epair(4) + bridge(4) + pf(4) nat strangeness

Hi, I'm seeing something strange on my home router that I can't really explain so any suggestions are welcome. The machine is an Alix APU running FreeBSD mars.home.lan 10.3-STABLE FreeBSD 10.3-STABLE #7: Wed May 18 19:03:58 UTC 2016 r...@mars.home.lan:/usr/obj/usr/src/sys/MARS amd64 It is c

Re: Dummynet AQM version 0.2.1

Hi Rasool, Is the patch supposed to work if DUMMYNET is compiled in the kernel? I've applied it and rebuilt my kernel by I still see only FIFO, PRIQ, QFQ, RR and WF2Q+ in dmesg. Regards, --Nikolay On Tue, May 17, 2016 at 6:27 AM, Rasool Al-Saadi wrote: > Dear All, > > I would like to announce t

Re: Working divert socket example prog?

Hi, Have you looked at the natd(8) source code? --Nikolay On Thu, Apr 28, 2016 at 7:21 AM, lpa lpa wrote: > Do anyone have a working example code of a divert loop program? > > I tried building this one[1] but it seems to be for FreeBSD 5 and won't > build on latest system. I want to make simpl

Re: ng_netgraph and BGP

On Wed, Apr 1, 2015 at 12:50 PM, William Waites wrote: > I run a small network composed of even smaller networks each > encapsulated in an autonomous system. I'd like to do traffic > accounting using netflow aggregated by ASN. My border routers run > FreeBSD and BIRD. > > Right now, and this is m

Re: dhclient + dhclient-script + "routers" DHCP option+ FIB?

On Mon, Feb 2, 2015 at 2:23 PM, Lev Serebryakov wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 02.02.2015 14:09, Julian Elischer wrote: > > > Is it possible to add routes, passed from DHCP server, not to > > default FIB but to FIB specified in /etc/dhclient.conf? > >> I don't b

Re: setfib and RSTs

On Tue, Dec 30, 2014 at 12:51 AM, Bjoern A. Zeeb < bzeeb-li...@lists.zabbadoz.net> wrote: > > > On 29 Dec 2014, at 21:03 , Nikolay Denev wrote: > > > > No, no PR yet, but I will file one. I wanted to collect some more data > > first. > > > > So,

Re: setfib and RSTs

> > On 29 December 2014 at 05:11, Nikolay Denev wrote: > > On Mon, Dec 29, 2014 at 8:08 AM, Julian Elischer > wrote: > > > >> On 12/26/14 10:41 PM, Nikolay Denev wrote: > >> > >>> Hi, > >>> > >>> I have a process (bittorrent

Re: setfib and RSTs

On Mon, Dec 29, 2014 at 8:08 AM, Julian Elischer wrote: > On 12/26/14 10:41 PM, Nikolay Denev wrote: > >> Hi, >> >> I have a process (bittorrent client) running in a non-default fib and >> using >> a VPN for default gateway: >> >> from /etc/rc

setfib and RSTs

Hi, I have a process (bittorrent client) running in a non-default fib and using a VPN for default gateway: from /etc/rc.local : /usr/sbin/setfib 1 route add $vpn_provider 10.0.0.1 /usr/sbin/setfib 1 /usr/local/sbin/openvpn --config /usr/local/etc/openvpn/provider.ovpn /usr/sbin/setfi

Re: Enabling VIMAGE by default for FreeBSD 11?

On Mon, Nov 10, 2014 at 2:33 AM, Craig Rodrigues wrote: > On Sun, Oct 12, 2014 at 6:07 PM, Bjoern A. Zeeb < > bzeeb-li...@lists.zabbadoz.net> wrote: > >> >> >> > Can you provide a pointer to your Perforce branch? >> >> //depot/user/bz/vimage/src/... >> >> > Hi, > > Since I am more familiar with gi

Re: How do I balance bandwidth over several virtual NICs?

On Mon, Sep 22, 2014 at 5:12 PM, Elof Ofel wrote: > I have a single NIC, mon0, that constantly receive 800 Mbps of mirrored > traffic. > I want to split these 800 Mbps into smaller chunks and feed them to a couple > of virtual interfaces. > Each virtual interface can then have instance of 'snort

Re: Set arbitrary protocol for route?

