Description change proposal for the no_prefer_iface flag

, configurable with +.Xr ip6addrctl 8 . .It Cm -no_prefer_iface Clear a flag .Cm no_prefer_iface . -- Jeremie Le Hen Scientists say the world is made up of Protons, Neutrons and Electrons. They forgot to mention Morons. ___ freebsd-net@freebsd.org

Re: if_ipsec

port mode. The inner IP/GRE header is considered as the payload and it is encrypted. The benefit of this approach is that you "see" your tunnel, it looks more natural from a system point of view. I haven't used IPSec in tunnel mode

Re: if_ipsec

Eugene On Thu, Jun 14, 2012 at 01:12:01PM +0600, Eugene M. Zheganin wrote: > Hi, > > On 09.06.2012 23:07, Jeremie Le Hen wrote: > > What it usually done for convenience is to create a gif(4) or gre(4) > > tunnel to another network, which is then encrypted using IPSec &g

Re: if_vr(4) and DFE520-TX

ust did a wild try, can you check if it works? http://people.freebsd.org/~jlh/dlink_dfe520.diff -- Jeremie Le Hen Scientists say the world is made up of Protons, Neutrons and Electrons. They forgot to mention Morons. ___ freebsd-net@freebsd.org mailing list

Re: bin/116643: [patch] [request] fstat(1): add INET/INET6 socket details as in NetBSD and OpenBSD

The following reply was made to PR bin/116643; it has been noted by GNATS. From: Jeremie Le Hen To: bug-follo...@freebsd.org Cc: b...@freebsd.org, freebsd-net@FreeBSD.org, jere...@le-hen.org Subject: Re: bin/116643: [patch] [request] fstat(1): add INET/INET6 socket details as in NetBSD and

Re: bin/116643: [patch] [request] fstat(1): add INET/INET6 socket details as in NetBSD and OpenBSD

ed or not. Regards, -- Jeremie Le Hen Humans are born free and equal. But some are more equal than others. Coluche Index: fstat.1 === RCS file: /mnt/repos/freebsd-cvsroot/src/usr.bin/

Re: Merging rc.d/network_ipv6 into rc.d/netif

function: old2new_knobs() This is neat. What about issuing a warning in order to make a quicker transition ? Again, thank you for working on this. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ fr

Re: A radical restructuring of IPsec...

tion). Do you have any idea what those features will become in later days ? Thank you. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Firewalling NFS

other than "no one has needed this yet" why this option is not available for nfsd(8), rpc.lockd(8) and rpc.statd(8)? Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@fr

Re: Firewalling NFS

Hi Alfred, On Fri, Jun 15, 2007 at 10:40:05PM -0700, Alfred Perlstein wrote: > * Jeremie Le Hen <[EMAIL PROTECTED]> [070615 01:07] wrote: > > Hi, > > > > It appears nearly impossible to firewall a NFS server on FreeBSD. > > I would be nearly impossible if one d

Re: UDP catchall

fect TCP slow start or have some other minor drawbacks. But hey, we're talking about bypassing firewall :-)... My 2 cents. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: UDP catchall

Matus, On Wed, Oct 31, 2007 at 02:21:04AM +0100, Matus Harvan wrote: > On Tue, Oct 30, 2007 at 09:04:11PM +0100, Jeremie Le Hen wrote: > > I can think of a possible implementation of mtund(8) without kernel > > patching. The next pf(4) import from OpenBSD will likely allow to

Re: Routing SMP benefit

are doing and to show that FreeBSD is far behind and is losing > it's lustre on continuing to be the networking platform of choice. A very good paper worth reading about all this by Paul Willmann, Scott Rixner and Alan Cox: An Evaluation of Network Stack Parallelism Strategies in Modern Opera

Two interfaces sharing the same IP address: how to change default route's interface on link change?

'm not the only one who wants this kind of setup. So how did you achieve this setup? Thank you. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.f

Re: Two interfaces sharing the same IP address: how to change default route's interface on link change?

