On Sun, 15 Apr 2007, Luigi Rizzo wrote:
> On Sun, Apr 15, 2007 at 11:53:15PM +0200, Ivan Voras wrote:
> > Luigi Rizzo wrote:
> >
> > > if i remember well (the implementation dates back to 2001 or so)
> > > you just need to use "limit", as it implicitly installs
> > > a dynamic state entry (s
Please print out the mbuf's m_hdr and pkthdr.
-Kip
On 4/15/07, Kris Kennaway <[EMAIL PROTECTED]> wrote:
On Sun, Apr 15, 2007 at 11:30:47PM -0400, Kris Kennaway wrote:
> On an 8-core amd64 running up-to-date CVS sources:
>
> > Fatal trap 9: general protection fault while in kernel mode
> > cpuid
On Sun, Apr 15, 2007 at 11:30:47PM -0400, Kris Kennaway wrote:
> On an 8-core amd64 running up-to-date CVS sources:
>
> > Fatal trap 9: general protection fault while in kernel mode
> > cpuid = 7; apic id = 07
> > instruction pointer = 0x8:0x802a7800
> > stack pointer = 0x10:
On an 8-core amd64 running up-to-date CVS sources:
> Fatal trap 9: general protection fault while in kernel mode
> cpuid = 7; apic id = 07
> instruction pointer = 0x8:0x802a7800
> stack pointer = 0x10:0xabc61960
> frame pointer = 0x10:0xabc61970
> co
On Mon, Apr 16, 2007 at 12:07:35AM +0200, Ivan Voras wrote:
> Luigi Rizzo wrote:
>
> > yes the numbers should be the expire time for the rule.
>
> So, the total time the connection was active or the time the connection
> had some traffic through it?
it is the expire time (i.e. how many seconds f
Luigi Rizzo wrote:
> yes the numbers should be the expire time for the rule.
So, the total time the connection was active or the time the connection
had some traffic through it?
> ipfw has a default timeout of 300, and the it only uses the
> "short" lifetimes when the remote end properly closes
On Sun, Apr 15, 2007 at 11:53:15PM +0200, Ivan Voras wrote:
> Luigi Rizzo wrote:
>
> > if i remember well (the implementation dates back to 2001 or so)
> > you just need to use "limit", as it implicitly installs
> > a dynamic state entry (same as keep-state).
>
> Thanks, I'll try it tomorrow. If
On Sun, Apr 15, 2007 at 10:18:36PM +0200, Ivan Voras wrote:
> On a rule:
>
> 06080 40997628 30756672556 allow tcp from any to me dst-port 80 setup
> keep-state
>
> ipfw -d show lists:
>
> ## Dynamic rules (774):
> 06080 94838731 (108s) STATE tcp xx.172.115.202 1421 <->
> my.ip.ad
Luigi Rizzo wrote:
> if i remember well (the implementation dates back to 2001 or so)
> you just need to use "limit", as it implicitly installs
> a dynamic state entry (same as keep-state).
Thanks, I'll try it tomorrow. If it works, may I suggest a change: make
the error message say "keep-state i
On Sun, Apr 15, 2007 at 10:06:37PM +0200, Ivan Voras wrote:
> I think I need to start filtering based on simultaneous connections from
> source IP addresses because of some abuse that's apparently going on,
> so, as I'm already using ipfw, I tried this:
>
> # ipfw add 6079 allow tcp from any to me
eBay eBay sent this message
Your registered name is included to show this message originated from
eBay. [1]Learn more.
[ltCurve.gif]
eBay New Message Received from Seller for Item #138811728649
[rtCurve.gif]
[s.gif]
[s.gif]
[s.gif]
[s.gif]
eBay member angelab5419 ha
On a rule:
06080 40997628 30756672556 allow tcp from any to me dst-port 80 setup
keep-state
ipfw -d show lists:
## Dynamic rules (774):
06080 94838731 (108s) STATE tcp xx.172.115.202 1421 <->
my.ip.add.r 80
06080 98542716 (83s) STATE tcp xx.67.223.104 1071 <->
my.ip
I think I need to start filtering based on simultaneous connections from
source IP addresses because of some abuse that's apparently going on,
so, as I'm already using ipfw, I tried this:
# ipfw add 6079 allow tcp from any to me 80 setup keep-state limit
src-addr 10
To which ipfw replied:
ipfw:
Hello!
I'm trying to set up a box as round-robin TCP proxy. Of course, I'm
trying to do everything on kernel-level.
This simple setup
rdr on sk0 proto tcp from any to any port = smtp -> port 25
round-robin
should work. At least, I thought so.
However, attempt to connect to port 25 yielde
On Mon, 9 Apr 2007, Bruce M Simpson wrote:
> For a while now I have had a patch available to teach olsrd to use
> IP_ONESBCAST instead of using libnet/bpf just to send broadcast
> datagrams in FreeBSD, which has had IP_ONESBCAST for a few years now.
Would 'a few years' likely include 5.5-STA
15 matches
Mail list logo
