Re: OpenBGPD with FreeBSD
£ukasz Bromirski wrote: > > Claudio Jeker wrote: > > >>Had openbgpd ported to freebsd or is it in any progress? > >>If I want to install it in FreeBSD, is there any guideline for me to follow? > > You have to remove the full pfkey interface and replace it with dummy > > functions as it is incompatible. So tcp md5 does not work but I think it > > is still broken in FreeBSD anyway. > > Here is a diff I created some time ago. Perhaps some other minor changes > > are needed. > > I've created short HOWTO as well as diff to make OpenBGPd easily > installable on FreeBSD (tested 5.3/5.4). It works with pf (pushing > prefixes to pf tables), but of course lacks MD5 authorization for > peers. Claudio, thanks for suggestions about the pfkey. > > Here's short HOWTO: > http://lukasz.bromirski.net/projekty/openbgpd/index-en.html > > If anyone will push this further and make a port out of it, it > would be really nice. You could make a port and I can commit it. -- Andre ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Current problem reports assigned to you
Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description --- o [2003/07/11] kern/54383 net [nfs] [patch] NFS root configurations wit 1 problem total. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Sending Ethernet frames
Hi, I'm trying to send 'raw' Ethernet frames. I have however not found any examples of how to do this in BSD. Is it possible to open a 'ethernet' socket, similar to a AF_INET? I need to be able to control the destination address and type/len field in the Ethernet header. In Linux it is possible open a SOCK_RAW and bind it to a particular interface, I've tried to use the sockadd_dl but in this case bind dies with error 22, any way to do this? /Patrik ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Sending Ethernet frames
From: [EMAIL PROTECTED] On Behalf Of Patrik Arlos > Hi, > > > > I'm trying to send 'raw' Ethernet frames. I have however not > found any examples of how to do this in BSD. > > Is it possible to open a 'ethernet' socket, similar to a > AF_INET? I need to be able to control the destination > address and type/len field in the Ethernet header. > > In Linux it is possible open a SOCK_RAW and bind it to a > particular interface, I've tried to use the sockadd_dl but in > this case bind dies with error 22, any way to do this? You can chmod +w on /dev/bpf* and then open & write to a bpf device. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Sending Ethernet frames
On 2005-03-21 14:05, Patrik Arlos <[EMAIL PROTECTED]> wrote: > I'm trying to send 'raw' Ethernet frames. I have however not found any > examples of how to do this in BSD. > > Is it possible to open a 'ethernet' socket, similar to a AF_INET? I > need to be able to control the destination address and type/len field > in the Ethernet header. > > In Linux it is possible open a SOCK_RAW and bind it to a particular > interface, I've tried to use the sockadd_dl but in this case bind dies > with error 22, any way to do this? It may be a good idea to investigate if libnet does your job. The ports version (net/libnet-devel) is based on libnet-1.1.2.1. Mike Schiffman, who writes libnet may have a newer version on his site: http://www.packetfactory.net/projects/libnet/ If you do decide to use libnet, I also have a few local patches that may be interesting; mostly updates lto ibnet's build tree that use the latest automake and autoconf or changes to libtoolize libnet; these are "local hacks" though. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: disabling ipv6 with ppp
