More on odd IPFW behavior

2014-04-05 Thread Brett Glass
A bit more investigation of IPFW's behavior on VLAN interfaces has revealed some even stranger stuff. Consider the tallies on the following firewall rules: # ipfw show | head 1 65071 36685513 count ip from any to any layer2 via re0 2 65303 36856334 count ip from any to any layer2 vi

IPFW and VLANs

2014-04-05 Thread Brett Glass
Everyone: I'm writing some new rulesets for IPFW on a machine that has only one built-in Ethernet interface. It connects to a few different Ethernets via a VLAN switch. (The physical interface leads to a "trunk;" that is to say, all packets passing om and out of the parent interface ought to

SCTP binds to IPs outside of jail

2014-04-05 Thread Bernd Walter
So far I've tested this on FreeBSD-9.2 BETA2 r254053M only. The modifications are to allow IPv6 multicast support within jail which only makes a difference for multicast addresses and some multicast loopback checksum bugs - both changes are open PR. I've created an AF_INET6 SCTP one to many socket

Re: Multihomed system with jails routing issues

2014-04-05 Thread Julian Elischer
On 4/5/14, 10:22 AM, Chris Smith wrote: Hi All, I have a system with 1 network interface with 2 extra VLANs off it and I'm having some trouble getting the routing working correctly with it and jails. bge0 - management - 10.71.100.0/24 bge0.101 - LAN- 10.71.101.0/24 bge0.103 - DMZ

Re: netisr 0 : %100 and other netisr threads are waiting

2014-04-05 Thread Ermal Luçi
Hello, what are you using to divert packets, ipfw(4) or pf(4)? Can you show your configuration on that as well! On Fri, Apr 4, 2014 at 6:54 AM, Özkan KIRIK wrote: > Hi, > > I am trying to use suricata on FreeBSD 10 amd64. > FreeBSD behaves as a VLAN router and NAT Box. > > Traffic is about 40

Re: netisr 0 : %100 and other netisr threads are waiting

2014-04-05 Thread Özkan KIRIK
hi, / I saw that netisr 0 ip has Queue Drops ( 94902 ). Thank you # sysctl net.isr net.isr.dispatch: direct net.isr.maxthreads: 3 net.isr.bindthreads: 1 net.isr.maxqlimit: 20480 net.isr.defaultqlimit: 4096 net.isr.maxprot: 16 net.isr.numthreads: 3 # sysctl net.route. net.route.netisr_maxqlen: 409

Re: questions about (system) dhclient

2014-04-05 Thread Robert Huff
Dave Duchscher writes: > Robert Huff wrote: > >Synopsis of my (apparent) problem: DISCOVER, OFFER, REQUEST, > and ACKNOWLEDGEMENT all happen correctly ... but the information > doesn't make it to ifconfig or the routing table. > Have you tried commenting everything out of dhclient.conf?

Re: netisr 0 : %100 and other netisr threads are waiting

2014-04-05 Thread hiren panchasara
On Thu, Apr 3, 2014 at 9:54 PM, Özkan KIRIK wrote: > Hi, > > I am trying to use suricata on FreeBSD 10 amd64. > FreeBSD behaves as a VLAN router and NAT Box. > > Traffic is about 400Mbps. > When i diverted traffic to suricata, swi: netisr 0 thread gets %100 cpu. > other netisr threads are %0. And