Make fstat(1) show socket endpoints information

2019-10-04 Thread Jeremie Le Hen
s, so I renamed the flag "-s". I created a Phabricator entry for the new patch: https://reviews.freebsd.org/D21880 This contains a sample output for local/internet sockets. Let me know what you think. Cheers, [1] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=116643 -- Jeremi

Description change proposal for the no_prefer_iface flag

2014-07-10 Thread Jeremie Le Hen
, configurable with +.Xr ip6addrctl 8 . .It Cm -no_prefer_iface Clear a flag .Cm no_prefer_iface . -- Jeremie Le Hen Scientists say the world is made up of Protons, Neutrons and Electrons. They forgot to mention Morons. ___ freebsd-net@freebsd.org

Re: if_vr(4) and DFE520-TX

2013-01-14 Thread Jeremie Le Hen
ust did a wild try, can you check if it works? http://people.freebsd.org/~jlh/dlink_dfe520.diff -- Jeremie Le Hen Scientists say the world is made up of Protons, Neutrons and Electrons. They forgot to mention Morons. ___ freebsd-net@freebsd.org mailing list

Re: if_ipsec

2012-06-14 Thread Jeremie Le Hen
Eugene On Thu, Jun 14, 2012 at 01:12:01PM +0600, Eugene M. Zheganin wrote: > Hi, > > On 09.06.2012 23:07, Jeremie Le Hen wrote: > > What it usually done for convenience is to create a gif(4) or gre(4) > > tunnel to another network, which is then encrypted using IPSec &g

Re: if_ipsec

2012-06-09 Thread Jeremie Le Hen
port mode. The inner IP/GRE header is considered as the payload and it is encrypted. The benefit of this approach is that you "see" your tunnel, it looks more natural from a system point of view. I haven't used IPSec in tunnel mode

Re: bin/116643: [patch] [request] fstat(1): add INET/INET6 socket details as in NetBSD and OpenBSD

2010-05-05 Thread Jeremie Le Hen
ed or not. Regards, -- Jeremie Le Hen Humans are born free and equal. But some are more equal than others. Coluche Index: fstat.1 === RCS file: /mnt/repos/freebsd-cvsroot/src/usr.bin/

Re: bin/116643: [patch] [request] fstat(1): add INET/INET6 socket details as in NetBSD and OpenBSD

2010-05-05 Thread Jeremie Le Hen
The following reply was made to PR bin/116643; it has been noted by GNATS. From: Jeremie Le Hen To: bug-follo...@freebsd.org Cc: b...@freebsd.org, freebsd-net@FreeBSD.org, jere...@le-hen.org Subject: Re: bin/116643: [patch] [request] fstat(1): add INET/INET6 socket details as in NetBSD and

Re: Multiple routing tables (was: IPv6 in Jail)

2008-02-29 Thread Jeremie Le Hen
ges anyway. I don't mean to hurry you, it's just for the sake of my curiosity :). Thanks. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.fre

Re: Two interfaces sharing the same IP address: how to change default route's interface on link change?

2008-02-21 Thread Jeremie Le Hen
Hi, On Wed, Feb 20, 2008 at 01:18:03AM +, Bruce M. Simpson wrote: > Jeremie Le Hen wrote: > > In summary, favor wired connectivity over the wireless one, at any time: > > could this be at boot time or not. > > > > I'm pretty sure I'm not the only one who

Two interfaces sharing the same IP address: how to change default route's interface on link change?

2008-02-19 Thread Jeremie Le Hen
'm not the only one who wants this kind of setup. So how did you achieve this setup? Thank you. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.f

Re: Routing SMP benefit

2008-01-04 Thread Jeremie Le Hen
are doing and to show that FreeBSD is far behind and is losing > it's lustre on continuing to be the networking platform of choice. A very good paper worth reading about all this by Paul Willmann, Scott Rixner and Alan Cox: An Evaluation of Network Stack Parallelism Strategies in Modern Opera

Re: UDP catchall

2007-10-31 Thread Jeremie Le Hen
Matus, On Wed, Oct 31, 2007 at 02:21:04AM +0100, Matus Harvan wrote: > On Tue, Oct 30, 2007 at 09:04:11PM +0100, Jeremie Le Hen wrote: > > I can think of a possible implementation of mtund(8) without kernel > > patching. The next pf(4) import from OpenBSD will likely allow to

