Hi,
On 2011-2-14, at 19:59, Darek M wrote:
> Currently using 7.2-RELEASE, with ipnat/ipfilter.
>
> Will I be setting up the NAT box in dual stack?
yes.
> Will that allow me then to provide each private host with a v6 IP?
Yes.
> Will that then make the private hosts run in dual stack?
If the
Hi,
On 2010-8-29, at 16:22, Andre Oppermann wrote:
> T/TCP was ill-defined and had major security issues and never gained
> any support. It has been defunct in FreeBSD and most code has been
> removed about 6 years ago.
we're also about to declare the T/TCP RFCs Historic. See
http://tools.ietf.o
Hi,
am I correct in that multi-FIB support is currently only working for IPv4? At
least "setfib route add -inet6 " adds the route into all FIBs,
not only FIB . (For IPv4, it works correctly.)
Or am I missing something?
Thanks,
Lars
PS: Please CC me on replies.
On 2010-9-21, at 17:05, Andre Oppermann wrote:
> It seems multi-FIB is incomplete for IPv6. Also radix multi-path
> is incomplete for IPv6 at the moment.
Thanks all, for confirming what the status here is.
(Too bad though - this means I still can't properly get packets routed out of a
multihomed
Hi,
On 2010-9-22, at 14:31, Bjoern A. Zeeb wrote:
> On Wed, 22 Sep 2010, Lars Eggert wrote:
>> The ipfw "fwd" command also doesn't do IPv6;
>
> Hmm, that could possibly be fixed. Not sure it's a good idea in
> general, but ...
I'd be happy to test pa
On 2010-9-24, at 12:06, Lasse Brandt wrote:
> IPs: 2a01:::3183:: /64
> Gateway: 2a01:::3180::1 /59
>
> And this is my rc.conf:
>
> ipv6_enable=”YES”
> ipv6_static_routes=”defgw”
> ipv6_route_defgw=”2a01:::3180:: -prefixlen 59 -iface re0”
> ipv6_defaultrouter=”2a01::xxx
On 2010-10-1, at 1:55, Doug Barton wrote:
> My point about FreeBSD 9 is that if we add the 6rd code today, then
> release 9.0 in about a year, then support the RELENG_9 branch for 4-6
> years that we will still be maintaining code that no one has any use
> for. Sorry if I wasn't clear.
You're s
ops to try and reestablish the original packet order.
Lars
--
Lars Eggert NEC Network Laboratories
smime.p7s
Description: S/MIME Cryptographic Signature
ds track in the future.
Thus, I'd like to suggest that the default for
net.inet.tcp.insecure_rst be zero for now. AFAIK, any other TCP mod
came disabled be default in the past, too.
Lars
--
Lars Eggert NEC Network Laboratories
ags and fields, not
the data contents.
I think that'd be very useful. I frequently come across entries in
the logs that I wish I had some more information about. I'd even go
as far as (optionally) dumping all such packets in tcpdump format.
Lars
--
Lars Eggert NEC Network Laboratories
itigation mechanisms such as this one, and are able to judge
the risks of enabling it.
Lars
--
Lars Eggert NEC Network Laboratories
t you from spoofed RSTs.
Lars
--
Lars Eggert NEC Network Laboratories
Hi,
glad to see interest in DCTCP!
On 2019-6-4, at 11:05, Yu He via freebsd-net wrote:
> In line 387 of file cc_tcp.c, the update of alpha is calculated by following
> code:
>
> dctcp_data->alpha = min(alpha_prev - (alpha_prev >> V_dctcp_shift_g) +
> (dctcp_data->bytes_ecn << (10 -
not conform to RFC2401.
Our ID "Use of IPSEC Transport Mode for Virtual Networks" has more
information on this:
ftp://ftp.isi.edu/internet-drafts/draft-touch-ipsec-vpn-01.txt
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/
n recv tun0
> 0012121 1764 divert 8668 icmp from any to any in recv tun0
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/University of Southern California
S/MIME Cryptographic Signature
At 1:43 PM +1100 3/7/01, Stephen Cimarelli wrote:
> On 07-Mar-01 Lars Eggert wrote:
>> Do you use IPsec tunnel mode, or IPsec transport mode + gif tunnels to do
>> the tunneling?
