On Wed, Mar 6, 2013 at 9:38 AM, Krzysztof Barcikowski <
krzys...@airnet.opole.pl> wrote:
> W dniu 2013-03-06 09:25, Andre Oppermann pisze:
>
> Can you describe your traffic forwarding setup in more detail?
>> Is it only pf, or do you run netgraph, or other things as well?
>> Do you use flow routi
On Thu, Mar 7, 2013 at 12:55 PM, Andre Oppermann wrote:
> On 07.03.2013 12:43, Alexander V. Chernikov wrote:
>
>> On 07.03.2013 11:39, Andre Oppermann wrote:
>>
>>> On 07.03.2013 07:34, Alexander V. Chernikov wrote:
>>>
Hello list!
There is a known long-lived issue with interface r
On Thu, Mar 7, 2013 at 2:51 PM, Andre Oppermann wrote:
> On 07.03.2013 14:38, Ermal Luçi wrote:
>
>> On Thu, Mar 7, 2013 at 12:55 PM, Andre Oppermann > an...@freebsd.org>> wrote:
>>
>> On 07.03.2013 12:43, Alexander V. Chernikov wrote:
>>
>>
Is this FreeBSD 9.x or HEAD?
On Fri, Mar 8, 2013 at 2:19 PM, Kajetan Staszkiewicz
wrote:
> Hello there!
>
> In my enviroment, where I use FreeBSD machines as loadbalancers, after a
> server
> is detected as dead, loadbalancer removes the the broken server from a
> table
> used in route-to pf ru
On Fri, Mar 8, 2013 at 9:51 PM, Kajetan Staszkiewicz
wrote:
> Dnia piątek, 8 marca 2013 o 21:11:43 Ermal Luçi napisał(a):
> > Is this FreeBSD 9.x or HEAD?
>
> I found the problem and developed the patch on 9.1.
>
> Can you please test this more 'beautiful' patch
Also do not forget to rebuild pfctl so that statistics are shown correctly.
On Sat, Mar 9, 2013 at 1:14 PM, Ermal Luçi wrote:
>
>
>
> On Fri, Mar 8, 2013 at 9:51 PM, Kajetan Staszkiewicz <
> veg...@tuxpowered.net> wrote:
>
>> Dnia piątek, 8 marca 2013 o 21:11:43
On Sat, Mar 9, 2013 at 2:37 PM, Kajetan Staszkiewicz
wrote:
> Dnia sobota, 9 marca 2013 o 13:14:16 Ermal Luçi napisał(a):
> > On Fri, Mar 8, 2013 at 9:51 PM, Kajetan Staszkiewicz
> >
> > wrote:
> > > Dnia piątek, 8 marca 2013 o 21:11:43 Ermal Luçi napisał(a):
>
On Mon, Mar 11, 2013 at 4:05 PM, Kajetan Staszkiewicz wrote:
> There are some things I find flawed in your patch:
>
> 1.
>
> +#if 0
> if (killed > 0)
> pf_purge_expired_src_nodes(1);
> +#endif
>
> This means that after using `pfctl -K` the src nodes are sti
On Sun, Mar 17, 2013 at 11:03 AM, Eugene M. Zheganin wrote:
> Hi.
>
>
> On 14.03.2013 20:47, Fleuriot Damien wrote:
>
>> I'm experiencing this odd behavior with 9.1 r24791 for amd64.
>>
>> You should definitely sit on 8.x until 10.x will become stable, or
> upgrade to 10.x from 9.x (at least this
On Thu, Mar 21, 2013 at 1:59 AM, Mark D wrote:
> (Hopefully this isn't too out-of-scope for this list..)
>
> I have an application in mind that I'd like to have accept/respond to
> UDP queries sent to perhaps 30K contiguous IP addresses (most likely
> IPV6 addresses because such ranges are easy to
On Thu, Mar 21, 2013 at 2:54 PM, Fleuriot Damien wrote:
>
> On Mar 21, 2013, at 9:25 AM, Ermal Luçi wrote:
>
> > On Thu, Mar 21, 2013 at 1:59 AM, Mark D >wrote:
> >
> >> (Hopefully this isn't too out-of-scope for this list..)
> >>
> >> I
You need a kernel with TCP_SIGNATURE option and insert policy routes with
setkey.
