Re: ping -R output?

seq=4 ttl=63 time=1.156 ms(same route) /Peter 14 okt. 2020 kl. 09:05 skrev Julian Elischer <mailto:jul...@freebsd.org>>: Can someone send me the output of a ping -R , starting with FreeBSD machine, through a second FreeBSD machine and bouncing back from a third FreeBSD machine?  I don'

ping -R output?

Can someone send me the output of a ping -R , starting with FreeBSD machine, through a second FreeBSD machine and bouncing back from a third FreeBSD machine?  I don't have three in a row like that anywhere. Probably best to send it back through the list so I people can see if i get an answer.

Re: Is anybody using ng_pipe?

it. -- +--\ _ __ | __--_|\ Julian Elischer\ \\ U \/ / On assignment | / \ jul...@elischer.org \ \ USA\ in a very strange | ( OZ) \-->x ___ | country ! +- X_.---._/ Mountain View, Califor

Re: net.add_addr_allfibs=1 behaviour deprecation

The reason for the two behaviours is that there are two ways that the previous behaviour of  "add addresses to the only FIB" could be interpreted and extended once multiple fibs became available. The single fib case could be interpreted as either of: "Add to All N fibs where N == 1"    or    

Re: On Netgraph

On 6/8/20 7:03 AM, Marko Zec wrote: On Mon, 8 Jun 2020 15:36:42 +0200 Tom Marcoen wrote: Hey Jan, I know about the vast performance improvements with if_bridge(4) (Thank you, Kristof Provost), the problem with using it for jails is that once you have a lot of jails, your hosts gets way too

Re: On Netgraph

On 5/27/20 4:20 AM, Eugene Grosbein wrote: 27.05.2020 15:06, Tom Marcoen wrote: Hey all, I'm new to this mailing list and also quite new to FreeBSD (huray, welcome to me!) so bare with me, please. I'm reading up on Netgraph on how I can integrate it with FreeBSD jails and I was looking at

Re: On Netgraph

On 6/5/20 12:13 PM, Tom Marcoen wrote: Hey Eugen, For some reason I did not receive your email. But I found your reply in the archives. Anyway, the goal is to have two computers, each with a Netgraph bridge node and jails connecting to these bridges. I want to connect both bridges over the

Re: IPSec transport mode, mtu, fragmentation...

On 1/17/20 1:51 AM, Eugene Grosbein wrote: 17.01.2020 16:36, Victor Sudakov пишет: Back to the point. I've figured out that both encrypted (in transport mode) and unencrypted TCP segments have the same MSS=1460. Then I'm completely at a loss how the encrypted packets avoid being fragmented.

Re: Continuing problems in a bridged VNET setup

On 12/20/19 10:09 AM, Nick Wolff wrote: Marko, Are you aware of any write ups for using ng_eiface and ng_bridge instead of if_bridge? look in /usr/share/examples/netgraph here are a couple of examples of exactly what you ask for. Thanks, Nick Wolff On Fri, Dec 20, 2019 at 6:22 AM Marko

geo blocking with ipfw ... the easy way

just in case someone wants to do this: The following script sets up a table (which can be used for blocking or allowing) in ipfw so that it holds nets assigned to the USA and Australia. You may select your own nets of course: It uses the ipdbtools package. (I run this from cron) #!/bin/sh

Re: SOCK_RAW && SO_DONTROUTE doesn't work

On 11/25/19 12:02 PM, Colin Percival wrote: Hi networky people, I'm not sure if this was deliberate or if it's a bug. If you create a raw IP socket, turn on IP_HDRINCL and SO_DONTROUTE, and then use sendto(2) to send a packet, the destination address provided to sendto(2) is ignored; instead,

Re: CARP and NAT question

On 10/9/19 12:57 PM, Matthew Grooms wrote: On 10/9/2019 2:50 PM, Julian Elischer wrote: On 10/9/19 2:34 AM, Julien Cigar wrote: On Tue, Oct 08, 2019 at 01:05:37PM -0700, Julian Elischer wrote: On 10/8/19 8:58 AM, Julien Cigar wrote: On Tue, Oct 08, 2019 at 10:20:34AM -0500, Matthew Grooms

Re: CARP and NAT question

On 10/9/19 2:34 AM, Julien Cigar wrote: On Tue, Oct 08, 2019 at 01:05:37PM -0700, Julian Elischer wrote: On 10/8/19 8:58 AM, Julien Cigar wrote: On Tue, Oct 08, 2019 at 10:20:34AM -0500, Matthew Grooms wrote: Hi Julien, Hi Matthew, It's not clear why you are trying to assign multiple carp

