Re: panic: tcp_do_segment: sent too much

gt; $1 = 1428 >> >> `sent` appears to be optimized out. As far as I know, I don't hit this one >> often, but I'm wondering if there's anything else useful I could extract >> here / if anyone has a theory about what happened. > > I also hit this. When I ssh to my dev machine ( 15.0-CURRENT ) and run the > build, it happens sometimes. It appears to be easy repeated with busy tcp > traffic. See my response to Kyle... Best regards Michael > >> >> Thanks, >> >> Kyle Evans >> > > > >

Re: panic: tcp_do_segment: sent too much

nable="YES" in /etc/rc.conf You can install tcplog_dumper by pkg intall tcplog_dumper Using these settings (mode = TCP_LOG_STATE_TAIL), keeps the trailing events of all TCP connections, but does not dump anything to disk. If the kernel panics, we can get the BBLog informatio

Re: Interaction between the re-transmit and keep-alive logic.

" in 6-7 for a very long >>> time and a packet with data will never be retransmitted. >> Can you provide a .pcap file? > > I did a new test today to have pcap files from both sides and my > explanations above are > related to this new test. > I'm attaching th

Re: Interaction between the re-transmit and keep-alive logic.

nterval. > 8. Point 6 and 7 repeat one more time before the apache bench client > gives up on this connection and declares that it's timed-out. My > understanding is that the connection can "loop" in 6-7 for a very long > time and a packet with data will never be retrans

Re: panic: tcp_do_segment: sent too much

> On 23. Oct 2024, at 09:42, Peter Holm wrote: > > On Wed, Oct 23, 2024 at 08:32:05AM +0200, Michael Tuexen wrote: >>> On 23. Oct 2024, at 07:51, Peter Holm wrote: >>> >>> + export 'tcpINCARNATIONS=16678' >>> + [ 16678 -le 0 ] >&g

Re: panic: tcp_do_segment: sent too much

roducible? I'm CC-ing Warner, since he has also reported this to me privately, but wasn't able to reproduce it. Best regards Michael > > - Peter >

Re: How does the TCP measurement period work?

> On 11. Oct 2024, at 14:55, Alan Somers wrote: > > On Fri, Oct 11, 2024 at 1:05 AM Michael Tuexen > wrote: >> >>> On 11. Oct 2024, at 01:07, Alan Somers wrote: >>> >>> Can somebody please explain to me how the TCP measurement period >

Re: How does the TCP measurement period work?

With dummynet, as soon as I return the RTT to normal, > the throughput quickly recovers, as one would expect. Which TCP stack and which CC module did you use? Which version of FreeBSD? Best regards Michael > > Grateful for any insights. > -Alan >

Re: drop synfin

sysrc is for editing rc files, and that's not what you want to do. you may manually set the MIB with sysctl net.inet.tcp.drop_synfin=1 or you can put this line in /etc/sysctl.conf net.inet.tcp.drop_synfin=1 On Sun, Aug 11, 2024 at 9:24 AM void wrote: > (originally posted to hackers@ but on sec

Re: OpenVPN suddenly working one way only

but never reach host A. > > Is it remotely possible that one of the ISPs blocks these UDP packets as part > of an automatic "DoS protection" mechanism? Or are any kind of NAT or Firewall involved which might loose state? Are you using public addresses on host A and B? Best regards

Re: removing RIP/RIPng (routed/route6d)

There is an argument to be made that all such components of the "base" system should be packages, and managed that way. That would facilitate removal or addition of things like MTAs, Route daemons for various protocols, etc. and permit them to be updated independent of the base system. Too much

Re: TCP socket handling errors

> On 3. Apr 2024, at 19:46, Sad Clouds wrote: > > On Wed, 3 Apr 2024 17:28:52 +0200 > Michael Tuexen wrote: > >>> On 3. Apr 2024, at 15:44, Sad Clouds wrote: >>> >>> I found a bug that is still open from May 2010 and describes the same &g

Re: TCP socket handling errors

last 14 years, then I guess I will > add some code to simply ignore ECONNRESET on close(2) for FreeBSD and > MacOS. This seems the be the general advice from other people who hit > this issue. I'll bring this up on the bi-weekly FreeBSD transport call. Best regards Michael >

Re: Howto: ipsec tunnel routing both IPv4 and IPv6? Possible?