On Thu, Mar 21, 2013 at 4:06 PM, Vladislav Prodan wrote:
>
> FreeBSD 8.2-STABLE
> quagga-0.99.21 Free RIPv1, RIPv2, OSPFv2, BGP4, IS-IS route software
>
> BGP.as1(config-router)# neighbor XXX.XXX.YYY.YYY p
Hello,
would you mind running a performance test with a snapshot of tomorrow from
this link http://snapshots.pfsense.org/
There are some optimizations in pfSense and it would be nicer to compare to
FreeBSD itself how it behaves.
That is before the lock changes in HEAD since its FreeBSD 8.
Regard
Hello,
reviving this old thread since i had time to bring the patch to FreeBSD 10
and unified the whole controlling under ipfw(8) binary.
For reminder, the patch located at [1] provides multiple instances for
ipfw(4).
Basically you can control which interfaces belong to which context/ruleset
to m
Hello,
at location [1] can be found a patch for Codel[3] algorithm implementation.
Triggered by a mail to the mailing lists[2] of OpenBSD i completed the
implementation for FreeBSD.
It allows to use codel as the single configured discipline on an interface.
Also it can be used as a sub disciplin
Hello,
at the location [1] is a patch for making carp(4):
- use rw locks
- unify the timers in carp to a single one for accuracy and predictability
This patch has been tested in pfSense for a long time and recently it has
been moved to FreeBSD 10.
It also fixed some races and LORs present in the
Hello,
the patch at location [1] implements support for dummynet into pf(4).
The patch has been tested and confirmed working without issues into pfSense.
Any objections to integrating this into FreeBSD?
[1]
https://github.com/pfsense/pfsense-tools/blob/master/patches/RELENG_10_0/dummynet.RELENG
On Mon, Jun 10, 2013 at 5:01 PM, Luigi Rizzo wrote:
>
>
>
> On Mon, Jun 10, 2013 at 3:30 PM, Ermal Luçi wrote:
>
>> Hello,
>>
>> reviving this old thread since i had time to bring the patch to FreeBSD 10
>> and unified the whole controlling under ipfw(8
Hello Luigi,
On Mon, Jun 10, 2013 at 7:30 PM, Luigi Rizzo wrote:
> On Mon, Jun 10, 2013 at 06:52:01PM +0200, Ermal Lu?i wrote:
> > On Mon, Jun 10, 2013 at 5:01 PM, Luigi Rizzo wrote:
> ...
> > > if i understand well, this has no runtime overhead as the ifp has
> > > the index of the context it
Hello,
i made the corrections to the patch to make it more readble.
Can some other eyes give a look and say if that have anything against it.
Patch is at same location.
On Mon, Jun 10, 2013 at 4:01 PM, Luigi Rizzo wrote:
> On Mon, Jun 10, 2013 at 03:45:01PM +0200, Ermal Lu?i wrote:
> > Hello,
Hello,
at location [1] can be found a patch for making stf(4) understand 6rd.
It supports variable masks for the ipv4 network as well.
The patch has been tested on pfSense.
It adds to new option to ifconfig for defining the 6rd border router at ISP.
ifconfig $stf stfv4net $ipv4network/$mask
ifco
On Wed, Jun 12, 2013 at 10:02 AM, Hiroki Sato wrote:
> Ermal Luçi wrote
> in :
>
> er> Hello,
> er>
> er> at location [1] can be found a patch for making stf(4) understand 6rd.
> er> It supports variable masks for the ipv4 network as well.
> er>
>
On Fri, Jun 14, 2013 at 12:34 PM, Andre Oppermann wrote:
> On 14.06.2013 11:51, Gleb Smirnoff wrote:
>
>>Ermal,
>>
>> On Mon, Jun 10, 2013 at 03:43:12PM +0200, Ermal Lu?i wrote:
>> E> at location [1] can be found a patch for Codel[3] algorithm
>> implementation.
>> E>
>> E> Triggered by a mai
This is a patch originially written from rwatson@ iirc.
https://github.com/pfsense/pfsense-tools/blob/master/patches/RELENG_10_0/pf_802.1p.diff
Remove the pf(4) craft and it should work for you.
On Wed, Jun 26, 2013 at 6:27 PM, John-Mark Gurney wrote:
> Alex Liptsin wrote this message on We
Usually pf(4) does support having dynamic ips inside its ruleset.
For example just putting the interface name as address or putting $iface:0
for first address etc...