Re: VLAN+bridge problem [was: no network between jails and host with VNET on same interface]

try use netgraph bridge and interfaces On 10/9/19 11:38 AM, Alexander Lunev via freebsd-net wrote: 07.10.2019 8:21, Alexander N. Lunev via freebsd-net пишет: I've tested with tcpdump, and here's what i found: > Host interfaces: > em0 up > vlan22 10.15.15.1/24 vlandev em0 vlan22 > epair0a -

Re: CARP and NAT question

On 10/8/19 8:58 AM, Julien Cigar wrote: On Tue, Oct 08, 2019 at 10:20:34AM -0500, Matthew Grooms wrote: Hi Julien, Hi Matthew, It's not clear why you are trying to assign multiple carp IP address to two different interfaces from within the same IP subnet. Are you trying to fail over a 2nd

Re: DHCPv6 client in base

On 10/7/19 12:05 PM, Roy Marples wrote: On 07/10/2019 19:45, Julian Elischer wrote: I'm not HRS, but as it uses netlink, how does NetBSD use it?  (i.e. how do we simulate that?) dhcpcd has a driver per OS: BSD == route(4) though sometimes I wonder if that could not be improved.. it's now

Re: DHCPv6 client in base

On 10/6/19 5:53 PM, Ben Woods wrote: On Thu, 16 May 2019 at 2:25 am, Hiroki Sato wrote: wrote in <001e01d50b49$176104d0$46230e70$@gmail.com>: dr> Has anyone ever thought or considered integrating an IPv6 DHCP client in dr> base? I have a plan to import wide-dhcp6 into the base system

Re: radiotap header bit definition allocation has changed ...

Hi Richard. I’m not the person but I will forward on to the next person in the “May know more” chain and we can see if we can home in on the right person. Julian Sent from my iPhone > On Aug 11, 2019, at 10:57 AM, Richard Sharpe > wrote: > > Hi Julian, > > I dunno if you care about

Re: freebsd stack in user space

On 6/9/18 6:56 pm, Julian Elischer wrote: I know some people have done this..  anyone have pointers? thanks to all who responded. Julian ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net

freebsd stack in user space

I know some people have done this..  anyone have pointers? Julian ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: In-kernel NAT [ipfw] dropping large UDP return packets

On 14/6/18 7:44 am, Jeff Kletsky wrote: On 6/13/18 1:28 PM, Andrey V. Elsukov wrote: On 13.06.2018 23:04, Jeff Kletsky wrote: The kernel version of libalias uses m_megapullup() function to make single contiguous buffer. m_megapullup() uses m_get2() function to allocate mbuf of appropriate

Re: In-kernel NAT [ipfw] dropping large UDP return packets

On 14/6/18 3:01 am, Andrey V. Elsukov wrote: On 13.06.2018 20:16, Jeff Kletsky wrote: When a T-Mobile "femto-cell" is trying to establish its IPv4, IPSEC tunnel to the T-Mobile provisioning servers, the reassembled, 4640-byte return packet is silently dropped by the in-kernel NAT, even though

Re: In-kernel NAT [ipfw] dropping large UDP return packets

On 14/6/18 1:41 am, Michael Sierchio wrote: I see you have a case of Netgraph. Perhaps Julian will chime in. well I'm reading but not got any specific ideas at the moment.. Netgraph itself has no requirements on packet size or even contents. a node may however have some. On Wed, Jun 13,

Re: NETGRAPH- bridge vlans using netgraph help

fully understand the aim of the exercise. Julian On Tue, May 1, 2018 at 8:39 PM, Julian Elischer <jul...@freebsd.org <mailto:jul...@freebsd.org>> wrote: On 1/5/18 11:16 pm, Freddie Cash wrote: On Tue, May 1, 2018 at 6:08 AM, Julian Elischer <jul...@freebsd.

