Re: spliting kernel ipfw source ? (also involves sctp)

At Sun, 01 Mar 2009 18:22:02 -0800, per...@pluto.rain.com wrote: > > Rui Paulo wrote: > > On 1 Mar 2009, at 21:26, Julian Elischer wrote: > > > Luigi Rizzo wrote: > > >> Hi, > > >> I am planning to split netinet/ip_fw2.c in a number of smaller > > >> files to make it more manageable, and while i

Re: ixgbe vs mxge

At Sun, 2 Nov 2008 10:34:18 -0800, Jack Vogel wrote: > > You know I generally try to maintain courtesy and civility in my > dealings with the community but this really ticks me off. And we appreciate both your work and your professionalism. > I have stayed out of this thread because I figured it

Re: Small patch to multicast code...

At Mon, 25 Aug 2008 21:40:38 +0200, John Hay wrote: > > I have tried it and it does fix my problem. RIP2 over multicast works > again. :-) Good to hear. I'm waiting on a bit more feedback but I think I'll be checking this in soon, with a big comment talking about the performance implications etc

Re: FreeBSD NAT-T patch integration

At Thu, 26 Jun 2008 12:56:41 -0700, julian wrote: > > I'm planning on committing it unless someone can provide a reason not > to, as I've seen it working, needed it, and have not seen any bad > byproducts. > I'd be interested to know how you tested it. NAT-T and IPsec are non-trivial protocol

Re: Throughput rate testing configurations

At Wed, 11 Jun 2008 09:51:27 -0700, security wrote: > > Steve Bertrand wrote: > > Hi everyone, > > > > I see what I believe to be less-than-adequate communication > > performance between many devices in parts of our network. > > > > Can someone recommend software (and config recommendations if >

Re: zonelimit issues...

At Fri, 18 Apr 2008 06:40:26 -0700, Chris Pratt wrote: > > I am very interested in this topic as I've been waiting > since moving from FreeBSD 5 in 2006. The workaround > in the errata had no effect and the only notice I > could see of something changing was the errata did > not include the proble

Re: 7.0-RC1 onboard em1 intel pro1000 vanishing occasionally

At Mon, 3 Mar 2008 13:43:45 -0800, Jack Vogel wrote: > > The fix to this problem is in the new shared code that got checked into > CURRENT on Friday. I will be MFCing the changes eventually but > if you want to test now you'll need to go with CURRENT. > Rockin. Will this go into 6 as well or is

Re: arp rewrite...

At Tue, 11 Dec 2007 00:48:53 -0800, luigi wrote: > > On Tue, Dec 11, 2007 at 12:37:25AM -0800, Julian Elischer wrote: > > I believe Qing-li (Sp?) did an arp rewrite.. > > the story is a bit longer - Andre drafted the initial design, > which i subsequently took over and with a student, Alessandro

Re: infinite loop in esp6_ctlinput()?

Hi, Please try the attached patch, which mimics exactly what the Kame code used to do. I have not fully tested it, but it builds and runs. I will need some time to reproduce the panic you saw on one of my boxes. If you can tell me the steps you took to get that to happen that would be great. B

Re: infinite loop in esp6_ctlinput()?

At Wed, 29 Aug 2007 00:28:47 +0900, jinmei wrote: > > At Tue, 28 Aug 2007 19:49:11 +0800, > blue <[EMAIL PROTECTED]> wrote: > > > According to the GDB backtrace, I think this is what I am talking about. > > > > Besides, this would result in infinite loop just by looking at the > > codes. Howeve

Re: Racoon(ipsec-tools) enters sbwait state or 100% CPU utilization quite often on RELENG_1_2

At Mon, 20 Aug 2007 12:43:25 -0400, Scott Ullrich wrote: > > On 8/20/07, VANHULLEBUS Yvan <[EMAIL PROTECTED]> wrote: > > I tracked down the problem a few years ago, on FreeBSD 4.11, with > > KAME's IPSec stack. > > > > But the problem was not really in the stack itself, but rather in > > socket pr

Re: Racoon(ipsec-tools) enters sbwait state or 100% CPU utilization quite often on RELENG_1_2