On Sat, Aug 23, 2014 at 8:49 AM, Adrian Chadd wrote: > Ok, so how does the whole protocol thing implement priority? > > > -a Ah, sorry, reading again I don't think it does that. For some reason I was under the impression it does. So, it looks like it's just a 8 bit tag applied to each route, not

Re: Set arbitrary protocol for route?

On Sat, Aug 23, 2014 at 3:20 AM, Adrian Chadd wrote: > On 22 August 2014 15:39, Josh Moore wrote: >> I am trying to add a local route with an arbitrary protocol number. This is >> done with iproute2 in Linux by: >> >> ip route add to local $ip/32 dev eth0 proto $num >> >> How can I do this in F

Re: Sending data via MAC address

On Mon, Aug 18, 2014 at 8:05 PM, Ryan Stone wrote: > On Mon, Aug 18, 2014 at 8:58 AM, Piotr Kubaj wrote: >> Hi. Please see >> http://forums.freebsd.org/viewtopic.php?f=15&t=45303#p264204 and >> http://forums.freebsd.org/viewtopic.php?f=15&t=45303#p264249 . >> I know I can use web interface or ssh

Re: A new way to test systems in multiple machine scenarios...

On Tue, Jul 8, 2014 at 9:56 AM, Garrett Cooper wrote: > On Jul 6, 2014, at 9:06 PM, Craig Rodrigues wrote: > >> On Sat, Jul 5, 2014 at 8:04 PM, George Neville-Neil >> wrote: >> >>> Hi, >>> >>> I've coded up a system to allow you to control multiple other systems for >>> use in testing. >>> >>> h

Re: Deleting IPv4 iface-routes from extra FIBs

On Tue, Apr 22, 2014 at 5:37 PM, Harald Schmalzbauer wrote: > Hello, > > here, http://svnweb.freebsd.org/base?view=revision&revision=248895 > interface route protection was added (so the following problem arose > with 9.2). > > Unfortunately, in my case, I must be able to delete these routes; not

Re: Corrupted octets seen by tcpdump

On 10.04.2013, at 15:32, Michal Dubiel wrote: > Hi, > > I would like to ask you for some hints about where to look next and how could > I debug the following issue: > > I have a FreeBSD host with two Ethernet interfaces and a Linux host with one > interface, which connected each other as in the

Re: 2 vlans - setfib - kernel: arpresolve: can't allocate llinfo for x.x.x.x

Hi, You can try the patch form this PR : http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/167947 Looks like exactly the same issue. Regards, Nikolay On Thu, Mar 28, 2013 at 7:44 PM, Eduardo wrote: > Hi Folks, > > I have a server with a 10G intel card, X520-DA2, and it is working > fine, inte

Re: [patch] interface routes

On Mar 7, 2013, at 9:42 PM, John-Mark Gurney wrote: > Andre Oppermann wrote this message on Thu, Mar 07, 2013 at 08:39 +0100: >>> Adding interface address is handled via atomically deleting old prefix and >>> adding interface one. >> >> This brings up a long standing sore point of our routing c

Re: kern/167947: [setfib] [patch] arpresolve checks only the default FIB for the interface route

On Jun 12, 2012, at 11:00 AM, Rudolf Polzer wrote: > The following reply was made to PR kern/167947; it has been noted by GNATS. > > From: Rudolf Polzer > To: "bug-follo...@freebsd.org" , "nde...@gmail.com" > > Cc: "christoph.weber-f...@vodafone.com" > Subject: Re: kern/167947: [setfib

Re: ng_ether naming

On Dec 14, 2012, at 7:02 PM, Andriy Gapon wrote: > on 13/12/2012 20:57 Ermal Luçi said the following: >> >> >> >> On Thu, Dec 13, 2012 at 5:25 PM, Andriy Gapon > > wrote: >> >>on 13/12/2012 14:08 Alexander V. Chernikov said the following: >>> On 13.12.2012 15:46,

