Re: Some question about DCTCP implementation in FreeBSD

2019-06-04 Thread Lars Eggert
Hi, glad to see interest in DCTCP! On 2019-6-4, at 11:05, Yu He via freebsd-net wrote: > In line 387 of file cc_tcp.c, the update of alpha is calculated by following > code: > > dctcp_data->alpha = min(alpha_prev - (alpha_prev >> V_dctcp_shift_g) + > (dctcp_data->bytes_ecn << (10 -

Re: IPv4 and IPv6 NAT

2011-02-14 Thread Lars Eggert
Hi, On 2011-2-14, at 19:59, Darek M wrote: > Currently using 7.2-RELEASE, with ipnat/ipfilter. > > Will I be setting up the NAT box in dual stack? yes. > Will that allow me then to provide each private host with a v6 IP? Yes. > Will that then make the private hosts run in dual stack? If the

Re: Call for testers: RFC 5569 (6rd) support in stf(4)

2010-10-01 Thread Lars Eggert
On 2010-10-1, at 1:55, Doug Barton wrote: > My point about FreeBSD 9 is that if we add the 6rd code today, then > release 9.0 in about a year, then support the RELENG_9 branch for 4-6 > years that we will still be maintaining code that no one has any use > for. Sorry if I wasn't clear. You're s

Re: Default gateway on different net

2010-09-24 Thread Lars Eggert
On 2010-9-24, at 12:06, Lasse Brandt wrote: > IPs: 2a01:::3183:: /64 > Gateway: 2a01:::3180::1 /59 > > And this is my rc.conf: > > ipv6_enable=”YES” > ipv6_static_routes=”defgw” > ipv6_route_defgw=”2a01:::3180:: -prefixlen 59 -iface re0” > ipv6_defaultrouter=”2a01::xxx

Re: ROUTETABLES & IPv6?

2010-09-22 Thread Lars Eggert
Hi, On 2010-9-22, at 14:31, Bjoern A. Zeeb wrote: > On Wed, 22 Sep 2010, Lars Eggert wrote: >> The ipfw "fwd" command also doesn't do IPv6; > > Hmm, that could possibly be fixed. Not sure it's a good idea in > general, but ... I'd be happy to test pa

Re: ROUTETABLES & IPv6?

2010-09-22 Thread Lars Eggert
On 2010-9-21, at 17:05, Andre Oppermann wrote: > It seems multi-FIB is incomplete for IPv6. Also radix multi-path > is incomplete for IPv6 at the moment. Thanks all, for confirming what the status here is. (Too bad though - this means I still can't properly get packets routed out of a multihomed

ROUTETABLES & IPv6?

2010-09-21 Thread Lars Eggert
Hi, am I correct in that multi-FIB support is currently only working for IPv4? At least "setfib route add -inet6 " adds the route into all FIBs, not only FIB . (For IPv4, it works correctly.) Or am I missing something? Thanks, Lars PS: Please CC me on replies.

Re: Removal of deprecated implied connect for TCP

2010-09-13 Thread Lars Eggert
Hi, On 2010-8-29, at 16:22, Andre Oppermann wrote: > T/TCP was ill-defined and had major security issues and never gained > any support. It has been defunct in FreeBSD and most code has been > removed about 6 years ago. we're also about to declare the T/TCP RFCs Historic. See http://tools.ietf.o

Re: TCP RST handling in 6.0

2005-11-08 Thread Lars Eggert
t you from spoofed RSTs. Lars -- Lars Eggert NEC Network Laboratories

Re: TCP RST handling in 6.0

2005-11-08 Thread Lars Eggert
itigation mechanisms such as this one, and are able to judge the risks of enabling it. Lars -- Lars Eggert NEC Network Laboratories

Re: TCP RST handling in 6.0

2005-11-08 Thread Lars Eggert
ags and fields, not the data contents. I think that'd be very useful. I frequently come across entries in the logs that I wish I had some more information about. I'd even go as far as (optionally) dumping all such packets in tcpdump format. Lars -- Lars Eggert NEC Network Laboratories

TCP RST handling in 6.0

2005-11-08 Thread Lars Eggert
ds track in the future. Thus, I'd like to suggest that the default for net.inet.tcp.insecure_rst be zero for now. AFAIK, any other TCP mod came disabled be default in the past, too. Lars -- Lars Eggert NEC Network Laboratories

Re: TCP out-of-order packets.

