Rustls and ktls

Rustls is an all-new TLS implementation written entirely in Rust. Its memory-safe design makes it inherently resistant to attacks like Heartbleed. Now, its creators are claiming that it outperforms OpenSSL, too. But it lacks support for FreeBSD's ktls. I think that adding ktls support would be

Re: How does the TCP measurement period work?

On Fri, Oct 11, 2024 at 1:05 AM Michael Tuexen wrote: > > > On 11. Oct 2024, at 01:07, Alan Somers wrote: > > > > Can somebody please explain to me how the TCP measurement period > > works? When does h_ertt decide to take a new measurement? > > > > Motivat

How does the TCP measurement period work?

Can somebody please explain to me how the TCP measurement period works? When does h_ertt decide to take a new measurement? Motivation: I recently saw a long-distance connection that should've been capable of 80+ MBps suddenly drop to < 1 MBps. Subsequent analysis of the pcap file showed that whi

Re: Monitoring packet loss

On Wed, Aug 7, 2024 at 7:21 PM Navdeep Parhar wrote: > > On 8/7/24 7:06 AM, Alan Somers wrote: > > I'd like to track the rate of packet loss for outbound packets from > > some production servers. Obviously, that's impossible. But I think > > that the rate

Monitoring packet loss

I'd like to track the rate of packet loss for outbound packets from some production servers. Obviously, that's impossible. But I think that the rate of TCP retransmissions should be a close proxy for packet loss. Currently I can only observe TCP retransmissions by using wireshark, a slow and lab

Re: TCP Success Story (was Re: TCP_RACK, TCP_BBR, and firewalls)

rds > Michael > > > > BR, > > > > On Thu, Jul 18, 2024 at 5:27 AM wrote: > >> On 17. Jul 2024, at 22:00, Alan Somers wrote: > >> > >> On Sat, Jul 13, 2024 at 1:50 AM wrote: > >>> > >>>> On 13. Jul 2024, at 01:43,

Re: TCP Success Story (was Re: TCP_RACK, TCP_BBR, and firewalls)

On Wed, Jul 17, 2024 at 2:27 PM wrote: > > > On 17. Jul 2024, at 22:00, Alan Somers wrote: > > > > On Sat, Jul 13, 2024 at 1:50 AM wrote: > >> > >>> On 13. Jul 2024, at 01:43, Alan Somers wrote: > >>> > >>> I've b

Re: TCP Success Story (was Re: TCP_RACK, TCP_BBR, and firewalls)

lt to see. Thanks for experimenting. > > Just curious why bbr and rack don't co-exist? Those are two separate things. > Is it a current bug or by design? > > BR, > > On Thu, Jul 18, 2024 at 5:27 AM wrote: >> >> > On 17. Jul 2024, at 22:00, Alan Somers wrote: >> &g

TCP Success Story (was Re: TCP_RACK, TCP_BBR, and firewalls)

On Sat, Jul 13, 2024 at 1:50 AM wrote: > > > On 13. Jul 2024, at 01:43, Alan Somers wrote: > > > > I've been experimenting with RACK and BBR. In my environment, they > > can dramatically improve single-stream TCP performance, which is > > awesome. But p

TCP_RACK, TCP_BBR, and firewalls

I've been experimenting with RACK and BBR. In my environment, they can dramatically improve single-stream TCP performance, which is awesome. But pf interferes. I have to disable pf in order for them to work at all. Is this a known limitation? If not, I will experiment some more to determine ex

Re: RFC: NFS trunking (multiple TCP connections for a mount

On Mon, Jun 28, 2021 at 6:24 PM Rick Macklem wrote: > The Linux NFS client now has a mount option "nconnect", > which specifies that multiple TCP connections be created > for an NFS mount, where RPCs are done on the connections, > in a round robin fashion. (Alternating between the two TCP > conne

Re: tcp-testsuite into src?

On Mon, Mar 22, 2021 at 7:31 PM Kevin Bowling wrote: > Hi, > > I was talking with gnn and kevans on IRC about the tcp testsuite > (https://github.com/freebsd-net/tcp-testsuite). > > Currently we maintain this in ports, although the way the port is set > up doesn't make a lot of sense because the

Re: NFS Mount Hangs

On Wed, Mar 17, 2021 at 3:37 PM Rick Macklem wrote: > Jason Breitman wrote: > >Please review the details below and let me know if there is a setting > that I should >apply to my FreeBSD NFS Server or if there is a bug fix that > I can apply to resolve my >issue. > >I shared this information with

Re: net.add_addr_allfibs=1 behaviour deprecation

On Sat, Aug 15, 2020 at 5:25 AM Alexander V. Chernikov wrote: > 18.07.2020, 14:22, "Alexander V. Chernikov" : > > Dear FreeBSD users, > > > > I would like to make net.add_addr_allfibs=0 as the default system > behaviour and remove net.add_addr_allfibs. > > To do so, I would like to collect use ca

Re: How to work with in 1GbE network ?

