ering happen intelligently
in userland, but I can't find anything to do that. Am I barking up
the wrong tree by looking at dummynet?
Cheers,
Josh
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Vencat,
There's been a breakdown in communication. I've been working on oce with Adam
and have a bunch of oce hardware. Please cc me on any patches you have. (pr's
are fine, but they won't get my attention)
Thanks,
Josh Paetzel
On Feb 7, 2013, at 3:57 AM, "Duvv
There's likely something wrong hardware wise. Either with that nic, the cable,
or the port you are plugging it into. The NIC is (correctly) not
autonegotiating 1000TX full duplex for some reason, and when you try to force
it it doesn't work.
Thanks,
Josh Paetzel
On Feb 7, 2013,
On Mar 1, 2013, at 5:36 AM, "Duvvuru,Venkat Kumar"
wrote:
> Hi Josh,
> I have a bunch of patches (~25 in number) to submit. Please let me know the
> process to submit them.
> Do I just attach them in a single email or open pr's for each of them??
> Pls sugges
d igb in heavy use, what would you find most
> convenient?
>
> Jack
>
The default setting is a thorn in our (with my ixsystems servers for
freebsd hat on) side. A system with a quad port igb card and two
onboard igb NICs won't boot stable/8 or 8.x-R to multius
user
3000191udp 0.0.0.0.2.162 amdsuperuser
The load can get fairly high during my 'stress' tests, but not *that*
high. I'm surprised to see these particular symptoms that affect every
connected user at the same time and would expect slowdowns rather
On 03/30/2012 05:36 PM, Josh Beard wrote:
Hello,
snip
Whoops, realized freebsd-fs is probably a more appropriate list for
this. My apologies.
Josh
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To
89 link#1 UHS 00lo0 =>
XYZ.14.73.189/32 link#1 U 00em0
I can try building an 8-STABLE kernel to see if it works ok, but
ideally I'd like to remain on 8.2-RELEASE. Please let me know what
other information is ne
On Thu, May 19, 2011 at 3:12 PM, Josh Carroll wrote:
> After upgrading my hardware, I now have two new em(4) in this box
> running FreeBSD 8.2-RELEASE/amd64. One NIC is the onboard NIC on the
> Asus P8Z68-V Pro board, the other is the Intel EXPI9301CTBLK
> PCI-Express card. em0 is
dev em0
# ifconfig bridge0 addm vlan1 addm vlan2
Is that more in line with what you want to do?
I'm a little curious what problem set using a bridge as the parent of a vlan
solves though.
Thanks,
Josh Paetzel
___
freebsd-net@freebsd.org mailing
p and then sanitizing them prior to
outputting to the value.
Regards,
Josh
On 6/15/08, Olivier Mueller <[EMAIL PROTECTED]> wrote:
> Hello,
>
> Small but curious thing on my freebsd-based systems: when a
> server is rebooted, it generates a peak (or "spike"?) on the
&
I am trying to add a local route with an arbitrary protocol number. This is
done with iproute2 in Linux by:
ip route add to local $ip/32 dev eth0 proto $num
How can I do this in FreeBSD 10?
Josh
___
freebsd-net@freebsd.org mailing list
http
s never able to solve the link up/link down problems with
the driverI was using the drivers from STABLE for a while, and
without jumbo frames everything worked somewhat ok most of the
timethe ultimate solution was to just get the intel PCI-X card
and stop using the broadcoms.
--
Thanks,
Josh Paetzel
pgp0aecUDjhLU.pgp
Description: PGP signature
dly piece of advice. Dell sells an intel dual port
gig-e card for these machines. If the PCI-X riser hasn't been
populated with anything else do yourself a favor and buy it.
--
Thanks,
Josh Paetzel
pgpcXTMuqy4ZO.pgp
Description: PGP signature
ut it was trivial to wedge it with even moderate amounts of
UDP.
I eventually reached the conclusion (correct or not) that you can't
fix crap hardware with a driver.
--
Thanks,
Josh Paetzel
pgpKPrWej6c9c.pgp
Description: PGP signature
om 192.168.2.2 to any
This will not do load-balancing, fail-over, or round-robin NAT, but it
will make replies to incoming connections on the 'other' DSL
connection go out the same interface the incoming connection came in
on with the proper source address.
HTH
--
Thanks,
Josh Paetzel
pgpL4Cz1MZZj4.pgp
Description: PGP signature
ink then set the default route to
192.168.1.1 and put the following rule in pf.conf
pass out route-to (em1 10.0.0.1) from 10.0.0.2 to ! 10.0.0.0/24
If you were to give more concrete examples of your config I could
probably help you out with a workable pf solution.
