Re: Display of bridge member interfaces cut short - bug or intention?

On Wed, 20 Dec 2023 21:32:45 +0100 Michael Gmelin wrote: > On Wed, 20 Dec 2023 18:04:36 +0100 > "Patrick M. Hausen" wrote: > > > Hi all, > > > > as some probably know we provide web hosting services and we use > > jails for that. > > >

Re: Display of bridge member interfaces cut short - bug or intention?

ps://reviews.freebsd.org/D43135 As far as I can tell the issue is cosmetic (unless, of course, you have automation based on libifconfig or the output of the ifconfig command). Best Michael -- Michael Gmelin

Re: -current dropping ssh connections

> On 21. Jun 2023, at 20:03, bob prohaska wrote: > > On Wed, Jun 21, 2023 at 10:45:25AM -0700, Mark Millard wrote: >>> On Jun 21, 2023, at 10:24, bob prohaska wrote: >>> >>> I've got a Pi4 running -current that seems to selectively drop ssh >>> connections. >> >> Only when the ssh has

Re: sshd doesn't disconnect for 30+ minutes after the TCP connection is closed ungracefully

> On 1. Mar 2023, at 11:35, Yuri wrote: > > Windows system connects to FreeBSD through ssh and then this connection dies > because of WiFi or VPN issues. > > FreeBSD still has the sshd process alive for this connection for 30+ minutes. > > TCP keepalive is enabled on the FreeBSD host: >

Re: How to apply brute force rate limitings with rdr and pass rules under FreeBSD 13?

ick flags S/SA keep state (max-src-conn 100, \ max-src-conn-rate 15/5, overload flush global) \ tagged pass_rate_limit Using the "pass quick" rule early in your pf.conf will make sure it is applied instead of other matching rules. Cheers Michael -- Michael Gmelin

Re: Tunnel interfaces and vnet boundary crossing

> On 15. Aug 2022, at 08:52, Milan Obuch wrote: > > Hi, > > some time ago I managed to design and implement multi-tenant OpenVPN > server using vnet jails. This way I am able to use more OpenVPN > instances on single public IP. > > This is made possible using tun/tap interface property

Re: what to check? no IPV6 pings between nodes on the same switch

s? Best Michael > > Thanks a lot to both of you anyway :) > > > Benoît > > --- Original Message --- > On Monday, August 15th, 2022 at 13:01, Michael Gmelin > wrote: > > > > > > On Mon, 15 Aug 2022 10:07:54 + > > Benoit C

Re: what to check? no IPV6 pings between nodes on the same switch

t; > What does happen when the promiscuous mode is enabled? I'm not sure > to understand what is the issue :/ > Does giving the interface also an IPv4 address make a difference, e.g. ifconfig_ql0="inet 10.0.0.1/24"? Best Michael -- Michael Gmelin

Re: cannot resolve host in VNET jail with RSS enabled

It only happens on an RSS-enabled kernel with if hw.ncpu>1. I wrote a script to reproduce the issue (warning: it messes with networking and overwrites /etc/pf.conf): https://people.freebsd.org/~grembo/epair_hang_ping.sh Best Michael -- Michael Gmelin

Re: cannot resolve host in VNET jail with RSS enabled

On Sun, 10 Apr 2022 21:12:56 +0800 moremo...@outlook.com wrote: > I have tried `ping -4 google.com`， it's failed too. > > On 2022/4/10 下午8:24, Michael Gmelin wrote: > > > > > > > On 10. Apr 2022, at 07:27, k simon wrote: > > > > > > Hi, &

Re: cannot resolve host in VNET jail with RSS enabled

> On 10. Apr 2022, at 07:27, k simon wrote: > > Hi, > After kp@'s recently epair patch, I tried enable options RSS with Vnet jail, > then found in these jail, 'ping 8.8.8.8' works as normal, and 'drill > google.com' works ok. But 'ping google.com' nor other command fails resolving > the

Re: epair and vnet jail loose connection.