Hi, On Wed, Feb 20, 2008 at 01:18:03AM +, Bruce M. Simpson wrote: > Jeremie Le Hen wrote: > > In summary, favor wired connectivity over the wireless one, at any time: > > could this be at boot time or not. > > > > I'm pretty sure I'm not the only one who

Re: Multiple routing tables (was: IPv6 in Jail)

ges anyway. I don't mean to hurry you, it's just for the sake of my curiosity :). Thanks. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.fre

Re: Bridging Code - MAC Filtering

needs, because it requires changing your rules each time you add a machine or change a network card. Regards, -- Jeremie LE HEN aka TtZ/TataZ [EMAIL PROTECTED] [EMAIL PROTECTED] Hi! I'm a .signature vir

Re: FreeVRRPD problem

Hi, You may also want to look at CARP from OpenBSD. Check http://kerneltrap.org/node/view/1021 for more informations. Also, http://pf4freebsd.love2party.net/carp.html is a FreeBSD port of CARP, but the DNS entry does not seem to exist any longer Regards, -- Jeremie LE HEN aka TtZ/TataZ

Weird ipf rdr rule behaviour

ate if someone could help me to resolve this problem. I didn't supplied all the informations that may be relevant in the case, but I can give nearly whatever you might ask for. Regards, -- Jeremie LE HEN aka TtZ/TataZ [EMAIL PROTECTED]

Re: packet order, ipf or ipfw

correct behaviour : http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/61685 Hackers, is this bug still alive in -CURRENT ? Best regards, -- Jeremie LE HEN aka TtZ/TataZ [EMAIL PROTECTED] [EMAIL PROTECTED] Hi! I

Re: Problems with NAT on gif interface for VPN

nning to think it's nowhere near as useful as enc0 > on OpenBSD). Thus, I'm stuck translating packets when they either > enter the LAN interface or leave the WAN, the former seems the best > option. IIRC, I read somewhere this is precisely the reason why enc(4) was written. --

Re: Problems with NAT on gif interface for VPN

n/cvsweb/src/sys/net/if_enc.c?rev=1.41&content-type=text/x-cvsweb-markup http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_enc.h?rev=1.8&content-type=text/x-cvsweb-markup -- Jeremie Le Hen [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list ht

Re: dummynet setting ifp pointer in mbuf?

a->oif; > So it seems the queued packets interface is set to the outgoing interface. > But according to me, that is wrong. > > Can a dummynet expert verify if my analysis is correct or come up > with a real explanation if not? > > -Guido -- Jeremie Le Hen [EMA

Re: Problems with NAT on gif interface for VPN

, it would be very interesting for the archives. Would you please post the configuration steps ? Regards, -- Jeremie Le Hen [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send a

Re: IPFW2 matching a list/set of interfaces

> Does anyone know whether this is actually possible/supported/supported > in the near future? Sure I could make a rule for each interface, but > in my situation that would not scale well. It is not possible at the moment. I'm not aware of any plan about this. Regards, --

Re: ALTQ integration and FreeBSD 4.x

ted to give a high priority to tiny ACK packets and a very low priority to non-interactive ssh session (matching the TOS field in IPv4 header). Regards, -- Jeremie Le Hen [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailma

Re: (review request) ipfw and ipsec processing order for outgoingpackets

But I may be missing something because I can see no way in firewall rules to distinguish between the before IPSec processing hook and the after IPSec processing one. Could you clarify this for me please ? Thanks in advance. Best regards, -- Jeremie Le Hen [EMAIL PROTECTED] _

Re: UCARP support for FreeBSD

27;U' in UCARP means "Userland" :-). If you successfully run it on FreeBSD-4, it would be nice to keep us informed, at least for the archives. Regards, -- Jeremie Le Hen [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.or

Re: UCARP support for FreeBSD

> This is something else which needs a pcap/tcpdump update. Currently there > is no way to specify this behaviour at runtime. > > Hopefully this should be resolved at the next import. Do you know when it is scheduled ? -- Jeremie Le Hen [EMA

Re: UCARP support for FreeBSD

ted by the new one [2], but the latter does not include this patch. Regards, [1] http://pf4freebsd.love2party.net/carp.html [2] http://people.freebsd.org/~mlaier/CARP/ -- Jeremie Le Hen [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://list

Re: per-interface packet filters

efined chain in the same table. >> Note that I am not saying that NetFilter is better (I would be silly to do it here ;-)), but nevertheless it may have some interesting ideas to consider while talking about extending FreeBSD firewall framework, IMHO. [1] http://www.docum.org/docum.org/kptd/

