not sure which one is
the best approach.
On Mon, Aug 19, 2002 at 09:52:27AM -0700, Lars Eggert wrote:
I've filed a PR (kern/41632,
http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/41632) on the following
problem:
FreeBSD box with two Ethernet NICs, e.g. if0 with IP address A and if1
with IP address B
Lars Eggert wrote:
Attached is a rough patch to if_ethersubr.c that fixes the problem. It
should probably further be tweaked (there's a chance for duplicates),
but I wanted some comments first :-)
Here's a revised version of the patch (against bridge.c, which is a
better place
Vinod wrote:
--- Lars Eggert [EMAIL PROTECTED] wrote:
That looks OK. What does ipfw show print?
ipfw pipe 1 show prints:
1: 100.000 Kbit/s 0 ms 50 sl. 0 queues (1 buckets)
droptail
mask: 0x00 0x/0x -0x/0x
*Just* ipfw show - I was wondering if your packets match
, and transport-mode IPsec
that. That way, your NAT packets get tunneled, and the tunneled packets
secured. On inbound, security processing comes first, then
decapsulation, then ipfw.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME
[Re-send, forgot to attach the patches. Argh.]
Lars Eggert wrote:
This causes the problem decribed in PR kern/41632
(http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/41632), where dhcpd
listens on interface A which is bridged to interface B. When A has no
carrier, DHCP requests arriving on B
net.inet.tcp.slowstart_flightsize to 4? (I've been
running with this for a long time w/o problems.)
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
soheil soheil wrote:
I want to do packet capturing but as you know the pcap let the packet go
out and just put a copy on the buffer .
I just want to do a copy and don't let them go out .
Sounds like you should be using a divert socket, and not a bpf.
Lars
--
Lars Eggert [EMAIL PROTECTED
, where
IP is used as both link and network protocol.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
/transport//require;
spdadd 10.0.0.0/0 10.0.0.3 any -P out ipsec esp/transport//require;
EOF
These look fishy. Shouldn't they simply be:
spdadd 10.0.0.3 10.0.0.1 any -P in ipsec esp/transport//require;
spdadd 10.0.0.1 10.0.0.3 any -P out ipsec esp/transport//require;
Lars
--
Lars Eggert [EMAIL
, what were the numbers you got when you measured (and what is
chariot)?
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
, there is no need to run DHCP to get them.
Just assign them as aliases to a single NIC, turn off DHCP, and related
MAC address registration headaches go away.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
on.
Try tcpmssd from ports, and bind it to ng0 after it comes up. It should
diddle the MSS values in your TCP SYNs on the fly. (You may also have to
do something similar on the tunnel endpoint for inbound connections.)
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences
will then go to Informational.)
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
Eric,
On 4/2/2003 7:58 AM, Eric Masson wrote:
Lars == Lars Eggert [EMAIL PROTECTED] writes:
Lars Alternatively (and already working), you can replace IPsec tunnel
Lars mode with IPIP (gif) tunnels and transport mode, and then use the
Lars gif device in your firewall rules.
If transport mode
^^^
in and out. If -d is also present, show the number of dropped
^^^
packets. If -t is also present, show the contents of watchdog
timers.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
): 56 data bytes
ping: sendto: Input/output error
ping: sendto: Input/output error
ping: sendto: Input/output error
Did you increase net.link.gif.max_nesting via sysctl?
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic
packets received, 0% unanswered
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
Nick,
Nick Barnes wrote:
At 2003-08-13 15:43:51+, Lars Eggert writes:
Nick Barnes wrote:
I have some MAC addresses from a local Ethernet segment. I want to
convert them into IP addresses. How can I do that programmatically?
net/arping from port:
Thanks for the reference. I had a look
needed both these changes for our Soekris-based rent-a-subnet
box: http://www.isi.edu/tethernet/
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
Michael Sierchio wrote:
The time it takes to resolve host names, probably, and the additional
burden of writing the service names, where known, etc.
Try
tcpdump -vvv -n
or
tcpdump -vvv -ln
Or try a binary dump straight into a file, and analyze it offline.
Lars
--
Lars Eggert [EMAIL PROTECTED
PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
. simulate a trie-like structure
with the firewall. This can can get you down to O(log).
It's not as automatic as you'd like though, probably.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
with mtu, is there a fix ?
See the section on PMTU discovery in draft-touch-ipsec-vpn-06. If the
requirements of your setup allow is, IPIP gif tunnels together with
IPsec transport mode (as described in the ID) can address this issue.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information
would target
at true policy-based routing.
For some simple setups, you can use ipfw fwd rules to forward on
something other than destination address.
But I agree that for more complex things you need some implementation of
policy routing.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC
- all my US modems just
had an Ethernet port...
--
Lars Eggert NEC Network Laboratories
smime.p7s
Description: S/MIME Cryptographic Signature
)
Such was my expectation. But: is this a BSD-specific implementation?
If I catch a kernel doing otherwise, can I say 'Aha! That's a bug
based on documented standards' ?
RFC 1122, Section 3.3.4.2
Lars
--
Lars Eggert NEC Network Laboratories
smime.p7s
Description: S/MIME
frequently come across entries in
the logs that I wish I had some more information about. I'd even go
as far as (optionally) dumping all such packets in tcpdump format.
Lars
--
Lars Eggert NEC Network Laboratories
such as this one, and are able to judge
the risks of enabling it.
Lars
--
Lars Eggert NEC Network Laboratories
from spoofed RSTs.
Lars
--
Lars Eggert NEC Network Laboratories
to coordinate with the donations officer for help in getting
equipment you may need.
this sounds like something you could do with planetlab
(http://planet-lab.org/). Do you have access? (Or maybe I misunderstood
what you meant by testbed.)
Lars
--
Lars Eggert NEC
Lars Eggert wrote:
this sounds like something you could do with planetlab
(http://planet-lab.org/). Do you have access? (Or maybe I misunderstood
what you meant by testbed.)
Argh. Yes, it runs Linux. Yes, I'm jet lagged. (But there was some talk
about running something else on planetlab at some
spacing. That may or may not be a
problem for what you are trying to simulate however.
Lars
--
Lars Eggert NEC Network Laboratories
smime.p7s
Description: S/MIME Cryptographic Signature
and reestablish the original packet order.
Lars
--
Lars Eggert NEC Network Laboratories
smime.p7s
Description: S/MIME Cryptographic Signature
Hi,
glad to see interest in DCTCP!
On 2019-6-4, at 11:05, Yu He via freebsd-net wrote:
> In line 387 of file cc_tcp.c, the update of alpha is calculated by following
> code:
>
> dctcp_data->alpha = min(alpha_prev - (alpha_prev >> V_dctcp_shift_g) +
> (dctcp_data->bytes_ecn << (10
101 - 134 of 134 matches
Mail list logo