On Thu, 17 Mar 2022 13:37:28 +0100 Johan Hendriks wrote: > On 16/03/2022 11:36, Michael Gmelin wrote: > > > > On Wed, 16 Mar 2022 11:10:30 +0100 > > Santiago Martinez wrote: > > > >> Guys, do you want me to run a pre/post patch perf test? > >

Re: epair and vnet jail loose connection.

for offering your help. Kristof already did some tests and reported that results look ok[0], but more testing is always welcome (RSS and non-RSS). Best Michael [0]https://reviews.freebsd.org/D34569#783301 -- Michael Gmelin

Re: epair and vnet jail loose connection.

On Tue, 15 Mar 2022 10:30:41 -0600 Kristof Provost wrote: > On 14 Mar 2022, at 18:02, Michael Gmelin wrote: > > On Mon, 14 Mar 2022 09:09:49 -0600 > > Kristof Provost wrote: > > > >> On 14 Mar 2022, at 7:44, Michael Gmelin wrote: > >>> On Sun

Re: epair and vnet jail loose connection.

On Tue, 15 Mar 2022 01:02:30 +0100 Michael Gmelin wrote: > snip . > Hi Kristof, > > This sounds plausible. I spent a few hours getting familiar with the > epair code and came up with a patch that seems to fix the issue at > hand (both with and without RSS

Re: epair and vnet jail loose connection.

On Mon, 14 Mar 2022 09:09:49 -0600 Kristof Provost wrote: > On 14 Mar 2022, at 7:44, Michael Gmelin wrote: > > On Sun, 13 Mar 2022 17:53:44 + > > "Bjoern A. Zeeb" wrote: > > > >> On 13 Mar 2022, at 17:45, Michael Gmelin wrote: > >>

Re: epair and vnet jail loose connection.

> On 13. Mar 2022, at 18:16, Bjoern A. Zeeb > wrote: > > On 13 Mar 2022, at 16:33, Michael Gmelin wrote: >> It's important to point out that this only happens with kern.ncpu>1. >> With kern.ncpu==1 nothing gets stuck. >> >> This perfectly fits

Re: epair and vnet jail loose connection.

3.185.2: icmp_seq=3 ttl=64 time=0.158 ms 64 bytes from 10.233.185.2: icmp_seq=4 ttl=64 time=0.081 ms 64 bytes from 10.233.185.2: icmp_seq=5 ttl=64 time=0.093 ms At which point it gets stuck. The exact moment when this happens differs between runs, but it happens every time on my test host and always within a couple of seconds. It's important to point out that this only happens with kern.ncpu>1. With kern.ncpu==1 nothing gets stuck. This perfectly fits into the picture, since, as pointed out by Johan, the first commit that is affected[0] is about multicore support. Cheers Michael [0] https://cgit.freebsd.org/src/commit/?id=24f0bfbad57b9c3cb9b543a60b2ba00e4812c286 -- Michael Gmelin

Re: epair and vnet jail loose connection.

> On 13. Mar 2022, at 14:07, Patrick M. Hausen wrote: > > Hi all, > > i was a bit puzzled by Michael using bhyve trying to reproduce. > Up until now I thought bhyve uses tap and not epair? > In my setup, FreeBSD 14 runs on a bhyve vm, hosting the jails, which use vnet. Bare metal ->

Re: epair and vnet jail loose connection.

> On 13. Mar 2022, at 11:27, Johan Hendriks wrote: >  > > > Op zo 13 mrt. 2022 01:17 schreef Michael Gmelin : >> I also gave it another go (this time with multiple CPUs assigned to the vm), >> still works just fine - so I think we would need more details about

Re: epair and vnet jail loose connection.

- Block custom ip's and logs > block quick proto { tcp, udp } from to $ext_if > > # Jail poorten > pass in quick on { $ext_if } proto tcp from any to 10.233.185.22 port { smtp > 80 443 993 995 1956 } keep state > pass in quick on { $ext_if } proto tcp from any to 10.233.185.

Re: epair and vnet jail loose connection.