Make sure that dns resolution is working, forward and reverse. On Wed, Feb 19, 2020, 2:53 PM Eric Joyner wrote: > Have you tried turning off jumbo frames? > > - Eric > > On Tue, Feb 18, 2020 at 10:04 PM KIRIYAMA Kazuhiko > wrote: > > > Hi, all > > > > I wonder how to work ixgbe in 1GbE network.

Re: Umounting an NFS-mounted share after connection is lost?

On Mon, Oct 28, 2019 at 8:53 PM Thomas Mueller wrote: > How do you umount a file system that has been mounted with mount_nfs when > the connection is lost? > > Server can crash, cable modem could quit and not hold power, or a change > in cable modem or router could change 192.168.0.1 to 192.168.1

Re: Qlogic FastLinq 45xxx driver Patch for upstream

On Thu, Jun 20, 2019 at 7:38 AM Anand Khoje wrote: > > Hi, > > We have a patch with fix for an issue raised by Microsoft : > "FreeBSD 11.2 - Kernel panic when flapping network interfaces on and off" . > The issue was observed when the customer was trying to flap interface on and > off in a loop m

Re: why rtsold ?

On Mon, Oct 8, 2018 at 6:17 PM Victor Sudakov wrote: > Kevin Oberman wrote: > > > > > When running FreeBSD as an IPv6 host im SLAAC mode, is > > > > > "rtsold_enable=YES" really necessary? I did not enable rtsold and > IPv6 > > > > > still works fine only with > > > > > > > > rtsold is needed to

Re: why rtsold ?

On Sat, Sep 29, 2018, 11:24 PM Victor Sudakov wrote: > Alan Somers wrote: > > > > > > When running FreeBSD as an IPv6 host im SLAAC mode, is > > > "rtsold_enable=YES" really necessary? I did not enable rtsold and IPv6 > > > s

Re: why rtsold ?

On Sat, Sep 29, 2018 at 8:20 PM Victor Sudakov wrote: > Dear Colleagues, > > When running FreeBSD as an IPv6 host im SLAAC mode, is > "rtsold_enable=YES" really necessary? I did not enable rtsold and IPv6 > still works fine only with > > fconfig_re0="" > ifconfig_re0_ipv6="inet6 accept_rtadv" > >

Re: Fw: 100.chksetuid handging on nfs mounts

Well that's not very illuminating. I was wondering if it had weird mount options or something. Are you sure that's why find is hanging? What happens if you unmount and repeat the command? On Thu, Aug 30, 2018 at 7:44 AM Gerrit Kühn wrote: > On Thu, 30 Aug 2018 07:25:54 -060

Re: Fw: 100.chksetuid handging on nfs mounts

On Thu, Aug 30, 2018 at 1:09 AM Gerrit Kühn wrote: > On Fri, 15 Dec 2017 15:46:59 +0100 Gerrit Kühn > wrote about Re: Fw: 100.chksetuid handging on nfs mounts: > > Hello all, > > Sorry for picking this up after such a long time... > > > > This is a known bug. It happens when an NFS filesystem i

Re: Getting functional ipv6 on Century Link

On Sat, May 26, 2018 at 9:01 AM, Sean Bruno wrote: > http://www.centurylink.com/home/help/internet/modems-and- > routers/zyxel-c1100z/ipv6-turn-on.html > > US DSL carrier that seems to provide v6 via a 6rd configuration. This > all seems to be working and my modem reports it has stuff and things

Re: Starting and stopping nfsd apparently results in permanently disabling it

First, you're starting stuff in the wrong order. /etc/rc.d/nfsd depends on /etc/rc.d/mountd. It sounds like you're bypassing rc, but you still need to start the daemons in the same order as rc does. Secondly, how did you kill them? /etc/rc.d/nfsd uses SIGUSR1 to kill nfsd. That probably trigge

Re: pf: redirect a packet's port but not its address?

On Wed, Jan 24, 2018 at 3:16 AM, Andrey V. Elsukov wrote: > On 24.01.2018 02:26, Andrey V. Elsukov wrote: > > I think it is correct behavior if you try to forward to loopback > > address. In case when you listen on the LLA and fwd to this LLA there is > > seems the bug. > > > > # ipfw add fwd fe8

Re: pf: redirect a packet's port but not its address?

On Tue, Jan 23, 2018 at 11:41 AM, Eugene Grosbein wrote: > 24.01.2018 1:26, Alan Somers wrote : > > >> # ipfw add fwd ::1,5678 tcp from any to any 4000 > >> # nc -6 -l ::1 5678 > >> > >> And from another host tried: > >> # telnet -6 fc00::1 40

Re: pf: redirect a packet's port but not its address?

