[Bug 201590] Zerowindow packets escape stateful in-kernel NAT

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201590 --- Comment #5 from g_amana...@yahoo.com --- Setting net.inet.ip.fw.dyn_keepalive=0 resolves the problem. However the bug remains as the keepalive packets should be NATed in the first place. -- You are receiving this mail because: You are

[Bug 201488] dummynet appears broken in 10.0-RELEASE and onwards (can't traffic shape on bridges)

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201488 Hiren Panchasara changed: What|Removed |Added CC||freebsd-net@FreeBSD.org --- Com

[Bug 201590] Zerowindow packets escape stateful in-kernel NAT

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201590 --- Comment #4 from g_amana...@yahoo.com --- I think it has to do with the keepalives produced from ip_fw_dynamic.c. The packets go through ip_output() and this may be the reason they are not NATed. Just my impression of skimming through the

Re: Displaying the supported module types of a network adapter

It sounds like at least two drivers have the ability, and at least three people have the interest. I'll put this on my list. I'm not sure if I'll get to work on it soon, though. -Alan On Fri, Jul 17, 2015 at 9:40 AM, Eric Joyner wrote: > ixl(4) will list all of the supported module types for th

[Bug 201590] Zerowindow packets escape stateful in-kernel NAT

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201590 --- Comment #3 from Ben Woods --- I also have the following in my /etc/sysctl.conf to allow packets to have more than 1 pass through the firewall (for in-kernel NAT): net.inet.ip.fw.one_pass=0 -- You are receiving this mail because: You

[Bug 201590] Zerowindow packets escape stateful in-kernel NAT

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201590 --- Comment #2 from Ben Woods --- I can confirm I am also seeing some local network addresses escape out to the Internet when using IPFW with in-kernel NAT. Indeed it appears to be the ZeroWindow packets. # tcpdump -n -e -ttt -i tun0 src n

"downed" loopback address still active?

Hi, I am using an IP on a loopback interface and no matter if I "down" the interface, the kernel still uses that address as a valid address, that is, still accepting traffic to the loopback address etc. Is this a bug? Thanks for any ideas, Nikos ___ f

Re: panic: witness_warn head/amd64 @r285741 on 1 of 2 machines

David Yep.. we got that wrong. If 1 is returned by the submit it means the PCB was lost. If 0 is returned you unlock as usual. R On Jul 21, 2015, at 5:59 PM, David Wolfskill wrote: > On Tue, Jul 21, 2015 at 03:21:16PM -0500, Eric van Gyzen wrote: >> ... So it looks like net swi, leaking s