Large delays (2 minute) with dummynet

2004-07-15 Thread josh
ering happen intelligently in userland, but I can't find anything to do that. Am I barking up the wrong tree by looking at dummynet? Cheers, Josh ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: OCE driver patches

2013-02-09 Thread Josh Paetzel
Vencat, There's been a breakdown in communication. I've been working on oce with Adam and have a bunch of oce hardware. Please cc me on any patches you have. (pr's are fine, but they won't get my attention) Thanks, Josh Paetzel On Feb 7, 2013, at 3:57 AM, "Duvv

Re: Question: Why ain't I getting gigabit speed?

2013-02-09 Thread Josh Paetzel
There's likely something wrong hardware wise. Either with that nic, the cable, or the port you are plugging it into. The NIC is (correctly) not autonegotiating 1000TX full duplex for some reason, and when you try to force it it doesn't work. Thanks, Josh Paetzel On Feb 7, 2013,

Re: OCE driver patches

2013-03-01 Thread Josh Paetzel
On Mar 1, 2013, at 5:36 AM, "Duvvuru,Venkat Kumar" wrote: > Hi Josh, > I have a bunch of patches (~25 in number) to submit. Please let me know the > process to submit them. > Do I just attach them in a single email or open pr's for each of them?? > Pls sugges

Re: nmbclusters: how do we want to fix this for 8.3 ?

2012-02-23 Thread Josh Paetzel
d igb in heavy use, what would you find most > convenient? > > Jack > The default setting is a thorn in our (with my ixsystems servers for freebsd hat on) side. A system with a quad port igb card and two onboard igb NICs won't boot stable/8 or 8.x-R to multius

NFS: rpc.statd/lockd becomes unresponsive

2012-03-30 Thread Josh Beard
user 3000191udp 0.0.0.0.2.162 amdsuperuser The load can get fairly high during my 'stress' tests, but not *that* high. I'm surprised to see these particular symptoms that affect every connected user at the same time and would expect slowdowns rather

Re: NFS: rpc.statd/lockd becomes unresponsive

2012-03-30 Thread Josh Beard
On 03/30/2012 05:36 PM, Josh Beard wrote: Hello, snip Whoops, realized freebsd-fs is probably a more appropriate list for this. My apologies. Josh ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To

aliases on em(4) do not work properly

2011-05-19 Thread Josh Carroll
89 link#1 UHS 00lo0 => XYZ.14.73.189/32 link#1 U 00em0 I can try building an 8-STABLE kernel to see if it works ok, but ideally I'd like to remain on 8.2-RELEASE. Please let me know what other information is ne

Re: aliases on em(4) do not work properly

2011-05-21 Thread Josh Carroll
On Thu, May 19, 2011 at 3:12 PM, Josh Carroll wrote: > After upgrading my hardware, I now have two new em(4) in this box > running FreeBSD 8.2-RELEASE/amd64. One NIC is the onboard NIC on the > Asus P8Z68-V Pro board, the other is the Intel EXPI9301CTBLK > PCI-Express card. em0 is

Re: if_bridge as if_vlan parent

2009-11-21 Thread Josh Paetzel
dev em0 # ifconfig bridge0 addm vlan1 addm vlan2 Is that more in line with what you want to do? I'm a little curious what problem set using a bridge as the parent of a vlan solves though. Thanks, Josh Paetzel ___ freebsd-net@freebsd.org mailing

Re: mrtg peak on reboot / snmp-issue?

2008-06-15 Thread Josh Carroll
p and then sanitizing them prior to outputting to the value. Regards, Josh On 6/15/08, Olivier Mueller <[EMAIL PROTECTED]> wrote: > Hello, > > Small but curious thing on my freebsd-based systems: when a > server is rebooted, it generates a peak (or "spike"?) on the &

Set arbitrary protocol for route?

