ccounting etc.
purposes, and is not involved in forwarding.
/Jesper
--
Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456
One Unix to rule them all, One Resolver to find them,
One IP to bring them all and in the zone to bind them.
___
[EMAIL P
On Thu, Nov 13, 2003 at 12:13:14AM +0100, Andre Oppermann wrote:
> Jesper Skriver wrote:
> >
> > On Sun, Nov 09, 2003 at 05:19:07PM +0100, Andre Oppermann wrote:
> > > Hello all,
> > >
> > > this patch contains three things (to be separated fo
On Sun, Nov 09, 2003 at 05:19:07PM +0100, Andre Oppermann wrote:
> Hello all,
>
> this patch contains three things (to be separated for committing):
>
> tcp_hostcache
>
> - removes protocol cloning from routing table (IPv4+6)
> - removes rtentry pointer from inpcb and in6pcb
> - removes i
emented per packet, and have a background task/thread to update the
64 bit counters from the 32 bit counters.
That way, we avoid the locking issue per packet.
/Jesper
--
Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456
One Unix to rule them all, One Resolver to find them,
One IP to bring them
easier to help
...
/Jesper
--
Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456
Work:Network manager @ AS3292 (Tele Danmark DataNetworks)
Private: FreeBSD committer @ AS2109 (A much smaller network ;-)
One Unix to rule them all, One Resolver to find them,
One IP to bring them all and in
seeing its own broadcast packet.
It has been committed to -current, it will be in 4.5-RELEASE if
the release engineers allow it.
/Jesper
--
Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456
Work:Network manager @ AS3292 (Tele Danmark DataNetworks)
Private: FreeBSD committer @ AS210
On Thu, Nov 29, 2001 at 03:38:19PM +, Kris Kirby wrote:
>
> What's our current best recommended solution for channel-bonding ethernet
> cards? Netgraph?
http://people.freebsd.org/~wpaul/FEC/
/Jesper
--
Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456
Work:N
On Mon, Aug 27, 2001 at 04:54:31PM -0400, Mike Silbersack wrote:
>
> On Mon, 27 Aug 2001, Jesper Skriver wrote:
>
> > On Thu, Aug 23, 2001 at 06:23:31PM -0700, Scott Renfro wrote:
> > > You have a valid point that icmp_may_rst changes nmap's behavior, even
> >
ted, you get the other
> behavior (admin prohib ==> closed). Without the patch, nmap spews
> errors and would need a FreeBSD-specific change.
I pretty much doesn't care, Jonathan, Bill, Mike what do you think ?
/Jesper
--
Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456
Work:
will see a excessive latency in ping's to
that router, but you will probably see a much more normal delay to
a host behind it.
/Jesper
--
Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456
Work:Network manager @ AS3292 (Tele Danmark DataNetworks)
Private: FreeBSD committer @
On Tue, Jun 19, 2001 at 09:24:00PM -0500, Mike Silbersack wrote:
>
> On Wed, 20 Jun 2001, Jesper Skriver wrote:
>
> > I think we should leave TCP_COMPAT_42 in RELENG_4, so 4.x users
> > won't be surprised if it's suddenly gone ...
> >
> > /Jesper
>
t; later, hopefully before I leave.
>
> Ok, I'll go through and check out all the spacing issues you raised. This
> would be easier if jesper MFCs the removal of TCP_COMPAT_42, which causes
> the differences between -stable and -current. :)
I think we should leave TCP_COMPAT_42 in
e. It does not
free the route structure unless rt_refcnt is 0. We know it won't be
zero because the pcb has a ref count. As a result it appears that we
leak a route structure since it will never be freed.
/Jesper
--
Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456
Work:Network man
On Sat, May 26, 2001 at 12:38:15AM -0700, Kris Kennaway wrote:
> Actually, this patch was broken; the updated one is at:
>
> http://www.freebsd.org/~kris/randomized-ipid.diff
Looks good to me, will you commit before your vacation ?
/Jesper
--
Jesper Skriver, jesper(at)skriv
On Mon, May 28, 2001 at 02:28:51PM +0300, Iasen Kostoff wrote:
> Hi,
> I have a problem in assigning a default gateway from network that
> my computer's interfaces don't have IP from.
All routes should have a next-hop on a directly connected
interface.
