Re: ifconfig gif0 and rc.conf [was: Re: IP packet with options]
Dear Kevin Many thanks. Maybe this can make it to the next release to fill a gap. Regards Malcolm Kevin Downey wrote: On Sun, Mar 23, 2008 at 5:35 AM, Malcolm Clarke <[EMAIL PROTECTED]> wrote: Hi Does anyone know the IPv6 vesion of the command that would be of the form gifconfig_gif0="fec0::1 fec0::2" that would set up the two physical ends of a tunnel? Sadly the above does not works as it does not recognise the IPv6 address as there is no ipv6_gifconfig_gif0="fec0::1 fec0::2" to correspond to the command ifconfig gif0 inet6 tunnel src-addr dst_addr Regards Malcolm sorry for the duplicate mail Malcolm, forgot to reply to the list as well. the attached patch should let use the inet6 keyword. example: gifconfig_gif0="inet6 fec0::1 fec0::2" --- /etc/network.subr 2008-03-23 09:50:35.0 -0700 +++ /tmp/network.subr 2008-03-23 10:06:51.0 -0700 @@ -470,7 +470,6 @@ fi done } - gif_up() { # The following must be removed once RELENG_7 is branched. case ${gif_interfaces} in @@ -486,6 +485,11 @@ '') continue ;; + *inet6*) + ifconfig $i create >/dev/null 2>&1 + ifconfig $i inet6 tunnel `echo ${peers} | cut -d \ -f 2-` + ifconfig $i up + ;; *) ifconfig $i create >/dev/null 2>&1 ifconfig $i tunnel ${peers} ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ifconfig gif0 and rc.conf [was: Re: IP packet with options]
Hi Does anyone know the IPv6 vesion of the command that would be of the form gifconfig_gif0="fec0::1 fec0::2" that would set up the two physical ends of a tunnel? Sadly the above does not works as it does not recognise the IPv6 address as there is no ipv6_gifconfig_gif0="fec0::1 fec0::2" to correspond to the command ifconfig gif0 inet6 tunnel src-addr dst_addr Regards Malcolm ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ifconfig gif0 and rc.conf [was: Re: IP packet with options]
Dear Bruce Thank you for a prompt response. The command you give will set the two ends of the GIF connection and we are using it, but it is not the command that sets the physical ends of the tunnel. We would expect something of the form gifconfig_gif0="fec0::1 fec0::2" but there appears to be no ipv6 form Regards Malcolm Bruce Cran wrote: Malcolm Clarke wrote: We are trying to configure an IPv6 tunnel for IPSec, ie IPv6 in IPv6. The command line would be ifconfig gif0 inet6 tunnel src-addr dst_addr (IPv6 addresses) There appears to be no equivalent line for rc.conf. Regards Malcolm To configure an if_gif interface for IPv6 use: ipv6_ifconfig_gif0="src-addr dst_addr" -- Bruce -- ----------- Dr Malcolm Clarke Senior Lecturer in Data Communication Systems and Telemedicine Department of Information Systems and Computing Brunel University Uxbridge Middlesex UB8 3PH UK Tel: +44 1895 265053 Fax: +44 1895 251686 http://www.brunel.ac.uk/about/acad/siscm/research/themes/is/groups/bright/people ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: IP packet with options
We are trying to configure an IPv6 tunnel for IPSec, ie IPv6 in IPv6. The command line would be ifconfig gif0 inet6 tunnel src-addr dst_addr (IPv6 addresses) There appears to be no equivalent line for rc.conf. Regards Malcolm ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: IP packet with options
We are trying to configure an IPv6 tunnel for IPSec, ie IPv6 in IPv6. The command line would be ifconfig gif0 inet6 tunnel src-addr dst_addr (IPv6 addresses) There appears to be no equivalent line for rc.conf. Regards Malcolm ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: TCP/IP questions