Re: [PATCH] 802.1p priority (fixed)

silently set 6. I would really like this feature. Thanks for you work ! Best regards, -- Jeremie Le Hen [EMAIL PROTECTED] ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: [PATCH] 802.1p priority (fixed)

near the 802.1q field which are both inside what they call "Tag Control Information". Regards, [1] http://www.networkdictionnary.com/protocols/8021p.php -- Jeremie Le Hen [EMAIL PROTECTED] ___ freebsd-net@freebsd.org mailing list http://lists

gif(4) and bpf(4)

if_gif.c in RELENG_4 has bpfattach(), bpf_mtap2(), ... Is it supposed to work or not ? If not, does it work on RELENG_5 ? My very -CURRENT laptop succeeds in opening bpf(4) on a gif(4) interface. Regards, -- Jeremie Le Hen [EMAIL PROTECTED] ___ fre

Re: gif(4) and bpf(4)

d work. I dread that this is due to some back magic I can't even imagine. That's why I made a call here for testimonies or explanations. Thanks. Regards, -- Jeremie Le Hen [EMAIL PROTECTED] ___ freebsd-net@freebsd.org mailing list http://lis

Re: gif(4) and bpf(4)

lter 0 packets dropped by kernel %%% Does any one have other ideas ? It seems the code was partly written by sam@, brooks@ and [EMAIL PROTECTED] Best regards, -- Jeremie Le Hen [EMAIL PROTECTED] ___ freebsd-net@freebsd.org mailing list http://lists.fre

Re: gif(4) and bpf(4)

4) is compiled in the kernel but gif(4) is loaded as a module (can this be the point ?). There is absolutely no error. I attached the strace log. See also my next reply to Bruce, I'll give my file revisions. Many thanks. Best regards, -- Jeremie Le Hen [EMAIL PROTECTED] execve("/usr/lo

Re: gif(4) and bpf(4)

06:47 sam Exp $ $KAME: in6_gif.c,v 1.49 2001/05/14 14:02:17 itojun Exp $ yoda:sys# uname -a FreeBSD yoda.tataz.chchile.org 4.10-STABLE FreeBSD 4.10-STABLE #44: Wed Jul 7 03:35:21 CEST 2004 [EMAIL PROTECTED]:/usr/src/sys/compile/YODA i386 %%% > Hope this helps, I hope too ;-). Man

Re: gif(4) and bpf(4)

sorry. At least, I hope this will be useful later for someone else. This thread is after all a bunch of concentrated informations about gif(4) debugging and IPSec. Many, many thanks to Bruce and Nickolay, as well as Alex who got the point too. Best regards, -- Jeremie Le Hen [EMAIL PROTECTED] ___

Re: gif(4) and bpf(4)

transport mode. Best regards, [1] http://www.openbsd.org/cgi-bin/man.cgi?query=enc&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html [2] http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_enc.c -- Jeremie Le Hen [EMAIL PROTECTED]

Re: em(4) VLAN + PROMISC followup question

ything? I think it has just been commited in -CURRENT. See revs 1.58, 1.59 and 1.60. In fact this is a small workaround until there is a working solution proposed, if I understood correctly. Regards, -- Jeremie Le Hen [EMAIL PROTECTED] ___ freebsd-net@f

dummynet and vr(4)/egress broken in 4.11 ?

1.26.2.14) is the culprit. Best regards, -- Jeremie Le Hen [EMAIL PROTECTED] ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: dummynet and vr(4)/egress broken in 4.11 ?

ot involved in DUMMYNET, as they are in ALTQ for example). I can still use pipes on interface ingress, internal interface egress, but it fails when I use a pipe on egress on my external interface _for packet being forwarded and NATed only_. Weirdly I am still able to use a TCP stream from the ro

Re: dummynet and vr(4)/egress broken in 4.11 ?

h to test the same configuration but I'm pretty sure it won't work. Any ideas of what could break this ? -- Jeremie Le Hen [EMAIL PROTECTED] ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubs

DUMMYNET broken on 4.11 (was: dummynet and vr(4)/egress broken in 4.11 ?)

On Tue, Feb 01, 2005 at 01:20:34AM +0100, Jeremie Le Hen wrote: > > I'll give a try to a 4.10 kernel ASAP. > > I compiled the lastest kernel from RELENG_4_10 CVS branch and DUMMYNET > pipes works well. I am able to use one pipe on my external interface > egress witho

Re: DUMMYNET broken on 4.11 (was: dummynet and vr(4)/egress broken in 4.11 ?)