Take a look an man page of pf.conf and search for the string 'Interface
names and interface group names can'
On Sun, Mar 9, 2014 a
Hello,
what are you using to divert packets, ipfw(4) or pf(4)?
Can you show your configuration on that as well!
On Fri, Apr 4, 2014 at 6:54 AM, Özkan KIRIK wrote:
> Hi,
>
> I am trying to use suricata on FreeBSD 10 amd64.
> FreeBSD behaves as a VLAN router and NAT Box.
>
> Traffic is about 40
From experience with large number of interfaces and configuring them.
Its not that the kernel cannot handle it the problem is that you call
generic utilities to do this job.
I.E. to setup an ip on the interface ifconfig has first to get the whole
list of interfaces to determine if that interface e
Another note related to Q-in-Q.
You would probably be better of creating standard vlans for the first vlan
layer and use ng_vlan for the second++ part of the Q-in-Q on top of the
first ones.
This also give better usability and will speedup a bit your times.
On Thu, Apr 10, 2014 at 1:22 PM, Hartm
>From experience LEGACY_TX + ALTQ is not usable and it will panic similar to
what you have shown above.
I had to fix this for pfSense and the only way to get a stable driver was
to have both if_transmit and if_start model activated in the driver.
Finding the paths that needs this 'hybrid' is a bit
2011/12/27 Gleb Smirnoff :
> On Thu, Dec 22, 2011 at 11:30:01AM -0500, John Baldwin wrote:
> J> You can find the patch for 8.x at
> J> http://www.freebsd.org/~jhb/patches/if_addr_rwlock.patch
>
> Just my two pennies: for head/ patching if ip_carp.c should
> be straightforward:
>
> 1) Using W in car
2011/12/27 Gleb Smirnoff :
> On Tue, Dec 27, 2011 at 11:29:02AM +0100, Ermal Lu?i wrote:
> E> 2011/12/27 Gleb Smirnoff :
> E> > On Thu, Dec 22, 2011 at 11:30:01AM -0500, John Baldwin wrote:
> E> > J> You can find the patch for 8.x at
> E> > J> http://www.freebsd.org/~jhb/patches/if_addr_rwlock.patc
On Wed, Jan 4, 2012 at 5:29 AM, Ed Carrel wrote:
> Hi freebsd-net,
>
> I originally sent this to -questions@, but was redirected here by that
> list. My original question is below:
>
> I am running into a roadblock getting PF to filter traffic on a Netgraph
> interface representing an L2TP/IPSec
Hello,
from needs on pfSense a patch for allowing multiple intances of
ipfw(4) in kernel to co-exist was developed.
It can be found here
https://raw.github.com/bsdperimeter/pfsense-tools/master/patches/RELENG_9_0/CP_multi_instance_ipfw.diff
It is used in conjuction with this tool
https://raw.gith
On Mon, Jan 30, 2012 at 3:36 PM, Ivan Voras wrote:
> On 30/01/2012 13:01, Ermal Luçi wrote:
>
>> Surely i know that this is not the best way to implement generically
>
>
> ... probably, because it's similar to VNET...
>
It depends on the comparison.
The same argument
On Mon, Jan 30, 2012 at 10:08 PM, Vadim Goncharov
wrote:
> Hi Ermal Lu?i!
>
> On Mon, 30 Jan 2012 13:01:13 +0100; Ermal Lu?i wrote about '[PATCH] multiple
> instances of ipfw(4)':
>
>> from needs on pfSense a patch for allowing multiple intances of
>> ipfw(4) in kernel to co-exist was developed.
On Tue, Jan 31, 2012 at 12:02 PM, Luigi Rizzo wrote:
> On Mon, Jan 30, 2012 at 01:01:13PM +0100, Ermal Lu?i wrote:
>> Hello,
>>
>> from needs on pfSense a patch for allowing multiple intances of
>> ipfw(4) in kernel to co-exist was developed.
>> It can be found here
>> https://raw.github.com/bsdpe
2012/2/8 Gleb Smirnoff :
> On Tue, Jan 31, 2012 at 12:02:04PM +0100, Luigi Rizzo wrote:
> L> if i understand what the patch does, i think it makes sense to be
> L> able to hook ipfw instances to specific interfaces/sets of interfaces,
> L> as it permits the writing of more readable rulesets. Right
On Fri, Jun 8, 2012 at 8:17 AM, Gleb Smirnoff wrote:
> Hello, networkers!