Dear Bram You may need to describe your intention more clearly. If you detach the network cable, the hardware will detect the disconnect and reset the hardware, which will provide an indicate to the higher layers to reset also. Reconnecting the cable will be seen as a new connection and it will perform initialisation (eg DHCP, etc). All TCP connections will be closed, etc. If it is the case that you are trying to test behaviour of an application to the effects of loss of packets then you will need a different approach. We use the IPFW firewall and set up pipes that can be configured to artificially lose packets, restrict BW or even close (hence my question to the group). Alternatively you must arrange to break the connection elsewhere, say on the otherside of a switch, taking care not to break the physical connetion to the far end to create a disconnect that does not reset the hardware.. Regards Malcolm Nikos Vassiliadis wrote: On Wednesday 07 November 2007 18:02:44 Bram wrote: Hi all, Can you change the timeout for a tcp connection ? I need to do the following: start a tcp connection , unplug the network cable (it's actually wifi but the effect is the same),send some data over the connection,wait 20 seconds , reinsert the network cable and just keep working. When you normally do this the connection will be dead. Is there a way in freebsd to change this ? are there parameters wich you can set so that the above would work (20 seconds without network can happen) ? TCP using the default FreeBSD settings, can survive 20 secs of inactivity. It can be an application forced timeout. What application/protocol are talking about? Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- ------- Dr Malcolm Clarke Senior Lecturer in Data Communication Systems and Telemedicine Department of Information Systems and Computing Brunel University Uxbridge Middlesex UB8 3PH UK Tel: +44 1895 265053 Fax: +44 1895 251686 http://www.brunel.ac.uk/about/acad/siscm/research/themes/is/groups/bright/people ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
IP packet with options
I have configured a machine with 2 NIC and IPFW in a rather simplistic way as we are using it to emulate different link characteristics rather than as an actual firewall. 00100 4 355 pipe 1 ip from any to any via de0 in 00200 1 56 pipe 2 ip from any to any via de0 out 00300 0 0 pipe 3 ip from any to any via de1 in 00400 3 288 pipe 4 ip from any to any via de1 out 65535 4 246 deny ip from any to any The configuration works fine and traffic crosses the firewall without problem, except ICMP packets having timestamp or routing option, and these are not returned. Is there a way to allow these packets to enter/exit the firewall? Regards Malcolm -- --- Dr Malcolm Clarke Senior Lecturer in Data Communication Systems and Telemedicine Department of Information Systems and Computing Brunel University Uxbridge Middlesex UB8 3PH UK Tel: +44 1895 265053 Fax: +44 1895 251686 http://www.brunel.ac.uk/about/acad/siscm/research/themes/is/groups/bright/people ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
IPFW and ICMP with timestamp option
I have configured a machine with 2 NIC and IPFW in a rather simplistic way as we are using it to emulate different link characteristics rather than as an actual firewall. 00100 4 355 pipe 1 ip from any to any via de0 in 00200 1 56 pipe 2 ip from any to any via de0 out 00300 0 0 pipe 3 ip from any to any via de1 in 00400 3 288 pipe 4 ip from any to any via de1 out 65535 4 246 deny ip from any to any The configuration works fine and traffic crosses the firewall without problem, except ICMP packets having timestamp or routing option, and these are not returned. Is there a way to allow these packets to enter/exit the firewall? Regards Malcolm -- --- Dr Malcolm Clarke Senior Lecturer in Data Communication Systems and Telemedicine Department of Information Systems and Computing Brunel University Uxbridge Middlesex UB8 3PH UK Tel: +44 1895 265053 Fax: +44 1895 251686 http://www.brunel.ac.uk/about/acad/siscm/research/themes/is/groups/bright/people ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
IPFW pipe command
I have a question regarding use of the "pipe" command in IPFW. I use the following commands #ipfw add pipe 1 ip from any to any #ipfw pipe 1 config but get the following error ipfw: setsockopt(IP_DUMMYNET_CONFIGURE): Protocol not available I have added firewall_enable="YES" in rc.conf Is there a setting I need to set or change Regards Malcolm -- ----------- Dr Malcolm Clarke Senior Lecturer in Data Communication Systems and Telemedicine Department of Information Systems and Computing Brunel University Uxbridge Middlesex UB8 3PH UK Tel: +44 1895 265053 Fax: +44 1895 251686 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"