--
Thanks,
Josh Paetzel
pgpXxDOY8zFfw.pgp
Description: PGP signature
The following reply was made to PR kern/123172; it has been noted by GNATS.
From: Josh Endries <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc:
Subject: Re: kern/123172: [bce] Watchdog timeout problems with if_bce
Date: Wed, 30 Apr 2008 08:58:23 -0400
It's been working well for a
I'm trying to find a way to get PPPoE half-bridging functionality
working with FreeBSD, similar to what Cisco routers and many older ISDN
routers can/could do. Basically, I'm trying to get the ip/subnet
assigned to the ppp link usable on an ethernet interface.
So, on the radius side, you have (for
On Nov 13, 2004, at 10:59 AM, Bjoern A. Zeeb wrote:
On Sat, 13 Nov 2004, Josh Coombs wrote:
I'm trying to find a way to get PPPoE half-bridging functionality
working with FreeBSD, similar to what Cisco routers and many older
ISDN
routers can/could do. Basically, I'm trying to get the
As someone who is quite new to all of this, take my thoughts with a
grain of salt. That being said, this is my view on the matter.
On Tue, 14 Dec 2004 15:03:27 +0100, Andre Oppermann <[EMAIL PROTECTED]> wrote:
> Let's take a high level view of the issue at hand and the consider
> some alternative
On Tue, 14 Dec 2004 14:27:01 -0500, Josh Kayse <[EMAIL PROTECTED]> wrote:
> As someone who is quite new to all of this, take my thoughts with a
> grain of salt. That being said, this is my view on the matter.
>
> On Tue, 14 Dec 2004 15:03:27 +0100, Andre Oppermann <[EM
ct in saying that? And if so, is anyone working on
it? Thanks in advance.
-josh
--
Joshua Kayse
Computer Engineering
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
failing over
between the 2 machines.
When I check net.inet.carp.suppress_preempt it returns 1 and I do not
understand why that is.
Can anyone shed some light on this?
If you need any more information, just let me know.
Thanks
Josh
--
Joshua Kayse
Computer Engineering
I think I've narrowed it down to the plip interface, but I'm not
completely sure. Has anyone gotten carp running over a plip
interface?
On 6/10/05, Josh Kayse <[EMAIL PROTECTED]> wrote:
> I am cross-posting this to -net and -pf because I am not sure where it goes.
>
004
+++ /usr/src/sys/dev/ppbus/if_plip.cMon Jun 13 10:05:56 2005
@@ -359,6 +359,7 @@
ppb_wctr(ppbus, IRQENABLE);
ifp->if_flags |= IFF_RUNNING;
+ ifp->if_flags = LINK_STATE_UP;
}
break;
On 6/11/05, Josh Kayse <[EMAIL PROTECTED]> wrote:
LIP interface and crossover interface. We then use ifstaded to
monitor the carp interfaces and shut down bridging on one of the
machines.
I will refrain from submitting any code to the community in the future.
On 6/13/05, Yar Tikhiy <[EMAIL PROTECTED]> wrote:
> On Mon, Jun 13, 2005 at 10:10:54AM
rything working now and I just wanted to let others know how they
could use carp over PLIP if they so needed to.
> http://www.seattlecentral.edu/~dmartin/docs/bridge.html
>
>
>
> Greg
>
>
> >
> > I will refrain from submitting any code to the community in
> > th
On 6/15/05, Gleb Smirnoff <[EMAIL PROTECTED]> wrote:
> AFAIU, you use PLIP line as some flag that triggers suppression. If
> slave "sees" master via PLIP, it keeps itself in slave mode. May be
> I don't understand you right.
>
> Although the idea is not officially supported, it is interesting. C
28,2048
htcp data 127 4K -13675 32
aesni_data 3 3K -3 1024
solaris 142 12302K - 3189 16,32,64,128,512,1024,8192
kstat_data 6 1K -6 64
TCP States:
https://i.stack.imgur.com/G7850.png
--
<http://www.goboomto
My mistake, the "1" was cut off from my message. We are actually on FreeBSD
10.3-RELEASE-p21, _not_ p2
--
<http://www.goboomtown.com/>
Josh Gitlin
Senior Full Stack Developer
(415) 690-1610 x155
Stay up to date and join the conversation in Relay
<http://relay.goboomtown.
On Sat, Dec 9, 2017, at 02:29 PM, Eugene Grosbein wrote:
> 10.12.2017 1:29, bugzilla-nore...@freebsd.org wrote:
>
> > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=122954
> >
> > Josh Paetzel changed:
> >
> >What
switch.