Re: UDP catchall

2007-10-30 Thread Jeremie Le Hen
fect TCP slow start or have some other minor drawbacks. But hey, we're talking about bypassing firewall :-)... My 2 cents. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Firewalling NFS

2007-06-16 Thread Jeremie Le Hen
Hi Alfred, On Fri, Jun 15, 2007 at 10:40:05PM -0700, Alfred Perlstein wrote: > * Jeremie Le Hen <[EMAIL PROTECTED]> [070615 01:07] wrote: > > Hi, > > > > It appears nearly impossible to firewall a NFS server on FreeBSD. > > I would be nearly impossible if one d

Firewalling NFS

2007-06-15 Thread Jeremie Le Hen
other than "no one has needed this yet" why this option is not available for nfsd(8), rpc.lockd(8) and rpc.statd(8)? Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@fr

Re: A radical restructuring of IPsec...

2007-04-07 Thread Jeremie Le Hen
tion). Do you have any idea what those features will become in later days ? Thank you. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Merging rc.d/network_ipv6 into rc.d/netif

2007-04-03 Thread Jeremie Le Hen
function: old2new_knobs() This is neat. What about issuing a warning in order to make a quicker transition ? Again, thank you for working on this. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ fr

TCP connection stalls on LAN

2007-02-24 Thread Jeremie Le Hen
network adapter to narrow the possible sources of the problem. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > 09:14:57.593729 IP (tos 0x0, ttl 64, id 27791, offset 0, flags [DF], proto: TCP (6), length: 64) 192.168.1.3.56556 > 192.168.1.1.8

Firewalling DNS jails

2007-02-17 Thread Jeremie Le Hen
know as well. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: iwi leaks memory?

2007-02-16 Thread Jeremie Le Hen
gh UP/DOWN cycles to trigger it, but it might be worth trying it. Note that he has insisted that this is a *hack*. The patch is attached. Please let us know if it makes things better. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > Index: if_iwi.c =

Re: [fbsd] Re: jail addresses and default bindings

2006-12-27 Thread Jeremie Le Hen
ou would want to do that if you control it > from the "host" system anyway... Additionally, ipfw(8) has the "jail" keyword, though it is easier to work with IP addresses since jail ids are bumped whenever you restart a jail. Regards, -- Jeremi

Re: Automatic TCP send and receive socket buffer sizing

2006-12-20 Thread Jeremie Le Hen
e by default). This would mean it is eight time easier to exhaust kernel memory. In this case, how one could prevent his box from being a potential victim of this ? Thank you. Best regards -- Jeremie Le Hen < jeremie at le-hen dot org >< t

Re: Virtual Network Interfaces

2006-11-02 Thread &#x27;Jeremie Le Hen'
e this so far. I've Cc'ed Andrew Thompson which has imported if_bridge(4) from OpenBSD into FreeBSD. He will likely be able to answer your question and tell whether it is possible to bridge two VLAN interfaces (attached to a physical interface) with another physical interface. Regards, -

Re: Virtual Network Interfaces

2006-10-23 Thread Jeremie Le Hen
Raymond, On Sun, Oct 22, 2006 at 06:01:03PM +0200, Jeremie Le Hen wrote: > On Mon, Oct 16, 2006 at 02:12:47AM -0400, Raymond Wagner wrote: > > My ISP provides me up to 5 dynamically assigned addresses out of a /20 > > block. I have more than 5 machines on my network, so I hav

Re: [fbsd] Virtual Network Interfaces

2006-10-22 Thread Jeremie Le Hen
mations. (See http://ebtables.sourceforge.net/ebtables-man.html) Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: [fbsd] Re: possible patch for implementing split DNS

2006-08-29 Thread Jeremie Le Hen
debugging purposes and MUST NEVER be used in production. % */ % path = getenv("NSSWITCH_CONF"); % if (path == NULL) % #endif % path = _PATH_NS_CONF; We should remove this #if clause because of your argument. I'm not sure it is worth documenting it however. Reg

Re: [fbsd] Re: possible patch for implementing split DNS

2006-08-29 Thread Jeremie Le Hen
% #if defined(_NSS_DEBUG) && defined(_NSS_SHOOT_FOOT) % /* NOTE WELL: THIS IS A SECURITY HOLE. This must only be built % * for debugging purposes and MUST NEVER be used in production. % */ % path = getenv("NSSWITCH_CONF"); % if (path == NULL) % #en

Re: [fbsd] possible patch for implementing split DNS

2006-08-28 Thread Jeremie Le Hen
a packet filter might suffice... Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: [fbsd] Re: Routing IPSEC packets?