At Sat, 18 Aug 2007 15:58:16 -0400, Scott Ullrich wrote: > Thanks for the very detailed response. We have worked around the > problem for now with a simple shell script that looks for racoon > falling over and simply restarting it. > > Does anyone know if this is fixed in 7-CURRENT? If so we ca

Re: Ipsec - PF_KEY and set_policy

At Thu, 26 Jul 2007 08:13:02 +0800, blue wrote: > > As far as I know, setkey is used for IPsec SP and SA configuration. > ipsec_set_policy() could transfer a string to "policy request", which is > defined in RFC 2367 PF_KEY. Internally, setkey() will call > ipsec_set_policy() to construct the m

Re: FAST_IPSEC import to HEAD is imminent..

At Wed, 27 Jun 2007 10:48:56 + (UTC), Bjoern A. Zeeb wrote: > > On Wed, 27 Jun 2007, Poul-Henning Kamp wrote: > > Hi, > > > Can we please drop the FAST_ prefix along with the old IPSEC when we > > get to that point ? > > yes, I think that is gnn's plan. I was a bit worried because it'll be

Re: kern/52585: [netinet] [patch] Kernel panic with ipfw2 and syncookies

Synopsis: [netinet] [patch] Kernel panic with ipfw2 and syncookies State-Changed-From-To: suspended->closed State-Changed-By: gnn State-Changed-When: Sun Nov 12 09:39:29 UTC 2006 State-Changed-Why: This can no longer be reproduced (7.0 CURRENT) http://www.freebsd.org/cgi/query-pr.cgi?pr=52585 __

Re: Packet Construction and Protocol Testing...

At Fri, 21 Jul 2006 14:12:51 -0400, Charles Swiger wrote: > > On Jul 21, 2006, at 1:43 PM, Clément Lecigne wrote: > >> 44-pi# grep -l pcap_inject /usr/lib/libpcap* > >> 45-pi# nm -g /usr/local/lib/python2.4/site-packages/pcap.so | grep > >> pcap_inject > >> U pcap_inject > > > > Have y

Re: SCTP

At Mon, 03 Jul 2006 07:32:01 -0400, randall wrote: > > Bascially there are two socket models that > can be used by SCTP.. > > sd = socket(AF_INETX, SOCK_STREAM, IPPROTO_SCTP); > > or > > sd = socket(AF_INETX, SOCK_SEQPACKET, IPPROTO_SCTP); > > The first one will then look JUST like TCP... aka

Re: kern/93220: [inet6] nd6_lookup: failed to add route for a neighbor

Synopsis: [inet6] nd6_lookup: failed to add route for a neighbor State-Changed-From-To: analyzed->feedback State-Changed-By: gnn State-Changed-When: Sat Jun 17 18:01:32 UTC 2006 State-Changed-Why: This is fixed in HEAD and MFC'd to STABLE (6). http://www.freebsd.org/cgi/query-pr.cgi?pr=93220 ___

Re: nd6_lookup prints bogus messages with point to point devices

Hi, After way too long this has been tested and committed to HEAD, with an MFC timout of 1 week. I have done only limited, aka, ping, testing of this fix. I am currently setting up my own outbound IPv6 network so that I can do more real world testing of such patches in future. Later, George ___

Re: nd6_lookup prints bogus messages with point to point devices

At Mon, 22 May 2006 18:40:48 +0900, jinmei wrote: > Could you try the patch attached below? It's for 6.1-RELEASE, but I > guess it's pretty easy to apply to CURRENT. > > The essential reason of this problem is that the latest kernel regards > the destination address of a point-to-point interface

Re: kern/76432: [patch] [net/route.h] recursive locking in the network stack

Synopsis: [patch] [net/route.h] recursive locking in the network stack Responsible-Changed-From-To: freebsd-net->[EMAIL PROTECTED] Responsible-Changed-By: gnn Responsible-Changed-When: Wed May 11 14:42:34 GMT 2005 Responsible-Changed-Why: Taking this to try to fix it. http://www.freebsd.org/cgi/

Re: too many Gratuitous ARPs

At Wed, 16 Mar 2005 11:02:01 +0200, Danny Braniss wrote: > This is not my case, no kernel messages, I see the packets. (im mirrowing > the traffic to another host so that i can 'sniff' it). > > the host has indeed two nics, but only one is connected. > The problem - if indeed it is - only appears

Re: Implementing IP_SENDIF (like SO_BINDTODEVICE)

At Wed, 27 Oct 2004 12:52:33 -0700, Bruce M Simpson wrote: > > On Wed, Oct 27, 2004 at 12:28:22PM -0700, Julian Elischer wrote: > > >It annoys me that we have to resort to BPF to send IP datagrams on > > >unnumbered interfaces. Here is a half baked idea. Please look and > > >tell me what you think

Re: kern/44355: After deletion of an IPv6 alias, the route to the whole subnet is removed too.