On Tue, Feb 01, 2005 at 02:05:12AM +0100, Jeremie Le Hen wrote: > On Tue, Feb 01, 2005 at 01:20:34AM +0100, Jeremie Le Hen wrote: > > > I'll give a try to a 4.10 kernel ASAP. > > > > I compiled the lastest kernel from RELENG_4_10 CVS branch and DUMMYNET > > pipe

Re: dummynet and vr(4)/egress broken in 4.11 ?

hink there must be some as they would have been merged if this was not the case. Are there any change to have this fixed in RELENG_4 ? I know that no more releases are scheduled in this branch, but there is no obvious reason to let a bug live there IMHO. -- Jeremie Le He

Re: altq for vlans?

ing overhead for each packet especially using gigabit Ethernet. Regards, -- Jeremie Le Hen jeremie at le-hen dot org ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: generic network protocols parser ?

help for. A manually parse will be needed, although he succeeds in re-using the Ethereal plug'in, but I don't know if it is feasible. Regards, -- Jeremie Le Hen jeremie at le-hen dot org ___ freebsd-net@freebsd.org mailing list http://lists.freeb

Re: Changing packets ttl's

ch for one of the firewall avaiable in FreeBSD. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: [PATCH] Re: tap interface and locally generated packets

. Unfortunately this patch seems to be based on rev 1.21 of NetBSD's if_bridge.c, this is a little bit old. Best regards, [1] http://mu.org/~mux/patches/pf.patch [2] http://lists.freebsd.org/pipermail/freebsd-current/2004-April/025886.html -- Jeremie Le Hen <

Dummynet/ipnat interaction breakage

On Wed, Feb 02, 2005 at 12:05:11PM +0100, Jeremie Le Hen wrote: > > Take a look at PRs 61685 and 76539. Hope that helps. > > Well, I was aware of the first one (I'm doing shaping on my internal > interface as a workaround), but not the second one. The second one > is

Re: SIOCGIFMEDIA problems

jor drawback in your situation (portable software) is that kqueue(2) only exists in BSD world, not in Linux. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org ma

Can't export /usr/ports

ed mountd(8) sources, and this error messages appears when the mount(2) syscall fails (I assume this is the way mountd(8) informs the kernel about a directory to be exported). I'm sure this is a foolish error from me, but I can't figure one. Thanks. Regards, -- Jeremie Le Hen < jerem

Re: Can't export /usr/ports

> my current exports(5) file looks something like this : > I copied the last line and replaced the path with /usr/ports, when I try to > reload mountd(8), I get an error in /var/log/messages : This is a draft, and shouldn't appear in the previous mail. -- Jeremie Le Hen < jere

Re: Can't export /usr/ports

it is not possible to export two directories from the same filesystem with different options or credentials ? I didn't see anything like this in the manpage. What did I miss ? Regards, -- Jeremie Le Hen < jeremie at le-hen dot org ><

iwi(4) not working

and why I can't get the associated status. Note that the shown MAC address is the correct one, thus the card seems to receive some beacon frames, it's not a ``link'' error. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > _

ICMP need to frag

ke the ssh session with ~. . Advices are welcome :-). Thanks. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > 21:36:32.956062 192.168.4.205.49583 > 192.168.1.222.2: S [tcp sum ok] 894016321:894016321(0) win 65535 (DF) (ttl 62, id 20835

Re: ICMP need to frag

from the Ethernet network card on the RELENG_4 router. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: iwi driver: Probes but no association (FreeBSD5.4).

5.4-STABLE #10: Fri Apr 29 10:39:24 As far as I can tell, this driver is not longer updated, the developpement is done in BSD source trees (look at the file modification date). Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___

Re: ICMP need to frag

does SSH use IPSec AH ?" ? I've never heard of such a thing. I think the code you pasted refers to IPSec transport mode, but I'm afraid that it's not related to my problem of Path MTU Discovery not working. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz a

Re: iwi driver: Probes but no association (FreeBSD5.4).

ostly impossible as the iwi(4) should be using the new Sam Leffler's net80211 framework which is not going to be MFC'd to RELENG_5. I believe you should definitely try -CURRENT. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >

Re: Problems with gif tunnels

e. I've tried > > different systems, one and two NICs, 4.x and 5.x, all with the same > > (non)result. What am I missing? It would be worth knowing if the ICMP packet goes out from your ``internal'' interface (xl0). In this case, you should also see the ICMP echo-

Re: Problems with gif tunnels

- encapsulated packet comes in from 203.16.215.227 with data from IP > 192.83.231.16 for 192.109.197.145. It should go out xl0. > - It doesn't. No further indication of why not. I saw your commit on gif(4) manual page precising that gif(4) does not do GRE tunnels. Does it represent a solu

Re: Problems with gif tunnels

Read above. Usually gre(4) tunnels are used as simple IP-over-IP tunnel, so a gif(4) would do the same with less overload (due to GRE header size). GRE seems far more powerful, but I don't know its benefits. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile d

Re: Problems with gif tunnels

ore longer, depending on the value of the five first bits of the GRE header. Enjoy your tunnel ;-). [1] http://www.networksorcery.com/enp/protocol/gre.htm -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-

Re: Problems with gif tunnels

archives. Regards, [1] http://hashbang.org.uk/index.php/GIF_to_IPIP_Tunnels -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Advice needed on running idiotic test for client

topics please, I'm very interested in them. Thanks. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net T

Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)

, [1] http://www.tel.fer.hr/zec/vimage/ -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)

t for a "pipe" action. However, the main problem with this approach is that it breaks POLA. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.

Re: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?)

ust for information, does this principle requires FreeBSD to keep existing option forever, or are there some scarce situations where some superfluous options could be deleted ? Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > _

Re: www user than root

t lately and you want security. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: www user than root

n your security requirements : any user is able to bind port 8000, so if you have other users on the system, this may not be something to avoid. But FWIW, this would totally remove the need to make a privileged part in your application. Regards, -- Jeremie Le Hen < jeremie a

Re: www user than root

> Yes it might be a good idea, but again, it depends on your security > requirements : any user is able to bind port 8000, so if you have > other users on the system, this may not be something to avoid. s/not// -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz

Re: Julian's netowrking challenge 2005

ck of multiple routing tables support, lack of source routing (as well as higher level protocol based routing). Are there actually some projects that are being worked on to overcome this ? -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Julian's netowrking challenge 2005

'm pretty sure this would make Netgraph people react a bit ;-). > pf does something along these lines in case you are looking for references. Would it be possible to share this tag among pf and ipfw ? Regards, -- Jeremie Le Hen < jeremie at

Re: Julian's netowrking challenge 2005

sure this would make Netgraph > >people react a bit ;-). > > why? > I think they are orthogonal. I was just kidding, because new features sometimes trigger a netgraph praise saying it is already possible with this framework. But this worthless. -- Jeremie Le Hen < jere

Re: Julian's netowrking challenge 2005

| > packet data <---/ > ... > [end of mbuf] I think I understand what you are proposing here, but what do you have in mind that would require such a system ? If there is no really good reason, I think it is wise to keep it sim

Re: ntop binary for 5.x in existence ? (the real ntop, not the kitchen sink one...)

t ? If so, it would be worth if you could submit a port of the older release of ntop. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailm

Re: ipfw+dummynet only getting half bandwidth when using routed interfaces.

ecv and xmit without success.. Did you try something like this (assuming 192.168.1.1 is on xl0 side, fxp0 is the other interface) : ipfw add pipe 1 any from 192.168.1.1 to any bridged out recv xl0 xmit fxp0 ipfw add pipe 2 any from any to 192.168.1.1 bridged out recv fxp0 xmit xl0 Regards, -- Je

Problem with Path MTU Discovery

also tried to connect to Comp3, but the behaviour is the same. Thus my guess is that Gate2 (RELENG_5) is sending bad ICMP need-to-frag packets, while Gate1 (RELENG_4) is sending good ones, because all Comp* are RELENG_5, and don't behavie in the same way. Does anyone have an idea why Path MT

Re: Problem with Path MTU Discovery

1500 xl0 192.168.4.54/32link#1 UC 00 1500 xl0 192.168.4.80 00:60:08:60:fe:10 UHLW024577 1500 lo0 => 192.168.4.80/32link#1 UC 00 1500 xl0 %%% Thank you. Regards, -- Jeremie Le H

Re: ipfw+dummynet only getting half bandwidth when using routed interfaces.