2006-08-21 Thread Jeremie Le Hen
Anndrew, On Mon, Aug 21, 2006 at 08:45:54PM +0400, Andrew Pantyukhin wrote: > On 8/21/06, Jeremie Le Hen <[EMAIL PROTECTED]> wrote: > >As is has indeed already been stated in this thread, IPSec tunnel mode > >shunts the routing table. However the new enc(4) interface that A

Re: [fbsd] Re: Routing IPSEC packets?

2006-08-21 Thread Jeremie Le Hen
h if_bridge(4). I Cc'ed him for clarification. I hope this mail will serve future generations :-). Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://li

Re: [fbsd] [patch] ipfw packet tagging

2006-06-21 Thread Jeremie Le Hen
provided it so far [1]. [1] http://lists.freebsd.org/pipermail/freebsd-net/2006-May/010563.html Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: [fbsd] Re: [fbsd] Network performance in a dual CPU system

2006-04-27 Thread Jeremie Le Hen
Hi, Robert, On Thu, Apr 27, 2006 at 02:54:21PM +0100, Robert Watson wrote: > > On Thu, 27 Apr 2006, Jeremie Le Hen wrote: > > >> PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND > >> 60 root 1 -44 -163 0K 8K WAIT 355.6H 72.

Re: [fbsd] Network performance in a dual CPU system

2006-04-27 Thread Jeremie Le Hen
his very interesting thread. What solution did you finally employ to circumvent your high interrupt load ? Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: [fbsd] Problem with PMTU Discovery / DF / IPSEC / GIF Tunnels (FreeBSD 6.0 patch)

2006-01-09 Thread Jeremie Le Hen
but since we can't patch Windows, this patch helps > alleviate the problem from the other side. Thank you for fixing this ! I have been puzzled for month with this. I hope to see it commited soon. Best regards. -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile

Re: [fbsd] Re: [fbsd] Re: IPSEC documentation

2006-01-09 Thread Jeremie Le Hen
but racoon/ipsec-tools isn't aware > of it. The ideal would be to have the possibility of dynamically > creating tun(4) devices representing the tunnel endpoints, if required, > when phase2 has been established. Best regards, -- Jeremie Le Hen < jeremie at le-

Re: [fbsd] Re: IPSEC documentation

2006-01-09 Thread Jeremie Le Hen
you can know from which tunnel the packet came from when you have multiple tunnels. As Brian pointed out, FreeBSD indeed lacks the enc(4) interface which lives in OpenBSD. enc(4) is a kind of hook into the tunnel mode providing a natural interface to it. Best regards, -- Jeremie Le Hen < jeremi

Re: Alpine4Linux

2005-11-23 Thread Jeremie Le Hen
e.net/~neelnatu/alpine4linux/. Unfortunately, it doesn't seem to exist any more. Please, if you find something more useful, follow it up to this thread, it could be interesting for other users. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org &g

Re: TCP inflight (was: Re: Poor Samba throughput on 6.0 (fwd))

2005-11-17 Thread Jeremie Le Hen
has taken care of this yet. Best regards, http://lists.freebsd.org/pipermail/freebsd-performance/2005-November/001654.html -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://l

Re: arp-proxy

2005-11-17 Thread Jeremie Le Hen
seems to have useful and concrete applications for providers. Best regards, [1] http://www.sjdjweis.com/linux/proxyarp/ -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: diagram of 4.10 layer 2 spaghetti

2005-10-31 Thread Jeremie Le Hen
t; http://people.freebsd.org/~julian/layer2c.pdf > > but it's probably not of general interest. Many thanks, this is _very_ instructive. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > _

Re: IPSec session stalls

2005-10-25 Thread Jeremie Le Hen
use pf. It is described here : http://lists.freebsd.org/pipermail/freebsd-net/2005-July/007899.html Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd

Re: IPFW+DUMMYNET UPLOAD PROBLEM

2005-10-06 Thread Jeremie Le Hen
bw 128Kbit/s queue 10KBytes > > And my test speed from ip 192.168.0.5 is: > Down 123.66kbps > Up 766.24kbps What's the output of % ipfw show 600 601 Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > __

Re: dummynet, em driver, device polling issues :-((

2005-10-04 Thread Jeremie Le Hen
will check the NIC state upon each soft clock interrupt (HZ) and fetch them into the memory if any. If too much packets were received during a period, then the overflow of packets will be discarded, incrementing the "Receive No Buffers" error count. I think you can

Re: UDP dont fragment bit

2005-09-22 Thread Jeremie Le Hen
e use. In other words, I think the feature you're calling for is really specific to your problem, regarding your current network environnement. The misbehaviour of some particular network-fascist ISP should not reach the FreeBSD source tree. Best regards, -- J

Re: Efficient use of Dummynet pipes in IPFW

2005-09-20 Thread Jeremie Le Hen
ated" rule is obviously : /(a.b.c) With your ruleset may be summed up as : /a+/b+/c Which is the same as the "negated" rule in regard to De Morgan's theorem. Do you agree with this ? Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ARP behavior in FreeBSD vs Linux

2005-09-19 Thread Jeremie Le Hen
t; > the 'wrong' interface will gladly be accepted, too. This broke things > > > for me, because I didn't want to have that certain IP-address accessible. This behaviour can be controlled with : /proc/sys/net/ipv4/conf//rp_filter These sysctl are explaine

Re: Efficient use of Dummynet pipes in IPFW

2005-09-19 Thread Jeremie Le Hen
but scared about adding such options because there would be no reason then to not add other syntactic facilities, which would end up messing the whole syntax. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > _

Re: Summer of Code 2005: Improve Libalias

2005-09-07 Thread Jeremie Le Hen
Hi Mike, > And what is the point of all of this when we have OpenBSD's PF? ipfw and > libalias is dead. In addition to what others said, you should look at the following, this may be an answer : http://lists.freebsd.org/pipermail/freebsd-ipfw/2005-July/001934.html Regards, -- Jer

Re: Aggregate network interfaces

2005-08-26 Thread Jeremie Le Hen
s Etherchannel. For the sake of completeness, I would add that OpenBSD has the trunk(4) interface which allows to bond multiple network interfaces with configurable trunk protocols. http://www.openbsd.org/cgi-bin/man.cgi?query=trunk&sektion=4&arch=i386&apropos=0&manpath=OpenBSD+Cur

Re: Stranges with ARP

2005-08-12 Thread Jeremie Le Hen
lticast bit of 802.11? No, its the LSB of the first octet. > So your outgoing pings are actually multicasts. Good catch ! :-) [1] http://lists.freebsd.org/pipermail/freebsd-ipfw/2005-July/001934.html Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >

Re: Why Ierrs is so high?

2005-08-10 Thread Jeremie Le Hen
being used for ? If you're still having error after switching interfaces, maybe it's time to check your cable. Finally, what are you running ? [ ] RELENG_4 [ ] RELENG_5 [ ] RELENG_6 [ ] CURRENT Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org

Re: Stack virtualization (was: running out of mbufs?)

2005-08-10 Thread Jeremie Le Hen
played with this), but I'm a little bit scared about the administrative overhead this would introduce for managing jails. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing lis

Re: Stack virtualization (was: running out of mbufs?)

2005-08-09 Thread Jeremie Le Hen
SD to be able to do this. > It's hard to describe this textually to its full extent. That's why > my upcoming paper will have mostly graphics depicting the packet flow > and the processing options. I'm in haste to read your paper. [1] http://www.manpage.org/cgi-bin/man/man2

Re: running out of mbufs?

2005-08-08 Thread Jeremie Le Hen
The interface(s) the default route(s) point to are mem- bers of the egress interface group. %%% This article [1] explains better what interface groups are, see the "Interface group" section (according to w3m: line 182/422 (43%)) [1] http://ker

Re: running out of mbufs?

2005-08-08 Thread Jeremie Le Hen
F but is far less intrusive > to the kernel. By "interface groups", do you mean the same ones as OpenBSD ? Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mai

Re: How-to use CARP?