Synopsis: After deletion of an IPv6 alias, the route to the whole subnet is removed too. Responsible-Changed-From-To: freebsd-net->[EMAIL PROTECTED] Responsible-Changed-By: gnn Responsible-Changed-When: Thu Oct 14 11:34:13 GMT 2004 Responsible-Changed-Why: Took responsibility for patching and te

Re: kernel arp log message

At Wed, 06 Oct 2004 20:37:16 +0700, Muhammad Reza wrote: > > hi, i have a problem in a FreeBSD server, > Kernel message show this message; > arp: [ip redhat firewall gateway] moved from [1st nic redhat firewall gateway] to > [2nd redhat firewall gateway] on > fxp0 > arp: [ip redhat firewall gate

Re: modularization

At Wed, 6 Oct 2004 18:23:17 +0200, Max Laier wrote: > Given the additional locking requirements and the additional checks, lookups > and function calls I hardly believe that it is a good idea. There might be > protocols that are easily plugged, but you can certainly do them at the > netgraph lay

Re: (KAME-snap 8809) Patch for fragment problem in key.c

So, I checked and the change in Kame is identical. Can we get this committed to our code? It's a simple, five line, removal. Thanks, George At Tue, 28 Sep 2004 10:39:09 +0900, George V. Neville-Neil wrote: > > Hi Folks, > > Robert Watson tried to send email about

Patch for fragment problem in key.c

Hi Folks, Robert Watson tried to send email about this but it never got through, and then Sam Leffler got ahold of me and told me he fixed something similar in the FAST_IPSEC code. So, the following patch fixes, in KAME IPSec. This patch was generated agai

Re: promisc coding question

At Fri, 24 Sep 2004 08:30:13 -0400, ming fu wrote: > > Hi, > > in if.h > #defineIFF_PROMISC0x100/* receive all packets */ > #defineIFF_PPROMISC0x2/* user-requested promisc mode */ > > Do I have to set both on for the promisc to work? > If I only need one of th

Re: creating default route in kernel

At Thu, 23 Sep 2004 12:12:20 +0200, Waldemar Kornewald wrote: > > Hi, > could you please tell me how I can create a default route from within > the kernel? I am a member of the Haiku (OS) networking team and > maintainer of the PPP stack and for dial-on-demand support there must be > a default

Re: IPv6 route mutex recursion (crash) and fix

At Tue, 21 Sep 2004 22:09:57 -0400, Brian Fundakowski Feldman wrote: > > I've already made noise about this before, so I'll be brief. I plan on > committing the following fix that prevents the routing code from being > recursed upon such that RTM_RESOLVE causes the embryonic new route to > be loo

Re: freeaddrinfo(NULL)

At Wed, 22 Sep 2004 07:37:20 +0900, (BJINMEI Tatuya / [EMAIL PROTECTED]@C#:H(B wrote: (B> Note also that other *BSDs and Solaris use the "segfault" logic. The (B> freeaddrinfo implementation in the "libbind" library as a part of the (B> ISC BIND package, which many UNIX-like OS vendors adopt

Re: route to host on same network

At Mon, 13 Sep 2004 19:19:31 +0200, John Hay wrote: > > Hi, > > I'm busy trying to port mobilemesh (www.mitre.org/tech_transfer/mobilemesh) > to FreeBSD and run into a problem. > > The way mobilemesh works is that you use a subnet for the wireless > network and then it use host routes to route p

Patch for NetPIPE to support IPv6

Hi, I have created a patch for NetPIPE version 3.6.2 that makes it work with IPv6. If you're unfamiliar with NetPIPE then jump to here: http://www.scl.ameslab.gov/netpipe/ In short NetPIPE is a cool tool for generating packets and stressing/testing networ