>
> [net@ in Cc, but further discussion should go on pf@]
>
> As you already probably know, or some may be don't yet know, the pf(4)
> subsystem in FreeBSD is currently working under a single mutex. This mutex
> is acquir
On Wed, Jul 11, 2012 at 4:27 AM, Chris Benesch wrote:
> So I'm trying to set up a tunnel with Hurricane Electric. Works great on
> OpenBSD BTW, took only a minute or two.
>
There is no support for fragmented ipv6 packets in pf(4) for FreeBSD.
> So heres rc.conf
>
> ipv6_gateway_enable="YES"
> gi
Hi Gleb,
On Wed, Sep 5, 2012 at 1:51 PM, Gleb Smirnoff wrote:
> Hi!
>
> [announce goes both to net@ and pf@, but any discussion should
>go on on p...@freebsd.org only, please]
>
> As you already may now, last half a year I've been working on
> making pf SMP-scalable and faster in genera
Hello Gleb,
it would be better to switch to net byte order allover rather than
trade one for the other.
This makes it even more tricky to understand the code than it is.
If you do the work its better to do the full thing in one shot and
switch to netbyte order.
speaking of pf(4) side of things pl
On Fri, Oct 5, 2012 at 3:12 PM, Gleb Smirnoff wrote:
> Ermal,
>
> On Fri, Oct 05, 2012 at 03:01:38PM +0200, Ermal Lu?i wrote:
> E> it would be better to switch to net byte order allover rather than
> E> trade one for the other.
> E> This makes it even more tricky to understand the code than it i
On Wed, Oct 31, 2012 at 9:59 AM, tsaregorodtsev.de...@itmh.ru
wrote:
> Hi,
> I've run into a problem while adding IPv6 aliases on carp interface on
> FreeBSD 8.1.
> All IPv6 aliases on carp interface are unreachable from other devices but
> the first IPv6 on carp interface works well.
>
> # ifconf
On Wed, Oct 31, 2012 at 10:56 AM, Gleb Smirnoff wrote:
> Denis,
>
> On Wed, Oct 31, 2012 at 02:59:48PM +0600, tsaregorodtsev.de...@itmh.ru wrote:
> t> I've run into a problem while adding IPv6 aliases on carp interface on
> FreeBSD 8.1.
> t> All IPv6 aliases on carp interface are unreachable fr
On Wed, Oct 31, 2012 at 1:21 PM, tsaregorodtsev.de...@itmh.ru
wrote:
> On 31.10.2012 16:42, Ermal Luçi wrote:
>>
>> On Wed, Oct 31, 2012 at 9:59 AM, tsaregorodtsev.de...@itmh.ru
>> wrote:
>>>
>>> Hi,
>>> I've run into a problem while add
Hello,
i was looking at ipfw dynamic code for dynamic states/rules and see that it
unconditionally schedules a callout even if there is not work to do.
Wouldn't it be best to reschedule it when there is something to do to avoid
having a useless
callout/event run every time on the system?
Is ther
On Tue, Dec 11, 2012 at 2:05 PM, Barney Cordoba wrote:
>
>
> --- On Tue, 12/11/12, Gleb Smirnoff wrote:
>
> > From: Gleb Smirnoff
> > Subject: Re: igb and ALTQ in 9.1-rc3
> > To: "Jack Vogel"
> > Cc: "Clement Hermann (nodens)" , "Barney Cordoba"
> , freebsd-net@FreeBSD.org
> > Date: Tuesday, De
On Tue, Dec 11, 2012 at 3:56 PM, Karim Fodil-Lemelin <
fodillemlinka...@gmail.com> wrote:
> On 11/12/2012 9:15 AM, Ermal Luçi wrote:
>
>> On Tue, Dec 11, 2012 at 2:05 PM, Barney Cordoba > >**wrote:
>>
>>
>>> --- On Tue, 12/11/12, Gleb Smirnoff wrot
On Tue, Dec 11, 2012 at 9:06 PM, Karim Fodil-Lemelin <
fodillemlinka...@gmail.com> wrote:
> On 11/12/2012 11:27 AM, Ermal Luçi wrote:
>
>> On Tue, Dec 11, 2012 at 3:56 PM, Karim Fodil-Lemelin <
>> fodillemlinka...@gmail.com> wrote:
>>
>> On 11/12/2012
On Thu, Dec 13, 2012 at 5:25 PM, Andriy Gapon wrote:
> on 13/12/2012 14:08 Alexander V. Chernikov said the following:
> > On 13.12.2012 15:46, Andriy Gapon wrote:
> >>
> >> ng_ether uses if_xname for naming its nodes.