2005-08-04 Thread Jeremie Le Hen
I get the following error: > > # ifconfig carp0 create > ifconfig: SIOCIFCREATE: Invalid argument > # Add "device carp" to you kernel configuration file and recompile. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >

Re: AltQ + ng_iface

2005-07-29 Thread Jeremie Le Hen
tcp from any 22 to any iptos lowdelay DNS requests: udp from any to any 53 Small PONG: icmp from any to any icmptype 8 iplen 1-200 HTTP(S), FTP: tcp from any to any 21,80,443 Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile d

Re: ipfw+dummynet only getting half bandwidth when using routed interfaces.

2005-07-21 Thread Jeremie Le Hen
Hi Philip, > Yepps. And adding bridged does not help either. > I'm beginning to belive that I am the problem since there must be other > people doing this. did you resolve your problem ? If yes, what was the solution ? Regards, -- Jeremie Le Hen < jeremie at le-hen dot org

Re: Problem with Path MTU Discovery

2005-07-19 Thread Jeremie Le Hen
1500 xl0 192.168.4.54/32link#1 UC 00 1500 xl0 192.168.4.80 00:60:08:60:fe:10 UHLW024577 1500 lo0 => 192.168.4.80/32link#1 UC 00 1500 xl0 %%% Thank you. Regards, -- Jeremie Le H

Problem with Path MTU Discovery

2005-07-13 Thread Jeremie Le Hen
also tried to connect to Comp3, but the behaviour is the same. Thus my guess is that Gate2 (RELENG_5) is sending bad ICMP need-to-frag packets, while Gate1 (RELENG_4) is sending good ones, because all Comp* are RELENG_5, and don't behavie in the same way. Does anyone have an idea why Path MT

Re: ipfw+dummynet only getting half bandwidth when using routed interfaces.

2005-07-11 Thread Jeremie Le Hen
ecv and xmit without success.. Did you try something like this (assuming 192.168.1.1 is on xl0 side, fxp0 is the other interface) : ipfw add pipe 1 any from 192.168.1.1 to any bridged out recv xl0 xmit fxp0 ipfw add pipe 2 any from any to 192.168.1.1 bridged out recv fxp0 xmit xl0 Regards, -- Je

Re: ntop binary for 5.x in existence ? (the real ntop, not the kitchen sink one...)

2005-07-08 Thread Jeremie Le Hen
t ? If so, it would be worth if you could submit a port of the older release of ntop. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailm

Re: Julian's netowrking challenge 2005

2005-06-29 Thread Jeremie Le Hen
| > packet data <---/ > ... > [end of mbuf] I think I understand what you are proposing here, but what do you have in mind that would require such a system ? If there is no really good reason, I think it is wise to keep it sim

Re: Julian's netowrking challenge 2005

2005-06-28 Thread Jeremie Le Hen
sure this would make Netgraph > >people react a bit ;-). > > why? > I think they are orthogonal. I was just kidding, because new features sometimes trigger a netgraph praise saying it is already possible with this framework. But this worthless. -- Jeremie Le Hen < jere

Re: Julian's netowrking challenge 2005

2005-06-28 Thread Jeremie Le Hen
'm pretty sure this would make Netgraph people react a bit ;-). > pf does something along these lines in case you are looking for references. Would it be possible to share this tag among pf and ipfw ? Regards, -- Jeremie Le Hen < jeremie at

Re: Julian's netowrking challenge 2005

2005-06-28 Thread Jeremie Le Hen
ck of multiple routing tables support, lack of source routing (as well as higher level protocol based routing). Are there actually some projects that are being worked on to overcome this ? -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: www user than root

2005-06-23 Thread Jeremie Le Hen
> Yes it might be a good idea, but again, it depends on your security > requirements : any user is able to bind port 8000, so if you have > other users on the system, this may not be something to avoid. s/not// -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz

Re: www user than root

2005-06-23 Thread Jeremie Le Hen
n your security requirements : any user is able to bind port 8000, so if you have other users on the system, this may not be something to avoid. But FWIW, this would totally remove the need to make a privileged part in your application. Regards, -- Jeremie Le Hen < jeremie a

Re: www user than root

2005-06-23 Thread Jeremie Le Hen
t lately and you want security. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)

2005-06-22 Thread Jeremie Le Hen
ust for information, does this principle requires FreeBSD to keep existing option forever, or are there some scarce situations where some superfluous options could be deleted ? Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > _

Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)

2005-06-22 Thread Jeremie Le Hen
t for a "pipe" action. However, the main problem with this approach is that it breaks POLA. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.

Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)

2005-06-22 Thread Jeremie Le Hen
, [1] http://www.tel.fer.hr/zec/vimage/ -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Advice needed on running idiotic test for client

2005-06-15 Thread Jeremie Le Hen
topics please, I'm very interested in them. Thanks. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net T

Re: Problems with gif tunnels

2005-06-09 Thread Jeremie Le Hen
archives. Regards, [1] http://hashbang.org.uk/index.php/GIF_to_IPIP_Tunnels -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Problems with gif tunnels

2005-06-08 Thread Jeremie Le Hen
ore longer, depending on the value of the five first bits of the GRE header. Enjoy your tunnel ;-). [1] http://www.networksorcery.com/enp/protocol/gre.htm -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-

Re: Problems with gif tunnels

2005-06-08 Thread Jeremie Le Hen
Read above. Usually gre(4) tunnels are used as simple IP-over-IP tunnel, so a gif(4) would do the same with less overload (due to GRE header size). GRE seems far more powerful, but I don't know its benefits. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile d

Re: Problems with gif tunnels

2005-06-08 Thread Jeremie Le Hen
- encapsulated packet comes in from 203.16.215.227 with data from IP > 192.83.231.16 for 192.109.197.145. It should go out xl0. > - It doesn't. No further indication of why not. I saw your commit on gif(4) manual page precising that gif(4) does not do GRE tunnels. Does it represent a solu

Re: Problems with gif tunnels

2005-06-07 Thread Jeremie Le Hen
e. I've tried > > different systems, one and two NICs, 4.x and 5.x, all with the same > > (non)result. What am I missing? It would be worth knowing if the ICMP packet goes out from your ``internal'' interface (xl0). In this case, you should also see the ICMP echo-

Re: iwi driver: Probes but no association (FreeBSD5.4).

2005-05-24 Thread Jeremie Le Hen
ostly impossible as the iwi(4) should be using the new Sam Leffler's net80211 framework which is not going to be MFC'd to RELENG_5. I believe you should definitely try -CURRENT. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >

Re: ICMP need to frag

2005-05-23 Thread Jeremie Le Hen
does SSH use IPSec AH ?" ? I've never heard of such a thing. I think the code you pasted refers to IPSec transport mode, but I'm afraid that it's not related to my problem of Path MTU Discovery not working. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz a

Re: iwi driver: Probes but no association (FreeBSD5.4).

2005-05-23 Thread Jeremie Le Hen
5.4-STABLE #10: Fri Apr 29 10:39:24 As far as I can tell, this driver is not longer updated, the developpement is done in BSD source trees (look at the file modification date). Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___

Re: ICMP need to frag

2005-05-22 Thread Jeremie Le Hen
from the Ethernet network card on the RELENG_4 router. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

ICMP need to frag

2005-05-22 Thread Jeremie Le Hen
ke the ssh session with ~. . Advices are welcome :-). Thanks. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > 21:36:32.956062 192.168.4.205.49583 > 192.168.1.222.2: S [tcp sum ok] 894016321:894016321(0) win 65535 (DF) (ttl 62, id 20835

iwi(4) not working

2005-05-20 Thread Jeremie Le Hen
and why I can't get the associated status. Note that the shown MAC address is the correct one, thus the card seems to receive some beacon frames, it's not a ``link'' error. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > _

Re: Can't export /usr/ports

2005-05-17 Thread Jeremie Le Hen
it is not possible to export two directories from the same filesystem with different options or credentials ? I didn't see anything like this in the manpage. What did I miss ? Regards, -- Jeremie Le Hen < jeremie at le-hen dot org ><

Re: Can't export /usr/ports

2005-05-17 Thread Jeremie Le Hen
> my current exports(5) file looks something like this : > I copied the last line and replaced the path with /usr/ports, when I try to > reload mountd(8), I get an error in /var/log/messages : This is a draft, and shouldn't appear in the previous mail. -- Jeremie Le Hen < jere

Can't export /usr/ports

2005-05-17 Thread Jeremie Le Hen
ed mountd(8) sources, and this error messages appears when the mount(2) syscall fails (I assume this is the way mountd(8) informs the kernel about a directory to be exported). I'm sure this is a foolish error from me, but I can't figure one. Thanks. Regards, -- Jeremie Le Hen < jerem