Re: NG nodes on cisco-style vlan interfaces

On Nov 6, 2012, at 12:48 PM, Nikolay Nevzorov wrote: > Create vlan interface in cisco-style, eg vlan 3 on fxp0 is fxp0.3, but in > ngctl list i can't find node named fxp0.3. But i can see new > ethernet node > What cause this problem? Dot in the name of interface? How can i rename > unnamed nod

Re: Multiroute question

nfigured with the "reply-to" keyword for this to work. Something like : pass in on $CARD_B reply-to ($CARD_B, $CARD_B_GW) from any to any Regards, Nikolay Denev ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: Problem with link aggregation + sshd

On Aug 29, 2012, at 1:18 PM, Harald Schmalzbauer wrote: > schrieb Pete French am 29.08.2012 11:38 (localtime): >>> Link aggregation can never work with two separate switches! LACP and >>> static trunking require both sides to bundle the same trunk. which is >>> impossible for two separate switc

Re: ipfw meets netmap (6.5 Mpps in userspace)

On Aug 13, 2012, at 2:17 PM, Luigi Rizzo wrote: > I just finished a netmap-enabled version of ipfw/dummynet, which > runs in userspace and is able to process over 6 million packets per > second (Mpps) with simple rulesets, and over 2.2 Mpps through > dummynet pipes (tested on an i7-3400 connected

Re: problem using ng_patch

On Aug 11, 2012, at 11:07 AM, h bagade wrote: > Hi all, > > I want to use the node ng_patch, to set the ToS field of special class of > packets. I try to test the function by a simple test scenario and > encountered problem using it. I have no idea why the problem occurs. > > Here I explain the

Re: how to set dscp field using altq?

On Aug 8, 2012, at 10:31 AM, h bagade wrote: > Hi all, > > I want to use combination of pf and the embedded altq to set the dscp field > on a group of packets. I didn't find any relevant configuration on pf.conf > manual, but I find out some tips which mention that altq has the ability to > do

Re: Enable/Disable flow control in FreeBSD

On Jul 25, 2012, at 11:47 AM, m s wrote: > Hi all. I want to disbale flow control on network interfaces.I must do a > test and I can't because flow control in enable.Is it enable as default?How > I can disable it? > Thanks > ___ > freebsd-net@freebsd.org

Re: how to correctly distinguish broadcast udp packets vs unicast (socket, pcap or bpf)?

On Jul 4, 2012, at 6:08 PM, Budnev Vladimir wrote: > Good day to all. > > What is the correct way to distinguish udp packets that obtained by > application and were send on 255.255.255.255 ip addr from those that were > send to unicast ip? > > Seems it is impossible with read/recvfrom so we'v

Re: 82599EB not supported by ixgbe(4)

re the second person in a fairly short time who has requested it, and > after > checking things out there appears to be no reason not to add the ID, so that > will > be coming shortly. > > Regards, > > Jack > > > On Sat, Jun 9, 2012 at 10:19 PM, Nikolay Denev wrot

82599EB not supported by ixgbe(4)

Hello Jack, It seems the following controller is not yet supported by ixgbe(4) : none4@pci0:3:0:0: class=0x02 card=0x7b118086 chip=0x154d8086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' device = '82599EB 10-Gigabit SFP+ Network Connection' class = network

Re: FreeBSD 8.2-STABLE sending FIN no ACK packets.

On Jun 8, 2012, at 4:30 AM, Adrian Chadd wrote: > On 7 June 2012 05:41, Nikolay Denev wrote: >> Hello, >> >> I've been pointed out by our partner that we are sending TCP packets with >> FIN flag and no ACK set, which is triggering >> alerts on their f

FreeBSD 8.2-STABLE sending FIN no ACK packets.

Hello, I've been pointed out by our partner that we are sending TCP packets with FIN flag and no ACK set, which is triggering alerts on their firewalls. I've investigated, and it appears that some of our FreeBSD hosts are really sending such packets. (they are running some java applications) I d

Re: Bug? adding a vlan on ix is not elegant

On May 24, 2012, at 11:45 AM, Rudy (bulk) wrote: > > If I have my ix0 up and add another vlan... eg > ifconfig vlan777 vlandev ix0 vlan777 10.77.7.1/24 > the act of creating a vlan causes all the other vlans to go offline for 15 > seconds. > > Rudy What version of FreeBSD are you running? The

Re: setfib/arpresolve behaviour bug?