2005-01-13 Thread Lars Eggert
ops to try and reestablish the original packet order. Lars -- Lars Eggert NEC Network Laboratories smime.p7s Description: S/MIME Cryptographic Signature

Re: simulating an LFN over 1Gb LAN Ethernet?

2004-04-22 Thread Lars Eggert
rival spacing. That may or may not be a problem for what you are trying to simulate however. Lars -- Lars Eggert NEC Network Laboratories smime.p7s Description: S/MIME Cryptographic Signature

Re: My planned work on networking stack

2004-03-01 Thread Lars Eggert
Lars Eggert wrote: this sounds like something you could do with planetlab (http://planet-lab.org/). Do you have access? (Or maybe I misunderstood what you meant by "testbed".) Argh. Yes, it runs Linux. Yes, I'm jet lagged. (But there was some talk about running something else

Re: My planned work on networking stack

2004-03-01 Thread Lars Eggert
coordinate with the donations officer for help in getting equipment you may need. this sounds like something you could do with planetlab (http://planet-lab.org/). Do you have access? (Or maybe I misunderstood what you meant by "testbed".) Lars -- Lars Eggert

Re: question: source address on interface w/ aliases?

2004-02-13 Thread Lars Eggert
my expectation. But: is this a BSD-specific implementation? If I catch a kernel doing otherwise, can I say 'Aha! That's a bug based on documented standards' ? RFC 1122, Section 3.3.4.2 Lars -- Lars Eggert NEC Network Laboratories smime.p7s Desc

European USB DSL modems?

2004-01-29 Thread Lars Eggert
urope - all my US modems just had an Ethernet port... -- Lars Eggert NEC Network Laboratories smime.p7s Description: S/MIME Cryptographic Signature

Re: Routing With Two ISPs?

2003-11-07 Thread Lars Eggert
l solution would target at true policy-based routing. For some simple setups, you can use ipfw fwd rules to forward on something other than destination address. But I agree that for more complex things you need some implementation of policy routing. Lars -- Lars Eggert <[EMAIL PROTECTED]&g

Re: ipsec tunnels & packet length issues

2003-10-29 Thread Lars Eggert
is a known issue ? Except playing with mtu, is there a fix ? See the section on PMTU discovery in draft-touch-ipsec-vpn-06. If the requirements of your setup allow is, IPIP gif tunnels together with IPsec transport mode (as described in the ID) can address this issue. Lars -- Lars Eggert <[EMA

Re: Filtering question: checking for many addresses in a single rule?

2003-10-21 Thread Lars Eggert
, i.e. simulate a trie-like structure with the firewall. This can can get you down to O(log). It's not as automatic as you'd like though, probably. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: Help Broadcasting a UDP packet on the LAN:URGENT

2003-10-20 Thread Lars Eggert
EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: I would like to tcpdump and get all the packets...

2003-09-18 Thread Lars Eggert
Michael Sierchio wrote: The time it takes to resolve host names, probably, and the additional burden of writing the service names, where known, etc. Try tcpdump -vvv -n or tcpdump -vvv -ln Or try a binary dump straight into a file, and analyze it offline. Lars -- Lars Eggert <[EMAIL PROTEC

Re: Gif IPTunnel networkA-to-networkB not work

2003-08-27 Thread Lars Eggert
rtual network needs both virtual link and network layers.) It doesn't give you the full expressiveness of IPsec selectors, but it's good enough for many VPN schemes (and routing works!) See ftp://ftp.rfc-editor.org/internet-drafts/draft-touch-ipsec-vpn-05.txt. It is currently under in t

Re: CFR: bridge locking

2003-08-20 Thread Lars Eggert
PS: I needed both these changes for our Soekris-based "rent-a-subnet" box: http://www.isi.edu/tethernet/ -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: Translate MAC address to IP address

2003-08-15 Thread Lars Eggert
Nick, Nick Barnes wrote: At 2003-08-13 15:43:51+, Lars Eggert writes: Nick Barnes wrote: I have some MAC addresses from a local Ethernet segment. I want to convert them into IP addresses. How can I do that programmatically? net/arping from port: Thanks for the reference. I had a look at

Re: Translate MAC address to IP address

2003-08-14 Thread Lars Eggert
packets received, 0% unanswered Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: Recursive Tunneling

2003-08-14 Thread Lars Eggert
2.2.2): 56 data bytes ping: sendto: Input/output error ping: sendto: Input/output error ping: sendto: Input/output error Did you increase net.link.gif.max_nesting via sysctl? Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cr

Re: Bandwidth monitoring

2003-06-24 Thread Lars Eggert
are associated. If -b is also present, show the number of bytes ^^^ in and out. If -d is also present, show the number of dropped ^^^ packets. If -t is also present, show the contents of watchdog timers. Lars -- Lars Eggert <[EMAIL

Re: options FAST_IPSEC & tunnels

2003-04-02 Thread Lars Eggert
Eric, On 4/2/2003 7:58 AM, Eric Masson wrote: "Lars" == Lars Eggert <[EMAIL PROTECTED]> writes: Lars> Alternatively (and already working), you can replace IPsec tunnel Lars> mode with IPIP (gif) tunnels and transport mode, and then use the Lars> gif device in your fir

Re: options FAST_IPSEC & tunnels

2003-04-01 Thread Lars Eggert
st ready, which will then go to Informational.) Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: Need to frag (DF) :)

2003-03-31 Thread Lars Eggert
so on. Try tcpmssd from ports, and bind it to ng0 after it comes up. It should diddle the MSS values in your TCP SYNs on the fly. (You may also have to do something similar on the tunnel endpoint for inbound connections.) Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information

Re: FreeBSD 5.0 Multiple NICs , IPFW and IPNAT

2003-03-06 Thread Lars Eggert
, there is no need to run DHCP to get them. Just assign them as aliases to a single NIC, turn off DHCP, and related MAC address registration headaches go away. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: NIC throughput on multiprocessor low.

2003-01-06 Thread Lars Eggert
? Finally, what were the numbers you got when you measured (and what is chariot)? Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: default route

2003-01-05 Thread Lars Eggert
On 1/5/2003 1:26 PM, randall ehren wrote: how can i assign the default gateway to use fxp0 instead? route delete default route add default A.B.C.D As described in the man page. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Descript

Re: Need help dealing with (D)DoS attacks (desperately)

2003-01-05 Thread Lars Eggert
you described (when you say "megs", do you mean Mb/s or MB/s?) Complicated firewall rule sets also eat CPU time. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: IPsec / ipfw interaction in 4.7-STABLE: a proposed change

2003-01-03 Thread Lars Eggert
we describe there (IPIP tunnels + IPsec transport mode), you get this functionality free, because rcvif will be the IPIP tunnel a packet came in on. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: Recursive encapsulation could panic the Kernel

2002-12-19 Thread Lars Eggert
roblem is with *implementing* recursive encapsulation recursively, as this can overflow the kernel stack and cause crashes. The fix that I'd prefer would prevent this stack overflow from happening, without limiting recursive encapsulation. But I'd settle for any patch that comes with a kno

Re: IPSEC over wireless link

2002-12-05 Thread Lars Eggert
ec esp/transport//require; spdadd 10.0.0.0/0 10.0.0.3 any -P out ipsec esp/transport//require; EOF These look fishy. Shouldn't they simply be: spdadd 10.0.0.3 10.0.0.1 any -P in ipsec esp/transport//require; spdadd 10.0.0.1 10.0.0.3 any -P out ipsec esp/transport//require; Lars -- Lars Egg

Re: Multihoming - implementing RFC 1122

2002-12-02 Thread Lars Eggert
yer 3 VPNs, where IP is used as both link and network protocol. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: Packet Capturing on GWs but don't let them go out.

2002-11-22 Thread Lars Eggert
soheil soheil wrote: I want to do packet capturing but as you know the pcap let the packet go out and just put a copy on the buffer . I just want to do a copy and don't let them go out . Sounds like you should be using a divert socket, and not a bpf. Lars -- Lars Eggert <[EMAIL P

RFC 3390: Increasing TCP's Initial Window

2002-11-01 Thread Lars Eggert
fault net.inet.tcp.slowstart_flightsize to 4? (I've been running with this for a long time w/o problems.) Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: Bridging when one interface has no carrier

2002-10-27 Thread Lars Eggert
[Re-send, forgot to attach the patches. Argh.] Lars Eggert wrote: > This causes the problem decribed in PR kern/41632 > (http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/41632), where dhcpd > "listens" on interface A which is bridged to interface B. When A has no > carrier,

Re: Bridging when one interface has no carrier

2002-10-27 Thread Lars Eggert
Lars Eggert wrote: This causes the problem decribed in PR kern/41632 (http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/41632), where dhcpd "listens" on interface A which is bridged to interface B. When A has no carrier, DHCP requests arriving on B are ignored. When A has a carrier, dhc

Re: Bridging when one interface has no carrier

2002-10-25 Thread Lars Eggert
Lars Eggert wrote: Attached is a rough patch to if_ethersubr.c that fixes the problem. It should probably further be tweaked (there's a chance for duplicates), but I wanted some comments first :-) Here's a revised version of the patch (against bridge.c, which is a better place fo

Re: Bridging when one interface has no carrier

2002-10-25 Thread Lars Eggert
AL)" branch. Still, there might be duplicate packets delivered to the bpf, I'll look into that today. Thanks for the feedback! Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: Bridging when one interface has no carrier

2002-10-24 Thread Lars Eggert
case, or remove it altogether... I am not sure which one is the best approach. On Mon, Aug 19, 2002 at 09:52:27AM -0700, Lars Eggert wrote: >I've filed a PR (kern/41632, >http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/41632) on the following >problem: > >FreeBSD box with two E

Re: IPSEC/NAT issues

2002-10-18 Thread Lars Eggert
. Reading his first post, the original poster wants to IPsec NAT'ed packets, not vice versa. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: IPSEC/NAT issues

2002-10-17 Thread Lars Eggert
between B and C, and transport-mode IPsec that. That way, your NAT packets get tunneled, and the tunneled packets secured. On inbound, security processing comes first, then decapsulation, then ipfw. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smi

Re: IPSEC/NAT issues

2002-10-17 Thread Lars Eggert
ng through gif (4) tunnel" a few weeks ago that dealt with a very similar issue. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: ENOBUFS

2002-10-15 Thread Lars Eggert
that case, syscall overhead is less, since you amortize it over multiple packets. (But there are different issues that can limit TCP throughput.) > I´ll try changing the packet sizes to figure out optimum. I think I remember that 4K packets were fastest with the em hardware in our case. Lar

Re: ENOBUFS

2002-10-15 Thread Lars Eggert
til Luigi releases polling for em interfaces... :-) Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: ENOBUFS

2002-10-15 Thread Lars Eggert
netperf UDP throughputs of ~950Mpbs with a fiber em card and 4K datagrams on a 2.4Ghz P4. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: delayed ACK

2002-10-15 Thread Lars Eggert
net.tcp.slowstart_flightsize higher? > RFC2414 seems to indicate it should be higher. Solaris in version 8 and > later default to 4 for this value. I've been running with 4 for years w/o problems. so i'm all for the change. Lars -- Lars Eggert <[EMAIL PROTECTED]>

Re: ENOBUFS

2002-10-15 Thread Lars Eggert
ard interface queue length is 50 packets, you get ENOBUFS when it's full. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: delayed ACK

2002-10-15 Thread Lars Eggert
Paul Herman wrote: > > Not true. Although some bugs have been fixed in 4.3, FreeBSD's > delayed ACKs will still degrade your performance dramatically in > some cases. I'm sorry, but such statements without a packet trace that exhibits the problem are just not useful.

Re: in-kernel traffic generator?

2002-10-09 Thread Lars Eggert
intimate with the IP stack in 2.2.5). I was just about to send email to John about it, after finding the PC-router page on Google... Was it part of the CAIRN tree? If so, I probably have it somewhere. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

in-kernel traffic generator?

2002-10-09 Thread Lars Eggert
way to build one, no?) Thanks, Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: High interrupt load on firewalls

2002-10-09 Thread Lars Eggert
Luigi Rizzo wrote: > than move to a different board, or use polling (i have polling > patches for the intel gigabit adapter) If you mean em(4) - I'd love to test them :-) Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s De

Re: How to get hardware address of a machine using ARP/Sysctl/Routingsockets??

2002-10-09 Thread Lars Eggert
) to scan the subnet should get you the list. MAC addresses will then be either in your cache, or use net/arping from ports to get them. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: Linux <-> FreeBSD ipip/gre tunnel

2002-10-04 Thread Lars Eggert
(2.4.x)? I > can get a tunnel up between two FreeeBSD machines no problem, but not > between the two OSes. Yes, we've been using IPIP tunnels between the two systems without problems since at least 1998. (No idea about GRE.) What's the problem? Lars -- Lars Eggert <[EMAIL PROT

Re: Anyone T/TCP?

2002-10-04 Thread Lars Eggert
for removal from the tree? Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: Dummynet Usage Problems

2002-10-01 Thread Lars Eggert
Vinod wrote: > --- Lars Eggert <[EMAIL PROTECTED]> wrote: > >>That looks OK. What does "ipfw show" print? > ipfw pipe 1 show prints: 1: 100.000 Kbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail mask: 0x00 0x/0x ->0x/0x *Just* &qu

Re: Dummynet Usage Problems

2002-10-01 Thread Lars Eggert
; bandwidth i am getting. ... >> >>>i use the commands >>>ipfw add pipe 1 ip from any to 10.0.1.0/24 >>>ipfw pipe 1 config bw 100Kbit/s That looks OK. What does "ipfw show" print? Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: Dummynet Usage Problems

2002-10-01 Thread Lars Eggert
w.its the same > high bw it used to be.Am i doing anything wrong? > I have read the docs well and i thought the above > commands should work for me. What does your topology look like? What are your other firewall rules? How do you measure bandwidth? Lars -- Lars Eggert <[EMAIL P

Re: New natd available

2002-10-01 Thread Lars Eggert
ns caused it though.) Has this been tested with the new natd? Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: UNKNOWN IP OPTION emergency

2002-09-27 Thread Lars Eggert
> why this happend? Many reasons, all of which people can only speculate on until they see your code, a description of your setup and experimental procedure, and a commented packet dump. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute sm

Re: Forwarding selected broadcasts with ipfw

2002-09-26 Thread Lars Eggert
packet never gets out onto any interface though, > according to tcpdump What's the TTL on the broadcast packets? Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: VTUN PING TIME

2002-09-20 Thread Lars Eggert
ver the base network doesn't change, you may want to ask this on the vtun mailing list, too: http://vtun.sourceforge.net/ What's the load on the box when the ping times go up? Vtun is userland. I'd also try not compressing, it doesn't save much. Lars -- Lars Eggert <[

Re: Network Transfer Speed Issues - Tweaks/Advice?

2002-09-18 Thread Lars Eggert
ay be. >> >> Lastly, performance issues on older Pentiums can also result from poor >> memory bandwidth and/or PCI chipset problems. I recently replaced a >> P120 with a Celeron 333 - the performance improvement was surprising. >> >> Regards, >> David >> > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: increasing throughput

2002-07-15 Thread Lars Eggert
ion, test, burn-in > > $769 Ouch! > > That's about $300 above where I'm willing to consider it. Soren's boxes (http://www.soekris.com/) are half that price and work great for our purposes. (Although the current models are also a bit less powerful than the one abov

Denial-of-service through ARP snooping

2002-07-14 Thread Lars Eggert
ight be a bit higher, since the ARP table won't be pre-loaded, but it will add some protection against this particular DOS attack. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: limiting directed broadcasts with ipfw.

2002-06-27 Thread Lars Eggert
ted broadcasts where disabled by default to begin with (as required by RFC what-was-the-number-again, the one that updates that piece of RFC 1812). Have you *seen* your box forward directed broadcasts with a default configuration? Lars -- Lars Eggert <[EMAIL PROTECTED]>

Re: /usr/lib/libtelnet.a missing on 4.6?

2002-06-27 Thread Lars Eggert
ink it necessary for us to ship usr.bin/telnet any longer. Thanks, Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: source address based routing

2002-06-26 Thread Lars Eggert
addresses for DUMMY_NEXT_HOP > Plus, > I don't know how many DUMMY_NEXT_HOPs to allocate, as I would need one for > each tunnel I have set up, and the number of tunnels I set up is dependent > on the number of mobile's that come into the system (which is somewhat of an &g

Re: source address based routing

2002-06-26 Thread Lars Eggert
a next hop associated with it? Are you leaving the addresses unconfigured? Maybe you can still use ipfw like this: route add DUMMY_NEXT_HOP -interface GIF ipfw add fwd DUMMY_NEXT_HOP all from SOURCE to any Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Informat

Re: source address based routing

2002-06-26 Thread Lars Eggert
rewall forwarding will do that, see ipfw (8), esp. the fwd action. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: source address based routing

2002-06-26 Thread Lars Eggert
reasonable?? Yup, but I'm really too familiar with the routing or ipfw parts of the network stack. Ping Luigi? Lars PS: Minor nit: I'd overload the "fwd" action instead of creating a new one. -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

/usr/lib/libtelnet.a missing on 4.6?

2002-06-26 Thread Lars Eggert
hanks, Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: IPIP (kind of) with Payload Encryption only

2002-06-18 Thread Lars Eggert
only "optimizes" TCP - have you benmarked TCP vs. UDP performance over the link? (If so, you'll need to use a TCP tunnel.) Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: IPIP (kind of) with Payload Encryption only

2002-06-18 Thread Lars Eggert
ndshake (which is dumb, since stronger shared secrets need be in place anyway.) Archie's daemonnews article has an example of how to do UDP tunneling with netgraph, which nets about a 2x performance improvement over vtun (without encryption, haven't figured out how tie in ng_mppc). Lars

Re: netgraph encryption?

2002-06-14 Thread Lars Eggert
Archie Cobbs wrote: > Lars Eggert writes: > >>#11 0xc1be5bfc in ?? () >>#12 0xc01b622c in if_allmulti (ifp=0xc1be4300, onswitch=1) at >>../../net/if.c:1375 > > > Well, this is obvious by looking at it. > > ng_iface_ioctl() expects (in the case of SIOC

Re: netgraph encryption?

2002-06-14 Thread Lars Eggert
4b6e5 in ?? () #22 0x8055302 in ?? () #23 0x804b5d6 in ?? () #24 0x8048fc1 in ?? () -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: netgraph encryption?

2002-06-13 Thread Lars Eggert
ide, do netgraph interfaces have problems with multicast? I've seen crashes using both mrouted and pim6dd when I had a netgraph interface configured. I'll try to produce a dump next time. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: netgraph encryption?