Re: multiple if_ipsec

On 8/5/18 9:51 pm, Andrey V. Elsukov wrote: On 08.05.2018 14:03, peter.b...@bsd4all.org wrote: Hi Victor, I’m struggling wit the same issue. My sainfo doesn’t match unless I use anonymous. Hi Andrey, What I don’t understand is why a “catchall” policy is added instead of the policy that

Re: ipfw -- selecting locally generated packets

On 5/5/18 1:33 am, Jeff Kletsky wrote: On 5/3/18 6:35 AM, Julian Elischer wrote: On 3/5/18 12:08 am, Michael Sierchio wrote: On Mon, Apr 30, 2018 at 10:48 AM, Jeff Kletsky <free...@wagsky.com> wrote: "not recv any" doesn't seem to be helpful either $ sudo ipfw ad

Re: ipfw -- selecting locally generated packets

On 3/5/18 12:08 am, Michael Sierchio wrote: On Mon, Apr 30, 2018 at 10:48 AM, Jeff Kletsky wrote: "not recv any" doesn't seem to be helpful either $ sudo ipfw add 64000 count ip from any to any out xmit any not recv any The loopback interface, lo0 ?

Re: NETGRAPH- bridge vlans using netgraph help

On 1/5/18 11:16 pm, Freddie Cash wrote: On Tue, May 1, 2018 at 6:08 AM, Julian Elischer <jul...@freebsd.org <mailto:jul...@freebsd.org>>wrote: On 1/5/18 2:08 am, Eugene Grosbein wrote: 01.05.2018 1:03, Freddie Cash wrote: On Mon, Apr 30, 2018 at 10:5

Re: NETGRAPH- bridge vlans using netgraph help

On 1/5/18 2:08 am, Eugene Grosbein wrote: 01.05.2018 1:03, Freddie Cash wrote: On Mon, Apr 30, 2018 at 10:59 AM, Eugene Grosbein >wrote: > What the OP is trying to do is have PC1 send untagged packets to igb0 on FreeBSD which is configured

Re: ipfw -- selecting locally generated packets

On 1/5/18 2:02 am, Eugene Grosbein wrote: 01.05.2018 0:48, Jeff Kletsky wrote: From time to time, I rewrite my firewall rules to take advantages of the ever-improving set of features that ipfw provides. One of the challenges I have faced in the past was selecting packets that are generated

Re: NETGRAPH- bridge vlans using netgraph help

On 28/4/18 8:28 pm, Eugene Grosbein wrote: 28.04.2018 19:10, Abdullah Tariq wrote: However, we still have several ways to bridge tagged traffic by means of creation multiple bridges (one per vlan) or using ng_vlan+ng_bridge to do the same. bridge1 will contain vlan 1 bridge2 will

Re: kldload ibcore.ko fails in snapshot: FreeBSD-12.0-CURRENT-amd64-20180329-r331740-disc1

On 24/4/18 3:15 pm, Hans Petter Selasky wrote: On 04/24/18 01:33, Somayajulu, David wrote: Hi All, kldload ibcore.ko fails in the above snapshot with the following error. # kldload -v /usr/obj/usr/src/amd64.amd64/sys/modules/ibcore/ibcore.ko kldload: an error occurred while loading module

Re: Need Netgraph Help [fixed]

On 24/4/18 12:11 am, John Lyon wrote: If you found that thread, you found my answer. :-) I'm one of the posters on that particular PFSense thread. In short summary, I have a theory that should work but I haven't tested it yet due to a lack of opportunity. The netgraph code that forwards the

Re: Need Netgraph Help [fixed]

On 23/4/18 6:11 pm, Julian Elischer wrote: On 23/4/18 5:55 pm, Julian Elischer wrote: On 22/4/18 12:52 pm, GPz1100a wrote: @John Did you ever get this fully figured out?  I'm trying to do what I think is the same thing with my fiber internet connection - eliminate the need to use the isp

Re: Need Netgraph Help [fixed]

On 23/4/18 5:55 pm, Julian Elischer wrote: On 22/4/18 12:52 pm, GPz1100a wrote: @John Did you ever get this fully figured out?  I'm trying to do what I think is the same thing with my fiber internet connection - eliminate the need to use the isp provided gateway (or at least reduce its

Re: Need Netgraph Help [fixed]

On 22/4/18 12:52 pm, GPz1100a wrote: @John Did you ever get this fully figured out? I'm trying to do what I think is the same thing with my fiber internet connection - eliminate the need to use the isp provided gateway (or at least reduce its function). I'm running *opnsense*. This thread

Re: Need Netgraph Help [fixed]

On 22/4/18 12:52 pm, GPz1100a wrote: @John Did you ever get this fully figured out? I'm trying to do what I think is the same thing with my fiber internet connection - eliminate the need to use the isp provided gateway (or at least reduce its function). I'm running *opnsense*. This thread

