Re: bridge(4) VLAN filtering

s for working on this. Any idea what the overhead is wrt packet forwarding rate? Any performance numbers comparing your bridge access port feature vs vlan + bridge? -Matthew

Re: Bind fails in jail with assigned IP address

interface and a separate network interface, typically using epair(4) so you should avoid the silent rewriting of wildcard addresses that is causing you such difficulty. See: https://wiki.freebsd.org/Jails/VNET /usr/src/share/examples/jails/jib Cheers, Matthew

Re: Socket option to configure Ethernet PCP / CoS per-flow

two priorities are given, packets which have a TOS of    lowdelay and TCP ACKs with no data payload will be assigned to the    second one. Hope this helps, -Matthew ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org

Re: FreeBSD TCP/IP Tasks I (a contributor) could work on?

cts/PSPAT -Matthew ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: pf, stateful filter and DMZ

. Cheers, Matthew ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: pf, stateful filter and DMZ

will keep state by default unless you disable ( w/ no keep state ), so return packets will pass ( icmp from inside to dmz | any from dmz to inside ). You could broaden the match criteria by dropping the from/to selectors. -Matthew ___ freebsd

Re: CARP and NAT question

On 10/9/2019 2:50 PM, Julian Elischer wrote: On 10/9/19 2:34 AM, Julien Cigar wrote: On Tue, Oct 08, 2019 at 01:05:37PM -0700, Julian Elischer wrote: On 10/8/19 8:58 AM, Julien Cigar wrote: On Tue, Oct 08, 2019 at 10:20:34AM -0500, Matthew Grooms wrote: Hi Julien, Hi Matthew, It'

Re: CARP and NAT question

On 10/9/2019 4:10 AM, Julien Cigar wrote: On Tue, Oct 08, 2019 at 11:22:51AM -0500, Matthew Grooms wrote: On 10/8/2019 10:58 AM, Julien Cigar wrote: On Tue, Oct 08, 2019 at 10:20:34AM -0500, Matthew Grooms wrote: Hi Julien, Hi Matthew, It's not clear why you are trying to assign mul

Re: CARP and NAT question

On 10/8/2019 10:58 AM, Julien Cigar wrote: On Tue, Oct 08, 2019 at 10:20:34AM -0500, Matthew Grooms wrote: Hi Julien, Hi Matthew, It's not clear why you are trying to assign multiple carp IP address to two different interfaces from within the same IP subnet. Are you trying to fail over

Re: CARP and NAT question

dress, assign a 2nd alias to your first interface. If your trying to improve throughput/redundancy, assign both interfaces to a lagg and build your carp interfaces on top of that instead. -Matthew On 10/8/2019 8:48 AM, Julien Cigar wrote: Hello, I'd like to NAT outbound traffic from two

Re: IPv6 userland cleanup

already is a ndp(8) -- was there anything missing from it? As far as I can see about the only thing in arp(8) not in ndp(8) is libxo support. Cheers, Matthew signature.asc Description: OpenPGP digital signature

Re: FCP-0101: Deprecating most 10/100 Ethernet drivers

On Thu, Oct 4, 2018 at 12:55 PM Doug Hardie wrote: > > I have a number of production servers that only have bge and I don't see that > listed in either category. None of them are running FreeBSD 12 yet as it has > not been released. Also there are some with rl. Those are add-on boards so > t

Re: Panic during ci test run

This isn't reproducing it for me. I'll need more specifics on your configuration. -M On Sat, Aug 11, 2018 at 2:04 AM Kristof Provost wrote: > The fibs_test:subnet_route_with_multiple_fibs_on_same_subnet test > (/usr/tests/sys/netinet/) consistently provokes a panic. > > Note that this requires:

Re: pf: Efficiently specifying discontinuous IPv6 ranges

dball address. Cheers, Matthew ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: On fresh 11.1 install, unbound(8) config is totally non-functional

ive to the chroot directory. That's probably something like /var/unbound/var/log/unbound.log for the configuration you've shown. Cheers, Matthew signature.asc Description: OpenPGP digital signature

Re: Ipv6 / DNS questions

not to have your MAC address available as a tracking cookie when acting as a web client. It's not intended for use on a web server. Even if you do turn it on IIRC the effect is to add alias IPs on that network interface, alongside the standard address that SLAAC would generate anyhow.