>
> Well this is where it starts to get funny, I have 2 HOWTOs
> Both HOWTO's use g
Has this been considered/implemented in any OS? Does anyone see any serious
problems with it? Feedback greatly appreciated!
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/University of Southern California
It'd just block the
select/write instead of dropping packets on the floor locally if there is
no queue space. Mbufs are not the scare resource, queue space in the
interface queue is.
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/la
equeue
loop needs to wakeup the sleepers when the queue is draining. I agree that
it's not a trivial change, but I don't think it's impossible or
impractical.
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/University of Southern California
S/MIME Cryptographic Signature
buffer
> (on which you can think of having some control, because you either
> opened the fd yourself or you inherited it from some parent),
> in addition to the device queue.
Could you explain this a little more? I think I know where you're going
with this, but I&#
put all this code together,
> and you end up with something that other systems do not have so
> when you want to write portable code you still have to handle
> the old behaviour as well in userland.
Yes. But we're talking research here :-) (E.g. once UDP bloc
d that the patch is spot on. I could determine
> the data size and malloc memory dynamically I guess.
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/University of Southern California
S/MIME Cryptographic Signature
length (w/o options) - UDP header length?
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/University of Southern California
S/MIME Cryptographic Signature
ling how many tunnel devices
there were. Something like that, or the MAKEDEV way, would be great.
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/University of Southern California
S/MIME Cryptographic Signature
e local ARP cache doesn't help
you if the remote end still sends to the original MAC address, and you get
traffic on the "wrong" interface.
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/University of Southern California
S/MIME Cryptographic Signature
Is there:
- a way to make FreeBSD display a discovered PMTU?
or
- a userland tool that does PMTU discovery?
Thanks,
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/University of Southern Cali
htsize=2
net.inet.tcp.local_slowstart_flightsize=2
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/University of Southern California
S/MIME Cryptographic Signature
routing table at
all.
> I prefer IPSec tunnels for encryption of the internet, but can live (for
> now) with IPIP if it does the job.
IPsec transport mode combined with IPIP tunnels does the trick (dynamic
routing + IPsec). See
ftp://ftp.isi.edu/internet-drafts/draft-touch-i
:
ftp://ftp.isi.edu/internet-drafts/draft-touch-ipsec-vpn-01.txt
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
S/MIME Cryptographic Signature
e virtual
network to simulate delays losses in the VPN; and apply IPsec after
tunneling).
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
S/MIME Cryptographic Signature
oo - but now that I thought more about it, there are issues.
Maybe Kenjiro and Itojun (who have a much better understanding of the
details of the networking stack than me) have some ideas how to make
this work?
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
and combination testing with all these more
exotic networking features eats up a lot of time. That's what we're for
(wanting to use these things over VPNs :-). And the KAME people are
extremely helpful and accessible when it comes to getting bug fixes (or
feature-enabling mods) int
eeded for our purposes and adds
an extra header, so we decided against it.
I have no experience with pipsecd.
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
S/MIME Cryptographic Signature
t; know if that wll work or not.
It works, and makes routing much cleaner, since now the tunnel devices
represented in the routing table are the ones that actually carry the
traffic. There's an ID that has more information on this:
ftp://ftp.isi.edu/internet-drafts/draft-touch-ipsec-vpn-
Cambria, Mike wrote:
> I can only find a way to define a global SPD using setkey. Is it possible
> to define an (IPv4) SPD on a per interface basis using KAME / FreeBSD4?
Don't your interfaces have different source addresses that you can match on?
Lars
--
Lars Eggert <[E
FreeBSDlover FreeBSDlover wrote:
>
> Can i setup configured tunneling between a router and host which are in the
> same network?If possible pls explain me.
Yes, for network and app-layer tunnels. Not sure for lower layers. What
are you setting up?
Lars
--
Lars Eggert <[EMA
for the local address. (This
loopback route gets added for "real" interfaces.) Try adding it manually?
This may already be fixed in a more recent KAME release (FreeBSD's is
kinda stale.)
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www
P tunnel, but still not "IPsec
tunnel mode"), so this should be "transport" not "tunnel".
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
hook two NICs
up to the same LAN. But your description sounds like they go out onto two
separate networks? Or do I misunderstand? Could you draw a picture maybe?