Re: Default network device

On 25/3/18 12:21 am, Grzegorz Junka wrote: Hi, In my laptop I have both, wlan0 and ue0 (ethernet). When both are connected, FreeBSD chooses to use wlan0 by default. Only when I disable wlan0 it switches to use ue0. Since ue0 is ethernet it's obviously much faster than wlan0. It's decided by

Re: Diagnosing terrible ixl performance

On 20/4/18 12:03 pm, Garrett Wollman wrote: I'm commissioning a new NFS server with an Intel dual-40G XL710 interface, running 11.1. I have a few other servers with this adapter, although not running 40G, and they work fine so long as you disable TSO. This one ... not so much. On the receive

Re: Bridging a vlan trunk with a gif tunnel?

On 1/4/18 11:58 pm, Eugene Grosbein wrote: 01.04.2018 21:42, Hauke Fath wrote: I am trying to network a remote site with a main site through a bridged gif tunnel, and it doesn't work for me. gif(4) supports only untagged frames when added to a bridge. You need to create gif-per-vlan or switch

Re: Same host or different? How can you tell "over the wire"?

On 22/3/18 7:30 am, Ronald F. Guilmette wrote: In message <5ab2d11a.6060...@grosbein.net>, Eugene Grosbein wrote: If they respond truly identically, there are no reasons to treat them like distinct hosts despite of different IP addresses. are you on the same segment as

Re: Raw Sockets: Two Questions

On 22/3/18 3:08 am, Eugene Grosbein wrote: 22.03.2018 1:08, Ronald F. Guilmette wrote: OK, so, if I have understood all that has been said in this thread so far, then I would assert that, from the perspective of a simple-minded and naive end user (e.g. me), the assertion that I originally

Re: Need Netgraph Help [fixed]

Hi John, did you ever try out my version? Julian On 7/1/18 4:06 am, Julian Elischer wrote: On 7/1/18 4:02 am, John Lyon wrote: Thanks for the clarification and all the help. After Marko clarified that that edges/hooks are bidirectional, I was able to get it working WAN to LAN and LAN to WAN

Re: Need Netgraph Help [fixed]

uses fewer nodes. etf includes a mux/demux..  the link is bidirectional. Thanks again for all the help! John L. Lyon PGP Key Available At: https://www.dropbox.com/s/skmedtscs0tgex7/02150BFE.asc On Sat, Jan 6, 2018 at 2:39 PM, Julian Elischer <jul...@freebsd.org

Re: Need Netgraph Help [fixed]

https://www.dropbox.com/s/skmedtscs0tgex7/02150BFE.asc On Fri, Dec 29, 2017 at 4:06 AM, Julian Elischer <jul...@freebsd.org <mailto:jul...@freebsd.org>> wrote: On 29/12/17 10:52 am, John Lyon wrote: It works!!!  In virtual machine land at least, it works!  It will be int

Re: VLANing between jails not segmenting traffic

On 31/10/17 5:26 am, Eugene Grosbein wrote: 31.10.2017 4:08, Farhan Khan пишет: Hi all, I am trying to experiment with setting up two jails on different VLANs, but have not been able to segment traffic. My configuration was to create vlan1 for jail1 and vlan2 for jail2. I did the following

Re: Need Netgraph Help [fixed]

_so much_ for your help. John L. Lyon PGP Key Available At: https://www.dropbox.com/s/skmedtscs0tgex7/02150BFE.asc On Thu, Dec 28, 2017 at 9:48 AM, Julian Elischer <jul...@freebsd.org <mailto:jul...@freebsd.org>> wrote: On 28/12/17 9:59 pm,

Re: Need Netgraph Help [fixed]

150BFE.asc On Thu, Dec 28, 2017 at 9:48 AM, Julian Elischer <jul...@freebsd.org <mailto:jul...@freebsd.org>> wrote: On 28/12/17 9:59 pm, Julian Elischer wrote: On 28/12/17 1:37 am, John Lyon wrote: Julian, Unfortunately, this issue remain

Re: Need Netgraph Help

John L. Lyon PGP Key Available At: https://www.dropbox.com/s/skmedtscs0tgex7/02150BFE.asc On Thu, Dec 28, 2017 at 11:10 AM, Julian Elischer <jul...@freebsd.org <mailto:jul...@freebsd.org>> wrote: On 28/12/17 11:58 pm, John Lyon wrote: Julian, That l