2002-06-12 Thread Lars Eggert
ppp node above it. The packets I'd like to feed to an encryption node are UDP (and soon TCP and IP). Or am I wrong? Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

netgraph encryption?

2002-06-12 Thread Lars Eggert
Hi, anyone know of a netgraph node that implements decent-strength encryption (Blowfish, etc.)? Thanks, Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: netgraph documentation?

2002-06-04 Thread Lars Eggert
example) works fine between the same machines using the same addresses. Please let me know if there's anything I can do to help track this down. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: Dummynet WFQ

2002-06-04 Thread Lars Eggert
_poll() would fire on each poll while the queue is empty, so I guess I'll put the call at the end of the "while" loop in sis_txeof(), after the mbuf is freed. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: Dummynet WFQ

2002-06-04 Thread Lars Eggert
opular, aren't they! They are amazing, I'm really glad the folks on freebsd-small have pointed us at them. Only downside is that you go blind if you look at the case for too long :-) Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: Dummynet WFQ

2002-06-04 Thread Lars Eggert
Lars Eggert wrote: > I'm trying to merge this into the sis driver, which seems to batch > transmissions together. For clarification, do you expect one if_tx_rdy() > call per packet or one per batch? Per packet may result in a burst of > these calls, does dummynet handle th

Re: Dummynet WFQ

2002-06-04 Thread Lars Eggert
return > some results). I'm trying to merge this into the sis driver, which seems to batch transmissions together. For clarification, do you expect one if_tx_rdy() call per packet or one per batch? Per packet may result in a burst of these calls, does dummynet handle this? Tha

Dummynet WFQ

2002-06-03 Thread Lars Eggert
agine that extra uplink bandwidth would remain unused in this setup, right? Is it possible to do WFQ when the uplink bandwidth is unknown/unspecified? Thanks, Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: netgraph documentation?

2002-06-03 Thread Lars Eggert
gh about the netgraph internals to debug this further myself, but I'd be more than happy to do any tests that'd help you or someone else look into this. (I should probably mention that I'm using 4.5-RELEASE.) Thanks, Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: bridge code, tap or vtun issue on freebsd

2002-06-01 Thread Lars Eggert
g into replacing vtun with netgraph, which handles this (I hope, still evaluating), and should also have the additional benefit of being an in-kernel mechanism, thus saving two user/kernelmode switches per packet. Maybe netgraph might work for you, too. Lars -- Lars Eggert <[EMAIL PROTECTED]&

netgraph documentation?

2002-05-31 Thread Lars Eggert
: send msg: Operation not supported by device So I guess I have two questions: 1. Is there some other netgraph documentation out there that I don't knowe about? 2. Why can't I listen on a ksocket? Thanks, Lars -- Lars Eggert <[EMAIL PROTECTED]> USC In

Re: HEADS UP: ALTQ integration developer preview

2002-05-18 Thread Lars Eggert
uot; works against any other protocol as well, including TCP. If you can create collisions "at the right time", you can disable all retransmission schemes. The kicker is - how? Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: HEADS UP: ALTQ integration developer preview

2002-05-18 Thread Lars Eggert
fine in the majority of cases, and for slow receivers (the problem John Hay described), there's TCP mounts. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

RE: IPsec and dynamically assigned IPs

2002-05-16 Thread Lars Eggert
sport mode: If it isn't end-to-end, it's tunnel mode. Transport mode is allowed between a host pair only. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: application/pkcs7-signature

Re: tun device & IPv6

2002-05-15 Thread Lars Eggert
in > "multi-af" mode. The specific reason was that I didn't know about it :-) I'm currently patching net/vtund so it uses multi-af mode. Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature

Re: (KAME-snap 6384) Re: tun device & IPv6

2002-05-14 Thread Lars Eggert
and prepend/strip the address family on > the front of each packet (see bundle_Create() in > src/usr.sbin/ppp/bundle.c). Ah, that makes sense. The tag is so the tun device knows who to toss the packet to when it comes back from the process? Guess I'll have to patch vtund, then...

  1   2   >