Re: em0: watchdog timeout -- resetting
Just saw the "watchdog" error using an Intel Pro Quad PT card... more info: doing about 100Mbps plugged into a Cisco 2960: Gi0/23mango-em2 connected a-full a-1000 10/100/1000BaseTX Would setting the duplex and speed manually (instead of using auto-negotionation) help prevent the watchdog timer? What is the watchdog timeout for? Does the driver catch stalled interface conditions? Rudy ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh window
> From: "Steven Hartland" <[EMAIL PROTECTED]> > Date: Sat, 14 Jun 2008 03:32:39 +0100 > > >> Date: Thu, 12 Jun 2008 23:11:13 -0400 (EDT) > >> In article <[EMAIL PROTECTED]>, Brooks > >> Am I the only one who would be happier if openssh were not in the base > >> system at all? I always have to install the port anyway; having it in > >> the base just gives me more files I need to delete after an install. > >> (Heimdal is the other big culprit.) > > > > Build it with OVERRIDE_BASE and make the required entry in > >/etc/make.conf (pre-V7) or /etc/sys.conf (V7) so that rebuilding the > >system does not over-write them. > > Unfortunately this doesnt stop sysinstall breaking rc.conf by > adding back in sshd_enable="YES" every time its used :( If you OVERWRITE_BASE, sshd is written into /usr/sbin, so the stock /etc/rc.d/ntpd works just fine. I don't see the need to change to the one in the port when the port replaces the system version. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 pgpHRUyddXi1S.pgp Description: PGP signature
Re: ssh window
Date: Thu, 12 Jun 2008 23:11:13 -0400 (EDT) In article <[EMAIL PROTECTED]>, Brooks Am I the only one who would be happier if openssh were not in the base system at all? I always have to install the port anyway; having it in the base just gives me more files I need to delete after an install. (Heimdal is the other big culprit.) Build it with OVERRIDE_BASE and make the required entry in /etc/make.conf (pre-V7) or /etc/sys.conf (V7) so that rebuilding the system does not over-write them. Unfortunately this doesnt stop sysinstall breaking rc.conf by adding back in sshd_enable="YES" every time its used :( Regards Steve This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337 or return the E.mail to [EMAIL PROTECTED] ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: tcpdump/snort to capture chat sessions
Tom Judge wrote this message on Wed, Jun 11, 2008 at 15:01 -0500: > Bill Moran wrote: > >In response to R J <[EMAIL PROTECTED]>: > > > >>I am trying to use tcpdump (or snort, but they are both behaving the same > >>in this case) to capture all the lines or contents of an msn > >>chat session, the actual conversation. I am getting partial output; i.e, > >>I'll only get half of a sentence, and I don't see the rest of the lines. > >>And ofcourse, alot of it seems to be hex or obfuscated html? > >> > >>What switches do I need to capture the entire lines of text? > > > >Don't know about snort, but with tcpdump use -s0 > > > This is a good start however you are not guaranteed to see the whole > chat message in a single TCP packet. If you are looking for something > more advanced you will have to write a program around pcap/bpf or > similar to read the TCP stream. such as tcpflow which read tcpdump streams and outputs each TCP byte stream... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: em0: watchdog timeout -- resetting
Jack Vogel wrote: > Did you ever install the fix to the 82573 NIC eeprom? Just saw the "watchdog" error using an Intel Pro Quad PT card... it has the '82571EB' chip on it. -- Do those cards need the eeprom 'fix'? -- or is related to kern/122928 -- how does one go about disabling the watchdog? (turning off acpi?) Thanks, Rudy SYSTEM INFO: # grep Exp /usr/src/sys/dev/em/if_em.c /*$FreeBSD: src/sys/dev/em/if_em.c,v 1.184.2.3 2008/05/21 21:34:05 jfv Exp $*/ # pciconf -lv | grep -A 4 em2 [EMAIL PROTECTED]:6:0:0: class=0x02 card=0x10a48086 chip=0x10a48086 rev=0x06 hdr=0x00 vendor = 'Intel Corporation' device = '82571EB Gigabit Ethernet Controller' class = network subclass = ethernet # sysctl dev.em.2 dev.em.2.%desc: Intel(R) PRO/1000 Network Connection 6.9.5 dev.em.2.%driver: em dev.em.2.%location: slot=0 function=0 dev.em.2.%pnpinfo: vendor=0x8086 device=0x10a4 subvendor=0x8086 subdevice=0x10a4 class=0x02 dev.em.2.%parent: pci6 dev.em.2.debug: -1 dev.em.2.stats: -1 dev.em.2.rx_int_delay: 0 dev.em.2.tx_int_delay: 66 dev.em.2.rx_abs_int_delay: 66 dev.em.2.tx_abs_int_delay: 66 dev.em.2.rx_processing_limit: 100 # ifconfig em2 em2: flags=8843 metric 0 mtu 1500 options=1db ether 00:15:17:78:99:72 inet 10.10.30.154 netmask 0xfffc broadcast 10.10.30.155 media: Ethernet autoselect (1000baseTX ) status: active # uname -a FreeBSD example.monkeybrains.net 7.0-STABLE FreeBSD 7.0-STABLE #0: Tue Jun 3 16:43:19 PDT 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/ROUTER i386 # grep em2 /var/log/messages Jun 11 23:08:34 example kernel: em2: port 0x3000-0x301f mem 0xd812-0xd813,0xd810-0xd811 irq 17 at device 0.0 on pci6 Jun 11 23:08:34 example kernel: em2: Using MSI interrupt Jun 11 23:08:34 example kernel: em2: [FILTER] Jun 11 23:08:34 example kernel: em2: Ethernet address: 00:15:17:78:99:72 Jun 11 23:18:08 example kernel: em2: link state changed to UP Jun 13 00:27:22 example kernel: em2: watchdog timeout -- resetting Jun 13 00:27:22 example kernel: em2: link state changed to DOWN Jun 13 00:27:25 example kernel: em2: link state changed to UP Jun 13 03:37:52 example kernel: em2: watchdog timeout -- resetting Jun 13 03:37:52 example kernel: em2: link state changed to DOWN Jun 13 03:37:55 example kernel: em2: link state changed to UP Jun 13 05:17:18 example kernel: em2: watchdog timeout -- resetting Jun 13 05:17:18 example kernel: em2: link state changed to DOWN Jun 13 05:17:22 example kernel: em2: link state changed to UP Jun 13 05:17:23 example kernel: em2: link state changed to DOWN Jun 13 05:17:25 example kernel: em2: link state changed to UP Jun 13 06:54:47 example kernel: em2: watchdog timeout -- resetting Jun 13 06:54:47 example kernel: em2: link state changed to DOWN Jun 13 06:54:51 example kernel: em2: link state changed to UP Jun 13 06:59:22 example kernel: em2: watchdog timeout -- resetting Jun 13 06:59:22 example kernel: em2: link state changed to DOWN Jun 13 06:59:25 example kernel: em2: link state changed to UP ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh window
Brooks Davis wrote: It is worth noting that over most people's WAN's the none cipher is pretty pointless since you can do nearly 200Mbps with arcfour and a decent CPU (IIRC the graphs are several years old). In my case I'm CPU bound from other processes, so reducing SSH overhead will have a net benefit. Kris ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Route messages
Get these with GRE tunnel on FreeBSD 7.0-STABLE FreeBSD 7.0-STABLE #5: Sun May 11 19:00:57 EDT 2008 :/usr/obj/usr/src/sys/ROUTER amd64 But do not get them with 7.0-RELEASE Any ideas what changed? :) Wish there was some sort of changelog.. # of messages per second seems consistent with packets per second on GRE interface.. No impact in routing, but definitely impact in cpu usage for all processes monitoring the route messages. got message of size 160 on Fri Jun 13 16:58:37 2008 RTM_MISS: Lookup failed on this address: len 160, pid: 0, seq 0, errno 0, flags: locks: inits: sockaddrs: default got message of size 160 on Fri Jun 13 16:58:37 2008 RTM_MISS: Lookup failed on this address: len 160, pid: 0, seq 0, errno 0, flags: locks: inits: sockaddrs: default got message of size 160 on Fri Jun 13 16:58:37 2008 RTM_MISS: Lookup failed on this address: len 160, pid: 0, seq 0, errno 0, flags: locks: inits: sockaddrs: default got message of size 160 on Fri Jun 13 16:58:37 2008 RTM_MISS: Lookup failed on this address: len 160, pid: 0, seq 0, errno 0, flags: locks: inits: sockaddrs: default got message of size 160 on Fri Jun 13 16:58:37 2008 RTM_MISS: Lookup failed on this address: len 160, pid: 0, seq 0, errno 0, flags: locks: inits: sockaddrs: default got message of size 160 on Fri Jun 13 16:58:37 2008 RTM_MISS: Lookup failed on this address: len 160, pid: 0, seq 0, errno 0, flags: locks: inits: sockaddrs: default got message of size 160 on Fri Jun 13 16:58:37 2008 RTM_MISS: Lookup failed on this address: len 160, pid: 0, seq 0, errno 0, flags: locks: inits: sockaddrs: default got message of size 160 on Fri Jun 13 17:08:16 2008 RTM_MISS: Lookup failed on this address: len 160, pid: 0, seq 0, errno 0, flags: locks: inits: sockaddrs: default got message of size 160 on Fri Jun 13 17:08:16 2008 RTM_MISS: Lookup failed on this address: len 160, pid: 0, seq 0, errno 0, flags: locks: inits: sockaddrs: default got message of size 160 on Fri Jun 13 17:08:16 2008 RTM_MISS: Lookup failed on this address: len 160, pid: 0, seq 0, errno 0, flags: locks: inits: sockaddrs: default got message of size 160 on Fri Jun 13 17:08:16 2008 RTM_MISS: Lookup failed on this address: len 160, pid: 0, seq 0, errno 0, flags: locks: inits: sockaddrs: default got message of size 160 on Fri Jun 13 17:08:16 2008 RTM_MISS: Lookup failed on this address: len 160, pid: 0, seq 0, errno 0, flags: locks: inits: sockaddrs: default got message of size 160 on Fri Jun 13 17:08:16 2008 RTM_MISS: Lookup failed on this address: len 160, pid: 0, seq 0, errno 0, flags: locks: inits: sockaddrs: default got message of size 160 on Fri Jun 13 17:08:16 2008 RTM_MISS: Lookup failed on this address: len 160, pid: 0, seq 0, errno 0, flags: locks: inits: sockaddrs: default got message of size 160 on Fri Jun 13 17:08:16 2008 RTM_MISS: Lookup failed on this address: len 160, pid: 0, seq 0, errno 0, flags: locks: inits: sockaddrs: default ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh window
> Date: Fri, 13 Jun 2008 14:43:39 -0400 > From: Garrett Wollman <[EMAIL PROTECTED]> > Sender: [EMAIL PROTECTED] > > < said: > > > Garrett Wollman wrote: > >> Am I the only one who would be happier if openssh were not in the base > >> system at all? > > > Quite possibly :) > > > I don't think it's at all viable to ship FreeBSD without an ssh client > > in this day and age. > > If that were what I had suggested, you might have a point. I'm want > FreeBSD to ship with an ssh client, too. I just want it shipped as a > package, so that it's easier to delete when I'm ready to replace it > with one that meets my requirements (about an hour after install). > Having it be easier to update when there's a security issue would be > an added bonus. Replacing the base ssh with the port is utterly trivial. You already are setting configuration options, so OVERWRITE_BASE is no more than a few key presses and a one-liner in make.conf or src.conf is pretty trivial. V7---Add "WITHOUT_OPENSSH=" to /etc/src.conf Pre-V7--=-Add "NO_OPENSSH=" to /etc/make.conf That is all it takes. We use SmartCards for authentication, so I already have a bunch of systems that are configured this way. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 pgpbTCBwj2u0g.pgp Description: PGP signature
Re: ssh window
< said: > Garrett Wollman wrote: >> Am I the only one who would be happier if openssh were not in the base >> system at all? > Quite possibly :) > I don't think it's at all viable to ship FreeBSD without an ssh client > in this day and age. If that were what I had suggested, you might have a point. I'm want FreeBSD to ship with an ssh client, too. I just want it shipped as a package, so that it's easier to delete when I'm ready to replace it with one that meets my requirements (about an hour after install). Having it be easier to update when there's a security issue would be an added bonus. -GAWollman ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [OT] Supported wifi express card
Someone I know got a http://www.buy.com/prod/thinkpad-11a-b-g-wireless-lan-mini-pci-express-adapter-network-adapter/q/loc/101/201992199.html and it works well. -Boris Paolo Pisati wrote: Hi, as the subjects says i'm looking for a freebsd-supported wifi express card. I know i should look for an atheros-based card, but it's really difficult to find which chip a card is using without trying it out first. Googling around, it seems the belkin n express card is what i'm looking for, but i'm open to suggestions. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh window
> Date: Thu, 12 Jun 2008 23:11:13 -0400 (EDT) > From: Garrett Wollman <[EMAIL PROTECTED]> > Sender: [EMAIL PROTECTED] > > In article <[EMAIL PROTECTED]>, Brooks > Davis writes: > > >On Thu, Jun 12, 2008 at 06:30:05PM -0700, Peter Losher wrote: > >> FYI - HPN is already a build option in the openssh-portable port. > > > >I do think we should strongly consider adding the rest of it to the base. > > Am I the only one who would be happier if openssh were not in the base > system at all? I always have to install the port anyway; having it in > the base just gives me more files I need to delete after an install. > (Heimdal is the other big culprit.) Build it with OVERRIDE_BASE and make the required entry in /etc/make.conf (pre-V7) or /etc/sys.conf (V7) so that rebuilding the system does not over-write them. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 pgpwasQN4Eknt.pgp Description: PGP signature
Re: ssh window
On Fri, Jun 13, 2008 at 01:02:07PM +0200, Kris Kennaway wrote:
> Brooks Davis wrote:
>> On Thu, Jun 12, 2008 at 06:30:05PM -0700, Peter Losher wrote:
>>> Randy Bush wrote:
this has been a cause of great pain for a lng time.
http://www.psc.edu/networking/projects/hpn-ssh/
as openssh seems not to be fixing it (and i do not consider a 2mb fixed
buffer to be fixed, especially not from a 100mb link here in tokyo and
servers in the states, europe, and africa), perhaps i could convince
freebsd net folk to do so?
>>> FYI - HPN is already a build option in the openssh-portable port.
>>
>> I do think we should strongly consider adding the rest of it to the base.
>>
>> -- Brooks
>
> There seem to be a couple of issues:
>
> 1) Connection aborts during interactive use. I started using this patch
> only yesterday but already a couple of times my interactive session to a
> machine has aborted from typing one character to the next. It doesnt seem
> to be affecting non-interactive use. I have not investigated this yet.
>
> 2) -c none handling is a bit weird. There is no way to shut up the
> warnings on non-interactive connections ("WARNING: ENABLED NONE CIPHER";
> yes, I know, because I WROTE THAT SCRIPT :). Also it doesn't fall back
> gracefully if the other side doesn't support -c none; it just aborts the
> collection. This means you can't automatically interoperate with a non-HPN
> server if you want to use 'none' encryption. This is not related to the
> buffer handling but it is part of the same patch set. I really like the
> idea of -c none, but I think they have gone overboard with the paranoia.
It is worth noting that over most people's WAN's the none cipher is
pretty pointless since you can do nearly 200Mbps with arcfour and a decent CPU
(IIRC the graphs are several years old).