Some googling lead me to
http://unix.derkeiler.com/Mailing-Lists/FreeBSD/net/2014-02/msg00283.html
Any pointers on which direction to turn?
--
Thanks,
Josh Paetzel
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman
to make it 100% clear. The problem is a ~4x
regression in RX performance. It affects stock FreeBSD, including 12.1-RELEASE.
In my 40Gbps connected lab single thread iperf receive went from 9Gbps to
2.5Gbps.
If this can't be fixed or looked at I'd heavily suggest looking at r
eing "lossy" I don't think
there is going to be anything that can help you out there. There is a really
good protocol that you can use if you need "reliable" delivery of packets
over IP. If I remember right, it is called TCP.
Josh
> To Unsubscribe: send mail to
uld be a lot of things, but without more info, it's hard to
make any judgements at all. I will ask on question, though: What is
MAXUSERS set to in your kernel?
Josh
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
ave a gigabit card that autonegotiated to
100baseTx-FD or similar.
You could probably take a look at /usr/src/sbin/ifconfig/ifmedia.c for
details on how to query what the card's current media setting is.
Regards,
Josh
___
freebsd-net@freebsd.org mailing
and 4 100tx interfaces on the same PCI bus? If so
you're going to run into bus saturation long before you're able to
max out the throughput on the NICs.
Which isn't to say that 200 kBps isn't a problem, but perhaps you are
dealing with a bad cable or switchport.
--
Thank
network then you are
going to need to gather info on the router itself. SNMP would be the
logical choice if the router is capable of running it. You could
then poll SNMP from a computer on the network and use any number of
tools to analyze/graph the usage. (MRTG and rrdtool being a couple o
fic other than what that
specific machine is sending/receiving.
--
Thanks,
Josh Paetzel
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
On Wednesday 06 December 2006 10:11, Julian Elischer wrote:
> Josh Paetzel wrote:
> > On Tuesday 05 December 2006 23:52, Brett Glass wrote:
> >> Add a few IPFW "count" rules to count the bytes and packets.
> >> Then, periodically harvest and reset the count
cess control page that allows you to
block things by service. Not entirely sure *how* it works, but it
seems to be very effective at blocking at the application
layerincluding bt and even skype.
--
Thanks,
Josh Paetzel
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Hi.
I am running this as my firewall/router:
4.4-RELEASE FreeBSD 4.4-RELEASE #0
And I have no ability to change that anytime soon. Recently I have been
having a lot of trouble with floods/ddos/etc. When these attacks occur,
my firewall is totally unresponsive, I cannot ssh in to type a single
> On 1/5/2003 1:05 PM, Josh Brooks wrote:
> >
> > I am running this as my firewall/router:
> >
> > 4.4-RELEASE FreeBSD 4.4-RELEASE #0
> >
> > And I have no ability to change that anytime soon. Recently I have been
> > having a lot of trouble with floods/
hanks a LOT.
On Sun, 5 Jan 2003, Lars Eggert wrote:
> On 1/5/2003 1:05 PM, Josh Brooks wrote:
> >
> > I am running this as my firewall/router:
> >
> > 4.4-RELEASE FreeBSD 4.4-RELEASE #0
> >
> > And I have no ability to change that anytime soon. Recently I have
Alternatively, is getting a much faster CPU (p3 1.6g ?) a "big hammer"
that solves problems related to the number of rules being parsed for each
packet ?
Just curious.
On Sun, 5 Jan 2003, Barney Wolff wrote:
> On Sun, Jan 05, 2003 at 01:31:24PM -0800, Josh Brooks wrote:
> >
Hello,
With the help of people in this group I have largely solved my problems -
by simply placing in rules to drop all packets except the ones going to
ports/services that are actually in use on the destination, I have found
that even during a large attack (the kinds that used to cripple me) I h
My goal is to protect my FreeBSD firewall. As I mentioned, now that I
have closed off everything to the victim except the ports he is actually
running services on, everything is great! The firewall is just fine -
even during a big syn flood, because it just drops all the packets that
aren't goin
o
when syn floods no longer do the job ?
thanks!
On Fri, 10 Jan 2003, Jess Kitchen wrote:
> On Fri, 10 Jan 2003, Josh Brooks wrote:
>
> > My goal is to protect my FreeBSD firewall. As I mentioned, now that I
> > have closed off everything to the victim except the ports he is actu
ess of what they conclude from this, what is the standard "next
> > step" ? If they are just flooders/packeteers, what do they graduate to
> > when syn floods no longer do the job ?