2014-08-22 Thread Josh Moore
I am trying to add a local route with an arbitrary protocol number. This is done with iproute2 in Linux by: ip route add to local $ip/32 dev eth0 proto $num How can I do this in FreeBSD 10? Josh ___ freebsd-net@freebsd.org mailing list http

Re: Question about bce driver

2007-07-11 Thread Josh Paetzel
s never able to solve the link up/link down problems with the driverI was using the drivers from STABLE for a while, and without jumbo frames everything worked somewhat ok most of the timethe ultimate solution was to just get the intel PCI-X card and stop using the broadcoms. -- Thanks, Josh Paetzel pgp0aecUDjhLU.pgp Description: PGP signature

Re: Problems with BCE network adapter (Dell PE2950)

2007-07-11 Thread Josh Paetzel
dly piece of advice. Dell sells an intel dual port gig-e card for these machines. If the PCI-X riser hasn't been populated with anything else do yourself a favor and buy it. -- Thanks, Josh Paetzel pgpcXTMuqy4ZO.pgp Description: PGP signature

Re: Question about bce driver

2007-07-11 Thread Josh Paetzel
ut it was trivial to wedge it with even moderate amounts of UDP. I eventually reached the conclusion (correct or not) that you can't fix crap hardware with a driver. -- Thanks, Josh Paetzel pgpKPrWej6c9c.pgp Description: PGP signature

Re: Again two ADSL lines, routing problems

2007-07-12 Thread Josh Paetzel
om 192.168.2.2 to any This will not do load-balancing, fail-over, or round-robin NAT, but it will make replies to incoming connections on the 'other' DSL connection go out the same interface the incoming connection came in on with the proper source address. HTH -- Thanks, Josh Paetzel pgpL4Cz1MZZj4.pgp Description: PGP signature

Re: Running jails on multiple subnets with multiple interfaces

2007-08-28 Thread Josh Paetzel
ink then set the default route to 192.168.1.1 and put the following rule in pf.conf pass out route-to (em1 10.0.0.1) from 10.0.0.2 to ! 10.0.0.0/24 If you were to give more concrete examples of your config I could probably help you out with a workable pf solution. -- Thanks, Josh Paetzel pgpXxDOY8zFfw.pgp Description: PGP signature

Re: kern/123172: [bce] Watchdog timeout problems with if_bce

2008-04-30 Thread Josh Endries
The following reply was made to PR kern/123172; it has been noted by GNATS. From: Josh Endries <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: Subject: Re: kern/123172: [bce] Watchdog timeout problems with if_bce Date: Wed, 30 Apr 2008 08:58:23 -0400 It's been working well for a

Netgraph node with inet and ethernet hooks?

2004-11-13 Thread Josh Coombs
I'm trying to find a way to get PPPoE half-bridging functionality working with FreeBSD, similar to what Cisco routers and many older ISDN routers can/could do. Basically, I'm trying to get the ip/subnet assigned to the ppp link usable on an ethernet interface. So, on the radius side, you have (for

Re: Netgraph node with inet and ethernet hooks?

2004-11-13 Thread Josh Coombs
On Nov 13, 2004, at 10:59 AM, Bjoern A. Zeeb wrote: On Sat, 13 Nov 2004, Josh Coombs wrote: I'm trying to find a way to get PPPoE half-bridging functionality working with FreeBSD, similar to what Cisco routers and many older ISDN routers can/could do. Basically, I'm trying to get the

Re: per-interface packet filters, design approach

2004-12-14 Thread Josh Kayse
As someone who is quite new to all of this, take my thoughts with a grain of salt. That being said, this is my view on the matter. On Tue, 14 Dec 2004 15:03:27 +0100, Andre Oppermann <[EMAIL PROTECTED]> wrote: > Let's take a high level view of the issue at hand and the consider > some alternative

