re, it
was true some time ago...
--
// Lev Serebryakov
s very PPS-limited due to excessive logging? I thought, MPLS
is carrier-grade stuff, and netgraph is very limited now.
--
// Lev Serebryakov
77216
net.inet.tcp.sendspace=16777216
Removing them allows services to start.
But now my 10G performance is not the best again.
What happens to these sysctls? What is recommended values for 10G links now?
--
// Lev Serebryakov
define LINK_TABLE_OUT_SIZE4001
#define LINK_TABLE_IN_SIZE 4001
--
// Lev Serebryakov
signature.asc
Description: OpenPGP digital signature
(4001 + (maxusers-32)*8) so it grows with amount of physical
> memory
> and is kept small for low-memory systems.
IMHO, "maxusers" us useless now. It must be sysctl, as size of dynamic
state table of IPFW itself. I have low-memory system where WHOLE memory
is dedicated to firewall/
buckets in state hashtable by default. So
it could saturate 1GBps link if you have 10 TCP connections, but it
could not saturate 100Mbit if your have, say, 100K UDP streams.
I don't know about pf nat.
--
// Lev Serebryakov
signature.asc
Description: OpenPGP digital signature
atch 9 min_space
...
217104 pps instead of requested 744000! Generator could generate much
more if I have, say, switch on other side.
Is it limitation of 82574L or bug in driver?
--
// Lev Serebryakov
signature.asc
Description: OpenPGP digital signature
On 07.12.2018 18:02, Lev Serebryakov wrote:
>> (I'm not sure, that it is exactly "bug" or "defect" and want to
> ... discuss it here before filing PR.
>
>> Now I'm throwing IPsec into mix. All incoming traffic is tunneled with
>> IPs
On 07.12.2018 16:40, Lev Serebryakov wrote:
> (I'm not sure, that it is exactly "bug" or "defect" and want to
... discuss it here before filing PR.
> Now I'm throwing IPsec into mix. All incoming traffic is tunneled with
> IPsec policy, with aes-128-gcm
- Step = 1 Kpps
- Trend = increasing
- Measured forwarding rate = 86 Kpps
Estimated Equilibrium Ethernet throughput= 86 Kpps (maximum value seen:
120 Kpps)
--
// Lev Serebryakov
signature.asc
Description: OpenPGP digital signature
Hello Olivier,
Friday, November 30, 2018, 3:34:50 PM, you wrote:
>> I'm benchmarking different possible "native" VPN configurations and I have
>> gif(4) and gre(4) with and without IPsec in my battery. I have tunnel mode
>> IPsec too. Problem with gif(4) and gre(4) that hey are tremendously
Hello Eugene,
Friday, November 30, 2018, 1:28:29 PM, you wrote:
>>> It is possible and it is the way I use extensively for long time since very
>>> old
>>> FreeBSD versions having KAME IPSEC and it works with 11.2-STABLE, too.
>> Eugeny, please note, that your example have SA and SPDs with sam
Hello Eugene,
Friday, November 30, 2018, 4:06:11 AM, you wrote:
>> My SAs and SPDs looks like this (for UDP only, for tests):
>>
>> Host A:
>>
>> add 10.2.0.1 10.2.0.2 esp 0x10001 -m transport -E null "";
>> add 10.2.0.2 10.2.0.1 esp 0x10001 -m transport -E null "";
>>
>> spdadd 10.1.0.0/24 10.1
Hello Freebsd-net,
I have two router like this:
[NET 10.1.0.0/24] <-> (10.1.0.1 HOST A 10.2.0.1)
<->
(10.2.0.2 HOST B 10.10.10.1) <-> [NET 10.10.10.0/24)
Both HOST A and HOST B tun FreeBSD, both are routers (forwrading is
enabled), host A has "route -net 10.10.10.0/24 10.2.0.2" and host B h
ut it doesn't help.
Do I have any chances to get netmap supported (maybe, not very
efficient) on this NIC?
--
// Lev Serebryakov
signature.asc
Description: OpenPGP digital signature
his flap for most of capabilities of these cards.
IMHO, it is regression.
--
// Lev Serebryakov
signature.asc
Description: OpenPGP digital signature
gress?
Maybe. We need iflib/e1000 professionals here.
> Or maybe the interface is down while TX is stuck (thus preventing progress)?
Nope, it is up for sure. If I ^C pkt-gen it could be run again and
works again, with same problem when it try to stop.
--
// Lev Serebryakov
signature.asc
Description: OpenPGP digital signature
Hello Freebsd-net,
Is `pkt-gen' (for netmap) supported on FreeBSD?
${SRCTOP}/tools/tools/netmap/pkt-gen.c is very old and could not be built
(I've checked stable/11, stable/12 and head).
${PORTS}/net/pkt-gen is not so old, but more than year old + patches
pkt-gen from github could be built
Hello Freebsd-net,
I'm setting up simple experiment:
Host A with em0 and ix0 (12.BETA2)
Host B with igb1 and ix0 (11.2-STABLE)
A:em0 is connected to B:igb1
A:ix0 is connected to B:ix0
Host B has static ARP for 192.168.10.2-192.168.10.9 set to A:ix0's MAC.
Host B has forwarding enabled.
Hello Vincenzo,
Friday, November 2, 2018, 5:43:16 PM, you wrote:
> It looks like there is not enough memory for netmap to allocate its data
> structures.
And with latest pkt-gen from github I get this:
240.075736 [2096] netmap_ioctl API mismatch for igb1 got 12 need 11
Why?! H
tmap.no_timestamp: 0
dev.netmap.verbose: 0
dev.netmap.ix_rx_miss_bufs: 0
dev.netmap.ix_rx_miss: 0
dev.netmap.ix_crcstrip: 0
#
--
// Lev Serebryakov
signature.asc
Description: OpenPGP digital signature
On 02.11.2018 14:31, Lev Serebryakov wrote:
> $ sudo ./pkt-gen -f rx -i igb1
and pkt-gen from ports complains about invalid interface:
622.603767 main [2699] interface is igb1
622.603783 main [2824] using default burst size: 512
622.603786 main [2832] running on 1 cpus (have 4)
622.603
Cannot allocate RX_ring
529.315433 [ 609] netmap_obj_malloc netmap_ring request size
65792 too large
529.316256 [1464] netmap_mem2_rings_create Cannot allocate RX_ring
--
// Lev Serebryakov
signature.asc
Description: OpenPGP digital signature
other «embedded» hardware manufacturers. And don't
ask me about desktop MoBos :-)
--
// Lev Serebryakov
signature.asc
Description: OpenPGP digital signature
On 26.10.2018 15:30, Lev Serebryakov wrote:
> I have "router" with two em (82574L) NICs. It has dual-core CPU and
> each NIC creates two receive and two transmit queues:
>
> $ sysctl dev.em | grep queue | grep _irq
> dev.em.1.queue_rx_1.rx_irq: 0
> dev.em.1.que
What are right conditions to spread such traffic per queues and cores?
--
// Lev Serebryakov
signature.asc
Description: OpenPGP digital signature
this line.
Unfortunately, other party of this contention is not so obvious.
Flame graph without TCO could be found here:
http://lev.serebryakov.spb.ru/_sklad/gif-stacks/no-tco/gif.1280.nuttcp.send.no-tco.svg
It looks very suspicious to me.
BTW, if_gre has exactly same problem.
--
Hello Eugene,
Saturday, October 20, 2018, 2:23:29 AM, you wrote:
> You do not need to micro-control this. The wrk provides you with nice stats
> plus you have counters of "systat -ifstat 1" during long test.
>> All these tools — wrk, nginx — are optimized for many concurrent
>> connections on p
Hello Eugene,
Saturday, October 20, 2018, 12:18:01 AM, you wrote:
Please note, that I'm testing endpoint, not a router, so netmap-based
packet generators & receivers is no use for me, unfortunately.
>>> Try benchmarks/wrk. It works pretty well for speeds lower than 40Gbit/s
>>> but its
Hello Eugene,
Friday, October 19, 2018, 10:45:50 PM, you wrote:
>> Please note, that I'm testing endpoint, not a router, so netmap-based
>> packet generators & receivers is no use for me, unfortunately.
> Try benchmarks/wrk. It works pretty well for speeds lower than 40Gbit/s
> but its version
ase note, that I'm testing endpoint, not a router, so netmap-based
packet generators & receivers is no use for me, unfortunately.
--
// Lev Serebryakov
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-
Now, when FreeBSD 12 have ChaCha20 and Poly1305 support in kernel, are
here any plans to add support of RFC7634 to IPsec?
--
// Lev Serebryakov
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To
Hello Eugene,
Saturday, October 13, 2018, 6:35:38 PM, you wrote:
>>> erj@ just did it, try updating to r339338
>> Are you sure?
> Sorry, I missed you need an update to all of ix/em/igb.
Yep, I have problem with em and igb, as I reported in this PR. I can not
reproduce it in ix, but I'm sure it
Hello Eugene,
Saturday, October 13, 2018, 10:04:26 AM, you wrote:
>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=231659
>>
>> --- Comment #43 from Lev A. Serebryakov ---
>> (In reply to Eric Joyner from comment #36)
>> Yess!
>>
>> It helps em0 to pass all my torture tests (when I commen
reproduce this crash on 11.2-STABLE, so it is regression.
I could provide kernel binaries and corresponding crashdumps, test any
patches, etc.
--
// Lev Serebryakov
signature.asc
Description: OpenPGP digital signature
I have reproducible crash of ALPHA7 when I try to benchmark IPsec.
Could somebody look at it? I could provide additional info, if needed.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=231659
--
// Lev Serebryakov
___
freebsd-net@freebsd.org
onfig igb0 mtu 1500 down up
ifconfig igb0 mtu 9000 down up
it is limited again, looks like this action sequence reset flow control
setting (but not sysctl, it is still 0).
sysctl dev.igb.0.fc=3 dev.igb.0.fc=0
helps till next MTU switch.
--
// Lev Serebr
Hello Lev,
Saturday, September 22, 2018, 11:52:07 PM, you wrote:
> Any hints?
I don't know why, but "server" host could not send more than 710Mbit/s with
Ethernet flow control turned on. Turning flow control off helps.
--
Best regards,
Levmailto:l...@freebsd.org
Hello Lev,
Saturday, September 22, 2018, 11:52:07 PM, you wrote:
> Yes, I know, that CPUs on these systems are very different, but looks like
> it is driver regression.
I prove myself wrong. 11.2-RELEASE memstick shows same speed skew.
--
Best regards,
Levmailto:
Hello Net,
I have two systems with almost identical NICs: one with igb, chip=0x15338086,
with FreeBSD
11-STABLE and other with igb, chip=0x157b8086 and FreeBSD 12-ALPHA6
installed.
All options are turned ON, mtu=9000 on both ends.
When I send single TCP stream from 12-ALPHA6 to 11-STABLE I
ork_exit() at fork_exit+0x84/frame 0xfe44aab0
fork_trampoline() at fork_trampoline+0xe/frame 0xfe44aab0
--
// Lev Serebryakov
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send
dev.em.1.iflib.tx_abdicate: 0
dev.em.0.iflib.tx_abdicate: 0
makes worse, not better (100% CPU load by `kernel{if_io_tqg_X}' even
under very light traffic load).
--
// Lev Serebryakov
signature.asc
Description: OpenPGP digital signature
your hardware.
>
> Regards,
> Kevin
>
> On Tue, Jul 17, 2018 at 6:03 AM, Lev Serebryakov wrote:
>> On 17.07.2018 10:54, Eugene Grosbein wrote:
>>
>>>> I have "SOHO" router on Atom D2500 with FreeBSD CURRENT. It runs
>>>> CURRENT for very lo
272K - 1 291.8H 95.31% kernel{if_io_tqg_1}
>> 100082 root -76 - 0K 272K - 0 297.7H 95.20% kernel{if_io_tqg_0}
>>
>> And it is new to me.
>
> I'm sure you will get it solved more quick if you perform bisection of
> revision
> even though
On 13.07.2018 14:10, Lev Serebryakov wrote:
> when system is unresponsive I see this in `top -SH`
>
> 100083 root -76 - 0K 272K - 1 291.8H 95.31% kernel{if_io_tqg_1}
> 100082 root -76 - 0K 272K - 0 297.7H 95.20% kernel{if_io_tqg_0}
>
> And it is new to me.
load (pure transit traffic).
when system is unresponsive I see this in `top -SH`
100083 root -76 - 0K 272K - 1 291.8H 95.31% kernel{if_io_tqg_1}
100082 root -76 - 0K 272K - 0 297.7H 95.20% kernel{if_io_tqg_0}
And it is new to me.
--
// Lev Serebryakov
signature.asc
D
pa
;; 18.134.168.192.in-addr.arpa. IN PTR
18.134.168.192.in-addr.arpa.3079IN PTR
sandcat.home.serebryakov.spb.ru.
--
// Lev Serebryakov
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To u
On 20.11.2017 19:27, Ryan Stone wrote:
> Please try the following patch. It should resolve your issue:
> https://people.freebsd.org/~rstone/patches/e1000-9k.diff
Thank you, I'll try! Really, typically I don't have this problem for
~week after reboot, so results will be la
On 09.11.2017 23:17, Lev Serebryakov wrote:
Looks like I know where it spent all time. I've used 'pmcstat' and got
very suspicious flamegraph. Looks like problem is on codepath which lies
through
igb_refresh_mbufs
m_getjcl
uma_zalloc_arg
[zone_alloc_item]
zone_import
ml
>
> Finally you should need to apply r307551 + r324179/r324193.
These fixes for situation when here is pure 100% load and it could not
be fixed without reboot. My case is "near 100%" load and it heals itself
after some time (hours).
--
// Lev Serebryakov
signature.asc
Description: OpenPGP digital signature
On 09.11.2017 23:23, Michael Sierchio wrote:
Nope.
> Is device polling enabled?
>
> - M
>
> On Thu, Nov 9, 2017 at 12:17 PM, Lev Serebryakov wrote:
>
>>
>> I still have problems with my E-1220v3 server equipped with Intel I210
>> adapter. It can not be l
this state timeouts ssh connections):
% sysctl -a | grep igb | xz -9 > (attached)
--
// Lev Serebryakov
igb.sysctl.txt.xz
Description: Binary data
signature.asc
Description: OpenPGP digital signature
hread_loop fork_exit
fork_trampoline
11 100060 intr irq278: igb0:que 2 mi_switch ithread_loop fork_exit
fork_trampoline
11 100062 intr irq279: igb0:que 3 mi_switch ithread_loop fork_exit
fork_trampoline
%
--
// Lev Serebryakov
signature.asc
Description: OpenPGP digital signature
coded.
--
// Lev Serebryakov
signature.asc
Description: OpenPGP digital signature
/s? Really? Looks like a bug.
--
// Lev Serebryakov
signature.asc
Description: OpenPGP digital signature
Hello Freebsd-net,
I have "em1" interface which is container for several vlans, but it doesn't
need any special configuration and it doesn't need IPv4 or IPv6 address.
If I write this in /etc/rc.conf:
ifconifg_em1=""
vlans_em1="isp1 isp2"
create_args_isp1="vlan 10"
create_args_isp2="vlan 20"
Bith systems in question have another
connection to common routable network (1G) with router, announces (with
other prefix, of course), etc.
--
// Lev Serebryakov
signature.asc
Description: OpenPGP digital signature
Hello Freebsd-net,
I have Point-to-Point Ethernet connection one end of which FreeBSD 11, an
other end is Windows. It is, really, patch-cord between tow systems, not a
some tunnel, but physical Ethernet cards.
I want to announce IPv6 Prefix to Windows. FreeBSD system has other live
interfa
Hello Kevin,
Sunday, January 15, 2017, 1:03:16 PM, you wrote:
> Intel is overpriced and still riding their Ethernet reputation from well
> over a decade ago with little to show for it. I would recommend cxgbe
> anything, so Chelsio T420 and up. The T520-SO-CR is within reason for
> demanding ho
Hello Wonko,
Sunday, January 15, 2017, 3:33:35 PM, you wrote:
It is what I want to know! :)
> How good is FreeBSD's mellanox support? You can get a ConnectX-2 EN for
> $15 on eBay and they are amazing cards.
--
Best regards,
Levmailto:l...@freebsd.org
Hello Freebsd-net,
I want to attach my DIY-NAS (FreeBSD-based) to my desktop (Windows-based)
with 10Gb link. I could not afford 10Gb switch for sure. So, it will be
point-to-point connection only for my desktop and not other computers in my
house.
Also, I could not use my current twisted p
Hello Hiroki,
Wednesday, January 11, 2017, 2:43:28 AM, you wrote:
> What happens by typing the following command?
> % ping6 ff02::1%em1
% ping6 ff02::1%em1
PING6(56=40+8+8 bytes) fe80::225:90ff:fe24:6bf8%em1 --> ff02::1%em1
16 bytes from fe80::225:90ff:fe24:6bf8%em1, icmp_seq=0 hlim=64 time=0.
fix, don't get global address (and
shows only link-local one)and "tcpdump -n -i em1 icmp6" shows nothing at
all! IPv4 works fine, though.
What do I do wrong? Is it known issue of 82574L?
I'm running 10-STABLE r311462.
--
// Lev Serebryakov AKA Black Lion
signature.asc
Description: OpenPGP digital signature
reass code
> messes around with layer2...
Looks like, reass messes around with anything but ip4 in one way or
other.
- --
// Lev Serebryakov
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
iQJ8BAEBCgBmBQJU2gwHXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZml
> other hand...
reass works for me, but kills all IPv6 packets, so it should be "reass
ip4 from any to any in [recv $iface]"
- --
// Lev Serebryakov AKA Black Lion
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
iQJ8BA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 05.02.2015 01:16, Lev Serebryakov wrote:
> I have such rules in my firewall:
>
> nat 9 config redirect_port tcp 192.168.134.2:16881 16881
> redirect_port udp 192.158.134.2:16881 16881 redirect_port tcp
> 192.168.134.2:22 2
&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 05.02.2015 01:16, Lev Serebryakov wrote:
> nat 9 config redirect_port tcp 192.168.134.2:16881 16881
> redirect_port udp 192.158.134.2:16881 16881 redirect_port tcp
> 192.168.134.2:22 2
Also, if I add "log" to this config
t work.
Rule 30050 (udp one) HAS counters increased, but what is REALLY
strange, is that 11040 and 11050 (two NAT actions) always have SAME
counters, as if 11040 never change destination address. Nut 30050 sees
some packets!
Is "nat redirect_port tcp" broken in -CURRENT or do I do
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03.02.2015 19:55, Lev Serebryakov wrote:
>> Ok, "allow-state"/"deny-state" was very limited idea. Here is
>> more universal mechanism: new "keep-state-only" (aliased as
>> "record-o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03.02.2015 19:13, Lev Serebryakov wrote:
> Ok, "allow-state"/"deny-state" was very limited idea. Here is more
> universal mechanism: new "keep-state-only" (aliased as
> "record-only") option,
pid "skipto", no "keep-state" at "incoming from local
network" parts of firewall, nothing!
P.S. I HATE this "all any to any" part!
- --
// Lev Serebryakov
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
iQJ8BAEBCgBmBQJU0POaXxSAAC4AKGlzc3Vlc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03.02.2015 12:30, Lev Serebryakov wrote:
> "keep-state". Problem is, it adds "if" branch for EACH action (in
> kernel code). IMHO, it is very prohibitive. I've though about
> that, but decide it is too expen
so you
could not have ANOTHER "keep-state" before NAT in outgoing part or you
miss nat completely (sate is created in outgoing path, and then
checked before nat in outgoing path with "keep-state", gr, ugly!).
- --
// Lev Ser
7;t solve problem of ugliness of hacks we
need use to add statefullness.
> looking at my own rules I don't seem to have a problem..
You have "check-state" only once, on entrance, before all NATs, so
it could work only for packets which don't need NAT. And looks like
(corr
d looks like, it is possible.
Please, look at sys/netinet/ip_output.c, lines 493-535.
It checks, did packet filter change (a) destination address or (b)
FIB, and if it does, it re-run routing decision.
So, it will work "as expected" and only documentation need fix :)
- --
// Lev Se
000 state-allow from any to any // keep-state is implied
add 2010 nat NR from any to any // No "out" here!
add 2020 allow all from any to any
add 3000 nat NR from any to any
add 3010 check-state // Use dynamic rule based on 2000 as "allow" here
What do you think?
- --
//
cquire
configuration information from my ISP, but apply "default route" not
to default FIB. It is why I mention "/etc/dhclient.conf" :)
- --
// Lev Serebryakov
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
iQJ8BAEBCgBmBQJUz3o+XxSAAC4AKGlzc3V
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Is it possible to add routes, passed from DHCP server, not to default
FIB but to FIB specified in /etc/dhclient.conf?
- --
// Lev Serebryakov AKA Black Lion
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32
ing table) fibnum in
any subsequent forwarding decisions.""
But according to ip_output.c (around line 527) "setfib" FORCES to
make NEW decision!
Do I read sources right? Maybe, wording in ipfw(8) should be changed?
- --
// Lev Serebryakov AKA Black Lion
-B
ough.
Could you please show variant for 4 ISP links? :)
- --
// Lev Serebryakov
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
iQJ8BAEBCgBmBQJUy6WZXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFF
QUIwM0M1OEJGREM0Nzh
inwards and outwards
> packets for the external interface into two different sets of
> rules (and another set for other interfaces).
Yep, it is exactly what I do, these two groups of rules are not only
rules, of course.
- --
// Lev Serebryakov AKA Black Lion
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 30.01.2015 03:37, Lev Serebryakov wrote:
> Is here better way to have nat and stateful ruleset?
Actions like "create-dyn-allow" and "create-dyn-deny" will be very
nice, BTW :) But looks like it is hard to add, a
become even worse, as rul 12700 doesn't see second
outbound packet (because it is intercepted by "nat global") and TTL of
dynamic rule becomes 10 seconds! I don't see any way to achieve my
goal with "nat global", exactly because "skipto keep-state" should
; (it doesn't have UDP
header!), it doesn't pass through stateful firewall... I see now.
Thank you.
> You can add something like the following to the start of the IPFW
> ruleset to work around it (one for each NIC):
>
> $IPFW add reass ip from any to any in recv $NIC0 $IPFW
re
> reliably.
Unfortunately, I need recursive resolver for my network and
authoritative server (with views!) on one host. unbound could not do
that, so I'm using bind from ports on CURRENT.
- --
// Lev Serebryakov
-BEGIN PGP SIGNATURE-
Version: GnuPG
cmd
;; connection timed out; no servers could be reached
%
Problem is, latest bind (9.9 from ports) send such requests over UDP,
not TCP.
Is it Ok? Is it misconfiguration of my networks (I have such problem
in tow different installations) or something?
- --
// Lev Serebryakov
-BEGIN PG
uter" option
could be different (looks like load-balancing).
Is here any way to solve this "source based routing" problem without
changing rules in firewall on each DHCP lease re-acquisition?
- --
// Lev Serebryakov
-BEGIN PGP SIGNATURE-
Version: GnuP
nux. For
example, here are script (jvpn.pl), which emulates browser, but it
loads Linux-specific share object from browser plugin (libncui.so) and
calls Linux binary (ncsvc), and it will not natively work under FreeBSD.
Linux emulator is my last resort, but maybe, here are some other ways?
- --
cOS X / Linux), as tunnel is created
via binary browser plugin.
Is it possible to emulate this on FreeBSD? rdesktop from ports should
work as client, as I access standard Windows system, but I need some
way to emulate this VPN tunnel. Is it possible?
- --
// Lev Serebryakov
-BEGIN PGP SIGN
oth uses DHCP!), for example.
--
// Black Lion AKA Lev Serebryakov
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
FreeBSD?
hp> I'd guess there is nothing wrong in having this as a cc module.
hp> Someone has to do the necessary legwork :-)
The problem is it seems that "someone" needs to extend set of hooks in
mod_cc substantially. It is more than "write one more mod
/tcp_ledbat.c),
but it uses much more "callbacks" from TCP/SCTP core to CC module, that
FreeBSD has.
Does somebody evaluate, is it possible to bring LEDBAT to FreeBSD?
--
// Black Lion AKA Lev Serebryakov
___
freebsd-net@freebsd.org ma
nderstand, removable storage (USB sticks, all
assortment of cards and cardreaders, optical discs, external USB HDD
enclosures and things like this) is much more frequent than NFS in these
days :)
--
// Black Lion AKA Lev Serebryakov
___
f
with amd-mounted share (and NFS client complains on
timeouts after that).
Is it known problem? Does somebody use amd(8) these days?
Does new "automound(8)", which "compatible with its counterparts in OS X,
Solaris, and Linu
6 address goes to this interface) that is required by the default
XL> route.
It is why I need patch network.subr after each upgrade on all my Hetzner
servers: they use IPv6 default route pointed to static route (not link-local
one)...
--
// Black Lion
g like
this), and even now ASUS often uses Realtek chips, and before this, Realtek
was installed on 95% of desktop, office and home (low- and mid-range) MoBos
--
// Black Lion AKA Lev Serebryakov
___
freebsd-net@freebsd.org mailing list
http://lists.freeb
gments (via VLANs), so there WAS NO routing at all, and now it
is two segments, which needs routing between them. But, maybe, I
understood John-Mark Gurney wrong, and they had two broadcast domains on
one network (and double-addressed interface in router).
--
// Black Lion AKA Lev Serebryakov
these two segments and/or
requires managed switches.
--
// Black Lion AKA Lev Serebryakov
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
is still
valid for them. Or we should store lists of sockets in routing and ARP
tables... I don't know, what is worse.
--
// Black Lion AKA Lev Serebryakov
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebs
mes" in account).
Nothing was changed in settings for long time.
How could I determine, which connections (listen port, at least) cause
these messages?
--
// Black Lion AKA Lev Serebryakov
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.
1 - 100 of 217 matches
Mail list logo