Use ``disable ipv6'' - see the man page. Put ``NOINET6=true'' in /etc/make.conf to make IPv6 go away entirely. On Mon, 7 Mar 2005 11:45:24 +0100, Hanspeter Roth <[EMAIL PROTECTED]> wrote: > Hello, > > I'm using ppp. Even though INET6 is disabled in the kernel there is > some INET6 stuff configured. Netstat -rn shows: > > ... > Internet6: > Destination Gateway Flags > Netif Expire > ::1 ::1 UH > lo0 > fe80::%lo0/64 fe80::1%lo0 U > lo0 > fe80::1%lo0 link#4UHL > lo0 > ff01::/32 ::1 U > lo0 > ff02::%lo0/32 ::1 UC > lo0 > ff02::%tun0/32fe80::20f:3dff:feae:5416%tun0 UGS > tun0 > > The last route to 'ff02::%tun0/32' appears only if ppp is running. > Some seconds after ppp is startet (ppp -quiet -auto isp) it goes > online. Trying to delete the route by hand claims it is a bad > address: > > route delete 'ff02::%tun0/32' > route: bad address: ff02::%tun0/32 > > How can I run ppp without INET6 support? > > -Hanspeter > ___ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > -- Brian Somers <[EMAIL PROTECTED]> Don't _EVER_ lose your sense of humour ! <[EMAIL PROTECTED]> ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Giant-free polling [PATCH]
On Friday 11 March 2005 09:28 am, Gleb Smirnoff wrote: > On Fri, Mar 11, 2005 at 03:14:50PM +0100, Pawel Jakub Dawidek wrote: > P> On Fri, Mar 11, 2005 at 04:55:25PM +0300, dima wrote: > P> +> I thought about using list also, but considered it to bring > P> +> too much overhead to the code. The original idea of handling arrays > P> +> seems to be very elegant. > P> > P> Overhead? Did you run any benchmarks to prove it? > P> I find list-version much more elegant that using an array. > > It is also a small cookie for future. Now we have IFF_POLLING flag and > IFCAP_POLLING, which indicate whether interface support polling and whether > it actually does polling. This is not nice, from my viewpoint. I'd like > to see only IFCAP_POLLING present and turning polling on/off for particular > interface should be done by inserting/removing iface from polling list. > > This will also remove an extra unlocked check of interface flags (?). > > P> I also don't like the idea of calling handler method with two locks > P> held (one sx and one mutex)... > > I agree with Pawel. We have LOR here between sx lock and driver lock: > > normal polling: (get sx shared) -> (get driver mutex) > driver stop:(get driver mutex) -> (get sx exclusive) You can't ever lock an sx(9) lock while holding a mutex. FYI. -- John Baldwin <[EMAIL PROTECTED]> <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" = http://www.FreeBSD.org ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
altq enqueue
Is there a way to send packets from userland process to a specific altq defined queue? Pete ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: disabling ipv6 with ppp
On Mar 21 at 13:55, Brian Somers spoke: > Use ``disable ipv6'' - see the man page. Ok, I've put ``disable ipv6'' as well as ``disable ipv6cp'' into the config file. But nevertheless ff02::%tun0/32fe80::20f:3dff:feae:5416%tun0 UGStun0 appears anyway and 22 seconds after ppp is started a dialup connection is established. > Put ``NOINET6=true'' in /etc/make.conf to make IPv6 go away entirely. It is not obvious wether only the kernel has to be rebuilt or the entire world. -Hanspeter ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: altq enqueue
On Monday 21 March 2005 16:02, Petri Helenius wrote: > Is there a way to send packets from userland process to a specific altq > defined queue? No, not at this point. But as a workaround (assuming we are talking about socket based communication (udp/tcp)) you can have the program running as a special user or group and use pf or ipfw to queue traffic from this user/ group. Note that pf needs debug.mpsafenet=0 for this to work properly. ipfw has the same problem in 5.3R but is fixed in CURRENT and *maybe* RELENG_5 - I'll let others speak on that one. -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News pgpCW6hy5kysN.pgp Description: PGP signature
Re: disabling ipv6 with ppp
On Mon, 21 Mar 2005 16:44:33 +0100, Hanspeter Roth <[EMAIL PROTECTED]> wrote: > On Mar 21 at 13:55, Brian Somers spoke: > > > Use ``disable ipv6'' - see the man page. > > Ok, I've put ``disable ipv6'' as well as ``disable ipv6cp'' into the > config file. But nevertheless > ff02::%tun0/32fe80::20f:3dff:feae:5416%tun0 UGS > tun0 > appears anyway and 22 seconds after ppp is started a dialup > connection is established. disable ipv6 and disable ipv6cp are synonymous. It sounds as if your kernel is built with INET6 support. > > Put ``NOINET6=true'' in /etc/make.conf to make IPv6 go away entirely. > > It is not obvious wether only the kernel has to be rebuilt or the > entire world. make.conf will just cover world. You need to remove ``options INET6'' from your kernel config to affect that. -- Brian Somers <[EMAIL PROTECTED]> Don't _EVER_ lose your sense of humour ! <[EMAIL PROTECTED]> ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: disabling ipv6 with ppp