Re: per-interface packet filters, design approach

2004-12-14 Thread Josh Kayse
On Tue, 14 Dec 2004 14:27:01 -0500, Josh Kayse <[EMAIL PROTECTED]> wrote: > As someone who is quite new to all of this, take my thoughts with a > grain of salt. That being said, this is my view on the matter. > > On Tue, 14 Dec 2004 15:03:27 +0100, Andre Oppermann <[EM

em0 link_state

2004-12-16 Thread Josh Kayse
ct in saying that? And if so, is anyone working on it? Thanks in advance. -josh -- Joshua Kayse Computer Engineering ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Carp Suppression

2005-06-10 Thread Josh Kayse
failing over between the 2 machines. When I check net.inet.carp.suppress_preempt it returns 1 and I do not understand why that is. Can anyone shed some light on this? If you need any more information, just let me know. Thanks Josh -- Joshua Kayse Computer Engineering

Re: Carp Suppression

2005-06-11 Thread Josh Kayse
I think I've narrowed it down to the plip interface, but I'm not completely sure. Has anyone gotten carp running over a plip interface? On 6/10/05, Josh Kayse <[EMAIL PROTECTED]> wrote: > I am cross-posting this to -net and -pf because I am not sure where it goes. >

Re: Carp Suppression

2005-06-13 Thread Josh Kayse
004 +++ /usr/src/sys/dev/ppbus/if_plip.cMon Jun 13 10:05:56 2005 @@ -359,6 +359,7 @@ ppb_wctr(ppbus, IRQENABLE); ifp->if_flags |= IFF_RUNNING; + ifp->if_flags = LINK_STATE_UP; } break; On 6/11/05, Josh Kayse <[EMAIL PROTECTED]> wrote:

Re: Carp Suppression

2005-06-13 Thread Josh Kayse
LIP interface and crossover interface. We then use ifstaded to monitor the carp interfaces and shut down bridging on one of the machines. I will refrain from submitting any code to the community in the future. On 6/13/05, Yar Tikhiy <[EMAIL PROTECTED]> wrote: > On Mon, Jun 13, 2005 at 10:10:54AM

Re: Carp Suppression

2005-06-13 Thread Josh Kayse
rything working now and I just wanted to let others know how they could use carp over PLIP if they so needed to. > http://www.seattlecentral.edu/~dmartin/docs/bridge.html > > > > Greg > > > > > > I will refrain from submitting any code to the community in > > th

Re: Carp Suppression

2005-06-15 Thread Josh Kayse
On 6/15/05, Gleb Smirnoff <[EMAIL PROTECTED]> wrote: > AFAIU, you use PLIP line as some flag that triggers suppression. If > slave "sees" master via PLIP, it keeps itself in slave mode. May be > I don't understand you right. > > Although the idea is not officially supported, it is interesting. C

Help with mbuf exhaustion

2017-09-28 Thread Josh Gitlin
28,2048 htcp data 127 4K -13675 32 aesni_data 3 3K -3 1024 solaris 142 12302K - 3189 16,32,64,128,512,1024,8192 kstat_data 6 1K -6 64 TCP States: https://i.stack.imgur.com/G7850.png -- <http://www.goboomto

Re: Help with mbuf exhaustion

2017-09-28 Thread Josh Gitlin
My mistake, the "1" was cut off from my message. We are actually on FreeBSD 10.3-RELEASE-p21, _not_ p2 -- <http://www.goboomtown.com/> Josh Gitlin Senior Full Stack Developer (415) 690-1610 x155 Stay up to date and join the conversation in Relay <http://relay.goboomtown.

