl" <[EMAIL PROTECTED]> writes:
> Specific to your problem: it seems that requires
> , but does not #include it. n_long is defined in
> in_systm.h and used in ip_icmp.h and ip.h (not tcp.h) I have
> complained without response (on freebsd-arch, maybe not the right
> place) of simila
#!/bin/sh
i=5; while [ $i -lt 50100 ]; do nemesis-tcp -S 209.68.199.246 -D
209.68.199.242 -fS -x $i -y 25; i=$(($i + 1)); done
... seems to work fine; a perl script would give a more legible for loop though
;)
--
Jonathan Graehl
email: [EMAIL PROTECTED]
web: http://jonathan.graehl.org/
cd /usr/ports/net/nemesis
make install
Nemesis (http://www.packetninja.net/nemesis/) is a command line tool that can
easily generate syn packets; if you want a flood, write a script.
There is also /usr/ports/net/libnet
http://www.packetfactory.net/Projects/Libnet/
- it is used by nemesis and is
Generally speaking, the most portable way to generate IP packets is to do
so using the raw IP socket interface. However, I've also successfully
generated packets using IPDIVERT, BPF, and custom kernel modules :-). I
found the IPDIVERT performed quite nicely and was useful for exploring
firewall
I'm reconfiguring a network I inherited and I'm looking for advice on the
best way to get it done.
We are connected to a single T1, that's fire walled through a bsd box.
behind that, aside from a local area network, we have a wireless network
that provides connections to several small companies w
John Hay wrote:
> >
> > >I'll do it right now if itojun doesn't mind (to save him a task
:-) )
> > >and get authorization from Jordan to commit.
> >
> > please go ahead, i can review the diff if you want me to.
> >
>
> Ok, here is a patch for -current. It was taken from the kame code
> with mino
On Fri, Mar 09, 2001 at 02:56:21PM +0900, [EMAIL PROTECTED] wrote:
>
> >From the server's point of view:
> >
> >+ TCP/IP handshake from client, allocate protocol control blocks
> >+ receive data from client
> >+ client resets connection, pcb is destroyed
> >
> >Exactly why the client
On Fri, Mar 09, 2001 at 08:03:58AM -0800, Walter Goralski wrote:
> The missing piece has been DOS SYN attacks. I have the really common
> "synk4.c" source that is all over the Web, but I get errors when I try to
> compile it ("it's the linux includes" someone told me). Now, I last used my
They're
Folks:
Andreas Klemm, who ported cflowd to FreeBSD, suggested I use this vehicle to
see if I could get some help.
I am a course developer for Juniper Networks, and I have just written a
2-day advanced course on router firewall filters (this is one reason for the
cflowd).
We have participants i
Thanks Harti.
I'll look at it (again)
I thought I had fixed these.. oh well maybe I broke it again..
Hooks hold a reference on the node until their own references go to 0.
The node holds a reference on teh hook, but the cycle is
handled in the hook removal code. Since node removal first calls
On Fri, 9 Mar 2001, Matthew N. Dodd wrote:
> I've got a patch against -CURRENT to get our token ring code working
> against Novell 802.2 style IPX.
Whee, thanks!
--
Boris Popov
http://www.butya.kz/~bp/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in th
>
> >I'll do it right now if itojun doesn't mind (to save him a task :-) )
> >and get authorization from Jordan to commit.
>
> please go ahead, i can review the diff if you want me to.
>
Ok, here is a patch for -current. It was taken from the kame code
with minor adjustments to fit into
Hi,
it seems that netgraph is leaking references. One simple experiment to do
is to repeat 'ngctl types' several times:
500 [root] (beagle) netgraph_atm/tests/ccatm # ngctl types
There are 5 total types:
Type name Number of living nodes
- --
I've got a patch against -CURRENT to get our token ring code working
against Novell 802.2 style IPX.
This patch also may enable IPv6, however additional patches (not included)
are required.
I also took the time to do some code cleanups. :/
Anyhow, please find attached.
My test consisted of mo
Just curious:
I noticed that FreeBSD and NetBSD will give you a 50% longer listen queue
than what was requested with the second argument of listen(2). (You get
trunc(N*3/2)+1 for backlog=N). Thus with the default SOMAXCONN of 128 (this
is settable with a sysctl) we actually have a listen queue of
18 matches
Mail list logo