Re: Need Netgraph Help

.  So if I can get it working in one direction, it's trivial to create a mirror image graph for the reverse direction. Thanks! John L. Lyon PGP Key Available At: https://www.dropbox.com/s/skmedtscs0tgex7/02150BFE.asc On Thu, Dec 28, 2017 at 8:59 AM, Julian Eli

Re: Need Netgraph Help [fixed]

On 28/12/17 9:59 pm, Julian Elischer wrote: On 28/12/17 1:37 am, John Lyon wrote: Julian, Unfortunately, this issue remains unresolved.  I would like to think that this is just a PEBKAC issue, but I have tried every permutation of escape characters in case it's an issue with my syntax and I

Re: Need Netgraph Help

Thanks. John L. Lyon PGP Key Available At: https://www.dropbox.com/s/skmedtscs0tgex7/02150BFE.asc On Wed, Dec 27, 2017 at 10:32 AM, Julian Elischer <jul...@freebsd.org <mailto:jul...@freebsd.org>> wrote: John did you get a resolution to this issue? On 16/12/17 2:

Re: Need Netgraph Help

John did you get a resolution to this issue? On 16/12/17 2:59 am, John Lyon wrote: Harry and Eugene (and others), I appreciate all of your help. It's been really insightful. Although I feel like I'm getting much closer to the solution, I don't think my problem has been diagnosed. I've

Re: setfib (ez)jails and wierd routing

On 18/10/17 3:30 am, Marek Zarychta wrote: On Tue, Oct 17, 2017 at 08:28:16PM +0200, Marko Cupać wrote: On Mon, 16 Oct 2017 20:07:28 +0200 Marek Zarychta wrote: Hi, try after to set "ifconfig bce1 fib 2" after disabling PF. This should do the work. Hi Marek,

Re: Only last IP frag sent if ARP entry absent

On 18/8/17 12:36 pm, Gopakumar Pillai wrote: Thank You Bjoern and Mike. While I agree with you Mike that ping can fail, a UDP application could also be affected – if its sending >MTU data and if ARP entry is absent. And ether_output wouldn’t even tell the app if the sending failed or not (as

Re: Only last IP frag sent if ARP entry absent

On 18/8/17 11:33 am, Mike Karels wrote: Another $.02 (inline): On 17 Aug 2017, at 18:39, Gopakumar Pillai wrote: Thank You Bjoern. Could you please point me to the RFC? I don’t know if there is anything more recent than RFC1122 on this. IIRC, it requires queuing at least one packet.

Re: May I ask where could I find the TCP BBR patches?

On 21/7/17 1:23 pm, Jov wrote: Maybe you are also interested in kcp/kcptun: https://github.com/xtaci/kcptun looks to me like kcp might be implemented pretty easily as a netgraph module, BBR looks like it would be relatively simple to port and I look forward to seeing it. There is also a

Re: A web server behind two gateways?

On 18/7/17 11:50 am, Grzegorz Junka wrote: On 17/07/2017 18:22, Eugene Grosbein wrote: 18.07.2017 1:19, Eugene Grosbein пишет: 18.07.2017 0:48, Alan Somers wrote: Not answering any particular email in this thread, many thanks for your help. That;s plenty of ideas to try so may take some

Re: Sporadic TCP/RST sent to client

On 28/6/17 2:31 am, Youssef GHORBAL wrote: [...] Further, I would argue that round robin is not a valid 802.3ad/802.1AX algorithm, per how it defines a frame distributor: "This standard does not mandate any particular distribution algorithm(s); however, any distribution algorithm shall ensure

Re: The fate of ngatm

On 28/4/17 2:00 am, Brooks Davis wrote: As previous threatened, I've removed support for NATM (as well as a remarkable number of remnants of the old ATM framework). One piece that still remains is the ngatm framework in netgraph. This includes the ng_ccatm(4), ng_sscfu(4), ng_sscop(4), and

Re: VNET / netgraph jails -- Locking down?

many good questions but looking at what you are doing, maybe we should be asking you the questions. Certainly firewalling on the outside of the jail makes sense. I've not used ng_ipfw but it would make sense to do a quick santity check for every packet leaving each jail. On 14/2/17 9:47 am,

Re: NETGRAPH's ng_cisco and IPv6 support

On 24/2/17 3:03 am, Łukasz Wójcik wrote: Hello everyone, I've recently started to develop certain driver that uses 'ng_cisco' netgraph module for CHDLC en-/de-capsulation. When it connects with ng_cisco node via 'inet' hook, everything works fine, but there is an issue when trying to use

all network people please review this proposal: because someone is going to commit it soon. D5017

Unless eri gets to it first I will. see https://reviews.freebsd.org/D5017 If you have a server, you can put an arbitrary number of clients on the same port number because they all have different addresses. However in the case of a client accessing multiple servers we are limited to 65535

Re: FreeBSD10.3-RELEASE. Kernel panic.