Me wrote: > On 15. Jan 2024, at 16:15, Michael Grimm wrote: > > Marek Zarychta wrote: >> W dniu 15.01.2024 o 15:35, Michael Grimm pisze: > >>> route_tunnel0="fd00:a:a:a::/64 fd00:a:a:a::254" > >> Please try: >> route_tunnel0="-6 -net

Re: Howto: ipsec tunnel routing both IPv4 and IPv6? Possible?

Marek Zarychta wrote: > W dniu 15.01.2024 o 15:35, Michael Grimm pisze: >> route_tunnel0="fd00:a:a:a::/64 fd00:a:a:a::254" > Please try: > route_tunnel0="-6 -net fd00:a:a:a::/64 fd00:a:a:a::254" Bingo! That did the trick: Internet6: Destin

Re: Howto: ipsec tunnel routing both IPv4 and IPv6? Possible?

uch, any further help regarding IPv6 routing through the tunnel is very much appreciated. Regards, Michael

Howto: ipsec tunnel routing both IPv4 and IPv6? Possible?

route command: /sbin/route add -inet6 default -gateway fd00:a:a:a::254 Error: add net default: gateway fd00:a:a:a::254 fib 0: Invalid argument I am running out of ideas, and Google doesn't come up with relevant answers, at least not for me. Any help, hints, documents are highly appreciated. Thanks and regards, Michael

Re: Display of bridge member interfaces cut short - bug or intention?

On Wed, 20 Dec 2023 21:32:45 +0100 Michael Gmelin wrote: > On Wed, 20 Dec 2023 18:04:36 +0100 > "Patrick M. Hausen" wrote: > > > Hi all, > > > > as some probably know we provide web hosting services and we use > > jails for that. > > >

Re: Display of bridge member interfaces cut short - bug or intention?

https://reviews.freebsd.org/D43135 As far as I can tell the issue is cosmetic (unless, of course, you have automation based on libifconfig or the output of the ifconfig command). Best Michael -- Michael Gmelin

Re: -current dropping ssh connections

> On 21. Jun 2023, at 20:03, bob prohaska wrote: > > On Wed, Jun 21, 2023 at 10:45:25AM -0700, Mark Millard wrote: >>> On Jun 21, 2023, at 10:24, bob prohaska wrote: >>> >>> I've got a Pi4 running -current that seems to selectively drop ssh >>> connections. >> >> Only when the ssh has tex

Re: BPF to filter/mod ARP

~ % sudo ipfw show >> 00111 0 0 divert 1234 ip from any to any layer2 mac-type 0x0806 >> 65535 10048 1000948 allow ip from any to any >> So this time, rule 111 is not hit. I also ran > > Nice work, to me I would classify this behavior as some form of bug, >

Re: BPF to filter/mod ARP

if ((fd = socket(PF_DIVERT, SOCK_RAW, 0)) < 0) { perror("socket()"); } bzero(&addr, sizeof(addr)); addr.sin_family = AF_INET; addr.sin_len = sizeof(struct sockaddr_in); addr.sin_addr.s_addr = INADDR_ANY; addr.s

Re: BPF to filter/mod ARP

so that the filters at ether_demux > get turned on. > > So perhaps use a divert rule and send them to a socket where > a program can mangle them, and then return them to ipfw > and hopefully the kernel does what you want after that... I thought that you receive/send an IP packet on

Re: BPF to filter/mod ARP

llow you to do this kind of testing? > > Unfortunately not - I don't want to forge another packet, I want to make sure > only the specific one is being sent, with the standard GARP retransmissions > and so on. Can't you test what you want to test by generating all the required packets from scapy? ARP is a pretty simple protocol... Best regards Michael > > Richard >

Re: BPF to filter/mod ARP

gt; fields in gracious arps sent out by an interface, after a new IP is assigned > or changed. Wouldn't scapy allow you to do this kind of testing? Best regards Michael > > I believe BPF can effectively filter on arbitrary bit patterns and modify > packets on the fly. > > Ho

Re: sshd doesn't disconnect for 30+ minutes after the TCP connection is closed ungracefully

> On 1. Mar 2023, at 11:35, Yuri wrote: > > Windows system connects to FreeBSD through ssh and then this connection dies > because of WiFi or VPN issues. > > FreeBSD still has the sshd process alive for this connection for 30+ minutes. > > TCP keepalive is enabled on the FreeBSD host: > >