Re: [Bug 122954] [lagg] IPv6 EUI64 incorrectly chosen for lagg devices

2017-12-09 Thread Josh Paetzel
On Sat, Dec 9, 2017, at 02:29 PM, Eugene Grosbein wrote: > 10.12.2017 1:29, bugzilla-nore...@freebsd.org wrote: > > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=122954 > > > > Josh Paetzel changed: > > > >What

X540 + arista switch

2016-08-22 Thread Josh Paetzel
switch. Some googling lead me to http://unix.derkeiler.com/Mailing-Lists/FreeBSD/net/2014-02/msg00283.html Any pointers on which direction to turn? -- Thanks, Josh Paetzel ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman

Re: terrible if_vmx / vmxnet3 rx performance with lro (post iflib)

2020-02-20 Thread Josh Paetzel
to make it 100% clear. The problem is a ~4x regression in RX performance. It affects stock FreeBSD, including 12.1-RELEASE. In my 40Gbps connected lab single thread iperf receive went from 9Gbps to 2.5Gbps. If this can't be fixed or looked at I'd heavily suggest looking at r

Re: UDP - Reliable throughput mesaurement tool

2001-05-26 Thread Josh Paetzel
eing "lossy" I don't think there is going to be anything that can help you out there. There is a really good protocol that you can use if you need "reliable" delivery of packets over IP. If I remember right, it is called TCP. Josh > To Unsubscribe: send mail to

Re: Help! Server unexpectedly stops respond...

2001-12-11 Thread Josh Paetzel
uld be a lot of things, but without more info, it's hard to make any judgements at all. I will ask on question, though: What is MAXUSERS set to in your kernel? Josh To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message

Re: ifnet struct interface type

2006-11-24 Thread Josh Carroll
ave a gigabit card that autonegotiated to 100baseTx-FD or similar. You could probably take a look at /usr/src/sbin/ifconfig/ifmedia.c for details on how to query what the card's current media setting is. Regards, Josh ___ freebsd-net@freebsd.org mailing

Re: FreeBSD-6.1/amd64 bge(4) driver performance problems

2006-11-29 Thread Josh Paetzel
and 4 100tx interfaces on the same PCI bus? If so you're going to run into bus saturation long before you're able to max out the throughput on the NICs. Which isn't to say that 200 kBps isn't a problem, but perhaps you are dealing with a bad cable or switchport. -- Thank

Re: Bandwidth Monitoring program

2006-12-05 Thread Josh Paetzel
network then you are going to need to gather info on the router itself. SNMP would be the logical choice if the router is capable of running it. You could then poll SNMP from a computer on the network and use any number of tools to analyze/graph the usage. (MRTG and rrdtool being a couple o

Re: Bandwidth Monitoring program

2006-12-06 Thread Josh Paetzel
fic other than what that specific machine is sending/receiving. -- Thanks, Josh Paetzel ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Bandwidth Monitoring program

2006-12-06 Thread Josh Paetzel
On Wednesday 06 December 2006 10:11, Julian Elischer wrote: > Josh Paetzel wrote: > > On Tuesday 05 December 2006 23:52, Brett Glass wrote: > >> Add a few IPFW "count" rules to count the bytes and packets. > >> Then, periodically harvest and reset the count

Re: stop bittorrents

2006-12-15 Thread Josh Paetzel
cess control page that allows you to block things by service. Not entirely sure *how* it works, but it seems to be very effective at blocking at the application layerincluding bt and even skype. -- Thanks, Josh Paetzel ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Need help dealing with (D)DoS attacks (desperately)

2003-01-05 Thread Josh Brooks
Hi. I am running this as my firewall/router: 4.4-RELEASE FreeBSD 4.4-RELEASE #0 And I have no ability to change that anytime soon. Recently I have been having a lot of trouble with floods/ddos/etc. When these attacks occur, my firewall is totally unresponsive, I cannot ssh in to type a single

Re: Need help dealing with (D)DoS attacks (desperately)

2003-01-05 Thread Josh Brooks
> On 1/5/2003 1:05 PM, Josh Brooks wrote: > > > > I am running this as my firewall/router: > > > > 4.4-RELEASE FreeBSD 4.4-RELEASE #0 > > > > And I have no ability to change that anytime soon. Recently I have been > > having a lot of trouble with floods/