Filed as misc/167947 On May 12, 2012, at 10:21 AM, Nikolay Denev wrote: > On Jan 21, 2010, at 6:16 PM, Matt Burke wrote: > >> Box is running 8.0-RELEASE-p2 cvsupped two days ago. >> >> NICs are em bonded with lagg failover and running a few vlan interfaces.

Re: setfib/arpresolve behaviour bug?

On Jan 21, 2010, at 6:16 PM, Matt Burke wrote: > Box is running 8.0-RELEASE-p2 cvsupped two days ago. > > NICs are em bonded with lagg failover and running a few vlan interfaces. > > net.my_fibnum: 0 > net.add_addr_allfibs: 1 > net.fibs: 4 > > This is reproducible, but with the lack of (accessi

Re: NETMAP on 9-STABLE

On May 4, 2012, at 10:26 AM, Luigi Rizzo wrote: > On Fri, May 04, 2012 at 09:55:32AM +0300, Nikolay Denev wrote: >> Hello, >> >> What is required to get NETMAP running on 9-STABLE, as the patches seem a >> bit stale. >> I see that the core functionality is

NETMAP on 9-STABLE

Hello, What is required to get NETMAP running on 9-STABLE, as the patches seem a bit stale. I see that the core functionality is there, but the driver support is missing. Is just using dev/ixgbe from -CURRENT sufficient? Thanks, Nikolay___ freebsd-net@

Re: Intel 10 GbE cards (ixgbe)

On Apr 25, 2012, at 1:41 PM, Marko Zec wrote: > Hi all, > > Although the ixgbe driver appears to have code for both 82598 and 82599 > chipsets, the manual page stil lists only 82598 based cards as officially > supported. Does anybody have first-hand experiences with 82599 based cards > and re

Re: Malformed syn packet cause %100 cpu and interrupts FreeBSD 9.0 release

On Mar 15, 2012, at 10:40 PM, Seyit Özgür wrote: > sori my opinion but i m not a BSD guru.. i just working on BSD like 2 months.. > i know that PF or IPFW isn't build multicore arhitecture... As i know if my > server got on heavy Syn flood traffic PF or IPFW don't enough 1 core.. > i also tried

Re: Stuck in FIN_WAIT_2

On Mar 15, 2012, at 12:57 PM, grarpamp wrote: > Hi. I've got 900-1000 connections stuck in FIN_WAIT_2. > The processes behind them on both sides have long > since exited. Anything I can do to clear them out > short of reboot? The box is 4.11, so no tcpdrop to try. > I suspect this may be starting

Re: stateful firewall implementation in FreeBSD

On Jan 27, 2012, at 4:41 AM, Kevin Oberman wrote: > On Thu, Jan 26, 2012 at 11:41 AM, Chuck Swiger wrote: >> Hi-- >> >> On Jan 26, 2012, at 9:24 AM, satish amara wrote: >>> I have question regarding the size of the state table kept in FreeBSD for >>> stateful packet inspection. Say we have a va

Re: ICMP attacks against TCP and PMTUD

On Jan 23, 2012, at 11:17 PM, Andre Oppermann wrote: > On 23.01.2012 16:01, Nikolay Denev wrote: >> >> On Jan 20, 2012, at 10:32 AM, Nikolay Denev wrote: >> >>> On Jan 15, 2012, at 9:52 PM, Nikolay Denev wrote: >>> >>>> On 15.01.2012, at 21:

Re: Performance problem using Intel X520-DA2

On Jan 23, 2012, at 11:39 PM, Marcin Markowski wrote: > Hello, > > This message has been sent to freebsd-performance@ but got > the information that should contact also with freebsd-net@. > > We use FreeBSD as sniffer (libpcap programs) and we experience > performance problems when incoming traf