On Tue, Jan 23, 2018 at 10:39 AM, Andrey V. Elsukov wrote: > On 23.01.2018 19:17, Alan Somers wrote: > >>> Unfortunately, pf currently lacks this capability. But it looks like > it > >>> could be added without breaking existing pf.conf syntax. Would this > be

Re: pf: redirect a packet's port but not its address?

On Tue, Jan 23, 2018 at 7:16 AM, Andrey V. Elsukov wrote: > On 23.01.2018 03:35, Alan Somers wrote: > > All of these problems could be solved if pf were able to redirect a > > packet's destination port but not its address. You could bind the daemon > > to INADDR_ANY

pf: redirect a packet's port but not its address?

I'm using pf with rules like the following: rdr inet proto tcp from any to any port 80 -> localhost port 8080 rdr inet6 proto tcp from any to any port 80 -> ::1 port 8080 It works for IPv4. But for IPv6 it fails because the redirected packet violates IPv6's scoping rules. I've got a patch to ha

Re: Allowing a local subnet route to change to a different ifnet

On Wed, Jan 17, 2018 at 2:56 PM, Ryan Stone wrote: > I'm going to prefix this question by noting that I realize that the > configuration that I am about to describe is quite nonsensical. > Unfortunately, it seems that under older versions of FreeBSD (possibly > FreeBSD 7-vintage), the configurati

Re: Fw: 100.chksetuid handging on nfs mounts

On Fri, Dec 15, 2017 at 6:34 AM, Gerrit Kühn wrote: > Hello all, > > As I got no response at all on freebsd-fs, I try again here... > > > > Begin forwarded message: > > Date: Tue, 5 Dec 2017 09:04:51 +0100 > From: Gerrit Kühn > To: freebsd...@freebsd.org > Subject: 100.chksetuid handging on nfs

Re: Help with mbuf exhaustion

First of all, 10.3-RELEASE-p2 is very old and has known security vulnerabilities. Have you tried 10.3-RELEASE-p21 or even 10.4-RELEASE ? On Thu, Sep 28, 2017 at 1:30 PM, Josh Gitlin wrote: > Hi FreeBSD Gurus! > > We're having an issue with mbuf exhaustion on a FreeBSD server which was > recentl

Re: A web server behind two gateways?

On Mon, Jul 17, 2017 at 11:19 AM, Eugene Grosbein wrote: > 17.07.2017 23:46, Alan Somers wrote: > >>> So, the solution depends of kind of NAT you use. >> >> That's not 100% true. The web server is choosing which gateway to >> use. As Grzegorz said, it

Re: A web server behind two gateways?

On Mon, Jul 17, 2017 at 5:33 AM, Eugene Grosbein wrote: > On 16.07.2017 19:48, Grzegorz Junka wrote: >> Hello, >> >> I have a jail running a web server in LAN. There are two routers/WANs >> that can connect LAN to the internet. I enabled NAT and port forwarding >> to the web server on both routers

Re: Possible bug in ifconfig regarding ip addresses and fibs

On Fri, Jun 16, 2017 at 10:35 AM, Steven Crangle < ste...@stream-technologies.com> wrote: > Hi Alan, > > > Thanks for the fast reply. > > I actually think I had the fib 5 part appended to the line previously, but > had somehow removed it in my repeated attempts! Either way, I just tried > your sol

Re: Possible bug in ifconfig regarding ip addresses and fibs

On Fri, Jun 16, 2017 at 10:00 AM, Steven Crangle wrote: > > Hi, > > > I've been configuring a device with the following rc.conf lines: > > > ifconfig_le6_name="manee" > ifconfig_manee="fib 5 up" > ifconfig_manee_alias0="inet 185.100.174.221 netmask 255.255.255.0" > ifconfig_manee_alias1="inet 172.

[Differential] D10485: Replace dhcp option 150 by 66

asomers added a comment. In https://reviews.freebsd.org/D10485#217709, @kczekirda wrote: > @asomers > this change exactly provides compatibility with PXE standard, because in the PXE specification option 150 doesn't exist, but 66 does. > netproto variable and option 150 appears in

[Differential] D10485: Replace dhcp option 150 by 66

asomers added a comment. Even if this is the correct change to make, the old option must still be supported for backwards compatibility with older PXE servers. Shouldn't there be an accompanying documentation change? How will users know to change their DHCP options? REVISION DETAIL http

[Differential] D9451: Constrain IPv6 interface routes to each FIB

This revision was automatically updated to reflect the committed changes. Closed by commit rS315458: Constrain IPv6 routes to single FIBs when net.add_addr_allfibs=0 (authored by asomers). CHANGED PRIOR TO COMMIT https://reviews.freebsd.org/D9451?vs=26053&id=26359#toc REPOSITORY rS FreeBSD s

