> > Are you sure? I have net.inet.tcp.signature_verify_input = 1 and only
> > one line in /etc/ipsec.conf for each BGP session using MD5 keys, on
> > 8.2-STABLE.
>
> Hmm, you are right, it seems that my second SAD entries are not used at all.
> However I'm now running with net.inet.tcp.signature_ve
On Jan 4, 2012, at 12:03 AM, Ermal Luçi wrote:
> Can you see if on the enc(4) interface pf(4) sees both side of the traffic?
I can on enc0. Doing a tcpdump(1) shows me traffic traveling both ways. Should
there be a pf(4) interface for me to listen on? I've listened on pflog(4), and
only seen tr
On Jan 4, 2012, at 3:42 PM, sth...@nethelp.no wrote:
>> You are setting the keys with setkey for both directions of a single
>> session, right?
>> i.e.:
>>
>> add X.X.X.X Y.Y.Y.Y tcp 0x1000 -A tcp-md5 "SomePass";
>> add Y.Y.Y.Y X.X.X.X tcp 0x1000 -A tcp-md5 "SomePass";
>>
>> As before it was
Looks like there's a case where tcp_detach could return with the inp
lock held. I see an XXXRW comment questioning this possibility, but
we should either add an assertion to verify that the case does not
occur, or unlock the inpcb before returning. Or maybe both?
Regards,
Navdeep
diff -r 35bdf8
To help understand what's going on and test some of this stuff, I
hacked up a TCP-MD5-aware echo server and tried various things.
The first thing I found was that setting
net.inet.tcp.signature_verify_input to 0 does not stop the listener
socket from setting TCP_MD5SIG. So, setting this is not a
On 5 January 2012 15:33, Matthew Luckie wrote:
> Habey have two atheros Mini-PCIe cards:
>
> http://www.habeyusa.com/products_show.php?id=361 -- HB-NB037H
> http://www.habeyusa.com/products_show.php?id=353 -- HB-NE785H
>
> The NB037 model is advertised as supporting bluetooth, and the NE785 model
Hi Adrian,
The docs say Atheros AR9285(MAC/Baseband/RF) with AR3011 -- I tend to think
the AR3011 is an error in their docs as the card is not advertised as
supporting bluetooth, and because an AR9285 is apparently exposed over PCIe,
I tend to think the card will work fine as an hostap, but just
I am experiencing the same problem with bgpd and FreeBSD 8.2-STABLE as
described in this thread. If I have correctly interpreted this
thread, it is currently not possible to have an OpenBGPd that speaks
TCP-MD5 to some peers, but not to others on FreeBSD. Is that correct?
(It seems possible to b
On Thu, Jan 05, 2012 at 08:36:23PM +0200, Sami Halabi wrote:
> where i can find explanation for these sysctls, the manual has some of the
> sysctls but not all...
>
> are these values in bits or bytes?
They are in bytes. You can use "sysctl -d kern.ipc.maxsockbuf"
for short description but they
OH!
On 5 January 2012 01:00, Matthew Luckie wrote:
> Hi
>
> I'd like to create a freebsd AP using my mini-itx board. I have a mini-pcie
> expansion slot and am considering this wifi card
>
> http://www.habeyusa.com/products_show.php?id=361
>
> I currently run 8.2R but plan to upgrade to 9.0R.
>
where i can find explanation for these sysctls, the manual has some of the
sysctls but not all...
are these values in bits or bytes?
Sami
On Thu, Jan 5, 2012 at 5:03 PM, Eugene Grosbein wrote:
> On Thu, Jan 05, 2012 at 03:43:45PM +0200, Sami Halabi wrote:
>
> > Somthing strange, i did:
> > net
On Tue, Dec 20, 2011 at 2:12 PM, Jack Vogel wrote:
> I have had another report of this problem, I am nominally on vacation for a
> couple of weeks, but have promised to look at the issue after the holidays.
I am available to test any patches. Thank you for your help.
-Corey Smith
__
Hi,
> On Thu, 05 Jan 2012 16:11:17 +0100
> "Rainer Bredehorn" said:
Bredehorn> FreeBSD 8 uses a strange notation for multicast routes with
interface local scope something like:
Bredehorn> ff01:3::/32
Bredehorn> Here '3' is the scope id of the interface.
Bredehorn> OpenBSD uses the same
HI!
FreeBSD 8 uses a strange notation for multicast routes with interface local
scope something like:
ff01:3::/32
Here '3' is the scope id of the interface.