Re: Too aggressive TCP ACKs

> On 21. Oct 2022, at 17:00, Zhenlei Huang wrote: > > >> On Oct 21, 2022, at 10:34 PM, Michael Tuexen >> wrote: >> >>> On 21. Oct 2022, at 16:19, Zhenlei Huang wrote: >>> >>> Hi, >>> >>> While I was repeating &g

Re: Too aggressive TCP ACKs

7;ve tested with different bitrates, from 10m to 300m, all behave the same. > Tested with baremetal FreeBSD 13.1 Box as B (with intel em driver), the > bitrates is 1g, also behaves the same. > > Also tried different FreeBSD versions, 11.4, 12.3, stable/13 and current/14 > all > behave the same. > > > My question is, is that the expected behavior of current default TCP stack? That is what I would expect. TCP (on FreeBSD) is acking every other packet. This is also what is specified. MacOS, at least newer versions, send less ACKs. Best regards Michael > > > > Best regards, > Zhenlei >

FWSync driver about IPFW synchronization

driver. There is a help, how it can be install and patch OS code base to have connection between them http://www.elwix.org/site/documentation/fwsync-document/ Best Regards Michael Pounov fwsync-1_2.tar.gz Description: Binary data

Re: How to apply brute force rate limitings with rdr and pass rules under FreeBSD 13?

r pass in quick flags S/SA keep state (max-src-conn 100, \ max-src-conn-rate 15/5, overload flush global) \ tagged pass_rate_limit Using the "pass quick" rule early in your pf.conf will make sure it is applied instead of other matching rules. Cheers Michael -- Michael Gmelin

Re: Tunnel interfaces and vnet boundary crossing

lps you at all, but what I’ve done in the past is create a tunnel interface on the jailhost and add a devfs rule to allow access to it from within the vnet jail. I then run OpenVPN within that jail (so OpenVPN and tunnel interface are in the same jail). It’s super stable, only issue is that you need to be careful when to release/destroy the interface on jail restart, otherwise it will become unavailable on the jailhost and in a (new) jail. Best Michael

Re: what to check? no IPV6 pings between nodes on the same switch

On Mon, 15 Aug 2022 11:11:41 + Benoit Chesneau wrote: > Setting the IPv4 makes it works indeed! How did you find it? I will > open a ticket about it. Gut feeling :) Question: Does setting ifconfig_ql0="up" help as well, or do you really have to assign an IP addres

Re: what to check? no IPV6 pings between nodes on the same switch

t; > What does happen when the promiscuous mode is enabled? I'm not sure > to understand what is the issue :/ > Does giving the interface also an IPv4 address make a difference, e.g. ifconfig_ql0="inet 10.0.0.1/24"? Best Michael -- Michael Gmelin

Re: LibAlias in FreeBSD

at 04:18:54PM +0300, Michael Pounov wrote: Hello Charles Mott I wrote this mail about my work with IPFW firewall. I am started my work over IPFW Sync driver and protocol similar like in PF firewall. My primery goal is to do sync on NAT states in firewall router cluster. About it, I need to know when N

LibAlias in FreeBSD

Alias DB will call that callback for notification. When my driver get info it will be send over network to other hosts. They must just update their Alias DBs. What are you thinking about such approach, change and hook of the existing code? -- Michael Pounov ELWIX - Embedded LightWeight unIX -

Re: Enabling EXTRA_TCP_STACKS on stable/13

ss this at the next transport conference call. Are you interested to join (scheduled for May 5th, 15:00 UTC)? Best regards Michael > > --Gordon

Re: cannot resolve host in VNET jail with RSS enabled

most recent epair patch). It only happens on an RSS-enabled kernel with if hw.ncpu>1. I wrote a script to reproduce the issue (warning: it messes with networking and overwrites /etc/pf.conf): https://people.freebsd.org/~grembo/epair_hang_ping.sh Best Michael -- Michael Gmelin

Re: cannot resolve host in VNET jail with RSS enabled

On Sun, 10 Apr 2022 21:12:56 +0800 moremo...@outlook.com wrote: > I have tried `ping -4 google.com`， it's failed too. > > On 2022/4/10 下午8:24, Michael Gmelin wrote: > > > > > > > On 10. Apr 2022, at 07:27, k simon wrote: > > > > > > 

Re: cannot resolve host in VNET jail with RSS enabled

> On 10. Apr 2022, at 07:27, k simon wrote: > > Hi, > After kp@'s recently epair patch, I tried enable options RSS with Vnet jail, > then found in these jail, 'ping 8.8.8.8' works as normal, and 'drill > google.com' works ok. But 'ping google.com' nor other command fails resolving > the h

Re: epair and vnet jail loose connection.