[Differential] D9451: Constrain IPv6 interface routes to each FIB

asomers accepted this revision. asomers added inline comments. This revision has a positive review. INLINE COMMENTS > jhujhiti_adjectivism.org wrote in nd6_nbr.c:265 > I think this is the only thing left to consider for this patch, but it seems > to me that using the receiving interface's FIB is

[Differential] D9451: Constrain IPv6 interface routes to each FIB

asomers added inline comments. INLINE COMMENTS > jhujhiti_adjectivism.org wrote in icmp6.c:2147 > @asomers, can you confirm that M_GETFIB(m) is always correctly set to the FIB > of the receiving interface? No. According to the comment at the bottom of icmp6_error, it isn't, because icmp6_refl

[Differential] D9451: Constrain IPv6 interface routes to each FIB

asomers added a comment. Almost done. I think the only thing left is to delete all of the related atf_expect_fail statements from fibs_test.sh, not just one. INLINE COMMENTS > jhujhiti_adjectivism.org wrote in nd6.c:1353 > This seems like a good idea. Is this new code what you had in mind?

[Differential] D9451: Constrain IPv6 interface routes to each FIB

asomers added inline comments. INLINE COMMENTS > jhujhiti_adjectivism.org wrote in nd6.c:1295 > > It's totally valid for an interface to have multiple addresses assigned, > > each of which is on a different fib. > > Is this true? I'm not aware of a way this could happen. Interface routes are >

[Differential] D9451: Constrain IPv6 interface routes to each FIB

asomers added a comment. This review is starting to look pretty good. But in addition to the few things I mentioned inline, there's one other change that you need to make: you get to clear the `atf_expect_fail` statements from tests/sys/netinet/fibs_test.sh. INLINE COMMENTS > jhujhiti_adj

Re: VNET / netgraph jails -- Locking down?

I do something similar, but I rely entirely on vnet and PF instead of netgraph. My host has two ethernet ports, so I use one for the host and one for all of the jails. That makes the pf setup easier. I use iocage to configure an ordinary vnet jail, bridged to the host's second ethernet port. Th

[Differential] D9451: Constrain IPv6 interface routes to each FIB

asomers added a comment. In https://reviews.freebsd.org/D9451#196364, @jhujhiti_adjectivism.org wrote: > As I mentioned in the PR, this is my first attempt at kernel work, so I very much appreciate the comments. I'll go ahead and update the review summary at my next opportunity. > >

Re: Multiple MAC addresses on a single interface

It sounds like overkill, but if you put each PPPoE client in a separate VIMAGE jail, then each one will get a separate vnet interface, with distinct MACs. They can be bridged to the same physical interface. -Alan On Wed, Feb 8, 2017 at 11:06 AM, Alex Dupre wrote: > Hi, > I need to establish two

[Differential] D9451: Constrain IPv6 interface routes to each FIB

asomers requested changes to this revision. asomers added a subscriber: bz. asomers added a comment. This revision now requires changes to proceed. In addition to the issues I mentioned inline, could you please also update the review summary to include the full commit message? Try to mention

[Differential] D9451: Constrain IPv6 interface routes to each FIB

asomers added a reviewer: bz. REPOSITORY rS FreeBSD src repository REVISION DETAIL https://reviews.freebsd.org/D9451 EMAIL PREFERENCES https://reviews.freebsd.org/settings/panel/emailpreferences/ To: jhujhiti_adjectivism.org, #network, asomers, bz Cc: bz, imp, ae, freebsd-net-list ___

[Differential] D9451: Constrain IPv6 interface routes to each FIB

asomers added a comment. Awesome work jhujhiti. Unfortunately, I won't be able to test it until PR 216734 is fixed or I make myself another FreeBSD head machine. I'll try to do that sometime next week. REPOSITORY rS FreeBSD src repository REVISION DETAIL https://reviews.freebsd.org/D9

Re: NFSROOT and lagg(4)

Are you mounting NFS with UDP? That handles switching interfaces better than TCP. You might be able to boot on em0, then configure lagg0 on em1, then add em0 to the lagg. On Feb 4, 2017 2:05 PM, "Sean Bruno" wrote: > > > On 02/04/17 14:00, Konstantin Belousov wrote: > > Look at reroot support,

Re: LACP: Fatal trap 18: integer divide fault while in kernel mode

Please do open a PR and CC me. As well as the stack trace, post your lagg configuration, and, if you can determine it, the ports' state at the time of the crash. -Alan On Sat, Jan 28, 2017 at 11:21 AM, Slawa Olhovchenkov wrote: > I am got panic on recent stable: > > Fatal trap 18: integer divide

Re: pf & NAT issue

On Fri, Jan 20, 2017 at 3:48 AM, Kristof Provost wrote: > On 20 Jan 2017, at 9:35, Bakul Shah wrote: >> >> pf seems to drop NAT connections quite a bit. This seems to >> happen much more frequently if there are delays involved (slow >> server or interactive use). Almost seems like pf losing >> tra

Re: =ping: sendto: Can't assign requested address= in fib spaces

That "Can't assign requested address" suggests that the problem might have nothing to do with fibs. Can you show us your "ifconfig" output? It would also help to know what local address ping is trying to assign. You can figure that out by doing "setfib 2 ktrace ping 8.8.8.8; kdump" and searching

Re: =ping: sendto: Can't assign requested address= in fib spaces

On Tue, Sep 13, 2016 at 4:41 PM, wrote: > Hi, > > in r305382 on my router-box I see some issue with ICMP and UDP in IPv4 in > non-default fib spaces. PF is disabled. For example, > > UDP: > > setfib -2 host -vvv www.cisco.com 8.8.8.8 > Trying "www.cisco.com" > ;; connection timed out; no servers

Re: 60G+ network connection

On Fri, Sep 2, 2016 at 8:07 AM, Slawa Olhovchenkov wrote: > On Fri, Sep 02, 2016 at 04:02:20PM +0200, Kajetan Staszkiewicz wrote: > >> On day piątek, 2 września 2016 13:02:03 Slawa Olhovchenkov wrote: >> >> > > > PS: 100G transmiters and connectiveti too expensive, 2x40G prefer. >> > > >> > > You

Re: NFS on 10G interfaces still painfully slow

On Tue, Aug 2, 2016 at 2:49 AM, Gerrit Kühn wrote: > Hi all, > > I already reported this issue here a year ago and unfortunately was not > able to fix it back then. Now I had another run at it, using two recent > 10.3-machines with a direct 10G link. I still see nfs is painfully > slow (around 20-

Re: ifconfig: BRDGADD lo1: invalid argument

On Sun, Jun 26, 2016 at 3:37 AM, wrote: > Hello. > > On 2016-06-25T18:13:18 -0600 > Alan Somers wrote: > >> On Sat, Jun 25, 2016 at 4:05 PM, wrote: >> > I'm not using vnet jails. I'm actually just trying to get filtering of >> > outbound traf

Re: ifconfig: BRDGADD lo1: invalid argument

On Sat, Jun 25, 2016 at 4:05 PM, wrote: > Hello! > > On 2016-06-25T23:46:36 +0200 > Marko Zec wrote: >> >> if_bridge(4) works only with ethernet interfaces, and lo(4) isn't such a >> thing. > > Has this always been the case? I'm almost certain that I set up jails > with extra loopback devices th

Re: Filtering outbound traffic for private address jails?

On Sat, Jun 25, 2016 at 4:01 PM, wrote: > Hello. > > I have been searching for the best part of a day for a solution to this > problem and quite frankly cannot believe that I've spent this long on > something that appears to be so simple and that used to be fairly easy > to achieve. Many years ag

Re: lagg(4): LOR, deadlock and panic

On Tue, Jun 14, 2016 at 9:13 AM, Sean Bruno wrote: > tl;dr --> https://reviews.freebsd.org/D6845 > > Navdeep and I have been poking at an LOR that seems to be popping up > in -current that is related to lagg(4) and lagg_get_counter(). > > root@sysdev07:~ # ifconfig lagg0 create laggport ix0 laggpr

Re: cannot delete on-interface route in FIB

On Wed, Jun 8, 2016 at 4:43 AM, Eugene M. Zheganin wrote: > Hi. > > (first part of the message is describing why I need this, so impatient > people can proceed to th 'setfib 2 route delete' part directly). > > I have a FreeBSD router connected to the ISP network, which is organized > according to

Re: How to use pf with vimage jails?

On Wed, May 4, 2016 at 11:49 PM, Julian Elischer wrote: > On 4/05/2016 11:59 PM, Shawn Debnath wrote: > >> On 05/04, Alan Somers wrote: >> >>> Then maybe it's the bridged aspect that's screwing me up. Is there a >>> guide >>> for using pf o

Re: How to use pf with vimage jails?

On Wed, May 4, 2016 at 4:23 AM, Kristof Provost wrote: > > > On 04 May 2016, at 04:55, Alan Somers wrote: > > > > Is there any documentation on how to run pf on a host, using it to > control > > access to vimage jails? I see that only ipfw can be run from _in

How to use pf with vimage jails?