Re: Need help dealing with (D)DoS attacks (desperately) - MORE INFO

2003-01-05 Thread Josh Brooks
hanks a LOT. On Sun, 5 Jan 2003, Lars Eggert wrote: > On 1/5/2003 1:05 PM, Josh Brooks wrote: > > > > I am running this as my firewall/router: > > > > 4.4-RELEASE FreeBSD 4.4-RELEASE #0 > > > > And I have no ability to change that anytime soon. Recently I have

Re: Need help dealing with (D)DoS attacks (desperately)

2003-01-05 Thread Josh Brooks
Alternatively, is getting a much faster CPU (p3 1.6g ?) a "big hammer" that solves problems related to the number of rules being parsed for each packet ? Just curious. On Sun, 5 Jan 2003, Barney Wolff wrote: > On Sun, Jan 05, 2003 at 01:31:24PM -0800, Josh Brooks wrote: > >

What is my next step as a script kiddie ? (DDoS)

2003-01-09 Thread Josh Brooks
Hello, With the help of people in this group I have largely solved my problems - by simply placing in rules to drop all packets except the ones going to ports/services that are actually in use on the destination, I have found that even during a large attack (the kinds that used to cripple me) I h

Re: What is my next step as a script kiddie ? (DDoS)

2003-01-10 Thread Josh Brooks
My goal is to protect my FreeBSD firewall. As I mentioned, now that I have closed off everything to the victim except the ports he is actually running services on, everything is great! The firewall is just fine - even during a big syn flood, because it just drops all the packets that aren't goin

Re: What is my next step as a script kiddie ? (DDoS)

2003-01-10 Thread Josh Brooks
o when syn floods no longer do the job ? thanks! On Fri, 10 Jan 2003, Jess Kitchen wrote: > On Fri, 10 Jan 2003, Josh Brooks wrote: > > > My goal is to protect my FreeBSD firewall. As I mentioned, now that I > > have closed off everything to the victim except the ports he is actu

Re: What is my next step as a script kiddie ? (DDoS)

2003-01-10 Thread Josh Brooks
ess of what they conclude from this, what is the standard "next > > step" ? If they are just flooders/packeteers, what do they graduate to > > when syn floods no longer do the job ? > > > > thanks! > > > > On Fri, 10 Jan 2003, Jess Kitchen wrote: > >

Re: What is my next step as a script kiddie ? (DDoS)

2003-01-10 Thread Josh Brooks
What would you run on a different server to do traffic estimation ? How would you do such a thing ? thanks. On Sat, 11 Jan 2003 [EMAIL PROTECTED] wrote: > > Well, my "router" is the freebsd machine - celeron 500 and 256 megs. > > > > Where would you suggest doing bandwidth counts for all of my

Re: What is my next step as a script kiddie ? (DDoS)

2003-01-11 Thread Josh Brooks
gen wrote: > On Thu, Jan 09, 2003 at 10:21:52AM -0800, Josh Brooks wrote: > > > > But, I am concerned ... I am concerned that the attacks will simply > > change/escalate to something else. > > > > If I were a script kiddie, and I suddenly saw that all of my ga

ipfw rules - SYN w/o MSS, and ACK with 0 sequence number

2003-01-11 Thread Josh Brooks
Hi, After reading some more documents on DoS attacks (namely http://www.e-gerbil.net/ras/projects/dos/dos.txt ) I have found that there are two nice mechanisms to thwart a large number of ack and syn floods. First, it turns out (from the paper I mention above) that most of the SYN flood tools ou

Re: ipfw rules - SYN w/o MSS, and ACK with 0 sequence number

2003-01-12 Thread Josh Brooks
> also, ipfw can match packets by ack#. i've used this as criteria for a > dummynet pipe rule in the past. Great - that is just what I am looking for - so I can drop all packets with an ack of zero. Can someone show me an example rule of said behavior ? To Unsubscribe: send mail to [EMAIL PROT

ipfw: blocking syn floods - two proposed rules

2003-01-14 Thread Josh Brooks
My goal is to create an ipfw rule that stops normal syn floods by blocking ALL syn packets that have no MSS set. My understanding is that there is no legitimate packet that is a SYN and has no MSS, and further, most of the kiddie tools in existence for syn flooding do indeed send syn packets with

catching bad ICMP errors - very odd

2003-01-24 Thread Josh Brooks
I have inserted this ipfw rule, based on guidance from the archives: count icmp from any to any icmptype 4,5,9,10,12,13,14,15,16,17,18 Now, I am watching that count rule, and it keeps growing. This means that people are sending me packets other than types 0,3,8,11. So I wanted to see what they