On 11/10/2016 8:56 PM, Donald Baud via freebsd-net wrote: I've been plagued with these =daily= panics until I tried the following recipes and the server has been up for 30 days so far: Normally I should expermient more to see which one of the receipes is really the fix, but I'm just glad that

Re: Strange issue with scp performance

On 3/10/2016 12:22 AM, Achilleas Mantzios wrote: On 01/10/2016 03:55, John-Mark Gurney wrote: Achilleas Mantzios wrote this message on Wed, Sep 28, 2016 at 13:26 +0300: We have a weird situation here. We just made a clone of a virtual image running Linux and sent it over to some could

Re: SO_BINDANY in FreeBSD 10.3

:29, Julian Elischer <jul...@freebsd.org> wrote: On 12/08/2016 8:00 PM, Alex Povolotsky wrote: Hello Is SO_BINDANY supported in FreeBSD 10.3? If not, do any patches exists? I'm certain that it is, somehow, but I'll be damned if I can remember how to do it.. There were patches for it in t

Re: SO_BINDANY in FreeBSD 10.3

On 12/08/2016 8:00 PM, Alex Povolotsky wrote: Hello Is SO_BINDANY supported in FreeBSD 10.3? If not, do any patches exists? I'm certain that it is, somehow, but I'll be damned if I can remember how to do it.. There were patches for it in the 90s and early 2000s but I seem to remember they

Re: Is there a way to keep an account of which processes generate how much network traffic?

On 30/05/2016 5:07 PM, Ben Woods wrote: On Monday, 30 May 2016, Yuri > wrote: There is vnstat that does this by interface. But is there a way to do this by the application? This is because nearly every packet that is sent through

Re: Bridge interface and ARP traffic

On 27/05/2016 1:13 AM, John Nielsen wrote: On May 20, 2016, at 12:30 AM, Aqz wrote: Hello, I have a very strange issue with passing ARP traffic through bridge interface. I'm using FreeBSD 10.3-REL VMWare virtual machine as bridge between two networks using the same IP address

Re: How to use pf with vimage jails?

On 4/05/2016 11:59 PM, Shawn Debnath wrote: On 05/04, Alan Somers wrote: Then maybe it's the bridged aspect that's screwing me up. Is there a guide for using pf on bridged interfaces? All I can find is this guide for ipfw. I ran into a similar issue recently and decided to write up an

Re: Assigning same ip address to different interfaces with different FIBs

On 20/04/2016 5:58 PM, M. V. via freebsd-net wrote: Hello guys, I have a problem with having multiple FIBs in FreeBSD-9.2. I've already setup 4 FIBs in kernel, and everything is OK. I assigned each interface to one FIB and I can add routes to any of FIBs I want, and everything works fine.But

tcp guys: please look at this one

https://reviews.freebsd.org/D5872 This one needs more scrutiny. The cure may be worse than the problem, but it needs more eyes on it.. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe,

Re: routing issue

On 3/03/2016 2:38 AM, Pakhom Golynga wrote: Hello all! Please help me to investigate this issue. I have problem on 10.2-RELEASE-p12 with multiple network interfaces and PF (rules, NAT) # ifconfig <--cut--> em0: flags=8843 metric 0 mtu 1500

Re: gateway machine port redirect question

On 21/02/2016 4:48 PM, Gary Corcoran wrote: On 2/20/2016 9:22 PM, Valeri Galtsev wrote: Dear Experts, I'm one of Linux refugees who several years ago migrated majority of servers from Linux to FreeBSD and is happy since. When recently I needed to set up gateway (Firewall + NAT) machine, I set

Re: gateway machine port redirect question

On 22/02/2016 4:03 AM, Ian Smith wrote: On Sun, 21 Feb 2016 16:32:53 -0800, Julian Elischer wrote: > On 20/02/2016 6:22 PM, Valeri Galtsev wrote: > > Dear Experts, > > > > I'm one of Linux refugees who several years ago migrated majority of > > se