/${name}"; > host.hostname = "${name}.${domain}"; > > > web01 { > $ip = 18; > } I changed web01 to be the same setup as haproxy (that is, a full jail based in /storage/jails/${name}), as I didn't really know how it worked in your setup. > > haproxy { > $ip = 20; > mount.fstab = ""; > path = "/storage/jails/${name}"; > } Best Michael -- Michael Gmelin

Re: epair and vnet jail loose connection.

> On 12. Mar 2022, at 01:21, Kristof Provost wrote: > > On 11 Mar 2022, at 17:44, Johan Hendriks wrote: >>> On 09/03/2022 20:55, Johan Hendriks wrote: >>> The problem: >>> I have a FreeBSD 14 machine and a FreeBSD 13-stable machine, both running >>> the same jails just to test the workings.

Re: Some strangeness with CARP

> On 13. Feb 2022, at 11:45, Andrea Venturoli wrote: > >  >> On 2/12/22 13:38, Michael Gmelin wrote: >> Maybe the switch or something it’s connected to uses vrrp? > > The switch has no options about VRRP, AFAICT (unless it can be called by a > different nam

Re: cleaning up INET: deprecating network class A/B/C

> On 19. Oct 2021, at 23:16, Mike Karels wrote: > > Rod wrote: > >>> I plan to do some cleanup of the residual code defining and using the >>> old Internet network classes (A/B/C), which have been obsolete since >>> CIDR took hold. This is an outline of what I plan, as it will happen >>>

Re: jail - vnet bug - ping: UDP connect: No route to host

On Mon, 12 Apr 2021 19:57:40 +0200 Michael Gmelin wrote: > On Mon, 12 Apr 2021 17:45:36 +0300 > Özkan KIRIK wrote: > > > root@f13:~ # jls -s -j client > > devfs_ruleset=0 enforce_statfs=2 host=new ip4=inherit ip6=inherit > > jid=2 name=client osreldate=1300

Re: jail - vnet bug - ping: UDP connect: No route to host

low.unprivileged_proc_debug children.max=0 > host.domainname="" host.hostid=0 host.hostname="" > host.hostuuid=---- I can reproduce the issue now, I'll try to dig deeper into it. -m > > On Mon, Apr 12, 2021 at 3:39 PM Michael Gmelin

Re: jail - vnet bug - ping: UDP connect: No route to host

L,0) = 52 > (0x34) select(5,{ 4 },0x0,0x0,0x0) = 1 (0x1) > recvfrom(4,"l\0\0\0\0\0\0\0\0\0\0\M-K\0\0\0"...,19,0,NULL,0x0) = 19 > (0x13) select(5,{ 4 },0x0,0x0,0x0) = 1 (0x1) > recvfrom(4,"\^E\a\0\M^]\0\0\0\0\0\0\0\0\0\0"...,203,0,NULL,0x0) = 203 > (0xcb) select(

Re: jail - vnet bug - ping: UDP connect: No route to host

rg mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" -- Michael Gmelin ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman

Re: accept_rtadv

v6. > ifconfig_bge0_ipv6="inet6 xxx" Putting "up" in there is just fine. > ifconfig_bge0_aliases="inet6 yyy" I usually do something like this (as I like to rename interface based on their architectural role in

Re: accept_rtadv

On Sat, 27 Feb 2021 21:45:16 + "Bjoern A. Zeeb" wrote: > On 27 Feb 2021, at 20:34, Doug Hardie wrote: > > >  > >> On Feb 27, 2021, at 11:06, Michael Gmelin wrote: > >>  > >> > >> > >>> On 27. Feb 2021, at 19:

Re: accept_rtadv

> On 27. Feb 2021, at 19:21, Doug Hardie wrote: > >  >>> On 27 February 2021, at 04:37, Michael Gmelin wrote: >>> >>> >>> >>>> On 27. Feb 2021, at 08:21, Doug Hardie wrote: >>> >>> From the Handbook: >>&g

