Re: setfib and RSTs

2014-12-28 Thread Julian Elischer
On 12/26/14 10:41 PM, Nikolay Denev wrote: Hi, I have a process (bittorrent client) running in a non-default fib and using a VPN for default gateway: from /etc/rc.local : /usr/sbin/setfib 1 route add $vpn_provider 10.0.0.1 /usr/sbin/setfib 1 /usr/local/sbin/openvpn --config /usr/loca

Re: IPv6 routes leaking between FIBs?

2014-12-28 Thread Julian Elischer
On 12/28/14 11:19 AM, Jason Healy wrote: Hello, Trying out FreeBSD for the first time to build a firewall box that’s multi-core and runs PF. I’m very interested in the FIB code, as it lines up well with the way my core networking equipment works and should allow me to route traffic on an int

Re: IPv6 fragments handling

2014-12-28 Thread Ilya Bakulin
On 22.12.14, 17:59, 神明達哉 wrote: > At Sat, 20 Dec 2014 23:40:37 +0100, > Ilya Bakulin wrote: > >> But what we do is just silently discarding the overlapping segment, see [2]. >> When using PF with fragment reassembly, the behavior changes to what RFC >> says >> and the packet is completely dropped.

[Differential] [Updated, 14 lines] D1388: IP6: Turned on verbose logging for fragment handling code

2014-12-28 Thread kibab (Ilya Bakulin)
kibab updated this revision to Diff 2903. CHANGES SINCE LAST UPDATE https://reviews.freebsd.org/D1388?vs=2902&id=2903 REVISION DETAIL https://reviews.freebsd.org/D1388 AFFECTED FILES sys/netinet6/frag6.c To: kibab, bz Cc: freebsd-net ___ freebsd

[Differential] [Updated, 20 lines] D1388: IP6: Turned on verbose logging for fragment handling code

2014-12-28 Thread kibab (Ilya Bakulin)
kibab updated this revision to Diff 2902. CHANGES SINCE LAST UPDATE https://reviews.freebsd.org/D1388?vs=2901&id=2902 BRANCH provost_pfrag REVISION DETAIL https://reviews.freebsd.org/D1388 AFFECTED FILES sys/netinet6/frag6.c To: kibab, bz Cc: freebsd-net ___

[Differential] [Commented On] D1388: IP6: Turned on verbose logging for fragment handling code

2014-12-28 Thread kibab (Ilya Bakulin)
kibab added a comment. I have added the wrong revision to the review! This is the correct one, I couldn't edit the patch itself :-( --- a/sys/netinet6/frag6.c +++ b/sys/netinet6/frag6.c @@ -63,7 +63,7 @@ static void frag6_enq(struct ip6asfrag *, struct ip6asfrag *); static void frag6_deq(struct

[Differential] [Request, 6 lines] D1388: IP6: Turned on verbose logging for fragment handling code

2014-12-28 Thread kibab (Ilya Bakulin)
kibab created this revision. kibab added a reviewer: bz. kibab added a subscriber: freebsd-net. REVISION SUMMARY Implement behavior suggested by RFC5722: drop the fragment queue entirely if the system receives a duplicate fragment TEST PLAN Send a fragmented packet to the system, then send

Re: IPv6 routes leaking between FIBs?

2014-12-28 Thread Bjoern A. Zeeb
> On 28 Dec 2014, at 03:19 , Jason Healy wrote: > > Hello, > > Trying out FreeBSD for the first time to build a firewall box that’s > multi-core and runs PF. I’m very interested in the FIB code, as it lines up > well with the way my core networking equipment works and should allow me to > r