Re: [Fwd: TCP RTO]

At Wed, 08 Sep 2004 11:52:30 -0700, julian wrote: > My curiosity is if we see the tcp.cc code inside, tcp.cc ? That's not a kernel file. > there are two different version of srtt (smoothed rtt) and rttvar > (smoothed mean deviation estimator). The one is simply 'srtt' and > 'rttvar' and the oth

Re: ifconfig.c && netmask

At Wed, 08 Sep 2004 19:17:38 +0300, Artis Caune wrote: > > How come that ifconfig prints netmask in hex? > > Isn't >"inet 127.0.0.1 netmask 255.0.0.0" > more readable than >"inet 127.0.0.1 netmask 0xff00" > > why 'route get x.x.x.x' gives mask in decimal? > ;)) > > > Is it some pos

Patch to remove the old IPv6 prefix code from -CURRENT

Hi Folks, Enclosed is a patch against the recent -CURRENT tree which removes the in6_prefix code that has already been removed from the Kame tree by the Kame team. I would appreciate it if folks could try this out before we include this in our own tree. I

Re: kern/68110 (rfc 3522)

Andre Oppermann <[EMAIL PROTECTED]> said: > Jon Noack wrote: > > > > Has anyone looked at kern/68110? > > http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/68110 > The situation is a little bit complicated. I agree that having RFC3522 > is a good thing. > However there is a political problem with

Re: About tcp_fastimo() and tcp_slowtimo()

At Wed, 19 May 2004 09:59:53 +0100, kwl02r wrote: > I just follow the book "TCP/IP illustrate vol 2" to understand more > about TCP timer. In the book, tcp_fastimo() is invoked each 200 ms to do > delay ack job and tcp_slowtimo() is invoked each 500 ms to do the rest > of other tcp times. But at

Re: Bugfix for checksum offload in bge(4)

At Fri, 21 May 2004 17:58:00 +0400, Yar Tikhiy wrote: > > Hi folks, > > While sweeping network interface drivers for incorrect usage of the > capabilities framework, I noticed some bugs in bge(4). Unfortunately, > I have no such card and I don't know its internals. Therefore I > made a patch fi

Up to date web link for NetGraph?

Hi, I'm referencing Net Graph in a document and would like an up to date web page or some such to reference. I looked at Julian's page (that's what Google pointed me to) but it's out of date, as is the Daemon News article. Thanks, George __

RFC 2292 CMSG_FIRSTHDR macro...

Howdy, This should be a minor nit but, is there any reason we implement this this way: #define CMSG_FIRSTHDR(mhdr) ((struct cmsghdr *)(mhdr)->msg_control) instead of this way: #define CMSG_FIRSTHDR(mhdr) \ ( (mhdr)->msg_controllen >= sizeof(struct cmsghdr) ? \

Re: Modern TCP stats

At Tue, 27 Apr 2004 10:16:25 +0200, Heinz Knocke wrote: > > Hi! > > Thanks in advance for all the support for me you priveded. Now I'm looking > for some modern statistics on whats is going now in the global Internet > (some main backbones), specially TCP. Special subjects of interests are: > - h

Re: Opinions on "best" NIC for high-touch applications

At Wed, 21 Apr 2004 09:36:45 -0700 (PDT), Chance Whaley wrote: > I have an application where I am doing quite a bit of high-touch packet > fiddling and I am looking for opinions on which "standard" Gb NIC > has the best driver support in 5.2 or CURRENT. > > In my dream world I am looking for somet

Re: ifconfig causing fatal trap

At 26 Mar 2004 17:06:52 EST, Joshua Y. Stabiner wrote: > > I have a new thinkpad t40 with Intel PRO/1000 that I use as the em device and a > cisco wireless that I use as the an device. > > typing /sbin/ifconfig causes a kernel panic (using GENERIC) and forces a reboot. I > followed the directi

Path MTU growth in TCP?

Howdy, I was wondering if PMTU ever tries to grow the MTU of a connection after a time? I.e. if the path changes it might change away from one where the MTU was particularly small. Thanks, George ___ [EMAIL PROTECTED] mailing li

Is this a 64 bit bug?