Re: accept_rtadv

> On 27. Feb 2021, at 08:21, Doug Hardie wrote: > > From the Handbook: > > 32.9.2. Configuring IPv6 > To configure a FreeBSD system as an IPv6 client, add these two lines to > rc.conf: > > ifconfig_rl0_ipv6="inet6 accept_rtadv" > rtsold_enable="YES" > > This does not work. I have in

Re: Bridge woes

> On 28. Oct 2020, at 18:10, D'Arcy Cain wrote: > > On 10/28/20 10:27 AM, Michael Gmelin wrote: >> Can you (afford to) reboot the machine reliably? If so, schedule a reboot >> using "shutdown -r +10" and then bring down the the interface to see if it &

Re: Bridge woes

> On 28. Oct 2020, at 12:32, D'Arcy Cain wrote: > > On 10/27/20 2:58 PM, Michael Gmelin wrote: > > I hope you don't mind but I reverted this conversation back to the list in > case it gives someone else any ideas. > >> Hi, >> I tried to reproduce the probl

Re: How to connect to a Wifi AP w/o much information from its provider

ow your son to enter the credentials (pretty much like you would do on hotel wifi). Cheers, Michael [0]https://en.wikipedia.org/wiki/Captive_portal -- Michael Gmelin ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo

Re: CARP over VLAN over LAGG

> On 8. Sep 2020, at 15:23, Julien Cigar wrote: > > On Tue, Sep 01, 2020 at 10:13:23AM +0200, Julien Cigar wrote: >>> On Mon, Aug 31, 2020 at 01:55:52PM +0200, Michael Gmelin wrote: >>> >>> >>>> On 31. Aug 2020, at 10:37, Julien Cigar wrote

Re: CARP over VLAN over LAGG

> On 31. Aug 2020, at 10:37, Julien Cigar wrote: > > On Fri, Aug 28, 2020 at 04:52:01PM +0200, Julien Cigar wrote: >> Hello, >> >> I have a "highly available" router/firewall with the following >> configuration (1). Those are plugged in two 2930F (with VSF) using LACP. >> It works well,

Re: Specifying link-local address in rc.conf

On Tue, 7 Jul 2020 12:08:35 +0200 Michael Gmelin wrote: > On Mon, 6 Jul 2020 22:58:54 +0200 > Niclas Zeising wrote: > > > On 2020-07-06 13:05, Niclas Zeising wrote: > > > Hi! > > > Is it possible to specify a link-local address in rc.conf, and get &

Re: Specifying link-local address in rc.conf

t; as well. > > Working configuration (apart from no IPv4) > ifconfig_vtnet0_ipv6="inet6 fe80::1/64" > ifconfig_vtnet0_alias0="inet6 2001:6b8::/64"" > This works: ifconfig_vtnet0="inet6 -auto_linklocal" ifconfig_vtnet0_ipv6="up" if

Re: unbound and (isc) dhcpd startup order

e-tune things when they run into cases > like this. Exactly my thoughts for a while now. There are more examples like this (e.g., you run a service and host the database in the same jail/on the same machine, you want to have a dependency on the database being up, et

Re: VLANing between jails not segmenting traffic

On Thu, 2 Nov 2017 16:21:01 +0100 Marko Cupać <marko.cu...@mimar.rs> wrote: > On Thu, 2 Nov 2017 15:42:55 +0100 > Michael Gmelin <gre...@freebsd.org> wrote: > > > On Thu, 2 Nov 2017 13:19:31 +0100 > > Marko Cupać <marko.cu...@mimar.rs> wrote: > >

Re: VLANing between jails not segmenting traffic

On Thu, 2 Nov 2017 13:19:31 +0100 Marko Cupać <marko.cu...@mimar.rs> wrote: > On Mon, 30 Oct 2017 22:46:35 +0100 > Michael Gmelin <gre...@freebsd.org> wrote: > > > You can use fibs with net.add_addr_allfibs=0 to get separate routing > > tables (comes with it