> >> This could be troublesome for mapping interface names to their ng_ether
>
Hello,
it looks good, for just interface renaming scope.
The problem of it is that you need to check if the ifnet pointer needs
updated as well.
For coming and going interfaces like vlans you would have to update some
pointers as well at least the ifnet one.
The complete patch would rather inclu
Hello,
the link http://people.freebsd.org/~eri/pf45_1.diff has the patch for
pf(4) as of OpenBSD 4.5 version.
The patch is against HEAD.
After OpenBSD 4.5 the syntax has changed and this is the reason for
such an 'old' version patch.
After importing this one the work will go on the newest version
2010/12/28 Lev Serebryakov :
> Hello, Freebsd-net.
>
>
> Is here any plans to write SIP module for libalias? It seems, that
> some "alternative" packet filters/NATs have support for SIP, like we
> have for FTP.
>
> Is here any good solution for SIP via ipfw-nat other than
> full-featured SIP ro
On Fri, Mar 18, 2011 at 3:25 PM, Da Rock
wrote:
> On 03/19/11 00:03, Mike Tancsa wrote:
>>
>> On 3/18/2011 6:44 AM, Da Rock wrote:
>>
>>>
>>> First, the connection from Android (apparently uses mtpd- I just found
>>> out) fails at SCCRP- apparently it doesn't respond to the challenge
>>> response
On Thu, Apr 7, 2011 at 10:21 AM, Quentin Narvor
wrote:
> Hello,
>
> My name is Quentin Narvor and I am currently working on intrusion detection.
> I use Freebsd 8.2 and I recently needed pf to be able to dynamically fill in
> tables according pass rule.
>
> For performances reasons, I didn't want
On Thu, Apr 7, 2011 at 5:14 PM, Quentin Narvor wrote:
> 2011/4/7 Ermal Luçi
>
>> On Thu, Apr 7, 2011 at 10:21 AM, Quentin Narvor
>> wrote:
>> > Hello,
>> >
>> > My name is Quentin Narvor and I am currently working on intrusion
>> detection.
&g
On Tue, Jul 5, 2011 at 7:32 AM, Michael Sinatra
wrote:
> On 07/04/11 21:29, Doug Barton wrote:
>>
>> On 07/04/2011 21:20, Doug Barton wrote:
>>>
>>> On 07/04/2011 20:26, Michael Sinatra wrote:
On 07/04/11 19:59, Doug Barton wrote:
>
> If I try to set up a carp interface for IPv6
On Mon, Nov 14, 2011 at 7:54 AM, Erich Weiler wrote:
>> Have you considered empty ACK prioritization? I implemented this a year
>> ago on a pair of production edge routers and noticed significant
>> improvement on throughput. I have production code examples if you
>> require them, but this link sh
On Mon, Oct 19, 2009 at 9:18 AM, Eric Masson wrote:
> Hello,
>
> OpenBSD has support for this kind of setup since last January :
> http://undeadly.org/cgi?action=article&sid=20090127205841
> The commit :
> http://marc.info/?l=openbsd-cvs&m=123246256228242&w=2
>
> >From what I've understood, pf, de
On Mon, Oct 19, 2009 at 5:32 PM, Eric Masson wrote:
> Ermal Luçi writes:
>
> Hello Ermal,
>
>> I think you should send this email to ipsec-tool mailing list!
>> Basically the daemon should be modified for this and FreeBSD
>> is not the owner of such code.
>
&g
>
> OpenBSD's way of doing things seems interesting while reading very
> quickly your link, I'll have to take some more time to really see
> exactly what they are doing.
>
>
Basically they make aware the daemon and the firewall of the nat.
Actually it is more 'user-friendly' to configure thoug
Hello list,
i searched for this but could not find an answer.
How does one build ng_vlan as part of the kernel?
NETGRAPH_VLAN does not exist as an option to include in the kernel
and when building ng_vlan as a module and you use a gzipped kernel
the module doe snot load since it says kernel is a
On Tue, Nov 10, 2009 at 5:11 PM, pluknet wrote:
> 2009/11/10 Ermal Luçi :
>> Hello list,
>>
>> i searched for this but could not find an answer.