> >
> > thanks!
> >
> > On Fri, 10 Jan 2003, Jess Kitchen wrote:
> >
What would you run on a different server to do traffic estimation ? How
would you do such a thing ?
thanks.
On Sat, 11 Jan 2003 [EMAIL PROTECTED] wrote:
> > Well, my "router" is the freebsd machine - celeron 500 and 256 megs.
> >
> > Where would you suggest doing bandwidth counts for all of my
gen wrote:
> On Thu, Jan 09, 2003 at 10:21:52AM -0800, Josh Brooks wrote:
> >
> > But, I am concerned ... I am concerned that the attacks will simply
> > change/escalate to something else.
> >
> > If I were a script kiddie, and I suddenly saw that all of my ga
Hi,
After reading some more documents on DoS attacks (namely
http://www.e-gerbil.net/ras/projects/dos/dos.txt ) I have found that there
are two nice mechanisms to thwart a large number of ack and syn floods.
First, it turns out (from the paper I mention above) that most of the SYN
flood tools ou
> also, ipfw can match packets by ack#. i've used this as criteria for a
> dummynet pipe rule in the past.
Great - that is just what I am looking for - so I can drop all packets
with an ack of zero.
Can someone show me an example rule of said behavior ?
To Unsubscribe: send mail to [EMAIL PROT
My goal is to create an ipfw rule that stops normal syn floods by blocking
ALL syn packets that have no MSS set.
My understanding is that there is no legitimate packet that is a SYN and
has no MSS, and further, most of the kiddie tools in existence for syn
flooding do indeed send syn packets with
I have inserted this ipfw rule, based on guidance from the archives:
count icmp from any to any icmptype 4,5,9,10,12,13,14,15,16,17,18
Now, I am watching that count rule, and it keeps growing. This means that
people are sending me packets other than types 0,3,8,11.
So I wanted to see what they
ipfw1
On Fri, 24 Jan 2003, Luigi Rizzo wrote:
> is this with ipfw1 or ipfw2 or both ?
>
> cheers
> luigi
>
> On Fri, Jan 24, 2003 at 03:56:54AM -0800, Josh Brooks wrote:
> >
> > I have inserted this ipfw rule, based on guidance from the archives:
>
Hello,
I have recently upgraded to ipfw2 running on 4.7-RELEASE. It seems to
be working fine.
However, my count rules ... aren't working well at all. I have clear and
correct testing that shows that many count rules do not increment at all
when traffic is clearly flowing. For instance:
count
Hello,
I am successfully running ipfw2 in FreeBSD 4.7-RELEASE. Everything seems
fine, but it seems like the stats on each of the rules are just _way way_
low. On all rules I notice this.
for instance:
65123 556880155 55168583654 allow ip from any to any
This shows 55 gigabytes of total trans
No, it should be catching much more than it shows.
Also many other rules that are quite specific are very very deflated. I
will do some real tests later today with firm numbers.
On Tue, 4 Mar 2003, Luigi Rizzo wrote:
> On Mon, Mar 03, 2003 at 03:03:58PM -0800, Josh Brooks wr
Hello,
I used to have a firewall with ipfw count rules in place for every IP I
had. This worked fine, but it gave me a 2000+ ruleset that would cause
cpu to skyrocket under even the lightest of DoS attacks.
So, I have plugged in another system on the DMZ and plan to count from
there.
In the mo
I'm using the user land ppp under 5.1 and I have this in the
ppp.conf:
nat enable yes
nat log yes
nat unregistered_only yes
nat proxy type no_encode port 80 server 10.0.0.1:3128 proto tcp src 10.0.0.29
before I execute the proxy line the web browser on 10.0.0.29 works
fine, after it is dead i
Hi,
If I create two ipfw rules with the same ID:
ipfw add 00022 deny ip from x to y
ipfw add 00022 allow ip from z to b
they will both be there, and both work ... but is it possible to remove
just one of them wihout removing the other ? Right now I am doing a hack
with a ";"
ipfw del 00022 ;
On Tue, 9 Sep 2003, Luigi Rizzo wrote:
> no, it is not possible to delete them -- you have no way to tell
> which rule to delete when multiple rules share the same number.
Are there any plans to make ipfw more flexible by changing the 65535 to
the next power of two ? So there are a lot more r
Whenever I run:
tcpdump -vvv
when I am finished, I am surprised to see:
27441 packets received by filter
7866 packets dropped by kernel
I have pored over the tcpdump man page, but do not see how to tell it to
not drop any of the packets.
What is the purpose behind this ? I can't think of any
65 matches
Mail list logo