On Mar 21 at 13:55, Brian Somers spoke: > Use ``disable ipv6'' - see the man page. > Put ``NOINET6=true'' in /etc/make.conf to make IPv6 go away entirely. I've built ppp in /usr/src/usr.sbin/ppp with NOINET6 and installed it in /usr/sbin. The route ff02::%tun0/32 is still present. But the dialup connection after 22 seconds has disappeared. So this has helped me. Thanks! -Hanspeter ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: disabling ipv6 with ppp
On Mar 21 at 17:29, Brian Somers spoke: > disable ipv6 and disable ipv6cp are synonymous. It sounds as if your > kernel is built with INET6 support. Hm, strange. I have already commented out INET6 in the kernel config... -Hanspeter ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Setup of jail bound to lo0
On Wed, 16 Mar 2005 10:47:25 +0100 (CET), Sten Spans
<[EMAIL PROTECTED]> wrote:
> On Wed, 16 Mar 2005, [UTF-8] SÅ~Bawek Å»ak wrote:
>
> > Hi,
> >
> > I need to have some jails configured, sharing single IP address (IPv6
> > is a no-no for the time being:). Therefore I came up with an idea of
> > binding them all to lo0 and assigning subsequent IP aliases as the
> > addresses. The requirement for the jails is to let them to receive
> > (the easy part) and *send* packets to the outside.
> >
> > The jails cannot directly access the Internet as they cannot bind to
> > the external IP address of course. Some translation needs to be made,
> > I think. After wrestling with ipfw/ipf/pf for a couple of hours I
> > don't have a working solution.
> >
>
> pf:
>
> # Tables: similar to macros, but more flexible for many addresses.
> table { 1.2.3.4, 5.6.7.8, 9.9.9.9 }
>
> # Translation: specify how addresses are to be mapped or redirected.
> nat on $ext_if from $loopback_addr to any -> ($ext_if)
>
> # rdr: packets coming in on $ext_if with destination :80
> rdr on $ext_if proto tcp from any to port 80 -> $loopback_addr
> port 80
Hi,
It sure works :)
My rules are:
ext_if="lnc0"
table { 127.0.0.2, 127.0.0.3 }
nat on $ext_if from to any -> ($ext_if)
rdr on $ext_if proto tcp from any to any port 80 -> 127.0.0.2 port 80
I wasn't sure what you meant by $loopback_addr. I will add rules like
this for every server:
rdr on $ext_if proto tcp from any to any port 81 -> 127.0.0.3 port 80
Nice thing this PF. I can't do this in IPFilter.
Thank you very mach Sten!
/S
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Sending Ethernet frames
On Mon, Mar 21, 2005 at 02:05:48PM +0100, Patrik Arlos wrote: > I'm trying to send 'raw' Ethernet frames. I have however not found any > examples of how to do this in BSD. Consider using bpf(4) in read/write mode. BMS ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OpenBGPD with FreeBSD
Hi there, On Mon, Mar 14, 2005 at 12:08:53AM +0059, Claudio Jeker wrote: > You have to remove the full pfkey interface and replace it with dummy > functions as it is incompatible. So tcp md5 does not work but I think it > is still broken in FreeBSD anyway. I am willing to work with OpenBSD developers, time permitting, to ensure that TCP-MD5 is source level compatible across the BSDs. In the past the divergence has has affected several projects inclyding Quagga, OpenBGPd and XORP, sadly. There has even been some cursory interest from Sun people about taking this on. Please do contact me directly about this in future first, though. Thanks, BMS ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Setup of jail bound to lo0
On Mon, 21 Mar 2005, [UTF-8] SÅ~Bawek Å»ak wrote:
On Wed, 16 Mar 2005 10:47:25 +0100 (CET), Sten Spans
<[EMAIL PROTECTED]> wrote:
On Wed, 16 Mar 2005, [UTF-8] SÅ~Bawek Å»ak wrote:
Hi,
pf:
# Tables: similar to macros, but more flexible for many addresses.
table { 1.2.3.4, 5.6.7.8, 9.9.9.9 }
# Translation: specify how addresses are to be mapped or redirected.
nat on $ext_if from $loopback_addr to any -> ($ext_if)
# rdr: packets coming in on $ext_if with destination :80
rdr on $ext_if proto tcp from any to port 80 -> $loopback_addr
port 80
Hi,
It sure works :)
My rules are:
ext_if="lnc0"
table { 127.0.0.2, 127.0.0.3 }
nat on $ext_if from to any -> ($ext_if)
rdr on $ext_if proto tcp from any to any port 80 -> 127.0.0.2 port 80
I wasn't sure what you meant by $loopback_addr. I will add rules like
this for every server:
rdr on $ext_if proto tcp from any to any port 81 -> 127.0.0.3 port 80
My setup is a bit different. I have 1 jail
with ip 10.0.0.1, and multiple external ips
distributed with vrrp.
internal_net="192.168.1.0/23"
loopback_addr="10.0.0.1"
table { 1.2.3.21, 1.2.3.22, 1.2.3.23 }
# Normalization: reassemble fragments and resolve or reduce traffic
ambiguities.scrub in all
# Translation: specify how addresses are to be mapped or redirected.
nat on $ext_if from $loopback_addr to any -> ($ext_if)
# rdr: packets coming in on $ext_if with destination :80
rdr on $ext_if proto tcp from any to port 80 -> $loopback_addr
port 80
# block all packets from $loopback_addr on the internal interface
block in on $lo_if from $loopback_addr to $internal_net
Nice thing this PF. I can't do this in IPFilter.
pf is quite nice indeed.
Thank you very mach Sten!
no problem.
--
Sten Spans
"There is a crack in everything, that's how the light gets in."
Leonard Cohen - Anthem___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Sending Ethernet frames
Giorgos Keramidas wrote: On 2005-03-21 14:05, Patrik Arlos <[EMAIL PROTECTED]> wrote: I'm trying to send 'raw' Ethernet frames. I have however not found any examples of how to do this in BSD. Is it possible to open a 'ethernet' socket, similar to a AF_INET? I need to be able to control the destination address and type/len field in the Ethernet header. In Linux it is possible open a SOCK_RAW and bind it to a particular interface, I've tried to use the sockadd_dl but in this case bind dies with error 22, any way to do this? It may be a good idea to investigate if libnet does your job. The ports version (net/libnet-devel) is based on libnet-1.1.2.1. Mike Schiffman, who writes libnet may have a newer version on his site: http://www.packetfactory.net/projects/libnet/ If you do decide to use libnet, I also have a few local patches that may be interesting; mostly updates lto ibnet's build tree that use the latest automake and autoconf or changes to libtoolize libnet; these are "local hacks" though. you can also do it via netgraph(4) ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
PPP Lan Bridge
Greetings, I am an experienced BSD administator. I am currently implementing a solution to connect two campus area buildings together using 2 machines running FreeBSD 5.3 with 56K modems & PPP. I need some assistance as follows. I am trying to be verbose so as to provide a complete overview of what has been done and so this thread may be used a future guide for others. Scenario: * A countryclub has a maintainence department located on the other side of the golf course, too far to have a cable run or a line-of-sight wireless connection. The purpose of this connection is to provide a TCP/IP timeclock with access to the main building's network to transmit data. * Maintainence Shed (client): FreeBSD 5.3 client, Serial 56K modem running ppp-user. Timeclock connected to dial-up client via CrossOver ethernet cable. * Clubhouse (server): FreeBSD 5.3 server, Serial 