Thanks,
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/
7;re
simply trying to set up a FreeBSD router between to networks, this should
not be so complicated.
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
smime.p7s
> networks/subnets
> that're in picture then you could try using different masks.
How are these for the same subnet? One is for 209.74.92/24, the other for
209.74.87/24.
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
smime.p7s
e little experience with it,
but I'd guess it does not (cannot, really). It may work if dynamic DNS
names can be used with IKE. Anyone?
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
smime.p7s
g) of that
connection attempt. I'd much rather get the tunnel to the Cisco working,
since it's faster.
Finally, I can connect to both the RAS and the Cisco server using
Windows PPTP, and Macintosh NTS Tunnelbuilder. Heck, if the Mac can do
it, so must FreeBSD! :-)
Thanks,
Lars
--
Lar
ress as a virtual
tunnel address. This causes an encapsulation loop resulting in a kernel
panic. The Windows PPTP client avoids this problem; I wonder if a simple
check in mpd that would reject physical addresses proposed as tunnel ends
during negotiation may do the trick? Other servers, however, wo
: (frag 53580:1480@1480+) (ttl
64, len 1500)
16:36:54.255376 ifc.isi.edu > dee.isi.edu: (frag 53580:102@2960) (ttl
64, len 122)
Any clues?
Thanks,
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of So
Lars Eggert wrote:
> we're seeing a strange thing happening, related to ARP and IP fragments.
It seems that Bill Paul saw the same thing back in 1998
(http://www.geocrawler.com/mail/msg.php3?msg_id=822366&list=165) but I
couldn't find wheter this was ever resolved or not.
C
Lars Eggert wrote:
> we're seeing a strange thing happening, related to ARP and IP fragments.
After a big of poking around, this is due to some code in arpresolve()
and how struct llinfo_arp caches packets during lookup, see Stevens Vol.
2, page 699, the comment about lines 292-299.
> is there a way to build multipoint vpn's, using the FreeBSD's ipsec??
The X-Bone does that, a port is in /usr/ports/net/xbone. Also see its web
site at http://www.isi.edu/xbone/.
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http:
Why not simply use host routes?
Disclaimer: I may be biased here, because I think implementing
multi-homing at the transport layer (like SCTP tries to) is a bad idea
in general. It's a network layer concept, reimplementing it at the
transport layer gives you no new capabilities.
Lar
Why not simply use host routes?
Disclaimer: I may be biased here, because I think implementing
multi-homing at the transport layer (like SCTP tries to) is a bad idea
in general. It's a network layer concept, reimplementing it at the
transport layer gives you no new capabilities.
Lar
UDP over IP in IP), works now.
Only new piece is reconfiguring your tunnel, which is trivial (one or
two system commands, and can be easily automated.)
But we should probbaly move this discussion over to tsvwg... :-)
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institu
oblem with racoon? I've never used it myself, but you could try
asking on [EMAIL PROTECTED]
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
To Unsubscribe: send mail to [EMAIL
hat, see for
example Ted Faber's paper in INFOCOM '99
(http://www.isi.edu/~faber/pubs.html).
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
To Unsubscribe: send mail t
e payload) don't work at
all with NATs unless the NAT box mucks with the payload data. The only
one I know of that most NATs support is FTP - maybe sendmail puts
network info into the payload, too?
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institu
during negotiation). I've not
done this, we simply returned the Cisco box :-)
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
To Unsubscribe: send mail to [EMAIL PROTECTED]
wi
Tom Peck wrote:
> How would this work? The two web servers aren't accessible straight
> from the Internet - traffic goes via the gateway box.
I bet he forgot to mention that the gateway is also a NAT box. Since
squid does app-level relaying, HTTP isn't affected.
Lars
--
Lar
r=misc/24391 could
be related. The problem there is dissappearing interfaces (pccard
ejections) messing up amd.
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
smime.p7s
Description: application/pkcs7-signature
file for details, or
draft-touch-ipsec-vpn-02.txt (shameless plug :-).
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
rds,
but since we're a .edu, saving a few bucks is good... :-)
Thanks,
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
smime.p7s
Description: application/pkcs7-signature
Hi,
this doesn't look like the same bug described in the link you posted.
The other bug caused negotiation to completely fail, while it succeeds
in your case.
Looks like there's something else wring. What does your ifconfig look
like after the link is up?
Lars
--
Lars Egge
27;t under my direct administration, but if I could
tell the support people "go look at page X in Cisco manual Y", that'd
probably allow them to fix it.)
Thanks,
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/
el panics again; or
were you saying that adding a host route can prevent this?
Thanks,
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
smime.p7s
Description: S/MIME Cryptographic Signature
anks,
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
smime.p7s
Description: S/MIME Cryptographic Signature
s seen there are valid.
>
> The same thing happens in the bge driver, because it also offloads
> checksum generation to the NIC.
that makes total sense. I'd like to see the paragraph above in big, bold
letters in the xl(4) man page then - so far it doesn't discuss checksu
n them to go to the other net, because you don't have any interfaces
configured on these nets (IPsec SAs aren't interfaces, at least on
FreeBSD). Try tcpdumping and tell me what you get.
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http:/
or what to call it. The passing the ESP packets just fine, and
> connects their private/nat:ed networks to eachother. So the *BSD serves
> their clients just fine, but cannot use the tunnel themselves...
Yes, the problem only occurs with packet originating on the security
gateways, because tra
no such mechanism (AFAIK, and talking about -STABLE here),
but it's not too much work to add.
Not sure if this is really useful though. Ususally the NIC doesn't limit
your transmission speed, it's losses inside the network that do. Also,
why a new system call? Is it that much mo
ant to block your caller until space becomes available there. There
>>currently is no such mechanism (AFAIK, and talking about -STABLE here),
>>but it's not too much work to add.
>
> if you could suggest a few modifications that would be required, i'd like
> to pursue this
Lars Eggert wrote:
> Matthew Luckie wrote:
>
>>>> Is there a mechanism to tell when ip_output should be called again?
>>>> Ideally, I would block until such time as i could send it via ip_output
>>>
>>>
>>> You probably get that because th
730.freebsd-net and has been in use for many years (a
This is a slightly different problem than you describe. What Archie saw
was an ENOBUFS being handled like a loss inside the network, even though
the sender has information locally that can allow it to make smarter
retransmission decisions.
La
e fine. Aside from that, the
thing would benefit from some documentation... :-)
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
smime.p7s
Description: S/MIME Cryptographic Signature
cumentation etc etc...
Ports are "part of the system" in some sense. Do you mean part of the
default installation? I'm not sure load-balancing would be useful for
the majority of users. (Although it can be very useful for a minority.)
Lars
--
Lars Eggert <[EMAIL PROT
will put up a website with
descriptions and the config scripts. Ping me again in a few days if you
haven't heard from me :-)
What is required to make this work though is that you can get a few
static IPs inside the 216.6.6.129/25 net (in your example) to relay.
Lars
--
Lars Eggert <
Sam Leffler wrote:
> Yes and no. I was told they wanted to add hardware support but I've been
> unable to reach the "right people" to start a dialogue, which is why I sent
> my note.
Try [EMAIL PROTECTED]; you'll have a response in a few hours (when
daylight hits J
Have you looked at draft-touch-ipsec-vpn
(ftp://ftp.isi.edu/internet-drafts/draft-touch-ipsec-vpn-03.txt)? We
address just this issue with a combination of IPsec transport mode and
IPIP tunnels. We are currently revising it and it will move to
Informational RFC soon.
Lars
--
Lars
s a
globally routable block (like 128.9/16) that is willing to hand you a
sublock, and let you run one end of the relay on their system. It can't
magically make your NAT'ed machines globally routable.
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information
r it (that's for
IP tunnels).
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
smime.p7s
Description: S/MIME Cryptographic Signature
IP transport
mode (draft-touch-ipsec-vpn). Mixing both can work in some scenarios
where the dependencies between side effects are just right, but in
general, it's a broken approach.
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.is
Dennis Pedersen wrote:
> Because on the [EMAIL PROTECTED] Lars Eggert said something about using
> transport mode, not tunnel mode. This confused me a bit because isnt
> transport between 2 hosts only
I said a possibility would be to use IPsec transport mode OVER AN IPIP
TUNNEL, which
l mode on the wire and to the receiver, so it can interoperate.
> On Mon, 8 Apr 2002, Lars Eggert wrote:
>
>
>>Rogier R. Mulhuijzen wrote:
>> >> http://www.x-itec.de/projects/tuts/ipsec-howto.txt
>> >
>> > Unfortunately this howto, like any other me
under
CVS (web-browsable at http://www.kame.net/).
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
smime.p7s
Description: S/MIME Cryptographic Signature
i.e. you see correctly
encapsulated packets flow between your machines) you can then manually
configure IPsec transport mode SAs (via setkey) or use IKE.
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University o
Dennis Pedersen wrote:
> But uhm is there a 'simple' way of doing this?
Did you look at the KAME newsletters? (URL in a previous email)
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of
nfiguration Sample of IPsec/Racoon
http://www.kame.net/newsletter/20001119/
Changed manual key configuration for IPsec
http://www.kame.net/newsletter/19991007/
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/
box likes to assign remote peers its own IP address, which
would cause routing loops if mpd didn't catch it. (Note that this could
be due to misconfiguration; I still haven't been able to find the
support staff person who is in charge of the box...)
Lars
--
Lars Eg
n this a few weeks back; I stumbled over this then, too...)
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
smime.p7s
Description: S/MIME Cryptographic Signature
m sorry if
I came across like that.
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
smime.p7s
Description: S/MIME Cryptographic Signature
f the
underlying interface and the length of the encapsulation header...
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
smime.p7s
Description: application/pkcs7-signature
(dst->sa_family != AF_INET)
+ if (dst->sa_family != AF_INET && dst->sa_family != AF_INET6)
#endif
{
m_freem(m0);
Thanks,
Lars
--
Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute
smim
ackets.
>
>
> just to make sure, which platform? from cc: it seems to be freebsd,
> but which revision?
Sorry, yes, FreeBSD-4.5, but from looking at the CVS tree, it also seems
to be present in -CURRENT still.
Lars
--
Lars Eggert <[EMAIL PROTECTED]>
and prepend/strip the address family on
> the front of each packet (see bundle_Create() in
> src/usr.sbin/ppp/bundle.c).
Ah, that makes sense. The tag is so the tun device knows who to toss the
packet to when it comes back from the process? Guess I'll have to patch
vtund, then...
in
> "multi-af" mode.
The specific reason was that I didn't know about it :-) I'm currently
patching net/vtund so it uses multi-af mode.
Lars
--
Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
sport
mode: If it isn't end-to-end, it's tunnel mode. Transport mode is
allowed between a host pair only.
Lars
--
Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute
smime.p7s
Description: application/pkcs7-signature
fine in the majority of cases, and for slow
receivers (the problem John Hay described), there's TCP mounts.
Lars
--
Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
uot; works against any other protocol as well, including TCP.
If you can create collisions "at the right time", you can disable all
retransmission schemes. The kicker is - how?
Lars
--
Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
: send msg: Operation not supported by device
So I guess I have two questions:
1. Is there some other netgraph documentation out
there that I don't knowe about?
2. Why can't I listen on a ksocket?
Thanks,
Lars
--
Lars Eggert <[EMAIL PROTECTED]> USC In
g into replacing vtun with netgraph, which handles this (I
hope, still evaluating), and should also have the additional benefit of
being an in-kernel mechanism, thus saving two user/kernelmode switches
per packet. Maybe netgraph might work for you, too.
Lars
--
Lars Eggert <[EMAIL PROTECTED]&
gh about the netgraph internals to debug this further
myself, but I'd be more than happy to do any tests that'd help you or
someone else look into this. (I should probably mention that I'm using
4.5-RELEASE.)
Thanks,
Lars
--
Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
agine
that extra uplink bandwidth would remain unused in this setup, right? Is
it possible to do WFQ when the uplink bandwidth is unknown/unspecified?
Thanks,
Lars
--
Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
return
> some results).
I'm trying to merge this into the sis driver, which seems to batch
transmissions together. For clarification, do you expect one if_tx_rdy()
call per packet or one per batch? Per packet may result in a burst of
these calls, does dummynet handle this?
Tha
1 - 100 of 177 matches
Mail list logo