Hi Folks, While wandering through -CURRENT last night I found that icmp_error() passes the destination address as a plain n_long. Won't this cause problems on 64 bit architectures? Shouldn't this be a sockaddr of some flavor? Thanks, George _

Another question on netisr processing.

So I did find the default setting for netisr to defer processing to swi_net but this brings up another question. Are all the locks in the network stacks of a type that could be used correctly at interrupt conext if we wished to do that? Thanks, George _

Receive packet processing.

Hi, I'm tryinbg to follow packets flowing up from an ethernet device driver (if_fxp.c in this case) and as far as I can tell they are processed completely at device interrupt level unless deferred in netisr_dispatch(). Is that correct? Thanks, George ___

Another question on locking...

Hi, Looking at the code in uipc_socket.c and udp_usrreq.c I am a bit confused as to how the locking mechanism works between the sockets and the protocols. The socket calls all occur under Giant, which the protocols do not deal with, and the protocols all lo

Fine grained locking at the socket level?

Hi, It would seem that splnet() and frieds now simply return 0, which I figure is part of making the code look like it used to. What I'm wondering is why the Giant lock is still used in the socket layer? I thought sockets had had fine grained locking appli

Zero Copy Sockets?

Hi, I'm reading over the internals of the network stack in -CURRENT and I'm wondering if the Zero Copy stuff is actually in use yet. Thanks, George ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/free

Not losing mbufs from if_fxp.c

to be done about this. Later, George -- George V. Neville-Neil [EMAIL PROTECTED] Neville-Neil Consulting www.neville-neil.com "I learn only to be contented." inscription at Ryoan-ji in Kyoto, Japan To Unsubscribe: send

Possible mbuf leak in if_fxp.c

m not sure this is happening. Can someone verify my (il)logic? Thanks, George -- George V. Neville-Neil [EMAIL PROTECTED] Neville-Neil Consulting www.neville-neil.com "I learn only to be contented." inscription at Ryoan

Re: TCP/IP Illustrated, vol 2

ils have changed. I recommend a close reading of any source you're going to use in class. cvs on a mirrored repository is your friend. Later, Geoprge -- George V. Neville-Neil [EMAIL PROTECTED] Neville-Neil Consulting www.nevi

Re: Putting all PCBs into sysctl?

n home after a 3 week jaunt. They certainly don't show up when you do sysctl -a (which is one thing I'd like). Later, George -- George V. Neville-Neil [EMAIL PROTECTED] Neville-Neil Consulting www.neville-neil.com "I l

Re: Putting all PCBs into sysctl?

1.80" sysctl: unknown oid 'net.inet.tcp.deleteconn' # when I try it. Later, George -- George V. Neville-Neil [EMAIL PROTECTED] Neville-Neil Consulting www.neville-neil.com "I learn only to be contented." ins

Putting all PCBs into sysctl?

t, or modify, long running connections, for instance on a machine under DOS attack or perhaps for debugging. Just an idea... Thanks, George -- George V. Neville-Neil [EMAIL PROTECTED] Neville-Neil Consulting www.neville-neil.co

Graphical view of netstat -rA

Hi Folks, Does anyone know of a script that converts netstat -rA output (i.e. a dump of the routing table) into something suitable for processing by dot (which makes nice graphs)? Thanks, George -- George V. Neville-Neil [EMAIL PROTECTED] Neville

Re: How can I give one route priority over the other route ?

teD etc.) that maintains a real routing database and then periodically pushing things down into the kernel. Later, George -- George V. Neville-Neil [EMAIL PROTECTED] NIC:GN82 "Those who would trade liberty for temporary security deserve neither"

Re: How can I give one route priority over the other route ?

s it quicker to switch routes during a failure. At the moment, the only way to do this in *BSD that I know if is to hack the sources and add sysctl/ioctls to address this. There is a derivative implementation that puts a list of addresses at each node but that's not the best solution.

Re: Is recv/sendmsg important for AF_INET only sockets?

are used by applications that are implemented on top of UDP and they're very useful. If I were a consumer of your product I'd be pretty disappointed if these calls were not there. Later, George -- George V. Neville-Neil [EMAIL PROTECTED] NIC:GN82

Descriptions of SEQPACKET and RDM protocols?