Is there any documentation on how to run pf on a host, using it to control access to vimage jails? I see that only ipfw can be run from _inside_ of the jail, but I'm interested in running pf _outside_ of the jail. One example application would be to use a jail as a honeypot. In that case, you wo

Re: Assigning same ip address to different interfaces with different FIBs

What you described doesn't work in FreeBSD, and there's even an open bug for it. But as Julian described, you should see if VIMAGE will work for you. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=189088 -Alan On Wed, Apr 20, 2016 at 4:19 AM, Julian Elischer wrote: > On 20/04/2016 5:58 PM,

Re: TSO test

Would it be more useful to log the NIC's interrupt rate using "vmstat -i"? On Thu, Mar 17, 2016 at 8:25 AM, Pieper, Jeffrey E < jeffrey.e.pie...@intel.com> wrote: > Basically what we do is run TCP tx traffic using various message sizes > with TSO enabled, while logging throughput and CPU usage, t

Re: libifconfig: A C API for ifconfig

On Fri, Mar 4, 2016 at 8:10 AM, Marie Helene Kvello-Aune < mariehelen...@gmail.com> wrote: > Hey! > > I'm currently working on a library called 'libifconfig' which will provide > a C API to do the actual work that /sbin/ifconfig currently does, except > that of lib80211. What sparked this project

Re: Displaying the supported module types of a network adapter

d module types for the device if you use > ifconfig -m, but I know that isn't the intended purpose of the -m flag. I > wouldn't mind moving all of that to another function whose purpose is to > just list all supported module types. > > - Eric > > On Wed, Jul 15, 2015

Displaying the supported module types of a network adapter

SIOCGIFMEDIA will return the list of supported media types and the current media type of a network interface. But for NICs with pluggable modules (SFP+, QSFP, etc), it would also be useful to know the allowed module type. I can't find any way to determine that using the standard tools. cxgbe(4)

Re: routes via lo0

I don't know. But I do know that if you delete the lo0 route, then you can't talk to services running on localhost. On a system with multiple fibs, that might conceivably be useful. On Thu, Jun 18, 2015 at 4:06 AM, Eugene M. Zheganin wrote: > Hi. > > Why we still have this anachronism - routes

Re: FreeBSD sometimes uses the router for packets on the local network

On Mon, Apr 6, 2015 at 12:15 PM, Anton Farber wrote: > Good evening, > > I've opened a thread on the FreeBSD networking forum > (https://forums.freebsd.org/threads/jail-fails-to-connect-to-main-host.50833/) > as sometime ago my FreeBSD server (initially running 10.1, now CURRENT) > started to b

Re: IPv6 routes leaking between FIBs?

On Mon, Dec 29, 2014 at 10:19 AM, Bjoern A. Zeeb wrote: > >> On 29 Dec 2014, at 16:03 , Alan Somers wrote: >> >> On Sun, Dec 28, 2014 at 3:16 AM, Bjoern A. Zeeb wrote: >>> >>> People simply broke it (again). Please file a bug report. You may >

Re: IPv6 routes leaking between FIBs?

On Sun, Dec 28, 2014 at 3:16 AM, Bjoern A. Zeeb wrote: > >> On 28 Dec 2014, at 03:19 , Jason Healy wrote: >> >> Hello, >> >> Trying out FreeBSD for the first time to build a firewall box that’s >> multi-core and runs PF. I’m very interested in the FIB code, as it lines up >> well with the way

Re: FreeBSD 10-stable (r274577) LACP / IEEE 802.3ad with TP-Link TL-SG2008 - not working

On Wed, Dec 17, 2014 at 10:11 PM, Craig Rodrigues wrote: > On Wed, Dec 17, 2014 at 9:08 PM, Craig Rodrigues > wrote: >> >> >> >> On Wed, Dec 17, 2014 at 5:36 PM, David P. Discher wrote: >>> >>> >>> Yeah, Alan - will do ... if I decided to look into more. That is why I was >>> looking for spec o

Re: compiling on nfs directories

On Wed, Dec 17, 2014 at 6:54 PM, Russell L. Carter wrote: > > > On 12/17/14 18:30, Adam McDougall wrote: >> >> On 12/17/2014 19:47, Russell L. Carter wrote: >>> >>> >>> >>> On 12/17/14 16:07, Rick Macklem wrote: >> >> If this is using an exported ZFS volume, it would be nice if you could

Re: FreeBSD 10-stable (r274577) LACP / IEEE 802.3ad with TP-Link TL-SG2008 - not working

On Wed, Dec 17, 2014 at 6:09 PM, David P. Discher wrote: > > On Dec 15, 2014, at 11:33 AM, Alan Somers wrote: > >> On Sun, Dec 14, 2014 at 6:23 PM, David P. Discher wrote: >>> >>> So, I think I’ve identified the issue. In sys/net/ieee8023ad_lacp.c, >&g

Re: FreeBSD 10-stable (r274577) LACP / IEEE 802.3ad with TP-Link TL-SG2008 - not working

On Sun, Dec 14, 2014 at 6:23 PM, David P. Discher wrote: > > So, I think I’ve identified the issue. In sys/net/ieee8023ad_lacp.c, > lacp_pdu_input() has a sanity check : > > if (m->m_pkthdr.len != sizeof(*du)) { > goto bad; > } > > I added some debugging informati

Re: FreeBSD 10-stable (r274577) LACP / IEEE 802.3ad with TP-Link TL-SG2008 - not working

On Wed, Dec 3, 2014 at 12:21 PM, David P. Discher wrote: > Hey Net - > > In probably a poor, cheap choice, I picked up a TP-Link TL-SG2008 Desktop > Smart Switch, which supports LACP/802.3ad. I’m currently running 10.1-STABLE > r274577 on the machine I’m testing with. I’m testing right now wit

Re: patches

On Wed, Oct 22, 2014 at 3:47 PM, Tony Moseby wrote: > Hello, > > A simple question,if I want to know if there is a patch for my > problem where should i Look?is there a data base or similar with > all patches for every source code file ? or how does one goes about. > Many thanks I'm not sure what

Re: Deleting IPv4 iface-routes from extra FIBs

On Mon, Oct 13, 2014 at 3:16 AM, Harald Schmalzbauer wrote: > Bezüglich Alexander V. Chernikov's Nachricht vom 13.10.2014 10:42 > (localtime): >> On 13.10.2014 12:35, Harald Schmalzbauer wrote: >>> Bezüglich Julian Elischer's Nachricht vom 23.04.2014 09:55 >>> (localtime): > ... yes, we ma

Re: if_lagg(4) accounting changes

On Sat, Sep 13, 2014 at 5:19 PM, Alexander V. Chernikov wrote: > Hello list. > > I'd like to commit some changes to lagg counters which might be worth > discussion. > > Diff is available at https://reviews.freebsd.org/D781 > Quoting its summary: > > > While counting packets using per-cpu counters

Re: [PATCH] Packet loss when 'control' messages are present with large data (sendmsg(2))

On Tue, Aug 26, 2014 at 1:51 PM, Mark Johnston wrote: > On Tue, Aug 26, 2014 at 03:15:31PM -0400, John Baldwin wrote: >> On Tuesday, August 26, 2014 11:05:12 am Alan Somers wrote: >> > On Mon, Aug 25, 2014 at 1:52 PM, John Baldwin wrote: >> > > On Friday, Augu

Re: [PATCH] Packet loss when 'control' messages are present with large data (sendmsg(2))

On Mon, Aug 25, 2014 at 1:52 PM, John Baldwin wrote: > On Friday, August 22, 2014 01:34:28 PM Harald Schmalzbauer wrote: >> Bezüglich Yuri's Nachricht vom 02.09.2013 06:54 (localtime): >> > Please check in this patch: >> > http://www.freebsd.org/cgi/query-pr.cgi?pr=181741 >> > Please MFC into 9.X

Re: [zone: Mbuf_cluster] kern.ipc.nmbclusters limit reached in Virtual machine causes downtime

On Tue, Jun 24, 2014 at 2:53 AM, Stefan Stere wrote: > Hi, > > I have a vmware virtual server running FreeBSD 10.0 STABLE > The virtual server has 100mbps port. > > It is running a Tor router, consuming an average of 6-7 TB of monthly > traffic. Its the only purpose of the server. > > Last night

Re: ifaddr refcount problem

On Tue, Jun 24, 2014 at 3:08 AM, Gleb Smirnoff wrote: > On Mon, Jun 23, 2014 at 10:44:58AM -0600, Alan Somers wrote: > A> > On Fri, Jun 20, 2014 at 12:15:21PM -0700, Navdeep Parhar wrote: > A> > N> Revision 264905 and 266860 that followed it seem to leak ifa

Re: ifaddr refcount problem

On Mon, Jun 23, 2014 at 2:52 AM, Gleb Smirnoff wrote: > Navdeep, > > On Fri, Jun 20, 2014 at 12:15:21PM -0700, Navdeep Parhar wrote: > N> Revision 264905 and 266860 that followed it seem to leak ifaddr > N> references. ifa_ifwithdstaddr and ifa_ifwithnet both install a > N> reference on the ifa

Re: ifaddr refcount problem

On Fri, Jun 20, 2014 at 1:15 PM, Navdeep Parhar wrote: > Revision 264905 and 266860 that followed it seem to leak ifaddr > references. ifa_ifwithdstaddr and ifa_ifwithnet both install a > reference on the ifaddr returned to the caller but ip_output does not > release it, eventually leading to a p

Re: Problem with removing mac address from arptable on 10-stable

On Wed, May 7, 2014 at 5:43 PM, Marcelo Gondim wrote: > Em 07/05/14 15:57, Marcelo Gondim escreveu: > >> Em 07/05/14 15:18, Alan Somers escreveu: >>> >>> On Wed, May 7, 2014 at 9:47 AM, Marcelo Gondim >>> wrote: >>>> >>>> H

Re: Problem with removing mac address from arptable on 10-stable

On Wed, May 7, 2014 at 9:47 AM, Marcelo Gondim wrote: > Hi all, > > I'm having this problemon my FreeBSD 10-STABLE: > > (root@rt01)[~]# arp -an|grep 187.xxx.216.252 > ? (187.xxx.216.252) at 5c:e0:f6:00:11:29 on vlan4 permanent [vlan] > > (root@rt01)[~]# arp -d 187.xxx.216.252 > delete: cannot loca

Please review: fix page fault panic in lacp_req

If you do an "ifconfig -am" in one thread while doing an "ifconfig lagg0 destroy" in another thread, at least two panics may result. One is in lacp_req(), caused by NULL == lsc. I opened kern/189003 to describe it. I'm still working on the other panic or panics. Full explanation and patch are at

Re: Deleting IPv4 iface-routes from extra FIBs

On Thu, Apr 24, 2014 at 5:50 PM, Chris Smith wrote: > On 25/04/14 11:15, Alan Somers wrote: >> >> On Thu, Apr 24, 2014 at 5:00 PM, Chris Smith >> wrote: >>> >>> On 24/04/14 18:24, Alexander V. Chernikov wrote: >>>> >>>> On 24.

Re: Deleting IPv4 iface-routes from extra FIBs

On Thu, Apr 24, 2014 at 5:00 PM, Chris Smith wrote: > On 24/04/14 18:24, Alexander V. Chernikov wrote: >> >> On 24.04.2014 01:56, Chris Smith wrote: >>> >>> On 23/04/14 19:55, Julian Elischer wrote: On 4/23/14, 4:38 AM, Nikolay Denev wrote: > > On Tue, Apr 22, 2014 at 5:37 PM, Ha

Re: Deleting IPv4 iface-routes from extra FIBs

On Thu, Apr 24, 2014 at 12:24 AM, Alexander V. Chernikov wrote: > On 24.04.2014 01:56, Chris Smith wrote: >> On 23/04/14 19:55, Julian Elischer wrote: >>> On 4/23/14, 4:38 AM, Nikolay Denev wrote: On Tue, Apr 22, 2014 at 5:37 PM, Harald Schmalzbauer wrote: > Hello, > > here,

Re: Multihomed system with jails routing issues

On Fri, Apr 4, 2014 at 8:22 PM, Chris Smith wrote: > Hi All, > > I have a system with 1 network interface with 2 extra VLANs off it and I'm > having some trouble getting the routing working correctly with it and jails. > > bge0 - management - 10.71.100.0/24 > bge0.101 - LAN- 10.71.101.

Re: questions about (system) dhclient

On Mon, Mar 31, 2014 at 2:31 PM, Robert Huff wrote: > [Please keep me CC'd as I am not subscribed. Thanks.] > > I have a system, running r263263, where dhclient is misbehaving. > (Yes - this is CURRENT, but I have no reason to believe this inherently a > version-specific issue. I

netstat -i[d] violates PoLS

"netstat -i" prints dropped output packets iff you also use "-d". Starting with r199803 on 2009-11-25, "netstat -i" prints dropped input packets regardless of the "-d" flags. That is a PoLS violation, IMHO. I think that the "-d" flag should control printing of dropped input packets as well as dro

Review: patch for kern/185812 send(2) on a UNIX domain SEQPACKET socket returns EMSGSIZE instead of EAGAIN

Replace 4.4BSD Lite's unix domain socket backpressure hack with a cleaner mechanism, based on the new SB_STOP sockbuf flag. The old hack dynamically changed the sending sockbuf's high water mark whenever adding or removing data from the receiving sockbuf. I

Re: Flow ID, LACP, and igb

On Thu, Aug 29, 2013 at 3:40 PM, T.C. Gubatayao wrote: > On Aug 29, 2013, at 4:21 PM, Alan Somers wrote: > >> They're faster, but even with this change, jenkins_hash is still 6 times >> slower than FNV hash. > > Actually, I think your test isn't accurately simul

Re: Flow ID, LACP, and igb

On Thu, Aug 29, 2013 at 1:33 PM, T.C. Gubatayao wrote: > On Aug 29, 2013, at 12:45 PM, Alan Somers wrote: > > > I pulled all four hash functions out into userland and microbenchmarked > them. > > The upshot is that hash32 and fnv_hash are the fastest, jenkins_hash is > &g

  1   2   >