doesn't work since the tunnel interface needs to see the interface
with the IP to route it to, and since it's in another jail/vnet, it can't
get there.
The closes thing I can think of is putting an epair in w/ the tunnel
interface, and routing the tunnel out of the vnet via the ep
Rick Macklem wrote this message on Thu, Jun 02, 2022 at 14:44 +:
> John-Mark Gurney wrote:
> > I just booted FreeBSD-current diskless, using NFS root, and I ended
> > up having issues because by default, NFS root is only v2.
> >
> > One of things that happened w
sibly be a way via mount options, but I can't
see where it's documented to set them.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
te, even via power_off/power_on
commands.
Sorry that I don't have a solution for you. The closest that I could
suggest is to try to drop the USB id from the ure driver or switch it's
mode to try the ucdce driver instead. I've seen that it's been
Eric Joyner wrote this message on Sun, Aug 01, 2021 at 21:10 -0700:
> On Sun, Aug 1, 2021 at 6:59 PM John-Mark Gurney wrote:
>
> > I have a dual port igb card:
> > igb0: port 0x2020-0x203f mem
> > 0xd102-0xd103,0xd0c0-0xd0ff,0xd1044000-0xd1047fff irq 17 a
3
+Process and send pause frames.
+.It 4
+No software override, use EEPROM configuration.
+.El
+.El
+Note: That the variable is available for igb as well.
.Sh FILES
.Bl -tag -width /dev/led/em*
.It Pa /dev/led/em*
--
John-Mark Gurney Voice: +1 415 225 5579
&
2.5G device. So, other
non-RealTek devices would be great to test with.
Let me know if you have any issues with the change!
Thanks.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
if the necessary binaries are installed, and skip them if not
present.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
___
freebsd-net@freebsd.org mai
on the
inbound, and despite the current docs both...
There are a large number of flags that have been added over the years...
and it'd be good to catch up with that work...
Yes, I could spend hours reading the code, but it'd be much easier to
just ask the people who did the work
John-Mark Gurney wrote this message on Wed, Jan 13, 2021 at 17:59 -0800:
> Andrey V. Elsukov wrote this message on Wed, Jan 13, 2021 at 11:42 +0300:
> > On 13.01.2021 00:37, John-Mark Gurney wrote:
> > >> when this will happen again, it would be nice to make sure that NS
>
Andrey V. Elsukov wrote this message on Wed, Jan 13, 2021 at 11:42 +0300:
> On 13.01.2021 00:37, John-Mark Gurney wrote:
> >> when this will happen again, it would be nice to make sure that NS
> >> packets hit the IP stack. E.g. with attached dtrace script.
> >
>
Andrey V. Elsukov wrote this message on Tue, Jan 12, 2021 at 16:33 +0300:
> On 12.01.2021 05:25, John-Mark Gurney wrote:
> >> The device, where the capture was taken does not respond tot he NS packet.
> >> This might be caused by:
> >> a) the device has a differe
t, tgt is fc00:b5d:41c:7e37::c43c, length 32
05:08:32.215624 IP6 fc00:b5d:41c:7e37::7e37 > fc00:b5d:41c:7e37::c43c: ICMP6,
echo request, seq 0, length 16
05:08:32.215646 IP6 fc00:b5d:41c:7e37::c43c > fc00:b5d:41c:7e37::7e37: ICMP6,
echo reply, seq 0, length 16
--
John-Mar
faddrs (in libc)
looks like it returns all the info you want in the ifa_data for
any entry that is of type AF_LINE...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
___
in BACKUP and never return to
> MASTER. Any idea what I'm missing? Is CARP supposed to work with epair?
Did you set net.inet.carp.preempt=1? Or do you not yet have another
peer and that is why you expect that it'd come back as MASTER?
--
John-Mark Gurney
nd6 options=29
ue1: flags=8802 metric 0 mtu 1500
options=8
ether xx:xx:xx:xx:xx:xx
media: Ethernet autoselect (1000baseT )
status: active
nd6 options=21
--
John-Mark Gurney Voice: +1 415 225 5579
"All that
y imposed on me... So now I don't have this need
> anymore.
Ok. Glad you were able to solve your problem, though obviously not the way you
wanted to.
Just for the archives, this style of routing should work fine in FreeBSD.
> On Tue, 15 Sep 2020 12:10:52 -0700
> John-Mark Gurney
Is it a problem if they have
> > one ?