>> How does one build ng_vlan as part of the kernel?
>>
>> NETGRAPH_VLAN does not exist as an option to inc
Hello,
is there any reason that ng_ether does not have a event handler for
interface changes?
I am asking this since it would be reasonable to expect that when an
interface name
changes or an interface disappears ng_ether does the right action of
renaming the hook
or removing altogether.
If it is
On Fri, Jan 29, 2010 at 11:47 PM, Jack Vogel wrote:
> What's with the encrypted messages entered in this bug suddenly?
>
> An important update - I have root caused this. Turns out its kinda
> interesting.
> The reason there is a problem is due to the stacked pseudo devices, since
> the vlan devic
Hello all,
i was reading ip_output() code today and stumbled accross this
http://fxr.watson.org/fxr/source/netinet/ip_output.c#L587.
Can anybody shad any light on the check being done ?
(m->m_pkthdr.csum_flags & ifp->if_hwassist & CSUM_TSO) != 0 ||
Shouldn't it be just
(m->m_pkthdr.csum_flags & C
Shouldn't this check be
if (m->m_len > sizeof (struct ip)) {
instead of
if (m->m_len < sizeof (struct ip)) {
in
http://fxr.watson.org/fxr/source/netipsec/ipsec.c?im=excerpts#L595
Regards,
--
Ermal
___
freebsd-net@freebsd.org mailing list
http://lists
On Fri, Apr 2, 2010 at 7:11 PM, Bjoern A. Zeeb
wrote:
> On Fri, 19 Mar 2010, Ermal Luçi wrote:
>
> Hi,
>
>> Shouldn't this check be
>> if (m->m_len > sizeof (struct ip)) {
>> instead of
>> if (m->m_len < sizeof (struct ip)) {
>
> Shoul
Hello,
on FreeBSD-STABLE at least ipfw wrongly interprets dummynet
configurations of the type:
pipe 10 config bw 1.5Mb
^^^
as being 1bit/s configuration. Which is quite wrong in real production usage.
This simple patch fixes it http://tinyurl.com/33j6odw.
I am not sur
On Thu, Jun 24, 2010 at 3:12 PM, Rafael Henrique Faria
wrote:
> Hi.
>
> I'm working on a Brige between a router Cisco 7200, and a 3Com 7900 switch.
> I have several subnetworks, and I need to balance the bandwidth between then.
>
> The Brigde is running: "FreeBSD dell05 8.1-PRERELEASE FreeBSD
> 8.
2010/6/24 Rafael Henrique Faria :
> Just to be more clean:
>
> My pf.conf:
>
> wan_if="bce0"
>
> set limit { states 10, frags 2 }
> set loginterface $wan_if
> set optimization normal
> set block-policy drop
> set fingerprints "/etc/pf.os"
> set skip on lo
>
> altq on $wan_if cbq bandwi
> Hi,
>
> An Internet Cafe I do some work for was recently having problems with
> very slow internet access. It turns out customers were running P2P file
> sharing applications which were hogging all the bandwidth. I looked for
> programs that would allow me to shape traffic according to the
> app
On Fri, Aug 1, 2008 at 12:21 PM, Mike Makonnen <[EMAIL PROTECTED]> wrote:
> Ermal Luçi wrote:
>>>
>>> Hi,
>>>
>>> An Internet Cafe I do some work for was recently having problems with
>>> very slow internet access. It turns out customers wer
On Sat, Aug 2, 2008 at 1:33 PM, Mike Makonnen <[EMAIL PROTECTED]> wrote:
> Patrick Tracanelli wrote:
>>
>> eculp escreveu:
>>>
>>> Quoting Mike Makonnen <[EMAIL PROTECTED]>:
>>>
Daniel Dias Gonçalves wrote:
>
> You will go to develop a version to work with PF ?
>
I don't know
One thing, can you please make the SYN/ACK table optional since on
pf(4) you have the info from the state table when a tcp connection is
established.
