Re: IPSEC and IPNAT (was: Re: IPSec)

On Thu, Dec 06, 2001 at 08:13:33PM +0100, Guido van Rooij wrote: > On Thu, Dec 06, 2001 at 07:29:27PM +0200, Ruslan Ermilov wrote: > > On Thu, Dec 06, 2001 at 10:22:05PM +0500, Dingo wrote: > > > ipfilters ipnat We ran into the IPSec intercept problem with 4.3, > > > can you tell me when the c

Re: log_in_vain

Hello, On Thu, 6 Dec 2001, Paul Chvostek wrote: > > For the fun of it, I turned on log_in_vain. And I'm seeing *lots* of > stuff one might expect (port scans, Nimda poking at my mail server, > SMTP to the web server, etc). But I'm also seeing stuff I don't expect, > primarily in the areas of

Tutorials or notes available for 4.4's ipsec, ipfw, and divert socket?

Hi, I am reading the IP layer source code and I am wondering if there have been mails on this mailing list, or other tutorial documents on the web explaining the design principles  of the implementation of ipfw , ipsec, and divert socket in 4.4 kernel. Please tell me where can I find them if

Re: NOARP - gateway must answer and have frozen ARP table

On Thu, Dec 06, 2001 at 12:59:39PM -0800, Bill Fenner wrote: > > Garrett and I discussed what IFF_NOARP should mean about 4-5 years > ago; we decided that it probably menat "no ARP". We discussed > the idea of seperating it out into two flags; "Don't reply to ARP" > and "don't pay attention to A

Re: pcap_open_live() takes 1 sec to complete?

On 2001-12-06, Barney Wolff wrote: > As I recall, delays like that come from the power-saving mode on > the card. Turn power-saving off to make them go away. Power saving is off: # ancontrol -C | grep "save mode" Power save mode:[ none ] > > Marco Molteni write

Re: pcap_open_live() takes 1 sec to complete?

On 2001-12-06, Doug Ambrisko wrote: > Marco Molteni writes: > | I am writing a small program that does a pcap_open_live() on the > | Aironet an device, PCMCIA mode. System is a recent -stable on a > | Toshiba Portege 7200 laptop. > | > | Now, pcap_open_live() takes more than 1 sec to return. Is th

Re: Router alert option

> I have seen Mr.Ping Pan's implementation of this. This seems to be just > for receiving a packet with some IP option through a raw IP socket. This I haven't carefully looked into the code, but it seems enable to receive as well as intercept (and send through a socket to the user-level) packets

3C19250

Hi I've got some problems with my 3C19250 USB NIC. My sys is 5.0-CURRENT, but I get the same errors on 4.4-STABLE, dmesg: kue0: 3COM 3COM USB Network Interface (3C19250), rev 1.00/2.02, addr 2 The NIC is found and it works good but then after a while: Dec 3 19:03:14 snowblind /kernel: kue0: wat

Request to back out Luigis polled-net patch in -stable.

--- Forwarded Message To: [EMAIL PROTECTED] Subject: Request to back out Luigis polled-net patch in -stable. From: Poul-Henning Kamp <[EMAIL PROTECTED]> Date: Fri, 07 Dec 2001 17:13:24 +0100 Message-ID: <[EMAIL PROTECTED]> Sender: [EMAIL PROTECTED] I have not read the entire patch in detai

Gigabit for FreeBSD

Hi all. Does anyone know of a good stable 1000baseTX gigabit network adapter that works well with FreeBSD? I have this Netgear adapter that seems to have problems. Help is -- of course -- appreciated. Thanks. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in t

Re: Gigabit for FreeBSD

I'm using 3Com 3c985-SX and it seems to work fine. Haven't yet push it hard, but has (so far) provided connectivity. On Friday, December 7, 2001, at 12:22 , David Smithson wrote: > Hi all. Does anyone know of a good stable 1000baseTX gigabit network > adapter that works well with FreeBSD? I

Re: Request to back out Luigis polled-net patch in -stable.

> To: [EMAIL PROTECTED] Core isn't really the appropriate forum for asking for a back-out; arch and net are where this should have been discussed and reviewed in the first place. > Subject: Request to back out Luigis polled-net patch in -stable. I'm entirely in agreement with this; the decision

Re: Request to back out Luigis polled-net patch in -stable.

Mike Smith wrote: > > Subject: Request to back out Luigis polled-net patch in -stable. > > I'm entirely in agreement with this; the decision to commit this code was > extremely ill-advised, and the best thing we can do now for everyone's > sake is to pull it as quickly as possible. > > > I would

specifying interface to route command broken??

> > Hi, > > I am probably screwing something up :-) > > netstat -rn shows: > > Internet: > DestinationGatewayFlags Refs Use Netif > Expire > 127.0.0.1 127.0.0.1 UH 4 31 lo0 > aaa.bbb.ccc.16/28 link#5 UC 1

Re: Request to back out Luigis polled-net patch in -stable.

At 9:44 PM +0100 12/7/01, Marko Zec wrote: >Mike Smith wrote: > > > I would also like to point to the parallel piece of code: Jun-Itohs >> > ALTQ for which he reliably has maintained a patch relative to the >> > 4.X branch and which despite various peoples requests have not > > > haphazardly b

Re: Request to back out Luigis polled-net patch in -stable.

In message , Garance A Drosihn writes: >Poul-Henning included one comment about "track records" which may >have been a bit harsh, but if you ignore that one sentence than >everything he said seemed pretty reasoned (ie, "calmly thought out", >as opposed to "e

Re: specifying interface to route command broken??

Lars wrote: > > > > Hi, > > > > I am probably screwing something up :-) > > > > netstat -rn shows: > > > > Internet: > > DestinationGatewayFlags Refs Use Netif > > Expire > > 127.0.0.1 127.0.0.1 UH 4 31 lo0 > > aaa.bbb.ccc.16/28

HEADS-UP: polling code removed.

[Bcc to [EMAIL PROTECTED]] FYI ... cheers luigi - Forwarded message from Luigi Rizzo <[EMAIL PROTECTED]> - Date: Fri, 7 Dec 2001 16:04:16 -0800 (PST) From: Luigi Rizzo <[EMAIL PROTECTED]> Subject: cvs commit: src/sys/conf options.i386 src/sys/dev/fxp if_fxp.c s

Re: Request to back out Luigis polled-net patch in -stable.

> > > I would also like to point to the parallel piece of code: Jun-Itohs > > > ALTQ for which he reliably has maintained a patch relative to the ... > > Yes; this is an excellent example of how it can be done better. > > Sorry guys, but aren't you comparing apples with oranges? As far as I No.

Re: NAT and ALG

On Fri, Dec 07, 2001 at 10:24:50AM +0530, Pranay wrote: > Hi All, >How does the NAT in the ip_nat.c take care of FTP port and PASV commands? See ip_ftp_pxy.c. For in depth IPFilter discussion, [EMAIL PROTECTED] is probably a better list. -- "It's always funny until someone gets hurt. Then it

Re: NOARP - gateway must answer and have frozen ARP table

> OK, I have a proposal that should fit both opinions. I'll keep the > net.link.ether.inet.static_arp to mean what it means now (keep ARP > table static, no updates except from local process through a routing > socket writes), and will add another sysctl that will switch the > meaning of IFF_NOAR

Re: NOARP - gateway must answer and have frozen ARP table

> If this is really want to do, I believe you can do it with existing > tools. > > For simplicity, I'm just going to illustrate a way to set it up rather > than explain it. Store your IP-MAC address pairs in flat file as > proscribed in arp(8), > > 192.168.10.201:02:03:10:11:12 >