Re: gateway machine port redirect question

On 20/02/2016 6:22 PM, Valeri Galtsev wrote: Dear Experts, I'm one of Linux refugees who several years ago migrated majority of servers from Linux to FreeBSD and is happy since. When recently I needed to set up gateway (Firewall + NAT) machine, I set up FreeBSD 10.2 on it, used ipwf and natd,

Re: ifconfig with quoted arguments

On 10/02/2016 5:51 AM, Jeremy Boy wrote: Hello list, please CC me in replies to this mail, since I am no subscriber to this list. For safety reasons, we enclose user input to shell commands in quotes. Until today, the resulting command for ifconfig(8) looked like this: ifconfig ue0 inet

Re: Problem with ipfw, in-kernel NAT and port redirection to jails

On 8/02/2016 9:27 PM, Alexey Roslyakov via freebsd-net wrote: 08.02.2016 12:30, Kiryanov Vassily пишет: Hello Alexey, Thank you for this information, I have thoughts about using pf nat as an alternative way and your example will be useful for me. But Eugene Grosbein adviced me to turn off

Re: ppp(8) PPPoE fails when ifname contains "."

On 7/01/2016 6:29 AM, Ben Woods wrote: Hey everyone, I was recently trying to set up PPPoE to my ISP, over my network interface which is configured with 802.1q VLAN tagging using vlan(4). I utilised the vlans_= feature described in rc.conf(5), which creates a cloned interface named .. In

Re: Does FreeBSD have sendmmsg or recvmmsg system calls?

On 4/01/2016 5:32 AM, HuanHuan wrote: Hi Rui, There are no existing applications, but these two calls are for developing new application on 10G links. Currently I use netgraph, especially ng_socket node. And a simple recvfrom() on a ng_socket costs ~5us or so (200K per second). And there

Re: BPF Berkeley Packet Filter

On 30/12/2015 12:22 PM, Juan Herrera wrote: Hello BSD folks, I am developing a networking application in C and I have a question regarding BPF (Berkeley Packet Filters), I will give you an idea of the app first, I need to send a packet from machine A to machine B (any kind of packet) so for

Re: BPF Berkeley Packet Filter

On 30/12/2015 6:26 AM, Juan Herrera wrote: Hello, I have a question regarding Berkeley Packet filter, which is Can I read an incoming packet length with BPF, I am working on a project that requires to filter the receiving packets in the kernel before they get to userspace, but I need to be able

Re: ipsec tunnel and vnet jails: routing, howto?

On 27/12/2015 4:24 AM, Michael Grimm wrote: Hi, I am currently stuck, somehow, and I do need your input. Thus, let me explain, what I do want to achieve: I do have two servers connected via an ipsec/tunnel ... [A] dead:beef:1234:abcd::1 <—> dead:feed:abcd:1234::1 [B] … which is

Re: Have I got this VIMAGE setup correct?

On 23/12/2015 1:05 AM, Garrett Wollman wrote: The consensus when I asked seemed to be that VIMAGE+jail was the right combination to give every container its own private loopback interface, so I tried to build that. I noticed a few things: 1) The kernel prints out a warning message at boot time

Re: Per-jail private loopback

On 18/12/2015 11:51 AM, Craig Rodrigues wrote: On Thu, Dec 17, 2015 at 3:48 PM, Garrett Wollman wrote: Or is VIMAGE cheap enough that I won't notice the performance hit? Vimage is a negligable overhead in a 1 jail (base jail) system and can actually end up with a

Re: IPFW blocked my IPv6 NTP traffic

On 2/12/2015 12:27 AM, el...@sentor.se wrote: On Tue, 1 Dec 2015, Mark Felder wrote: On Tue, Dec 1, 2015, at 02:02, wishmaster wrote: Hi, Mark. I'm hoping someone can explain what happened here and this isn't a bug, but if it is a bug I'll gladly open a PR. I noticed in my ipfw logs

Re: vimage and jail networking

On 1/12/2015 3:49 PM, Ben Woods wrote: On 1 December 2015 at 06:48, Nathan Aherne > wrote interestingly this is the first time I see this email. I think something blocked he original for me. Thank you for helping me to understand vimage better

Re: Outgoing packets being sent via wrong interface

On 1/12/2015 4:03 PM, Daniel Bilik wrote: On Mon, 30 Nov 2015 23:47:18 +0800 Julian Elischer <jul...@freebsd.org> wrote: ok next time try netstat -raAnW before and after Attached ("Internet6" part removed to reduce noise). maybe we can spot at difference. According to