On Sat, Aug 2, 2008 at 1:34 PM, Ermal Luçi <[EMAIL PROTECTED]> wrote:
> On Sat, Aug 2, 2008 at 1:33 PM, Mike Makonnen <[EMAIL PROTE
On Sat, Aug 2, 2008 at 3:00 PM, Mike Makonnen <[EMAIL PROTECTED]> wrote:
> Mike Makonnen wrote:
>>
>> Patrick Tracanelli wrote:
>>>
>>> To let you know of my current (real world) tests:
>>>
>>> - Wireless Internet Provider 1:
>>>- 4Mbit/s of Internet Traffic
>>>- Classifying default protoco
On Wed, Mar 18, 2009 at 5:16 PM, Julian Elischer wrote:
> Ash Gokhale wrote:
>>
>> I'm developing a kernel module that will be doing inspection and needed
>> access to raw network frames,
>> so I turned to netgraph as the solution.However it seems that netgraph
>> will not permit a module
>> t
On Sat, Mar 28, 2009 at 8:10 PM, Ermal Luçi wrote:
> On Wed, Mar 18, 2009 at 5:16 PM, Julian Elischer wrote:
>> Ash Gokhale wrote:
>>>
>>> I'm developing a kernel module that will be doing inspection and needed
>>> access to raw network fra
What kind of features?
Just out of curiosity, cause i made some fixes to it and am curious
what can be added more!?
On Sat, May 16, 2009 at 5:11 AM, Brett Glass wrote:
> Unfortunately, the pfsense captive portal lacks many of the features that we
> need and has also had problems in some of our te
On Tue, May 26, 2009 at 3:01 PM, Bruce Simpson wrote:
> Hi,
>
> Does anyone have a UMTS/3G dialer for FreeBSD which:
> a) works, and
> b) preferably has a GUI?
pfSense has something in its non-stable version though not much
testing has gone cause of drivers and availability of hardware.
>
> Perha
On Mon, Jul 20, 2009 at 1:18 PM, Max Laier wrote:
> On Monday 20 July 2009 01:25:03 Matthew Grooms wrote:
>> The other options you mention are enabled by default. This problem
>> also effects pre vSphere versions but only under certain
>> circumstances. Others claim this is only an issue when NIC t
If for you is an option pfSense has all the hard work done for you and you
can use it for such installations.
On Sun, Sep 21, 2014 at 12:08 PM, Paul S. wrote:
> Hi folks,
>
> I plan to make an edge router out of a freebsd system with OpenBGPD +
> FreeBSD 10, or such.
>
> I've been reading up, an
> It might be worth it to just try to build their fork, if that's the case.
>
> Thank you for responding!
>
>
Yeah OpenBGPd port of pfSense has the support for installing SPDs without
setkey.
>
> On 9/21/2014 午後 07:26, Ermal Luçi wrote:
>
> If for you is an optio
Probably is better you ask this on freebsd-pf@.
Though this sounds like state limit reached.
On Mon, Sep 29, 2014 at 7:32 PM, Andrea Venturoli wrote:
> Hello.
>
> Today a box of mine (8.4p16/amd64) stopped working as a router; I don't
> have a clear picture, but the internal nets were working p
In pfSense the driver has been modified to compile a hybrid mode.
Meaning have activated both LEGACY and new transmit queue model.
It works correctly and avoids the problems of recompiling with ALTQ.
It also solves the problem on having performance impacts when ALTQ is not
in use.
There are even
On Wed, Oct 22, 2014 at 9:28 PM, Matthew Grooms wrote:
> On 10/21/2014 1:39 PM, Kyle Williams wrote:
>
>> On Tue Oct 21 11:35:15 2014, Matthew Grooms wrote:
>>
>>> Hey Kyle,
>>>
>>> Thanks for lending a hand. I tested a few myself last night but had no
>>> luck. This morning I received an email o
Yes confirmed it will solve that issue as well.
On Thu, Nov 13, 2014 at 9:30 PM, J David wrote:
> On Wed, Nov 5, 2014 at 9:28 AM, Ilya Bakulin wrote:
> > Of course it was interesting what does the upstream PF do (@ OpenBSD).
> Seems
> > they have made the decision to
> > leave the task of recal
ting for Ermal to send an updated version of his patch that may
> really solve the problem!
>
>
> On 2014-11-14 09:17, Ermal Luçi wrote:
>
>> Yes confirmed it will solve that issue as well.
>>
>> On Thu, Nov 13, 2014 at 9:30 PM, J David wrote:
>>
>>
Hello Ilya,
just approval from some people.
I will follow-up.
On Fri, Nov 14, 2014 at 1:34 PM, Ilya Bakulin wrote:
> Hi Ermal,
> yes, this patch works for both #179392 and #172648.
>
> What do you need to merge this into -CURRENT and MFC to stable/9?
>
>
> On 2014-11-14 12
The fix for that was imported with the new import of pf(4) AFARIR.
On Thu, Nov 20, 2014 at 7:07 PM, Craig Rodrigues
wrote:
> On Wed, Nov 19, 2014 at 6:05 AM, Bjoern A. Zeeb wrote:
>
> >
> > For people to use pf with VIMAGE we first MUST have the security fix
> > imported that I pointed out a co
On Wed, Apr 15, 2015 at 2:26 PM, Gleb Smirnoff wrote:
> On Wed, Apr 15, 2015 at 09:38:23AM +0200, Luigi Rizzo wrote:
> L> > With the new ifnet KPI, that is now being developed in
> projects/ifnet,
> L> > the ALTQ will need some tweaking. It is discontinued by initial author
> L> > for a decade
On Wed, May 6, 2015 at 2:51 PM, Martin Larsson
wrote:
> This is a small summary of
>
> https://forums.freebsd.org/threads/routing-issue-with-ipsec-windows-works-linux-doesnt.51201/
> .
>
>
> Setup:
> My side
> 192.168.1.0/24
> Freebsd (default gateway and ipsec gateway, 192.168.1.1)
> windows, li
On Fri, Jun 12, 2015 at 11:43 AM, Kristof Provost wrote:
> Hi all,
>
> I've recently been looking at bug 200330. I broke things while adding
> the reassembly support for ipv6 to pf.
>
> Those issues should be fixed now, but having looked at the fragment
> crop/drop-ovl code, I'm starting to think
On Mon, Jun 15, 2015 at 5:13 PM, Christopher Hilton
wrote:
>
> On Jun 10, 2015, at 5:12 PM, Christopher Sean Hilton
> wrote:
>
> > Good afternoon and thank you in advance.
> >
> > I'm running FreeBSD 9.3-STABLE:
> >
> > FreeBSD anza.example.com 9.3-STABLE \
> > FreeBSD 9.3-STABLE #0 r269
AESNI is not hooked yet to the IPsec stack.
On Thu, Jul 2, 2015 at 2:42 AM, Zhihao Yuan wrote:
> It might be hypervisor's problem because they use KVM, but here are
> some information I have:
>
> DO smallest instance.
>
> > uname -a
> FreeBSD megashadow2 10.2-PRERELEASE FreeBSD 10.2-PRERELEASE #
eri added a reviewer: eri.
REVISION DETAIL
https://reviews.freebsd.org/D1944
EMAIL PREFERENCES
https://reviews.freebsd.org/settings/panel/emailpreferences/
To: nvass-gmx.com, bz, trociny, kristof, gnn, zec, rodrigc, glebius, eri
Cc: farrokhi, julian, robak, freebsd-virtualization-list, freeb
On Sun, Aug 23, 2015 at 5:09 PM, Kristof Provost wrote:
> Hi,
>
> Some of you may have noticed that I fixed a couple of pf issues (or in
> some cases broke things. Sorry Allan.) recently.
>
> Here's a quick list of my current priorities:
>
> - PR 127042, 202178:
>This is a panic when an inte
On Wed, Aug 26, 2015 at 1:43 PM, Kristof Provost wrote:
> On 2015-08-25 19:56:59 (+0200), Ermal Luçi wrote:
> > On Sun, Aug 23, 2015 at 5:09 PM, Kristof Provost wrote:
> >
> > >I'm inclined to say that ifgroups and interfaces should share a
> > >n
This should apply https://reviews.freebsd.org/D3133
Somehow it is still pending on gnn@ for some reason!
On Sat, Oct 3, 2015 at 12:10 AM, Nikos Vassiliadis wrote:
> Hi,
>
> I am trying to use carp over an if_bridge and am getting
> this LOR:
>
>> login: lock order reversal:
>> 1st 0xf80008
Hello list,
while looking ip_input i saw that altq code is called from there and
if i have not read badly it goes to altq_cdnr code which is just a
diffserv conditioner.
Is there any utility that allows its configuration. Even PF hasn't
integrated it and i wonder why?!
If it's just a job to be d
1 - 100 of 129 matches
Mail list logo