-- Brooks
pgp0QsSL3jFvQ.pgp
Description: PGP signature
[OT] Supported wifi express card
Hi, as the subjects says i'm looking for a freebsd-supported wifi express card. I know i should look for an atheros-based card, but it's really difficult to find which chip a card is using without trying it out first. Googling around, it seems the belkin n express card is what i'm looking for, but i'm open to suggestions. -- bye, P. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: kern/124540: RTM_MISS with the transit packets
Synopsis: RTM_MISS with the transit packets Responsible-Changed-From-To: freebsd-bugs->freebsd-net Responsible-Changed-By: remko Responsible-Changed-When: Fri Jun 13 14:39:07 UTC 2008 Responsible-Changed-Why: This looks like networking code :) http://www.freebsd.org/cgi/query-pr.cgi?pr=124540 ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Static NAT and PAT on 6.2
Hi All, I am running FreeBSD 6.2-release. I have been running PAT via natd and ipfw for some time now and it runs great. However, I continue to try and employ static NAT on this router, and as soon as I do so all other clients lose routing. My natd.conf is as below: unregistered_only use_sockets log_ipfw_denied redirect_address 10.100.1.2 66.92.79.20 alias_address 66.92.79.89 Whenever I run with this configuration all clients except the static'ed one lose routing out of the building. I have tried switching the order of the alias_address and redirect_address. Any help is appreciated. -Matt ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh window
Garrett Wollman <[EMAIL PROTECTED]> writes: > Am I the only one who would be happier if openssh were not in the base > system at all? I always have to install the port anyway; having it in > the base just gives me more files I need to delete after an install. Well, it's not going to get any better if you don't talk to me about it. I don't read minds. As for the OP: Randy Bush <[EMAIL PROTECTED]> writes: > this has been a cause of great pain for a lng time. > >http://www.psc.edu/networking/projects/hpn-ssh/ > > as openssh seems not to be fixing it (and i do not consider a 2mb fixed > buffer to be fixed, especially not from a 100mb link here in tokyo and > servers in the states, europe, and africa), perhaps i could convince > freebsd net folk to do so? OpenSSH is not within the purview of the "freebsd net folk". If you have an issue with OpenSSH, you need to talk to me. The last time I was asked to apply the HPN patches to base, IIRC, they had not yet been submitted to (and rejected by) the upstream vendor, so I decided to wait and see. The NoneCipher issue comes up regularly, and is on my todo list for the 5.0p1 upgrade (along with several other things, such as changing the default key type back to RSA). I hope to import 5.0p1 as soon as we have a vendor import policy in place for Subversion. DES -- Dag-Erling Smørgrav - [EMAIL PROTECTED] ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh window
Garrett Wollman wrote: In article <[EMAIL PROTECTED]>, Brooks Davis writes: On Thu, Jun 12, 2008 at 06:30:05PM -0700, Peter Losher wrote: FYI - HPN is already a build option in the openssh-portable port. I do think we should strongly consider adding the rest of it to the base. Am I the only one who would be happier if openssh were not in the base system at all? Quite possibly :) I don't think it's at all viable to ship FreeBSD without an ssh client in this day and age. Kris ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh window
Brooks Davis wrote:
On Thu, Jun 12, 2008 at 06:30:05PM -0700, Peter Losher wrote:
Randy Bush wrote:
this has been a cause of great pain for a lng time.
http://www.psc.edu/networking/projects/hpn-ssh/
as openssh seems not to be fixing it (and i do not consider a 2mb fixed
buffer to be fixed, especially not from a 100mb link here in tokyo and
servers in the states, europe, and africa), perhaps i could convince
freebsd net folk to do so?
FYI - HPN is already a build option in the openssh-portable port.
I do think we should strongly consider adding the rest of it to the base.
-- Brooks
There seem to be a couple of issues:
1) Connection aborts during interactive use. I started using this patch
only yesterday but already a couple of times my interactive session to a
machine has aborted from typing one character to the next. It doesnt
seem to be affecting non-interactive use. I have not investigated this yet.
2) -c none handling is a bit weird. There is no way to shut up the
warnings on non-interactive connections ("WARNING: ENABLED NONE CIPHER";
yes, I know, because I WROTE THAT SCRIPT :). Also it doesn't fall back
gracefully if the other side doesn't support -c none; it just aborts the
collection. This means you can't automatically interoperate with a
non-HPN server if you want to use 'none' encryption. This is not
related to the buffer handling but it is part of the same patch set. I
really like the idea of -c none, but I think they have gone overboard
with the paranoia.
Kris
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