> > If it is possible, you can route via this private address on your FreeBSD
> > installation to the new one and assign a public/32 to the last.
> >
> > Alternatively to doing routing like above, if you have a firewall enabled on
> > the first machine, you can do address forwarding between the first and the
> > new one.
> >
> > And last, maybe with something like -iface from "route" you can achieve what
> > you want.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
signature.asc
Description: PGP signature
John-Mark Gurney wrote this message on Sat, Jul 25, 2020 at 16:13 -0700:
> Hello,
>
> I'd like people who have ure (RealTek) based USB devices to test
> review D25809[0].
>
> This update adds support for:
> - HW VLAN tagging
> - HW checksum offload for IPv4 and IP
Ganbold Tsagaankhuu wrote this message on Wed, Aug 19, 2020 at 16:27 +0800:
> On Tue, Jul 28, 2020 at 2:35 AM John-Mark Gurney wrote:
>
> > Ganbold Tsagaankhuu wrote this message on Mon, Jul 27, 2020 at 18:29 +0800:
> > > On Mon, Jul 27, 2020 at 5:14 AM John-M
Ganbold Tsagaankhuu wrote this message on Mon, Jul 27, 2020 at 18:29 +0800:
> On Mon, Jul 27, 2020 at 5:14 AM John-Mark Gurney wrote:
>
> > Ganbold Tsagaankhuu wrote this message on Sun, Jul 26, 2020 at 11:05 +0800:
> > > On Sun, Jul 26, 2020 at 7:13 AM John-M
Ganbold Tsagaankhuu wrote this message on Sun, Jul 26, 2020 at 11:05 +0800:
> On Sun, Jul 26, 2020 at 7:13 AM John-Mark Gurney wrote:
>
> > Hello,
> >
> > I'd like people who have ure (RealTek) based USB devices to test
> > review D25809[0].
> >
> &
0Mbps depending upon
TCP or UDP, which is a significant improvement over the previous
91Mbps (~8kint/sec*1500bytes/packet*1packet/int).
Thanks.
[0] https://reviews.freebsd.org/D25809
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been
John-Mark Gurney wrote this message on Thu, Jul 23, 2020 at 16:49 -0700:
> Kristof Provost wrote this message on Thu, Jul 23, 2020 at 11:02 +0200:
> > On 23 Jul 2020, at 11:00, Bjoern A. Zeeb wrote:
> > > On 23 Jul 2020, at 8:09, Kristof Provost wrote:
> > >
> > &g
Kristof Provost wrote this message on Thu, Jul 23, 2020 at 11:02 +0200:
> On 23 Jul 2020, at 11:00, Bjoern A. Zeeb wrote:
> > On 23 Jul 2020, at 8:09, Kristof Provost wrote:
> >
> >> On 23 Jul 2020, at 9:19, Kristof Provost wrote:
> >>> On 23 Jul 2020, at 0:1
Bjoern A. Zeeb wrote this message on Wed, Jul 22, 2020 at 20:43 +:
> On 22 Jul 2020, at 19:34, John-Mark Gurney wrote:
>
> > John-Mark Gurney wrote this message on Tue, Jul 21, 2020 at 23:05
> > -0700:
> >> Peter Libassi wrote this message on Wed, Jul 22, 2020 at
John-Mark Gurney wrote this message on Tue, Jul 21, 2020 at 23:05 -0700:
> Peter Libassi wrote this message on Wed, Jul 22, 2020 at 06:54 +0200:
> > Is this related to
> >
> > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234985
> > <https://bugs.freebsd.org/b
lticast code.. It looks like in_multi isn't holding an
interface or address lock waiting for things to free up...
> > 21 juli 2020 kl. 22:23 skrev John-Mark Gurney :
> >
> > Marko Zec wrote this message on Tue, Jul 21, 2020 at 11:31 +0200:
> >> On Tue, 21 Jul 2020 02:16:
Marko Zec wrote this message on Tue, Jul 21, 2020 at 11:31 +0200:
> On Tue, 21 Jul 2020 02:16:55 -0700
> John-Mark Gurney wrote:
>
> > I'm running:
> > FreeBSD test 13.0-CURRENT FreeBSD 13.0-CURRENT #0 r362596: Thu Jun 25
> > 05:02:51 UTC 2020
> > r...@re
#9 0x80b830f0 in fork_exit (
callout=0x80c26200 ,
arg=0x81cf4f70 , frame=0xfe0049e99b80)
at /usr/src/sys/kern/kern_fork.c:1052
#10
(kgdb)
I have the core files so I can get additional information.
Let me know if you need any additional information
-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe
Marko Zec wrote this message on Fri, Jul 17, 2020 at 23:54 +0200:
> On Fri, 17 Jul 2020 11:56:09 -0700
> John-Mark Gurney wrote:
> > Marko Zec wrote this message on Fri, Jul 17, 2020 at 12:03 +0200:
> ...
> > > #define IFQ_DRV_IS_EMPTY(ifq) \
> > > ((
Marko Zec wrote this message on Fri, Jul 17, 2020 at 12:03 +0200:
> On Thu, 16 Jul 2020 11:56:29 -0700
> John-Mark Gurney wrote:
>
> > Marko Zec wrote this message on Thu, Jul 16, 2020 at 07:49 +0200:
> > > On Thu, 16 Jul 2020 07:26:22 +0200
> > > Marko Zec w
Marko Zec wrote this message on Thu, Jul 16, 2020 at 07:49 +0200:
> On Thu, 16 Jul 2020 07:26:22 +0200
> Marko Zec wrote:
>
> > On Wed, 15 Jul 2020 16:26:25 -0700
> > John-Mark Gurney wrote:
> >
> > > I happen to be looking at the implementation
issue often, since it's an error path that likely
rarely happens, but we should fix it.
Should we just add the IFQ_LOCK/_UNLOCK to the macro?
Comments or thoughts?
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All t
> > to to encrypt just that tunnel.
> > It's not required to do the encryption in netgraph.
> > there is a script to make the tunnel in
> > /usr/share/examples.netgraph/udp.tunnel
> > you just need to set up the SA to catch it..
> >
etgraph on how I can integrate it with FreeBSD jails
> > >> and I was looking at some of the examples provided in
> > >> /usr/share/examples/netgraph and now have the following question.
> > >> The udp.tunnel example shows an iface point-t
0 does specify rtltime -- unless I'm missing
> something.
I only see rtltime on em0, and I don't see a closing colon after
rtltime on em0. Try adding a terminating colon on em0 and see if
the problem goes away.
--
John-Mark Gurney Voice: +1 415 225
ed to do
> > so.
>
> Right, a "consumers need to ask for it" issue more so than an inherently
> problematic approach. I assumed as much but wasn't sure.
Don't we have the option of doing soft re-classification? Where we
recalculate the hash, and then do a netisr de
Olivier Cochard-Labb wrote this message on Tue, Nov 05, 2019 at 23:45 +0100:
> On Tue, Nov 5, 2019 at 8:15 PM John-Mark Gurney wrote:
>
> > AES-GCM can run at over 1GB/sec on a single core, so as long as the
> > traffic can be processed by multiple threads (via multiple queu
ingle core, so as long as the
traffic can be processed by multiple threads (via multiple queues
for example), it should be doable.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been don
e epair
successfully. I've had to do that myself.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
___
freebsd-net@freebsd.org mailing list
Hiroki Sato wrote this message on Tue, Aug 20, 2019 at 16:26 +0900:
> "Bjoern A. Zeeb" wrote
> in <7a7874fa-e663-4ec9-b349-c46d32982...@lists.zabbadoz.net>:
>
> bz> On 17 Aug 2019, at 6:03, John-Mark Gurney wrote:
> bz>
> bz> > I am setting
the rtadvd source code,
and I don't see a makeentry for addrs either.
If no one objects, I'll remove it.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that
Andrey V. Elsukov wrote this message on Thu, Aug 15, 2019 at 17:38 +0300:
> On 14.08.2019 03:27, John-Mark Gurney wrote:
> > I'm doing some perf testing on an APU4 board, and I noticed that
> > it looks like the input netstat counters are 2x than what they should
> >
with 13.0-CURRENT from the July 25th snapshot, which is r350322.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
___
freebsd-net@freebsd.or
iness/2017/03/16/lack-oxford-comma-costs-maine-company-millions-overtime-dispute/BIxK837fA2C06qavQMDs5J/story.html
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
_
s it put the values? It sounds like vaddrs and paddrs arrays are
already allocated and you just use these addresses... But there is no
way I can write code from this description...
Also, lots of terminology is missing, like what is a qset?
--
John-Mark Gurney Vo
> > vale1:a"
> > >
> > > - the problem is that the separately built module is compiled
> > > without "options VIMAGE", and as such does not set curvnet prior to
> > > calling into network stack functions, therefore we have a null
> > > point
Marko Zec wrote this message on Tue, Sep 04, 2018 at 16:43 +0200:
> On Sat, 1 Sep 2018 14:11:23 -0700
> John-Mark Gurney wrote:
> > Vincenzo Maffione wrote this message on Sat, Sep 01, 2018 at 22:25
> > +0200:
> ...
> > > On x86_64 netmap is not built as a module,
Vincenzo Maffione wrote this message on Sat, Sep 01, 2018 at 22:25 +0200:
> Il giorno sab 1 set 2018 alle ore 03:50 John-Mark Gurney
> ha scritto:
>
> > First, does vale work for anyone? At least one of the documented
> > commands in vale(4) does not work.
> >
>
error = netmap_get_bdg_na(hdr, na, nmd, create);
1539if (error)
1540goto out;
1541
1542if (*na != NULL) /* valid match in netmap_get_bdg_na() */
Thanks.
--
John-Mark Gurney Voice: +1 415 225 5579
"All tha
es... And the A: line gives you the ability to spoof
packets as well...
Hopefully there wasn't any important data encrypted w/ that key...
Always X those out...
> > A: hmac-sha2-256 xxx
--
John-Mark Gurney Voice: +1 415 225 5579
0
> net.inet.ipsec.debug: 0
> net.inet.ipsec.filtertunnel: 0
> net.inet.ipsec.natt_cksum_policy: 0
> net.inet.ipsec.check_policy_history: 0
> net.inet.ipsec.crypto_support: 50331648
>
>
>
> > On Aug 9, 2018, at 6:40 AM, John-Mark Gurney wr
hat is limiting performance, and not the cipher...
Need to see your setkey.conf, or at least the output of setkey -D..
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
Adrian Chadd wrote this message on Sat, Jul 28, 2018 at 13:33 -0700:
> On Fri, 27 Jul 2018 at 15:19, John-Mark Gurney wrote:
>
> > Ryan Moeller wrote this message on Fri, Jul 27, 2018 at 12:45 -0700:
> > > There is a long-standing issue with 9k mbuf jumbo clusters in FreeB
55f17a223260246becfbb150a1
Drivers need to be fixed to use 4k pages instead of cluster. I really hope
no one is using a card that can't do 4k pages, or if they are, then they
should get a real card that can do scatter/gather on 4k pages for jumbo
frames..
--
John-Mark
hardware with latest netmap code
> > (LINUX).
> >
> > What is the source of this limitation? From the chip datasheet it appears
> > that much larger frames are supported.
> >
> > There is mention of 9216 in some of the driver source files but as an
e14 create
> ifconfig bridge14 addm tap0 addm em0.14
> ifconfig bridge14 up
> ifconfig bridge14
>
> then your VM will can communicate (untagged) with your host system, and
> you will see tagged packets on em0 (and untagged on em0.14 of course)
Yes, and that prevents me running some
gt; cause they are wrapping in vlan tags thus the bridge
> never learns all the mac addresses, but this is just a
> guess.
I finally figured this out w/ tcpdump, as tcpdump was showing the
packets going out em0.14 (in my case), but the reply was never making
it back to em0.14. I was seein
with patch, if I set LINK0, it should work
w/ original configuration), I'll test and commit the patch.
Otherwise, please submit another fix.
Thanks.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do,
rowing properly to
handle the latency.
I posted some info on the wiki about this:
https://wiki.freebsd.org/SSHPerf
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
___
ws the callout subsystem to coalesce callouts scheduled close to each
other into fewer timer interrupts, reducing processing overhead and power
consumption. These flags may be specified to adjust the interpretation
of sbt and pr:
--
John-Mark Gurney
Chris Stankevitz wrote this message on Wed, Aug 26, 2015 at 14:30 -0700:
> Thanks again. I appreciate you teaching me "how to fish". I basically
> spent all morning reading kdump output.
No worries, glad you're learning...
> On 8/26/15 1:24 AM, John-Mark Gurney wro
Chris Stankevitz wrote this message on Tue, Aug 25, 2015 at 19:55 -0700:
> John-Mark,
>
> Thank you for your reply.
>
> On 8/25/15 6:03 PM, John-Mark Gurney wrote:
> > Chris Stankevitz wrote this message on Tue, Aug 25, 2015 at 15:47 -0700:
> >> # cat /dev/urand
smaller window size...
In a quick test of mine, I'm seeing a buffer size of ~520k from my
MacOSX box, and ~776k from my 9.2-R box... Server in both cases is
a June -CURRENT... netstat -xAanfinet is helpful on this...
Hope this helps!
--
John-Mark Gurney V
looked at fixed the em driver yet.
[1] https://svnweb.freebsd.org/changeset/base/r162205
P.S. Probing time could be made faster if ping -t supported sub-second
values as if a host on a local segment hasn't replied in, say, 100ms,
it's probably not going to, or you need to fix the network.
--
John-Mar
more info..
I haven't tried this out myself, but I may in the near future...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
___
freebsd-net@
it to a different list, the people who
can and will do something about it can subscribe, the problem is
getting those people subscribed... If we don't get enough people
subscribed, then there isn't much point...
btw, if this works, we should do it for all the mai
Laurie Jennings wrote this message on Wed, Jul 29, 2015 at 17:52 -0700:
>
> On Wed, 7/29/15, John-Mark Gurney wrote:
>
> Subject: Re: Locking Memory Question
> To: "Laurie Jennings"
> Cc: "John Baldwin" , free
he data to userland... This
means the userland process doesn't have to have /dev/kmem access...
Is there a reason you need to use kmem? The only reason you list above
is that it's too large via ioctl, but a copyout is fine, and would
handle all page faults for you..
--
John-Mark G
John-Mark Gurney wrote this message on Wed, Jul 29, 2015 at 09:11 -0700:
> George Neville-Neil wrote this message on Wed, Jul 29, 2015 at 10:35 -0400:
> > That's fine so long as its removed in HEAD now, and then the warning can
> > go into 10 aka 10.3.
>
> As I said,
l 2015, at 13:25, Adrian Chadd wrote:
>
> > I'd put together a deprecation plan, which starts with the kernel
> > warning that this stuff is being removed, MFC that to stable/10 and
> > stable/9 so people aren't surprised when they upgrade, and
ddleopenvpn-exit-node-mit-jails/
>
> or the racoon example from:
> https://blog.plitc.eu/2014/freebsd-10-ipv4-ipsec-net-to-net-vpn-in-der-jail/
>
> best regards
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I wil
Jim Thompson wrote this message on Mon, Jul 27, 2015 at 23:18 -0500:
> > On Jul 27, 2015, at 10:41 PM, John-Mark Gurney wrote:
> >
> > Jim Thompson wrote this message on Mon, Jul 27, 2015 at 20:24 -0500:
> >>> On Jul 27, 2015, at 7:57 PM, John-Mark Gurney wrote
Jim Thompson wrote this message on Mon, Jul 27, 2015 at 20:24 -0500:
> > On Jul 27, 2015, at 7:57 PM, John-Mark Gurney wrote:
> >
> > I would like to remove it from HEAD immediately as I don't see a use
> > for it. Some time ago I proposed removing Ski
nt to keep this mode, you have to say you are currently
using the mode and include a working sample config.
Thanks.
[1] https://tools.ietf.org/html/draft-ietf-ipsec-skipjack-cbc-00
[2] https://en.wikipedia.org/wiki/Skipjack_(cipher)
--
John-Mark Gurney Voice:
Karl Pielorz wrote this message on Mon, Jul 13, 2015 at 09:33 +0100:
> --On 10 July 2015 11:06 -0700 John-Mark Gurney wrote:
>
> > Try bumping the MTU on the root em's by 4 (1504) before creating the
> > lagg...
>
> I had thought of that - but didn't want t
gt;
>
> The MTU on lagg0.10 has shrunk by 4 (size of VLAN tag). Is there a way of
> avoiding that?
Try bumping the MTU on the root em's by 4 (1504) before creating the
lagg...
--
John-Mark Gurney Voice: +1 415 225 5579
&qu
ters
> automatically (and on the fly) if the system is short of 9K clusters.
> There are even tunables that will let you set 4K as the only cluster
> size that the driver should allocate.
Can we get this to be the default? and included in more drivers too?
--
John-Mark Gurney
John-Mark Gurney wrote this message on Fri, Apr 24, 2015 at 11:11 -0700:
> I would also be fine w/ documenting this behavior, though I'm sure
> it'd be surprising to many that you'd have to check to make sure your
> data was properly copied.
Should have reviewed the m_
&r2=3352
That's a pretty fundamental change... mbuf(9) does not document this
behavior that data may be thrown away...
I would also be fine w/ documenting this behavior, though I'm sure
it'd be surprising to many that you'd have to check to make sure your
nts to a specific source
address/destination address/protocol tuple... so, using different id
buckets per above hash would be best...
Take a look at:
https://tools.ietf.org/html/rfc6864
Which is a good read for addressing this issue...
--
John-Mark Gurney Voice: +1 415
let people who are interested in it
subscribe or check the review on the website.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
___
freebsd-ne
ybe a good time for a unit test?
Do people realize that we have gcov in the tree? For changes like
this, seems like it'd be nice and easy to verify that all of the
changes got coverage...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do,
work
admin lets you, you could run routed or similar routing protocol to
announce the route, but your lan admin will probably not like you for
that...
The other way is to use nat... Look at the handbook for configuring
either ipfw or pf for nat:
https://www.freebsd.org/doc/handbook/firewalls.html
--
f so, you need to figure out why it's
> propagating all the way up to the LACP level.
It very well could be that the authors of the TP-Link firmware missed
the comment in 1ax that says the FCS is generated by the MAC, and
include it in the
Andrey V. Elsukov wrote this message on Fri, Nov 21, 2014 at 01:20 +0300:
> On 21.11.2014 00:35, John-Mark Gurney wrote:
> > As I'm about to commit my AES-GCM work, I've been trying to do
> > some testing to make sure I didn't break IPsec.
> >
> > The fi
s
now that weren't used back then that should get us around this issue..
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
___
freebsd-net@freebsd.org mailin
mage(3) - display an XvImage
hmm.. nope... jail has something about vnets, but not nearly enough
to be useful...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I ha
i386?
Yeh, it looks like ep is in GENERIC on i386.. We also compile ep on
amd64 too, though not sure anyone would ever want to use ep on there...
On HEAD we only compile the ep modules on i386... so not sure why you
weren't able to find it...
gt; 9NiqTuefcoLjXKWcYNLuRxaBgPuERXm4J9CdIWIn1X9QXSx+En++JHMiuqUT+8fW
> qSmlXve0zOIpnLoIZ7mlpMDwpQe2YWWf3eNhDVtsZLr+ra3pd95gQaf3aOvAJpJQ
> 8syLAyso5GkR+uQK9/mT7L3IH8VuiGAGzVrmdXXd0GewQct7flBymWCnUb8yUF6F
> O8+MMJOF7WWbtRBW45boWhoHl7K9JFtznDiZxZ/ef0P2LP+C6tk2DtjNtXWKRw6M
> Fg8ZK2FsFj0QiYu
support having the same route to two
different interfaces..
Hope this helps...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
___
freebsd-net@freebsd.org maili
or some of the ref
counting, but I belive it may suffer from the problem of not having a
ref count held by the table, so I'm not sure it's ready for prime
time, but it does significantly increase the PPS rate...
If we are going to go high PP
John-Mark Gurney wrote this message on Fri, Oct 31, 2014 at 12:12 -0700:
> Can any one think of a good reason not to enable IPDIVERT sockets in
> the ipfw module?
sorry, ignore this... didn't realize ipdivert was loadable as a
separate module, ipdivert...
--
John-
FLAGS+= -DIPFIREWALL_VERBOSE_LIMIT=100
#
#If you want it to pass all packets by default
-#CFLAGS+= -DIPFIREWALL_DEFAULT_TO_ACCEPT
+CFLAGS+= -DIPFIREWALL_DEFAULT_TO_ACCEPT
+#
+#If you want divert sockets
+CFLAGS+= -DIPDIVERT
#
.include
--
John-Mark Gurney Voice: +
. (this sensor use the 'em'
> driver, not 'ixgbe')
>
> I'm running snort with the same configuration, settings, version, daq,
> libs, etc on 10.0 as I do on 9.3.
> None of the 9.3 sensors have this problem, so it has to be something new
> in FreeBSD 10
the routing table setup properly? Are you sure the routing
table is setup so the response goes out the vlan interface?
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
__
you may have
to do something special to throw away the traffic...
You could also possibly do something similar w/ netgraph, say one2many+bpf
(w/ basicly the same rule as lagg) to ng_ether..
--
John-Mark Gurney Voice: +1 415 225 5579
"All that
de. Use fixed destination ports for UDP and
TCP probes. The destination port does NOT increment with each
packet sent.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
_
1 - 100 of 240 matches
Mail list logo