56K modem running mgetty. Server connected to LAN switch. * The LAN at the clubhouse consists of a CABLE Modem connection, with an OpenBSD based firewall that provides NAT/PROXY services to the internal network. Current Setup: (see this diagram I posted: URL = http://people.linisys.com/ctusa/images/diagram.jpg ) http://people.linisys.com/ctusa/images/diagram.jpg";> * main WAN router= 192.168.1.1 * dialup Server (fxp0)= 192.168.1.230 gateway_enable="yes" * dialup Server (tun0)= 192.168.1.230 -> 192.168.1.232 (modem) * dialup Client (tun0)= 192.168.1.232 * dialup Client (fxp0)= 192.168.2.1 gateway_enable="yes" Problem: * It seems that NAT is functioning well, and the systems behind can communicate. However, the timeclock is unable to communicate with its counterpart at the clubhouse. I believe this is because they are on different subnets and routing is not taking place. * The timeclock communicates on port 3301 - some sort of forwarding must be enabled through the ppp nat ? * how can the 192.168.2.0 network be accessible from the 192.168.1.0 network? I know that the 192.168.1.232 (modem) / 192.1681.230 (ethernet) server box at the main clubhouse is the gateway. How can other machines find out about this? or can the man residential gateway learn about this? Current possible diagnosis: * The complexity of having 2 gateways, it seems that in order for each machine to be able to see the 192.168.2.0 network at the client side (maintainence shed), a static route must be added. I would like to avoid this. What I would like: * To have the timeclock be on the SAME network as the rest of the clubhouse. -- Chris Tusa [EMAIL PROTECTED] http://people.linisys.com/ctusa Buy books from my Half.com inventory: http://half.ebay.com/shops/shops.jsp?seller_id=1691584 ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: disabling ipv6 with ppp
On Mon, 21 Mar 2005, Brian Somers wrote: > Use ``disable ipv6'' - see the man page. > Put ``NOINET6=true'' in /etc/make.conf to make IPv6 go away entirely. > > On Mon, 7 Mar 2005 11:45:24 +0100, Hanspeter Roth <[EMAIL PROTECTED]> wrote: > > Hello, > > > > I'm using ppp. Even though INET6 is disabled in the kernel there is > > some INET6 stuff configured. Netstat -rn shows: > > > > ... > > Internet6: > > Destination Gateway Flags > > Netif Expire > > ::1 ::1 UH > > lo0 > > fe80::%lo0/64 fe80::1%lo0 U > > lo0 > > fe80::1%lo0 link#4UHL > > lo0 > > ff01::/32 ::1 U > > lo0 > > ff02::%lo0/32 ::1 UC > > lo0 > > ff02::%tun0/32fe80::20f:3dff:feae:5416%tun0 UGS > > tun0 > > > > The last route to 'ff02::%tun0/32' appears only if ppp is running. > > Some seconds after ppp is startet (ppp -quiet -auto isp) it goes > > online. Trying to delete the route by hand claims it is a bad > > address: > > > > route delete 'ff02::%tun0/32' > > route: bad address: ff02::%tun0/32 PPP Running with IPv6 support or not means nothing if those addresses appear or not, it is because your kernel is compiled with IPv6 support, so the link local addresses as you see will appear, also, if you want to try to remove them, you will most likely need to put -inet6 on the command line, although i don't believe it is possible to remove link local addresses... ie - disable it in your kernel and it will disappear (you might also want to disable it for world programs too as someone has stated in case of any problems...) > > How can I run ppp without INET6 support? > > > > -Hanspeter > > ___ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > > > > -- > Brian Somers <[EMAIL PROTECTED]> > Don't _EVER_ lose your sense of humour ! <[EMAIL PROTECTED]> > ___ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