OpenBSD uses the same notation as proposed in RFC 4007 for link local scompe
multicast addresses:
ff01::%fxp1:/32
Why does FreeBSD use a
On Thu, Jan 05, 2012 at 03:43:45PM +0200, Sami Halabi wrote:
> Somthing strange, i did:
> net.graph.recvspace=8388608
> net.graph.maxdgram=8388608
>
> and i suddenly got disconnections and logs like:
> Jan 5 16:10:01 mpd2 mpd: L2TP: ppp_l2tp_ctrl_create: No buffer space
> available
> Jan 5 16:1
On 05.01.2012 15:49, Gleb Smirnoff wrote:
mpd has many open sockets, and each socket allocates that much recvspace
and sendspace. Since there are a lot of them, it hits per-user resource
limits, I suppose.
We need to:
1) Change mpd to use one control socket with many hooks.
It is partially do
Hi,
is setting these sysctl's that high recommended? i don't really know what
they mean, and honestly didn't search to see what they do, i simply tried
to set them high in order to improve the service.
if its recommended, then i would test these changes if they will be done.
Sami
2012/1/5 Gleb S
On Thu, Jan 05, 2012 at 03:43:45PM +0200, Sami Halabi wrote:
S> Hmm..
S>
S> Somthing strange, i did:
S> net.graph.recvspace=8388608
S> net.graph.maxdgram=8388608
S>
S>
S> and i suddenly got disconnections and logs like:
S> Jan 5 16:10:01 mpd2 mpd: L2TP: ppp_l2tp_ctrl_create: No buffer space
S>
Sami,
I am running not with the exact patch that I've sent to you, but
with additional debugging printf, see attach. I'd like to make sure that
after such a large rekeying event the PPP link is still valid.
Since I can't cook this reordering case by hand, can you please
eventually patch your
Hmm..
Somthing strange, i did:
net.graph.recvspace=8388608
net.graph.maxdgram=8388608
and i suddenly got disconnections and logs like:
Jan 5 16:10:01 mpd2 mpd: L2TP: ppp_l2tp_ctrl_create: No buffer space
available
Jan 5 16:10:11 mpd2 mpd: PPTP: NgMkSockNode: No buffer space available
the mpd
Synopsis: [ng_mppc] ng_mppc_decompress - disabling node
State-Changed-From-To: feedback->closed
State-Changed-By: glebius
State-Changed-When: Thu Jan 5 13:33:16 UTC 2012
State-Changed-Why:
Email of submitter is no longer valid.
http://www.freebsd.org/cgi/query-pr.cgi?pr=123045
__
On Thu, Jan 05, 2012 at 01:21:12PM +0200, Sami Halabi wrote:
S> Hi
S>
S> after i upgraded the recvspace here are the results:
S> # ./a
S> Rec'd response "getsessconfig" (4) from "[22995]:":
S> Args: { session_id=0xcf4 peer_id=0x1bdc control_dseq=1 enable_dseq=1 }
S> Rec'd response "getsessconfig
Hi
after i upgraded the recvspace here are the results:
# ./a
Rec'd response "getsessconfig" (4) from "[22995]:":
Args: { session_id=0xcf4 peer_id=0x1bdc control_dseq=1 enable_dseq=1 }
Rec'd response "getsessconfig" (4) from "[228bd]:":
Args: { session_id=0xee79 peer_id=0x1 control_dseq=1 enab
On Thu, Jan 05, 2012 at 12:48:05PM +0200, Sami Halabi wrote:
S> Hi,
S> there is a problem whith this script:
S>
S> # ngctl ls | awk '{ if ($4 == "l2tp") print $6}'
S> ngctl: send msg: No buffer space available
You have so much nodes, that 'ngctl ls' can't pass its reply
to userland.
Try to bump
On Thu, Jan 05, 2012 at 12:48:05PM +0200, Sami Halabi wrote:
> Hi,
> there is a problem whith this script:
>
> # ngctl ls | awk '{ if ($4 == "l2tp") print $6}'
> ngctl: send msg: No buffer space available
You should try to increase kern.ipc.maxsockbuf, net.graph.maxdgram,
net.graph.recvspace to 8
Hi,
there is a problem whith this script:
# ngctl ls | awk '{ if ($4 == "l2tp") print $6}'
ngctl: send msg: No buffer space available
Sami
2012/1/5 Gleb Smirnoff
> Sami,
>
> I'm trying to reproduce a reordering problem with a new node, and
> I've found that:
>
> 1) PPTP uses sequencing, that
Sami,
I'm trying to reproduce a reordering problem with a new node, and
I've found that:
1) PPTP uses sequencing, that would not pass out of sequence datagram
to the PPP, and thus to MPPE.
2) L2TP uses sequencing optionally, so the problem in subject may
appear only on an L2TP link with
Hi
I'd like to create a freebsd AP using my mini-itx board. I have a
mini-pcie expansion slot and am considering this wifi card
http://www.habeyusa.com/products_show.php?id=361
I currently run 8.2R but plan to upgrade to 9.0R.
The main concern I have is that it lists its host interface as m
28 matches
Mail list logo