On Thu, 17 Mar 2022 13:37:28 +0100 Johan Hendriks wrote: > On 16/03/2022 11:36, Michael Gmelin wrote: > > > > On Wed, 16 Mar 2022 11:10:30 +0100 > > Santiago Martinez wrote: > > > >> Guys, do you want me to run a pre/post patch perf test? > >

Re: epair and vnet jail loose connection.

for offering your help. Kristof already did some tests and reported that results look ok[0], but more testing is always welcome (RSS and non-RSS). Best Michael [0]https://reviews.freebsd.org/D34569#783301 -- Michael Gmelin

Re: epair and vnet jail loose connection.

On Tue, 15 Mar 2022 10:30:41 -0600 Kristof Provost wrote: > On 14 Mar 2022, at 18:02, Michael Gmelin wrote: > > On Mon, 14 Mar 2022 09:09:49 -0600 > > Kristof Provost wrote: > > > >> On 14 Mar 2022, at 7:44, Michael Gmelin wrote: > >>> On Sun,

Re: epair and vnet jail loose connection.

On Tue, 15 Mar 2022 01:02:30 +0100 Michael Gmelin wrote: > snip . > Hi Kristof, > > This sounds plausible. I spent a few hours getting familiar with the > epair code and came up with a patch that seems to fix the issue at > hand (both with and without RSS). I

Re: epair and vnet jail loose connection.

On Mon, 14 Mar 2022 09:09:49 -0600 Kristof Provost wrote: > On 14 Mar 2022, at 7:44, Michael Gmelin wrote: > > On Sun, 13 Mar 2022 17:53:44 + > > "Bjoern A. Zeeb" wrote: > > > >> On 13 Mar 2022, at 17:45, Michael Gmelin wrote: > >>

Re: epair and vnet jail loose connection.

> On 13. Mar 2022, at 18:16, Bjoern A. Zeeb > wrote: > > On 13 Mar 2022, at 16:33, Michael Gmelin wrote: >> It's important to point out that this only happens with kern.ncpu>1. >> With kern.ncpu==1 nothing gets stuck. >> >> This perfectly fit

Re: epair and vnet jail loose connection.

On Sun, 13 Mar 2022 14:32:50 +0100 Johan Hendriks wrote: > On 13/03/2022 14:06, Patrick M. Hausen wrote: > > Hi all, > > > > i was a bit puzzled by Michael using bhyve trying to reproduce. > > Up until now I thought bhyve uses tap and not epair? > > > >

Re: epair and vnet jail loose connection.

> On 13. Mar 2022, at 14:07, Patrick M. Hausen wrote: > > Hi all, > > i was a bit puzzled by Michael using bhyve trying to reproduce. > Up until now I thought bhyve uses tap and not epair? > In my setup, FreeBSD 14 runs on a bhyve vm, hosting the jails, which

Re: epair and vnet jail loose connection.

> On 13. Mar 2022, at 11:27, Johan Hendriks wrote: >  > > > Op zo 13 mrt. 2022 01:17 schreef Michael Gmelin : >> I also gave it another go (this time with multiple CPUs assigned to the vm), >> still works just fine - so I think we would need more details about the

Re: epair and vnet jail loose connection.

- Block custom ip's and logs > block quick proto { tcp, udp } from to $ext_if > > # Jail poorten > pass in quick on { $ext_if } proto tcp from any to 10.233.185.22 port { smtp > 80 443 993 995 1956 } keep state > pass in quick on { $ext_if } proto tcp from any to 10.233.1

Re: epair and vnet jail loose connection.

rage/jails/${name}"; > host.hostname = "${name}.${domain}"; > > > web01 { > $ip = 18; > } I changed web01 to be the same setup as haproxy (that is, a full jail based in /storage/jails/${name}), as I didn't really know how it worked in your setup. > > haproxy { > $ip = 20; > mount.fstab = ""; > path = "/storage/jails/${name}"; > } Best Michael -- Michael Gmelin

Re: IPv6: How does one have the system use a prefix gotten from rtsol with a static host part?

On Fri, Mar 11, 2022 at 4:45 PM Larry Rosenman wrote: > Greetings, > I'm moving my colo to a new provider, and was wondering what the > /etc/rc.conf looks like for > getting a prefix-delegation via my FireWall, and then using a static > host part on the interface? > > I.E., im a purely stati

Re: epair and vnet jail loose connection.