Re: ICMP attacks against TCP and PMTUD

On Jan 20, 2012, at 10:32 AM, Nikolay Denev wrote: > On Jan 15, 2012, at 9:52 PM, Nikolay Denev wrote: > >> On 15.01.2012, at 21:35, Andrey Zonov wrote: >> >>> This helped me: >>> /boot/loader.conf >>> net.inet.tcp.hostcache.hashsizee53

Re: ICMP attacks against TCP and PMTUD

On Jan 15, 2012, at 9:52 PM, Nikolay Denev wrote: > On 15.01.2012, at 21:35, Andrey Zonov wrote: > >> This helped me: >> /boot/loader.conf >> net.inet.tcp.hostcache.hashsizee536 >> net.inet.tcp.hostcache.cachelimit66080 >> >> Actually, this is a work

Re: ICMP attacks against TCP and PMTUD

nite loop in MTU > discovery. > > > On 15.01.2012 22:59, Nikolay Denev wrote: >> >> % uptime >> 7:57PM up 608 days, 4:06, 1 user, load averages: 0.30, 0.21, 0.17 >> >> % vmstat -z|grep hostcache >> hostcache:136,15372,

Re: ICMP attacks against TCP and PMTUD

On Jan 15, 2012, at 8:27 PM, Andrey Zonov wrote: > Hi, > > Could you please show the output of `vmstat -z | grep hostcache'? > > On 12.01.2012 21:55, Nikolay Denev wrote: >> Hello, >> >> A web server that I administer running Nginx and FreeBSD-7.3-STABLE w

Re: ICMP attacks against TCP and PMTUD

On Jan 13, 2012, at 11:47 AM, Andre Oppermann wrote: > On 12.01.2012 18:55, Nikolay Denev wrote: >> Hello, >> >> A web server that I administer running Nginx and FreeBSD-7.3-STABLE was >> recently >> under a ICMP attack that generated a large amount of o

ICMP attacks against TCP and PMTUD

Hello, A web server that I administer running Nginx and FreeBSD-7.3-STABLE was recently under a ICMP attack that generated a large amount of outgoing TCP traffic. With some tcpdump and netflow analysis it was evident that the attachers are using ICMP host-unreach need-frag messages to make the we

Re: openbgpds not talking each other since 8.2-STABLE upgrade

On Jan 4, 2012, at 3:42 PM, sth...@nethelp.no wrote: >> You are setting the keys with setkey for both directions of a single >> session, right? >> i.e.: >> >> add X.X.X.X Y.Y.Y.Y tcp 0x1000 -A tcp-md5 "SomePass"; >> add Y.Y.Y.Y X.X.X.X tcp 0x1000 -A tcp-md5 "SomePass"; >> >> As before it was

Re: openbgpds not talking each other since 8.2-STABLE upgrade

On Jan 3, 2012, at 9:36 PM, sth...@nethelp.no wrote: >> Doug, does your kernel have TCP_SIGNATURE option? The patch[*] for >> net/openbgpd can be used as a workaround if it was due to TCP_MD5SIG >> option on the listening sockets. >> >> [*] http://people.allbsd.org/~hrs/FreeBSD/openbgpd.2012010

Re: openbgpds not talking each other since 8.2-STABLE upgrade

On Jan 3, 2012, at 10:52 PM, Doug Barton wrote: > On 01/03/2012 11:06, Hiroki Sato wrote: >> Doug Barton wrote >> in <4f027bc0.1080...@freebsd.org>: >> >> do> We have a pair of physical FreeBSD systems configured as routers >> do> designed to operate in an active/standby CARP configuration. Ev

Re: openbgpds not talking each other since 8.2-STABLE upgrade

On Jan 3, 2012, at 5:53 AM, Doug Barton wrote: > We have a pair of physical FreeBSD systems configured as routers > designed to operate in an active/standby CARP configuration. Everything > used to work fine, but since an upgrade to 8.2-STABLE on December 29th > the two routers don't speak BGP to

Re: Possible sge(4)/atphy(4) regression on RELENG_9?