Re: Ipv6 / DNS questions

e to use nsupdate(1) you could fairly easily add a 'dns-update' rc script on your host to push the hosts' IPv6 address into the DNS. The other fairly common approach would be to use a network configuration system like ansible or puppet that can gather facts about a machine (s

Re: HEADS-UP: IFLIB implementations of sys/dev/e1000 em, lem, igb pending

> A flame graph for the core cycle count and a flame graph with cache miss > stats from pmc would be a great start. > > > ​I didn't know the exact event name to use for cache miss stats, but here > are the flame graphs for CPU_CLK_UNHALTED_CORE: > http://dev.bsdrp.net/netgate.r311848.C

Re: HEADS-UP: IFLIB implementations of sys/dev/e1000 em, lem, igb pending

> > I can generate profiling data for you: what kind of data do you want ? > > > A flame graph for the core cycle count and a flame graph with cache miss stats from pmc would be a great start. ___ freebsd-net@freebsd.org mailing list https://

Re: HEADS-UP: IFLIB implementations of sys/dev/e1000 em, lem, igb pending

You can still explicitly set the number of descriptors. It is now reported under the dev sysctl tree. dev... -M On Wed, 11 Jan 2017 12:34:23 -0800 Olivier Cochard-Labbé wrote > > On Wed, Jan 11, 2017 at 9:13 PM, Matthew Macy wrote: > > > Hmmm ... did your

Re: HEADS-UP: IFLIB implementations of sys/dev/e1000 em, lem, igb pending

On Wed, 11 Jan 2017 12:02:06 -0800 Sean Bruno wrote > > > On 01/11/17 12:47, Olivier Cochard-Labbé wrote: > > On Wed, Jan 11, 2017 at 4:17 PM, Sean Bruno > > wrote: > > > > > > > > Olivier: > > > > Give this a quick try.

Re: HEADS-UP: IFLIB implementations of sys/dev/e1000 em, lem, igb pending

> > x head r311848: packets per second > + head r311849 and BAR patch: packets per second > +--+ > |++++ + xxx x x| > |

Re: HEADS-UP: IFLIB implementations of sys/dev/e1000 em, lem, igb pending

On Wed, 11 Jan 2017 01:23:46 -0800 Olivier Cochard-Labbé wrote > On Tue, Jan 10, 2017 at 4:31 AM, Sean Bruno wrote: > > > > > I've updated sys/dev/e1000 at svn R311849 to match Matt Macy's work on > > IFLIB in the kernel. > > > > At this point, the driver deviates from Int

Re: callout_drain either broken or man page needs updating

On Fri, 15 Jul 2016 01:43:03 -0700 Gleb Smirnoff wrote > On Thu, Jul 14, 2016 at 10:14:46PM -0700, Matthew Macy wrote: > M> > On 07/15/16 05:45, Matthew Macy wrote: > M> > > glebius last commit needs some further re-work. > M> > &

Re: callout_drain either broken or man page needs updating

On Thu, 14 Jul 2016 21:21:57 -0700 Hans Petter Selasky wrote > On 07/15/16 05:45, Matthew Macy wrote: > > glebius last commit needs some further re-work. > > Hi, > > Glebius commit needs to be backed out, at least the API change that > chang

Re: refcnt 0 on LLE at boot....