Re: catching bad ICMP errors - very odd

2003-01-24 Thread Josh Brooks
ipfw1 On Fri, 24 Jan 2003, Luigi Rizzo wrote: > is this with ipfw1 or ipfw2 or both ? > > cheers > luigi > > On Fri, Jan 24, 2003 at 03:56:54AM -0800, Josh Brooks wrote: > > > > I have inserted this ipfw rule, based on guidance from the archives: >

IPFW2 and count rules ... broken ?

2003-02-13 Thread Josh Brooks
Hello, I have recently upgraded to ipfw2 running on 4.7-RELEASE. It seems to be working fine. However, my count rules ... aren't working well at all. I have clear and correct testing that shows that many count rules do not increment at all when traffic is clearly flowing. For instance: count

ipfw2 in 4.7 == incorrect stats ?

2003-03-03 Thread Josh Brooks
Hello, I am successfully running ipfw2 in FreeBSD 4.7-RELEASE. Everything seems fine, but it seems like the stats on each of the rules are just _way way_ low. On all rules I notice this. for instance: 65123 556880155 55168583654 allow ip from any to any This shows 55 gigabytes of total trans

Re: ipfw2 in 4.7 == incorrect stats ?

2003-03-04 Thread Josh Brooks
No, it should be catching much more than it shows. Also many other rules that are quite specific are very very deflated. I will do some real tests later today with firm numbers. On Tue, 4 Mar 2003, Luigi Rizzo wrote: > On Mon, Mar 03, 2003 at 03:03:58PM -0800, Josh Brooks wr

counting firewall traffic on a second machine

2003-03-04 Thread Josh Brooks
Hello, I used to have a firewall with ipfw count rules in place for every IP I had. This worked fine, but it gave me a 2000+ ruleset that would cause cpu to skyrocket under even the lightest of DoS attacks. So, I have plugged in another system on the DMZ and plan to count from there. In the mo

user ppp's "nat proxy" under FreeBSD 5.1

2003-07-27 Thread Josh Osborne
I'm using the user land ppp under 5.1 and I have this in the ppp.conf: nat enable yes nat log yes nat unregistered_only yes nat proxy type no_encode port 80 server 10.0.0.1:3128 proto tcp src 10.0.0.29 before I execute the proxy line the web browser on 10.0.0.29 works fine, after it is dead i

how do I delete just one ipfw rule ?

2003-09-08 Thread Josh Brooks
Hi, If I create two ipfw rules with the same ID: ipfw add 00022 deny ip from x to y ipfw add 00022 allow ip from z to b they will both be there, and both work ... but is it possible to remove just one of them wihout removing the other ? Right now I am doing a hack with a ";" ipfw del 00022 ;

Re: how do I delete just one ipfw rule ?

2003-09-09 Thread Josh Brooks
On Tue, 9 Sep 2003, Luigi Rizzo wrote: > no, it is not possible to delete them -- you have no way to tell > which rule to delete when multiple rules share the same number. Are there any plans to make ipfw more flexible by changing the 65535 to the next power of two ? So there are a lot more r

I would like to tcpdump and get all the packets...

2003-09-17 Thread Josh Brooks
Whenever I run: tcpdump -vvv when I am finished, I am surprised to see: 27441 packets received by filter 7866 packets dropped by kernel I have pored over the tcpdump man page, but do not see how to tell it to not drop any of the packets. What is the purpose behind this ? I can't think of any