Re: age(4) corrupts packets
Kostik Belousov wrote: I have to use a machine with ASUS motherboard, that has age(4) ethernet adapter. It seems that active use of the net causes corrupted frames, like the following ssh disconnect (after doing find / in the shell): Disconnecting: Corrupted MAC on input. It can't be just a packet corruption, since TCP has checksums, and corrupted packets should have been dropped and retransmitted. Try to turn off checksum offloading. Machine runs reasonably latest stable/7. Any advice ? Anything I should try to tweak ? Do you need additional information ? I can test patches on this box. age0: Attansic Technology Corp, L1 Gigabit Ethernet mem 0xfeac-0xfeaf irq 17 at device 0.0 on pci2 age0: Reserved 0x4 bytes for rid 0x10 type 3 at 0xfeac age0: PCI device revision : 0x00b0 age0: Chip id/revision : 0x9006 age0: 1280 Tx FIFO, 2364 Rx FIFO age0: MSIX count : 0 age0: MSI count : 1 age0: attempting to allocate 1 MSI vectors (1 supported) msi: routing MSI IRQ 256 to vector 52 age0: using IRQ 256 for MSI age0: Using 1 MSI messages. age0: Read request size : 512 bytes. age0: TLP payload size : 128 bytes. age0: PCI VPD capability not found! miibus0: MII bus on age0 atphy0: Atheros F1 10/100/1000 PHY PHY 0 on miibus0 atphy0: OUI 0x001374, model 0x0001, rev. 5 atphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT-FDX, auto age0: bpf attached age0: Ethernet address: 00:1f:c6:b9:cc:a7 msi: Assigning MSI IRQ 256 to local APIC 0 ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
PF with TSO
Hi, FreeBSD-7.1 is shipped with TCP segmentation offload (TSO) feature to some network interface cards by default such as Intel and Broadcom. I would like to know if there's any impact when PF is enabled together with TSO in terms of performance and packet inspection? Thank you, Regards, Siquijor ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: TARPIT for pf/ipfw
On Fri, Jan 16, 2009 at 01:21:15PM -0800, Chuck Swiger wrote: On Jan 16, 2009, at 3:50 AM, Eugene Perevyazko wrote: On Fri, Jan 16, 2009 at 12:20:21PM +0300, Alexey Ivanov wrote: Is there any command identical to: iptables -A INPUT -p tcp -m tcp -dport 80 -j TARPIT If no, does anyone ever tried to implement this feature? I'm thinking on implementing it in ipfw but it'll be a week or two later, when I will have some free time. Note that net/honeyd and security/labrea offer somewhat similar functionality. The main aim for tarpit in firewall is IMHO to lock out crime in progress. For example to slow down somebody brutforcing your ftp/pop/ssh/whatever. Script kiddies are hammering to well-known services almost constantly and denying nor resetting is effective to slow them down. I often see in logs that after host starts to reset connection from one IP bruteforcing continues from another IP just from the same place in wordlist. And if I'll use something like fwd localhost,labreaport tcp from badip to me I'm not sure it will succeed with already established connection. Eugene Perevyazko ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: pppoed problem with reconnections
On Sat, Jan 17, 2009 at 08:08:30PM +, Paul Thornton wrote: - The PPPoE connection is then not disconnected cleanly (say network cable pulled out, or machine reboots, etc) - Back on the termination box, there is still a ppp process running using that address. - When you try and reconnect as the original user, it fails because the address cannot be assigned (already in use). Things then stay like this for ever until I kill the ppp process that was connected with the pppoed running on that VLAN. You have to look at keep-alive settings to terminate dead connections. And why don't you try an mpd (/usr/ports/net/mpd) that is perfectly suited to manage hundreds and thousands of simultaneous ppp (and PPPoE in particular) connections? It's fast, flexible and easy to setup both as server and client. Eugene Perevyazko ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: pppoed problem with reconnections
Hi folks, I am currently doing some lab testing with 6.3-release and a pppoe setup where each user has their own VLAN. On the termination box have an em interface with about 200 VLANs configured on it, and have a ppp.conf looking like this: default: set log Chat Command Phase enable pap enable chap allow mode direct set mru 1462 set mtu 1462 set timeout 0 enable lqr accept dns set dns 192.168.1.1 192.168.1.2 set radius /etc/ppp/radius.conf set ifaddr 192.168.254.254/32 Change the enable lqr to: enable lqr echo set echoperiod 5 The ppp will check the remote peer at echoperiod and after five consecutive fails the ppp link will be closed. Luiz ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: pppoed problem with reconnections
Hi Luiz, Luiz Otavio O Souza wrote: Change the enable lqr to: enable lqr echo set echoperiod 5 The ppp will check the remote peer at echoperiod and after five consecutive fails the ppp link will be closed. That does exactly what I want, thank you. Paul. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: pppoed problem with reconnections
Hi, Eugene Perevyazko wrote: You have to look at keep-alive settings to terminate dead connections. And why don't you try an mpd (/usr/ports/net/mpd) that is perfectly suited to manage hundreds and thousands of simultaneous ppp (and PPPoE in particular) connections? It's fast, flexible and easy to setup both as server and client. As Luiz suggested, I've changed the config to: enable lqr echo set echoperiod 5 which sorts my problem out just fine. I did look into using mpd - mainly to compare which works best for our situation. However, I was having trouble making any PPPoE connections come up when using mpd; I suspect that this is me not fully understanding what I'm doing - and although I've done quite a bit of looking, I can't find any good example configurations for a PPPoE server using mpd (I'm sure they exist!). Do you have any pointers for this? Regards, Paul. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: age(4) corrupts packets
On Sat, Jan 17, 2009 at 05:25:59PM +0200, Kostik Belousov wrote: I have to use a machine with ASUS motherboard, that has age(4) ethernet adapter. It seems that active use of the net causes corrupted frames, like the following ssh disconnect (after doing find / in the shell): Disconnecting: Corrupted MAC on input. Machine runs reasonably latest stable/7. Any advice ? Anything I should try to tweak ? Do you need additional information ? Would you show me the output of sysctl dev.age.0.stats=1? Also try disabling Rx checksum offload(ifconfig age0 -rxcsum). I can test patches on this box. age0: Attansic Technology Corp, L1 Gigabit Ethernet mem 0xfeac-0xfeaf irq 17 at device 0.0 on pci2 age0: Reserved 0x4 bytes for rid 0x10 type 3 at 0xfeac age0: PCI device revision : 0x00b0 age0: Chip id/revision : 0x9006 age0: 1280 Tx FIFO, 2364 Rx FIFO age0: MSIX count : 0 age0: MSI count : 1 age0: attempting to allocate 1 MSI vectors (1 supported) msi: routing MSI IRQ 256 to vector 52 age0: using IRQ 256 for MSI age0: Using 1 MSI messages. age0: Read request size : 512 bytes. age0: TLP payload size : 128 bytes. age0: PCI VPD capability not found! miibus0: MII bus on age0 atphy0: Atheros F1 10/100/1000 PHY PHY 0 on miibus0 atphy0: OUI 0x001374, model 0x0001, rev. 5 atphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT-FDX, auto age0: bpf attached age0: Ethernet address: 00:1f:c6:b9:cc:a7 msi: Assigning MSI IRQ 256 to local APIC 0 -- Regards, Pyun YongHyeon ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