> On 12. Mar 2022, at 01:21, Kristof Provost wrote: > > On 11 Mar 2022, at 17:44, Johan Hendriks wrote: >>> On 09/03/2022 20:55, Johan Hendriks wrote: >>> The problem: >>> I have a FreeBSD 14 machine and a FreeBSD 13-stable machine, both running >>> the same jails just to test the workings.

Re: Some strangeness with CARP

> On 13. Feb 2022, at 11:45, Andrea Venturoli wrote: > >  >> On 2/12/22 13:38, Michael Gmelin wrote: >> Maybe the switch or something it’s connected to uses vrrp? > > The switch has no options about VRRP, AFAICT (unless it can be called by a > different nam

rtadvctl unable to connect to different control socket of radvd

rtadvd Br -- Michael Pounov ELWIX.ORG CloudSigma AG diff --git a/usr.sbin/rtadvctl/rtadvctl.c b/usr.sbin/rtadvctl/rtadvctl.c index 8bbd7afb6dd..f191b25c174 100644 --- a/usr.sbin/rtadvctl/rtadvctl.c +++ b/usr.sbin/rtadvctl/rtadvctl.c @@ -35,6 +35,7 @@ #include #include #include +#include

Broadcom bnxt driver issue with promisc mode

ested patch on them. Patch is make on FreeBSD 14.0-CURRENT #3 main-n244973-c02a28754bc-dirty: Tue Nov 2 20:53:08 EET 2021 If you are thinking it is ok. You can feel free to merge it to FreeBSD existing driver. P.S. I found other small issues, but they are not show stoppers now for us. Br Mi

Re: cleaning up INET: deprecating network class A/B/C

t aware of anything that uses the mask on a loopback interface; > are you? There is no network route installed when the loopback address > is set. I think it's similar for point-to-point interfaces, where only > the host route for the destination is added. > I’ve got a use case that depends on being able to set and read the netmask on loopback interfaces consistently to allow orchestration and nomad fingerprinters to pick it up. But that’s really only about those operations. Best Michael

Re: IPSEC problems with pf

On Fri, Sep 24, 2021 at 4:04 PM Peter Jeremy wrote: > > IPSEC doesn't work through NAT > Did NAT-T stop working?

Re: TCP connection ignore RST

> On 7. Sep 2021, at 11:47, Rozhuk Ivan wrote: > > On Tue, 7 Sep 2021 10:47:01 +0200 > Michael Tuexen wrote: > >>>>> I have strange case: FreeBSD 12.2 ignore TCP RST from windows host >>>>> and continue retransmitting packets. sockstat show that s

Re: TCP connection ignore RST

> On 7. Sep 2021, at 04:10, Rozhuk Ivan wrote: > > On Sat, 4 Sep 2021 13:19:52 +0200 > Michael Tuexen wrote: > >>> On 4. Sep 2021, at 01:37, Rozhuk Ivan wrote: >>> >>> Hi! >>> >>> >>> I have strange case: FreeBSD 12.2 ign

Re: TCP connection ignore RST

as how to fix it? Where is the trace taken? On the Windows side or on the FreeBSD side or somewhere else? Could you provide the .pcap file? Best regards Michael > > > System build from: > commit 8c01699f9194cfa3805ac734ae912529a10c063a > CommitDate: Wed Jan 20 14:40:13 2021 +0100 &g

Re: page fault while in kernel mode - after upgrade from 12.2 to 13.0

On 06.05.2021 18:02, Mark Johnston wrote: On Thu, May 06, 2021 at 06:00:05PM +0200, Michael Schmiedgen wrote: BTW, we got 2 other systems, also with userland NAT but different workload. After an uncertain amount of time, mostly weeks, the natd starts to spin 100% CPU on these systems. Quick

Re: page fault while in kernel mode - after upgrade from 12.2 to 13.0

On 05.05.2021 20:38, Mark Johnston wrote: On Wed, May 05, 2021 at 06:35:32PM +0200, Michael Schmiedgen wrote: On 04.05.2021 21:02, Mark Johnston wrote: This looks like fairly random kernel memory corruption. Are you able to build an INVARIANTS kernel and test that? Assuming you're using