Re: SIOCGIFMEDIA problems

2005-05-16 Thread Jeremie Le Hen
jor drawback in your situation (portable software) is that kqueue(2) only exists in BSD world, not in Linux. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org ma

Dummynet/ipnat interaction breakage

2005-05-13 Thread Jeremie Le Hen
On Wed, Feb 02, 2005 at 12:05:11PM +0100, Jeremie Le Hen wrote: > > Take a look at PRs 61685 and 76539. Hope that helps. > > Well, I was aware of the first one (I'm doing shaping on my internal > interface as a workaround), but not the second one. The second one > is

Re: [PATCH] Re: tap interface and locally generated packets

2005-05-10 Thread Jeremie Le Hen
. Unfortunately this patch seems to be based on rev 1.21 of NetBSD's if_bridge.c, this is a little bit old. Best regards, [1] http://mu.org/~mux/patches/pf.patch [2] http://lists.freebsd.org/pipermail/freebsd-current/2004-April/025886.html -- Jeremie Le Hen <

Re: Changing packets ttl's

2005-04-29 Thread Jeremie Le Hen
ch for one of the firewall avaiable in FreeBSD. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: generic network protocols parser ?

2005-03-04 Thread Jeremie Le Hen
help for. A manually parse will be needed, although he succeeds in re-using the Ethereal plug'in, but I don't know if it is feasible. Regards, -- Jeremie Le Hen jeremie at le-hen dot org ___ freebsd-net@freebsd.org mailing list http://lists.freeb

Re: altq for vlans?

2005-02-14 Thread Jeremie Le Hen
ing overhead for each packet especially using gigabit Ethernet. Regards, -- Jeremie Le Hen jeremie at le-hen dot org ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: dummynet and vr(4)/egress broken in 4.11 ?

2005-02-02 Thread Jeremie Le Hen
hink there must be some as they would have been merged if this was not the case. Are there any change to have this fixed in RELENG_4 ? I know that no more releases are scheduled in this branch, but there is no obvious reason to let a bug live there IMHO. -- Jeremie Le He

Re: DUMMYNET broken on 4.11 (was: dummynet and vr(4)/egress broken in 4.11 ?)

2005-01-31 Thread Jeremie Le Hen
On Tue, Feb 01, 2005 at 02:05:12AM +0100, Jeremie Le Hen wrote: > On Tue, Feb 01, 2005 at 01:20:34AM +0100, Jeremie Le Hen wrote: > > > I'll give a try to a 4.10 kernel ASAP. > > > > I compiled the lastest kernel from RELENG_4_10 CVS branch and DUMMYNET > > pipe

DUMMYNET broken on 4.11 (was: dummynet and vr(4)/egress broken in 4.11 ?)

2005-01-31 Thread Jeremie Le Hen
On Tue, Feb 01, 2005 at 01:20:34AM +0100, Jeremie Le Hen wrote: > > I'll give a try to a 4.10 kernel ASAP. > > I compiled the lastest kernel from RELENG_4_10 CVS branch and DUMMYNET > pipes works well. I am able to use one pipe on my external interface > egress witho

Re: dummynet and vr(4)/egress broken in 4.11 ?

2005-01-31 Thread Jeremie Le Hen
h to test the same configuration but I'm pretty sure it won't work. Any ideas of what could break this ? -- Jeremie Le Hen [EMAIL PROTECTED] ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubs

Re: dummynet and vr(4)/egress broken in 4.11 ?

2005-01-30 Thread Jeremie Le Hen
ot involved in DUMMYNET, as they are in ALTQ for example). I can still use pipes on interface ingress, internal interface egress, but it fails when I use a pipe on egress on my external interface _for packet being forwarded and NATed only_. Weirdly I am still able to use a TCP stream from the ro

dummynet and vr(4)/egress broken in 4.11 ?

2005-01-28 Thread Jeremie Le Hen
1.26.2.14) is the culprit. Best regards, -- Jeremie Le Hen [EMAIL PROTECTED] ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: em(4) VLAN + PROMISC followup question

2005-01-26 Thread Jeremie Le Hen
ything? I think it has just been commited in -CURRENT. See revs 1.58, 1.59 and 1.60. In fact this is a small workaround until there is a working solution proposed, if I understood correctly. Regards, -- Jeremie Le Hen [EMAIL PROTECTED] ___ freebsd-net@f

  1   2   >