On Nov 28, 2011, at 2:43 AM, YongHyeon PYUN wrote: > On Sat, Nov 26, 2011 at 04:39:03PM +0200, Nikolay Denev wrote: >> >> On Oct 24, 2011, at 9:18 PM, Nikolay Denev wrote: >> >>> >>> On Oct 24, 2011, at 8:52 PM, YongHyeon PYUN wrote: >>> >&g

Re: Possible sge(4)/atphy(4) regression on RELENG_9?

On Oct 24, 2011, at 9:18 PM, Nikolay Denev wrote: > > On Oct 24, 2011, at 8:52 PM, YongHyeon PYUN wrote: > >> On Mon, Oct 24, 2011 at 04:43:57PM +0300, Nikolay Denev wrote: >>> Hello, >>> >>> I've recently upgraded a box running RELENG_8 to RELE

Re: Openbgpd incorrectly sets TCP_MD5 on the listen socket, regardless of configuration

On Nov 23, 2011, at 2:43 PM, Borja Marcos wrote: > > On Nov 23, 2011, at 9:30 AM, Nikolay Denev wrote: > >> I'm seeing exactly the same problem with Quagga. >> Quagga's bgpd also seem to always set the TCP_MD5 socket option, and newer >> freebsd 8.2

Re: Openbgpd incorrectly sets TCP_MD5 on the listen socket, regardless of configuration

On Nov 21, 2011, at 3:29 PM, Borja Marcos wrote: > > (Sent to freebsd-bugs as well, copied here for discussion, if needed) > > > > > > Sorry for the brief report and the scarce details. The fing form insists > on rejecting the captcha after one hour writing a report. > > So, in

Re: Possible sge(4)/atphy(4) regression on RELENG_9?

On Oct 24, 2011, at 8:52 PM, YongHyeon PYUN wrote: > On Mon, Oct 24, 2011 at 04:43:57PM +0300, Nikolay Denev wrote: >> Hello, >> >> I've recently upgraded a box running RELENG_8 to RELENG_9 and immediately I >> noticed much slower network connection. >>

Possible sge(4)/atphy(4) regression on RELENG_9?

Hello, I've recently upgraded a box running RELENG_8 to RELENG_9 and immediately I noticed much slower network connection. Running iperf shows about 20-30Mbits which was almost full GigE (~900Mbits) speed before. I'm noticing interface errors : [16:37]ndenev@nas:~% netstat -I sge0 NameMtu

Re: IFF_RENAMING interface flag

On Jul 5, 2011, at 2:14 PM, Mitya wrote: > Where I can see IFF_RENAMING interface flag ? > > /usr/include/net/if.h > > [skipped...] > #define IFF_MONITOR 0x4 /* (n) user-requested monitor mode */ > #define IFF_STATICARP 0x8 /* (n) static ARP */ > #define IFF_DYING

Radix sorting bug affecting IPSec performance.

This line from the OpenBSD 4.9 release notes attracted my attention : "A radix tree sorting bug was fixed, which results in significant improvements to IPsec performance under certain conditions.| And this seems to be the relevant commit : http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/rad

Re: Routing enhancement - reduce routing table locking

On Apr 18, 2011, at 8:59 PM, K. Macy wrote: > It occurred to me that I should add a couple of qualifications to the > previous statements. 1.6Mpps is line rate for GigE and I only know of > it to be achievable by igb hardware. The most I've seen em hardware > achieve is 1.1Mpps. Furthermore, in or

Re: Multiple gateways support

On Apr 6, 2011, at 5:36 PM, Michael Proto wrote: > On Wed, Apr 6, 2011 at 8:02 AM, J. Hellenthal wrote: >> On Wed, Apr 06, 2011 at 01:45:54PM +0400, Eir Nym wrote: >>> On 1 April 2011 21:27, Baginski Darren wrote: Hi! Could please someone tell me about current state of multiple g

Re: Routing enhancement - reduce routing table locking

On Apr 5, 2011, at 4:26 AM, Ingo Flaschberger wrote: > Hi, > > I have written a patch to: > *) reduce locking of routing table to achieve the same speed as with > flowtables, which do not scale with many routes: > use of a copy of the route > use rm_lock(9) > (idea of Andre Op