Re: Outgoing packets being sent via wrong interface

On 30/11/2015 5:18 PM, Daniel Bilik wrote: On Sat, 28 Nov 2015 18:06:45 +0800 Julian Elischer <jul...@freebsd.org> wrote: next time it happens try flushing the arp table. Just tried... arp -d -a ... didn't help. Followed by refreshing default route, which solved it ok next ti

Re: Kernel NAT issues

, Julian Elischer <jul...@freebsd.org> wrote: On 21/11/2015 10:06 AM, Nathan Aherne wrote: I had a bit of a think about how to describe what I am trying to achieve. I am treating each jail likes its own little "virtual machine”. The jail provides certain services, using things

Re: Outgoing packets being sent via wrong interface

On 27/11/2015 5:13 PM, Daniel Bilik wrote: On Wed, 25 Nov 2015 12:20:33 + Gary Palmer wrote: route -n get As suggested by Kevin and Ryan, I set the router to drop redirects... net.inet.icmp.drop_redirect: 1 ... but it happened again today, and again affected host

Re: Is it allowed to copy hyper-v drivers from FreeBSD 10 and packed it into FreeBSD 9.2

On 23/11/2015 11:30 PM, Adrian Chadd wrote: On 22 November 2015 at 21:58, Hongjiang Zhang wrote: Hi, Some people, who used FreeBSD 9.2 and back-port network driver for Hyper-v from FreeBSD 10, encountered a network issue. They installed 2 VM (FreeBSD 9.2 with the

Re: tap(4) and host-only networking between host and guest

On 11/5/15 10:31 AM, Victor Sudakov wrote: Neel Natu wrote: Julian Elischer wrote: I am experimenting with bhyve which uses tap(4) for network access. I don't want to bridge tap0 with any of the hosts's real NICs. How can I create a private network just between the host and the guest? you

Re: tap(4) and host-only networking between host and guest

On 11/4/15 3:54 PM, Victor Sudakov wrote: Colleagues, I am experimenting with bhyve which uses tap(4) for network access. I don't want to bridge tap0 with any of the hosts's real NICs. How can I create a private network just between the host and the guest? you are thinking too hard! tap IS

Re: nice stuff from cloudflare (and, we need something like ethtool!)

On 10/10/15 10:59 PM, Luigi Rizzo wrote: the nice folks at cloudflare implemented a nice feature in netmap that puts some queues of the NIC in netmap mode leaving others attached to the host stack https://blog.cloudflare.com/single-rx-queue-kernel-bypass-with-netmap/ and use ethtool (and

Re: Value of congestion window (cwnd) when loss is detected

On 9/3/15 7:13 PM, Lawrence Stewart wrote: On 09/03/15 10:54, hiren panchasara wrote: I am failing to understand the reason behind this behavior. What should the congestion window (snd_cwnd) be set to when we hit loss? It seems that we set it to 1 segment right now.

Re: FreeBSD 10.2 , ospf vs. aggregated static routes, performance issue

On 8/25/15 10:07 PM, Evgeny Khorokhorin wrote: Hi, I have 10.2-STABLE, 2 CPU Intel E5-2643v3, network Intel XL710 with 1.4.0 driver from Intel I know that going through routing table is very fast (rn_match). But I decided to optimize routing table. I'm using 2 interfaces - ixl0 and ixl1.

Re: Mellanox 40Gb support

Janitorial Services On Aug 21, 2015, at 8:21 AM, Julian Elischer jul...@freebsd.org mailto:jul...@freebsd.org wrote: On 8/21/15 10:29 PM, aurfalien wrote: Hi, Thanks very much for the response. Well, I’m implementing NFSoRDMA and as a best practices, Mellanox suggested I use the very latest

Re: Ethernet tunneling options under FreeBSD

never tried it. On Friday, August 14, 2015 23:16:41 Julian Elischer wrote: On 8/14/15 6:40 AM, James Lott wrote: Hello list, I am in the process of planning a build out of a L2 VPN, in which I'd like to have my primary switch and DHCP server be a FreeBSD system. I would like to join each new

Re: Ethernet tunneling options under FreeBSD

, August 14, 2015 23:16:41 Julian Elischer wrote: On 8/14/15 6:40 AM, James Lott wrote: Hello list, I am in the process of planning a build out of a L2 VPN, in which I'd like to have my primary switch and DHCP server be a FreeBSD system. I would like to join each new host to the VPN

  1   2   3   4   5   6   7   8   9   10   >