can anyone point me to the kernel source where packets are taken from the
DIVERT socket (natd puts them there) -
i'm finding that sendto() is taking most of the CPU - so i want to have a
look at maybe taking two or three packets from the DIVERT buffer per kernel
loop.
(i'm not an expert at this
On Thu, 14 Feb 2002, Rogier R. Mulhuijzen wrote:
> I have personally looked at natd & stateful ipfw rules, and have
> concluded that it logically impossible to get it to work.
>
> Thus I made a ipfw rulelist that utilizes the statefulness of
> natd. I hope this helps you in making your own ruleli
Not actually.Its more to run QoS experiments and need
to customize some medium access protocols like csma/ca
e.t.c.Guess i cant get to the csma protocol from the
freebsd tcp/ip stack source code.
Vinod
--- Jason Hunt <[EMAIL PROTECTED]> wrote:
> If you mean that you would like to change the MAC
>
> Date: Fri, 15 Feb 2002 08:20:56 -0800 (PST)
> From: Vinod Namboodiri <[EMAIL PROTECTED]>
> Sender: [EMAIL PROTECTED]
>
> Not actually.Its more to run QoS experiments and need
> to customize some medium access protocols like csma/ca
> e.t.c.Guess i cant get to the csma protocol from the
> freebs
Chris Dillon writes:
> Date: Fri, 15 Feb 2002 10:20:39 -0600 (CST)
> From: Chris Dillon <[EMAIL PROTECTED]>
>
> If you have the luxury of having more than one IP address available
> for the outside interface, you can dedicate one address to natd's use,
> and the other to the host machine.
Kevin Oberman wrote:
> In wireless (802.11) protocols there is also no CSMA/CD as it is not
> applicable to wireless although there IS a MAC and it is usually
> loadable, though documentation and source is proprietary and general
> hard to get.
802.11 supports CSMA/CA, where the A stands for t
Earl A. Killian wrote:
> Chris Dillon writes:
> > Date: Fri, 15 Feb 2002 10:20:39 -0600 (CST)
> > From: Chris Dillon <[EMAIL PROTECTED]>
> >
> > If you have the luxury of having more than one IP address available
> > for the outside interface, you can dedicate one address to natd's use,
>
> Date: Fri, 15 Feb 2002 09:29:54 -0800
> From: Michael Sierchio <[EMAIL PROTECTED]>
>
> Kevin Oberman wrote:
>
>
> > In wireless (802.11) protocols there is also no CSMA/CD as it is not
> > applicable to wireless although there IS a MAC and it is usually
> > loadable, though documentation and
Michael Sierchio writes:
> Date: Fri, 15 Feb 2002 09:39:37 -0800
> From: Michael Sierchio <[EMAIL PROTECTED]>
>
> It's a 'natd' option, which says not to pass incoming packets (from
> the nat'd interface, presumably the external interface) which
> aren't part of established "connections" -
Earl A. Killian wrote:
> So then I'm asking how does anything ever get into that table, if
> incoming packets are all denied? Are SYN packets exempted from
> -deny_incoming?
No, SYN packets aren't exempted. Incoming packets that are associated
with a pre-existing connection (or attempt) orig
On Fri, 15 Feb 2002, Earl A. Killian wrote:
> Chris Dillon writes:
> > Date: Fri, 15 Feb 2002 10:20:39 -0600 (CST)
> > From: Chris Dillon <[EMAIL PROTECTED]>
> >
> > If you have the luxury of having more than one IP address available
> > for the outside interface, you can dedicate one addres
I use stateful rules and natd together without any trouble. You just have to
think through VERY carefully exactly what is happening to each and every
packet during it's journey and write your rules accordingly.
Let's look at your example ruleset, Michael:
Michael Sierchio ([EMAIL PROTECTED])
"Rogier R. Mulhuijzen" ([EMAIL PROTECTED]) was heard to say:
>>>the reply was that keep-state and natd are very hard to use
>>>together, and besides it is rather useless because natd is stateful
>>>by itself.
>>natd is stateful, but provides no protection for inbound IP traffic
>>that is destined
Aaron D. Gifford wrote:
> When it hits check-state, while it DOES match the "X.Y.Z.23 1549<-> X.Y.Z.44
> 22" dynamic rule in principal, it FAILS to match because the dynamic rule is
> expecting to see a SYN-ACK response from the remote host FIRST (remember, the
> SYN-ACK never matched this pa
On Friday 15 February 2002 05:00 pm, Michael Sierchio <[EMAIL PROTECTED]>
wrote:
> Aaron D. Gifford wrote:
> > When it hits check-state, while it DOES match the "X.Y.Z.23 1549<->
> > X.Y.Z.44 22" dynamic rule in principal, it FAILS to match because the
> > dynamic rule is expecting to see a SYN-A
On Friday 15 February 2002 06:15 pm, I was heard to blurt out without
thinking:
> default:
> if (q->state == TH_SYN | TH_ACK)
> /*
> * Both forward SYN and SYN+ACK packets have been seen,
> * without a reverse SYN+ACK packet in between, due to a
> * buggy rule set, or bogus t
On Tue, 12 Feb 2002, murthy kn wrote:
> Hello all,
>
> I am using 4.3 BSD and from the below capture, I feel
> that there is some problem with the Fast Retransmit (unless
> I am missing something). I also recall that there was
> a short thread about some problems with Fast Retransmit
> earli
see Crist's response for an accurate description of effect on the
stateful rules of natd.
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=13412+0+current/freebsd-net
I revised my ruleset, with a few tricks, to use one IP address for
nat and one for the local host's stateful rules. This works, tho
18 matches
Mail list logo