Re: kern/155772: ifconfig(8): ioctl (SIOCAIFADDR): File exists on directly connected networks

The following reply was made to PR kern/155772; it has been noted by GNATS. From: Nikolay Denev To: bug-follo...@freebsd.org, s...@ecom24.ru Cc: Subject: Re: kern/155772: ifconfig(8): ioctl (SIOCAIFADDR): File exists on directly connected networks Date: Tue, 5 Apr 2011 14:46:35 +0300 I&#

Re: ng_ether and vlan interfaces

On 16 Feb, 2011, at 19:09 , Julian Elischer wrote: > On 2/16/11 5:20 AM, Nikolay Denev wrote: >> On 15 Feb, 2011, at 21:08 , Nikolay Denev wrote: >> >>> On 15.02.2011, at 18:53, Arnaud Lacombe wrote: >>> >>>> Hi, >>>> >>&g

Re: ng_ether and vlan interfaces

On 15 Feb, 2011, at 21:08 , Nikolay Denev wrote: > On 15.02.2011, at 18:53, Arnaud Lacombe wrote: > >> Hi, >> >> On Tue, Feb 15, 2011 at 11:30 AM, Julian Elischer wrote: >>> changing it to '_' might be accceptable, '.' is much like '

Re: ng_ether and vlan interfaces

On 15.02.2011, at 18:53, Arnaud Lacombe wrote: > Hi, > > On Tue, Feb 15, 2011 at 11:30 AM, Julian Elischer wrote: >> changing it to '_' might be accceptable, '.' is much like '/' in th >> filesystem. >> it is a separator. You can't have it in the name. >> a patch that converted . to _ would be

ng_ether and vlan interfaces

Hi, When trying to use ng_ether with vlan interfaces using the naming sheme ${parent_if}.${vlan_tag} it produces the following warning : ng_ether_attach: can't name node ix0.512 And the newly created netgraph node stays . This is due to the following check in sys/netgraph/ng_base.c:ng_name

option RADIX_MPATH, RT_LINK_IS_UP() and interface routes.

Hello, A quick glance through sys/netinet/ip_output.c shows that interface routes are short-circuited and not checked for RT_LINK_IS_UP as gateway routes are. Consider the following scenario : A pair of redundant routers : RTR1 and RTR2. Each having dedicated uplink to some ISP and both run BGP

Re: Slow Intel 10GbE CX4 adapter behaviour

On 9 Feb, 2011, at 07:29 , rihad wrote: > Hi, we're a medium sized ISP that need to pass all incoming user traffic > through a Intel Server Systems FreeBSD PC and its dummynet pipes. Up until > yesterday it had two 1 gb em cards, one for input, one for output. As we were > approaching the bandw

Re: Generating RTM_IFINFO messages on interface description change?

On 13 Dec, 2010, at 13:21 , Nikolay Denev wrote: > Hello, > > I'm currently trying to enable bsnmpd to export the interface > descriptions that are supported on FreeBSD 8+ as ifDescr and > while doing it I'm wondering if RTM_IFINFO msgs should be generated > on descri

Generating RTM_IFINFO messages on interface description change?

Hello, I'm currently trying to enable bsnmpd to export the interface descriptions that are supported on FreeBSD 8+ as ifDescr and while doing it I'm wondering if RTM_IFINFO msgs should be generated on description set/change. This would greatly simplify the functionality in bsnmpd and would prevent

Re: ifconfig, vnets and interface names

On Oct 17, 2010, at 7:17 PM, Bjoern A. Zeeb wrote: > On Sun, 17 Oct 2010, Nikolay Denev wrote: > >> [ ... snip ... ] > > It's actually a bug in sys/net/if.c:if_vmove* we know about and that's > on the todo list. > Thanks, good to know. > I am not sure w

ifconfig, vnets and interface names

Hello, While playing with vnet jails I've discovered the following oddity, which probably is not what's expected to happen : First I'm creating two epair(4) interfaces : [16:51]r...@nas:/home/ndenev# ifconfig epair0 create epair0a [16:51]r...@nas:/home/ndenev# ifconfig epair1 creat

Re: pf & tcpdump

On Nov 13, 2009, at 2:51 PM, Stephane D'Alu wrote: > On 13/11/2009 13:08, Ian Smith wrote: >> On Fri, 13 Nov 2009, Stephane D'Alu wrote: >> > Is there a way to have tcpdump only showing packed that have pass the >> > filtering rules, so to check that firewall rules were correctly written >> a

Re: Can lagg0 failback be prevented?