/Jesper
--
Jes
On Sat, May 26, 2001 at 09:34:42PM +0200, Jesper Skriver wrote:
> Hi,
>
> I'm currently looking at ways to tune a ftp server, and when
> tuning net.inet.tcp.sendspace/net.inet.tcp.recvspace and
> NMBCLUSTERS, I came to think that in a ftp server role, half the
> TCP s
gt;
> I specifically want to see the performance of UDP in lossy channel, I
> am sure there must be some tool to measure it, I doing a kind of study
> and want to analyse TCP vs. UDP!
But when you want retransmission of UDP, you have to implement it
in the application layer, and then you&#
Foreign Address (state)
tcp4 0 16384 dhcp138.skriver..http freesbee.wheel.d.1177 ESTABLISHED
Any ideas ?
/Jesper
--
Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456
Work:Network manager @ AS3292 (Tele Danmark DataNetworks)
Private: FreeBSD committer @ AS2109 (A much
On Wed, Apr 04, 2001 at 02:49:22AM -0500, Matthew Rezny wrote:
> Does anyone have any idea what's going on, if there's any hope of fixing this, and
>what the solution would be? Thanks.
Try http://www.flugsvamp.com/~jlemon/fbsd/drivers/Intel_Gigabit/
/Jesper
--
Jesper Sk
On Tue, Mar 27, 2001 at 11:22:38AM -0600, Bill Fenner wrote:
>
> I prefer Jesper's other patch (the one that goes back to
> code = PRC_UNREACH_PORT). Note that the comment here:
Just committed, with jkh's permission I'll MFC it.
/Jesper
--
Jesper Skriver, jesper(at
On Tue, Mar 27, 2001 at 10:19:22AM -0600, Jonathan Lemon wrote:
> On Tue, Mar 27, 2001 at 01:12:47PM +0200, Jesper Skriver wrote:
> > On Tue, Mar 27, 2001 at 12:45:31PM +0200, Jeroen Ruigrok/Asmodai wrote:
> > > [making sure Jesper and Jonathan see this]
> > >
>
ply fix date(1).
>
> FWIW I think the correct thing would be to return ECONNREFUSED.
>
> Looking at intro(2) it would seem that ECONNREFUSED fits the shoe since
> the connection is actively refused.
So do I, I'll have a look at the code tonight ...
/Jesper
--
Jesper Skriver, jesper(
on src/dst ip addresses
+* and TCP port numbers.
+*/
+ if ((tcp_seq_check == 1) && (tcp_seq_vs_sess(inp, tcp_sequence) == 0))
+ goto out;
+ if (notify)
+ (*notify)(inp, errno);
+out:
splx(s);
}
/Jesper
--
Jesper Skriver,
} else
in_pcbnotifyall(&tcb, sa, cmd, notify);
}
/Jesper
--
Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456
Work:Network manager @ AS3292 (Tele Danmark DataNetworks)
Private: FreeBSD committer @ AS2109 (A much smaller network ;-)
One Unix to rule them all
On Sun, Feb 25, 2001 at 09:23:55AM -0600, Jonathan Lemon wrote:
> On Sat, Feb 24, 2001 at 11:56:18PM +0100, Jesper Skriver wrote:
> > jesper@tam% time telnet 195.41.23.1
> > Trying 195.41.23.1...
> > telnet: connect to address 195.41.23.1: No route to host
> > telnet:
On Fri, Feb 23, 2001 at 05:20:13AM +0100, Jesper Skriver wrote:
> On Fri, Feb 23, 2001 at 04:34:05AM +0100, Jesper Skriver wrote:
> > On Thu, Feb 22, 2001 at 09:20:44PM -0600, Jonathan Lemon wrote:
> > > On Fri, Feb 23, 2001 at 03:49:52AM +0100, Jesper Skriver wrote:
> &
On Fri, Feb 23, 2001 at 04:34:05AM +0100, Jesper Skriver wrote:
> On Thu, Feb 22, 2001 at 09:20:44PM -0600, Jonathan Lemon wrote:
> > On Fri, Feb 23, 2001 at 03:49:52AM +0100, Jesper Skriver wrote:
> > >
> > > I still think we should react to the following as a minim
On Thu, Feb 22, 2001 at 09:20:44PM -0600, Jonathan Lemon wrote:
> On Fri, Feb 23, 2001 at 03:49:52AM +0100, Jesper Skriver wrote:
> >
> > I still think we should react to the following as a minimum
> > - type 3 code 0 net unreachable
> > - type 3 code 1 hos
if (cmd == PRC_QUENCH)
> notify = tcp_quench;
> - else if ((icmp_unreach_like_rst == 1) && ((cmd == PRC_UNREACH_HOST) ||
> - (cmd == PRC_UNREACH_ADMIN_PROHIB)) && (ip) &&
> - ((IP_VHL_HL(ip->
On Mon, Jan 08, 2001 at 11:02:17PM -0800, Don Lewis wrote:
> [ cc: trimmed ]
>
> On Dec 31, 9:07pm, Jesper Skriver wrote:
> } Subject: Re: what to do now ? Was: cvs commit: src/sys/netinet ip_icmp.c
> } On Wed, Dec 20, 2000 at 03:51:18PM +0100, Jesper Skriver wrote:
> } >
On Wed, Dec 20, 2000 at 03:51:18PM +0100, Jesper Skriver wrote:
> On Wed, Dec 20, 2000 at 02:46:21AM -0800, Don Lewis wrote:
>
> > } @@ -714,6 +715,15 @@
> > } (lport && inp->inp_lport != lport) ||
> > } (laddr.s_addr &
On Sat, Dec 23, 2000 at 12:24:44PM +, Tony Finch wrote:
> Jesper Skriver <[EMAIL PROTECTED]> wrote:
> >
> >- If the sysctl net.inet.tcp.icmp_admin_prohib_like_rst == 1 (default)
> > it enables the below.
>
> I think those are the wrong semantics: ICMP adm
On Thu, Dec 21, 2000 at 03:36:52PM -0800, Don Lewis wrote:
> On Dec 20, 3:51pm, Jesper Skriver wrote:
> } > We should also bail out if the sequence check fails,
> } > since it isn't possible for there to be another connection with the same
> } > src/srcport/dst/dstpor
On Wed, Dec 20, 2000 at 03:51:18PM +0100, Jesper Skriver wrote:
> On Wed, Dec 20, 2000 at 02:46:21AM -0800, Don Lewis wrote:
> > } + /*
> > } + * If tcp_sequence is set, then skip sessions where
> > } + * the sequence number is not on
ld also bail out if the sequence check fails,
> since it isn't possible for there to be another connection with the same
> src/srcport/dst/dstport, so there is no sense in continuing the search.
That is was we do right ?
First we check if src/dst ip address and port numbers match, if no
On Tue, Dec 19, 2000 at 05:24:46PM -0800, Don Lewis wrote:
> On Dec 19, 7:19pm, Jesper Skriver wrote:
> } Subject: Re: what to do now ? Was: cvs commit: src/sys/netinet ip_icmp.c
> }
> } I'll submit a new later tonight, as I havn't heard anything, I'll make a
>
On Mon, Dec 18, 2000 at 06:26:00PM +0100, Jesper Skriver wrote:
> Hi,
>
> I'm trying to find out what to to now regarding this.
>
> To summarize.
>
> PHK committed my original patch, this patch have the following
> functionality
> - When a ICMP administrative
tp->snd_una) ||
SEQ_GT(tcp_sequence, tp->snd_max)) {
As the sequence number will be == tp->snd_una when the window is zero.
I'll submit a new later tonight, as I havn't heard anything, I'll make a
sysctl control if it should have effect on all sessions, or only
not be affected in
any way by this code.
/Jesper
--
Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456
Work:Network manager @ AS3292 (Tele Danmark DataNetworks)
Private: Geek@ AS2109 (A much smaller network ;-)
One Unix to rule them all, One Resolver to find them,
One IP to
On Mon, Dec 18, 2000 at 01:20:51PM -0600, Mike Silbersack wrote:
>
> On Mon, 18 Dec 2000, Jesper Skriver wrote:
>
> > - Check for SYN-SENT state removed
>
> I was thinking about this point, and I think there are two compelling
> reasons to keep it enabled onl
(tp->snd_max < tp->snd_una) || (tcp_sequence < tp->snd_una) || \
(tp->snd_max < tcp_sequence)) {
/Jesper
--
Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456
Work:Network manager @ AS3292 (Tele Danmark DataNetworks)
Private: Geek@ AS2109 (A much s
On Sun, Dec 17, 2000 at 08:04:25PM +0100, Jesper Skriver wrote:
> The only thing I can see, we can do to improve the security of this,
> would be to match agaist the TCP sequence number too, I have a patch for
> this too, but I need to test it, will be back.
Attached is a diff which
risk for a DoS.
But it's a trivial fix to remove that check, what do you say Kris ? If
we match against
- ip source and destination addresses
- tcp source and destination ports
- tcp sequence number
Can we make it zap the sessions regardless of the current state ?
And perhaps enable it
43 matches
Mail list logo