On Thu, 07 Jul 2016 06:36:19 -0700 Larry Rosenman wrote > Thanks for that. I've added myself to the cc list, and a comment about > having 2 vmcore's. > This was introduced by 302350. It broke the return value of callout_{stop,drain}. returning 1 even if the callout system

callout_drain either broken or man page needs updating

Upon updating my drm-next branch to the latest -CURRENT callout_drain returning no longer means that the function was in fact pending when it was called. This little bit of code will panic because dwork->wq is NULL, because the callout was _not_ in fact enqueued. So either it's no longer possi

Re: EBR fix for life cycle races was Re: panic with tcp timers

On Tue, 28 Jun 2016 23:19:45 -0700 Matthew Macy wrote > > > > On Tue, 28 Jun 2016 15:51:57 -0700 K. Macy wrote > > > On Tue, Jun 28, 2016 at 10:51 AM, Matthew Macy wrote: > > > > You guys should really look at Sam

EBR fix for life cycle races was Re: panic with tcp timers

On Tue, 28 Jun 2016 15:51:57 -0700 K. Macy wrote > On Tue, Jun 28, 2016 at 10:51 AM, Matthew Macy wrote: > > You guys should really look at Samy Bahra's epoch based reclamation. I > > solved a similar problem in drm/linuxkpi using it. > > The

Re: panic with tcp timers

You guys should really look at Samy Bahra's epoch based reclamation. I solved a similar problem in drm/linuxkpi using it. -M On Tue, 28 Jun 2016 02:58:56 -0700 Julien Charbon wrote > > Hi Randall, > > On 6/25/16 4:41 PM, Randall Stewart via freebsd-net wrote: > > Ok

Re: Problem with VLAN config and traffic after 10.1-R -> 10.3-R-p5 Upgrade?

On 06/23/16 14:04, Karl Pielorz wrote: > Any chance you can send us a snippet of how they're setup in > '/etc/rc.conf' if it's different. It's all in the PR Cheers, Matthew signature.asc Description: OpenPGP digital signature

Re: Problem with VLAN config and traffic after 10.1-R -> 10.3-R-p5 Upgrade?

fferently so that they end up with a name like 'vlan123' rather than 'lagg0.123' -- if that difference is significant then it maybe gives you an alternate workaround to running your interfaces promiscuously. Cheers, Matthew signature.asc Description: OpenPGP digital signature

Re: Getting CARP to broadcast on a different interface

never announce unless the master node fails to suppress it. -Matthew ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: Getting CARP to broadcast on a different interface

omeone has written a multicast relay daemon that works in a similar fashion. If so, you could use it to forward CARP traffic to a peer. Super ugly, but it would probably do the trick in this scenario. -Matthew On 6/8/2016 9:56 AM, Niklaas Baudet von Gersdorff wrote: Trond Endrestøl [2016-06-08 1

VLANs are broken in HEAD

0518) but not with > 20160429, so it is fairly recent. > > Thanks, > Jeff > > -Original Message- > From: Pieper, Jeffrey E > Sent: Wednesday, May 18, 2016 5:08 PM > To: 'Matthew Macy' > Cc: Scott Long > Subject: RE: Dr

Re: Persist ifconfig aliases after disconnect

Assigning a static address and not using DHCP seems to have fixed the problem Thank you for the help. On 22 April 2016 at 23:23, Ryan Stone wrote: > When you say the "connection drops", do you mean that the NIC loses link and > then has it comes back? Are you using DHCP to get the main address?

Persist ifconfig aliases after disconnect

Hi all, on my FreeBSD 10.3-RELEASE server I have a few jails running. To assign them IP addresses, I set aliases on the interface: ifconfig_re0_alias0="inet 192.168.1.200 netmask 0x" This works great until the connection drops and comes back up again, the alias goes away. If I run if

Re: 10.2-RELEASE-p12 pf+GRE crashing

On 2/3/2016 6:47 PM, Matthew Grooms wrote: This turned out to be another issue that was patched in head but not back ported to stable. I can't explain why it didn't get tripped when GRE tunnels were disabled. With the patch applied, I can reload my rule sets again without crashing .

Re: 10.2-RELEASE-p12 pf+GRE crashing

On 2/3/2016 4:56 PM, Matthew Grooms wrote: All, I recently upgraded a pair of 10.0-RELEASE firewalls in the hope that I could avoid the local patching required to keep it up and running. Unfortunately, it crashes whenever I reload my pf firewall rule set. If I remove the GRE tunnel

10.2-RELEASE-p12 pf+GRE crashing

ymbols for /boot/kernel/if_gre.ko.symbols #0 doadump (textdump=) at pcpu.h:219 219 pcpu.h: No such file or directory. in pcpu.h Any help in resolving this would be greatly appreciated. -Matthew ___ freebsd-net@freebsd.org mailing list http

Re: pf state disappearing [ adaptive timeout bug ]

On 1/22/2016 3:35 PM, Nick Rogers wrote: On Thu, Jan 21, 2016 at 11:44 AM, Matthew Grooms wrote: # pfctl -si Status: Enabled for 0 days 02:25:41 Debug: Urgent State Table Total Rate current entries77759 searches

Re: pf state disappearing [ adaptive timeout bug ]

On 1/21/2016 11:04 AM, Nick Rogers wrote: On Wed, Jan 20, 2016 at 2:01 PM, Matthew Grooms wrote: All, I have a curious problem with a lightly loaded pair of pf firewall running on FreeBSD 10.2-RELEASE. I'm noticing TCP entries are disappearing from the state table for no good reason t

pf state disappearing

ng that would cause the state entry to be removed? Maybe there was a bug has been fixed recently that would cause this behavior? I'd be very grateful for any input that would help me track down or resolve this problem. Thanks in advance, -Matthew _

Re: Have I got this VIMAGE setup correct?

gure a MAC address > using /etc/start_if.epairNb to ensure that it's globally unique, but > then everything seems to work. I hardcode (well, dynamically generated hardcoded) MAC addresses on the epair's in the setup script, since <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=18414

Re: IPFW blocked my IPv6 NTP traffic

rt 16205. Is something screwy with ntpd in > CURRENT? NTP not using port 123 as the source port usually indicates that it is behind a NAT gateway at the other end. It's harmless and fairly common. Cheers, Matthew signature.asc Description: OpenPGP digital signature

Re: who uses this port?

the connection state yet. It's normal. You might find that adjusting the net.inet.tcp.fast_finwait2_recycle sysctl makes these old entries get cleared more promptly. Cheers, Matthew signature.asc Description: OpenPGP digital signature

Re: Routing IPv6 over tun0 (PPPoE) issue

t this should be from a distinct subnet to the block you're using internally. Hmmm you do have 'gateway_enable="YES"' and 'ipv6_gateway_enable="YES"' in your /etc/rc.conf ? Cheers, Matthew signature.asc Description: OpenPGP digital signature

address memory layout used by radix tree

adix tree will already know how many bytes to match with, and I won't need the weird sockaddr memory layout or the secret byte for the LEN macro at all. Is this reasoning correct or did I miss anything? Thanks, Matthew. ___ freebsd-net@freebsd.o

Re: bhyve with vlans - host and vm can't pass traffic

x27;t processing them for some reason. Do you have any firewalls running on either system? You might try including a -e in the tcpdump command line arguments. IIRC, that will also show you VLAN and MAC address info from the packet headers. Maybe one of the network kernel developers could

Re: bhyve with vlans - host and vm can't pass traffic

p -i tap0' in vmhost0 while the VM is trying to send packets to see if any frames are captured and, consequently, if they contain a VLAN tag at the head of the frame. -Matthew ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailm

Re: Invalid subnet masks

ype and looks tidy. Ditto. Though in the grand tradition of being given the inch and lusting after the mile, it makes me grumpy seeing the dotted-quad netmask in 'ifconfig' output, making me have to work to see if the match and back-convert to add things. 8-} -- Matthew Fuller (M

Re: Problems with DNSSEC -- answer in fragmented UDP doesn't work

.1. Using a local unbound as a forwarder should give you the ability to tweak exactly how it talks to your upstream DNSes so that the answers get through more reliably. Cheers, Matthew signature.asc Description: OpenPGP digital signature

Re: SSL certificate check error ...

Ok, I feel a little silly. These commands do not work without the CAfile specified on freebsd 8.x or 9.x either. Sorry for the noise. -Matthew On 11/10/2014 2:19 PM, Matthew Grooms wrote: All, I am seeing a problem with certificate checking on several stock FreeBSD 10.0-RELEASE-p12 hosts

SSL certificate check error ...

iate ioctl for device' fstat(3,{ mode=-rw-r--r-- ,inode=1123624,size=324,blksize=32768 }) = 0 (0x0) read(3,"#\n# nsswitch.conf(5) - name ser"...,32768) = 324 (0x144) read(3,0x801931000,32768)= 0 (0x0) This is the only copy of openssl on my system .

Re: Broken IPsec + enc +pf/ipfw

On 10/23/2014 5:56 AM, Andrey V. Elsukov wrote: On 22.10.2014 23:28, Matthew Grooms wrote: On 10/21/2014 1:39 PM, Kyle Williams wrote: On Tue Oct 21 11:35:15 2014, Matthew Grooms wrote: Hey Kyle, Thanks for lending a hand. I tested a few myself last night but had no luck. This morning I

Re: Broken IPsec + enc +pf/ipfw

On 10/21/2014 1:39 PM, Kyle Williams wrote: On Tue Oct 21 11:35:15 2014, Matthew Grooms wrote: Hey Kyle, Thanks for lending a hand. I tested a few myself last night but had no luck. This morning I received an email off list that pointed to a patch that was merged to 10 stable. It sounds

Re: Broken IPsec + enc +pf/ipfw

rt back to the list with my results. Alternately, I assume you also could upgrade to 10.1-RC2 as the MFC for this patch happened back in March. I may go this route myself and then bump up to RELEASE in a few weeks when it happens. Thanks, -Matthew ___ f

Re: Broken IPsec + enc +pf/ipfw

On 10/20/2014 3:50 PM, Andrey V. Elsukov wrote: On 21.10.2014 00:00, Matthew Grooms wrote: On 10/20/2014 2:47 PM, Andrey V. Elsukov wrote: On 20.10.2014 20:18, Matthew Grooms wrote: Lastly, I tried to locate a relevant PR but didn't find anything concrete. Is this related to the issue? A

Re: Broken IPsec + enc +pf/ipfw

On 10/20/2014 2:44 PM, Mark Felder wrote: On Mon, Oct 20, 2014, at 11:18, Matthew Grooms wrote: All, There appears to be an issue with FreeBSD 10.x when using enc device to filter inbound traffic on the receive path. After searching the mailing lists, I see two different people reporting the

Re: Broken IPsec + enc +pf/ipfw

On 10/20/2014 2:47 PM, Andrey V. Elsukov wrote: On 20.10.2014 20:18, Matthew Grooms wrote: Lastly, I tried to locate a relevant PR but didn't find anything concrete. Is this related to the issue? And if so, can it be MFCd? https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=110959 Did yo

Broken IPsec + enc +pf/ipfw

sets of firewalls that run the exact same type of configuration on 9.x that are working exactly as expected. Lastly, I tried to locate a relevant PR but didn't find anything concrete. Is this related to the issue? And if so, can it be MFCd? https://bugs.freebsd

Re: Netmap: head vs cur vs tail?

Thanks! This has tons more info. I'll have a read. --- Sent from my phone, sorry about the typos. > On 17 Oct 2014, at 18:27, Luigi Rizzo wrote: > > > >> On Fri, Oct 17, 2014 at 9:55 AM, Matthew P. Grosvenor >> wrote: >> Hi all, >> I’m t

Netmap: head vs cur vs tail?

Hi all, I’m trying to understand how to use the netmap framework, specifically how the head, tail and current “pointers” interact with each other. Looking in man NETMAP(4) (http://www.freebsd.org/cgi/man.cgi?query=netmap&sektion=4) under data structures, struct netmap_ring it says: " contai

Re: A couple of trivial BIND (dynamic update) questions

directory /ver/named/etc/namedb/dynamic and make it mode 755 but owned by the bind UID and GID (similar to the slave directory). Use that for storing the data for all your dynamic update zones. Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey signature.asc Description: OpenPGP digital signature

Re: Juniper Secure Access SSL VPN access from FreeBSD?

based client some time ago. The Shrew Soft product only supports IPsec based connectivity and is compatible with SSG/SRX systems. Hope this helps, -Matthew ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net

two freebsd 10 wlan0 oddities

leTime: 0s, RetransTimer: 0s, CurHopLimit: 64 AdvIfPrefixes: yes Next RA send: Tue Jul 15 10:52:29 2014 Last RA send: Tue Jul 8 16:00:38 2014 Thoughts? Matthew pgpQkUPjJoT0o.pgp Description: PGP signature

Re: Can you create a FreeBSD gateway, with private IPs, without NAT/divert ?

t the maximum possible number of customers. However, running your own NAT gateway between 192.168.1.2 and 10.10.10.1 shouldn't be a problem. You can NAT multiple times between where you are and the Internet usually with no worse consequence than a bit of extra latency on your traffic.

Re: how calculate the number of ip addresses in a range?

10.80.128.32/27 Broadcast: 10.80.128.63 Hosts: 10.80.128.33 - 10.80.128.62 NumHosts: 30 Supernet: 10.80.128.0/26 Subnets: 10.80.128.32/28 10.80.128.48/28 -- Matthew Fuller (MF4839) | fulle...@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~fullermd/

Re: high cpu usage on natd / dhcpd

On 01/31/13 00:45, Eggert, Lars wrote: > Hi, > >> I have a small system running FreeBSD 8.2 that does NAT using ipfw and >> natd to systems attached to two interfaces: em0 and wlan0. I have a >> dhcpd daemon issuing leases on those interfaces. The system has an em1 >> interface plugged into a

high cpu usage on natd / dhcpd

Hi I have a small system running FreeBSD 8.2 that does NAT using ipfw and natd to systems attached to two interfaces: em0 and wlan0. I have a dhcpd daemon issuing leases on those interfaces. The system has an em1 interface plugged into a cable modem where it obtains a DHCP lease from an ISP

Re: minipcie wifi card

etooth -- that only Antenna 1 is required for both wifi and bluetooth. If possible I'd prefer patches against 9.0R as the machine its going into is fairly important. Matthew ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.

minipcie wifi card

rting bluetooth, and because an AR9285 is apparently exposed over PCIe, I tend to think the card will work fine as an hostap, but just want to double check. Anyone have any insight? Matthew ___ freebsd-net@freebsd.org mailing list http://lists.freebs

Re: bce(4) with IPMI

_ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" > -- -- Matthew Franz mdfr...@gmail.com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: ipfw and ipv6: "me"

ar as I could tell as a user that's the case. (and so my firewall script is piled up with "{ me or me6 }"'s... sigh) -- Matthew Fuller (MF4839) | fulle...@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~

Re: ESP Raw Socket: Returned IP packet incorrect

I have tested the provided patch and can confirm that the IP header length for raw sockets now properly includes the length of the IP header and not just the data. Thanks & Regards, Matt On 5 August 2011 19:29, Andre Oppermann wrote: > On 11.07.2011 17:26, Matthew Cini Sarreo wrote: >

Re: ESP Raw Socket: Returned IP packet incorrect

Thanks for your reply. Where can I find documentation about this? (Or would it be possible for you to direct me at the proper sources?) Thanks & Regards Matt On 11 July 2011 18:01, Michael Tüxen wrote: > On Jul 11, 2011, at 5:26 PM, Matthew Cini Sarreo wrote: > > > Hello all

ESP Raw Socket: Returned IP packet incorrect

Hello all; I have recently encountered a problem when using raw sockets on FreeBSD 8 (8.0-RELEASE) when using ESP raw sockets. I have created a raw esp socket using: socket(AF_INET, SOCK_RAW, 50); which works fine. However, when there is a packet on the socket, recvfrom() returns a packet where t

Re: FreeBSD, IPv6 and World IPv6 Day

I found measurement results on this website: http://hide.dnsalias.net//worldipv6day.cgi Some more results: http://www.wand.net.nz/~mluckie/ipv6day/ Interesting. Did you post on the v6 lists as well? Just on ipv6-tech...@listserv.internetnz.net.nz Feel free to forward on to other lists

Re: FreeBSD, IPv6 and World IPv6 Day

> I found measurement results on this website: > http://hide.dnsalias.net//worldipv6day.cgi Some more results: http://www.wand.net.nz/~mluckie/ipv6day/ and (semi-related) a PR with a patch for PMTUD problems that was filed 15 months ago http://www.freebsd.org/cgi/query-pr.cgi?pr=145733

Bridging + VLANS

I'm drafting a plan for a N+1 redundant network and I have hit a dead end. I have two Soekris NET5501 boards that I wish to deploy FreeBSD (NanoBSD) on and I'm trying to make sure I can setup everything before I move ahead. Here's my network design: http://imageshack.us/photo/my-images/191/netwo

Re: kern/123463: [ipsec] [panic] repeatable crash related to ipsec-tools

The following reply was made to PR kern/123463; it has been noted by GNATS. From: Matthew Seaman To: bug-follo...@freebsd.org Cc: Subject: Re: kern/123463: [ipsec] [panic] repeatable crash related to ipsec-tools Date: Sat, 14 May 2011 17:34:19 +0100 This is an OpenPGP/MIME signed message

Re: IPFW and IPv6 packets with fragment header and last frag only

> Does anybody have an idea of whether the patch in kern/145733 will be > incorporated into ip_fw2.c any time soon? That PR is mine. I've emailed people off list several times (last on 25 Jan) but have not made progress. To say I'm frustrated is an understatement. ___

Re: reassembled packets and pfil

> >I think that a patch like the one you propose is very useful (for > >ipv4 as well) but it requires a sysctl or other mechanism to make > >sure that when it is enabled we don't pass fragments through the > >firewall. > > i've looked further into this and I now wonder if is a byproduct of my > u

Re: reassembled packets and pfil

inus 40 for the IPv6 header and 8 for the Fragment header), and smaller still if additional extension headers are used. A stack can send an IPv6 packet with a fragment header attached that does not have the MF bit set. I'm 90% sure that FreeBSD itself will do this when it receives

reassembled packets and pfil

particular reason why reassembled packets were not checked? If the answer is no, I'll send in a PR. I've tested the patch below. Matthew --- sys/netinet6/frag6.c.orig 2008-11-25 15:59:29.0 +1300 +++ sys/netinet6/frag6.c2010-04-13 13:21:02.0 +1200 @@ -46,6 +46,7 @

Re: FreeBSD + carp on VMWare ESX

atches/esx-carp.diff The IPv6 code path is untested. Also, the changes were placed under a sysctl conditional so the following is required in /etc/sysctl.conf to enable it at boot time ... net.inet.carp.drop_echoed=1 Thanks aga

Re: FreeBSD + carp on VMWare ESX

ted the problem in great detail and, as far as I can tell, have yet to get this working. -Matthew On Jul 19, 2009, at 5:56 PM, Andrew Snow wrote: Matthew Grooms wrote: I was having problems running carp on VMWare ESX 4 and did a little investigative work to determine the cause of the probl

FreeBSD + carp on VMWare ESX

ly need this to work in a production system. Others would likely be very happy to have this work as well, even if they have to apply a patch. Thanks in advance, -Matthew Index: ip_carp.c === RCS file: /home/ncvs/src/sys/netinet/ip_carp

Re: IPv6 Ideas

Bob Van Zant wrote: What are your problems with using radvd? I have used it quite a bit on FreeBSD (6.1) without any hassle. It's even written quite nicely in my experience so working on patches for it should be quite do-able if there are features missing. He's saying that the router announce

Re: IPv6 Ideas

Nathan Lay wrote: I started playing with IPv6 on my home network with the intent to transition over. While many things work quite well, IPv6 technology in general still seems to have some rough edges. In terms of FreeBSD support, rtadvd and rtsol do not yet support (easily? -O option in rtad

Re: FreeBSD NAT-T patch integration [CFR/CFT]

o NAT-T ( and neither has google ). He must be referring to section 3.1.2 of RFC 3948 "Transport Mode Decapsulation NAT Procedure" which describes checksum recalculation. -Matthew ___ freebsd-net@freebsd.org mailing list http://lists.freebsd

Re: FreeBSD NAT-T patch integration [CFR/CFT]

cleaner to get it from SAD than setting 500 anytime. Well, its really really supported by all the IKE daemons I have seen in the ports collection. Someone is bound to try this and then spend a lot of time scratching their head. If this situation can

Re: FreeBSD NAT-T patch integration [CFR/CFT]

ed note, I noticed the patch unconditionally uses a source port of 500 when processing outbound Draft 00/01 packets. Should this value be obtained from the SAD NAT-T mapping to support an IKE daemon bound to a non standard port? Thanks, -Matthew ___ freebsd-net@f

Help with tap device configuration oddity

tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default10.a.b.c UGS 0 5940 lnc0 10 link#7 UC 00 tap0 Can someone please explain this to me? Thanks in advance, -Matthew

Re: FreeBSD NAT-T patch integration [CFR/CFT]

h mentioning that the port has a build issues on CURRENT. This has been corrected in cvs and the 7-branch of ipsec-tools. As a quick remedy, a patch is attached that can be applied to the port work sources. -Matthew Index: src/racoon/crypto_openssl.c =

Re: FreeBSD NAT-T patch integration

happier. Applying a patch that only requires rebuilding the kernel is a lot less annoying than having to perform a full buildworld. -Matthew ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

rtadvd/rrenum.c:179

When rtadvd is compiled on 7.0, the following warning is emitted: /usr/src/usr.sbin/rtadvd/rrenum.c:179: warning: overflow in implicit constant conversion I have not determined if the code works correct or not, but I wonder if it does. the line in question is this: struct irr_raflagmask {

Re: connect(): Operation not permitted

fault now for tcp filter rules -- that was new in 7.0 reflecting the upstream changes made between the 4.0 and 4.1 releases of OpenBSD. If you want a stateless rule, append 'no state'. http://www.openbsd.org/faq/pf/filter.html#state Cheers, Matthew -- Dr Matthew J Seama

Re: Trying to find source of collisions

t can cause them? Cable troubles, NIC troubles, etc. [Un]plugging the cable can cause it. Some forms of on-wire data corruption could cause it. You've got 4 of them, over 36 million input packets. Don't worry about it. -- Matthew Fuller (MF4839) | [EMAIL PROTECTED] S

BPF JIT compiler

The existing intel BPF JIT compiler has one flaw. sys/net/bpf_filter.c initialises the A and X registers to zero when called. The just in time compiler does not. This means the JIT compiler will behave differently to the interpreter on any filter that does not set the A or X registers before

  1   2   3   4   >