How long exactly is that "momentary network outage"? If it's longer than a few (1-5) seconds it may be due to RSTP or STP enabled on the switch. You could try disabling STP on these ports and see if it will start forwarding traffic faster. -- Regards, Nikolay Denev On 16 Sep,

7.2 sends broken TCP retransmits while in half-closed state?

nfo 56 300.041497 10.20.0.20 10.10.0.10ICMP Destination unreachable (Host administratively prohibited) - -- Regards, Nikolay Denev -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (Darwin) iEYEARECAAYFAkqSpVgACgkQHNAJ/fLbfrmTHwCfUcgiwrc1VsWB3Om627VDq

Re: bce(4) and lagg(4) fix [was: bce(4) sees all incoming frames as 2026 bytes in length]

On Apr 30, 2009, at 3:04 PM, Nikolay Denev wrote: [snip] I think I got it. It seems that the mbuf fields m_pkthdr.len and m_len are not updated to the real packet size pkt_len. Well, actually they are updated, but only if we have ZERO_COPY_SOCKETS defined. After I added this : m0

bce(4) and lagg(4) fix [was: bce(4) sees all incoming frames as 2026 bytes in length]

On Apr 30, 2009, at 2:56 PM, Nikolay Denev wrote: On Apr 29, 2009, at 7:04 PM, pluknet wrote: 2009/4/29 Niki Denev : bce1: mem 0xf800-0xf9ff irq 16 at device 0.0 on pci3 bce1: Ethernet address: 00:22:19:xx:xx:xx bce1: [ITHREAD] bce1: ASIC (0x57081020); Rev (B2); Bus (PCI-X, 64-bit

Re: bce(4) sees all incoming frames as 2026 bytes in length

On Apr 29, 2009, at 7:04 PM, pluknet wrote: 2009/4/29 Niki Denev : bce1: mem 0xf800-0xf9ff irq 16 at device 0.0 on pci3 bce1: Ethernet address: 00:22:19:xx:xx:xx bce1: [ITHREAD] bce1: ASIC (0x57081020); Rev (B2); Bus (PCI-X, 64-bit, 133MHz); B/C (0x04040105); Flags( MFW MSI ) bce1: f

bce(4) sees all incoming frames as 2026 bytes in length

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I have the following problem with the new bce(4) driver on a 7.2- PRERELEASE from a few days ago. When I run tcpdump on the bce interface on the machine, all incoming frames are shown as 2026 in size, but on the sending machine tcpdump repo

Re: FreeBSD network failover

d.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" pfSense for example accomplishes this by using pf(4) with slbd (/usr/ ports/net/slbd). - -- Regards, Nikolay Denev -BEGI

Re: ifconfig em0 mtu 9000 does not update the routing table

On 28 Oct, 2008, at 18:41 , Jack Vogel wrote: It can't change the route table when you've given it no address: IE. ifconfig em0 HOSTNAME mtu 9000 will update it just fine. Cheers, Jack On Tue, Oct 28, 2008 at 6:15 AM, Nikolay Denev <[EMAIL PROTECTED]> wrote: Hello, As

ifconfig em0 mtu 9000 does not update the routing table

ed to work this way? I understand that making ifconfig touch the routing table is ugly hack, but maybe the routing code can be notified for interface changes by some other mechanism? btw, this is on 7-STABLE with if_em(4) interfaces. -- Regards, Nik

pf table synchronization between redundant routers (pfsync?)

Hi all, I'm thinking about adding support for pfsync to synchronize pf tables, so it can be used on redundant firewalls/routers setup. At first glance it looks fairly simple, just send/receive a message containing the table name, the prefix, and the action "add" or "remove". Has anyone tried