Re: page fault while in kernel mode - after upgrade from 12.2 to 13.0

On 05.05.2021 18:35, Michael Schmiedgen wrote: On 04.05.2021 21:02, Mark Johnston wrote: This looks like fairly random kernel memory corruption.  Are you able to build an INVARIANTS kernel and test that?  Assuming you're using 13.0, you'd grab the 13.0 sources, add "options IN

Re: page fault while in kernel mode - after upgrade from 12.2 to 13.0

On 04.05.2021 21:02, Mark Johnston wrote: This looks like fairly random kernel memory corruption. Are you able to build an INVARIANTS kernel and test that? Assuming you're using 13.0, you'd grab the 13.0 sources, add "options INVARIANT_SUPPORT" and "options INVARIANTS" to the GENERIC kernel con

Re: page fault while in kernel mode - after upgrade from 12.2 to 13.0

On 04.05.2021 21:02, Mark Johnston wrote: On Tue, May 04, 2021 at 08:38:39PM +0200, Michael Schmiedgen wrote: Hi Mark, sorry for the delay, I only can test after work. I triggered another 2 panics, this time with a different result (see below). Can I provide some more information? This

Re: page fault while in kernel mode - after upgrade from 12.2 to 13.0

Hi Mark, sorry for the delay, I only can test after work. I triggered another 2 panics, this time with a different result (see below). Can I provide some more information? Thank you! Michael --- #1 Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 01 fault virtual

page fault while in kernel mode - after upgrade from 12.2 to 13.0

. I got some log messages suggesting raising somaxconn, so I did kern.ipc.somaxconn=4096 in sysctl.conf Below some debug information, please let me know if I should provide further information. Should I open a bug or something? Thank you very much! Michael Fatal trap 12: page fault while

Re: jail - vnet bug - ping: UDP connect: No route to host

On Mon, 12 Apr 2021 19:57:40 +0200 Michael Gmelin wrote: > On Mon, 12 Apr 2021 17:45:36 +0300 > Özkan KIRIK wrote: > > > root@f13:~ # jls -s -j client > > devfs_ruleset=0 enforce_statfs=2 host=new ip4=inherit ip6=inherit > > jid=2 name=client osreldate=1300

Re: jail - vnet bug - ping: UDP connect: No route to host

low.unprivileged_proc_debug children.max=0 > host.domainname="" host.hostid=0 host.hostname="" > host.hostuuid=---- I can reproduce the issue now, I'll try to dig deeper into it. -m > > On Mon, Apr 12, 2021 at 3:39 PM Michael Gm

Re: jail - vnet bug - ping: UDP connect: No route to host

sendto(4,"l\0\0\0\0\0\0\0\0\0\0!\0\0\0\0\0"...,52,0,NULL,0) = 52 > (0x34) select(5,{ 4 },0x0,0x0,0x0) = 1 (0x1) > recvfrom(4,"l\0\0\0\0\0\0\0\0\0\0\M-K\0\0\0"...,19,0,NULL,0x0) = 19 > (0x13) select(5,{ 4 },0x0,0x0,0x0) = 1 (0x1) > recvfrom(4,"\^E\a\0\M^]\

Re: jail - vnet bug - ping: UDP connect: No route to host

caused by the gethostbyaddr call in 3. and is not directly IPv6 related - if I compare the code used by ping.c and ping6.c (including capsicum support) with what 3. does, we might have a bigger problem here. Best, Michael > ___ > freebsd-net@free

Re: How to support QUIC with ipfw

eries for DNS, and NTP ignores commands from strangers. On Sun, Apr 11, 2021 at 2:32 PM Matt Joras wrote: > Hi Michael, > > On Sun, Apr 11, 2021 at 2:27 PM Michael Sierchio > wrote: > > > > On Sun, Apr 11, 2021 at 2:20 PM Matt Joras wrote: > > > > > Hi

Re: How to support QUIC with ipfw

On Sun, Apr 11, 2021 at 2:20 PM Matt Joras wrote: > Hi Michael, > > On Sun, Apr 11, 2021, 1:25 PM Michael Sierchio wrote: > >> Hi, all. I noticed my firewall was dropping what seemed to be unsolicited >> UDP connections from Google and Facebook, but this turned out to

How to support QUIC with ipfw

Hi, all. I noticed my firewall was dropping what seemed to be unsolicited UDP connections from Google and Facebook, but this turned out to be QUIC traffic. The traffic can be initiated by the browser (or other supporting software) or the server. The problem is that dynamic rules generally don't c

Re: TCP Connection hang - MSS again

ight, the router is going to return an > icmp message, and if configured to do so frag the packets and > forward them on, no retransmission would occur as the DF flag > is not normally set unless explicitly requested. 1. Isn't a router either fragmenting a packet and forwarding the fragm

Re: TCP Connection hang - MSS again

ht, the router is going to return an > icmp message, and if configured to do so frag the packets and > forward them on, no retransmission would occur as the DF flag > is not normally set unless explicitly requested. 1. Isn't a router either fragmenting a packet and forwarding the f

Re: Severe IPv6 TCP transfer issues on 13.0-RC1 and RC2

a real issue? I can provide any requested details. Thanks! I was able to reproduce the issue locally. A fix is under review: https://reviews.freebsd.org/D29331 Best regards Michael > > > ___ > freebsd-net@freebsd.org mailing list > http

Re: NFS Mount Hangs

erver received the FIN from the client and acked it. The server is waiting for a close call to happen. So the question is: Is the server also closing the connection? Best regards Michael > This will last for ~2 min or so, but is asynchronous. However, the same > 4-tuple can not be reused duri

Re: accept_rtadv

eed at least one _ipv6. > ifconfig_bge0_ipv6="inet6 xxx" Putting "up" in there is just fine. > ifconfig_bge0_aliases="inet6 yyy" I usually do something like this (as I like to rename interface based on their a

Re: accept_rtadv

On Sat, 27 Feb 2021 21:45:16 + "Bjoern A. Zeeb" wrote: > On 27 Feb 2021, at 20:34, Doug Hardie wrote: > > >  > >> On Feb 27, 2021, at 11:06, Michael Gmelin wrote: > >>  > >> > >> > >>> On 27. Feb 2021, at 19:

Re: accept_rtadv

> On 27. Feb 2021, at 19:21, Doug Hardie wrote: > >  >>> On 27 February 2021, at 04:37, Michael Gmelin wrote: >>> >>> >>> >>>> On 27. Feb 2021, at 08:21, Doug Hardie wrote: >>> >>> From the Handbook: >>&g

Re: accept_rtadv

This is a bug, but I > don't kn > ow if it's in the code or the handbook. > I just tried here on 12.2-p4 with em0 and it worked as expected. I do have ipv4 configured on that interface too though. Do you have anything else in your rc.conf (especially any other ifconfig lines

Re: panic: sackhint bytes rtx >= 0

> On 25. Feb 2021, at 19:08, Andriy Gapon wrote: > > On 24/02/2021 00:40, Scheffenegger, Richard wrote: >> Hi Andriy, >> >> I guess I am currently the person who has the most recent knowledge about >> that >> part of the base stack… >> >> Do you happen to have more (preceding) information ab

Re: IPv6 Fragmentation

> On 20. Feb 2021, at 05:32, Doug Hardie wrote: > >> On 19 February 2021, at 01:48, Michael Tuexen >> wrote: >> >>> On 19. Feb 2021, at 03:29, Doug Hardie wrote: >>> >>> I don't know if this is a feature or a bug. On FreeBSD 9, the fo

Re: IPv6 Fragmentation

1 ms 5008 bytes from fe80::2e09:4dff:fe00:c00%re0, icmp_seq=5 hlim=255 time=0.372 ms ^C --- fe80::2e09:4dff:fe00:c00%re0 ping6 statistics --- 6 packets transmitted, 6 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.354/0.401/0.446/0.031 ms Best regards Michael > > It h

Re: CARP interface

liases="${ifconfig_vlan100_aliases} inet vhid 108 advskew 30 pass 100.115.0.65/32" I know the FreeBSD handbook tells you the carp IP is /32 but pfsense and OPNsense always refers to using the same netmask as the main interface. Maybe this will do the trick? Best, Michael

Re: ipfw stateful rules and quick port re-use

Check the values of these sysctl MIBS net.inet.ip.fw.dyn_keep_states net.inet.ip.fw.dyn_keepalive net.inet.ip.fw.dyn_short_lifetime net.inet.ip.fw.dyn_udp_lifetime net.inet.ip.fw.dyn_rst_lifetime net.inet.ip.fw.dyn_fin_lifetime net.inet.ip.fw.dyn_syn_lifetime net.inet.ip.fw.dyn_ack_lifetime

Re: FreeBSD does not reply to IPv6 Neighbor Solicitations

On Sun, Jan 3, 2021 at 6:35 PM Victor Sudakov wrote: > > Why could it be that a FreeBSD 12.2 host does not reply to ICMPv6 > > Neighbor Solicitations from the router? > > Any ideas please? > > Are you permitting the required udp and icmp? These could be tighter, but

[SOLVED] 12.2-STABLE: Commit 367740 breaks IMAP/SMTP server authentication

ge to understand it. Anyway, I just wanted to let you know. Regards, Michael > On 22. Nov 2020, at 14:37, Michael Grimm wrote: > > Hi, > > I am running 12.2-STABLE and VNET jails, one of which host a recent Dovecot > IMAP and a recent postfix SMTP server. Authentication is forced

Re: 12.2-STABLE: Commit 367740 breaks IMAP/SMTP server authentication

Hi - Michael Grimm wrote: > Well, now I am able to omit this commit, but I would love to know what is > going on, and why this commit may break 'authentication/certificate > exchange/what so ever' of IMAP and SMTP/submission clients running in a VNET > jail ... It just

Re: 12.2-STABLE: Commit 367740 breaks IMAP/SMTP server authentication

Ronald Klop wrote: > On Sun, 22 Nov 2020 14:37:33 +0100, Michael Grimm wrote: >> P.S. How may I update a local svn copy and simultaneously omit commit 367740 >> from being applied, or how may I revert commit 367740, only? > > > From the top of my head you can do somet

12.2-STABLE: Commit 367740 breaks IMAP/SMTP server authentication

macOS 10.14.6 computer. Thanks in advance and with kind regards, Michael P.S. How may I update a local svn copy and simultaneously omit commit 367740 from being applied, or how may I revert commit 367740, only? ___ freebsd-net@freebsd.org mailing l

Re: Determining cause of transfer limit

Sorry for the top post. Have you tried device polling? From /usr/src/sys/amd64/conf/NOTES: # # NETWORKING OPTIONS # # DEVICE_POLLING adds support for mixed interrupt-polling handling # of network device drivers, which has si

Re: Bridge woes

> On 28. Oct 2020, at 18:10, D'Arcy Cain wrote: > > On 10/28/20 10:27 AM, Michael Gmelin wrote: >> Can you (afford to) reboot the machine reliably? If so, schedule a reboot >> using "shutdown -r +10" and then bring down the the interface to see if it &

Re: Bridge woes

> On 28. Oct 2020, at 12:32, D'Arcy Cain wrote: > > On 10/27/20 2:58 PM, Michael Gmelin wrote: > > I hope you don't mind but I reverted this conversation back to the list in > case it gives someone else any ideas. > >> Hi, >> I tried to reproduce

Re: How to connect to a Wifi AP w/o much information from its provider

page, which should allow your son to enter the credentials (pretty much like you would do on hotel wifi). Cheers, Michael [0]https://en.wikipedia.org/wiki/Captive_portal -- Michael Gmelin ___ freebsd-net@freebsd.org mailing list https://lists.fre

Re: IP reassembly

out of order, last fragment comes first. I would expect it to work without any assumptions on the sequence of arrival of the fragments. Best regards Michael > > In fact, I see this results in broken reassembly. > ___ > freebsd-net@freebsd.org m

Re: CARP over VLAN over LAGG

> On 8. Sep 2020, at 15:23, Julien Cigar wrote: > > On Tue, Sep 01, 2020 at 10:13:23AM +0200, Julien Cigar wrote: >>> On Mon, Aug 31, 2020 at 01:55:52PM +0200, Michael Gmelin wrote: >>> >>> >>>> On 31. Aug 2020, at 10:37, Julien Cigar wrote

Re: Address Differences between UDP and SCTP

> On 8. Sep 2020, at 02:18, Doug Hardie wrote: > > >> On 7 September 2020, at 13:57, Michael Tuexen >> wrote: >> >> For UDP and TCP you always get IPv6 addresses on AF_INET6 sockets. If you >> are actually using IPv4, IPv4-mapped IPv6 addresses are

Re: Address Differences between UDP and SCTP

> On 8. Sep 2020, at 01:41, Doug Hardie wrote: > >> On 7 September 2020, at 13:57, Michael Tuexen >> wrote: >> >>> On 7. Sep 2020, at 22:48, Doug Hardie wrote: >>> >>> I was quite surprised to discover that the sockaddr structure returned f

  1   2   3   4   5   6   7   8   >