Hi, I'm looking for papers or documentation describing SEQPACKET or RDM protocols. I see that there is a SEQPACKET protocol under the NS domain which I could just read but a paper would be best to start with. Web searches have not turned up much that is

Re: FreeBSD TCP/IP relation to Mac OS/X?

Uhh, thanks, I think. I'll just let them dogs lie for the moment. Later, George -- George V. Neville-Neil [EMAIL PROTECTED] NIC:GN82 "Those who would trade liberty for temporary security deser

Re: FreeBSD TCP/IP relation to Mac OS/X?

> The short answer is 'no'. > Thanks, George -- George V. Neville-Neil [EMAIL PROTECTED] NIC:GN82 "Those who would trade liberty for temporary security deserve neither" - Benjamin

Re: FreeBSD TCP/IP relation to Mac OS/X?

> I can comment from the Mac OS X perspective... Thanks! And one last question: Did these changes make it back into FreeBSD? Later, George -- George V. Neville-Neil [EMAIL PROTECTED] NIC:GN82 "Those who would trade liberty for temporary security

FreeBSD TCP/IP relation to Mac OS/X?

progeny of the TCP/IP stack in Mac OS/X? Did they do a rewrite or just tweaks? Granted this may all be market speak but if it's true it would indicate some significant changes. Thanks, George -- George V. Neville-Neil [EMAIL PROTECTED] NIC:GN82 "Those

Re: funding TCP stack rewrite

> I don't think a rewrite is ever going to be much of a good idea, > a restructuring might, meaning that fixing up all the layering > and making it more flat like Van Jacobson suggested (and Linux > implemented in one of their stack of the year projects) might > gain us performance. I would disag

Re: funding TCP stack rewrite

> On Fri, 30 Nov 2001, Jonathan Lemon wrote: > > On Fri, Nov 30, 2001 at 09:01:21AM -0600, mark tinguely wrote: > > > Too bad there are not companies throwing money around to fund a good > > > rewrite...of course there is some competative advatange to do so only > > > for themselves. > > > > Anyon

Re: re-entrancy and the IP stack.

> err, where is BSDcon this year? Here ya go: Hotel Information Cathedral Hill Hotel 1101 Van Ness Avenue San Francisco, California 94109 Toll Free: 1 800 622 0855 Local Telephone: 1 415 776 8200 Reservation Fax: 1 415 441 2841 Email: [EMAIL PROTECTED] Later, George To Unsubscribe: send mail

Re: re-entrancy and the IP stack.

I won't be at LISA but would be interested in hearing what y'all come up with. BSDCon is in my home town so it's a doddle to make it there for me. Later, George To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message

Re: re-entrancy and the IP stack.

I recommend you all look at The Click Modular router http://www.pdos.lcs.mit.edu/click/ which is a step in the right direction. Of course given the current architecture it may be very hard to adapt it to this kind of model. I led/worked on a project at Wind River Systems to do a multi-instance

Re: re-entrancy and the IP stack.

Are y'all going to discuss this at BSDCon? I'm probably going there and would like to contribute if I could. Later, George To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message

Re: Questions...

> The spls have no effect any longer, we're leaving them in however > to mark places where protection is needed, when a subsystem becomes > MP safe the spls are removed. As far as glabals there are actually > very few there. OK, I'll start supping -CURRENT again. > Interesting! Or perhaps a fo

Re: Questions...

> The most signifigant changes that I can think of are: > SMP primatives > KSE > FFS Snapshots > Cardbus > Other than KSE (which I've only seen lately and so I don't know what it is) SMP should be the only thing that deeply affects the stack, at least to my currently limited knowledge. > Hopefu

Questions...

OK, several people said I should just send this to -net so here you are. I have a few questions about the direction and code base for the FreeBSD TCP/IP stack. 1) Is there a published list of "TODOs" that y'all are working on to add/modify the system? 2) How different is -CURRENT from -STABLE?

Who are the core people on net?

Hi Folks, I was going to send a more targetted email for information on the future plans on the TCP/IP stack for FreeBSD but the web site does not have a section (that I can find quickly) on just who the core team for networking is. Would those folks please send me an email? Thanks, Geo