Re: VLANing between jails not segmenting traffic

> On 30. Oct 2017, at 22:26, Eugene Grosbein wrote: > > 31.10.2017 4:08, Farhan Khan пишет: >> Hi all, >> >> I am trying to experiment with setting up two jails on different VLANs, but >> have not been able to segment traffic. >> >> My configuration was to create vlan1

Re: ARP table entries / ifconfig needs to be issued twice when moving IP

:00 temp [root@ ~]# ifconfig bge0 alias 10.1.1.2/32 [root@ ~]# arp 10.1.1.2 ? (10.1.1.2) at 14:18:77:00:00:00 on bge0 expires in 1178 seconds [root@ ~]# # ifconfig bge0 alias 10.1.1.2/32 ? (10.1.1.2) at 14:18:77:4d:10:61 on bge0 permanent [ethernet] - Michael -- Michael Gmelin

Re: Problem with VLAN config and traffic after 10.1-R -> 10.3-R-p5 Upgrade?

& syntax of getting it setup, just settling for the > way we do 'because it works' - not ideal I guess, so I'd be > interested to see if there's another way of spec'ing the config in > rc.conf > Could you post the output of ifconfig after boot and while/after running tcpdump? --

Re: Problem with VLAN config and traffic after 10.1-R -> 10.3-R-p5 Upgrade?

> On 23 Jun 2016, at 14:14, Karl Pielorz wrote: > > > --On 23 June 2016 11:53 +0100 Karl Pielorz wrote: > >> This gets increasingly weird if I run tcpdump on the 10.3 box. The act of >> running 'tcpdump -i lagg1.30 -n' actually fixes the

Re: ARP table entries / ifconfig needs to be issued twice when moving IP

ing the IP address configured not creating a permanent entry in the local ARP table for its own interface. - Michael -- Michael Gmelin ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any ma

ARP table entries / ifconfig needs to be issued twice when moving IP

ction is something like this: sysctl net.add_addr_allfibs=0 vlan1: fib 1 vlan2: fib 2 route add -host 10.1.1.33 -interface vlan2 -fib 1 route add -host 10.2.1.32 -interface vlan1 -fib 2 ... -- Michael Gmelin ___ freebsd-net@freebsd.org mailing

Re: kern/179901: [netinet] [patch] Multicast SO_REUSEADDR handled incorrectly

The following reply was made to PR kern/179901; it has been noted by GNATS. From: Michael Gmelin free...@grem.de To: Mikolaj Golub troc...@freebsd.org Cc: bug-follo...@freebsd.org Subject: Re: kern/179901: [netinet] [patch] Multicast SO_REUSEADDR handled incorrectly Date: Wed, 26 Jun 2013 15:03

Re: kern/179901: [netinet] [patch] Multicast SO_REUSEADDR handled incorrectly

The following reply was made to PR kern/179901; it has been noted by GNATS. From: Michael Gmelin free...@grem.de To: Mikolaj Golub troc...@freebsd.org Cc: bug-follo...@freebsd.org Subject: Re: kern/179901: [netinet] [patch] Multicast SO_REUSEADDR handled incorrectly Date: Tue, 25 Jun 2013 13:39

Re: Fwd: dump hangs on 7.1

The problem you're referring to was fixed in 7.1 (we had the same issues in 7.0 i386), so I don't think this is the problem Len is facing. Balázs Mátéffy wrote: Hi, I had a similar error with 7.0, and found reference that there was problem(as far as I can remember there was an issue with

Re: iwn(4) doesn't like hardware RF switches

Aragon Gouveia wrote: Hi, Is it just me, or does the iwn driver in -CURRENT not play well with hardware RF switches on notebooks? For me the only resemblence of an event I see is when I switch off RF - the kernel sends a log to syslog. wpa_supplicant doesn't pick it up, and neither does

Re: Can't login Jailed system

Sam Wun wrote: Hi, With FreeBSD 7.2Stable, I have done this many times before. After about a month left the jail behind, now when I done a /etc/rc.d/jail start and ssh into it, I ended up login to the host system. Here is the network configuraiton of the host system and the jail system: