://github.com/freebsd/freebsd-src/blob/main/sys/netinet6/icmp6.c#L2735
Best regards
--
Marek Zarychta
Today Michael Sierchio wrote:
There is an argument to be made that all such components of the "base"
system should be packages, and managed that way. That would
facilitate removal or addition of things like MTAs, Route daemons for
various protocols, etc. and permit them to be updated
e legacy IP protocol?
--
Marek Zarychta
also possible to set and use non-default FIB for DNS lookups and
maintenance tasks like pkg upgrade (setfib -1 pkg ). This approach
is probably more straightforward to conduct.
--
Marek Zarychta
W dniu 13.03.2024 o 18:59, Marek Zarychta pisze:
W dniu 13.03.2024 o 16:31, Benoit Chesneau pisze:
Hrm I thought it was implemented via
https://reviews.freebsd.org/rG62e1a437f3285e785d9b35a476d36a469a90028d
Wasn't it merged ? (also pretty sure I did test it in freebsd 13).
FWIW: it works
vlan8 create vlandev bge0 vlan 8 up
# ifconfig vlan8 inet6 -ifdisabled auto_linklocal
# route add -net 10.11.13.0/24 -inet6 fe80::360a:11ff:fe1b:404e%vlan8
add net 10.11.13.0: gateway fe80::360a:11ff:fe1b:404e%vlan8 fib 0
--
Marek Zarychta
it hasn't been
fully implemented, so I believed Linux iproute2 tools might be required.
--
Marek Zarychta
emulation though. Anyway, without options NETLINK or
netlink.ko module loaded it won't be possible as rtsock interface
doesn't support that.
Cheers
--
Marek Zarychta
W dniu 15.01.2024 o 15:35, Michael Grimm pisze:
route_tunnel0="fd00:a:a:a::/64 fd00:a:a:a::254"
Please try:
route_tunnel0="-6 -net fd00:a:a:a::/64 fd00:a:a:a::254"
--
Marek Zarychta
://cgit.freebsd.org/src/tree/sys/net/if_bridge.c#n1206
Cheers
--
Marek Zarychta
OpenPGP_signature
Description: OpenPGP digital signature
Dnia Sun, Mar 19, 2023 at 06:35:29PM +0100, tue...@freebsd.org napisał(a):
> > On 19. Mar 2023, at 16:59, Marek Zarychta
> > wrote:
> >
> > W dniu 19.03.2023 o 14:42, tue...@freebsd.org pisze:
> >>> On 19. Mar 2023, at 14:12, Marek Zarychta
> &
W dniu 19.03.2023 o 14:42, tue...@freebsd.org pisze:
On 19. Mar 2023, at 14:12, Marek Zarychta wrote:
Dear subscribers of the list,
TCP algo modules can be loaded/unloaded/changed on the fly. In FreeBSD
14-CURRENT one can even change it on an active socket with tcpsso(8) utility
is required in one of the jails.
Cheers
--
Marek Zarychta
OpenPGP_signature
Description: OpenPGP digital signature
with time.
[1] https://cgit.freebsd.org/src/tree/sys/net/toeplitz.c
[2]
https://github.com/DragonFlyBSD/DragonFlyBSD/blob/master/sys/net/toeplitz.c
[3] https://cgit.freebsd.org/src/tree/sys/net/toeplitz.h
Yours sincerely
--
Marek Zarychta
OpenPGP_signature
Description: OpenPGP digital signature
support. Is the survey
on Twitter required?
Cheers
--
Marek Zarychta
OpenPGP_signature
Description: OpenPGP digital signature
W dniu 25.08.2022 o 11:32, Carlos López Martínez pisze:
On 25/08/2022 11:26, Marek Zarychta wrote:
W dniu 25.08.2022 o 10:48, Carlos López Martínez pisze:
But under Freebsd when I try to combine "pass" with "rdr" rules, it
doesn't works. For example:
rdr on egress
n egress inet proto tcp from ! to
$internal_server port ...
depending on the desired behavior and the complete set of rules.
It's also worth mentioning here that PF-specific FreeBSD mailing list
exists: freebsd...@freebsd.org
Regards,
--
Marek Zarychta
OpenPGP_signature
Description: OpenPGP digital signature
2 2022/6/28 12:40:06;
expire 2 2022/6/28 18:40:06;
}
A+
Dave
--
Marek Zarychta
OpenPGP_signature
Description: OpenPGP digital signature
u 9000 -vlanmtu -vlanhwtag -vlanhwfilter -vlanhwtso -vlanhwcsum
up"
It doesn't change anything. I am using workaround since the early
transition to 13 branch, but recently conducted small investigation and
finally submitted the PR[1]
[1] https://bugs.freebsd.org/bugzilla/show_bug.cgi
5] 2.00-3.00 sec 118 MBytes 990 Mbits/sec
[ 5] 3.00-3.69 sec 81.8 MBytes 989 Mbits/sec
I am setting MTU to 8996 since early 13-BETA? or maybe PRERELEASE.
12-STABLE at the beginning of 2021 was fine with the default settings
and MTU 9000 set for igb(4) on the same hardware. It l
not reported this since so far - no one
was able to confirm, so I suspected broken hardware or incompatible
switch firmware.
--
Marek Zarychta
OpenPGP_signature
Description: OpenPGP digital signature
W dniu 09.09.2021 o 16:28, Marek Zarychta pisze:
> Dear subscribers,
>
> after recent updates of wpa_supplicant in stable/13 my laptop can't
> connect to EPA/PEAP secured WiFi network. WPA2 secured connection works
> fine. I am using iwn(4) as the wlan(4) interface. It complete EAP
interface.
Is it known problem? Is anyone else experiencing this? Should a PR be
submitted in this case?
Regards,
--
Marek Zarychta
OpenPGP_signature
Description: OpenPGP digital signature
hole" yet, since it seems to be not recognizable by arp(8).
Best regards,
--
Marek Zarychta
OpenPGP_signature
Description: OpenPGP digital signature
ot. I have other entries in sysctl.conf that work, did
> these sysctls change in 13?
>
Please try loading if_bridge from /boot/loader.conf to make it working.
According to rcorder(8) it looks like /etc/rc.d/sysctl is executed prior
to /etc/rc.d/kld.
--
Marek Zarychta
OpenPGP_signature
Description: OpenPGP digital signature
W dniu 16.03.2021 o 15:35, tue...@freebsd.org pisze:
>> On 16. Mar 2021, at 15:18, Marek Zarychta
>> wrote:
>>
>> W dniu 16.03.2021 o 12:50, tue...@freebsd.org pisze:
>>>> On 16. Mar 2021, at 11:55, Blake Hartshorn
>>>> wrote:
>>>>
&
nstaller. Linode uses Linux/KVM hosts for their virtual machines so
>>>> it's running on that virtual adapter.
>>>>
>>>> I asked on the forums, another user recommended going to the mailing lists
>>>> instead. Does anyone know if config settings need
W dniu 24.02.2021 o 22:40, Alexander V. Chernikov pisze:
> 24.02.2021, 10:50, "Olivier Cochard-Labbé" :
>> On Wed, Feb 24, 2021 at 1:22 AM Marek Zarychta <
>> zarych...@plan-b.pwste.edu.pl> wrote:
>>
>>> >
>>>
&
ockless#571)
rebuild_fd: switching algo to dpdk_lpm4
Should I be bothered about it?
With kind regards,
--
Marek Zarychta
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
should be parsed if supplied in the correct form
ie.: [IPv6_address]:port.
Perhaps the endpoint length is not correctly calculated for IPv6 sockets
or there is an overflow which happens there?
ср, 3 февр. 2021 г., 23:13 Marek Zarychta
mailto:zarych...@plan-b.pwste.edu.pl>>:
W dniu 21.
W dniu 21.01.2021 o 20:03, Marek Zarychta pisze:
Dear subscribers,
please let me know if is it possible to use IPv6 addressed endpoint
for the tunnel? I have tried to specify the address enclosed in []
followed by the port number, for example: [2001:db8:0:1::1]:54333,
have tried without
with this implementation?
Best regards,
--
Marek Zarychta
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
as non-exploitable on their systems?
[1]
https://lists.freebsd.org/pipermail/svn-src-all/2020-November/204977.html
--
Marek Zarychta
On 10/28/2020 4:27 PM, Alexander V. Chernikov wrote:
28.10.2020, 20:25, "Alexander V. Chernikov" :
28.10.2020, 18:34, "
the same address which I'm trying to reach. How can I
> ensure that CARP address is never used as source for connections
> outgoing from Loadbalancer? I've read manpage of ifconfig but I've seen
> only flags regarding IPv6 address choice.
>
I believe this behavior can be changed by conf
ce should
> behave as if the loopback interface originates and forwards the
> packet.
>
> Or could I assign an explicit non-global scope to the tunnel address?
> Or ... (whatever works). Any help much appreciated.
>
Setting source address for MTA will be sufficient in this case. For
example Sendmail requires ClientPortOptions to be set in .mc config file:
CLIENT_OPTIONS(`Family=inet6, Addr=::1')
--
Marek Zarychta
signature.asc
Description: OpenPGP digital signature
ion these days and works
fine in 99% of network scenarios. From the other hand the ability to
completely disable legacy IP should be considered as well. Some people
consider IPv6 only network to be providing a sufficient degree of
freedom but in 2019 we still lack DHCPv6 client in base.
--
Marek Z
s a lot for reporting!
>
Thank you for the expedited fix in both STABLE branches. I can confirm
that issue has been resolved.
--
Marek Zarychta
signature.asc
Description: PGP signature
not forward src
> >> fe80:10::yxz:a50f:fc89:e1a0, dst 2001:xyz:zxy::f00b, nxt 58, rcvif vlan4,
> >> outif
> >> vlan2
> >>
> >> Dear subscribes, could you please prompt how to get rid of this noise?
> >> So far I have not found appropriate sysctl
, dst 2001:xyz:zxy::f00b,
nxt 58, rcvif vlan4, outif vlan2
Dear subscribes, could you please prompt how to get rid of this noise?
So far I have not found appropriate sysctl for disabling this messages.
--
Marek Zarychta
signature.asc
Description: OpenPGP digital signature
ace associates it gives the output attached below for
> ifconfig and netstat; but nothing is working, esp. not
There is net/dual-dhclient in ports. Please give it a try.
#pkg install dual-dhclient
Then add this lines to /etc/rc.conf:
rtsold_enable="YES"
dhclient_program="/usr/local/sbin/dual-dhclient"
wlans_ath0="wlan0"
ifconfig_wlan0="country DE WPA SYNCDHCP"
ifconfig_wlan0_ipv6="inet6 accept_rtadv"
# and optionally
#ipv6_privacy="YES"
This should do the work.
--
Marek Zarychta
signature.asc
Description: OpenPGP digital signature
iple interfaces (i.e.
> so that the additional igb0-3 effectively work as a 4-port switch)?
>
Please consider bonding all NICs as one bridge(4) interface. Then
multiple IPs could be assigned to such interface.
--
Marek Zarychta
signature.asc
Description: PGP signature
Status: 302 Moved" response, otherwise the portal
will not be properly discovered by clients, as it was pointed before.
--
Marek Zarychta
signature.asc
Description: PGP signature
with LAGG.
If the interfaces do not support TX/RX checksums in hardware TCP MD5
signatures seem to be incorrect on 11.1-STABLE.
It is wasn't documented anywhere, I have changed NICs.
See the original thread:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219453
Best regards,
--
Marek Zarychta
signature.asc
Description: PGP signature
On Tue, Oct 17, 2017 at 08:28:16PM +0200, Marko Cupać wrote:
> On Mon, 16 Oct 2017 20:07:28 +0200
> Marek Zarychta <zarych...@plan-b.pwste.edu.pl> wrote:
>
> > Hi,
> >
> > try after to set "ifconfig bce1 fib 2" after disabling PF.
> > This
n easy and elegant way to solve this? Like binding IP address
> to fib? I wouldn't like to have to fire up pf on host and meddle with
> reply-to rules in order to achieve this, I'd rather revert to old setup
> of separate physical servers for each network.
>
Hi,
try after to set "ifconfig bce1 fib 2" after disabling PF.
This should do the work.
--
Marek Zarychta
signature.asc
Description: PGP signature
hat would add the necessary IPSEC_SUPPORT
> knobs so TCPMD5 loads without needing to modify the shipped kernel?
>
+1
It would be even better to exchange IPSEC with IPSEC_SUPPORT in GENERIC.
Both modules: IPSEC as well as TCPMD5 could be loaded at boot time or later.
Best regards,
--
Marek Zarychta
signature.asc
Description: PGP signature
On Thu, Apr 06, 2017 at 09:08:49AM +0200, Nils Beyer wrote:
> Marek Zarychta wrote:
> > pass in quick on $ext_if_1 \
> > [...]
> > pass in quick on $ext_if_2 reply-to ($ext_if_2 $ip_gw_2) \
> > [...]
> > pass in quick on $ext_if_1 \
> > [...]
> &g
If your machine is not forwarding packets, then take a look at setfbib (1)
because PF "route-to" is IMHO reserved for routing purposes only.
Best regards,
--
Marek Zarychta
signature.asc
Description: PGP signature
just does the job.
pfctl -sr | wc -l
498
Any advice how to debug this or find triggering PF rule?
Why setting "WITHOUT_ASSERT_DEBUG=yes" is ignored by PF code?
--
Marek Zarychta
signature.asc
Description: PGP signature
49 matches
Mail list logo