Hi Philip, > Yepps. And adding bridged does not help either. > I'm beginning to belive that I am the problem since there must be other > people doing this. did you resolve your problem ? If yes, what was the solution ? Regards, -- Jeremie Le Hen < jeremie at le-hen dot org

Re: AltQ + ng_iface

tcp from any 22 to any iptos lowdelay DNS requests: udp from any to any 53 Small PONG: icmp from any to any icmptype 8 iplen 1-200 HTTP(S), FTP: tcp from any to any 21,80,443 Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile d

Re: How-to use CARP?

I get the following error: > > # ifconfig carp0 create > ifconfig: SIOCIFCREATE: Invalid argument > # Add "device carp" to you kernel configuration file and recompile. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >

Re: running out of mbufs?

F but is far less intrusive > to the kernel. By "interface groups", do you mean the same ones as OpenBSD ? Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mai

Re: running out of mbufs?

The interface(s) the default route(s) point to are mem- bers of the egress interface group. %%% This article [1] explains better what interface groups are, see the "Interface group" section (according to w3m: line 182/422 (43%)) [1] http://ker

Re: Stack virtualization (was: running out of mbufs?)

SD to be able to do this. > It's hard to describe this textually to its full extent. That's why > my upcoming paper will have mostly graphics depicting the packet flow > and the processing options. I'm in haste to read your paper. [1] http://www.manpage.org/cgi-bin/man/man2

Re: Stack virtualization (was: running out of mbufs?)

played with this), but I'm a little bit scared about the administrative overhead this would introduce for managing jails. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing lis

Re: Why Ierrs is so high?

being used for ? If you're still having error after switching interfaces, maybe it's time to check your cable. Finally, what are you running ? [ ] RELENG_4 [ ] RELENG_5 [ ] RELENG_6 [ ] CURRENT Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org

Re: Stranges with ARP

lticast bit of 802.11? No, its the LSB of the first octet. > So your outgoing pings are actually multicasts. Good catch ! :-) [1] http://lists.freebsd.org/pipermail/freebsd-ipfw/2005-July/001934.html Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >

Re: Aggregate network interfaces

s Etherchannel. For the sake of completeness, I would add that OpenBSD has the trunk(4) interface which allows to bond multiple network interfaces with configurable trunk protocols. http://www.openbsd.org/cgi-bin/man.cgi?query=trunk&sektion=4&arch=i386&apropos=0&manpath=OpenBSD+Cur

Re: Summer of Code 2005: Improve Libalias

Hi Mike, > And what is the point of all of this when we have OpenBSD's PF? ipfw and > libalias is dead. In addition to what others said, you should look at the following, this may be an answer : http://lists.freebsd.org/pipermail/freebsd-ipfw/2005-July/001934.html Regards, -- Jer

Re: Efficient use of Dummynet pipes in IPFW

but scared about adding such options because there would be no reason then to not add other syntactic facilities, which would end up messing the whole syntax. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > _

Re: ARP behavior in FreeBSD vs Linux

t; > the 'wrong' interface will gladly be accepted, too. This broke things > > > for me, because I didn't want to have that certain IP-address accessible. This behaviour can be controlled with : /proc/sys/net/ipv4/conf//rp_filter These sysctl are explaine

Re: Efficient use of Dummynet pipes in IPFW

ated" rule is obviously : /(a.b.c) With your ruleset may be summed up as : /a+/b+/c Which is the same as the "negated" rule in regard to De Morgan's theorem. Do you agree with this ? Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: UDP dont fragment bit

e use. In other words, I think the feature you're calling for is really specific to your problem, regarding your current network environnement. The misbehaviour of some particular network-fascist ISP should not reach the FreeBSD source tree. Best regards, -- J

Re: dummynet, em driver, device polling issues :-((

will check the NIC state upon each soft clock interrupt (HZ) and fetch them into the memory if any. If too much packets were received during a period, then the overflow of packets will be discarded, incrementing the "Receive No Buffers" error count. I think you can

Re: IPFW+DUMMYNET UPLOAD PROBLEM

bw 128Kbit/s queue 10KBytes > > And my test speed from ip 192.168.0.5 is: > Down 123.66kbps > Up 766.24kbps What's the output of % ipfw show 600 601 Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > __

Re: IPSec session stalls

use pf. It is described here : http://lists.freebsd.org/pipermail/freebsd-net/2005-July/007899.html Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd

  1   2   >